Raph Moraes rdemoraes

## constraint-template-crd.yaml
apiVersion: templates.gatekeeper.sh/v1beta1
kind: ConstraintTemplate
metadata:
  name: k8swhitelistedimages
spec:
  crd:
    spec:
      names:
        kind: k8sWhitelistedImages
      validation:

## constraint-crd.yaml
apiVersion: constraints.gatekeeper.sh/v1beta1
kind: k8sWhitelistedImages
metadata:
  name: k8senforcewhitelistedimages
spec:
  match:
    kinds:
      - apiGroups: [""]
        kinds: ["Pod"]
  parameters:

## pod.yaml
apiVersion: v1
kind: Pod
metadata:
  name: opa-test
  labels:
    role: opa-test
  namespace: default
spec:
  containers:
    - name: opa-test

## configMapDockerEntrypoint.yaml
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: docker-entrypoint-sh
data:
  docker-entrypoint.sh: |
      #!/bin/bash
      set -e      # first arg is `-f` or `--some-option`
      if [ "${1:0:1}" = '-' ]; then

## headlessService.yaml
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: cassandra
  name: cassandra
spec:
  clusterIP: None
  ports:

## nlbService.yaml
---
kind: Service
apiVersion: v1
metadata:
  labels:
    app: cassandra
  name: cassandra-nlb
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-type: nlb
    service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0

## configMapCassandraRings.yaml
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: cassandra-rings
data:
  CASSANDRA_0_INITIAL_TOKEN: <token_number>, <token_number>,...
  CASSANDRA_1_INITIAL_TOKEN: <token_number>, <token_number>,...
  CASSANDRA_2_INITIAL_TOKEN: <token_number>, <token_number>,...

## configMapCassandra.yaml
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: cassandra-rings
  namespace: cassandra
data:
  CASSANDRA_0_INITIAL_TOKEN: <token_number>, <token_number>,...
  CASSANDRA_1_INITIAL_TOKEN: <token_number>, <token_number>,...
  CASSANDRA_2_INITIAL_TOKEN: <token_number>, <token_number>,...

## statefulSetCassandra.yaml
---
apiVersion: "apps/v1"
kind: StatefulSet
metadata:
  name: cassandra
  namespace: cassandra
  labels:
    app: cassandra
spec:
  serviceName: cassandra

## cassandraS3Policy.json
{
    "Version": "2012–10–17",
    "Statement": [
       {
           "Effect": "Allow",
           "Action": [
               "s3:ListBucket",
               "s3:PutObject",
               "s3:GetObject",
               "s3:DeleteObject"
	apiVersion: templates.gatekeeper.sh/v1beta1
	kind: ConstraintTemplate
	metadata:
	name: k8swhitelistedimages
	spec:
	crd:
	spec:
	names:
	kind: k8sWhitelistedImages
	validation:
	apiVersion: constraints.gatekeeper.sh/v1beta1
	kind: k8sWhitelistedImages
	metadata:
	name: k8senforcewhitelistedimages
	spec:
	match:
	kinds:
	- apiGroups: [""]
	kinds: ["Pod"]
	parameters:
	apiVersion: v1
	kind: Pod
	metadata:
	name: opa-test
	labels:
	role: opa-test
	namespace: default
	spec:
	containers:
	- name: opa-test
	---
	apiVersion: v1
	kind: ConfigMap
	metadata:
	name: docker-entrypoint-sh
	data:
	docker-entrypoint.sh: \|
	#!/bin/bash
	set -e # first arg is `-f` or `--some-option`
	if [ "${1:0:1}" = '-' ]; then
	---
	apiVersion: v1
	kind: Service
	metadata:
	labels:
	app: cassandra
	name: cassandra
	spec:
	clusterIP: None
	ports:
	---
	apiVersion: "apps/v1"
	kind: StatefulSet
	metadata:
	name: cassandra
	namespace: cassandra
	labels:
	app: cassandra
	spec:
	serviceName: cassandra
	{
	"Version": "2012–10–17",
	"Statement": [
	{
	"Effect": "Allow",
	"Action": [
	"s3:ListBucket",
	"s3:PutObject",
	"s3:GetObject",
	"s3:DeleteObject"