Batuhan Apaydın developer-guy
🐾
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ docker buildx ls | |
| NAME/NODE DRIVER/ENDPOINT STATUS PLATFORMS | |
| desktop-linux docker | |
| desktop-linux desktop-linux running linux/amd64, linux/arm64, linux/riscv64, linux/ppc64le, linux/s390x, linux/386, linux/arm/v7, linux/arm/v6 | |
| default * docker | |
| default default running linux/amd64, linux/arm64, linux/riscv64, linux/ppc64le, linux/s390x, linux/386, linux/arm/v7, linux/arm/v6 |
developer-guy
/ Dockerfile
Created
March 31, 2022 12:46
Cross-compilation support enabled Dockerfile for Go applications
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # syntax = docker/dockerfile:1.4.0 | |
| FROM --platform=${BUILDPLATFORM} golang:1.17.8-alpine AS base | |
| WORKDIR /src | |
| ENV CGO_ENABLED=0 | |
| COPY go.* . | |
| # https://go.dev/ref/mod#module-cache | |
| RUN --mount=type=cache,target=/go/pkg/mod go mod download | |
| COPY . . | |
| FROM --platform=$BUILDPLATFORM tonistiigi/xx AS xx |
developer-guy
/ Dockerfile
Last active
March 31, 2022 12:45
Dockerfile cross-compilation helper tonistiigi/xx
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM --platform=$BUILDPLATFORM tonistiigi/xx AS xx | |
| FROM base AS build | |
| COPY --from=xx / / | |
| ARG TARGETPLATFORM | |
| RUN --mount=type=cache,target=/root/.cache/go-build \ | |
| --mount=type=cache,target=/go/pkg/mod \ | |
| xx-go build -o /out/example . |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .. | |
| # will cache go packages while downloading packages | |
| RUN --mount=type=cache,target=/go/pkg/mod go mod download | |
| # will cache build ouputs and go packages while building the binary | |
| RUN --mount=type=cache,target=/root/.cache/go-build \ | |
| --mount=type=cache,target=/go/pkg/mod \ | |
| go build -o /out/example . | |
| .. |
developer-guy
/ docker-buildx-cache.sh
Created
March 30, 2022 19:51
Docker Buildx remote registry cache
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ docker buildx build -t devopps/hello-world-multi-arch:v1 \ | |
| --push=true \ | |
| --cache-from type=registry,ref=devopps/hello-world-multi-arch:cache \ | |
| --cache-to type=registry,ref=devopps/hello-world-multi-arch:cache,mode=max \ | |
| --platform linux/amd64,linux/arm64 . |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ COSIGN_EXPERIMENTAL=1 cosign verify-blob \ | |
| --cert checksums.txt.pem \ | |
| --signature checksums.txt.sig | |
| checksums.txt \ | |
| tlog entry verified with uuid: "e42743bbbc1d06058ff7705a00bdf5046d920ede73e1fec7f313d19f5f3513b8" index: 977012 | |
| Verified OK |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ COSIGN_EXPERIMENTAL=1 cosign verify ghcr.io/goreleaser/supply-chain-example:v1.2.0 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ kubectl run signed --image=gcr.io/$PROJECT_ID/alpine:3.15.0 | |
| pod/signed created |
developer-guy
/ create-gke-cluster.sh
Created
March 22, 2022 14:15
create gke cluster with workload identity enabled
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ export PROJECT_ID=$(gcloud config get-value project) | |
| $ export CLUSTER_NAME="gke-wif" | |
| $ gcloud container clusters create $CLUSTER_NAME \ | |
| --workload-pool=$PROJECT_ID.svc.id.goog --num-nodes=2 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ export GSA_NAME=kyverno-sa | |
| $ gcloud iam service-accounts create $GSA_NAME | |
| $ gcloud iam service-accounts add-iam-policy-binding \ | |
| --role roles/iam.workloadIdentityUser \ | |
| --member "serviceAccount:${PROJECT_ID}.svc.id.goog[kyverno/kyverno]" \ | |
| ${GSA_NAME}@${PROJECT_ID}.iam.gserviceaccount.com |