radikaled
radikaled
/ gist:d18a55daa0413ffb927eef25485c779b
Created
August 26, 2021 02:26
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| for i in `oc get complianceremediation -n openshift-compliance -o custom-columns=NAME:.metadata.name -l compliance.openshift.io/scan-name=rhcos4-moderate-worker | tail -n +2` | |
| do | |
| oc patch complianceremediation ${i} -n openshift-compliance -p '{"spec":{"apply":true}}' --type=merge | |
| done |
radikaled
/ policy-acs-operator-clusters.yaml
Last active
September 24, 2021 04:44
policy-advanced-managed-cluster-security (dynamic centralEndpoint and clusterName)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This policy deploys the Red Hat Advanced Cluster Security Secure Cluster | |
| # Services to all OpenShift managed clusters. Note that it is set to | |
| # enforce by default and it requires RHACM 2.3 template support. | |
| # | |
| # Prior to applying this policy you must visit | |
| # https://github.com/open-cluster-management/advanced-cluster-security | |
| # and follow the instructions there to deploy prerequisite bundles | |
| # needed by the Secure Cluster Services for communicating with the | |
| # Central server. | |
| # |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM registry.redhat.io/openshift4/ose-cli AS builder | |
| WORKDIR /tmp | |
| RUN wget -O azcopy_v10.tar.gz "https://aka.ms/downloadazcopy-v10-linux" && tar -xf azcopy_v10.tar.gz --strip-components=1 | |
| FROM registry.redhat.io/openshift4/ose-cli | |
| COPY --from=builder --chown=root:root --chmod=755 /tmp/azcopy /usr/bin |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: PersistentVolume | |
| metadata: | |
| name: pv0001 | |
| spec: | |
| capacity: | |
| storage: 100Gi | |
| accessModes: | |
| - ReadWriteOnce | |
| nfs: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: PersistentVolumeClaim | |
| metadata: | |
| name: nfs-claim | |
| spec: | |
| accessModes: | |
| - ReadWriteOnce | |
| resources: | |
| requests: | |
| storage: 100Gi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: Pod | |
| metadata: | |
| name: example | |
| labels: | |
| app: httpd | |
| namespace: nfs | |
| spec: | |
| volumes: | |
| - name: nfs |
radikaled
/ Containerfile
Last active
January 17, 2024 15:12
Containerfile for Keycloak server in strict FIPS mode (OCP4)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM registry.redhat.io/rhbk/keycloak-rhel9:22-6 as builder | |
| # What these environment variables mean: | |
| # https://www.keycloak.org/server/all-config?f=build | |
| # Set to appropriate database provider | |
| ENV KC_DB=postgres | |
| ENV KC_CACHE_STACK=kubernetes | |
| ENV KC_FEATURES=fips,kerberos |
radikaled
/ keycloak.yaml
Created
January 17, 2024 15:40
Example Keycloak CR utilizing strict FIPS custom image
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: k8s.keycloak.org/v2alpha1 | |
| kind: Keycloak | |
| metadata: | |
| name: example-keycloak | |
| namespace: $(NAMESPACE) | |
| spec: | |
| additionalOptions: | |
| - name: spi-truststore-file-file | |
| value: /opt/keycloak/conf/server.keystore | |
| - name: spi-truststore-file-password |
radikaled
/ kc.java.security
Last active
January 17, 2024 16:23
Sample custom java.security for strict FIPS Keycloak
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # BountyCastle will not start without this | |
| securerandom.strongAlgorithms=PKCS11:SunPKCS11-NSS-FIPS | |
| # https://www.keycloak.org/server/fips#_other_restrictions | |
| fips.provider.8=SunJGSS |
radikaled
/ aap-ac-example.yaml
Created
February 13, 2024 19:40
AutomationController with custom rhsm.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: automationcontroller.ansible.com/v1beta1 | |
| kind: AutomationController | |
| metadata: | |
| name: example | |
| namespace: aap | |
| spec: | |
| postgres_keepalives_count: 5 | |
| postgres_keepalives_idle: 5 | |
| create_preload_data: true | |
| route_tls_termination_mechanism: Edge |
OlderNewer