I hereby claim:
- I am maxgio92 on github.
- I am maxgio (https://keybase.io/maxgio) on keybase.
- I have a public key ASB2cXvOUeybccGKDoNQ0It1Bp2ZGLfiov-KPtojlOCxmQo
To claim this, I am signing this object:
maxgio92 maxgio92
maxgio92
/ keybase.md
Created
June 3, 2022 12:38
maxgio92
/ archlinux-wsl2.sh
Last active
June 23, 2021 12:45
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Get Arch Linux rootfs | |
| mkdir rootfs && \ | |
| docker export \ | |
| $(docker create archlinux:latest) \ | |
| > archlinux-rootfs.x86_64.tar | |
| mv archlinux-rootfs.x86_64.tar /mount/c/Users/myuser/archlinux-rootfs.x86_64.tar | |
| # Import Arch Linux rootfs on a new WSL instance (on Windows) |
maxgio92
/ etcd-encryption-config.yaml
Last active
March 22, 2020 15:47
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: apiserver.config.k8s.io/v1 | |
| kind: EncryptionConfiguration | |
| resources: | |
| - resources: | |
| - secrets | |
| providers: | |
| - aescbc: | |
| keys: | |
| - name: key1 | |
| secret: <BASE 64 ENCODED SECRET> |
maxgio92
/ falco-k8s-audit-webhook-backend-kubeconfig.yaml
Created
February 23, 2020 17:15
Falco Kubernetes Audit webhook backend kubeconfig
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: Config | |
| clusters: | |
| - cluster: | |
| server: http://<ip_of_falco>:8765/k8s_audit | |
| name: falco | |
| contexts: | |
| - context: | |
| cluster: falco | |
| user: "" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: audit.k8s.io/v1 | |
| kind: Policy | |
| rules: | |
| # The following requests were manually identified as high-volume and low-risk, | |
| # so drop them. | |
| - level: None | |
| users: ["system:kube-proxy"] | |
| verbs: ["watch"] | |
| resources: | |
| - group: "" # core |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: policy/v1beta1 | |
| kind: PodSecurityPolicy | |
| metadata: | |
| name: my-psp-hostpaths | |
| # ... | |
| spec: | |
| # ... | |
| allowedHostPaths: | |
| - pathPrefix: "/example" | |
| readOnly: true |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: policy/v1beta1 | |
| kind: PodSecurityPolicy | |
| metadata: | |
| name: my-psp-ro-rootfs | |
| # ... | |
| spec: | |
| # ... | |
| readOnlyRootFilesystem: false | |
| # ... |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: Pod | |
| metadata: | |
| name: my-secure-pod | |
| spec: | |
| containers: | |
| # ... | |
| securityContext: | |
| readOnlyRootFilesystem: true | |
| # ... |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: Pod | |
| metadata: | |
| name: my-pod | |
| spec: | |
| serviceAccountName: build-robot | |
| automountServiceAccountToken: false |