NOTE: An IAM Role can also be used but this is the simpliest method to document
Create the policy document
# cat << EOF >> policy.json
{
| #!/bin/bash | |
| # This script is a kubectl/oc plugin that will start namespace deletion, | |
| # watch the namespace conditions for resources blocking on finalizers, | |
| # and remove those finalizers from the blocking resources | |
| # TODO: Does not yet work against core resource types. The regex doesn't get them. | |
| NAMESPACE=$1 | |
| if ! oc get ns ${NAMESPACE} &>/dev/null; then |
| #!/bin/bash | |
| #set -eux | |
| TOKEN="" | |
| ID="" | |
| STATE_FILE="/root/heb-to-go/.state" | |
| #curl https://api.telegram.org/bot$TOKEN/getUpdates | jq .message.chat.id | |
| notify() { |
| #!/bin/sh | |
| set -eu | |
| cd $GOPATH/src/k8s.io/kubernetes | |
| for release in "1.15" "1.16" "1.17"; do | |
| echo "=== v${release} ===" | |
| git log --oneline --no-merges v${release}.0..upstream/release-${release} -- pkg/kubelet cmd/kubelet | |
| done |
| #!/bin/bash | |
| set -eux | |
| export AWS_PROFILE=openshift-dev | |
| export AWS_DEFAULT_REGION=us-west-1 | |
| CLUSTER_NAME=aws | |
| mkdir -p $HOME/clusters | |
| cd $HOME/clusters |
| #!/bin/bash | |
| set -xe | |
| export S3_BUCKET=sjenning-oidc-provider | |
| export AWS_REGION=us-west-1 | |
| # Extract the serviceaccount keypair from cluster | |
| PRIV_KEY="sa-signer.key" | |
| PKCS_KEY="sa-signer-pkcs8.pub" |
oc from 4.4 as 4.3 apparently has a bug in the oc adm catalog command(s)oc patch OperatorHub cluster --type json \
-p '[{"op": "add", "path": "/spec/disableAllDefaultSources", "value": true}]'
| FROM registry.redhat.io/openshift4/ose-operator-registry:v4.2.1 | |
| COPY manifests manifests | |
| RUN /bin/initializer -o ./bundles.db | |
| EXPOSE 50051 | |
| ENTRYPOINT ["/bin/registry-server"] | |
| CMD ["--database", "bundles.db"] |