Zach Arnold zparnold

## k8srequiredprobes.yaml
apiVersion: templates.gatekeeper.sh/v1beta1
kind: ConstraintTemplate
metadata:
  name: k8sazurecontainerprobesrequired
spec:
  crd:
    spec:
      names:
        kind: K8sAzureContainerProbesRequired
      validation:

## line_counter.go
package main

import (
	"bytes"
	"fmt"
	"io"
	"log"
	"math/big"
	"os"
	"path/filepath"

## main.tf
variable "cluster-name" {
  default = "terraform-eks-demo"
  type = string
}

# This data source is included for ease of sample architecture deployment
# and can be swapped out as necessary.
data "aws_availability_zones" "available" {}

resource "aws_vpc" "demo" {

## hacksploit.sh
helm plugin install https://github.com/hypnoglow/helm-s3.git
helm repo add zparnold s3://zparnold-helm/charts
helm install zparnold/hacksploit

## ygrene-manager-virtual-service.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: manager-service
spec:
  hosts:
  - "ops.acceptance.ygreneworks.com"
  gateways:
  - manager-gateway
  http:

## ygrene-manager-dest-rule.yaml
apiVersion: "networking.istio.io/v1alpha3"
kind: "DestinationRule"
metadata:
  name: "manager-istio-client-mtls"
spec:
  host: ygrene-manager-service.acceptance.svc.cluster.local
  trafficPolicy:
    tls:
      mode: ISTIO_MUTUAL

## stripe-service-entry.yaml
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
  name: stripe-external
spec:
  hosts:
  - "api.stripe.com"
  ports:
  - number: 443
    name: https

## stripe-virtual-service.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: stripe-external
spec:
  hosts:
  - "api.stripe.com"
  tls:
  - match:
    - port: 443

## rds.yaml
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
  name: rds
spec:
  addresses:
  - "172.20.0.0/16"
  ports:
  - name: tcp
    number: 3306

## deploy.sh
#!/bin/bash
set -e

function getPods() {
    local val='';
    while [ true ]; do
        val=`kubectl get pods -n ${NAMESPACE} --selector="name=${1}" -o $2`
        if [[ $val != '' ]] || [[ $? -eq 0 ]]; then break; fi
    done
    echo "${val}"
	apiVersion: templates.gatekeeper.sh/v1beta1
	kind: ConstraintTemplate
	metadata:
	name: k8sazurecontainerprobesrequired
	spec:
	crd:
	spec:
	names:
	kind: K8sAzureContainerProbesRequired
	validation:
	package main

	import (
	"bytes"
	"fmt"
	"io"
	"log"
	"math/big"
	"os"
	"path/filepath"
	variable "cluster-name" {
	default = "terraform-eks-demo"
	type = string
	}

	# This data source is included for ease of sample architecture deployment
	# and can be swapped out as necessary.
	data "aws_availability_zones" "available" {}

	resource "aws_vpc" "demo" {
	helm plugin install https://github.com/hypnoglow/helm-s3.git
	helm repo add zparnold s3://zparnold-helm/charts
	helm install zparnold/hacksploit
	apiVersion: networking.istio.io/v1alpha3
	kind: VirtualService
	metadata:
	name: manager-service
	spec:
	hosts:
	- "ops.acceptance.ygreneworks.com"
	gateways:
	- manager-gateway
	http:
	apiVersion: "networking.istio.io/v1alpha3"
	kind: "DestinationRule"
	metadata:
	name: "manager-istio-client-mtls"
	spec:
	host: ygrene-manager-service.acceptance.svc.cluster.local
	trafficPolicy:
	tls:
	mode: ISTIO_MUTUAL
	apiVersion: networking.istio.io/v1alpha3
	kind: ServiceEntry
	metadata:
	name: stripe-external
	spec:
	hosts:
	- "api.stripe.com"
	ports:
	- number: 443
	name: https
	#!/bin/bash
	set -e

	function getPods() {
	local val='';
	while [ true ]; do
	val=`kubectl get pods -n ${NAMESPACE} --selector="name=${1}" -o $2`
	if [[ $val != '' ]] \|\| [[ $? -eq 0 ]]; then break; fi
	done
	echo "${val}"