garethahealy’s gists

garethahealy / cosign.sh

Last active September 13, 2023 14:17

cosign example

	#!/bin/sh
	#set -X
	#doitlive commentecho: true
	#doitlive commentecho: true
	#doitlive speed: 3
	#doitlive shell: /bin/zsh
	#
	# Lets start off with building the image. Going to use to docker buildx as that creates us a provenance file

	docker buildx build --attest=type=provenance,mode=max . -t quay.io/garethahealy/sigstore-demo --push

garethahealy / build.log

Created March 29, 2021 13:04

containers-quickstarts/build-s2i-play - ocp4 logs

	Cloning "https://github.com/redhat-cop/containers-quickstarts.git" ...
	Commit: 1f147919008e15a1d02cbcaedae8acc16917a713 (Update GH actions to use redhat-actions for build & publish (#463))
	Author: Petter Abrahamsson <[email protected]>
	Date: Mon Mar 29 06:16:02 2021 -0400
	Replaced Dockerfile FROM image rhel7-atomic
	Caching blobs under "/var/cache/blobs".

	Pulling image registry.access.redhat.com/rhel7/rhel-atomic@sha256:ccf4374142b6c0e1782b751f43f2d1012a5cc604056300dd9feda0d77844082d ...
	Getting image source signatures
	Copying blob sha256:c0d48602e1ab40abadbbf6085cbc2b73cacf6e6c59498133d89e735d0c6e8dc4

garethahealy / v3.3.0_deploy_gatekeeper.yaml

Created March 16, 2021 14:46

3.3.0 gatekeeper

	apiVersion: v1
	kind: Namespace
	metadata:
	labels:
	admission.gatekeeper.sh/ignore: no-self-managing
	control-plane: controller-manager
	gatekeeper.sh/system: "yes"
	name: gatekeeper-system
	---
	apiVersion: apiextensions.k8s.io/v1beta1

garethahealy / template.yaml

Created September 1, 2020 14:47

Gatekeeper template.yaml

	apiVersion: templates.gatekeeper.sh/v1beta1
	kind: ConstraintTemplate
	metadata:
	creationTimestamp: null
	name: commonk8slabelsnotset
	spec:
	crd:
	spec:
	names:
	kind: CommonK8sLabelsNotset

garethahealy / constraint.yaml

Created September 1, 2020 14:45

Gatekeeper constraint.yaml

	apiVersion: constraints.gatekeeper.sh/v1beta1
	kind: CommonK8sLabelsNotset
	metadata:
	name: commonk8slabelsnotset
	spec:
	match:
	kinds:
	- apiGroups:
	- apps.openshift.io
	- apps

garethahealy / pod.yml

Created August 6, 2020 17:58

tag-digest pod

	apiVersion: v1
	kind: Pod
	metadata:
	name: tag-digest
	spec:
	containers:
	- name: java
	image: registry.redhat.io/openjdk/openjdk-11-rhel8:1.1@sha256:5c1bb0a3e2b5ce9018e990dfef68fd040e8584975d05eee109ee4f3daf0366e1

garethahealy / get_rego_namespaces.bash

Created July 9, 2020 10:01

resolved packages in rego policy directory, filters based on a regex input

	# get_rego_namespaces
	# ====================
	#
	# Summary: Resolves the package names in your rego policies against a regex lookup
	#
	# Usage: get_rego_namespaces ${regex}
	#
	# Options:
	# <regex> Regex pattern matching package name
	# Globals:

garethahealy / bash.log

Created June 18, 2020 20:01

inspect

	$ docker pull quay.io/openshift/origin-jenkins-agent-base:4.4
	4.4: Pulling from openshift/origin-jenkins-agent-base
	Digest: sha256:1d59d3b1902a3581b6a9b1955fbd1d44490d9f470abbd60591948942a4ef7437
	Status: Image is up to date for quay.io/openshift/origin-jenkins-agent-base:4.4
	quay.io/openshift/origin-jenkins-agent-base:4.4

	$ docker inspect quay.io/openshift/origin-jenkins-agent-base:4.4
	[
	{
	"Id": "sha256:cd343f0d83042932fa992e095cd4a93a89a3520873f99b0e15fde69eb46e7e10",

garethahealy / gist:d43c694a2e5c1c31272bce0bd7a3a181

Created April 17, 2020 14:46

values.yaml

garethahealy / gist:3f41fddaa1446d65c61798129fbaa24d

Created April 17, 2020 14:45

output

	MacBook-Pro:ubiquitous-journey garethhealy$ helm template --dependency-update bootstrap --values bootstrap/values-bootstrap.yaml
	---
	# Source: cluster-bootstrap/charts/bootstrap-project/templates/namespace.yaml
	apiVersion: v1
	kind: Namespace
	metadata:
	name: "bob"
	---
	# Source: cluster-bootstrap/charts/bootstrap-project/templates/serviceaccount.yaml
	apiVersion: v1

Gareth Healy garethahealy