Luc lucj

## k3s-0.8-volumeattachements-fix.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: system:nodes:volumeattachments
rules:
- apiGroups:
  - storage.k8s.io
  resources:
  - volumeattachments
  verbs:

## nginx.log
46.218.112.178 - - [01/Sep/2019:14:45:19 +0000] "GET /api/1234/1234/from_id HTTP/1.1" 200 615 "https://mydomain.net/" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0" "-"
46.218.112.178 - - [01/Sep/2019:14:53:25 +0000] "GET / HTTP/1.1" 304 0 "https://mydomain.net/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/1234.36" "-"
46.218.112.178 - - [01/Sep/2019:14:53:25 +0000] "GET /assets/styles/materialize.min.css HTTP/1.1" 304 0 "https://mydomain.net/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/1234.36" "-"
46.218.112.178 - - [01/Sep/2019:14:53:25 +0000] "GET /assets/styles/ReactComponents.css HTTP/1.1" 304 0 "https://mydomain.net/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/1234.36" "-"
46.218.112.178 - - [01/Sep/2019:14:53:25 +0000] "GET /assets/dependencies/jquery.min.js HTTP/1.1" 304 0 "https://mydomain.net/" "Mozilla

## flux.log
ts=2019-08-20T17:38:26.836259722Z caller=warming.go:198 component=warmer info="refreshing image" image=registry.gitlab.com/lucj/hello tag_count=12 to_update=1 of_which_refresh=0 of_which_missing=1
ts=2019-08-20T17:38:27.487350744Z caller=warming.go:206 component=warmer updated=registry.gitlab.com/lucj/hello successful=1 attempted=1
ts=2019-08-20T17:38:27.487776761Z caller=images.go:17 component=sync-loop msg="polling images"
ts=2019-08-20T17:38:27.609766795Z caller=images.go:111 component=sync-loop workload=default:deployment/hello container=hello repo=registry.gitlab.com/lucj/hello pattern=regexp:^((?!tmp).)*$ current=registry.gitlab.com/lucj/hello:master info="added update to automation run" new=registry.gitlab.com/lucj/hello:7ef62883c2f5ba725a14afeed3c82c064791a464 reason="latest 7ef62883c2f5ba725a14afeed3c82c064791a464 (2019-08-20 17:33:48.211982513 +0000 UTC) > current master (2019-08-19 17:43:37.996141391 +0000 UTC)"
ts=2019-08-20T17:38:27.60984745Z caller=loop.go:119 component=sync-loop jobID=a43e68f1-

## etcd-keys-new.sh
$ for k in $(cat etcd-kv.json | jq '.kvs[].key' | cut -d '"' -f2); do echo $k | base64 --decode; echo; done

/registry/apiregistration.k8s.io/apiservices/v1.
/registry/apiregistration.k8s.io/apiservices/v1.apps
/registry/apiregistration.k8s.io/apiservices/v1.authentication.k8s.io
/registry/apiregistration.k8s.io/apiservices/v1.authorization.k8s.io
/registry/apiregistration.k8s.io/apiservices/v1.autoscaling
/registry/apiregistration.k8s.io/apiservices/v1.batch
/registry/apiregistration.k8s.io/apiservices/v1.coordination.k8s.io
/registry/apiregistration.k8s.io/apiservices/v1.networking.k8s.io

## gitlab-ci.yaml
deploy-kube:
  stage: deploy
  environment: test
  image: dtzar/helm-kubectl:2.12.3
  script:
    - kubectl config set-cluster sophia-cluster --server=${KUBE_URL} --certificate-authority="${KUBE_CA_PEM_FILE}"
    - kubectl config set-credentials sophia-admin --token=${KUBE_TOKEN}
    - kubectl config set-context sophia-context --cluster=sophia-cluster --user=sophia-admin --namespace ${KUBE_NAMESPACE}
    - kubectl config use-context sophia-context
    - helm upgrade --reuse-values --set image.tag=$CI_BUILD_REF sophia k8s-chart

## handlers.py
import kopf
import kubernetes
import yaml

@kopf.on.create('zalando.org', 'v1', 'databases')
def create_fn(body, spec, **kwargs):
    # Get info from Database object
    name = body['metadata']['name']
    namespace = body['metadata']['namespace']
    type = spec['type']

## .gitlab-ci.yaml-microscanner
image_scanning_microscanner:
  stage: scan
  image: docker:stable
  services:
    - docker:dind
  script:
    - docker build --build-arg=token=$MICROSCANNER_TOKEN -f Dockerfile.microscanner --no-cache . > microscanner-report.html.tmp
    - sed -n '/<html/,/<\/html>/p' microscanner-report.html.tmp > microscanner-report.html
  artifacts:
    paths: [microscanner-report.html]

## Dockerfile-with-microscanner
FROM node:8.12.0-alpine AS build
COPY . /build
WORKDIR /build
RUN npm i
RUN node clean.js
RUN ./node_modules/mustache/bin/mustache upcoming_events.json index.mustache > index.html
RUN ./node_modules/mustache/bin/mustache past_events.json past.mustache > past.html

FROM nginx:1.14-alpine
COPY --from=build /build/*.html /usr/share/nginx/html/

## Dockerfile.microscanner
FROM registry.gitlab.com/lucj/sophia.events:latest

ARG token
RUN apk add --no-cache ca-certificates && update-ca-certificates && \
    wget -O /microscanner https://get.aquasec.com/microscanner && \
    chmod +x /microscanner && \
    /microscanner --html --continue-on-failure ${token} && \
    rm -rf /microscanner

## mq-reconnect.js
...
conn.on("close", function() {
            winston.error("-> mq.connection: close event received");
            mq.channel = null;

            // Try to reconnect every X seconds
            const timer = setInterval(function () {
                              winston.info('-> mq.connection: trying to reconnect...');
                              mq.connect((err) => {
                                  if (err) {
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRole
	metadata:
	name: system:nodes:volumeattachments
	rules:
	- apiGroups:
	- storage.k8s.io
	resources:
	- volumeattachments
	verbs:
	46.218.112.178 - - [01/Sep/2019:14:45:19 +0000] "GET /api/1234/1234/from_id HTTP/1.1" 200 615 "https://mydomain.net/" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0" "-"
	46.218.112.178 - - [01/Sep/2019:14:53:25 +0000] "GET / HTTP/1.1" 304 0 "https://mydomain.net/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/1234.36" "-"
	46.218.112.178 - - [01/Sep/2019:14:53:25 +0000] "GET /assets/styles/materialize.min.css HTTP/1.1" 304 0 "https://mydomain.net/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/1234.36" "-"
	46.218.112.178 - - [01/Sep/2019:14:53:25 +0000] "GET /assets/styles/ReactComponents.css HTTP/1.1" 304 0 "https://mydomain.net/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/1234.36" "-"
	46.218.112.178 - - [01/Sep/2019:14:53:25 +0000] "GET /assets/dependencies/jquery.min.js HTTP/1.1" 304 0 "https://mydomain.net/" "Mozilla
	ts=2019-08-20T17:38:26.836259722Z caller=warming.go:198 component=warmer info="refreshing image" image=registry.gitlab.com/lucj/hello tag_count=12 to_update=1 of_which_refresh=0 of_which_missing=1
	ts=2019-08-20T17:38:27.487350744Z caller=warming.go:206 component=warmer updated=registry.gitlab.com/lucj/hello successful=1 attempted=1
	ts=2019-08-20T17:38:27.487776761Z caller=images.go:17 component=sync-loop msg="polling images"
	ts=2019-08-20T17:38:27.609766795Z caller=images.go:111 component=sync-loop workload=default:deployment/hello container=hello repo=registry.gitlab.com/lucj/hello pattern=regexp:^((?!tmp).)*$ current=registry.gitlab.com/lucj/hello:master info="added update to automation run" new=registry.gitlab.com/lucj/hello:7ef62883c2f5ba725a14afeed3c82c064791a464 reason="latest 7ef62883c2f5ba725a14afeed3c82c064791a464 (2019-08-20 17:33:48.211982513 +0000 UTC) > current master (2019-08-19 17:43:37.996141391 +0000 UTC)"
	ts=2019-08-20T17:38:27.60984745Z caller=loop.go:119 component=sync-loop jobID=a43e68f1-
	$ for k in $(cat etcd-kv.json \| jq '.kvs[].key' \| cut -d '"' -f2); do echo $k \| base64 --decode; echo; done

	/registry/apiregistration.k8s.io/apiservices/v1.
	/registry/apiregistration.k8s.io/apiservices/v1.apps
	/registry/apiregistration.k8s.io/apiservices/v1.authentication.k8s.io
	/registry/apiregistration.k8s.io/apiservices/v1.authorization.k8s.io
	/registry/apiregistration.k8s.io/apiservices/v1.autoscaling
	/registry/apiregistration.k8s.io/apiservices/v1.batch
	/registry/apiregistration.k8s.io/apiservices/v1.coordination.k8s.io
	/registry/apiregistration.k8s.io/apiservices/v1.networking.k8s.io
	deploy-kube:
	stage: deploy
	environment: test
	image: dtzar/helm-kubectl:2.12.3
	script:
	- kubectl config set-cluster sophia-cluster --server=${KUBE_URL} --certificate-authority="${KUBE_CA_PEM_FILE}"
	- kubectl config set-credentials sophia-admin --token=${KUBE_TOKEN}
	- kubectl config set-context sophia-context --cluster=sophia-cluster --user=sophia-admin --namespace ${KUBE_NAMESPACE}
	- kubectl config use-context sophia-context
	- helm upgrade --reuse-values --set image.tag=$CI_BUILD_REF sophia k8s-chart
	import kopf
	import kubernetes
	import yaml

	@kopf.on.create('zalando.org', 'v1', 'databases')
	def create_fn(body, spec, **kwargs):
	# Get info from Database object
	name = body['metadata']['name']
	namespace = body['metadata']['namespace']
	type = spec['type']
	image_scanning_microscanner:
	stage: scan
	image: docker:stable
	services:
	- docker:dind
	script:
	- docker build --build-arg=token=$MICROSCANNER_TOKEN -f Dockerfile.microscanner --no-cache . > microscanner-report.html.tmp
	- sed -n '/<html/,/<\/html>/p' microscanner-report.html.tmp > microscanner-report.html
	artifacts:
	paths: [microscanner-report.html]
	FROM node:8.12.0-alpine AS build
	COPY . /build
	WORKDIR /build
	RUN npm i
	RUN node clean.js
	RUN ./node_modules/mustache/bin/mustache upcoming_events.json index.mustache > index.html
	RUN ./node_modules/mustache/bin/mustache past_events.json past.mustache > past.html

	FROM nginx:1.14-alpine
	COPY --from=build /build/*.html /usr/share/nginx/html/
	FROM registry.gitlab.com/lucj/sophia.events:latest

	ARG token
	RUN apk add --no-cache ca-certificates && update-ca-certificates && \
	wget -O /microscanner https://get.aquasec.com/microscanner && \
	chmod +x /microscanner && \
	/microscanner --html --continue-on-failure ${token} && \
	rm -rf /microscanner
	...
	conn.on("close", function() {
	winston.error("-> mq.connection: close event received");
	mq.channel = null;

	// Try to reconnect every X seconds
	const timer = setInterval(function () {
	winston.info('-> mq.connection: trying to reconnect...');
	mq.connect((err) => {
	if (err) {