diff --git a/docs/assets/clear-recents-in-finder-on-mac.png b/docs/assets/clear-recents-in-finder-on-mac.png new file mode 100644 index 00000000..077a3fab Binary files /dev/null and b/docs/assets/clear-recents-in-finder-on-mac.png differ diff --git a/docs/cloud/wasabi/list-bucket-size-wasabi.md b/docs/cloud/wasabi/list-bucket-size-wasabi.md new file mode 100644 index 00000000..b784a352 --- /dev/null +++ b/docs/cloud/wasabi/list-bucket-size-wasabi.md @@ -0,0 +1,29 @@ +--- +title: List bucket size on Wasabi +--- + +## Why + +The UI is often not up to date around the bucket size, so it can cause you issues when working out their stupid 90 days storage cost. + +## How + +You will need to know your service URL for your bucket. + +Read the page [Service URLs for Wasabi's Storage Regions](https://docs.wasabi.com/docs/what-are-the-service-urls-for-wasabi-s-different-storage-regions) + +Examples below + +=== "London" + ```shell + aws s3 ls --summarize --human-readable --recursive --endpoint-url=https://s3.eu-west-1.wasabisys.com s3:// + ``` +=== "Tokyo" + ```shell + aws s3 ls --summarize --human-readable --recursive --endpoint-url=https://s3.ap-northeast-1.wasabisys.com s3:// + ``` + +=== "Texas" + ```shell + aws s3 ls --summarize --human-readable --recursive --endpoint-url=https://s3.us-central-1.wasabisys.com s3:// + ``` diff --git a/docs/kb/mac/clear-recents-in-finder-on-mac.md b/docs/kb/mac/clear-recents-in-finder-on-mac.md new file mode 100644 index 00000000..14022e06 --- /dev/null +++ b/docs/kb/mac/clear-recents-in-finder-on-mac.md @@ -0,0 +1,24 @@ +--- +title: Clear recents in Finder on Mac +--- + +## Why + +Perhaps you've been browsing files you do not want others to know exist, like your Will or something else. + +## How + +### Step 1: Finder UI + +**Finder** > **Go** > **Recent Folders** > **Clear** + +![Finder > Go > Recent Folders > Clear](../../assets/clear-recents-in-finder-on-mac.png) + +### Step 2: Shell + +Open Terminal and paste the below + +```shell +rm -rf $TMPDIR../C/com.apple.recentitems/ +killall Finder +``` diff --git a/docs/kubernetes/kb/kubectl-get-pods-in-certain-status.md b/docs/kubernetes/kb/kubectl-get-pods-in-certain-status.md new file mode 100644 index 00000000..ea3362d2 --- /dev/null +++ b/docs/kubernetes/kb/kubectl-get-pods-in-certain-status.md @@ -0,0 +1,22 @@ +--- +title: Kubectl get pods in certain status +--- + +## Why + +Sometimes when working on a cluster you want to know how many pods have failed across the entire cluster or herpahs how +many are pending. + +## How + +### Failed + +```shell +kubectl get pods --all-namespaces --field-selector status.phase=Failed +``` + +### Pending + +```shell +kubectl get pods --all-namespaces --field-selector status.phase=Pending +``` diff --git a/docs/security/wiz/wiz-connector-no-connector-id.md b/docs/security/wiz/wiz-connector-no-connector-id.md new file mode 100644 index 00000000..5201c4a5 --- /dev/null +++ b/docs/security/wiz/wiz-connector-no-connector-id.md @@ -0,0 +1,45 @@ +--- +title: Wiz Kubernetes Failed executing entrypoint CONNECTOR_ID is not set +--- + +## What + +When deploying the Kubernetes connector to a cluster using Wiz security, your deployment may fail with the below error + +```json +{"level":"fatal","time":"2026-01-19T14:10:14.047213534Z","msg":"Failed executing entrypoint","error":"CONNECTOR_ID is not set"} +``` + +## How to resolve + +Check that your wiz connector secret actually contains a value + +```shell +kubectl get secret/wiz-connector -o yaml +``` + +If you see an output like the below, then your secret is not populated + +```yaml +apiVersion: v1 +data: + connectorData: e30= +kind: Secret +metadata: + creationTimestamp: "2026-01-19T11:21:22Z" + labels: + app.kubernetes.io/instance: wiz + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: wiz-kubernetes-connector + app.kubernetes.io/version: "3.0" + helm.sh/chart: wiz-kubernetes-connector-4.0.3 + name: wiz-connector + namespace: wiz + resourceVersion: "1768821682186527019" + uid: 46685ad8-7fd7-496b-ac98-e8a740156b55 +type: Opaque +``` + +### Recreate the secret + +Depending on how you're managing the resources, you may have to recreate the secret by pulling it from External Secrets again, or re-run your `kubectl` command to create the secret diff --git a/docs/security/wiz/wiz-list-terraform-provider-versions.md b/docs/security/wiz/wiz-list-terraform-provider-versions.md new file mode 100644 index 00000000..de0054aa --- /dev/null +++ b/docs/security/wiz/wiz-list-terraform-provider-versions.md @@ -0,0 +1,120 @@ +--- +title: Wiz list terraform provider versions +--- + +## Why + +As Wiz does not use the Hashicorp registry for its provider, not a public git repo we don't get a nice UI to see the versions. + +All their docs do not include a version either. + +When writing terraform you want to pin the provider version to ensure backwards compatibility etc. It's a best practice + +## How + +### Using `tfupdate` CLI + +!!! note "Relies on the tfupdate command line tool" + + Can be installed from [github.com/minamijoyo/tfupdate](https://github.com/minamijoyo/tfupdate) + +#### 1. Set the registry URL + +```shell +export TFREGISTRY_BASE_URL="https://tf.app.wiz.io/" +``` + +#### 2. Query the registry for releases + +```shell +tfupdate release list -s tfregistryProvider wizsec/wiz +``` + +You will then get an output like the below + +```text +➜ tfupdate release list -s tfregistryProvider wizsec/wiz +1.28.11229 +1.28.11336 +1.28.11764 +1.28.11875 +1.28.12451 +1.28.12559 +1.28.12840 +1.28.13179 +1.28.13755 +1.28.13893 +``` + +### Using CURL + +Terraform registries make use of `/.well-known/terraform.json` endpoints to work out where to access providers and modules + +```shell +curl https://tf.app.wiz.io/.well-known/terraform.json | jq +``` + +We then get an output like + +```json +{ + "modules.v1": "/v1/modules/", + "providers.v1": "/v1/providers/" +} +``` + +Now we can make a request to the providers endpoint for the provider we want, in this case `wizsec/wiz` + +```shell +curl -s https://tf.app.wiz.io/v1/providers/wizsec/wiz/versions | jq +``` + +We get an output similar to + +```json +{ + "versions": [ + { + "namespace": "wizsec", + "name": "wiz", + "version": "1.10.2114", + "platforms": [ + { + "os": "darwin", + "arch": "amd64" + }, + { + "os": "darwin", + "arch": "arm64" + }, + { + "os": "linux", + "arch": "amd64" + }, + { + "os": "linux", + "arch": "arm64" + }, + { + "os": "windows", + "arch": "amd64" + } + ] + }, + ... + ] +} +``` + +## Specifying the version in out `providers.tf` file + +```terraform +terraform { + required_providers { + wiz = { + source = "tf.app.wiz.io/wizsec/wiz" + version = "1.28.13893" + } + } +} +``` diff --git a/mkdocs.yml b/mkdocs.yml index 418ad7aa..3ec9424a 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -108,6 +108,7 @@ nav: - Uninstall Netplan: kb/linux-networking/uninstall-netplan.md - Mac: - Bose Headphones Crackle when connected to mac via bluetooth: kb/mac/bose-headphones-crackle.md + - Clear recents in Finder on Mac: kb/mac/clear-recents-in-finder-on-mac.md - Command not found compdef: kb/mac/command-not-found-compdef.md - Connect to serial port on mac: kb/mac/connect-to-serial-port-on-mac.md - Markdown: @@ -273,6 +274,7 @@ nav: - View logs on who enabled an API: cloud/gcp/view-logs-on-who-enabled-an-api.md - Wasabi: - Backup Synology NAS to Wasabi: cloud/wasabi/backup-synology-nas-to-wasabi.md + - List bucket size on Wasabi: cloud/wasabi/list-bucket-size-wasabi.md - Cloud Secret manager cost Comparison: cloud/secret-manager-comparison.md - Kubernetes: - kubernetes/index.md @@ -333,7 +335,8 @@ nav: - Force Delete pod: kubernetes/kb/force-delete-pod.md - Get Kubernetes nodes and their labels: kubernetes/kb/get-kubernetes-nodes-and-their-labels.md - Kubectl commands: kubernetes/kb/kubectl-commands.md - - "Kubectl get pod and node it's on": kubernetes/kb/kubectl-get-pods-and-nodes.md + - Kubectl get pod and node it's on: kubernetes/kb/kubectl-get-pods-and-nodes.md + - Kubectl get pods in certain status: kubernetes/kb/kubectl-get-pods-in-certain-status.md - Kubectl get Service accounts and namespaces: kubernetes/kb/kubectl-get-service-accounts-namespaces.md - Set default namespace kubectl: kubernetes/kb/kubectl-set-namespace.md - Testing RBAC: kubernetes/kb/rbac-testing.md @@ -365,6 +368,9 @@ nav: - Promptfoo using mitmproxy or mitmweb: security/promptfoo/promptfoo-using-mitmproxy-or-mitmweb.md - Rapid7: - Add Google Organization to Rapid7: security/rapid7/add-google-organization-to-rapid7.md + - Wiz: + - Wiz Kubernetes Failed executing entrypoint CONNECTOR_ID is not set: security/wiz/wiz-connector-no-connector-id.md + - Wiz list terraform provider versions: security/wiz/wiz-list-terraform-provider-versions.md - Certifications: - Google Cloud Architect: - Google architect - Page 1: certifications/google-certs/gcp-architect/gcp-architect-1.md