To make this work as expected, provide these three Environments correctly and then you are good to go!
I have tried with Webhook URL of one of my room on Google Chat.
So for setting up you env, do this -
| function DockerImageCheckFunction() { | |
| # you can comment all the DEBUG echo statements, there are here just for info. | |
| DHUB_TOKEN=$(curl -sSLd "username=${DOCKER_HUB_USERNAME}&password=${DOCKER_HUB_PASSWORD}" https://hub.docker.com/v2/users/login | jq -r ".token") | |
| echo "[DEBUG] [$(date)] Token is: $DHUB_TOKEN" | |
| echo | |
| echo "[DEBUG] [$(date)] Hitting the endpoint: https://hub.docker.com/v2/repositories/${DOCKER_REPO}/tags/${DOCKER_TAG}/" | |
| REPO_RESPONSE=$(curl -sH "Authorization: JWT $DHUB_TOKEN" "https://hub.docker.com/v2/repositories/${DOCKER_REPO}/tags/${DOCKER_TAG}/") | |
| echo |
| from datetime import datetime, timedelta | |
| def deletion_time(ttl): | |
| print("[DEBUG] The Current Time is: ",datetime.now()) | |
| delete_at_time = datetime.now() + timedelta(minutes=int(ttl)) | |
| print("[DEBUG] This Will be deleted at: ",delete_at_time) | |
| hh = delete_at_time.hour | |
| mm = delete_at_time.minute | |
| yyyy = delete_at_time.year | |
| month = delete_at_time.month |
| AWSTemplateFormatVersion: "2010-09-09" | |
| Description: Schedule automatic deletion of CloudFormation stacks | |
| # Advance way to customize our Parameters inputs, looks very good to the users :) | |
| Metadata: | |
| License: Apache-2.0 | |
| AWS::CloudFormation::Interface: | |
| ParameterGroups: | |
| - Label: |
When we set up Kubernetes the default config file (aka kubeconfig file) has admin privileges. This is fine when you are the only one who is going to access the cluster*(still not a good practice tho!)* but what if there are multiple teams/devs involved and they also need to access the cluster for some use case, obviously, they don't need the full access, So now what? Will you give them your kubeconfig file(or the access) which has full permissions? Absolutely not!
Have you heard about the Principle of least privilege? It dictates - A subject should be given only those privileges needed for it to complete its task. If a subject does not need an access right, the subject should not have that right.
So we should create users as per the requirements and assign them the minimum permissions to function properly, right? but how do we do it?
Just to be clear, Kubernetes does not have the support for users natively. And from the [documentation](https://kubernetes.
| apiVersion: "vault.banzaicloud.com/v1alpha1" | |
| kind: "Vault" | |
| metadata: | |
| name: "vault" | |
| labels: | |
| app.kubernetes.io/name: vault | |
| namespace: vault-operator | |
| spec: | |
| size: 3 | |
| image: vault:1.13.3 |
| kind: ServiceAccount | |
| apiVersion: v1 | |
| metadata: | |
| name: vault | |
| namespace: vault-operator | |
| --- | |
| kind: Role | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| metadata: |
| apiVersion: external-secrets.io/v1beta1 | |
| kind: ClusterSecretStore | |
| metadata: | |
| name: vault-secret-store | |
| spec: | |
| provider: | |
| vault: | |
| server: "https://vault.vault-operator:8200" | |
| # adding this to verify CA, as we are using self-signed certificates. |
| apiVersion: external-secrets.io/v1beta1 | |
| kind: ExternalSecret | |
| metadata: | |
| name: sample-external-secrets | |
| namespace: vault-operator | |
| spec: | |
| refreshInterval: 15s | |
| secretStoreRef: | |
| name: vault-secret-store # name of the secret store | |
| kind: ClusterSecretStore |