docker run -v /tmp/zap:/zap/wrk -t owasp/zap2docker-stable zap-full-scan.py -t "https://api.photo.initedit.com" -g gen.conf -r "https://api.photo.initedit.com".htmlMonth: July 2021
falco runtime security
https://falco.org/docs/getting-started/installation/
rpm --import https://falco.org/repo/falcosecurity-3672BA8F.asc
curl -s -o /etc/yum.repos.d/falcosecurity.repo https://falco.org/repo/falcosecurity-rpm.repo
yum -y install falco
#load falco driver
falco-driver-loader
lsmod | grep falco
modprobe falco-probe
#run falco
falco
# adduser will show alert messagetrivy docker image scanner CI
docker run -v /var/run/docker.sock:/var/run/docker.sock -v /root/trivy-cache:/root/.cache/ aquasec/trivy:0.18.3 image -f json nginxhttps://aquasecurity.github.io/trivy/v0.18.3/examples/report/
curl with URL and nodeport
curl -s -I -HHost:httpbin.example.com "http://$INGRESS_HOST:$INGRESS_PORT/status/200"curl -s -H 'X-Canary: always' -HHost:app.example.com "http://192.168.0.184:30988/"while(true)
do curl -HHost:app.example.com "http://192.168.0.184:30988/"
sleep 0.5
done
https://istio.io/latest/docs/tasks/traffic-management/ingress/ingress-control/
Delete k8 false apiservice – namespace
kubectl api-resources
# look for which apiservice is giving error
kubectl get apiservice
# look for which False and MissingEndpoints
kubectl delete apiservice <service-name>
kubectl api-resources
# get CRD related to api-resources
kubectl get crds | grep cilium
kubectl delete crd ciliumnodes.cilium.io
https://github.com/helm/helm/issues/6361#issuecomment-538220109
- delete namcespace
NAMESPACE=your_namespace
kubectl proxy &
kubectl get namespace $NAMESPACE -o json |jq '.spec = {"finalizers":[]}' >temp.json
curl -k -H "Content-Type: application/json" -X PUT --data-binary @temp.json 127.0.0.1:8001/api/v1/namespaces/$NAMESPACE/finalize
https://github.com/helm/helm/issues/6361
- Delete rook-ceph namespace
kubectl -n rook-ceph patch cephclusters.ceph.rook.io rook-ceph -p '{"metadata":{"finalizers": []}}' --type=merge
kubectl api-resources --verbs=list --namespaced -o name | xargs -n 1 kubectl get --show-kind --ignore-not-found -n rook-ceph