mathieu-benoit

# Use the official lightweight Python image.
# https://hub.docker.com/_/python
FROM python:3.7-slim

# Allow statements and log messages to immediately appear in the Knative logs
ENV PYTHONUNBUFFERED True

# Copy local code to the container image.
WORKDIR /app
COPY . ./

mathieu-benoit

curl -sL https://api.github.com/repos/score-spec/score-humanitec/releases/latest | jq -r .tag_name

INGRESS=
NAMESPACE=
kubectl -n ${NAMESPACE} annotate ingress ${INGRESS} nginx.ingress.kubernetes.io/limit-rps=5

cat <<EOF > nginx.conf
events {}
http {
    server {

mathieu-benoit

clusterName=crfa-external
gcloud container clusters create $clusterName \
    --zone=$zone \
    --addons=HttpLoadBalancing,CloudRun \
    --machine-type=n1-standard-2  \
    --num-nodes=3  \
    --enable-stackdriver-kubernetes
gcloud container clusters get-credentials $clusterName \
    --zone $zone
    

mathieu-benoit

apiVersion: v1
kind: Service
metadata:
  name: istio-ingressgateway
  namespace: istio-ingress
spec:
  type: LoadBalancer
  selector:
    istio: ingressgateway
  ports:

mathieu-benoit

package main

# latest tag
deny[msg] {
    input[i].Cmd == "from"
    val := split(input[i].Value[0], ":")
    count(val) == 1
    msg = sprintf("Line %d: Do not use latest tag with image: %s", [i, val])
}

mathieu-benoit

FROM gcr.io/google.com/cloudsdktool/cloud-sdk:365.0.1-alpine
RUN gcloud components install kubectl
RUN GKEKITCTL_VERSION=v0.1.1-alpha && \
    GKEKITCTL_OS=amd64 && \
    curl -sLSf -o /bin/gkekitctl https://github.com/GoogleCloudPlatform/gke-poc-toolkit/releases/download/${GKEKITCTL_VERSION}/gkekitctl-${GKEKITCTL_OS} && \
    chmod +x /bin/gkekitctl
ENTRYPOINT ["gkekitctl"]

mathieu-benoit

NAMESPACE=acm-workshop
mkdir -p ${WORK_DIR}$TENANT_PROJECT_DIR_NAME/$NAMESPACE
cat <<EOF > ${WORK_DIR}$TENANT_PROJECT_DIR_NAME/$NAMESPACE/artifactregistry-charts-reader-workload-identity-user.yaml
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPartialPolicy
metadata:
  name: ${HELM_CHARTS_READER_GSA}-${NAMESPACE}
  namespace: ${TENANT_PROJECT_ID}
  annotations:
    config.kubernetes.io/depends-on: iam.cnrm.cloud.google.com/namespaces/${TENANT_PROJECT_ID}/IAMServiceAccount/${HELM_CHARTS_READER_GSA}

mathieu-benoit

ORAS_VERSION=0.15.0
curl -LO https://github.com/oras-project/oras/releases/download/v$ORAS_VERSION/oras_$ORAS_VERSION_linux_amd64.tar.gz
mkdir -p oras-install/
tar -zxf oras_$ORAS_VERSION_*.tar.gz -C oras-install/
sudo mv oras-install/oras /usr/local/bin/
rm -rf oras_$ORAS_VERSION_*.tar.gz oras-install/

mathieu-benoit

#!/bin/bash

# setup
if [ ! -f demo-magic.sh ]; then
    curl -LO https://github.com/paxtonhare/demo-magic/raw/master/demo-magic.sh
fi
. demo-magic.sh
clear

# demo cleanup

mathieu-benoit

apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
kind: Project
metadata:
  name: gkehubfeaturemembership-asm
spec:
  name: Config Connector Sample
  organizationRef:
    # Replace "${ORG_ID?}" with the numeric ID for your organization
    external: "${ORG_ID?}"
  billingAccountRef: