John Reese jpreese
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //go:embed build/output/* | |
| var staticFiles embed.FS | |
| func main() { | |
| fileSystem := fs.FS(staticFiles) | |
| assets, err := fs.Sub(fileSystem, "build/output") | |
| if err != nil { | |
| log.Fatal("load assets:", err) | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| moo | |
| lol i'm a cow |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Create the following Dockerfile: | |
| --- | |
| FROM ubuntu | |
| RUN apt-get update | |
| RUN apt-get install curl sudo docker.io -y | |
| RUN curl -LO https://storage.googleapis.com/container-structure-test/latest/container-structure-test-linux-amd64 && chmod +x container-structure-test-linux-amd64 && sudo mv container-structure-test-linux-amd64 /usr/local/bin/container-structure-test | |
| --- |
jpreese
/ validation_error.go
Created
March 2, 2021 23:06
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "errors" | |
| "fmt" | |
| "strings" | |
| "github.com/hashicorp/go-multierror" | |
| ) |
jpreese
/ combine.rego
Created
August 5, 2020 21:02
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package lib.combine | |
| default is_multidocument = false | |
| is_multidocument { | |
| input[_][_].kind | |
| } | |
| resources[resource] { | |
| is_multidocument |
jpreese
/ default_write.go
Created
August 2, 2020 22:40
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| output := viper.GetString("out") | |
| if filepath.Ext(output) == "" { | |
| output = filepath.Join(output, "alerts.md") | |
| } | |
| .. | |
| rendering.Render(workingDir, filepath.Ext(output)) | |
| .. | |
| if err := ioutil.WriteFile(output, .., ..); err != nil { |
jpreese
/ container_resource.rego
Created
July 31, 2020 21:22
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package policy | |
| import data.lib.core | |
| import data.lib.workloads | |
| # @title Containers must specify resource constraints | |
| # | |
| # All containers must specify resource constraints, this includes: | |
| # - requests.cpu | |
| # - requests.memory |
jpreese
/ no_mutating_pod.rego
Last active
July 31, 2020 21:15
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # @title Pods must not have access to the host aliases | |
| # | |
| # Pods that can change aliases in the host's /etc/hosts file can | |
| # redirect traffic to malicious servers. | |
| # | |
| # @kinds apps/DaemonSet apps/Deployment apps/StatefulSet core/Pod | |
| package policy | |
| import data.lib.core |
jpreese
/ prometheus_rule.rego
Created
July 31, 2020 20:40
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # @title PrometheusRules must specify a prometheus label | |
| # | |
| # All PrometheusRules created on the cluster must contain a `prometheus` label | |
| # with a value of `prometheus`. This ensures that the rule is found by the prometheus operator. | |
| # | |
| # @kinds monitoring.coreos.com/PrometheusRule | |
| package policy | |
| import data.lib.core |
jpreese
/ gatekeeper_policy_test.sh
Created
July 30, 2020 19:09
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| echo "" | |
| echo "RUNNING POLICY TESTS ( •_•)>⌐■-■ " | |
| echo "" | |
| FAIL=0 | |
| # Verify that the test resources are NOT applied to the default namespace. | |
| # If any of the test resources are successfully applied, the test fails. |
NewerOlder