kubernetes-ingress
apparmor.d
Our great sponsors
kubernetes-ingress | apparmor.d | |
---|---|---|
28 | 24 | |
4,532 | 363 | |
1.0% | - | |
9.8 | 9.9 | |
5 days ago | 9 days ago | |
Go | Go | |
Apache License 2.0 | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
kubernetes-ingress
-
☸️ Kubernetes NGINX Ingress Controller: 10+ Complementary Configurations for Web Applications
Everything in the YAML snippets below — except for ingress configuration — relates to configuring the NGINX ingress controller. This includes customizing the default configuration.
-
Breaking Terraform files into composable layers
In these examples, I assume that users have deployed an nginx-ingress-controller to their cluster through the eks layer. This controller is responsible for creating an nlb and exposing Elasticsearch and Kibana to the internet through their ingresses.
-
Implementing TLS in Kubernetes
Now, you need to install the Nginx Ingress Controller so that it can redirect incoming requests to your payment app to use HTTPS. Since you've exposed the app using nodePort, you need to install the Ingress using a custom value file that specifies the service type to NodePort.
-
Kubernetes cannot upload files larger than 1MB
Kubernetes We have a kubernetes cluster which has a dropwizard based web application running as a service. This application has a rest uri to upload files. It cannot upload files larger than 1MB. I get the following error: ERROR [2017-07-27 13:32:47,629] io.dropwizard.jersey.errors.LoggingExceptionMapper: Error handling a request: ea812501b414f0d9! com.fasterxml.jackson.core.JsonParseException: Unexpected character ('<' (code 60)): expected a valid value (number, String, array, object, 'true', 'false' or 'null')! at [Source: ! 413 Request Entity Too Large! ! 413 Request Entity Too Large! nginx/1.11.3! ! Hide resultsI have tried the suggestions given in https://github.com/nginxinc/kubernetes-ingress/issues/21. I have edited the Ingress to set the proxy-body-size annotation. Also, I have tried using the configMap without any success. we are using kubernetes version 1.5. Please let me know if you need additional information. Answer link : https://codehunter.cc/a/kubernetes/kubernetes-cannot-upload-files-larger-than-1mb
-
A Comprehensive Guide to API Gateways, Kubernetes Gateways, and Service Meshes
The example below shows how to configure a canary deployment using Nginx Ingress. The custom annotations used here are specific to Nginx:
-
Ingress controller for vanilla k8s
This: https://kubernetes.github.io/ingress-nginx/ Not this: https://docs.nginx.com/nginx-ingress-controller/
-
Assign an External IP to a Node
So far, i've been following the example here to set up an nginx Ingress Controller and some test services behind it. However, I am unable to follow Step 6 which displays the external IP for the node that the load balancer is running on as my node does not have an ExternalIP in the addresses section, only a LegacyHostIP and InternalIP.
- List of template objects & properties to use with templates?
-
How to use ACM public certificate for Nginx ingress controller?
Also, of personal note, I highly recommend you use the "ingress-nginx" controller which has a huge community and is of much higher quality and flexibility than the "nginx-ingress controller by nginx inc". I've had a lot of success with dozens of clients with this controller. It rocks!
-
Questions about Blue/Green & Canary Deployments (Vanilla K8)
For example, the ingress project from NGINX has its own CRDs that give better control over service versions and blue/green and canary cutovers https://github.com/nginxinc/kubernetes-ingress/tree/v3.0.0/examples/custom-resources/traffic-splitting
apparmor.d
-
Sandboxing All the Things with Flatpak and BubbleBox
If anyone want to look further into sandboxing applications on Linux, you can also look at AppArmor and the sandboxing features built into systemd.
I love this repository for bases for AppArmor profiles[1], really good work. Never found a repository as good for systemd, but there are a few around.
[1] https://github.com/roddhjav/apparmor.d
- Anyone writes AppArmor profiles?
-
AppArmor and Profile Inheritance
Then, categorize all your script zoo: maybe some script group want to only read the data, while some need to write, maybe one group needs to use certain set of binaries, and other group - others.
- How would you sandbox shady PDF files from the internet?
-
OpenSUSE Tumbleweed Security – firewall, fail2ban, apparmor
You could utilize some profiles from apparmor.d repo, but you should be slightly aware how it works (disclaimer: I'm the contributor).
-
FOSS alternative to Teamviewer
Regardless, I wrote an AppArmor profile so it couldn't happen again.
-
Cybersec student here. How it possible that Linux is more secure than Windows?
Maintainer's response.
-
MacOS-like support for directory access control on Linux, *per app*
There is a project in early development: apparmor.d. Adopting some or all profiles will do the job. To use it smoothly, basic AppArmor knowledge is required. (I'm the contributor)
-
AppArmor and Firefox: Does it actually work?
Dependent on the OS and Firefox distribution. I can advertise profile that I co-maintain. It uses non-standard tunables, which will require some README reading to get them into the system.
-
SELinux VS AppArmor - go!
Red Hat based distros come preconfigured with a lot of SELinux policies. With AppArmor, you get basically nothing. There is a project I also contribute to from time to time, that gives you a lot more policies, but this is entirely out-of-tree (https://github.com/roddhjav/apparmor.d).
What are some alternatives?
ingress-nginx - Ingress-NGINX Controller for Kubernetes
UBUNTU20-CIS - Ansible role for Ubuntu 2004 CIS Baseline
amicontained - Container introspection tool. Find out what container runtime is being used as well as features available.
kloak - Keystroke-level online anonymization kernel: obfuscates typing behavior at the device level.
docker-swarm-ingress - Nginx swarm ingress controller, a minimalistic approach to allow routing into a Docker Swarm based on the public hostnames.
ssh-p2p - ssh p2p tunneling server and client
application-gateway-kubernetes-ingress - This is an ingress controller that can be run on Azure Kubernetes Service (AKS) to allow an Azure Application Gateway to act as the ingress for an AKS cluster.
hardentools - Hardentools simply reduces the attack surface on Microsoft Windows computers by disabling low-hanging fruit risky features.
ingress - Ingress-NGINX Controller for Kubernetes [Moved to: https://github.com/kubernetes/ingress-nginx]
apparmor-profiles - AppArmor Security Profiles for some applications
traefik - The Cloud Native Application Proxy [Moved to: https://github.com/traefik/traefik]
shadowsocks-gtk-rs - A desktop GUI frontend for shadowsocks-rust client implemented with gtk-rs.