magohl

#!/bin/bash

# Kubernetes Node Resource Analysis Script
# Shows CPU/Memory requests vs available per node + top 10 requesters
# Multi-user friendly version

set -e

# Parse command line arguments
CONTEXT=""

magohl

script:
def holder = new com.eviware.soapui.support.XmlHolder( mockRequest.requestContent )
def someInput = holder["//*[local-name()='SomeInput']"]
def random = Math.random()
requestContext.someInput = someInput
requestContext.randomText = random.toString()

response:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns="http://kramerica-industries.lan/webservices/dummyservice/1.0" xmlns:res="http://oresundsbron.com/types/result">
   <soapenv:Header/>

magohl

$ProgressPreference = "SilentlyContinue"
$tokenResponse = Invoke-WebRequest -UseBasicParsing -Headers @{"X-IDENTITY-HEADER"=$env:IDENTITY_HEADER} -Uri "$($env:IDENTITY_ENDPOINT)?resource=https://storage.azure.com/&api-version=2019-08-01"
$tokenResponse.RawContent

magohl

$request = @{
  Uri         = 'http://localhost/SuperImportant/service.svc'
  Method      = 'POST'
  Body = '{    
        "name": "testing",
        "prio": "24"}'
  ContentType = 'application/json'
}

while (1)

magohl

Disect JWT tokens https://jwt.io

Disposable Email https://yopmail.com

Guid https://www.guidgenerator.com/

magohl

curl -k -v -X POST -H "Accept: application/json" -H "Content-Type: application/json" -d "{\"result\":\"test\"}" https://localhost:5001/test

magohl

// example using an ip as SAN subject alternate name
New-SelfSignedCertificate -NotBefore (Get-Date) -NotAfter (Get-Date).AddYears(1) -Subject "idp" -KeyAlgorithm "RSA" -KeyLength 2048 -HashAlgorithm "SHA256" -CertStoreLocation "Cert:\CurrentUser\My" -KeyUsage KeyEncipherment -FriendlyName "192.168.43.1 development certificate v2" -TextExtension @("2.5.29.19={critical}{text}","2.5.29.37={critical}{text}1.3.6.1.5.5.7.3.1","2.5.29.17={critical}{text}DNS=192.168.43.1&IPAddress=192.168.43.1")

// Client authentication only. 10years
New-SelfSignedCertificate -Type Custom -Subject "CN=kramerica-xyz-dev-spn,O=Kramerica SelfSigned DEV" -KeyUsage DigitalSignature -KeyLength 4096 -KeyAlgorithm RSA -HashAlgorithm "SHA512" -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2") -NotAfter (Get-Date).AddYears(10) -CertStoreLocation "Cert:\LocalMachine\My"

magohl

minimal create
kubectl run test --rm -it --image=alpine --generator=run-pod/v1


kubectl proxy
http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/

Get token
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | awk '/^deployment-controller-token-/{print $1}') | awk '$1=="token:"{print $2}'

magohl

Install helm w RBAC
kubectl -n kube-system create serviceaccount tiller
 kubectl create clusterrolebinding tiller --clusterrole cluster-admin --serviceaccount=kube-system:tiller
 helm init --service-account=tiller

Update context
 minikube update-context
 
Install Traefik using Helm (https://8gwifi.org/docs/kube-traefik.jsp) 
helm install stable/traefik --name traefik --set dashboard.enabled=true,serviceType=NodePort,dashboard.domain=dashboard.traefik,rbac.enabled=true  --namespace kube-system

magohl

Here we are using demo.identotyserver.io.
Its not enough to add JsonWebKeySet. You have to add SigningKeys also!!


services.AddAuthentication(options =>
            {
                options.DefaultScheme = "Cookies";
                options.DefaultSignInScheme = "Cookies";
                options.DefaultSignOutScheme = "Cookies";
                options.DefaultChallengeScheme = "oidc";