This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Use the official lightweight Python image. | |
| # https://hub.docker.com/_/python | |
| FROM python:3.7-slim | |
| # Allow statements and log messages to immediately appear in the Knative logs | |
| ENV PYTHONUNBUFFERED True | |
| # Copy local code to the container image. | |
| WORKDIR /app | |
| COPY . ./ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| curl -sL https://api.github.com/repos/score-spec/score-humanitec/releases/latest | jq -r .tag_name | |
| INGRESS= | |
| NAMESPACE= | |
| kubectl -n ${NAMESPACE} annotate ingress ${INGRESS} nginx.ingress.kubernetes.io/limit-rps=5 | |
| cat <<EOF > nginx.conf | |
| events {} | |
| http { | |
| server { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| clusterName=crfa-external | |
| gcloud container clusters create $clusterName \ | |
| --zone=$zone \ | |
| --addons=HttpLoadBalancing,CloudRun \ | |
| --machine-type=n1-standard-2 \ | |
| --num-nodes=3 \ | |
| --enable-stackdriver-kubernetes | |
| gcloud container clusters get-credentials $clusterName \ | |
| --zone $zone | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: istio-ingressgateway | |
| namespace: istio-ingress | |
| spec: | |
| type: LoadBalancer | |
| selector: | |
| istio: ingressgateway | |
| ports: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| # latest tag | |
| deny[msg] { | |
| input[i].Cmd == "from" | |
| val := split(input[i].Value[0], ":") | |
| count(val) == 1 | |
| msg = sprintf("Line %d: Do not use latest tag with image: %s", [i, val]) | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM gcr.io/google.com/cloudsdktool/cloud-sdk:365.0.1-alpine | |
| RUN gcloud components install kubectl | |
| RUN GKEKITCTL_VERSION=v0.1.1-alpha && \ | |
| GKEKITCTL_OS=amd64 && \ | |
| curl -sLSf -o /bin/gkekitctl https://github.com/GoogleCloudPlatform/gke-poc-toolkit/releases/download/${GKEKITCTL_VERSION}/gkekitctl-${GKEKITCTL_OS} && \ | |
| chmod +x /bin/gkekitctl | |
| ENTRYPOINT ["gkekitctl"] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| NAMESPACE=acm-workshop | |
| mkdir -p ${WORK_DIR}$TENANT_PROJECT_DIR_NAME/$NAMESPACE | |
| cat <<EOF > ${WORK_DIR}$TENANT_PROJECT_DIR_NAME/$NAMESPACE/artifactregistry-charts-reader-workload-identity-user.yaml | |
| apiVersion: iam.cnrm.cloud.google.com/v1beta1 | |
| kind: IAMPartialPolicy | |
| metadata: | |
| name: ${HELM_CHARTS_READER_GSA}-${NAMESPACE} | |
| namespace: ${TENANT_PROJECT_ID} | |
| annotations: | |
| config.kubernetes.io/depends-on: iam.cnrm.cloud.google.com/namespaces/${TENANT_PROJECT_ID}/IAMServiceAccount/${HELM_CHARTS_READER_GSA} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ORAS_VERSION=0.15.0 | |
| curl -LO https://github.com/oras-project/oras/releases/download/v$ORAS_VERSION/oras_$ORAS_VERSION_linux_amd64.tar.gz | |
| mkdir -p oras-install/ | |
| tar -zxf oras_$ORAS_VERSION_*.tar.gz -C oras-install/ | |
| sudo mv oras-install/oras /usr/local/bin/ | |
| rm -rf oras_$ORAS_VERSION_*.tar.gz oras-install/ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # setup | |
| if [ ! -f demo-magic.sh ]; then | |
| curl -LO https://github.com/paxtonhare/demo-magic/raw/master/demo-magic.sh | |
| fi | |
| . demo-magic.sh | |
| clear | |
| # demo cleanup |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1 | |
| kind: Project | |
| metadata: | |
| name: gkehubfeaturemembership-asm | |
| spec: | |
| name: Config Connector Sample | |
| organizationRef: | |
| # Replace "${ORG_ID?}" with the numeric ID for your organization | |
| external: "${ORG_ID?}" | |
| billingAccountRef: |