Glend Maatita glendmaatita

## index.ts
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// Create an AWS S3 bucket
const bucket = new aws.s3.Bucket("my-bucket", {
    website: {
        indexDocument: "index.html",
    },
});

## ingress.yml
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: vault
  annotations:
    kubernetes.io/ingress.class: nginx
    cert-manager.io/cluster-issuer: letsencrypt-issuer
spec:
  rules:

## gcs.tf
# https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket
resource "google_storage_bucket" "my-vault-bucket" {
  name = "my-vault-bucket"
  location = "US-CENTRAL1"
  storage_class = "STANDARD"

  uniform_bucket_level_access = false

  lifecycle_rule {
    condition {

## values.yaml
server:
  extraEnvironmentVars:
    GOOGLE_REGION: US-CENTRAL1
    GOOGLE_PROJECT: my-project
    GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/vault-config/vault-sa.json

  extraVolumes:
    - type: secret
      name: vault-config
      path: null

## deployment.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: atlantis
  labels:
    app: atlantis
spec:
  selector:
    matchLabels:

## volume.yml
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: atlantis-kubeconf-pvc
spec:
  accessModes:
    - ReadWriteMany
  storageClassName: ""
  resources:

## sa.yaml
# in order to be able to run Atlantis: https://www.runatlantis.io/
# https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_service_account
resource "google_service_account" "atlantis-sa" {
  account_id = "atlantis-sa"
  project = "my-project"
}

# https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_project_iam
resource "google_project_iam_member" "atlantis-im" {
  project = "my-project"

## shell.nix
let
  nixpkgs = fetchTarball "https://github.com/NixOS/nixpkgs/tarball/nixos-23.11";
  pkgs = import nixpkgs { config = { allowUnfree = true; }; overlays = []; };

  git = pkgs.git.overrideAttrs (oldAttrs: rec {
    version = "2.42.0";
  });

  podman = pkgs.podman.overrideAttrs (oldAttrs: rec {
    version = "4.7.2";

## shell.nix
let
  nixpkgs = fetchTarball "https://github.com/NixOS/nixpkgs/tarball/nixos-23.11";
  pkgs = import nixpkgs { config = { allowUnfree = true; }; overlays = []; };

  kubectl = pkgs.kubectl.overrideAttrs (oldAttrs: rec {
    version = "1.28.4";
  });

  terraform = pkgs.terraform.overrideAttrs (oldAttrs: rec {
    version = "1.6.4";

## kyverno-1.sh
~$ gcloud container clusters describe my-k8s --format='value(privateClusterConfig.masterIpv4CidrBlock)' --region=asia-southeast2-a

# 172.18.0.0/28
	import * as pulumi from "@pulumi/pulumi";
	import * as aws from "@pulumi/aws";

	// Create an AWS S3 bucket
	const bucket = new aws.s3.Bucket("my-bucket", {
	website: {
	indexDocument: "index.html",
	},
	});
	---
	apiVersion: networking.k8s.io/v1
	kind: Ingress
	metadata:
	name: vault
	annotations:
	kubernetes.io/ingress.class: nginx
	cert-manager.io/cluster-issuer: letsencrypt-issuer
	spec:
	rules:
	# https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket
	resource "google_storage_bucket" "my-vault-bucket" {
	name = "my-vault-bucket"
	location = "US-CENTRAL1"
	storage_class = "STANDARD"

	uniform_bucket_level_access = false

	lifecycle_rule {
	condition {
	server:
	extraEnvironmentVars:
	GOOGLE_REGION: US-CENTRAL1
	GOOGLE_PROJECT: my-project
	GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/vault-config/vault-sa.json

	extraVolumes:
	- type: secret
	name: vault-config
	path: null
	---
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: atlantis
	labels:
	app: atlantis
	spec:
	selector:
	matchLabels:
	---
	kind: PersistentVolumeClaim
	apiVersion: v1
	metadata:
	name: atlantis-kubeconf-pvc
	spec:
	accessModes:
	- ReadWriteMany
	storageClassName: ""
	resources:
	# in order to be able to run Atlantis: https://www.runatlantis.io/
	# https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_service_account
	resource "google_service_account" "atlantis-sa" {
	account_id = "atlantis-sa"
	project = "my-project"
	}

	# https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_project_iam
	resource "google_project_iam_member" "atlantis-im" {
	project = "my-project"
	let
	nixpkgs = fetchTarball "https://github.com/NixOS/nixpkgs/tarball/nixos-23.11";
	pkgs = import nixpkgs { config = { allowUnfree = true; }; overlays = []; };

	git = pkgs.git.overrideAttrs (oldAttrs: rec {
	version = "2.42.0";
	});

	podman = pkgs.podman.overrideAttrs (oldAttrs: rec {
	version = "4.7.2";
	let
	nixpkgs = fetchTarball "https://github.com/NixOS/nixpkgs/tarball/nixos-23.11";
	pkgs = import nixpkgs { config = { allowUnfree = true; }; overlays = []; };

	kubectl = pkgs.kubectl.overrideAttrs (oldAttrs: rec {
	version = "1.28.4";
	});

	terraform = pkgs.terraform.overrideAttrs (oldAttrs: rec {
	version = "1.6.4";
	~$ gcloud container clusters describe my-k8s --format='value(privateClusterConfig.masterIpv4CidrBlock)' --region=asia-southeast2-a

	# 172.18.0.0/28