OCI with GitOps demo

demo-meetup.sh

#!/bin/bash

# setup
if [ ! -f demo-magic.sh ]; then
    curl -LO https://github.com/paxtonhare/demo-magic/raw/master/demo-magic.sh
fi
. demo-magic.sh
clear

# demo cleanup
kubectl config use-context gke_mabenoit-cs-ui_northamerica-northeast1_gke
kubectl delete rootsyncs -A --all
kubectl delete constrainttemplates --all
kubectl delete constraints --all
# demo setup
rm -rf ~/ci-with-helm
git clone https://github.com/mathieu-benoit/ci-with-helm
cd ~/ci-with-helm/policies
cat <<EOF > policies-rootsync.yaml
apiVersion: configsync.gke.io/v1beta1
kind: RootSync
metadata:
  name: root-sync-policies
  namespace: config-management-system
spec:
  sourceFormat: unstructured
  sourceType: oci
  oci:
    image: ghcr.io/mathieu-benoit/policies:0.1.0
    dir: .
    auth: none
EOF
clear
# demo
pe "tree"
pe "cat privileged-containers/template.yaml"
pe "cat privileged-containers/samples/constraint.yaml"
pe "clear"
pe "kustomize build . > policies.yaml"
pe "tar -czf policies.tar.gz policies.yaml"
pe "oras push ghcr.io/mathieu-benoit/ci-with-helm/policies:0.1.0 policies.tar.gz"
pe "~/nomos status --contexts $(kubectl config current-context)"
pe "kubectl get constraints,constrainttemplates"
pe "clear"
pe "cat policies-rootsync.yaml"
pe "kubectl apply -f policies-rootsync.yaml"
pe "~/nomos status --contexts $(kubectl config current-context)"
pe "kubectl get constraints,constrainttemplates"
pe "~/nomos status --contexts $(kubectl config current-context)"
pe "kubectl get constraints,constrainttemplates"
pe "kubectl get constraints,constrainttemplates"
pe "kubectl create deployment nginx --image=nginx"