vfarcic/224-vac.sh

## 224-vac.sh
# Source: https://gist.github.com/vfarcic/312d2044174551f2776ca50584f39204

###########################################################
# Kubernetes Validating Admission Policy Changes The Game #
# https://youtu.be/EsZcDUaSUss                            #
###########################################################

# Additional Info:
# - Kubernetes Validating Admission Policy: https://kubernetes.io/docs/reference/access-authn-authz/validating-admission-policy
# - Kubernetes-Native Policy Management With Kyverno: https://youtu.be/DREjzfTzNpA
# - How to apply policies in Kubernetes using Open Policy Agent (OPA) and Gatekeeper: https://youtu.be/14lGc7xMAe4
# - Admission Controllers Or CLI? Kubernetes Policy Validations with Datree: https://youtu.be/WTh84BPHC4o
# - KEDA: Kubernetes Event-Driven Autoscaling: https://youtu.be/3lcaawKAv6s
# - Common Expression Language (CEL): https://github.com/google/cel-spec
# - How To Shift Left Infrastructure Management Using Crossplane Compositions: https://youtu.be/AtbS1u2j7po
# - Gateway API - Ingress And Service Mesh Spec Replacement?: https://youtu.be/YAtXTI3NKtI

#########
# Setup #
#########

# Create a Kuberentes cluster v1.26+ with
#   `ValidatingAdmissionPolicy` enabled through feature gates
#   or use the command that follows to create a cluster with
#   Minikube
minikube start --kubernetes-version v1.26.0 \
    --feature-gates ValidatingAdmissionPolicy=true \
    --extra-config apiserver.runtime-config=admissionregistration.k8s.io/v1alpha1

git clone https://github.com/vfarcic/vac-demo

cd vac-demo

helm repo add crossplane-stable \
    https://charts.crossplane.io/stable

helm repo update

helm upgrade --install crossplane crossplane-stable/crossplane \
    --namespace crossplane-system --create-namespace --wait

kubectl apply --filename crossplane/config-sql.yaml

###############################################################
# Hands-On Examples Of Kubernetes Validating Admission Policy #
###############################################################

cat vac/deployment.yaml

kubectl apply --filename vac/deployment.yaml

kubectl --namespace production apply \
    --kustomize kustomize/base

kubectl --namespace production get pods

cat kustomize/overlays/replicas/deployment.yaml

kubectl --namespace production apply \
    --kustomize kustomize/overlays/replicas

cat kustomize/overlays/db-very-big/postgresql.yaml

# We did not install the AWS provider so no actual DB will be
#   created (you won't spend money).

cat vac/crossplane.yaml

kubectl apply --filename vac/crossplane.yaml

kubectl --namespace default apply \
    --kustomize kustomize/overlays/db-very-big

cat kustomize/overlays/db-small/postgresql.yaml

kubectl --namespace default apply \
    --kustomize kustomize/overlays/db-small

kubectl --namespace default delete \
    --kustomize kustomize/overlays/db-small

kubectl --namespace production apply \
    --kustomize kustomize/overlays/db-small

cat kustomize/overlays/db/postgresql.yaml

kubectl --namespace production apply \
    --kustomize kustomize/overlays/db

###########
# Destroy #
###########

# Destroy the cluster or use the command that follows if you
#   used Minikube
minikube delete
	# Source: https://gist.github.com/vfarcic/312d2044174551f2776ca50584f39204

	###########################################################
	# Kubernetes Validating Admission Policy Changes The Game #
	# https://youtu.be/EsZcDUaSUss #
	###########################################################

	# Additional Info:
	# - Kubernetes Validating Admission Policy: https://kubernetes.io/docs/reference/access-authn-authz/validating-admission-policy
	# - Kubernetes-Native Policy Management With Kyverno: https://youtu.be/DREjzfTzNpA
	# - How to apply policies in Kubernetes using Open Policy Agent (OPA) and Gatekeeper: https://youtu.be/14lGc7xMAe4
	# - Admission Controllers Or CLI? Kubernetes Policy Validations with Datree: https://youtu.be/WTh84BPHC4o
	# - KEDA: Kubernetes Event-Driven Autoscaling: https://youtu.be/3lcaawKAv6s
	# - Common Expression Language (CEL): https://github.com/google/cel-spec
	# - How To Shift Left Infrastructure Management Using Crossplane Compositions: https://youtu.be/AtbS1u2j7po
	# - Gateway API - Ingress And Service Mesh Spec Replacement?: https://youtu.be/YAtXTI3NKtI

	#########
	# Setup #
	#########

	# Create a Kuberentes cluster v1.26+ with
	# `ValidatingAdmissionPolicy` enabled through feature gates
	# or use the command that follows to create a cluster with
	# Minikube
	minikube start --kubernetes-version v1.26.0 \
	--feature-gates ValidatingAdmissionPolicy=true \
	--extra-config apiserver.runtime-config=admissionregistration.k8s.io/v1alpha1

	git clone https://github.com/vfarcic/vac-demo

	cd vac-demo

	helm repo add crossplane-stable \
	https://charts.crossplane.io/stable

	helm repo update

	helm upgrade --install crossplane crossplane-stable/crossplane \
	--namespace crossplane-system --create-namespace --wait

	kubectl apply --filename crossplane/config-sql.yaml

	###############################################################
	# Hands-On Examples Of Kubernetes Validating Admission Policy #
	###############################################################

	cat vac/deployment.yaml

	kubectl apply --filename vac/deployment.yaml

	kubectl --namespace production apply \
	--kustomize kustomize/base

	kubectl --namespace production get pods

	cat kustomize/overlays/replicas/deployment.yaml

	kubectl --namespace production apply \
	--kustomize kustomize/overlays/replicas

	cat kustomize/overlays/db-very-big/postgresql.yaml

	# We did not install the AWS provider so no actual DB will be
	# created (you won't spend money).

	cat vac/crossplane.yaml

	kubectl apply --filename vac/crossplane.yaml

	kubectl --namespace default apply \
	--kustomize kustomize/overlays/db-very-big

	cat kustomize/overlays/db-small/postgresql.yaml

	kubectl --namespace default apply \
	--kustomize kustomize/overlays/db-small

	kubectl --namespace default delete \
	--kustomize kustomize/overlays/db-small

	kubectl --namespace production apply \
	--kustomize kustomize/overlays/db-small

	cat kustomize/overlays/db/postgresql.yaml

	kubectl --namespace production apply \
	--kustomize kustomize/overlays/db

	###########
	# Destroy #
	###########

	# Destroy the cluster or use the command that follows if you
	# used Minikube
	minikube delete