Tommer Amber tommeramber
tommeramber
/ CronJob-delete-kyveno-events.yaml
Last active
September 20, 2024 23:09
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: batch/v1 | |
| kind: CronJob | |
| metadata: | |
| name: kyverno-events-cleanup | |
| namespace: openshift-ops # Infra-only-namespace | |
| spec: | |
| schedule: "*/10 * * * *" | |
| concurrencyPolicy: Forbid #do not allow the creation of new job before the previous one had finished | |
| jobTemplate: | |
| spec: |
tommeramber
/ Containerfile
Last active
July 3, 2023 11:17
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM registry.access.redhat.com/ubi8/ubi:latest | |
| RUN rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm &&\ | |
| yum install -y podman skopeo curl jq wget &&\ | |
| yum clean all &&\ | |
| rm -rf /var/cache/yum &&\ | |
| wget https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/openshift-client-linux.tar.gz &&\ | |
| tar xzvf openshift-client-linux.tar.gz -C /usr/local/bin/ &&\ | |
| wget https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/oc-mirror.tar.gz &&\ | |
| tar xzvf oc-mirror.tar.gz -C /usr/bin/ | |
| RUN mkdir -p /root/.docker/ &&\ |
tommeramber
/ kyverno-disallow-latest-tag.yaml
Created
May 1, 2023 12:09
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: kyverno.io/v1 | |
| kind: ClusterPolicy | |
| metadata: | |
| name: disallow-latest-tag | |
| spec: | |
| validationFailureAction: audit | |
| background: true | |
| rules: | |
| - name: require-image-tag | |
| match: |
tommeramber
/ acm-application-with-edited-helm-chart.yaml
Created
December 22, 2022 14:38
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| apiVersion: v1 | |
| kind: Namespace | |
| metadata: | |
| name: kyverno | |
| spec: {} | |
| --- | |
| apiVersion: app.k8s.io/v1beta1 | |
| kind: Application | |
| metadata: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| oc apply -f ./config/istio/destinationrules-all.yaml | |
| oc apply -f ./config/istio/virtual-services-default.yaml | |
| oc apply -f ./config/istio/virtual-service-userprofile-50-50.yaml |
tommeramber
/ fault-injection-http-bad-status-userprofile-v3.yaml
Created
May 28, 2022 14:04
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: networking.istio.io/v1alpha3 | |
| kind: VirtualService | |
| metadata: | |
| name: userprofile | |
| spec: | |
| hosts: | |
| - userprofile | |
| http: | |
| - fault: | |
| abort: |
tommeramber
/ gist:bc55d7f63858d371262acbbf18974a97
Created
January 5, 2022 11:22
Rego Playbook Demo
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package play | |
| violation[msg] { | |
| input.kind == "Service" | |
| input.spec.type == "NodePort" | |
| msg := "User is not allowed to create service of type NodePort" | |
| } | |
| ### Violation ### |
tommeramber
/ amp-postgresql-fixed.yml
Last active
February 9, 2021 12:31
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: template.openshift.io/v1 | |
| kind: Template | |
| message: Login on https://${TENANT_NAME}-admin.${WILDCARD_DOMAIN} as ${ADMIN_USERNAME}/${ADMIN_PASSWORD} | |
| metadata: | |
| annotations: | |
| description: 3scale API Management main system with PostgreSQL as System's database | |
| iconClass: icon-3scale | |
| openshift.io/display-name: 3scale API Management | |
| openshift.io/provider-display-name: Red Hat, Inc. | |
| tags: integration, api management, 3scale |
tommeramber
/ gist:bae5a739f773d59c779cc256856bfc52
Last active
January 21, 2021 12:49
SMCP CR - Includes Control Plane mTLS, Data Plane mTLS + Min & Max versions
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: maistra.io/v2 | |
| kind: ServiceMeshControlPlane | |
| metadata: | |
| namespace: <Desired Service Mesh Control Plane NS> | |
| name: basic | |
| spec: | |
| security: | |
| controlPlane: | |
| mtls: true | |
| tls: |
NewerOlder