garethahealy

#!/bin/sh
#set -X
#doitlive commentecho: true
#doitlive commentecho: true
#doitlive speed: 3
#doitlive shell: /bin/zsh
# 
# Lets start off with building the image. Going to use to docker buildx as that creates us a provenance file 

docker buildx build --attest=type=provenance,mode=max . -t quay.io/garethahealy/sigstore-demo --push

garethahealy

Cloning "https://github.com/redhat-cop/containers-quickstarts.git" ...
	Commit:	1f147919008e15a1d02cbcaedae8acc16917a713 (Update GH actions to use redhat-actions for build & publish (#463))
	Author:	Petter Abrahamsson <petter@redhat.com>
	Date:	Mon Mar 29 06:16:02 2021 -0400
Replaced Dockerfile FROM image rhel7-atomic
Caching blobs under "/var/cache/blobs".

Pulling image registry.access.redhat.com/rhel7/rhel-atomic@sha256:ccf4374142b6c0e1782b751f43f2d1012a5cc604056300dd9feda0d77844082d ...
Getting image source signatures
Copying blob sha256:c0d48602e1ab40abadbbf6085cbc2b73cacf6e6c59498133d89e735d0c6e8dc4

garethahealy

apiVersion: v1
kind: Namespace
metadata:
  labels:
    admission.gatekeeper.sh/ignore: no-self-managing
    control-plane: controller-manager
    gatekeeper.sh/system: "yes"
  name: gatekeeper-system
---
apiVersion: apiextensions.k8s.io/v1beta1

garethahealy

apiVersion: templates.gatekeeper.sh/v1beta1
kind: ConstraintTemplate
metadata:
  creationTimestamp: null
  name: commonk8slabelsnotset
spec:
  crd:
    spec:
      names:
        kind: CommonK8sLabelsNotset

garethahealy

apiVersion: constraints.gatekeeper.sh/v1beta1
kind: CommonK8sLabelsNotset
metadata:
  name: commonk8slabelsnotset
spec:
  match:
    kinds:
    - apiGroups:
      - apps.openshift.io
      - apps

garethahealy

apiVersion: v1
kind: Pod
metadata:
  name: tag-digest
spec:
  containers:
  - name: java
    image: registry.redhat.io/openjdk/openjdk-11-rhel8:1.1@sha256:5c1bb0a3e2b5ce9018e990dfef68fd040e8584975d05eee109ee4f3daf0366e1

garethahealy

# get_rego_namespaces
# ====================
#
# Summary: Resolves the package names in your rego policies against a regex lookup
#
# Usage: get_rego_namespaces ${regex}
#
# Options:
#   <regex>     Regex pattern matching package name
# Globals:

garethahealy

$ docker pull quay.io/openshift/origin-jenkins-agent-base:4.4
4.4: Pulling from openshift/origin-jenkins-agent-base
Digest: sha256:1d59d3b1902a3581b6a9b1955fbd1d44490d9f470abbd60591948942a4ef7437
Status: Image is up to date for quay.io/openshift/origin-jenkins-agent-base:4.4
quay.io/openshift/origin-jenkins-agent-base:4.4

$ docker inspect quay.io/openshift/origin-jenkins-agent-base:4.4
[
    {
        "Id": "sha256:cd343f0d83042932fa992e095cd4a93a89a3520873f99b0e15fde69eb46e7e10",

garethahealy

bootstrap-project:
  enabled: true
  namespaces:
  - name: bob

argocd:
  enabled: false

garethahealy

MacBook-Pro:ubiquitous-journey garethhealy$ helm template --dependency-update  bootstrap --values bootstrap/values-bootstrap.yaml
---
# Source: cluster-bootstrap/charts/bootstrap-project/templates/namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
  name: "bob"
---
# Source: cluster-bootstrap/charts/bootstrap-project/templates/serviceaccount.yaml
apiVersion: v1