This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
# Verify signed image using a public key without a fulcio issued certificate. | |
apiVersion: config.openshift.io/v1alpha1 | |
kind: ImagePolicy | |
metadata: | |
name: image-is-signed | |
spec: | |
images: | |
- hostname:5000/myns/sigstore-signed-with-full-references | |
policy: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package api | |
import ( | |
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" | |
) | |
type ImagePolicy struct { | |
metav1.TypeMeta `json:",inline"` | |
metav1.ObjectMeta `json:"metadata,omitempty"` | |
Spec ImagePolicySpec `json:"spec"` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# -*- mode: ruby -*- | |
# vi: set ft=ruby : | |
# Vagrant box for testing | |
Vagrant.configure("2") do |config| | |
config.vm.box = "fedora/35-cloud-base" | |
memory = 6144 | |
cpus = 4 | |
config.vm.provider :virtualbox do |v| |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: machineconfiguration.openshift.io/v1 | |
kind: MachineConfig | |
metadata: | |
labels: | |
machineconfiguration.openshift.io/role: worker | |
name: recreate-backingfsblockdev | |
spec: | |
config: | |
ignition: | |
version: 3.2.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
set -euox pipefail | |
TAG=v1.26.0-rc.1 | |
URL=https://dl.k8s.io/release/$TAG/bin/linux/amd64 | |
BIN=kubectl | |
for EXT in "" .sig .cert; do | |
FILE=$BIN$EXT | |
curl -sSfL --retry 3 --retry-delay 3 $URL/$FILE -o $FILE |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"defaultAction": "SCMP_ACT_ERRNO", | |
"architectures": ["SCMP_ARCH_X86_64", "SCMP_ARCH_X86", "SCMP_ARCH_X32"], | |
"syscalls": [ | |
{ | |
"names": [ | |
"accept4", | |
"access", | |
"arch_prctl", | |
"bind", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# -*- mode: ruby -*- | |
# vi: set ft=ruby : | |
Vagrant.configure("2") do |config| | |
config.vm.box = "generic/rocky8" | |
memory = 6144 | |
cpus = 4 | |
config.vm.provider :virtualbox do |v| | |
v.memory = memory |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
set -euo pipefail | |
OUTPUT=deploy.yaml | |
# Deploy cert-manager (not requried in final version because certificates | |
# should be bootstrapped by the installer) | |
kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.3.1/cert-manager.yaml | |
kubectl wait --for condition=ready \ | |
-n cert-manager pod -l app.kubernetes.io/instance=cert-manager |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Before deploying this, run: | |
# oc adm policy add-scc-to-user hostnetwork -z crio-metrics -n crio-metrics | |
--- | |
# Only required for demoing purposes because the ServiceMonitor is part of the | |
# user monitoring and should move to the system level later on. | |
apiVersion: v1 | |
kind: ConfigMap | |
metadata: | |
name: cluster-monitoring-config | |
namespace: openshift-monitoring |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
// BEFORE RUNNING: | |
// --------------- | |
// 1. If not already done, enable the Cloud Resource Manager API | |
// and check the quota for your project at | |
// https://console.developers.google.com/apis/api/cloudresourcemanager | |
// 2. This sample uses Application Default Credentials for authentication. | |
// If not already done, install the gcloud CLI from | |
// https://cloud.google.com/sdk/ and run |
NewerOlder