Skip to content

Commit

Permalink
Update
Browse files Browse the repository at this point in the history
  • Loading branch information
abregman committed Oct 13, 2021
1 parent bcf5085 commit 32e8e1e
Show file tree
Hide file tree
Showing 5 changed files with 81 additions and 13 deletions.
9 changes: 5 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -316,6 +316,7 @@ Note: "Provisioning" tools can be used to perform configuration management to so

- [ ] Cloud
- [ ] AWS
- [ ] [Cloudcraft](https://www.cloudcraft.co) - Automated AWS diagram mapping of your cloud resources
- [ ] Azure
- [ ] GCP
- [ ] OpenStack
Expand Down Expand Up @@ -374,10 +375,10 @@ Note: "Provisioning" tools can be used to perform configuration management to so
- [ ] Salesforce
- [ ] Zuora

- [ ] Kubernetes
- [ ] [confTest](https://www.conftest.dev)
- [ ] [datree](https://www.datree.io)
- [ ] [gatekeeper](https://github.com/open-policy-agent/gatekeeper)
- [ ] Containers Orchestration
- [ ] Kubernetes
- [ ] OpenShift
- [ ] Nomad

## More Infra & DevOps projects

Expand Down
63 changes: 54 additions & 9 deletions resources/containers.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,27 +10,72 @@ Name | Comments
[My Docker Cheat Sheet](https://medium.com/statuscode/dockercheatsheet-9730ce03630d) |
[Docker Networking Deep Dive](http://100daysofdevops.com/21-days-of-docker-day-19-docker-networking-deep-dive/?fbclid=IwAR19KJWwhZjulbn7JNbBYLFxKFf-x0v25TSc-_bOJ6YieUND4A6UZcBSUhA) |

#### Dockerfile



### Projects

Name | Comments
:------ |:--------:
[awesome-docker](https://github.com/veggiemonk/awesome-docker) |


#### Cheatsheet
### Cheatsheet

* Stop and remove all containers: `podman container stop $(docker container ls -aq)`
* Run container with bash shell: `podman run -ti ubuntu:latest /bin/bash`
* Check how many containers are running: `podman info`
* Cleanup everything: `podman system prune -a -f`

#### Images

* List images: `podman image ls`
* Pull latest ubuntu image: `podman image pull ubuntu:latest`

#### Security

* Stop and remove all containers: `docker container stop $(docker container ls -aq)`
* Run container with bash shell: `docker run -ti ubuntu:latest bash`
* Check how many containers are running: `docker info`
* Cleanup everything: `docker system prune -a -f`
* Secure communication between client and server:

```
# On CA node
openssl genrsa -aes256 -out ca-k.pem 4096
openssl req -new -x509 -days 730 -key ca-k.pem -sha256 -out ca.pem
openssl genrsa -out daemon-key.pem 4096
openssl req -subj "/CN=daemon.host.address" -sha256 -new -key daemon-key.pem -out daemon.csr
cat << EOF >> file.conf
subjectAltName = DNS:daemon.host.address,IP:X.X.X.X
extendedKeyUsage = serverAuth
EOF
openssl x509 -req -days 730 -sha256 -in daemon.csr -CA ca.pem -CAkey ca-k.pem -CAcreateserial -out daemon-cert.pem -extfile file.conf
openssl genrsa -out client-key.pem 4096
openssl req -subj '/CN=client.address' -new -key client-key.pem -out client.csr
echo "extendedKeyUsage = clientAuth" > file.conf
openssl x509 -req -days 730 -sha256 -in client.csr -CA ca.pem -CAkey ca-k.pem -CAcreateserial -out client-cert.pem -extfile file.conf
chmod 0400 ca-k.pem client-key.pem daemon-key.pem && chmod -v 0444 ca.pem client-cert.pem daemon-cert.pem
# On daemon host put the keys ca.pem, daemon-cert.pem and daemon-key.pem in ~/.docker
# On client host put the keys ca.pem, client-cert.pem and client-key.pem in ~/.docker
```

* Enable TLS

```
# Put it in /etc/docker/daemon.json
{
"hosts": ["tcp://node3:2376"],
"tls": true,
"tlsverify": true,
"tlscacert": "/home/ubuntu/.docker/ca.pem",
"tlscert": "/home/ubuntu/.docker/cert.pem",
"tlskey": "/home/ubuntu/.docker/key.pem"
}
```

*

### Tools

Name | Description
:------|:------:
[dive](https://github.com/wagoodman/dive) | "A tool for exploring a docker image, layer content, ..."
[trivy](https://github.com/aquasecurity/trivy) | "A Simple and Comprehensive Vulnerability Scanner for Containers and other Artifacts, Suitable for CI."

### Production Best Practices

* Secured communication between daemon and clients using TLS
7 changes: 7 additions & 0 deletions resources/docker.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,12 @@
# Docker


### Learn

Name | Comments
:------ |:--------:
[Play with Docker](https://labs.play-with-docker.com) | "A simple, interactive and fun playground to learn Docker"

## Articles

Name | Comments
Expand Down
4 changes: 4 additions & 0 deletions resources/jenkins/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -65,3 +65,7 @@ Name | Comments
- [ ] Agent
- [ ] Executor
- [ ] Label

### Cheat Sheet

* Set build result to FAILURE/SUCCESS/UNSTABLE: `currentBuild.result = 'FAILURE'`
11 changes: 11 additions & 0 deletions resources/kubernetes.md
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ Name | Comments
[confTest](https://www.conftest.dev) | Used in the development phase
[datree](https://www.datree.io) | Used in the development phase
[gatekeeper](https://github.com/open-policy-agent/gatekeeper) | Used in the production
[telepresence](https://www.telepresence.io) | "FAST, LOCAL DEVELOPMENT FOR KUBERNETES AND OPENSHIFT MICROSERVICES"

### Kubernetes - Deep Dive

Expand Down Expand Up @@ -96,6 +97,16 @@ Name | Comments
* Display logs of a Pod: `kubectl logs <POD_NAME>`
* Display logs of a specific container in a Pod: `kubectl logs <POD_NAME> -c <CONTAINER_NAME>`

* Get Pod name based on specific labels

```
POD_NAME=$(kubectl get pod \
--no-headers \
-o=custom-columns=NAME:.metadata.name \
-l type=api,service=some-service \
| tail -1)
```

### User

* Creating a new user
Expand Down

0 comments on commit 32e8e1e

Please sign in to comment.