Encryption should used wherever possible (and plausible).
The demo shows us how we can use SOPS to tick most of the boxes.
- checkout this gist
- run
./setup.sh - follow the instructions
Steve Boardwell sboardwell
sboardwell
/ Makefile
Last active
July 18, 2024 09:23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .DEFAULT_GOAL := help | |
| SHELL := /bin/bash | |
| MAKEFLAGS += --no-print-directory | |
| MKFILE_DIR := $(abspath $(dir $(lastword $(MAKEFILE_LIST)))) | |
| DOCKER_IMAGE := ghcr.io/tsmp-falcon-platform/ci-bundle-utils:v0.3.3 | |
| DOCKER_NAME := bundleutils | |
| .ONESHELL: | |
| .PHONY: start | |
| start: ## Start the bundleutils container |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .DEFAULT_GOAL := help | |
| SHELL := /bin/bash | |
| MAKEFLAGS += --no-print-directory | |
| MKFILE_DIR := $(abspath $(dir $(lastword $(MAKEFILE_LIST)))) | |
| DOCKER_IMAGE := ghcr.io/tsmp-falcon-platform/ci-bundle-utils:v0.3.3 | |
| DOCKER_NAME := bundleutils | |
| .PHONY: start | |
| start: ## Start the bundleutils container | |
| @docker run \ |
sboardwell
/ #EncryptionByDesign.md
Last active
March 31, 2024 13:49
Encryption by design - tech talk @ techpunk
sboardwell
/ keybase.md
Created
March 6, 2020 09:40
I hereby claim:
- I am sboardwell on github.
- I am lostinberlin (https://keybase.io/lostinberlin) on keybase.
- I have a public key whose fingerprint is 2FC7 0D27 5F78 8558 B25F F375 741E A426 5ADA 66F9
To claim this, I am signing this object:
sboardwell
/ jenkins-operator.log
Created
September 11, 2019 15:56
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| {"component":"jenkins-operator","file":"prow/cmd/jenkins-operator/main.go:279","func":"main.gather","level":"debug","metrics-duration":"718.562µs","msg":"Metrics synced","time":"2019-09-11T15:20:07Z"} | |
| {"client":"jenkins","component":"jenkins-operator","file":"prow/jenkins/jenkins.go:675","func":"k8s.io/test-infra/prow/jenkins.(*Client).GetEnqueuedBuilds","level":"debug","msg":"GetEnqueuedBuilds","time":"2019-09-11T15:20:07Z"} | |
| {"client":"jenkins","component":"jenkins-operator","file":"prow/jenkins/jenkins.go:715","func":"k8s.io/test-infra/prow/jenkins.(*Client).GetBuilds","level":"debug","msg":"GetBuilds(myproj/view/change-requests/job/PR-1798)","time":"2019-09-11T15:20:07Z"} | |
| {"client":"jenkins","component":"jenkins-operator","file":"prow/jenkins/jenkins.go:715","func":"k8s.io/test-infra/prow/jenkins.(*Client).GetBuilds","level":"debug","msg":"GetBuilds(myproj/view/change-requests/job/PR-1801)","time":"2019-09-11T15:20:07Z"} | |
| {"client":"jenkins","component":"jenkins-operator","file":"prow/jenkins/jenkins.go:715 |
sboardwell
/ jenkins-operator.log
Created
September 10, 2019 22:31
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| {"component":"jenkins-operator","duration":"467.19302ms","file":"prow/cmd/jenkins-operator/main.go:227","func":"main.main","level":"info","msg":"Synced","time":"2019-09-10T16:00:07Z"} | |
| {"component":"jenkins-operator","duration":"480.632256ms","file":"prow/cmd/jenkins-operator/main.go:227","func":"main.main","level":"info","msg":"Synced","time":"2019-09-10T16:00:37Z"} | |
| {"component":"jenkins-operator","duration":"541.922802ms","file":"prow/cmd/jenkins-operator/main.go:227","func":"main.main","level":"info","msg":"Synced","time":"2019-09-10T16:01:07Z"} | |
| {"component":"jenkins-operator","duration":"443.892985ms","file":"prow/cmd/jenkins-operator/main.go:227","func":"main.main","level":"info","msg":"Synced","time":"2019-09-10T16:01:37Z"} | |
| {"component":"jenkins-operator","duration":"483.265286ms","file":"prow/cmd/jenkins-operator/main.go:227","func":"main.main","level":"info","msg":"Synced","time":"2019-09-10T16:02:07Z"} | |
| {"component":"jenkins-operator","duration":"371.763669ms","file":"prow/cmd/jenkins-operator/main.go: |
sboardwell
/ add_custom_repos_function.sh
Created
August 23, 2019 14:18
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| add_custom_nexus_repos() { | |
| local dir=$1 | |
| local volumeNames subPaths repoFiles patchItemString= patchFile separator='' | |
| echo "Getting nexus deployment volume names..." | |
| volumeNames=$(kubectl get deployment jenkins-x-nexus -o 'jsonpath={ .spec.template.spec.volumes[*].name}') | |
| echo "Getting nexus deployment volumeMount subPaths..." | |
| subPaths=$(kubectl get deployment jenkins-x-nexus -o 'jsonpath={ .spec.template.spec.containers[0].volumeMounts[*].subPath}') | |
| repoFiles=$(cat "${dir}/nexus-repos/nexus-custom-repo-files.yaml" | docker run -i --rm evns/yq -j -r '.data' | docker run -i --rm imega/jq -r 'keys[]' | xargs) |
sboardwell
/ demo-script.groovy
Last active
August 23, 2019 13:34
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def updateGroup(def name, def members) { | |
| if (!repository.getRepositoryManager().exists(name)) { | |
| repository.createMavenGroup(name, members) | |
| } | |
| def mgConfig = repository.getRepositoryManager().get(name).configuration.copy() | |
| mgConfig.attributes['group']['memberNames'] = members | |
| repository.repositoryManager.update(mgConfig) | |
| } | |
| updateGroup('maven-group',['maven-public', 'maven-central', 'maven-releases', 'spring-milestone', 'spring-release', 'jitpack', 'jenkins-release', 'maven-jenkinsci', 'jenkins-public', 'plugins-gradle', 'my-protected-repo']) | |
| updateGroup('maven-group-snapshots',['maven-snapshots', 'apache-org-snapshots', 'spring-io-libs-snapshot', 'oss-sonatype-snapshots']) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| kind: ConfigMap | |
| apiVersion: v1 | |
| metadata: | |
| name: nexus-custom-repo-files | |
| namespace: jx | |
| labels: | |
| app: nexus-custom-repo-files | |
| data: | |
| redshift-maven-repository.json: | | |
| { |
sboardwell
/ seed-job.groovy
Created
August 7, 2019 21:51
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pipeline { | |
| options { ... } | |
| parameters { ... } | |
| agent { ... } | |
| stages { | |
| stage('Test') { | |
| when { |
NewerOlder