onelittlenightmusic

jr, jp, jb (alias to opa eval): Cheatsheet

jr, jp and jb are commands for JSON modification.

Basic usages

$ data='{"name":"chris", "friends":["alice", "bob"]}'
# jr
$ echo $data | jr 'i.name'

onelittlenightmusic

Resource	Amount
CPU	4 Cores
Memory	12 GB
Disk	50 GB

onelittlenightmusic

main = { #Start of value
    "apiVersion": "admission.k8s.io/v1beta1",
    "kind": "AdmissionReview",
    "response": {
        "allowed": true,
        "patchType": "JSONPatch",
        "patch": patch_bytes,
    }
} #End of value
{   #Start of condition

onelittlenightmusic

package system

main = {
    "apiVersion": "admission.k8s.io/v1beta1",
    "kind": "AdmissionReview",
    "response": {
        "allowed": true,
        "patchType": "JSONPatch",
        "patch": patch_bytes,
    }

onelittlenightmusic

kubectl create namespace opa
helm repo add stable https://kubernetes-charts.storage.googleapis.com
helm repo up
helm install opa stable/opa -f helm-values.yaml --namespace opa

onelittlenightmusic

admissionControllerKind: MutatingWebhookConfiguration
opa: null
mgmt:
  configmapPolicies:
    enabled: true
    namespaces: [opa, opa-example]
    requireLabel: true
  replicate:
    cluster:
    - v1/namespaces

onelittlenightmusic

apiVersion: extensions/v1beta1                                                                          
kind: Ingress                                                                                           
metadata:                                                                                               
  name: ingress-ok
  namespace: opa-example                                                                                     
spec:                                                                                                   
  rules:                                                                                                
  - host: signin.ng.com                                                                           
    http:                                                                                               
      paths:                                                                                            

onelittlenightmusic

apiVersion: extensions/v1beta1                                                                          
kind: Ingress                                                                                           
metadata:                                                                                               
  name: ingress-ok-2          
  namespace: opa-example
spec:                                                                                                   
  rules:                                                                                                
  - host: test2.secondok.com
    http:                                                                                               
      paths:                                                                                            

onelittlenightmusic

apiVersion: extensions/v1beta1                                                                          
kind: Ingress                                                                                           
metadata:                                                                                               
  name: ingress-ok            
  namespace: opa-example
spec:                                                                                                   
  rules:                                                                                                
  - host: test.ok.com
    http:                                                                                               
      paths:                                                                                            

onelittlenightmusic

apiVersion: v1
kind: Namespace
metadata:
  annotations:
    ingress-whitelist: "*.ok.com,*.secondok.com"
  name: opa-example