GitLab Agent for Kubernetes is an integration for the GitLab CI/CD pipeline that provides kubectl access from pipeline jobs, allowing Continuous Deployment into a live Kubernetes Cluster. However, the default role for this Agent is cluster-admin when doing a basic Helm install, which is far too permissive and needs to be scoped down to only … GitLab: least privilege for Kube-API calls from GitLab Agent for Kubernetes
Creating a Google Cloud Storage bucket is simple, but the IAM permissions required to perform operations in the bucket can be difficult to understand. Especially when you want something as simple as to provide upload/download access to the person who created the bucket and perhaps a service account. Below are the commands for creating a … GCP: Google Cloud Storage bucket with permissions for user or service account
If you need to create a file that has the exact same ownership and permission bits as an existing file, the ‘reference’ flag provides a convenient shortcut. For example, if you had a file named ‘myoriginal’ that had the exact ownership and permissions required for a new file ‘mynewfile’, you could use the commands below … Bash: cloning the ownership and permissions of another file using reference
When troubleshooting an issue where ownership and permissions of a file or directories is questioned, we often go straight to chown/chmod and recursively set these values. However, this touches every file so if you are still in investigative mode it would be better to use “stat” to simply check the ownership and permissions first. If … Linux: Use stat to verify permissions and ownership
File copying is about more than just content – the metadata for user ownership, permissions, and timestamps is often critical to retrieval and function. Below are the relevant switches for metadata preservation when using cp, rsync, and tar. These typically need sudo in order to work.