Robert Van Voorhees voor

## 00-values.yaml
#@data/values
---

aws:
  vpc:
    name: staging


clusters:
- name: hey

## array_stuff.yaml
#@ load("@ytt:struct", "struct")

#@ array= [0, 1, 2, 3]
#@ arraymap = [4, 5, 6, 7]

#@ merge = array + arraymap

stuff:
#@ for k in merge:
- #@ k

## loop.yaml
#@ load("@ytt:overlay", "overlay")
#@ load("@ytt:data", "data")

#@ def clusters():
- name: harbor
#@ end

#@ for cluster in clusters():
#@ "{}-postcreate".format(cluster.name)
#@ end

## config.yaml
kind: KubeadmControlPlane
spec:
  kubeadmConfigSpec:
    files:
      - path: /etc/kubernetes/encryption-provider.yaml
        content: |
          apiVersion: apiserver.config.k8s.io/v1
          kind: EncryptionConfiguration
          resources:
            - resources:

## after.yaml
#@ load("@ytt:data", "data")

---
apiVersion: v1
kind: Secret
metadata:
  name: grafana-config
  namespace: monitoring
type: Opaque
stringData:

## cli.sh
kubectl run -i --rm --tty photonos-on-host --overrides='
{
  "spec": {
    "containers": [
      {
        "name": "photonos-on-host",
        "image": "photon:3.0",
        "args": ["bash"],
        "stdin": true,
        "stdinOnce": true,

## gist:e9a80e7bb0eaac35e5d4d661b0cdc762
oscap xccdf generate fix --profile xccdf_org.ssgproject.content_profile_ospp --template urn:xccdf:fix:script:ansible xccdf-file.xml

## aws.ini
[Global]

[ServiceOverride "ec2"]
URL = "https://ec2.${AWS_ENDPOINT_URL}"
SigningRegion = "${AWS_REGION}"
Region = "${AWS_REGION}"
SigningMethod = v4
Service = ec2

[ServiceOverride "elasticloadbalancing"]

## main.go
package main

import (
	"fmt"

	"github.com/aws/aws-sdk-go/aws/endpoints"
	"gopkg.in/gcfg.v1"
)

type CloudConfig struct {

## build_serviceaccount_kubeconfig.sh
#!/bin/bash
set -e
set -o pipefail

# Add user to k8s using service account or build kubeconfig for existing service account, no RBAC (must create RBAC after this script)
if [[ -z "$1" ]] || [[ -z "$2" ]] || [[ -z "$3" ]]; then
 echo "usage: $0 <service_account_name> <namespace> <target_folder>"
 exit 1
fi
	#@ load("@ytt:struct", "struct")

	#@ array= [0, 1, 2, 3]
	#@ arraymap = [4, 5, 6, 7]

	#@ merge = array + arraymap

	stuff:
	#@ for k in merge:
	- #@ k
	#@ load("@ytt:overlay", "overlay")
	#@ load("@ytt:data", "data")

	#@ def clusters():
	- name: harbor
	#@ end

	#@ for cluster in clusters():
	#@ "{}-postcreate".format(cluster.name)
	#@ end
	kind: KubeadmControlPlane
	spec:
	kubeadmConfigSpec:
	files:
	- path: /etc/kubernetes/encryption-provider.yaml
	content: \|
	apiVersion: apiserver.config.k8s.io/v1
	kind: EncryptionConfiguration
	resources:
	- resources:
	#@ load("@ytt:data", "data")

	---
	apiVersion: v1
	kind: Secret
	metadata:
	name: grafana-config
	namespace: monitoring
	type: Opaque
	stringData:
	kubectl run -i --rm --tty photonos-on-host --overrides='
	{
	"spec": {
	"containers": [
	{
	"name": "photonos-on-host",
	"image": "photon:3.0",
	"args": ["bash"],
	"stdin": true,
	"stdinOnce": true,
	[Global]

	[ServiceOverride "ec2"]
	URL = "https://ec2.${AWS_ENDPOINT_URL}"
	SigningRegion = "${AWS_REGION}"
	Region = "${AWS_REGION}"
	SigningMethod = v4
	Service = ec2

	[ServiceOverride "elasticloadbalancing"]
	package main

	import (
	"fmt"

	"github.com/aws/aws-sdk-go/aws/endpoints"
	"gopkg.in/gcfg.v1"
	)

	type CloudConfig struct {
	#!/bin/bash
	set -e
	set -o pipefail

	# Add user to k8s using service account or build kubeconfig for existing service account, no RBAC (must create RBAC after this script)
	if [[ -z "$1" ]] \|\| [[ -z "$2" ]] \|\| [[ -z "$3" ]]; then
	echo "usage: $0 <service_account_name> <namespace> <target_folder>"
	exit 1
	fi