k3s update

infrastructure/kasm.md

@@ -1 +1,17 @@
 # KASM Cheat-Sheet
+## Custom Images
+
+
+### Add Images in KASM
+> [!attention]
+> You need to pass in a "tag" in the Docker Image. Otherwise kasm won't pull and start the image correctly.
+
+### Docker Run Config
+**Example**
+```
+{
+	"cap_add":["NET_ADMIN"],
+	"devices":["dev/net/tun","/dev/net/tun"],
+	"sysctls":{"net.ipv6.conf.all.disable_ipv6":"0"}
+}
+```

infrastructure/kubernetes/k3s-install-ha-embeddeddb.md

@@ -3,7 +3,7 @@
 ```bash
 curl -sfL https://get.k3s.io | sh -s - server \
 --token=YOUR-SECRET \
---tls-san your-dns-name --tls-san your-lb-ip-address
+--tls-san your-dns-name --tls-san your-lb-ip-address \
 --cluster-init
 ```
 
@@ -14,7 +14,7 @@ To avoid certificate errors in such a configuration, you should install the serv
 ```bash
 curl -sfL https://get.k3s.io | sh -s - server \
 --token=YOUR-SECRET \
---tls-san your-dns-name --tls-san your-lb-ip-address
+--tls-san your-dns-name --tls-san your-lb-ip-address \
 --server https://IP-OF-THE-FIRST-SERVER:6443
 ```
 

infrastructure/traefik.md

@@ -1,8 +1,5 @@
 # Traefik Cheat-Sheet
-
-
-## Provider Specific Configuration
-### Docker
+## Docker
 
 **traefik.enable**
 If `exposedByDefault` is disabled, Traefik won't automatically expose any containers by default. Setting `traefik.enable: true`, will expose the Container.
@@ -19,4 +16,6 @@ Specify the Rules for the Router.
 Will enable TLS protocol on the router.
 
 **traefik.http.routers.router.tls.certresolver**
-Specifies the Certificate Resolver on the Router.
+Specifies the Certificate Resolver on the Router.
+
+## Kubernetes

networking/tcp-vs-udp.md

@@ -7,5 +7,3 @@ Each frame goes through several buffers as you send it: The application buffer,
 TCP is optimized for high speed bulk transfers while UDP is optimized for low latency in the Linux kernel. This has an impact on buffer sizes and how data is polled and handed over. In addition to this, you frequently have offloading to hardware for TCP. I would expect considerably better performance for TCP compared to UDP.
 
 Note that sending high speed data over UDP is usually a bad idea, unless you implement your own congestion control. TCP protects your network from congestion collapses. Use UDP when you have small amounts of data or high timeliness requirements.
-
-setset `code block` tes set

networking/tls-handshake.md

@@ -0,0 +1,40 @@
+# TLS Handshake
+In a TLS/SSL handshake, clients and servers exchange SSL certificates, cipher suite requirements, and randomly generated data for creating session keys.
+
+TLS handshakes are a foundational part of how HTTPS works.
+
+SSL, or Secure Sockets Layer, was the original encryption protocol developed for HTTP. SSL was replaced by TLS, or Transport Layer Security, some time ago. SSL handshakes are now called TLS handshakes, although the "SSL" name is still in wide use.
+
+```
+┌───────────┐                ┌───────────┐
+│  Client  │                │ 力 Server  │
+└─────┬─────┘                └─────┬─────┘
+      │                            │
+      │                            │ 
+      │ ─────────────────────────► │  ──┐
+      │ 1. SYN                     │    │
+      │                            │    │
+      │                            │    │ TCP
+      │ ◄───────────────────────── │    │
+      │ 3. ACK          2. SYN ACK │  ──┘
+      │                            │
+      │ -------------------------- │
+      │                            │
+      │ ─────────────────────────► │  ──┐
+      │ 4. ClientHello             │    │
+      │                            │    │
+      │ ◄───────────────────────── │    │
+      │             5. ServerHello │    │
+      │                Certificate │    │
+      │            ServerHelloDone │    │
+      │                            │    │ TLS
+      │ ─────────────────────────► │    │
+      │ 6. ClientKeyExchange       │    │
+      │    ChangeCipherSpec        │    │
+      │    Finished                │    │
+      │                            │    │
+      │ ◄───────────────────────── │    │
+      │        7. ChangeCipherSpec │    │
+      │           Finished         │  ──┘
+
+```

tools/bitwarden.md

@@ -0,0 +1 @@
+# Bitwarden Cheat-Sheet

tools/datree.md

@@ -1,8 +1,10 @@
 # Datree
-Datree can be used on the command line to run policies against Kubernetes manifests YAML files or Helm charts.
+Datree can be used on the command line to run policies against Kubernetes manifests YAML files or Helm charts. It prevents Kubernetes misconfigurations from reaching production.
+
+As your organization's infrastructure owner, the product’s stability is your primary concern. Toolchain engineering and architecture gets pushed to the wayside because you must constantly put out fires configured in the development stage.
+
+## Installation
 
-## Manifests
-### Installation
 **Windows** (PowerShell)
 ```powershell
 iwr -useb https://get.datree.io/windows_install.ps1 | iex
@@ -17,20 +19,31 @@ sudo apt -y install unzip
 curl https://get.datree.io | /bin/bash
 ```
 
-### Usage
+**Usage**
 ```bash
 datree test ~/.datree/k8s-demo.yaml
 ```
 
-## Helm
+## Policies
+"Centralized policy" is the concept of controlling distributed policy execution from a centralized location. This concept enables the policy owner to easily control the rules that are evaluated in each run of Datree without creating operation overhead. The centralized policy can be managed by logging into the dashboard.
+
+To run the Datree CLI against the new policy (instead of the default one), you will need to add the `-p POLICYNAME` to your policy check execution:
+
+```
+datree test ~/.datree/k8s-demo.yaml -p POLICYNAME
+```
+
+
+### Helm
 A Helm plugin to validate charts against the Datree policy.
+> [!attention]
+> Only works on Linux
 
->Only works on Linux
 
-### Installation
+**Installation Linux** (Bash)
 ```bash
 helm plugin install https://github.com/datreeio/helm-datree
-```
+
 
 ### Usage
 Trigger datree policy check via the helm CLI
@@ -38,7 +51,11 @@ Trigger datree policy check via the helm CLI
 helm datree test [CHART_DIRECTORY]
 ```
 
+
+**Usage**
+
 If you need to pass helm arguments to your template, you will need to add -- before them:
+
 ```bash
 helm datree test [CHART_DIRECTORY] -- --values values.yaml --set name=prod
 ```