IT |
気になる、記になる… |
Appleの整備済み商品情報 2021/8/11 |
https://taisy0.com/2021/08/11/144029.html
|
apple |
2021-08-11 09:04:58 |
TECH |
Engadget Japanese |
Instagram、人気ユーザーに集中しやすいヘイトコメント対策となる2つの新機能を公開 |
https://japanese.engadget.com/instagrams-new-anti-hate-feature-095347993.html
|
hiddenwords |
2021-08-11 09:20:47 |
Google |
カグア!Google Analytics 活用塾:事例や使い方 |
YouTubeが5つの変更を実施。18歳未満の動画投稿をデフォルトで限定公開へなど |
https://www.kagua.biz/social/youtube/20210811a2.html
|
youtube |
2021-08-11 09:00:26 |
IT |
情報システムリーダーのためのIT情報専門サイト IT Leaders |
東芝デジタルソリューションズ、SI事業4社を新会社「東芝デジタルエンジニアリング」に統合 | IT Leaders |
https://it.impress.co.jp/articles/-/21894
|
itleaders |
2021-08-11 18:27:00 |
python |
Pythonタグが付けられた新着投稿 - Qiita |
線形回帰 用語集 |
https://qiita.com/hannnari0918/items/2a5d27ea2c228a73fc78
|
乗を取るので、ベクトルは合成ベクトルとなりその距離で表されるLノルムの上を減らす方向に進んでいく。 |
2021-08-11 18:58:17 |
python |
Pythonタグが付けられた新着投稿 - Qiita |
kaggleで初メダルを獲得しました!!! |
https://qiita.com/yoneyoneclub/items/2bb22e1e7e0242d696b9
|
|
2021-08-11 18:22:59 |
js |
JavaScriptタグが付けられた新着投稿 - Qiita |
Aceエディターにキーボードイベントを追加する |
https://qiita.com/NoSuke23/items/eea847c0be7a7a34edd7
|
Aceエディターにキーボードイベントを追加する今までMonacoエディターを使っていたのですが、シンタックスハイライトがAceの方が充実しているのでAceに乗り換えることに。 |
2021-08-11 18:06:12 |
Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
MySQLをインストールできない |
https://teratail.com/questions/353824?rss=all
|
MySQLをインストールできない現在、ポートフォリオをherokuからAWSのECにデプロイしようとしている初心者です。 |
2021-08-11 18:55:32 |
Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
cssで複数テキストを横並びにした後、右に寄せたい場合 |
https://teratail.com/questions/353823?rss=all
|
|
2021-08-11 18:54:45 |
Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
4分割された複数組みの画像を一括で結合して元の画像にしたい. |
https://teratail.com/questions/353822?rss=all
|
|
2021-08-11 18:52:47 |
Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
手持ちのSTLファイルを用いて、radiomicsの特徴量を解析するコードを完遂したいです |
https://teratail.com/questions/353821?rss=all
|
手持ちのSTLファイルを用いて、radiomicsの特徴量を解析するコードを完遂したいです前提・実現したいこと宜しくお願い致します。 |
2021-08-11 18:51:46 |
Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
ImportErrorがわかりません。 |
https://teratail.com/questions/353820?rss=all
|
ImportError が わかり ませ ん 。 |
2021-08-11 18:51:19 |
Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
SpringBoot pom.xmlでのバージョン指定 |
https://teratail.com/questions/353819?rss=all
|
pomxml |
2021-08-11 18:39:17 |
Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
makeコマンドがうまくいきません。 |
https://teratail.com/questions/353818?rss=all
|
make コマンド が うまく いき ませ ん 。 |
2021-08-11 18:33:43 |
Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
WordPressのウィジェットでアップした画像のURLだけ取得したい |
https://teratail.com/questions/353817?rss=all
|
WordPressのウィジェットでアップした画像のURLだけ取得したいWordPressのウィジェットでアップした画像のURLを取得し、任意の固定ページに表示したいと思っています。 |
2021-08-11 18:25:53 |
Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
gatsbyのスターターインストール時に'gatsby' は、内部コマンドまたは外部コマンド、 操作可能なプログラムまたはバッチ ファイルとして認識されていません。と表示される |
https://teratail.com/questions/353816?rss=all
|
gatsbyのスターターインストール時にxgatsbyxは、内部コマンドまたは外部コマンド、操作可能なプログラムまたはバッチファイルとして認識されていません。 |
2021-08-11 18:19:05 |
Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
matplotlib Axesのパラメータについて |
https://teratail.com/questions/353815?rss=all
|
matplotlibAxesのパラメータについてPython勉強中の大学生です。 |
2021-08-11 18:18:46 |
Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
react 画面外からboxを出すときに横にスクロールできてしまう。 |
https://teratail.com/questions/353814?rss=all
|
react画面外からboxを出すときに横にスクロールできてしまう。 |
2021-08-11 18:15:44 |
Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
Androidアプリ開発において数Activity先へのデータ転送 |
https://teratail.com/questions/353813?rss=all
|
Androidアプリ開発において数Activity先へのデータ転送実現したいこと勉強も兼ねて個人的な趣味でAndroidアプリを開発しています。 |
2021-08-11 18:08:14 |
Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
画像加工ツールを作成したいのですが、右も左もわかりません。。。 |
https://teratail.com/questions/353812?rss=all
|
px以上予定②所定のフォーマットに入れ込み、アップロードした画像を拡大したり縮小したりできる。 |
2021-08-11 18:08:08 |
Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
Call to undefined method メソッドを定義したい |
https://teratail.com/questions/353811?rss=all
|
Calltoundefinedmethodメソッドを定義したいやりたいことメソッドの未定義エラーについて、どの箇所を修正すれば良いか分かり兼ねるためご教示いただければと思います。 |
2021-08-11 18:02:23 |
Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
『Python』 TypeError: 'in <string>' requires string as left operand, not listの解決法について |
https://teratail.com/questions/353810?rss=all
|
『Python』TypeErrorxinltstringgtxrequiresstringasleftoperandnotlistの解決法について前提・実現したいことpython初心者の身で申し訳ないのですが、ぜひ質問に答えていただけると幸いです。 |
2021-08-11 18:00:32 |
Docker |
dockerタグが付けられた新着投稿 - Qiita |
docker-compose buildでファイルが間違っていないはずなのにエラーになる (ERROR: no such image: サービス名 : invalid reference format |
https://qiita.com/Sicut_study/items/cf69d6623e94204abb96
|
dockercomposebuildでファイルが間違っていないはずなのにエラーになるERRORnosuchimageサービス名invalidreferenceformatはじめにDockerで開発環境を作ろうとDockerfileとdockercomposeymlを用意して立ち上げようとしたらエラーになり、かなり苦戦したのでまとめたいと思います。 |
2021-08-11 18:51:31 |
Docker |
dockerタグが付けられた新着投稿 - Qiita |
CentOS7でkubernetes(Minikube)のインストールがうまくいかない (たった1日で基本が身につく!Docker/Kubernetes超入門 7章) |
https://qiita.com/Sicut_study/items/750c77f6ce2377bbc2f1
|
問題Ansibleを利用してMinikube環境を作成するときに以下のコマンドを実行します。 |
2021-08-11 18:41:46 |
技術ブログ |
Mercari Engineering Blog |
メルカリShopsの開発を支える組織 |
https://engineering.mercari.com/blog/entry/20210810-88debfe4dc/
|
engine |
2021-08-11 10:00:35 |
海外TECH |
DEV Community |
15 Python tips and tricks every beginner should know ! |
https://dev.to/byteslash/15-python-tips-and-tricks-every-beginner-should-know-3bm5
|
Python tips and tricks every beginner should know Hy guys Today I m going to share with you the best tips and tricks to master in Python These tips are based on my experience on Codingame during ClashOfCode I was in the top at one time Create a number sequenceSometimes you may want to create a sequence of numbers a fairly intuitive way would be to create a loop and perform n calls of the append method my list for i in range my list append i In reality this operation is quite time consuming and it is better to write my list range gt gt gt my list This is not only faster to write but also faster to compute Overlaying two dictionariesConcatenating two dictionaries can be a useful operation to group information and avoid getting lost in lots of variables So we can use the update method a “alpha “beta b “gamma “delta a update b gt gt gt a “alpha “beta “gamma “delta Warning if there are two identical keys then the value will be that of dictionary b Create a dictionary of a sequenceBy creating a dictionary of a sequence I mean easily creating in one line a dictionary where the key depends on x and where the value also depends on x However this method can be modified to create the dictionary according to a list inputs etc my dic x x for x in range gt gt gt my dic Reverse a listInverting a list is one of the most useful things you can do in Python You must know this operation my list my list my list gt gt gt my list It is much faster to write much more readable and especially much faster to execute than the built in function reversed Unpacking a tupleUnpacking a tuple is an interesting operation especially to perform operations on the values and avoid having to retrieve the value by its index each time my tup a b c d my tup gt gt gt a gt gt gt b gt gt gt c gt gt gt d Filter a listFiltering a list is a useful process in algorithms or in more common programs You can keep the values you want by passing a list into a function that acts as a filter This function returns True the value is kept or False the value is deleted my list def my filter x if x or x return True else return Falsemy list list filter my filter my list gt gt gt my list Return multiple values from a functionWe know that to return a value from a list we must use return However the function stops after returning a value However we can use yield to continue to execute the function Useful for returning variables for debugging etc def my func x for i in range x yield x for k in my func print k gt gt gt gt gt gt gt gt gt gt gt gt import thisThe this library is more a joke than a trick but it s nice to know the little easter eggs of its language import thisThe Zen of PythonBeautiful is better than ugly Explicit is better than implicit Simple is better than complex Complex is better than complicated Basic operations on setsIf we have two sets a and b such that a b then we can perform the following operations that you must know Union print a amp b gt gt gt Intersection print a b gt gt gt Symetric differenceprint a b gt gt gt Code if else in one lineIt s not the most useful trick but it s always useful to know how to write an if else in one line to make the code cleaner or in shortest code competitions on codingame i if True else gt gt gt i Limit the number of recursion of an algorithmLimiting the number of recursions of an algorithm is useful to avoid having timeouts It is even the first thing to do when you know the maximum number of recursions You can do it with the Python library sys import syssys setrecursionlimit Print text fasterWhen we have to print text in Python we use by default the print method However when you have to print thousands of lines this method can be slow In this case we use import syssys stdout write “im Adrien only stringYou can use a similar method for the input but it s a bit more complex This method is up to times faster than the normal print Have the middle items of a listHaving the items in the middle of a list is a little trick to know when unpacking this list Indeed depending on the number of variables or underscore if you don t want to keep the variable at the beginning and at the end you can have a variable containing a list of values containing only the middle one in fact the one that have not been put in other variables l a b c l gt gt gt a gt gt gt b gt gt gt c Separate big numbers by For more readability and because Python does not allow spaces between the digits of a number we can use For example can be written in Python Exchange keys values of a dictionaryExchanging the keys and values of a dictionary is a technique that can be useful especially in the field of AI Here is how to do it my dic “a “b my dic v k for k v in my dic items my dic “a “b ConclusionThat s all for today I hope you liked the article and that you were able to improve your coding skills Don t hesitate to share the article with your friends and to give me your feedback in comments Adrien |
2021-08-11 09:44:38 |
海外TECH |
DEV Community |
Bootstrap Security in Kubernetes Deployments |
https://dev.to/salecharohit/bootstrap-security-in-kubernetes-deployments-2e59
|
Bootstrap Security in Kubernetes DeploymentsKubernetes is one of the most popular and most used container orchestration tool Kubernetes Workloads are the actual applications that are executed like a simple nginx server or maybe a cron job Kubernetes Deployments is the most commonly used workload as it can be easily updated scaled and managed The recently released Kubernetes Hardening Guide is an excellent resource that provides a proper guidance on how to effectively secure Kubernetes The information presented in the guide clearly shows that securing and hardening kubernetes is not just the job of the Kubernetes administrator but also of the developers who are deploying their workload on the clusters In this blog I ll discuss about how developers deploying Kubernetes workloads like Deployments can bootstrap security by applying some of the guidelines provided by the Kubrnetes Hardening guide This will be a practical hands on guide where I shall take a simple Dockerfile and then incrementally add the security best practices to create a template Deployment manifest file which can then be reused by developers in a hurry Pre RequisitesDocker is required as we ll be building from ground up A single node Kubernetes cluster like minikube should be sufficient to follow along with this guide alongwith the kubectl utility You can use the official minikube documentation to set it up in your environment I am using a standalone cluster created by Docker Desktop tied to WSL as the backend This guide will assume that you have a running cluster which is accessible through the kubectl utility as shown below Securing DeploymentsSecuring the kubernetes workloads can effectively be compartimentalised into Buildtime and Runtime security In order to run with the examples we ll make use of this simple Spring Boot HelloWorld application and deploy it in Kubernetes with buildtime and runtime security applied So before starting off let s clone this repository build the docker container and run the application locallygit clone git github com salecharohit bootstrapsecurityinkubernetesdeployment gitcd springbootmavendocker build f Dockerfile basic t springbootmavendocker run name springboot d p springbootmavencurl http localhost Expected Response Hello World From Spring Boot Build Using Maven on Alpine OS Build Time SecurityBuildtime security focusses more on how the underlying containers can be build with a reduced footprint and are programmed to be executed with least possible privileges We ll discuss both these approaches with a problem solution approach Attack Surface ReductionWhen building applications in a container the primary objective is to have the app run consistently and indepdently regardless of the environment be it a data center cloud or even onpremise However when building these apps there is one unwritten rule that it should be a standalone application without much dependencies Let s take example of our SpringBoot application The only dependency for our application to run is that it needs a JVM or Java runtime Anything else baked into the container is practically useless As an example in our SpringBoot container which is build on Alpine OS we don t have any specific need to have the requirement for the apk package manager to be installed docker exec it springboot bin shapk add curl So let s try to remove the apk binary and rebuild or docker image We ll make use of the Dockerfile asr at this time to rebuild our docker container which is shared belowFROM maven openjdk slim AS MAVEN BUILDWORKDIR build COPY pom xml build COPY src build src RUN mvn packageFROM openjdk alpineRUN rm f sbin apk amp amp rm rf etc apk amp amp rm rf lib apk amp amp rm rf usr share apk amp amp rm rf rm rf var lib apkCOPY from MAVEN BUILD build target springbootmaven jar springbootmaven jarEXPOSE CMD java jar springbootmaven jarLets rebuild and re rerun First let s stop the previously running containerdocker stop springboot Next let s re build and re rundocker build f Dockerfile asr t springbootmavendocker run name springboot p springbootmavendocker run name springboot d p springbootmavencurl http localhost Now let s try to run the apk add curl command againdocker exec it springboot bin shapk add curl So we successfully got rid of the apk dependency and yet have our application running successfully Below are some good scripts that ve been written specifically for hardenning Alpine OS Pick and choose depending on your programming language and harden your base alpine image accordingly On the Flip side you can also have a look at the distroless container created by google which is also very highly recommended Switching User ContextOne might argue that if an attacker gains an RCE inside the container she might not be able to install packages like curl wget etc to establish her persistence However we are still running as root user and technically it is still possible to install apk backLets re run our docker container and check the privileges with which it is currently running docker exec it springboot bin shwhoamiping rohitsalecha comHence it is important that we run our container not as root but as a user with limited privileges Dockerfile lpr shows addition of a few more commands that add a user and group called boot and assign it a working directory Which is its home directory I ve also assigned numerical values to the user and group which we ll discuss in detail in the gt Pod Security Context SectionFROM maven openjdk slim AS MAVEN BUILDWORKDIR build COPY pom xml build COPY src build src RUN mvn packageFROM openjdk alpine Removing apk package managerRUN rm f sbin apk amp amp rm rf etc apk amp amp rm rf lib apk amp amp rm rf usr share apk amp amp rm rf rm rf var lib apk Adding a user and group called boot RUN addgroup boot g amp amp adduser D h home boot u s bin ash boot G boot Changing the context that shall run the below commands with User boot instead of rootUSER bootWORKDIR home boot By default even in a non root context Docker copies the file as root Hence its best practice to chown the files being copied as the user COPY chown boot boot from MAVEN BUILD build target springbootmaven jar home boot springbootmaven jarEXPOSE CMD java jar home boot springbootmaven jarLets rebuild and re rerun First let s stop the previously running containerdocker stop springboot Next let s re build and re rundocker build f Dockerfile lpr t springbootmavendocker run name springboot d p springbootmavencurl http localhost Now let s try to run the whoami command and check whats the privileges with which the container is now runningdocker exec it springboot bin shwhoamiping rohitsalecha com Runtime SecurityNow that we ve got a good level of confidence in the build time security wherein we ve learnt to remove the packages and also update the user context to run the container with limited privileges These security features are applied when we are building the docker container however we also need to focus on the security posture of the container when it is running in the Kubernetes environment which we ll explore below Before we start of with securing our Kubrnetes deployment let s run our application on our Kubernetes cluster by first pushing our docker container to hub docker com You can use this guide to get started for the samedocker build f Dockerfile lpr t springbootmavendocker tag springbootmaven salecharohit springbootmavendocker push salecharohit springbootmavendocker run d p name springboot salecharohit springbootmavencurl http localhost Now that our docker image is ready let s apply our kubernetes basic yaml file that will deploy this application and also a service that will help us connect to it Create NamespaceapiVersion vkind Namespacemetadata name boot Create SpringBoot DeploymentapiVersion apps vkind Deploymentmetadata labels app springbootmaven name springbootmaven namespace bootspec replicas selector matchLabels app springbootmaven template metadata labels app springbootmaven spec containers image salecharohit springbootmaven name springbootmaven ports containerPort Create Service for SpringBoot DeploymentapiVersion vkind Servicemetadata labels app springbootmaven name springbootmaven namespace bootspec ports name http port targetPort selector app springbootmavenNext let s deploy our Kubernetes manifests using the below commandskubectl apply f kubernetes basic yamlkubectl get deploy n boot Run a temporary container that will only curl our bootservicekubectl run it testpod image radial busyboxplus curl restart Never rm curl Expected Output Hello World From Spring Boot Build Using Maven on Alpine OS pod testpod deleted Service Account TokensIf a Pod needs to communicate with the Kubernetes API Server it needs Service Account Tokens for authentication By default every pod gets assigned a service account token which is mounted on var run secrets kubernetes io serviceaccount token Lets view this in practice by deploying our SpringBoot appkubectl get pods n bootkubectl exec it springbootmaven dcc mndv n boot bin shTOKEN cat var run secrets kubernetes io serviceaccount token curl k H Authorization Bearer TOKEN versionAn RCE vulnerability on your application can leak this access token to the attacker which she can abuse to read write resources in the same namespace or even have a global read permissions The resolution for this issue is two fold depending upon the situation Pods donot need any access to the API ServerPods need access to the API Server Pods that donot need access to the API ServerThis situation is farily simple to solve by simply adding two lines to the kubernetes manifest file as shown below serviceAccountName automountServiceAccountToken falseThe complete deployment file kubernetes nosa yaml is as followsapiVersion apps vkind Deploymentmetadata labels app springbootmaven name springbootmaven namespace bootspec replicas selector matchLabels app springbootmaven template metadata labels app springbootmaven spec containers image salecharohit springbootmaven name springbootmaven ports containerPort serviceAccountName automountServiceAccountToken false Let s check if the service account token is now mounted or not Ensure our previous deploy is deleted kubectl delete ns boot Apply with no service account tokenkubectl apply f kubernetes nosa yamlkubectl get pods n bootkubectl exec it springbootmaven bf nml n boot bin shcat var run secrets kubernetes io serviceaccount tokenAs can be seen from the image the default service account token is no longer mounted Pods that need access to the API ServerIn this situation we need to create a ServiceAccount Role and RoleBinding that maps the ServiceAccount to the Role The below Kubernetes manifest Creates a ServiceAccount called bootserviceaccount to a specific namepspace i e bootCreates a Role called bootservicerole with only privileges to view running podsCreates a RoleBinding called bootservicerolebindingMount the ServiceAccount thus created using the following lines in the Deployment spec containers image salecharohit springbootmaven name springbootmaven ports containerPort serviceAccountName bootserviceaccount This shall allow to only read pods in the boot namespace The complete deployment file kubernetes withsa yaml is as follows Create NamespaceapiVersion vkind Namespacemetadata name boot apiVersion vkind ServiceAccountmetadata name bootserviceaccount namespace boot kind RoleapiVersion rbac authorization ks io vmetadata name bootservicerole namespace bootrules apiGroups resources pods verbs get list watch kind RoleBindingapiVersion rbac authorization ks io vmetadata name bootservicerolebinding namespace bootsubjects kind ServiceAccount name bootserviceaccount namespace bootroleRef kind Role name bootservicerole apiGroup rbac authorization ks io Create SpringBoot DeploymentapiVersion apps vkind Deploymentmetadata labels app springbootmaven name springbootmaven namespace bootspec replicas selector matchLabels app springbootmaven template metadata labels app springbootmaven spec containers image salecharohit springbootmaven name springbootmaven ports containerPort serviceAccountName bootserviceaccount Create Service for SpringBoot DeploymentapiVersion vkind Servicemetadata labels app springbootmaven name springbootmaven namespace bootspec ports name http port targetPort selector app springbootmavenLet s apply and check if our application is running fine Ensure our previous deploy is deleted kubectl delete ns bootkubectl apply f kubernetes withsa yamlkubectl run it testpod image radial busyboxplus curl restart Never rm curl Pod Security ContextsThough we ve configured our base docker image to run with non root privileges however there are still few more configurations that need to be added as security best practices These areRestricting the capabilities of the container and the podDisabling Privilege EscalationConfiguring the container to run with a specific uid gid created earlier in our Dockerfile lprIn the kubernetes manifest files there are two types of SecurityContexts defined Running at Pod Level which will be applied to all containers running in this pod securityContext fsGroup runAsNonRoot true runAsUser containers Running at Container level securityContext allowPrivilegeEscalation false privileged false runAsUser capabilities drop SETUID SETGID serviceAccountName automountServiceAccountToken false The complete deployment file kubernetes ps yaml embedded with the PodSecurity contexts is below Create NamespaceapiVersion vkind Namespacemetadata name boot Create SpringBoot DeploymentapiVersion apps vkind Deploymentmetadata labels app springbootmaven name springbootmaven namespace bootspec replicas selector matchLabels app springbootmaven template metadata labels app springbootmaven spec securityContext fsGroup runAsNonRoot true runAsUser containers image salecharohit springbootmaven name springbootmaven ports containerPort securityContext allowPrivilegeEscalation false privileged false runAsUser capabilities drop SETUID SETGID serviceAccountName automountServiceAccountToken false Create Service for SpringBoot DeploymentapiVersion vkind Servicemetadata labels app springbootmaven name springbootmaven namespace bootspec ports name http port targetPort selector app springbootmavenLet s apply and test if our application is running Ensure our previous apply is deletedkubectl delete ns bootkubectl apply f kubernetes ps yamlkubectl run it testpod image radial busyboxplus curl restart Never rm curl kubectl get pods n bootkubectl exec it springbootmaven cff mqzz n boot bin shwhoamiidping google comYou can drop more capabilities as per your requirements The complete list of capabilities can be found hereFeatures like AppArmor SecComp etc require additional configurations of the control plane components and hence I ve limited my discussion to out of the box features that can be easily activated and ensure good level of security assurance Immutable File SystemsApplications running in a containerised environment seldom write data as it practically goes against the logic of having an immutable system However at times it maybe needed for caching or temporary swapping processing of files Hence to provide this functionality to the developer we can mount an emptyDir as an ephemeral volume which is lost once the container is killed With this in place we can also add another security context attribute called readOnlyRootFilesystem and set it as true since the application running inside the container no longer needs to write anywhere on the file system other than the tmp directory The above requirements can be configured as shown below containers image salecharohit springbootmaven name springbootmaven ports containerPort securityContext readOnlyRootFilesystem true volumeMounts mountPath tmp name tmp volumes emptyDir name tmp The complete deployment file kubernetes rofs yaml is as follows Create NamespaceapiVersion vkind Namespacemetadata name boot Create SpringBoot DeploymentapiVersion apps vkind Deploymentmetadata labels app springbootmaven name springbootmaven namespace bootspec replicas selector matchLabels app springbootmaven template metadata labels app springbootmaven spec securityContext fsGroup runAsNonRoot true runAsUser containers image salecharohit springbootmaven name springbootmaven ports containerPort securityContext allowPrivilegeEscalation false readOnlyRootFilesystem true privileged false runAsUser capabilities drop SETUID SETGID volumeMounts mountPath tmp name tmp serviceAccountName automountServiceAccountToken false volumes emptyDir name tmp Create Service for SpringBoot DeploymentapiVersion vkind Servicemetadata labels app springbootmaven name springbootmaven namespace bootspec ports name http port targetPort selector app springbootmavenLet s apply and test if our application is running Ensure our previous apply is deletedkubectl delete ns bootkubectl apply f kubernetes rofs yamlkubectl run it testpod image radial busyboxplus curl restart Never rm curl kubectl get pods n bootkubectl exec it springbootmaven cff mqzz n boot bin shpwdtouch test txt ConclusionWe ve learnt what are the different controls we can embed in our containerised application and also looked at how to enable run time protection mechanisms that can atleast make things difficult for an external attacker to gain foothold into our containerised systems The kubernetes rofs yaml can serve as a good template for developers to containerise their applications with default security features enabled while deploying in a Kubernetes environment Offcourse the Dockerfile needs to be created for the specific applications but for that purpose I ve collected a few of them here Reposted From References |
2021-08-11 09:29:18 |
海外TECH |
DEV Community |
Terraform Trello integration |
https://dev.to/marcobertelli/terraform-trello-integration-jjb
|
Terraform Trello integrationHello to all today we are going to watch my first open source terraform custom provider in collaboration with Runelab an italian custom software and project agency but first what do this provider allow you to create a workspace board and custom list when you create a normal project on terraform this automate the process of creating a trello workspace board and lists when you create a normal project see an example other resources creations like server and cloudfront required providers trello source marco bertelli trello version resource trello board my board name key your key token your token workspace name terraform trello board name test cards new todo custom you must put this code into main tfhow you can see you need a trello api key and a trello token of the account in who you want to create the workspace and board you can find key and token here link and later chose a name for workspace the board name and the lists names and is all run terraform initterraform apply and you will see all onlinehere the result if you like this like and share to the community |
2021-08-11 09:12:43 |
海外TECH |
Engadget |
Microsoft protests Amazon's $10 billion government cloud computing contract |
https://www.engadget.com/microsoft-amazon-nsa-contract-complaint-094832940.html?src=rss
|
Microsoft protests Amazon x s billion government cloud computing contractIt s the same old story Government hands out a multi billion contract to one tech giant only to see another tech giant complain about the process But no sooner had we put the JEDI contract out of our minds and Amazon and Microsoft are once again at each other s throats Washington Technology via The Verge reports that Microsoft has filed a complaint after the NSA awarded a billion contract to Amazon Web Services The project codenamed WildAndStormy of which details are not widely available but apparently involves the provision of cloud computing technology to the wider intelligence community Microsoft has lodged a complaint with the Government Accountability Office reportedly claiming that AWS product was not properly evaluated The Windows giant feels that in a side by side comparison of its tech versus that of Amazon s it would win and feels the process here wasn t very fair The GAO has until October th to respond to Microsoft s complaint and it s likely that this will not be the end of the pair s war of digital attrition As reported by NextGov an NSA spokesperson said that any response will be “in accordance with appropriate federal regulations |
2021-08-11 09:48:32 |
医療系 |
医療介護 CBnews |
コロナ入院対応拒否、病床確保料の対象外の可能性も-正当な理由なく、厚労省 |
https://www.cbnews.jp/news/entry/20210811175353
|
医療機関 |
2021-08-11 18:20:00 |
金融 |
金融庁ホームページ |
「無登録で金融商品取引業を行う者の名称等」を更新しました。 |
https://www.fsa.go.jp/ordinary/chuui/mutouroku.html
|
金融商品取引業 |
2021-08-11 11:00:00 |
海外ニュース |
Japan Times latest articles |
How to protect yourself at home as Tokyo’s household infection rate rises |
https://www.japantimes.co.jp/news/2021/08/11/reference/coronavirus-home-protection/
|
How to protect yourself at home as Tokyo s household infection rate risesFollowing a policy change on hospitalizations it s becoming more likely that if someone you live with gets infected you will need to share your home |
2021-08-11 18:15:39 |
ニュース |
BBC News - Home |
Briton suspected of spying for Russia arrested in Germany |
https://www.bbc.co.uk/news/world-europe-58170872
|
intelligence |
2021-08-11 09:44:42 |
ニュース |
BBC News - Home |
Woman in Sydney investigated for pretending to be a doctor |
https://www.bbc.co.uk/news/world-australia-58170870
|
media |
2021-08-11 09:01:13 |
ニュース |
BBC News - Home |
Teenage jab rollout moving cautiously - expert |
https://www.bbc.co.uk/news/uk-58170048
|
rollout |
2021-08-11 09:05:31 |
ニュース |
BBC News - Home |
Bilsdale transmitter fire: TV and radio for 1m off air indefinitely |
https://www.bbc.co.uk/news/uk-england-tees-58169501
|
england |
2021-08-11 09:56:06 |
ニュース |
BBC News - Home |
Bristol Balloon Fiesta: City's largest multi-site launch |
https://www.bbc.co.uk/news/uk-england-bristol-58169580
|
fortnight |
2021-08-11 09:43:52 |
ニュース |
BBC News - Home |
We can win Champions League at Paris St-Germain - Messi |
https://www.bbc.co.uk/sport/football/58159748
|
We can win Champions League at Paris St Germain MessiLionel Messi says he dreams of winning the Champions League once more after joining Paris St Germain adding I think we have the team to do it here |
2021-08-11 09:52:49 |
ビジネス |
不景気.com |
第一パンの21年12月期は4億円の赤字へ、売上回復途上 - 不景気.com |
https://www.fukeiki.com/2021/08/daiichipan-2021-loss.html
|
第一パン |
2021-08-11 09:20:59 |
ビジネス |
不景気.com |
WDIの22年3月期は4億円の営業赤字へ、コロナ影響続く - 不景気.com |
https://www.fukeiki.com/2021/08/wdi-2022-loss.html
|
赤字 |
2021-08-11 09:10:02 |
LifeHuck |
ライフハッカー[日本版] |
宇宙服の素材をアウターに採用。 3シーズン使える「GEMINIジャケット」 |
https://www.lifehacker.jp/2021/08/machi-ya-geminijacket-start.html
|
gemini |
2021-08-11 19:00:00 |
GCP |
Google Cloud Platform Japan 公式ブログ |
Google Cloud を使用して簡単にデータを融合し、インテリジェントなレポートを作成することで、Anaplan のプランニング機能を拡張 |
https://cloud.google.com/blog/ja/topics/partners/anaplan-cloudworks-integrates-with-google-cloud/
|
Anaplanのエンタープライズプランニング機能とGoogleCloudとの結合、およびBigQueryとAIML機能のシームレスな統合により、ビジネスリーダーは、データソースを融合して、動的で、非常に多くのデータに基づいた、ビジネスに関するリアルタイムの分析情報を得るための方法をこれまでより多く持つことができます。 |
2021-08-11 11:00:00 |
北海道 |
北海道新聞 |
東京円、110円台後半 |
https://www.hokkaido-np.co.jp/article/577308/
|
東京外国為替市場 |
2021-08-11 18:18:00 |
北海道 |
北海道新聞 |
情報流出は129企業・機関 富士通への不正アクセス |
https://www.hokkaido-np.co.jp/article/577301/
|
不正アクセス |
2021-08-11 18:07:00 |
北海道 |
北海道新聞 |
不適切発言の相馬・駐韓公使帰国 反発受け事実上更迭 |
https://www.hokkaido-np.co.jp/article/577299/
|
不適切発言 |
2021-08-11 18:04:00 |
北海道 |
北海道新聞 |
核禁条約を「追い風に」 国連軍縮担当の中満泉氏 |
https://www.hokkaido-np.co.jp/article/577298/
|
事務次長 |
2021-08-11 18:04:00 |
北海道 |
北海道新聞 |
森山直太朗さんが感染 容体安定し自宅療養 |
https://www.hokkaido-np.co.jp/article/577297/
|
森山直太朗 |
2021-08-11 18:04:00 |
北海道 |
北海道新聞 |
熱中症、自粛生活でお盆に増 昨年の東京、名工大分析 |
https://www.hokkaido-np.co.jp/article/577296/
|
自粛 |
2021-08-11 18:04:00 |
ビジネス |
東洋経済オンライン |
生保レディ「大量採用大量脱落」の悪循環【動画】 長年にわたり解決できないままなのはなぜか | ワークスタイル | 東洋経済オンライン |
https://toyokeizai.net/articles/-/447431?utm_source=rss&utm_medium=http&utm_campaign=link_back
|
東洋経済オンライン |
2021-08-11 18:05:00 |
ニュース |
Newsweek |
「台湾代表処」設置のリトアニアに 中国が逆上、「頭がおかしくてちっぽけで危うい国」と罵倒 |
https://www.newsweekjapan.jp/stories/world/2021/08/post-96886.php
|
|
2021-08-11 18:07:38 |
IT |
週刊アスキー |
オンラインRPG『LOST ARK』で新大陸「パプニカ」、新クラス「スカウター」を含む最新アップデートを8月25日に実装! |
https://weekly.ascii.jp/elem/000/004/065/4065653/
|
lostark |
2021-08-11 18:45:00 |
GCP |
Cloud Blog JA |
Google Cloud を使用して簡単にデータを融合し、インテリジェントなレポートを作成することで、Anaplan のプランニング機能を拡張 |
https://cloud.google.com/blog/ja/topics/partners/anaplan-cloudworks-integrates-with-google-cloud/
|
Anaplanのエンタープライズプランニング機能とGoogleCloudとの結合、およびBigQueryとAIML機能のシームレスな統合により、ビジネスリーダーは、データソースを融合して、動的で、非常に多くのデータに基づいた、ビジネスに関するリアルタイムの分析情報を得るための方法をこれまでより多く持つことができます。 |
2021-08-11 11:00:00 |
コメント
コメントを投稿