docker run -it --entrypoint /bin/sh -v $HOME/.trivy_cache:/root/.cache -v /var/run/docker.sock:/var/run/docker.sock aquasec/trivy
cat images.txt | xargs -P 0 -I % trivy image --no-progress --ignore-unfixed --severity HIGH,CRITICAL -q --scanners vuln %
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Custom lifetime of certs | |
| ## Require rancher/dynamiclistener >=v0.3.4 | |
| ## https://github.com/rancher/dynamiclistener/commit/7b5997cee90b9b0fea9dc8e79df3c82976a2d378 | |
| cat << EOF > /etc/default/k3s | |
| CATTLE_NEW_SIGNED_CERT_EXPIRATION_DAYS=3650 | |
| EOF | |
| cat << EOF > /etc/default/k3s-agent | |
| CATTLE_NEW_SIGNED_CERT_EXPIRATION_DAYS=3650 |
niusmallnan
/ generate-secrets.sh
Created
May 11, 2023 08:46
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| NS=test | |
| NUM=2000 | |
| n=1 | |
| while [ $n -le $NUM ]; do | |
| kubectl create serviceaccount test$n -n $NS | |
| kubectl create -f - <<EOF | |
| apiVersion: v1 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Custom lifetime of certs | |
| ## Require rancher/dynamiclistener >=v0.3.4 | |
| ## https://github.com/rancher/dynamiclistener/commit/7b5997cee90b9b0fea9dc8e79df3c82976a2d378 | |
| cat << EOF > /etc/default/rke2-server | |
| CATTLE_NEW_SIGNED_CERT_EXPIRATION_DAYS=3650 | |
| EOF | |
| cat << EOF > /etc/default/rke2-agent | |
| CATTLE_NEW_SIGNED_CERT_EXPIRATION_DAYS=3650 | |
| EOF |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| cat > /etc/default/k3s <<EOF | |
| GOGC=10 | |
| EOF | |
| chmod 600 /etc/default/k3s | |
| K3S_CHANNEL=v1.26 | |
| # --disable-helm-controller | |
| curl -sfL https://get.k3s.io | \ |
niusmallnan
/ fixed-ip-workload.sh
Created
May 19, 2020 04:11
To address the fixed ip race-condition issue for Pandaria
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| run() | |
| { | |
| subnet=$1 | |
| #fixed_ips=$(kubectl get pod -A -l macvlan.pandaria.cattle.io/subnet=$subnet,macvlan.panda.io/macvlanIpType=specific -o=jsonpath="{.items[*].metadata.annotations.macvlan\.pandaria\.cattle\.io/ip}" | sed "s/-/ /g" | xargs -n1 | sort -u | xargs) | |
| fixed_ips="" | |
| all_pods=$(kubectl get pod -A -o=jsonpath='{range .items[*]}{"\n"}{.metadata.annotations.macvlan\.pandaria\.cattle\.io/subnet}{","}{.metadata.annotations.macvlan\.pandaria\.cattle\.io/ip}{","}{.metadata.name}{","}{.metadata.namespace}{","}{.metadata.labels.workload\.user\.cattle\.io/workloadselector}{","}{.status.phase}{end}') | |
| for a_pod in $all_pods; do |