diff --git a/argo/argo-cd/README.md b/argo/argo-cd/README.md
new file mode 100644
index 0000000..90e48d6
--- /dev/null
+++ b/argo/argo-cd/README.md
@@ -0,0 +1,3 @@
+# Introduction to Argo CD
+
+
diff --git a/deno/README.md b/deno/README.md
new file mode 100644
index 0000000..75fd3c2
--- /dev/null
+++ b/deno/README.md
@@ -0,0 +1,3 @@
+# Introduction to Deno with Docker
+
+
\ No newline at end of file
diff --git a/drone-ci/README.md b/drone-ci/README.md
new file mode 100644
index 0000000..d1b2961
--- /dev/null
+++ b/drone-ci/README.md
@@ -0,0 +1,3 @@
+# Introduction to Drone CI
+
+
\ No newline at end of file
diff --git a/github/actions/self-hosted-runner/README.md b/github/actions/self-hosted-runner/README.md
new file mode 100644
index 0000000..a96b9fa
--- /dev/null
+++ b/github/actions/self-hosted-runner/README.md
@@ -0,0 +1,3 @@
+# Introduction to GitHub Actions: Self hosted runners
+
+
diff --git a/golang/introduction/part-2.json/readme.md b/golang/introduction/part-2.json/readme.md
index d93645d..ec1a2da 100644
--- a/golang/introduction/part-2.json/readme.md
+++ b/golang/introduction/part-2.json/readme.md
@@ -1,5 +1,7 @@
# Introduction to Go: JSON
+
+
In programming languages, you will very often deal with data structures internally.
Sometimes, you need to pass data outside of your application or read data from another application, or even a file.
diff --git a/golang/introduction/part-3.http/readme.md b/golang/introduction/part-3.http/readme.md
index a8cb1f4..81741af 100644
--- a/golang/introduction/part-3.http/readme.md
+++ b/golang/introduction/part-3.http/readme.md
@@ -1,5 +1,7 @@
# Introduction to Go: HTTP
+
+
HTTP is a fundamental part of Microservices and Web distributed systems
Go has a built in HTTP web server package. The package can be found [here](https://golang.org/pkg/net/http/)
diff --git a/golang/introduction/part-4.commandline/readme.md b/golang/introduction/part-4.commandline/readme.md
index 5a29a50..4aab884 100644
--- a/golang/introduction/part-4.commandline/readme.md
+++ b/golang/introduction/part-4.commandline/readme.md
@@ -1,5 +1,7 @@
# Introduction to Go: Command Line
+
+
Command line apps are a fundamental part of software development
Go has a built in Commandline parser package. The package can be found [here](https://golang.org/pkg/flag/)
diff --git a/golang/introduction/part-5.database.redis/readme.md b/golang/introduction/part-5.database.redis/readme.md
index 125dddc..905034c 100644
--- a/golang/introduction/part-5.database.redis/readme.md
+++ b/golang/introduction/part-5.database.redis/readme.md
@@ -1,5 +1,7 @@
# Introduction to Go: Storing data in Redis Database
+
+
Up until now, we've learned the fundamentals of Go and built a small web microservice that handles our video data.
Our service has a `/` `GET` endpoint for returning all videos, as well as a simple `/update` endpoint for updating our list of videos.
diff --git a/golang/introduction/readme.md b/golang/introduction/readme.md
index 41bdf9a..630121f 100644
--- a/golang/introduction/readme.md
+++ b/golang/introduction/readme.md
@@ -1,5 +1,7 @@
# Introduction to Learning Go
+
+
Go can be downloaded from [golang.org](https://golang.org/doc/install)
Test your `go` installation:
diff --git a/hashicorp/vault-2022/readme.md b/hashicorp/vault-2022/readme.md
index 12bd9cf..dbd8da3 100644
--- a/hashicorp/vault-2022/readme.md
+++ b/hashicorp/vault-2022/readme.md
@@ -1,5 +1,7 @@
# Hashicorp Vault Guide
+
+
Requirements:
* Kubernetes 1.21
diff --git a/hashicorp/vault/readme.md b/hashicorp/vault/readme.md
index 5939154..35426bb 100644
--- a/hashicorp/vault/readme.md
+++ b/hashicorp/vault/readme.md
@@ -1,5 +1,7 @@
# Hashicorp Vault Guide - Deprecated
+
+
# Vault
For this tutorial, I use Kubernetes 1.17
diff --git a/hashicorp/vault/tls/ssl_generate_self_signed.txt b/hashicorp/vault/tls/ssl_generate_self_signed.txt
index ae8d476..b5705d3 100644
--- a/hashicorp/vault/tls/ssl_generate_self_signed.txt
+++ b/hashicorp/vault/tls/ssl_generate_self_signed.txt
@@ -4,8 +4,8 @@ cd ./hashicorp/vault/tls/
docker run -it --rm -v ${PWD}:/work -w /work debian:buster bash
apt-get update && apt-get install -y curl &&
-curl https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 -o /usr/local/bin/cfssl && \
-curl https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 -o /usr/local/bin/cfssljson && \
+curl -L https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 -o /usr/local/bin/cfssl && \
+curl -L https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 -o /usr/local/bin/cfssljson && \
chmod +x /usr/local/bin/cfssl && \
chmod +x /usr/local/bin/cfssljson
diff --git a/jenkins/amazon-eks/readme.md b/jenkins/amazon-eks/readme.md
index de4f1ed..137f657 100644
--- a/jenkins/amazon-eks/readme.md
+++ b/jenkins/amazon-eks/readme.md
@@ -1,5 +1,7 @@
# Jenkins on Amazon Kubernetes
+
+
## Create a cluster
Follow my Introduction to Amazon EKS for beginners guide, to create a cluster
diff --git a/jenkins/readme.md b/jenkins/readme.md
index 7bb70ea..6502bca 100644
--- a/jenkins/readme.md
+++ b/jenkins/readme.md
@@ -5,6 +5,8 @@ For running Jenkins on AMAZON, start [here](./amazon-eks/readme.md)
# Jenkins on Local (Docker Windows \ Minikube \ etc)
+
+
For running Jenkins on Local Docker for Windows or Minikube
Watch the [video](https://youtu.be/eRWIJGF3Y2g)
diff --git a/kubernetes/admissioncontrollers/introduction/README.md b/kubernetes/admissioncontrollers/introduction/README.md
index 5249a22..3a6a38e 100644
--- a/kubernetes/admissioncontrollers/introduction/README.md
+++ b/kubernetes/admissioncontrollers/introduction/README.md
@@ -2,6 +2,8 @@
[Admission Webhook](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#what-are-admission-webhooks)
+
+
## Installation (local)
diff --git a/kubernetes/autoscaling/readme.md b/kubernetes/autoscaling/readme.md
index b2d357b..a973942 100644
--- a/kubernetes/autoscaling/readme.md
+++ b/kubernetes/autoscaling/readme.md
@@ -6,10 +6,14 @@ Cluster autoscaler allows us to scale cluster nodes when they become full
I would recommend to learn about scaling your cluster nodes before scaling pods.
Video [here](https://youtu.be/jM36M39MA3I)
+
+
## Horizontal Pod Autoscaling
HPA allows us to scale pods when their resource utilisation goes over a threshold
+
+
## Requirements
### A Cluster
diff --git a/kubernetes/autoscaling/vertical-pod-autoscaling/readme.md b/kubernetes/autoscaling/vertical-pod-autoscaling/readme.md
index ed210cc..605398a 100644
--- a/kubernetes/autoscaling/vertical-pod-autoscaling/readme.md
+++ b/kubernetes/autoscaling/vertical-pod-autoscaling/readme.md
@@ -1,5 +1,7 @@
# Vertical Pod Autoscaling
+
+
## We need a Kubernetes cluster
Lets create a Kubernetes cluster to play with using [kind](https://kind.sigs.k8s.io/docs/user/quick-start/)
diff --git a/kubernetes/cert-manager/README.md b/kubernetes/cert-manager/README.md
index 951bd73..6ce4ae2 100644
--- a/kubernetes/cert-manager/README.md
+++ b/kubernetes/cert-manager/README.md
@@ -1,5 +1,7 @@
# Introduction to cert-manager for Kubernetes
+
+
## We need a Kubernetes cluster
Lets create a Kubernetes cluster to play with using [kind](https://kind.sigs.k8s.io/docs/user/quick-start/)
diff --git a/kubernetes/cloud/amazon/getting-started.md b/kubernetes/cloud/amazon/getting-started.md
index 05e4245..41904ed 100644
--- a/kubernetes/cloud/amazon/getting-started.md
+++ b/kubernetes/cloud/amazon/getting-started.md
@@ -1,5 +1,7 @@
# Getting Started with EKS
+
+
## Amazon CLI
```
diff --git a/kubernetes/cloud/azure/getting-started.md b/kubernetes/cloud/azure/getting-started.md
index 99e7bea..cdd924d 100644
--- a/kubernetes/cloud/azure/getting-started.md
+++ b/kubernetes/cloud/azure/getting-started.md
@@ -1,5 +1,7 @@
# Getting Started with AKS
+
+
## Azure CLI
```
diff --git a/kubernetes/cloud/digitalocean/getting-started.md b/kubernetes/cloud/digitalocean/getting-started.md
index cc8e9f3..ddabeb0 100644
--- a/kubernetes/cloud/digitalocean/getting-started.md
+++ b/kubernetes/cloud/digitalocean/getting-started.md
@@ -1,5 +1,7 @@
# Getting Started with DGO
+
+
## Trial Account
Coupon Link to get $100 credit for 60 days:
diff --git a/kubernetes/cloud/google/getting-started.md b/kubernetes/cloud/google/getting-started.md
index bc7e3f6..ea95160 100644
--- a/kubernetes/cloud/google/getting-started.md
+++ b/kubernetes/cloud/google/getting-started.md
@@ -1,5 +1,7 @@
# Getting Started with GKE
+
+
## Google Cloud CLI
https://hub.docker.com/r/google/cloud-sdk/
diff --git a/kubernetes/cloud/linode/getting-started.md b/kubernetes/cloud/linode/getting-started.md
index 915e88c..587f82b 100644
--- a/kubernetes/cloud/linode/getting-started.md
+++ b/kubernetes/cloud/linode/getting-started.md
@@ -1,5 +1,7 @@
# Getting Started with Linode
+
+
## Trial Account
Promo Link to get $20 credit to try out Linode:
diff --git a/kubernetes/configmaps/README.md b/kubernetes/configmaps/README.md
new file mode 100644
index 0000000..b343030
--- /dev/null
+++ b/kubernetes/configmaps/README.md
@@ -0,0 +1,3 @@
+# Introduction to Kubernetes: Configmaps
+
+
\ No newline at end of file
diff --git a/kubernetes/daemonsets/README.md b/kubernetes/daemonsets/README.md
index 5791faf..b8b6e5b 100644
--- a/kubernetes/daemonsets/README.md
+++ b/kubernetes/daemonsets/README.md
@@ -1,5 +1,7 @@
# Kubernetes Daemonsets
+
+
## We need a Kubernetes cluster
Lets create a Kubernetes cluster to play with using [kind](https://kind.sigs.k8s.io/docs/user/quick-start/)
diff --git a/kubernetes/datree/README-2023.md b/kubernetes/datree/README-2023.md
new file mode 100644
index 0000000..894177a
--- /dev/null
+++ b/kubernetes/datree/README-2023.md
@@ -0,0 +1,263 @@
+
+# Whats new 👉🏽 Datree in 2023
+
+
+
+## Create a Kubernetes cluster
+
+Let's start by creating a local `kind` [cluster](https://kind.sigs.k8s.io/)
+
+Note that we create a Kubernetes 1.23 cluster.
+So we want to use `datree` to validate and ensure our manifests comply with that version of Kubernetes.
+
+```
+kind create cluster --name datree --image kindest/node:v1.23.6
+```
+
+## Installation
+
+Best place to start is the [documentation](https://hub.datree.io/)
+
+I like to start all my work inside a docker container.
+Let's run a small Alpine linux container
+
+```
+docker run -it -v ${PWD}:/work -v ${HOME}/.kube/:/root/.kube/ -w /work --net host alpine sh
+```
+### Install Kubectl
+
+Let's install `kubectl` in our container
+
+```
+apk add curl jq
+curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.23.6/bin/linux/amd64/kubectl
+chmod +x ./kubectl
+mv ./kubectl /usr/local/bin/kubectl
+```
+
+### Install Helm
+
+Let's install `helm` in our container
+
+```
+curl -L https://get.helm.sh/helm-v3.5.4-linux-amd64.tar.gz -o /tmp/helm.tar.gz && \
+tar -xzf /tmp/helm.tar.gz -C /tmp && \
+chmod +x /tmp/linux-amd64/helm && \
+mv /tmp/linux-amd64/helm /usr/local/bin/helm
+
+```
+
+## Install Datree on our cluster
+
+Add the Helm repo:
+```
+helm repo add datree-webhook https://datreeio.github.io/admission-webhook-datree
+helm search repo datree-webhook --versions
+```
+
+Grab the manifest:
+```
+CHART_VERSION="0.3.22"
+APP_VERSION="0.1.46"
+DATREE_TOKEN=""
+
+mkdir ./kubernetes/datree/manifests/
+
+helm template datree-webhook datree-webhook/datree-admission-webhook \
+--create-namespace \
+--set datree.token=${DATREE_TOKEN} \
+--set datree.clusterName=$(kubectl config current-context) \
+--version ${CHART_VERSION} \
+--namespace datree \
+> ./kubernetes/datree/manifests/datree.${APP_VERSION}.yaml
+
+```
+
+Apply the manifests:
+```
+kubectl create namespace datree
+kubectl apply -n datree -f kubernetes/datree/manifests/
+```
+Check the install
+
+```
+kubectl -n datree get pods
+```
+
+## View our Cluster Score
+
+Now with Datree installed in our cluster, we can review it's current scoring in the Datree [Dashboard](https://app.datree.io/overview)
+As we are running a test cluster or if you run in the cloud, there may be some cloud components in namespaces that you may want to ignore.
+
+We can do this by labeling a namespace which is [documented here](https://hub.datree.io/configuration/behavior#ignore-a-namespace)
+
+OR
+
+We can do this by using the [configuration file](https://hub.datree.io/configuration/behavior#ignore-a-namespace) for datree
+
+
+```
+# skip namespace using label
+kubectl label namespaces local-path-storage "admission.datree/validate=skip"
+# skip namespace using configmap
+
+kubectl -n datree apply -f kubernetes/datree/configuration/config.yaml
+kubectl rollout restart deployment -n datree
+```
+
+According to the dashboard, we still have a `D` score, let's rerun the scan:
+
+```
+kubectl get job "scan-job" -n datree -o json | jq 'del(.spec.selector)' | jq 'del(.spec.template.metadata.labels)' | kubectl replace --force -f -
+```
+
+Now we can see that we have an `A` score.
+
+## Deploy some workloads to our cluster
+
+For most companies and larger teams, it's extremely difficult to fix policy issues.
+Let's walk through what this may look like.
+
+Deploy some sample workloads:
+
+```
+kubectl create namespace cms
+kubectl -n cms create configmap mysql \
+--from-literal MYSQL_RANDOM_ROOT_PASSWORD=1
+
+kubectl -n cms create secret generic wordpress \
+--from-literal WORDPRESS_DB_HOST=mysql \
+--from-literal WORDPRESS_DB_USER=exampleuser \
+--from-literal WORDPRESS_DB_PASSWORD=examplepassword \
+--from-literal WORDPRESS_DB_NAME=exampledb
+
+kubectl -n cms create secret generic mysql \
+--from-literal MYSQL_USER=exampleuser \
+--from-literal MYSQL_PASSWORD=examplepassword \
+--from-literal MYSQL_DATABASE=exampledb
+
+kubectl -n cms apply -f kubernetes/datree/example/cms/
+```
+
+Check out workloads
+
+```
+kubectl -n cms get all
+```
+
+Rerun our scan:
+
+```
+kubectl get job "scan-job" -n datree -o json | jq 'del(.spec.selector)' | jq 'del(.spec.template.metadata.labels)' | kubectl replace --force -f -
+```
+
+Now we can follow the dashboard, to check our `namespace` for policy issues and start fixing them.
+
+
+Summary of our fixes:
+
+```
+spec:
+ containers:
+ - name: wordpress
+ image: wordpress:5.9-apache
+
+kind: Deployment
+spec:
+ template:
+ spec:
+ containers:
+ - name: wordpress
+ securityContext:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ resources:
+ limits:
+ memory: "500Mi"
+ requests:
+ memory: "500Mi"
+
+spec:
+ containers:
+ - name: wordpress
+ livenessProbe:
+ httpGet:
+ path: /
+ port: 80
+ readinessProbe:
+ httpGet:
+ path: /
+ port: 80
+
+kind: Deployment
+spec:
+ template:
+ spec:
+ containers:
+ - name: wordpress
+ volumeMounts:
+ - mountPath: /tmp
+ name: temp
+ - mountPath: /var/run/apache2/
+ name: apache
+ volumes:
+ - emptyDir: {}
+ name: temp
+ - emptyDir: {}
+ name: apache
+
+kubectl -n cms apply -f kubernetes/datree/example/cms/
+```
+## Datree CLI : Testing our YAML locally
+
+We can install the latest version of Datree with the command advertised:
+
+```
+apk add unzip
+curl https://get.datree.io | /bin/sh
+```
+
+### Policy check
+
+Let's test my example manifests under our datree folder `kubernetes\datree\example`
+
+```
+datree test ./kubernetes/datree/example/cms/*.yaml
+```
+
+# CI/CD examples
+
+The tools as well as the dashboards help us solve these policy issues locally.
+Once we have sorted out our policy issues, we can add Datree to our CI/CD pipeline.
+
+Checkout the [CI/CD integrations](https://hub.datree.io/cicd-examples) page.
+
+# Enforcing Policies
+
+Configure Datree to enforce policies.
+We can use `helm upgrade` with the `--set` flag and set enforce to true like:
+
+```
+--set datree.enforce=true
+```
+
+Let's apply it to a new manifest and deploy it to our cluster:
+
+```
+helm template datree-webhook datree-webhook/datree-admission-webhook \
+--create-namespace \
+--set datree.enforce=true \
+--set datree.token=${DATREE_TOKEN} \
+--set datree.clusterName=$(kubectl config current-context) \
+--version ${CHART_VERSION} \
+--namespace datree \
+> ./kubernetes/datree/manifests/datree.${APP_VERSION}-enforce.yaml
+
+kubectl apply -n datree -f kubernetes/datree/manifests/datree.0.1.46-enforce.yaml
+```
+
+Try to apply our Wordpress MySQL which violates policies :
+
+```
+kubectl -n cms apply -f kubernetes/datree/example/cms/statefulset.yaml
+```
\ No newline at end of file
diff --git a/kubernetes/datree/README.md b/kubernetes/datree/README.md
index d905875..10fd8ac 100644
--- a/kubernetes/datree/README.md
+++ b/kubernetes/datree/README.md
@@ -1,6 +1,8 @@
# Introduction to Datree
+
+
## Installation
Best place to start is the [documentation](https://hub.datree.io/)
diff --git a/kubernetes/datree/configuration/config.yaml b/kubernetes/datree/configuration/config.yaml
new file mode 100644
index 0000000..0cf2993
--- /dev/null
+++ b/kubernetes/datree/configuration/config.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: webhook-scanning-filters
+ namespace: datree
+data:
+ skiplist: |
+ - local-path-storage;(.*);(.*)
\ No newline at end of file
diff --git a/kubernetes/datree/example/cms/deploy.yaml b/kubernetes/datree/example/cms/deploy.yaml
new file mode 100644
index 0000000..74ffc3e
--- /dev/null
+++ b/kubernetes/datree/example/cms/deploy.yaml
@@ -0,0 +1,42 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: wordpress-deployment
+ labels:
+ app: wordpress
+spec:
+ replicas: 2
+ selector:
+ matchLabels:
+ app: wordpress
+ template:
+ metadata:
+ labels:
+ app: wordpress
+ spec:
+ containers:
+ - name: wordpress
+ image: wordpress
+ ports:
+ - containerPort: 80
+ env:
+ - name: WORDPRESS_DB_HOST
+ valueFrom:
+ secretKeyRef:
+ name: wordpress
+ key: WORDPRESS_DB_HOST
+ - name: WORDPRESS_DB_USER
+ valueFrom:
+ secretKeyRef:
+ name: wordpress
+ key: WORDPRESS_DB_USER
+ - name: WORDPRESS_DB_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: wordpress
+ key: WORDPRESS_DB_PASSWORD
+ - name: WORDPRESS_DB_NAME
+ valueFrom:
+ secretKeyRef:
+ name: wordpress
+ key: WORDPRESS_DB_NAME
\ No newline at end of file
diff --git a/kubernetes/datree/example/cms/ingress.yaml b/kubernetes/datree/example/cms/ingress.yaml
new file mode 100644
index 0000000..77ccdc0
--- /dev/null
+++ b/kubernetes/datree/example/cms/ingress.yaml
@@ -0,0 +1,18 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: wordpress
+ annotations:
+ nginx.ingress.kubernetes.io/rewrite-target: /
+spec:
+ ingressClassName: nginx
+ rules:
+ - http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: wordpress
+ port:
+ number: 80
diff --git a/kubernetes/datree/example/cms/service.yaml b/kubernetes/datree/example/cms/service.yaml
new file mode 100644
index 0000000..87112d9
--- /dev/null
+++ b/kubernetes/datree/example/cms/service.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: wordpress
+ labels:
+ app: wordpress
+spec:
+ ports:
+ - port: 80
+ name: wordpress
+ targetPort: 80
+ type: ClusterIP
+ selector:
+ app: wordpress
\ No newline at end of file
diff --git a/kubernetes/datree/example/cms/statefulset.yaml b/kubernetes/datree/example/cms/statefulset.yaml
new file mode 100644
index 0000000..c377d64
--- /dev/null
+++ b/kubernetes/datree/example/cms/statefulset.yaml
@@ -0,0 +1,69 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: mysql
+ labels:
+ app: mysql
+spec:
+ ports:
+ - port: 3306
+ name: db
+ type: ClusterIP
+ selector:
+ app: mysql
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: mysql
+spec:
+ selector:
+ matchLabels:
+ app: mysql # has to match .spec.template.metadata.labels
+ serviceName: "mysql"
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: mysql # has to match .spec.selector.matchLabels
+ spec:
+ terminationGracePeriodSeconds: 10
+ containers:
+ - name: mysql
+ image: aimvector/mysql-example
+ ports:
+ - containerPort: 3306
+ name: db
+ env:
+ - name: MYSQL_DATABASE
+ valueFrom:
+ secretKeyRef:
+ name: mysql
+ key: MYSQL_DATABASE
+ - name: MYSQL_USER
+ valueFrom:
+ secretKeyRef:
+ name: mysql
+ key: MYSQL_USER
+ - name: MYSQL_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: mysql
+ key: MYSQL_PASSWORD
+ - name: MYSQL_RANDOM_ROOT_PASSWORD
+ valueFrom:
+ configMapKeyRef:
+ name: mysql
+ key: MYSQL_RANDOM_ROOT_PASSWORD
+ volumeMounts:
+ - name: db
+ mountPath: /var/lib/mysql
+ volumeClaimTemplates:
+ - metadata:
+ name: db
+ spec:
+ accessModes: [ "ReadWriteOnce" ]
+ storageClassName: "standard"
+ resources:
+ requests:
+ storage: 500Mi
\ No newline at end of file
diff --git a/kubernetes/datree/github-actions/datree.yaml b/kubernetes/datree/github-actions/datree.yaml
index c1e1762..adf19f2 100644
--- a/kubernetes/datree/github-actions/datree.yaml
+++ b/kubernetes/datree/github-actions/datree.yaml
@@ -1,13 +1,9 @@
on:
workflow_dispatch:
push:
- branches: [ datree ]
- pull_request:
- branches: [ datree ]
-
+ branches: [ datree-scoring ]
env:
DATREE_TOKEN: ${{ secrets.DATREE_TOKEN }}
-
jobs:
k8sPolicyCheck:
runs-on: ubuntu-latest
diff --git a/kubernetes/datree/manifests/datree.0.1.46-enforce.yaml b/kubernetes/datree/manifests/datree.0.1.46-enforce.yaml
new file mode 100644
index 0000000..3acfd78
--- /dev/null
+++ b/kubernetes/datree/manifests/datree.0.1.46-enforce.yaml
@@ -0,0 +1,718 @@
+---
+# Source: datree-admission-webhook/templates/cluster-scan-cronjob.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: cluster-scan-job-service-account
+ namespace: datree
+---
+# Source: datree-admission-webhook/templates/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: datree-webhook-server
+ namespace: datree
+ labels:
+ app.kubernetes.io/name: datree-admission-webhook
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/instance: "datree-webhook"
+ app.kubernetes.io/version: 0.1.41
+ app.kubernetes.io/part-of: "datree"
+ meta.helm.sh/release-name: "datree-admission-webhook"
+ meta.helm.sh/release-namespace: "datree"
+ helm.sh/chart: datree-admission-webhook-0.3.22
+---
+# Source: datree-admission-webhook/templates/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: datree-label-namespaces-hook-post-install
+ labels:
+ app.kubernetes.io/name: datree-admission-webhook
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/instance: "datree-webhook"
+ app.kubernetes.io/version: 0.1.41
+ app.kubernetes.io/part-of: "datree"
+ meta.helm.sh/release-name: "datree-admission-webhook"
+ meta.helm.sh/release-namespace: "datree"
+ helm.sh/chart: datree-admission-webhook-0.3.22
+---
+# Source: datree-admission-webhook/templates/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: datree-cleanup-namespaces-hook-pre-delete
+ labels:
+ app.kubernetes.io/name: datree-admission-webhook
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/instance: "datree-webhook"
+ app.kubernetes.io/version: 0.1.41
+ app.kubernetes.io/part-of: "datree"
+ meta.helm.sh/release-name: "datree-admission-webhook"
+ meta.helm.sh/release-namespace: "datree"
+ helm.sh/chart: datree-admission-webhook-0.3.22
+---
+# Source: datree-admission-webhook/templates/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: datree-wait-server-ready-hook-post-install
+ labels:
+ app.kubernetes.io/name: datree-admission-webhook
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/instance: "datree-webhook"
+ app.kubernetes.io/version: 0.1.41
+ app.kubernetes.io/part-of: "datree"
+ meta.helm.sh/release-name: "datree-admission-webhook"
+ meta.helm.sh/release-namespace: "datree"
+ helm.sh/chart: datree-admission-webhook-0.3.22
+---
+# Source: datree-admission-webhook/templates/webhook-with-cert-secrets.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+ name: datree-ca-tls
+ labels:
+ app.kubernetes.io/name: datree-admission-webhook
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/instance: "datree-webhook"
+ app.kubernetes.io/version: 0.1.41
+ app.kubernetes.io/part-of: "datree"
+ meta.helm.sh/release-name: "datree-admission-webhook"
+ meta.helm.sh/release-namespace: "datree"
+ helm.sh/chart: datree-admission-webhook-0.3.22
+ namespace: datree
+type: kubernetes.io/tls
+data:
+ tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBM3gydlg4YzdlanZpb0dyZWJmeGNSaDA5WWk2bmFxU3YvQXlEQ0lnVW9LSnFIZ1NBCmNUbU1FVXY0R3F2YUFGdWk5QmVFY0lZUXNhektZSWRTUkUxdmw3bm94K2hLSmRmRVZ4Y1lVaHZaOExaQ0tDNzEKRTdsZGZmUmQyM0kveHhrRE1rZCtTN1FNV1IxaXd5U05nRDU3cktBbVNxQlNVWStkSVpwQWNyQ0EwVStaY2ZteAprNUtRQXRodk9GYzZXWndtVjNpSjhOdzk0Q3ppVkIyRTNIVDZDZDlYcG9IdWlhN3pPWFZKamlCT0RubVRlZ0Y1Cmg5ZStZekx6cThxbUFLb3RkU08xNUQvSVhqSUNIYXdGMUFYeHNDQXlFUm1iN2FvZmo5a3N0M3BiTVJZeG0zTVUKbnY2aUJ6MGxKOXExcTBoNUJleXVmdk5JWTVXY3l5cEd2SGQrd1FJREFRQUJBb0lCQUVpMzlDRFRYcDlJUldUagpiL3VJOU1vbFhZeFNpRjVKcnRJSGdlMlY3S011VEVmY1Q4Q1hjUDl5TXpyK0o5OVYvcFp2MDhxWTUzZ0JTVFNNCjVsTThxZEpaMVhUU1VOaGtxcWwzN1lWVmJvTDE1RG9Vayt3SnpsN3U5bWcvcEduUHpTcm1BbFBLS3Z3Z2g3L3kKZWV3Q2NXeWlCZGpzeCtldFZ4bE1uUlRFVWpmbGpkbzhJdHJ4ajBEem5zUmgxZDVJaC9NZjJ6ekRQTXN0UGMyZgpxUDBGNGFNVkFLN2p6Qnp6cjNMNC81d1lwUXR2RUowSDcrViswTjZYOTFJUE85YWtaVE5UMmJXNDR1MXN6UmhFCkJ3dDJINmJUQ1VoTjVMUmszYTRnNEozTVd0cEhZSThHRVRVeGdaeElBeFhMRiszak1zU3JGb3NyN05EUTZhUWQKL1BDVWJRRUNnWUVBOURmcGxNdkNMVnhQRUF6RDdhcDQvNGRxYloyTXU5SGVwcFpkbUViRTVoWE9zNXVRZzN1dQp1U203OVB4dXQ0QTlhK3Z2NWNIditXWVdQc005MnAyWXA5Z2k3OVJQeHJFclhTdlFHU3E0UGh4MVlKV0VnY2R3ClIra1NiYm9rdTNLeGZKYlJta21SR2dMQ2tyOE9WSjBMWENnamEvaEJUQmkvZ0svUDZQZHRlWDBDZ1lFQTZlRW8KZ0RnaDgvbUl6TUxkOXBVVHZIQVUxNFlsTk11ay9qOW8rajFNd3gxbjJMcnM0RFlVeWMxR0RTeFlaK2l5VTRQTgppZ1lwRlY0SmRiTDRaYThBc21TRVcxUXNUckFZN1Y2UzN6Nkc1NVNZQmtYTnRSQnhQSHREbU5oY2JIYlhEdUNBCkc5cEpBK3ZSY21sbFBVZlRRTkt3bElaSU90aGgrQy80djJTUlBaVUNnWUErdnRiT21nTkxzRG5ILzkrZkFudVAKKzNUR3NRSGxoNmhTMkxNM1dvZGdMaDRyV3o2bjZYRWN0YkpLNFVoNDhRUFc1SW1BV0hHVmZEc2U2UDdOV2t4TQpZMldtaEwveVpyYWplNHc5eXhJSE16eWRFZzAzWXN4Z1RXdWtzWHlhaEg5QmFXWjA0NDNhUnZkQ3lMK2YwYkdICmZmQ0wzdjYzMUd2dlhqeG11SnR4NlFLQmdDNDRxV0J0dDRnWUVNa20yZWNabjBUbWdiZjJjdlAwS3k5MEtMTUwKMmxmVlAraTlTSU1uTFFTVTVQdEZnRk5JMGJWZm53ZGdJRTV3dnozYm1PdS9va3VmUWVrcXdYYnJwb0dDNTFQbgpiNUhrOUFhSlZSWXJvYlZxUnZtMkNNNEd6b25LSklkY3BJRjU0WExURVljQzR1VTB2bUVjQ0xwWWVVUXJkdVdjClluZmhBb0dBSkttM0RIYmlTU3MyaXZQa1FJNVFDNGZtLzBLV0IyZmpkVkZwTitLSzFrdDBBVUxWbTQ0OWhwTFcKWmVWMndGM29qUkxhamRmZnFGNjJCekYrU2pyY25Ed1g2SXFsT0F6b0xvaFdMc3hRYUlNL0xQRk9OakxlQW1YTAp2UUt6UXdJRElIaCtnekFDUy9jdEFzVXpuS0tIRTRqWmxFVnRnUko0WWxVSDdwd0FaZTQ9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
+ tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVakNDQWpxZ0F3SUJBZ0lSQUs4TTRaaDl3TzJicFJieUY5VVR1UU13RFFZSktvWklodmNOQVFFTEJRQXcKTXpFeE1DOEdBMVVFQXhNb0wwTk9QVUZrYldsemMybHZiaUJEYjI1MGNtOXNiR1Z5SUZkbFltaHZiMnNnUkdWdApieUJEUVRBZUZ3MHlNekF4TVRnd09EVTFNRFphRncweU9EQXhNVGt3T0RVMU1EWmFNRE14TVRBdkJnTlZCQU1UCktDOURUajFCWkcxcGMzTnBiMjRnUTI5dWRISnZiR3hsY2lCWFpXSm9iMjlySUVSbGJXOGdRMEV3Z2dFaU1BMEcKQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUURmSGE5Znh6dDZPK0tnYXQ1dC9GeEdIVDFpTHFkcQpwSy84RElNSWlCU2dvbW9lQklCeE9Zd1JTL2dhcTlvQVc2TDBGNFJ3aGhDeHJNcGdoMUpFVFcrWHVlakg2RW9sCjE4UlhGeGhTRzlud3RrSW9MdlVUdVYxOTlGM2Jjai9IR1FNeVIzNUx0QXhaSFdMREpJMkFQbnVzb0NaS29GSlIKajUwaG1rQnlzSURSVDVseCtiR1RrcEFDMkc4NFZ6cFpuQ1pYZUludzNEM2dMT0pVSFlUY2RQb0ozMWVtZ2U2Sgpydk01ZFVtT0lFNE9lWk42QVhtSDE3NWpNdk9yeXFZQXFpMTFJN1hrUDhoZU1nSWRyQVhVQmZHd0lESVJHWnZ0CnFoK1AyU3kzZWxzeEZqR2JjeFNlL3FJSFBTVW4ycldyU0hrRjdLNSs4MGhqbFp6TEtrYThkMzdCQWdNQkFBR2oKWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDcERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSApBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVV0MvNUp3bTNQZ1BXYW9TanNpelE2aHJCCm82Y3dEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBS2lEdDZoVkZVN1RTekkvQWV4bXd0b3I3eUo4Qmg4L2Y1ZVIKTWJCSGN3dFRrTUpIazFuVUV2WG5GQS9xK1BDdzd3eXdUaHp0T0hwUkM1N3QvWkMwYkF5WUtRV1JJVEx5NWpDVwpUbDJRL1l5UkdKVlJjT0xQUWhWT1krcW1BdzluVklVTGRROWs0SEtPeUM0T1g2TmRCUktOazdjdlBzakpOc1M5CjRreUtCVUQyelArUGpGdDVEZUFFZXpRSmRwR2xiNXVyQnNHUldCZC8zODNYa01pOG5sSWhtbUFxVVlpcjFsc3cKRlNEWS9saDc5RDg0bTUzdFlVc0R2UjdwZ0pKbUtCOWRBUGJxOG1jQzdRUm5jd0tQSjdhUUJjTlpvNU1IZ3FFNAptelRlMnNybGhqbXcvSEFnMGdiM0RnME5hQzNzYlpTUytzeUhyVllyWVdQSHRWdDk2ZXc9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
+---
+# Source: datree-admission-webhook/templates/webhook-with-cert-secrets.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+ name: webhook-server-tls
+ labels:
+ app.kubernetes.io/name: datree-admission-webhook
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/instance: "datree-webhook"
+ app.kubernetes.io/version: 0.1.41
+ app.kubernetes.io/part-of: "datree"
+ meta.helm.sh/release-name: "datree-admission-webhook"
+ meta.helm.sh/release-namespace: "datree"
+ helm.sh/chart: datree-admission-webhook-0.3.22
+ namespace: datree
+ annotations:
+ self-signed-cert: "true"
+type: kubernetes.io/tls
+data:
+ tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBeDV5WmFMaWFaMFdrQXFWMFBSejRFR0plYldyYkJ2bFl0RGxwbDZxa241U3FXdUE0ClR1amdLVW8zNFYvcjQ4N3JWR3c5eHBaN3FoWkxCQzRBYndjZWJuRGI3UFdHZzc5TXNUTjl3M0tzUEY2YkthcUcKWkdUOUk3WVZGc2QycUJleGVnSEtFSVFQc3NXelNteVFHUWRGZXlsSDlPRkN5a1ZKUDJpdTM2T1dWc3NwbHpCSgp3RW56MjYzQ2JIQXIvWFZ3QUE0MXlBaXRIUDJrWmYyL2ZaWGRKU0JCQ0JnSjdGb1YzTVZVbmRhVzhXRWVYRDdhCjQ1MkJKWkpLQzJORCs2WFEwdHluaFFVeFlYSzA3eTdTSHZiSDlOTWQ4bWd5S3NHVWdTRFdNV3lBV2srMElYTlcKZVFpbVNkd1I3czFyMkFJNUNteUVWSmMwMTk3VFR0ZGluNzBQSFFJREFRQUJBb0lCQUdvdDNkaTdvYjVmWi8vVQpYUUdKSUZjdXpFWHR1alo2ZW5uYnRGUnQvQVc3QWVjM01CeWhlV1BkUzk1QnRPdklESndxdTYyZ0xJWHNOOWt3ClV5QzhLNjdacjlMYlE4TmZCZitZZ1VSdkFqbFdwYmpETVp2RHNIZkhpbTVFaWRTZVRkUzFrUE82RzlPZm9HQnQKWVRVL0RmR1dvdVVhMGZsZ1k3Y3NDeUdCRmg1eUlKOUhHRUl5d1NBNUNQd2tnR3RtYks5M085MXNWcG13YjcvVAo1aTJOUGRVOThHaHFORjJMQjg3cTBBYVI3ekhPMGNkQ29OZitZUTQzR0JKM0hvRFpSNHJCQ2xvY3dacXJrN2FPClF6Mlp3SDQ2U084cHlkTWdTUE1IckpOdVlqZ01peWdZQ2ZXT0VqcHVwVThUWVZ6T3V6TmQ0TWQyU3doSVVYUm8KVWNRNHAwMENnWUVBN0lLODAraXpNYTNDZkFyM05UangzWnhFUjFodXdUTGJXUHg3VmNQdktoYkJNajRpVUVHVQptY1BKeWdscmF2TUlEMm9tdzBlTzhJSDdWTDU5Tm9rcGFSV0RZbU84eFFrRyt1TVFUcGtpaTYvOWJxNVg5eEQrClRNaUZWcGxFNGZBQThwcFhxSVRIUHFrQTlOeFhHWXROMjJOaEtBUWJuYTFPSHNXVzVrbFdnZE1DZ1lFQTJBOTMKaGsrMG92b3JKM0VGdWZVT0tDTmpLRXBIeFN1Ym5xMTJBS1Q3enFSVlpYZm9NV0hBcWpVZVBWTG9jK3l0NzkvOQpVVGJpY2ZmcDFaS1VTSS90Yk9iZkkrM2MvM3VqZjFmRHBieWw0Q05iaUZIOUZpbnBCbUpXM3BMaDZQWjVTNGt2ClZJZFFzQ2ZwQkVEWWdBeEZ2bm1saHlWdldHZXBBYkllcnJscXBVOENnWUVBeHFBWmN5SW5jOTVJeWlIdmNNd3QKRy85RHZHTkJTSkdzY3pRL1pFelR5NVltbEVwb1NOeDZyeFFsb0w1K2J1aEI2YWd0ZTZ6YUY1UWgvZzZvVzZlZgpsbmdSeWd5WEdTYTJyUGNLMStkMWdyaS9iemVOK3BsVDZDb3pDUUpaUGlKd3VVM3p0andrbExRY2NJZW53blVpCll0QTRaUUhtSzJyRGc4WlBMNEdCM0M4Q2dZRUFwTU0rdWF6a3FuZ3VHbmpGRGljRE1iYXlzaEhiSTAvNjc0bUYKK0QzWVRKL2pBMnJxSldaUEh6MDhuelV2VU4vSFVLcTJLWTI2SjRFUHo2OWs1dVRqQU80YWNmSzlXaEsxL3JFMQo0Smk0d2ZFVXB5TW01aFQxdjhtVVIwMHBlNWNocm1taUwwcTFUSEJTOE14bWpWZE9oRStOM0Q2KzUySzliaTZmCjJVeEtPRjhDZ1lBLzlBc3hmRHVYRHdlb044eDZRODZlaTM1VTQxNE1NK1ZZK0l1ZWRlMU1MN1p1UCtSMTlvVEQKSjdYTERXaHZpUWMxMThYcWNRb2l6czdmcXB3YlRPM2gwNDBxMFV5Zk9TalQxb2VZcjVua1pIR2VrT0tINldGMQpXcFhCMWZSWDZ2SUxPVVloSGtEUWtCMTI2cWJIRmRXVUkrMENhOVRxeDFlNWN3YVNOOHo4cVE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
+ tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURlekNDQW1PZ0F3SUJBZ0lRRXN2eFdLU3hJTnVtMUlhOTdmK1RNakFOQmdrcWhraUc5dzBCQVFzRkFEQXoKTVRFd0x3WURWUVFERXlndlEwNDlRV1J0YVhOemFXOXVJRU52Ym5SeWIyeHNaWElnVjJWaWFHOXZheUJFWlcxdgpJRU5CTUI0WERUSXpNREV4T0RBNE5UVXdObG9YRFRJNE1ERXhPVEE0TlRVd05sb3dMekV0TUNzR0ExVUVBeE1rCkwwTk9QV1JoZEhKbFpTMTNaV0pvYjI5ckxYTmxjblpsY2k1a1lYUnlaV1V1YzNaak1JSUJJakFOQmdrcWhraUcKOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXg1eVphTGlhWjBXa0FxVjBQUno0RUdKZWJXcmJCdmxZdERscApsNnFrbjVTcVd1QTRUdWpnS1VvMzRWL3I0ODdyVkd3OXhwWjdxaFpMQkM0QWJ3Y2VibkRiN1BXR2c3OU1zVE45CnczS3NQRjZiS2FxR1pHVDlJN1lWRnNkMnFCZXhlZ0hLRUlRUHNzV3pTbXlRR1FkRmV5bEg5T0ZDeWtWSlAyaXUKMzZPV1Zzc3BsekJKd0VuejI2M0NiSEFyL1hWd0FBNDF5QWl0SFAya1pmMi9mWlhkSlNCQkNCZ0o3Rm9WM01WVQpuZGFXOFdFZVhEN2E0NTJCSlpKS0MyTkQrNlhRMHR5bmhRVXhZWEswN3k3U0h2Ykg5Tk1kOG1neUtzR1VnU0RXCk1XeUFXayswSVhOV2VRaW1TZHdSN3MxcjJBSTVDbXlFVkpjMDE5N1RUdGRpbjcwUEhRSURBUUFCbzRHT01JR0wKTUE0R0ExVWREd0VCL3dRRUF3SUZvREFkQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJdwpEQVlEVlIwVEFRSC9CQUl3QURBZkJnTlZIU01FR0RBV2dCUllML2tuQ2JjK0E5WnFoS095TE5EcUdzR2pwekFyCkJnTlZIUkVFSkRBaWdpQmtZWFJ5WldVdGQyVmlhRzl2YXkxelpYSjJaWEl1WkdGMGNtVmxMbk4yWXpBTkJna3EKaGtpRzl3MEJBUXNGQUFPQ0FRRUFLU2E3TXowSG9xMEprT3h5UjI3Um9rQVM3MVVuVDFZTG5QS2tFSVpZaHVncAowSU5yZFpTVjVDa0FPWitCWkJHRElia2lVVzdnM3lNNUJjRDM3NmV0cFpXWlNnL1JyZ1FvRkxrY2t5dnczWHVDCk43QjU1Y3gvMFozemFOVXg5d1BlSXFJd0FwZjgxQUVqSlEwNllLSFhvbE5aakNTRTdNSlQyc2VpY054MTJUMGgKUVUvdHhLRm03MEhYSlN6L0YzVWxaaUxEeGswZnd3a2FvVVk0ZDlHL0tuRlRRaDEybW05QlNHQVNIdW5zUHdMSwpNcUF3SngzU2lpSURpQk82cVNWdlB0dWhlUHp3S2MxNDYzSHk2dUs4RkVnaktqSGlUd2pMSjNlZTBUZTFOVEtCCmlWTk5VSmxKNHhBa1Fqd1dGbUYvUkdqS1dBRmtwRFAzWUZlMnYwSG1XQT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
+---
+# Source: datree-admission-webhook/templates/cluster-scan-cronjob.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: cluster-scan-job-role
+rules:
+ - apiGroups:
+ - "*"
+ resources:
+ - "*"
+ verbs:
+ - "get"
+ - "list"
+---
+# Source: datree-admission-webhook/templates/clusterrole.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: datree-webhook-server-read
+ labels:
+ app.kubernetes.io/name: datree-admission-webhook
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/instance: "datree-webhook"
+ app.kubernetes.io/version: 0.1.41
+ app.kubernetes.io/part-of: "datree"
+ meta.helm.sh/release-name: "datree-admission-webhook"
+ meta.helm.sh/release-namespace: "datree"
+ helm.sh/chart: datree-admission-webhook-0.3.22
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - "nodes"
+ - "namespaces"
+ verbs:
+ - "get"
+ - "list"
+---
+# Source: datree-admission-webhook/templates/clusterrole.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: datree-namespaces-update
+ labels:
+ app.kubernetes.io/name: datree-admission-webhook
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/instance: "datree-webhook"
+ app.kubernetes.io/version: 0.1.41
+ app.kubernetes.io/part-of: "datree"
+ meta.helm.sh/release-name: "datree-admission-webhook"
+ meta.helm.sh/release-namespace: "datree"
+ helm.sh/chart: datree-admission-webhook-0.3.22
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - namespaces
+ verbs:
+ - get
+ - update
+ - patch
+ resourceNames:
+ - kube-system
+ - datree
+---
+# Source: datree-admission-webhook/templates/clusterrole.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: datree-validationwebhook-delete
+ labels:
+ app.kubernetes.io/name: datree-admission-webhook
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/instance: "datree-webhook"
+ app.kubernetes.io/version: 0.1.41
+ app.kubernetes.io/part-of: "datree"
+ meta.helm.sh/release-name: "datree-admission-webhook"
+ meta.helm.sh/release-namespace: "datree"
+ helm.sh/chart: datree-admission-webhook-0.3.22
+rules:
+ - apiGroups:
+ - "admissionregistration.k8s.io"
+ resources:
+ - validatingwebhookconfigurations
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ resourceNames:
+ - datree-webhook
+---
+# Source: datree-admission-webhook/templates/cluster-scan-cronjob.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: cluster-scan-job-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cluster-scan-job-role
+subjects:
+ - kind: ServiceAccount
+ name: cluster-scan-job-service-account
+ namespace: datree
+---
+# Source: datree-admission-webhook/templates/clusterrolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: datree-webhook-server-read
+ labels:
+ app.kubernetes.io/name: datree-admission-webhook
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/instance: "datree-webhook"
+ app.kubernetes.io/version: 0.1.41
+ app.kubernetes.io/part-of: "datree"
+ meta.helm.sh/release-name: "datree-admission-webhook"
+ meta.helm.sh/release-namespace: "datree"
+ helm.sh/chart: datree-admission-webhook-0.3.22
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: datree-webhook-server-read # datree-webhook-server-read
+subjects:
+ - kind: ServiceAccount
+ name: datree-webhook-server # datree-webhook-server
+ namespace: datree
+---
+# Source: datree-admission-webhook/templates/clusterrolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: datree-namespaces-update
+ labels:
+ app.kubernetes.io/name: datree-admission-webhook
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/instance: "datree-webhook"
+ app.kubernetes.io/version: 0.1.41
+ app.kubernetes.io/part-of: "datree"
+ meta.helm.sh/release-name: "datree-admission-webhook"
+ meta.helm.sh/release-namespace: "datree"
+ helm.sh/chart: datree-admission-webhook-0.3.22
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: datree-namespaces-update
+subjects:
+ - kind: ServiceAccount
+ name: "datree-label-namespaces-hook-post-install"
+ namespace: "datree"
+ - kind: ServiceAccount
+ name: "datree-cleanup-namespaces-hook-pre-delete"
+ namespace: "datree"
+---
+# Source: datree-admission-webhook/templates/clusterrolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: datree-validationwebhook-delete
+ labels:
+ app.kubernetes.io/name: datree-admission-webhook
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/instance: "datree-webhook"
+ app.kubernetes.io/version: 0.1.41
+ app.kubernetes.io/part-of: "datree"
+ meta.helm.sh/release-name: "datree-admission-webhook"
+ meta.helm.sh/release-namespace: "datree"
+ helm.sh/chart: datree-admission-webhook-0.3.22
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: datree-validationwebhook-delete
+subjects:
+ - kind: ServiceAccount
+ name: "datree-cleanup-namespaces-hook-pre-delete"
+ namespace: "datree"
+---
+# Source: datree-admission-webhook/templates/role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: datree-pods-reader
+ labels:
+ app.kubernetes.io/name: datree-admission-webhook
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/instance: "datree-webhook"
+ app.kubernetes.io/version: 0.1.41
+ app.kubernetes.io/part-of: "datree"
+ meta.helm.sh/release-name: "datree-admission-webhook"
+ meta.helm.sh/release-namespace: "datree"
+ helm.sh/chart: datree-admission-webhook-0.3.22
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - "pods"
+ - "jobs"
+ verbs:
+ - "get"
+ - "list"
+ - "watch"
+---
+# Source: datree-admission-webhook/templates/rolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: datree-pods-reader
+ labels:
+ app.kubernetes.io/name: datree-admission-webhook
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/instance: "datree-webhook"
+ app.kubernetes.io/version: 0.1.41
+ app.kubernetes.io/part-of: "datree"
+ meta.helm.sh/release-name: "datree-admission-webhook"
+ meta.helm.sh/release-namespace: "datree"
+ helm.sh/chart: datree-admission-webhook-0.3.22
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: datree-pods-reader
+subjects:
+ - kind: ServiceAccount
+ name: datree-wait-server-ready-hook-post-install
+ namespace: "datree"
+---
+# Source: datree-admission-webhook/templates/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+ name: datree-webhook-server
+ namespace: datree
+ labels:
+ app.kubernetes.io/name: datree-admission-webhook
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/instance: "datree-webhook"
+ app.kubernetes.io/version: 0.1.41
+ app.kubernetes.io/part-of: "datree"
+ meta.helm.sh/release-name: "datree-admission-webhook"
+ meta.helm.sh/release-namespace: "datree"
+ helm.sh/chart: datree-admission-webhook-0.3.22
+spec:
+ selector:
+ app: "datree-webhook-server"
+ ports:
+ - port: 443
+ targetPort: webhook-api
+---
+# Source: datree-admission-webhook/templates/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: datree-webhook-server
+ namespace: datree
+ labels:
+ app.kubernetes.io/name: datree-admission-webhook
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/instance: "datree-webhook"
+ app.kubernetes.io/version: 0.1.41
+ app.kubernetes.io/part-of: "datree"
+ meta.helm.sh/release-name: "datree-admission-webhook"
+ meta.helm.sh/release-namespace: "datree"
+ helm.sh/chart: datree-admission-webhook-0.3.22
+ owner: datree
+ app: "datree-webhook-server"
+spec:
+ replicas: 2
+ selector:
+ matchLabels:
+ app: "datree-webhook-server"
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/name: datree-admission-webhook
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/instance: "datree-webhook"
+ app.kubernetes.io/version: 0.1.41
+ app.kubernetes.io/part-of: "datree"
+ meta.helm.sh/release-name: "datree-admission-webhook"
+ meta.helm.sh/release-namespace: "datree"
+ helm.sh/chart: datree-admission-webhook-0.3.22
+ app: "datree-webhook-server"
+ spec:
+ serviceAccountName: datree-webhook-server
+ containers:
+ - name: server
+ # caution: don't change the order of the environment variables
+ # changing the order will harm resource patching
+ env:
+ - name: DATREE_TOKEN
+ value: "ef7088eb-3096-4533-97d8-f16fb3a5b0c1"
+ - name: DATREE_POLICY
+ value: Starter
+ - name: DATREE_VERBOSE
+ value: ""
+ - name: DATREE_OUTPUT
+ value: ""
+ - name: DATREE_NO_RECORD
+ value: ""
+ - name: DATREE_ENFORCE
+ value: "true"
+ securityContext:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ runAsUser: 25000
+ livenessProbe:
+ httpGet:
+ path: /health
+ port: 8443
+ scheme: HTTPS
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ readinessProbe:
+ httpGet:
+ path: /ready
+ port: 8443
+ scheme: HTTPS
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ resources:
+ {}
+ image: "datree/admission-webhook:0.1.41"
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 8443
+ name: webhook-api
+ volumeMounts:
+ - name: webhook-tls-certs
+ mountPath: /run/secrets/tls
+ readOnly: true
+ - name: webhook-config
+ mountPath: /config
+ readOnly: true
+ volumes:
+ - name: webhook-tls-certs
+ secret:
+ secretName: webhook-server-tls
+ - name: webhook-config
+ configMap:
+ name: webhook-scanning-filters
+ optional: true
+---
+# Source: datree-admission-webhook/templates/cluster-scan-cronjob.yaml
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: scan-job
+ namespace: datree
+spec:
+ backoffLimit: 4
+ template:
+ spec:
+ serviceAccountName: cluster-scan-job-service-account
+ restartPolicy: Never
+ containers:
+ - name: scan-job
+ env:
+ - name: DATREE_TOKEN
+ value: ef7088eb-3096-4533-97d8-f16fb3a5b0c1
+ - name: DATREE_POLICY
+ value: Starter
+ - name: CLUSTER_NAME
+ value: kind-datree
+ securityContext:
+
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ runAsUser: 25000
+ seccompProfile:
+ type: RuntimeDefault
+ image: "datree/scan-job:0.0.13"
+ imagePullPolicy: Always
+ resources:
+ {}
+ volumeMounts:
+ - name: webhook-config
+ mountPath: /config
+ readOnly: true
+ volumes:
+ - name: webhook-config
+ configMap:
+ name: webhook-scanning-filters
+ optional: true
+---
+# Source: datree-admission-webhook/templates/cluster-scan-cronjob.yaml
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata:
+ name: scan-cronjob
+ namespace: datree
+spec:
+ # get the current time, subtract 5 minutes, extract the minutes and inject it into the cron expression
+ # if helm installation was done at 13:35, the cron expression will be 30 * * * *, which means the job will run at 14:30, 15:30, 16:30, etc.
+ schedule: "50 * * * *" # every hour, starting 55 minutes after helm installation
+ jobTemplate:
+ spec:
+ backoffLimit: 4
+ template:
+ spec:
+ serviceAccountName: cluster-scan-job-service-account
+ restartPolicy: Never
+ containers:
+ - name: scan-job
+ env:
+ - name: DATREE_TOKEN
+ value: ef7088eb-3096-4533-97d8-f16fb3a5b0c1
+ - name: DATREE_POLICY
+ value: Starter
+ - name: CLUSTER_NAME
+ value: kind-datree
+ securityContext:
+
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ runAsUser: 25000
+ seccompProfile:
+ type: RuntimeDefault
+ image: "datree/scan-job:0.0.13"
+ imagePullPolicy: Always
+ resources:
+ {}
+ volumeMounts:
+ - name: webhook-config
+ mountPath: /config
+ readOnly: true
+ volumes:
+ - name: webhook-config
+ configMap:
+ name: webhook-scanning-filters
+ optional: true
+---
+# Source: datree-admission-webhook/templates/namespace-post-delete.yaml
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: datree-cleanup-namespaces-hook-pre-delete
+ labels:
+ app.kubernetes.io/name: datree-admission-webhook
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/instance: "datree-webhook"
+ app.kubernetes.io/version: 0.1.41
+ app.kubernetes.io/part-of: "datree"
+ meta.helm.sh/release-name: "datree-admission-webhook"
+ meta.helm.sh/release-namespace: "datree"
+ helm.sh/chart: datree-admission-webhook-0.3.22
+ namespace: datree
+ annotations:
+ "helm.sh/hook": pre-delete, pre-upgrade
+ "helm.sh/hook-delete-policy": hook-succeeded, hook-failed
+spec:
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/name: datree-admission-webhook
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/instance: "datree-webhook"
+ app.kubernetes.io/version: 0.1.41
+ app.kubernetes.io/part-of: "datree"
+ meta.helm.sh/release-name: "datree-admission-webhook"
+ meta.helm.sh/release-namespace: "datree"
+ helm.sh/chart: datree-admission-webhook-0.3.22
+ spec:
+ restartPolicy: OnFailure
+ serviceAccount: datree-cleanup-namespaces-hook-pre-delete
+ nodeSelector:
+ kubernetes.io/os: linux
+ containers:
+ - name: kubectl-label
+ image: "clastix/kubectl:v1.25"
+ imagePullPolicy: IfNotPresent
+ command:
+ - sh
+ - "-c"
+ - >-
+ kubectl delete validatingwebhookconfigurations.admissionregistration.k8s.io datree-webhook -n datree;
+ kubectl label ns kube-system datree datree.io/skip-;
+---
+# Source: datree-admission-webhook/templates/namespace-post-install.yaml
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: datree-label-namespaces-hook-post-install
+ namespace: datree
+ labels:
+ app.kubernetes.io/name: datree-admission-webhook
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/instance: "datree-webhook"
+ app.kubernetes.io/version: 0.1.41
+ app.kubernetes.io/part-of: "datree"
+ meta.helm.sh/release-name: "datree-admission-webhook"
+ meta.helm.sh/release-namespace: "datree"
+ helm.sh/chart: datree-admission-webhook-0.3.22
+ annotations:
+ "helm.sh/hook": post-install, post-upgrade
+ "helm.sh/hook-weight": "-5"
+ "helm.sh/hook-delete-policy": hook-succeeded, hook-failed
+spec:
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/name: datree-admission-webhook
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/instance: "datree-webhook"
+ app.kubernetes.io/version: 0.1.41
+ app.kubernetes.io/part-of: "datree"
+ meta.helm.sh/release-name: "datree-admission-webhook"
+ meta.helm.sh/release-namespace: "datree"
+ helm.sh/chart: datree-admission-webhook-0.3.22
+ spec:
+ serviceAccount: datree-label-namespaces-hook-post-install
+ restartPolicy: OnFailure
+ nodeSelector:
+ kubernetes.io/os: linux
+ containers:
+ - name: kubectl-label
+ image: "clastix/kubectl:v1.25"
+ imagePullPolicy: IfNotPresent
+ args:
+ - label
+ - ns
+ - kube-system
+ - datree
+ - admission.datree/validate=skip
+ - --overwrite
+---
+# Source: datree-admission-webhook/templates/wait-server-ready-post-install.yaml
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: datree-wait-server-ready-hook-post-install
+ namespace: datree
+ labels:
+ app.kubernetes.io/name: datree-admission-webhook
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/instance: "datree-webhook"
+ app.kubernetes.io/version: 0.1.41
+ app.kubernetes.io/part-of: "datree"
+ meta.helm.sh/release-name: "datree-admission-webhook"
+ meta.helm.sh/release-namespace: "datree"
+ helm.sh/chart: datree-admission-webhook-0.3.22
+ annotations:
+ "helm.sh/hook": post-install, post-upgrade
+ "helm.sh/hook-weight": "-5"
+ "helm.sh/hook-delete-policy": hook-succeeded, hook-failed
+spec:
+ template:
+ metadata:
+ name: datree-wait-server-ready-hook-post-install
+ labels:
+ app.kubernetes.io/name: datree-admission-webhook
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/instance: "datree-webhook"
+ app.kubernetes.io/version: 0.1.41
+ app.kubernetes.io/part-of: "datree"
+ meta.helm.sh/release-name: "datree-admission-webhook"
+ meta.helm.sh/release-namespace: "datree"
+ helm.sh/chart: datree-admission-webhook-0.3.22
+ spec:
+ serviceAccountName: datree-wait-server-ready-hook-post-install
+ restartPolicy: Never
+ containers:
+ - name: kubectl-client
+ image: "clastix/kubectl:v1.25"
+ imagePullPolicy: IfNotPresent
+ command:
+ - sh
+ - "-c"
+ - >-
+ kubectl wait --for=condition=ready pod -l app=datree-webhook-server --timeout="180s"
+---
+# Source: datree-admission-webhook/templates/webhook-with-cert-secrets.yaml
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+ name: datree-webhook
+ annotations:
+ "helm.sh/hook": post-install, post-upgrade
+ "helm.sh/hook-weight": "-5"
+webhooks:
+ - name: webhook-server.datree.svc
+ sideEffects: None
+ timeoutSeconds: 30
+ failurePolicy: Ignore
+ admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: datree-webhook-server
+ namespace: datree
+ path: "/validate"
+ caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVakNDQWpxZ0F3SUJBZ0lSQUs4TTRaaDl3TzJicFJieUY5VVR1UU13RFFZSktvWklodmNOQVFFTEJRQXcKTXpFeE1DOEdBMVVFQXhNb0wwTk9QVUZrYldsemMybHZiaUJEYjI1MGNtOXNiR1Z5SUZkbFltaHZiMnNnUkdWdApieUJEUVRBZUZ3MHlNekF4TVRnd09EVTFNRFphRncweU9EQXhNVGt3T0RVMU1EWmFNRE14TVRBdkJnTlZCQU1UCktDOURUajFCWkcxcGMzTnBiMjRnUTI5dWRISnZiR3hsY2lCWFpXSm9iMjlySUVSbGJXOGdRMEV3Z2dFaU1BMEcKQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUURmSGE5Znh6dDZPK0tnYXQ1dC9GeEdIVDFpTHFkcQpwSy84RElNSWlCU2dvbW9lQklCeE9Zd1JTL2dhcTlvQVc2TDBGNFJ3aGhDeHJNcGdoMUpFVFcrWHVlakg2RW9sCjE4UlhGeGhTRzlud3RrSW9MdlVUdVYxOTlGM2Jjai9IR1FNeVIzNUx0QXhaSFdMREpJMkFQbnVzb0NaS29GSlIKajUwaG1rQnlzSURSVDVseCtiR1RrcEFDMkc4NFZ6cFpuQ1pYZUludzNEM2dMT0pVSFlUY2RQb0ozMWVtZ2U2Sgpydk01ZFVtT0lFNE9lWk42QVhtSDE3NWpNdk9yeXFZQXFpMTFJN1hrUDhoZU1nSWRyQVhVQmZHd0lESVJHWnZ0CnFoK1AyU3kzZWxzeEZqR2JjeFNlL3FJSFBTVW4ycldyU0hrRjdLNSs4MGhqbFp6TEtrYThkMzdCQWdNQkFBR2oKWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDcERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSApBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVV0MvNUp3bTNQZ1BXYW9TanNpelE2aHJCCm82Y3dEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBS2lEdDZoVkZVN1RTekkvQWV4bXd0b3I3eUo4Qmg4L2Y1ZVIKTWJCSGN3dFRrTUpIazFuVUV2WG5GQS9xK1BDdzd3eXdUaHp0T0hwUkM1N3QvWkMwYkF5WUtRV1JJVEx5NWpDVwpUbDJRL1l5UkdKVlJjT0xQUWhWT1krcW1BdzluVklVTGRROWs0SEtPeUM0T1g2TmRCUktOazdjdlBzakpOc1M5CjRreUtCVUQyelArUGpGdDVEZUFFZXpRSmRwR2xiNXVyQnNHUldCZC8zODNYa01pOG5sSWhtbUFxVVlpcjFsc3cKRlNEWS9saDc5RDg0bTUzdFlVc0R2UjdwZ0pKbUtCOWRBUGJxOG1jQzdRUm5jd0tQSjdhUUJjTlpvNU1IZ3FFNAptelRlMnNybGhqbXcvSEFnMGdiM0RnME5hQzNzYlpTUytzeUhyVllyWVdQSHRWdDk2ZXc9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
+ namespaceSelector:
+ matchExpressions:
+ - key: admission.datree/validate
+ operator: DoesNotExist
+ rules:
+ - operations: ["CREATE", "UPDATE"]
+ apiGroups: ["*"]
+ apiVersions: ["*"]
+ resources: ["*"]
diff --git a/kubernetes/datree/manifests/datree.0.1.46.yaml b/kubernetes/datree/manifests/datree.0.1.46.yaml
new file mode 100644
index 0000000..f050067
--- /dev/null
+++ b/kubernetes/datree/manifests/datree.0.1.46.yaml
@@ -0,0 +1,718 @@
+---
+# Source: datree-admission-webhook/templates/cluster-scan-cronjob.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: cluster-scan-job-service-account
+ namespace: datree
+---
+# Source: datree-admission-webhook/templates/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: datree-webhook-server
+ namespace: datree
+ labels:
+ app.kubernetes.io/name: datree-admission-webhook
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/instance: "datree-webhook"
+ app.kubernetes.io/version: 0.1.41
+ app.kubernetes.io/part-of: "datree"
+ meta.helm.sh/release-name: "datree-admission-webhook"
+ meta.helm.sh/release-namespace: "datree"
+ helm.sh/chart: datree-admission-webhook-0.3.22
+---
+# Source: datree-admission-webhook/templates/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: datree-label-namespaces-hook-post-install
+ labels:
+ app.kubernetes.io/name: datree-admission-webhook
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/instance: "datree-webhook"
+ app.kubernetes.io/version: 0.1.41
+ app.kubernetes.io/part-of: "datree"
+ meta.helm.sh/release-name: "datree-admission-webhook"
+ meta.helm.sh/release-namespace: "datree"
+ helm.sh/chart: datree-admission-webhook-0.3.22
+---
+# Source: datree-admission-webhook/templates/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: datree-cleanup-namespaces-hook-pre-delete
+ labels:
+ app.kubernetes.io/name: datree-admission-webhook
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/instance: "datree-webhook"
+ app.kubernetes.io/version: 0.1.41
+ app.kubernetes.io/part-of: "datree"
+ meta.helm.sh/release-name: "datree-admission-webhook"
+ meta.helm.sh/release-namespace: "datree"
+ helm.sh/chart: datree-admission-webhook-0.3.22
+---
+# Source: datree-admission-webhook/templates/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: datree-wait-server-ready-hook-post-install
+ labels:
+ app.kubernetes.io/name: datree-admission-webhook
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/instance: "datree-webhook"
+ app.kubernetes.io/version: 0.1.41
+ app.kubernetes.io/part-of: "datree"
+ meta.helm.sh/release-name: "datree-admission-webhook"
+ meta.helm.sh/release-namespace: "datree"
+ helm.sh/chart: datree-admission-webhook-0.3.22
+---
+# Source: datree-admission-webhook/templates/webhook-with-cert-secrets.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+ name: datree-ca-tls
+ labels:
+ app.kubernetes.io/name: datree-admission-webhook
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/instance: "datree-webhook"
+ app.kubernetes.io/version: 0.1.41
+ app.kubernetes.io/part-of: "datree"
+ meta.helm.sh/release-name: "datree-admission-webhook"
+ meta.helm.sh/release-namespace: "datree"
+ helm.sh/chart: datree-admission-webhook-0.3.22
+ namespace: datree
+type: kubernetes.io/tls
+data:
+ tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBbjBET0hhcklRU1A3Skc1Y1dEZWFmSmFVSHM2YklMTEFtMEF4Q1RFbVpud29BUTlHCmFEM01uNklqd3BGaVV4UGJMcEtqTUtRZm5jYTVLdWhleHZ2LzlNOGN4TFVCK0RGZnhlYkZvaGdoZHhFam94NnEKS0JmcVVqaURhY2xLMUJGWEtnQnZHZjFWczIxbWZwLzA2QnI1alRSTEJZdVZrWmEwNjZJK0drSkpVQ1c1MGpwcApYREdtdVhUaEYwQVhNT01RQS9Nb0tQTlBrYVA1UUZ6bUtyUFkxencxQ0xzVTk3eXRzK2d4N01ZM1dsVHRDWnVVCjYxNnRhNE1qSmNMRXF2ZVNVblhsUUNFMTBJYnJpNTl5eEtZTzRhUHNRUlpBaUd0WWhjWXVhNHdWdXpJK0xTZlcKN202NHlNOWNpN1Z4UlVjemNqRlM5NWR6R1hKWk9VVVB3YUduMndJREFRQUJBb0lCQVFDVHBjaXpWcmh0TklmTwpnZ2RadnN1YlFSdzQ1OEtKY1ZFRFgyTlhLMXQzM3hwVHlTNjB6TDhmTFh0TUUvQitKOFdwaTBpRGUxYll0L3JMCkhqOW82eENtanpNVDZPSFhreWRCV3pEV2xOcktBbmp3N2loQ0hkSWd3c2FMMkpWb3dsNzIwUW93cFdERWh1UmsKOTdaZlQwc1pNR2R4ejdVdkV2UFFGMDdPbDdCUy9nQzc0dnlaYTR4VmptdXBKNld5Y1VOTlR0WG42MUVxLzVjVwpTL3ZzRFNxdzlCaXIvRUUrL3N3K3lSdnlXeXIzMC9iZm44ZVY0blZnZmJic2U1Z1B3dmVNYlJOR2R3cjNzL1hzClcycW5tZ3NLWFg4b3lmUjlWUy82alozNnNzY0NLckx3bFhNQTRlcUhEWXJtOFZDZk5sc0ZFMnFhOVpOd21ublUKeHV6T2V4R3hBb0dCQU1nRllSakRyK283NDNFL3RlUXJLcTViN25XcktRbjdxdWpIVXg5b1pQYzFvajdDSUdndApITVQyaTM4eU1tbEw1ZXZ0cTd5NjNUcXA1ZGdIVlZaRjZqTENrZnBBTlhLaDBHL3FlaFFkMTNnMlZYTVBWTFRSCnUvUWdha2kxdEYwWkkyOTEzZU1zazdscVJOVGJxOGVTbmpPdkF6NXFtTXY3TU9DZ2JuQTJEbVhUQW9HQkFNdlMKbHFhc3E3RlNIMUVDNXE0b1pURTlYVFUxTkNRM09oSGtwTTBkMjJURmp0bGVWVnFPZ0c1Y0cwMHlTN2dyTGtZRwowbGV6Tm1TSVhFZ1VqYjZSRjg3aTlieXFIeFQ2cXNlNEU3LzlYNDM3NWkxTHlnSkxNY0xEMGo2aUpxdUJQZ01WCjBMT1BFdUZNczdmL3FyY2ozSHpyTlVMT1pFZEdYOTBOVGtGaHpralpBb0dBVkhWNUIzVHgzZzFGdjdjd1BkVkEKWTNsc0dvR1loWitnRGtURVE1bllNRTZVWUwybDQzZFJFNVlyVngxQ0RoWS9Vcno3N0doWExBTTdpMW1sWGhXTgppN3QrMmxXc2UrZjUxSmdFem1PL2JRSThXS1pibFRLT2s4bndOeDJLdUZqNkRvR05uUFJndUVVNEpVMVFucWU1Clo0ZDU3aXdpc3RjeFQxaE82ZERaaVlNQ2dZQkl4eXdsM1pmODIrNzB0VTE3T0U5UnNyQ2FkQ0huSUpVcW1ITEUKRHZvczFHSDZlYldPZlQyY3FtVFJQcmxNekpaY1NNbElxV1F0cDRjVDhjcmZGZDNqY0tVQU5kcWRXaGdxOGk2VApLank1YlEyMmRNNXYzVHVxYU5Pa3E2K1ZJN1BwMUJ0T1VqTVNvWm0yaEtNSGU5V2FBVDVtV1YzekdVelhtSTJ0CnlPZW9tUUtCZ0NtYUJadUdpaEYyTlJORjBRUkhaRmdXRWdwRk1rWFFVcHFSOHVFNlRTTlFJUWVSSEYzaXFhbzMKSmsvYjgzbzZlTUlTMTN0RDNWN0JMY1J2ckhQK0pBcG5sNk5BeXUrUVMzOVpkOVp4d0RGOUZueVJxRVg4ZE9uZApZWkVoMXNFTEdyRlVNa1hkRVZUNFFsQUN1Q01sUmQ0NGNaZ3lPSFZzMWlIZDZyUUJubjUyCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
+ tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVakNDQWpxZ0F3SUJBZ0lSQUxKTmg1YnVYN1A0V1ZkcndXWWQzRG93RFFZSktvWklodmNOQVFFTEJRQXcKTXpFeE1DOEdBMVVFQXhNb0wwTk9QVUZrYldsemMybHZiaUJEYjI1MGNtOXNiR1Z5SUZkbFltaHZiMnNnUkdWdApieUJEUVRBZUZ3MHlNekF4TVRnd05URXhNVGxhRncweU9EQXhNVGt3TlRFeE1UbGFNRE14TVRBdkJnTlZCQU1UCktDOURUajFCWkcxcGMzTnBiMjRnUTI5dWRISnZiR3hsY2lCWFpXSm9iMjlySUVSbGJXOGdRMEV3Z2dFaU1BMEcKQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUNmUU00ZHFzaEJJL3NrYmx4WU41cDhscFFlenBzZwpzc0NiUURFSk1TWm1mQ2dCRDBab1BjeWZvaVBDa1dKVEU5c3VrcU13cEIrZHhya3E2RjdHKy8vMHp4ekV0UUg0Ck1WL0Y1c1dpR0NGM0VTT2pIcW9vRitwU09JTnB5VXJVRVZjcUFHOFovVld6YldaK24vVG9Hdm1OTkVzRmk1V1IKbHJUcm9qNGFRa2xRSmJuU09tbGNNYWE1ZE9FWFFCY3c0eEFEOHlnbzgwK1JvL2xBWE9ZcXM5alhQRFVJdXhUMwp2SzJ6NkRIc3hqZGFWTzBKbTVUclhxMXJneU1sd3NTcTk1SlNkZVZBSVRYUWh1dUxuM0xFcGc3aG8reEJGa0NJCmExaUZ4aTVyakJXN01qNHRKOWJ1YnJqSXoxeUx0WEZGUnpOeU1WTDNsM01aY2xrNVJRL0JvYWZiQWdNQkFBR2oKWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDcERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSApBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVeG82MXp0eEUrbEdia2JGcGpUOU0wTWVnCkgzWXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQ2lWSVhqREJPcXU5elR0d1FUMkFpZkJ2eFlXTWM4bXJoVnUKcWMzMnJUT0VRQ05vUkpQYkxZM01KeUFwZjJtOUxJNEN2SU1SMTIwc0ttYzRQTXE5ZzRCb291Yng0aWNsOFl1OAp1bmRuVWhmODAwSUp5YUthMittZjgzZjJmcmZXSlF1NzVMMnRrYys4WWtFWFZnR2cyazdxVXZkeThzdzRUTEZICmlPMktvVm5Xeit4R2FQb25BK09OK01lSUxDOGgrNlVNdjM5a2pTb29TV1M3amFHVDZXS2Z3aFExa1JJM2JIZS8KL05ZZHpjVkJibXJ0eFg1K1RvcmxNOSswcnoybnBwNkN5MlFSZHpuM3hKWHNGVk4wTml6V3pVZWErLzVEVndwSQpBeE1uSXBJNmpzME02cVJ4VUdZVHFOdTk1YkJSanVwQTFwVDJDZGFhYnp5NU0xK2VTaTg9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
+---
+# Source: datree-admission-webhook/templates/webhook-with-cert-secrets.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+ name: webhook-server-tls
+ labels:
+ app.kubernetes.io/name: datree-admission-webhook
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/instance: "datree-webhook"
+ app.kubernetes.io/version: 0.1.41
+ app.kubernetes.io/part-of: "datree"
+ meta.helm.sh/release-name: "datree-admission-webhook"
+ meta.helm.sh/release-namespace: "datree"
+ helm.sh/chart: datree-admission-webhook-0.3.22
+ namespace: datree
+ annotations:
+ self-signed-cert: "true"
+type: kubernetes.io/tls
+data:
+ tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBcDk2Yzc2eTREMlVybGtVNlZDMmZzZytaWS9VWFVmL1NvZFZyVlBFbU5zMUpNbGp0CmZOYSt2RVZXNllqQ3cyQnc2RExBZURGeWw2SWsvYjR1TGpHOEYwSEhhK3RjMk5Mc2tnLzJhUTQrM1NnWkxsM3UKOXJmaFNDMWUwMkVNWHh0bnIyZU82RW1EVlE1SjFCSzVWSG1Qa1VYMHI5Mm84TXVSOGZERytPYjFPUW82TWtocgo1WHZNWW0wMmVURnlwLzc3alNzN1JLZEZnOXF0Z1VVcHhYejVOVnhLNDlRaVpleWIvSklUbnc4T0R6Qk5ac0FZCjJScStiZjhFUU95MktFNDZmNWhSN2Vhb1VsRFp3RnFYRzRkRkhzRmNkRlNhYzh5SXJJUXlNejFxVEZSanFyYjQKU2JWVjNzY0RFZ3lwUVh0Z3NHcjFVbUFwcDJCVXRVSDhHUm1BZFFJREFRQUJBb0lCQUFxTHBJWTE3blloSCtUWAp3bnRKUm0vMEpPbXZtdUJ1MXJlTjVhazNZUFF1WHp2SGRGdlVUYlVjRWdLbnNieCtVWGwwdnJ5T05xbXA2UEw3CndJRHNaT2w5RzE3L01SejUyeHl0M2dmcGVpK0FkbHlBVUNPMWwzUm1UVCt3S0F2TmQrei83MjFPT083ZDcrdGYKcGI3VnlCd1RMZlRpVXR1Vm5qeDVxTFk0SkEyS0tkdVJnZXg4R0lVcXNtQncrcms0T04xRVJFOWZKQjVveHV6bgo1VmhnU2VhaVVWVXRrYmFtYjBLNDBpTVRKSUh2bWlMTGwyTkxaeTVkSkg3MFlaQkh6bEtLaFpqY3huaXBVOURECkVpSmp2TllkUXVlMisyNlB4bENpNC8rdDNtQ015T01LcjFqZzJ0TnZrQzNMNjBzb1BCQUZ6S2VMSW41dVZLcWsKS2RmY3BrRUNnWUVBMmdVanlTa2M2dXhlQ1R5cXV2WWtudGRLRlV1eEF4TTk2SGlNZG1Sb2tQSmkzUjdvQk5SRgpuZEVLV3pGcEFBc2RnZzlEdFprK3lYTkowWGxtZUV4WEU2QnFBemtOZ1Fic0NTMG5TV1ovazFDdjdCNUdYbFRJCkxMNk5SaS9wK2NMaWxtS1d1SlE0aW5mQi9nZ3QvbXVLVDIrWDRKVFVMK2haNTlqaHZqRlBQOUVDZ1lFQXhSejAKQ3FRZVpnUGhrR2dud2JHTG9ySXo0Q3BlTWkwbStrZm9vSFdQWW12Z1AxbnFJZWh5dERvVFUzUFpjVUNSbzdVbAowZkJubGhyMXNHRWVuWlBBQlpWUnZmeWs5blNDRW9zdnBDd3RYTUFTUHZjOGZSRVRXam1nVTRKZTBMU0dxdWdGClBQQWNubDE3VC9ITXNQeWwwSUd3Sjc4ZFNtd1dGcjNiQlFJUDQyVUNnWUJjcWhpV3RHbTlFKyszLzFnVmxPN2wKc0YybGhZRmI3RDdBNHhQWWNqN2JkSm8rbjVkQURqVDBxZGU4QU5rL0VucGRRRDJvSHRWSDdEOXcwQ2VVYytZQwp5b2lrakFoSVVmZmF3cDFUSGtTVkNaTnNTVVhoYkNtVWt2MGEydHlZc3BONkZiYzRCbyt0a3M4YU9NSEx4RXVLCkRjVkF5Q0VUcDY4bTB0REg5TTlaTVFLQmdRQ2lYK1o5T1pNOUVHZHBFUlBuRUgzcHlZaklXYjU4OFFzUjA5akQKRGZUTzYvU3Yyejd2TGRBSHZXdWNMR3ZzU25kdTkxT3ZiSzI0VG44a0MrMHZlNzRNRzJSWjhGeG9GYlBzMkxHbgpPU2twSmFRaU1JS291RDlMN1Bxd3NFMncrWFdTSmszaVZCNFBLd3pnMzF4eVU3MjRWSTByUU5rOUxHckoweDR3Ck12R3ByUUtCZ0JYejVhVUIrQk8wQVBna1ZZZFo2TElIRHJod3lnc0Y4T0VYcFEzbHdkM0pIS1Y0VVpOUVQya0wKZXhZK3g3Z0FadytKTVczdmpkaVVpVzV6cjBESUlNMDF1QitQcGFRemZ3QkM2Qy8vSVUrZy9Sa1R0TlJ3NzRkaAp3QWN1azRMRWxiNTVNT1VjRlJ2d2EvWXY3NWpRK3BGOUYwa3JNS1U2bDhReEQyaFhCcjJUCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
+ tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURlekNDQW1PZ0F3SUJBZ0lRYzlNU2dBY1VhcWpMdG9vYUYrdlVxREFOQmdrcWhraUc5dzBCQVFzRkFEQXoKTVRFd0x3WURWUVFERXlndlEwNDlRV1J0YVhOemFXOXVJRU52Ym5SeWIyeHNaWElnVjJWaWFHOXZheUJFWlcxdgpJRU5CTUI0WERUSXpNREV4T0RBMU1URXhPVm9YRFRJNE1ERXhPVEExTVRFeE9Wb3dMekV0TUNzR0ExVUVBeE1rCkwwTk9QV1JoZEhKbFpTMTNaV0pvYjI5ckxYTmxjblpsY2k1a1lYUnlaV1V1YzNaak1JSUJJakFOQmdrcWhraUcKOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXA5NmM3Nnk0RDJVcmxrVTZWQzJmc2crWlkvVVhVZi9Tb2RWcgpWUEVtTnMxSk1sanRmTmErdkVWVzZZakN3MkJ3NkRMQWVERnlsNklrL2I0dUxqRzhGMEhIYSt0YzJOTHNrZy8yCmFRNCszU2daTGwzdTlyZmhTQzFlMDJFTVh4dG5yMmVPNkVtRFZRNUoxQks1VkhtUGtVWDByOTJvOE11UjhmREcKK09iMU9RbzZNa2hyNVh2TVltMDJlVEZ5cC83N2pTczdSS2RGZzlxdGdVVXB4WHo1TlZ4SzQ5UWlaZXliL0pJVApudzhPRHpCTlpzQVkyUnErYmY4RVFPeTJLRTQ2ZjVoUjdlYW9VbERad0ZxWEc0ZEZIc0ZjZEZTYWM4eUlySVF5Ck16MXFURlJqcXJiNFNiVlYzc2NERWd5cFFYdGdzR3IxVW1BcHAyQlV0VUg4R1JtQWRRSURBUUFCbzRHT01JR0wKTUE0R0ExVWREd0VCL3dRRUF3SUZvREFkQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJdwpEQVlEVlIwVEFRSC9CQUl3QURBZkJnTlZIU01FR0RBV2dCVEdqclhPM0VUNlVadVJzV21OUDB6UXg2QWZkakFyCkJnTlZIUkVFSkRBaWdpQmtZWFJ5WldVdGQyVmlhRzl2YXkxelpYSjJaWEl1WkdGMGNtVmxMbk4yWXpBTkJna3EKaGtpRzl3MEJBUXNGQUFPQ0FRRUFDSThNc1hMejcyRThwOUE2MGdqVzZWdkcrdlN3ZzczQys3TDgxYUIvd0IzTwpxVnVYaVRHQmgrZmI2UlJLbzQxS25Pa0RkRlNCM0lWTHFJaHQvOU5uVHl0eWlVSFRmcEhvVGUwak1meFRXeGQ0CndVMnhLeWNRVmVBcFkzSlFpMWU4MEhZU3NFQ3NMVDBlRloxNmcyVmE0bUhvUnpHOWswTk5LL2tVc0xRL3lUMlcKUk5vWjcwV0NNdEV0MlE0eUU3NXBDdXBnc3B5b1J2SUNScjczTiszOVBVVDA2SndZSnZnaTBVQ3RjMlhVK2I5SQpVYU5TK3JSQzRFVm5qM003VVgrZVZXKzJFNXdpT3NKU1g0Z0M3S0kxcTNTcnlveXNlbVJJYXNaZjBkaENmNjI0CkE2ZmtZdGRVMmN3SzBrMVhnVC9oaHVZS2FpRDc1TjlTSWYxTGZtZklrUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
+---
+# Source: datree-admission-webhook/templates/cluster-scan-cronjob.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: cluster-scan-job-role
+rules:
+ - apiGroups:
+ - "*"
+ resources:
+ - "*"
+ verbs:
+ - "get"
+ - "list"
+---
+# Source: datree-admission-webhook/templates/clusterrole.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: datree-webhook-server-read
+ labels:
+ app.kubernetes.io/name: datree-admission-webhook
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/instance: "datree-webhook"
+ app.kubernetes.io/version: 0.1.41
+ app.kubernetes.io/part-of: "datree"
+ meta.helm.sh/release-name: "datree-admission-webhook"
+ meta.helm.sh/release-namespace: "datree"
+ helm.sh/chart: datree-admission-webhook-0.3.22
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - "nodes"
+ - "namespaces"
+ verbs:
+ - "get"
+ - "list"
+---
+# Source: datree-admission-webhook/templates/clusterrole.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: datree-namespaces-update
+ labels:
+ app.kubernetes.io/name: datree-admission-webhook
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/instance: "datree-webhook"
+ app.kubernetes.io/version: 0.1.41
+ app.kubernetes.io/part-of: "datree"
+ meta.helm.sh/release-name: "datree-admission-webhook"
+ meta.helm.sh/release-namespace: "datree"
+ helm.sh/chart: datree-admission-webhook-0.3.22
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - namespaces
+ verbs:
+ - get
+ - update
+ - patch
+ resourceNames:
+ - kube-system
+ - datree
+---
+# Source: datree-admission-webhook/templates/clusterrole.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: datree-validationwebhook-delete
+ labels:
+ app.kubernetes.io/name: datree-admission-webhook
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/instance: "datree-webhook"
+ app.kubernetes.io/version: 0.1.41
+ app.kubernetes.io/part-of: "datree"
+ meta.helm.sh/release-name: "datree-admission-webhook"
+ meta.helm.sh/release-namespace: "datree"
+ helm.sh/chart: datree-admission-webhook-0.3.22
+rules:
+ - apiGroups:
+ - "admissionregistration.k8s.io"
+ resources:
+ - validatingwebhookconfigurations
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ resourceNames:
+ - datree-webhook
+---
+# Source: datree-admission-webhook/templates/cluster-scan-cronjob.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: cluster-scan-job-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cluster-scan-job-role
+subjects:
+ - kind: ServiceAccount
+ name: cluster-scan-job-service-account
+ namespace: datree
+---
+# Source: datree-admission-webhook/templates/clusterrolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: datree-webhook-server-read
+ labels:
+ app.kubernetes.io/name: datree-admission-webhook
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/instance: "datree-webhook"
+ app.kubernetes.io/version: 0.1.41
+ app.kubernetes.io/part-of: "datree"
+ meta.helm.sh/release-name: "datree-admission-webhook"
+ meta.helm.sh/release-namespace: "datree"
+ helm.sh/chart: datree-admission-webhook-0.3.22
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: datree-webhook-server-read # datree-webhook-server-read
+subjects:
+ - kind: ServiceAccount
+ name: datree-webhook-server # datree-webhook-server
+ namespace: datree
+---
+# Source: datree-admission-webhook/templates/clusterrolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: datree-namespaces-update
+ labels:
+ app.kubernetes.io/name: datree-admission-webhook
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/instance: "datree-webhook"
+ app.kubernetes.io/version: 0.1.41
+ app.kubernetes.io/part-of: "datree"
+ meta.helm.sh/release-name: "datree-admission-webhook"
+ meta.helm.sh/release-namespace: "datree"
+ helm.sh/chart: datree-admission-webhook-0.3.22
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: datree-namespaces-update
+subjects:
+ - kind: ServiceAccount
+ name: "datree-label-namespaces-hook-post-install"
+ namespace: "datree"
+ - kind: ServiceAccount
+ name: "datree-cleanup-namespaces-hook-pre-delete"
+ namespace: "datree"
+---
+# Source: datree-admission-webhook/templates/clusterrolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: datree-validationwebhook-delete
+ labels:
+ app.kubernetes.io/name: datree-admission-webhook
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/instance: "datree-webhook"
+ app.kubernetes.io/version: 0.1.41
+ app.kubernetes.io/part-of: "datree"
+ meta.helm.sh/release-name: "datree-admission-webhook"
+ meta.helm.sh/release-namespace: "datree"
+ helm.sh/chart: datree-admission-webhook-0.3.22
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: datree-validationwebhook-delete
+subjects:
+ - kind: ServiceAccount
+ name: "datree-cleanup-namespaces-hook-pre-delete"
+ namespace: "datree"
+---
+# Source: datree-admission-webhook/templates/role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: datree-pods-reader
+ labels:
+ app.kubernetes.io/name: datree-admission-webhook
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/instance: "datree-webhook"
+ app.kubernetes.io/version: 0.1.41
+ app.kubernetes.io/part-of: "datree"
+ meta.helm.sh/release-name: "datree-admission-webhook"
+ meta.helm.sh/release-namespace: "datree"
+ helm.sh/chart: datree-admission-webhook-0.3.22
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - "pods"
+ - "jobs"
+ verbs:
+ - "get"
+ - "list"
+ - "watch"
+---
+# Source: datree-admission-webhook/templates/rolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: datree-pods-reader
+ labels:
+ app.kubernetes.io/name: datree-admission-webhook
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/instance: "datree-webhook"
+ app.kubernetes.io/version: 0.1.41
+ app.kubernetes.io/part-of: "datree"
+ meta.helm.sh/release-name: "datree-admission-webhook"
+ meta.helm.sh/release-namespace: "datree"
+ helm.sh/chart: datree-admission-webhook-0.3.22
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: datree-pods-reader
+subjects:
+ - kind: ServiceAccount
+ name: datree-wait-server-ready-hook-post-install
+ namespace: "datree"
+---
+# Source: datree-admission-webhook/templates/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+ name: datree-webhook-server
+ namespace: datree
+ labels:
+ app.kubernetes.io/name: datree-admission-webhook
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/instance: "datree-webhook"
+ app.kubernetes.io/version: 0.1.41
+ app.kubernetes.io/part-of: "datree"
+ meta.helm.sh/release-name: "datree-admission-webhook"
+ meta.helm.sh/release-namespace: "datree"
+ helm.sh/chart: datree-admission-webhook-0.3.22
+spec:
+ selector:
+ app: "datree-webhook-server"
+ ports:
+ - port: 443
+ targetPort: webhook-api
+---
+# Source: datree-admission-webhook/templates/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: datree-webhook-server
+ namespace: datree
+ labels:
+ app.kubernetes.io/name: datree-admission-webhook
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/instance: "datree-webhook"
+ app.kubernetes.io/version: 0.1.41
+ app.kubernetes.io/part-of: "datree"
+ meta.helm.sh/release-name: "datree-admission-webhook"
+ meta.helm.sh/release-namespace: "datree"
+ helm.sh/chart: datree-admission-webhook-0.3.22
+ owner: datree
+ app: "datree-webhook-server"
+spec:
+ replicas: 2
+ selector:
+ matchLabels:
+ app: "datree-webhook-server"
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/name: datree-admission-webhook
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/instance: "datree-webhook"
+ app.kubernetes.io/version: 0.1.41
+ app.kubernetes.io/part-of: "datree"
+ meta.helm.sh/release-name: "datree-admission-webhook"
+ meta.helm.sh/release-namespace: "datree"
+ helm.sh/chart: datree-admission-webhook-0.3.22
+ app: "datree-webhook-server"
+ spec:
+ serviceAccountName: datree-webhook-server
+ containers:
+ - name: server
+ # caution: don't change the order of the environment variables
+ # changing the order will harm resource patching
+ env:
+ - name: DATREE_TOKEN
+ value: "ef7088eb-3096-4533-97d8-f16fb3a5b0c1"
+ - name: DATREE_POLICY
+ value: Starter
+ - name: DATREE_VERBOSE
+ value: ""
+ - name: DATREE_OUTPUT
+ value: ""
+ - name: DATREE_NO_RECORD
+ value: ""
+ - name: DATREE_ENFORCE
+ value: ""
+ securityContext:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ runAsUser: 25000
+ livenessProbe:
+ httpGet:
+ path: /health
+ port: 8443
+ scheme: HTTPS
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ readinessProbe:
+ httpGet:
+ path: /ready
+ port: 8443
+ scheme: HTTPS
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ resources:
+ {}
+ image: "datree/admission-webhook:0.1.41"
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 8443
+ name: webhook-api
+ volumeMounts:
+ - name: webhook-tls-certs
+ mountPath: /run/secrets/tls
+ readOnly: true
+ - name: webhook-config
+ mountPath: /config
+ readOnly: true
+ volumes:
+ - name: webhook-tls-certs
+ secret:
+ secretName: webhook-server-tls
+ - name: webhook-config
+ configMap:
+ name: webhook-scanning-filters
+ optional: true
+---
+# Source: datree-admission-webhook/templates/cluster-scan-cronjob.yaml
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: scan-job
+ namespace: datree
+spec:
+ backoffLimit: 4
+ template:
+ spec:
+ serviceAccountName: cluster-scan-job-service-account
+ restartPolicy: Never
+ containers:
+ - name: scan-job
+ env:
+ - name: DATREE_TOKEN
+ value: ef7088eb-3096-4533-97d8-f16fb3a5b0c1
+ - name: DATREE_POLICY
+ value: Starter
+ - name: CLUSTER_NAME
+ value: kind-datree
+ securityContext:
+
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ runAsUser: 25000
+ seccompProfile:
+ type: RuntimeDefault
+ image: "datree/scan-job:0.0.13"
+ imagePullPolicy: Always
+ resources:
+ {}
+ volumeMounts:
+ - name: webhook-config
+ mountPath: /config
+ readOnly: true
+ volumes:
+ - name: webhook-config
+ configMap:
+ name: webhook-scanning-filters
+ optional: true
+---
+# Source: datree-admission-webhook/templates/cluster-scan-cronjob.yaml
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata:
+ name: scan-cronjob
+ namespace: datree
+spec:
+ # get the current time, subtract 5 minutes, extract the minutes and inject it into the cron expression
+ # if helm installation was done at 13:35, the cron expression will be 30 * * * *, which means the job will run at 14:30, 15:30, 16:30, etc.
+ schedule: "06 * * * *" # every hour, starting 55 minutes after helm installation
+ jobTemplate:
+ spec:
+ backoffLimit: 4
+ template:
+ spec:
+ serviceAccountName: cluster-scan-job-service-account
+ restartPolicy: Never
+ containers:
+ - name: scan-job
+ env:
+ - name: DATREE_TOKEN
+ value: ef7088eb-3096-4533-97d8-f16fb3a5b0c1
+ - name: DATREE_POLICY
+ value: Starter
+ - name: CLUSTER_NAME
+ value: kind-datree
+ securityContext:
+
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ runAsUser: 25000
+ seccompProfile:
+ type: RuntimeDefault
+ image: "datree/scan-job:0.0.13"
+ imagePullPolicy: Always
+ resources:
+ {}
+ volumeMounts:
+ - name: webhook-config
+ mountPath: /config
+ readOnly: true
+ volumes:
+ - name: webhook-config
+ configMap:
+ name: webhook-scanning-filters
+ optional: true
+---
+# Source: datree-admission-webhook/templates/namespace-post-delete.yaml
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: datree-cleanup-namespaces-hook-pre-delete
+ labels:
+ app.kubernetes.io/name: datree-admission-webhook
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/instance: "datree-webhook"
+ app.kubernetes.io/version: 0.1.41
+ app.kubernetes.io/part-of: "datree"
+ meta.helm.sh/release-name: "datree-admission-webhook"
+ meta.helm.sh/release-namespace: "datree"
+ helm.sh/chart: datree-admission-webhook-0.3.22
+ namespace: datree
+ annotations:
+ "helm.sh/hook": pre-delete, pre-upgrade
+ "helm.sh/hook-delete-policy": hook-succeeded, hook-failed
+spec:
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/name: datree-admission-webhook
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/instance: "datree-webhook"
+ app.kubernetes.io/version: 0.1.41
+ app.kubernetes.io/part-of: "datree"
+ meta.helm.sh/release-name: "datree-admission-webhook"
+ meta.helm.sh/release-namespace: "datree"
+ helm.sh/chart: datree-admission-webhook-0.3.22
+ spec:
+ restartPolicy: OnFailure
+ serviceAccount: datree-cleanup-namespaces-hook-pre-delete
+ nodeSelector:
+ kubernetes.io/os: linux
+ containers:
+ - name: kubectl-label
+ image: "clastix/kubectl:v1.25"
+ imagePullPolicy: IfNotPresent
+ command:
+ - sh
+ - "-c"
+ - >-
+ kubectl delete validatingwebhookconfigurations.admissionregistration.k8s.io datree-webhook -n datree;
+ kubectl label ns kube-system datree datree.io/skip-;
+---
+# Source: datree-admission-webhook/templates/namespace-post-install.yaml
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: datree-label-namespaces-hook-post-install
+ namespace: datree
+ labels:
+ app.kubernetes.io/name: datree-admission-webhook
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/instance: "datree-webhook"
+ app.kubernetes.io/version: 0.1.41
+ app.kubernetes.io/part-of: "datree"
+ meta.helm.sh/release-name: "datree-admission-webhook"
+ meta.helm.sh/release-namespace: "datree"
+ helm.sh/chart: datree-admission-webhook-0.3.22
+ annotations:
+ "helm.sh/hook": post-install, post-upgrade
+ "helm.sh/hook-weight": "-5"
+ "helm.sh/hook-delete-policy": hook-succeeded, hook-failed
+spec:
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/name: datree-admission-webhook
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/instance: "datree-webhook"
+ app.kubernetes.io/version: 0.1.41
+ app.kubernetes.io/part-of: "datree"
+ meta.helm.sh/release-name: "datree-admission-webhook"
+ meta.helm.sh/release-namespace: "datree"
+ helm.sh/chart: datree-admission-webhook-0.3.22
+ spec:
+ serviceAccount: datree-label-namespaces-hook-post-install
+ restartPolicy: OnFailure
+ nodeSelector:
+ kubernetes.io/os: linux
+ containers:
+ - name: kubectl-label
+ image: "clastix/kubectl:v1.25"
+ imagePullPolicy: IfNotPresent
+ args:
+ - label
+ - ns
+ - kube-system
+ - datree
+ - admission.datree/validate=skip
+ - --overwrite
+---
+# Source: datree-admission-webhook/templates/wait-server-ready-post-install.yaml
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: datree-wait-server-ready-hook-post-install
+ namespace: datree
+ labels:
+ app.kubernetes.io/name: datree-admission-webhook
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/instance: "datree-webhook"
+ app.kubernetes.io/version: 0.1.41
+ app.kubernetes.io/part-of: "datree"
+ meta.helm.sh/release-name: "datree-admission-webhook"
+ meta.helm.sh/release-namespace: "datree"
+ helm.sh/chart: datree-admission-webhook-0.3.22
+ annotations:
+ "helm.sh/hook": post-install, post-upgrade
+ "helm.sh/hook-weight": "-5"
+ "helm.sh/hook-delete-policy": hook-succeeded, hook-failed
+spec:
+ template:
+ metadata:
+ name: datree-wait-server-ready-hook-post-install
+ labels:
+ app.kubernetes.io/name: datree-admission-webhook
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/instance: "datree-webhook"
+ app.kubernetes.io/version: 0.1.41
+ app.kubernetes.io/part-of: "datree"
+ meta.helm.sh/release-name: "datree-admission-webhook"
+ meta.helm.sh/release-namespace: "datree"
+ helm.sh/chart: datree-admission-webhook-0.3.22
+ spec:
+ serviceAccountName: datree-wait-server-ready-hook-post-install
+ restartPolicy: Never
+ containers:
+ - name: kubectl-client
+ image: "clastix/kubectl:v1.25"
+ imagePullPolicy: IfNotPresent
+ command:
+ - sh
+ - "-c"
+ - >-
+ kubectl wait --for=condition=ready pod -l app=datree-webhook-server --timeout="180s"
+---
+# Source: datree-admission-webhook/templates/webhook-with-cert-secrets.yaml
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+ name: datree-webhook
+ annotations:
+ "helm.sh/hook": post-install, post-upgrade
+ "helm.sh/hook-weight": "-5"
+webhooks:
+ - name: webhook-server.datree.svc
+ sideEffects: None
+ timeoutSeconds: 30
+ failurePolicy: Ignore
+ admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: datree-webhook-server
+ namespace: datree
+ path: "/validate"
+ caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVakNDQWpxZ0F3SUJBZ0lSQUxKTmg1YnVYN1A0V1ZkcndXWWQzRG93RFFZSktvWklodmNOQVFFTEJRQXcKTXpFeE1DOEdBMVVFQXhNb0wwTk9QVUZrYldsemMybHZiaUJEYjI1MGNtOXNiR1Z5SUZkbFltaHZiMnNnUkdWdApieUJEUVRBZUZ3MHlNekF4TVRnd05URXhNVGxhRncweU9EQXhNVGt3TlRFeE1UbGFNRE14TVRBdkJnTlZCQU1UCktDOURUajFCWkcxcGMzTnBiMjRnUTI5dWRISnZiR3hsY2lCWFpXSm9iMjlySUVSbGJXOGdRMEV3Z2dFaU1BMEcKQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUNmUU00ZHFzaEJJL3NrYmx4WU41cDhscFFlenBzZwpzc0NiUURFSk1TWm1mQ2dCRDBab1BjeWZvaVBDa1dKVEU5c3VrcU13cEIrZHhya3E2RjdHKy8vMHp4ekV0UUg0Ck1WL0Y1c1dpR0NGM0VTT2pIcW9vRitwU09JTnB5VXJVRVZjcUFHOFovVld6YldaK24vVG9Hdm1OTkVzRmk1V1IKbHJUcm9qNGFRa2xRSmJuU09tbGNNYWE1ZE9FWFFCY3c0eEFEOHlnbzgwK1JvL2xBWE9ZcXM5alhQRFVJdXhUMwp2SzJ6NkRIc3hqZGFWTzBKbTVUclhxMXJneU1sd3NTcTk1SlNkZVZBSVRYUWh1dUxuM0xFcGc3aG8reEJGa0NJCmExaUZ4aTVyakJXN01qNHRKOWJ1YnJqSXoxeUx0WEZGUnpOeU1WTDNsM01aY2xrNVJRL0JvYWZiQWdNQkFBR2oKWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDcERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSApBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVeG82MXp0eEUrbEdia2JGcGpUOU0wTWVnCkgzWXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQ2lWSVhqREJPcXU5elR0d1FUMkFpZkJ2eFlXTWM4bXJoVnUKcWMzMnJUT0VRQ05vUkpQYkxZM01KeUFwZjJtOUxJNEN2SU1SMTIwc0ttYzRQTXE5ZzRCb291Yng0aWNsOFl1OAp1bmRuVWhmODAwSUp5YUthMittZjgzZjJmcmZXSlF1NzVMMnRrYys4WWtFWFZnR2cyazdxVXZkeThzdzRUTEZICmlPMktvVm5Xeit4R2FQb25BK09OK01lSUxDOGgrNlVNdjM5a2pTb29TV1M3amFHVDZXS2Z3aFExa1JJM2JIZS8KL05ZZHpjVkJibXJ0eFg1K1RvcmxNOSswcnoybnBwNkN5MlFSZHpuM3hKWHNGVk4wTml6V3pVZWErLzVEVndwSQpBeE1uSXBJNmpzME02cVJ4VUdZVHFOdTk1YkJSanVwQTFwVDJDZGFhYnp5NU0xK2VTaTg9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
+ namespaceSelector:
+ matchExpressions:
+ - key: admission.datree/validate
+ operator: DoesNotExist
+ rules:
+ - operations: ["CREATE", "UPDATE"]
+ apiGroups: ["*"]
+ apiVersions: ["*"]
+ resources: ["*"]
diff --git a/kubernetes/deployments/readme.md b/kubernetes/deployments/readme.md
index e570fe3..d59a685 100644
--- a/kubernetes/deployments/readme.md
+++ b/kubernetes/deployments/readme.md
@@ -1,4 +1,6 @@
-# Deployments
+# Introduction to Kubernetes: Deployments
+
+
Build an example app:
diff --git a/kubernetes/fluxcd/flux-v1-readme.md b/kubernetes/fluxcd/flux-v1-readme.md
index 19a5490..4606631 100644
--- a/kubernetes/fluxcd/flux-v1-readme.md
+++ b/kubernetes/fluxcd/flux-v1-readme.md
@@ -1,5 +1,7 @@
# Flux Getting Started Guide (old v1)
+
+
# 1 - Kubernetes
Get a Kubernetes Cluster. In this video, I use Docker for Windows.
diff --git a/kubernetes/helm/README.md b/kubernetes/helm/README.md
index 8a722b7..cc635a0 100644
--- a/kubernetes/helm/README.md
+++ b/kubernetes/helm/README.md
@@ -1,5 +1,7 @@
# Introduction to Helm
+
+
## We need a Kubernetes cluster
Lets create a Kubernetes cluster to play with using [kind](https://kind.sigs.k8s.io/docs/user/quick-start/)
diff --git a/kubernetes/kubectl/README.md b/kubernetes/kubectl/README.md
index 014eeb2..723c151 100644
--- a/kubernetes/kubectl/README.md
+++ b/kubernetes/kubectl/README.md
@@ -1,5 +1,7 @@
# Introduction to KUBECTL
+
+
To start off this tutorial, we will be using [kind](https://kind.sigs.k8s.io/) to create our test cluster.
You can use `minikube` or any Kubernetes cluster.
diff --git a/kubernetes/kustomize/readme.md b/kubernetes/kustomize/readme.md
index ed4b345..0dd2884 100644
--- a/kubernetes/kustomize/readme.md
+++ b/kubernetes/kustomize/readme.md
@@ -1,5 +1,8 @@
-
# The Basics
+
+
+
+
```
kubectl apply -f kubernetes/kustomize/application/namespace.yaml
diff --git a/kubernetes/persistentvolume/readme.md b/kubernetes/persistentvolume/readme.md
index 41be817..0a4a175 100644
--- a/kubernetes/persistentvolume/readme.md
+++ b/kubernetes/persistentvolume/readme.md
@@ -1,5 +1,7 @@
# Persistent Volumes Demo
+
+
## Container Storage
By default containers store their data on the file system like any other process.
diff --git a/kubernetes/portainer/README.md b/kubernetes/portainer/README.md
index 906654b..fec505c 100644
--- a/kubernetes/portainer/README.md
+++ b/kubernetes/portainer/README.md
@@ -1,5 +1,7 @@
# Introduction to Portainer
+
+
Start here 👉🏽[https://www.portainer.io/](https://www.portainer.io/)
Documentation 👉🏽[https://docs.portainer.io/](https://docs.portainer.io/)
diff --git a/kubernetes/rancher/README.md b/kubernetes/rancher/README.md
index c27ae9c..5462ad5 100644
--- a/kubernetes/rancher/README.md
+++ b/kubernetes/rancher/README.md
@@ -1,5 +1,7 @@
# Introduction to Rancher: On-prem Kubernetes
+
+
This guide follows the general instructions of running a [manual rancher install](https://rancher.com/docs/rancher/v2.5/en/quick-start-guide/deployment/quickstart-manual-setup/) and running our own infrastructure on Hyper-v
# Hyper-V : Prepare our infrastructure
diff --git a/kubernetes/rbac/README.md b/kubernetes/rbac/README.md
index e1531ad..0fa33f0 100644
--- a/kubernetes/rbac/README.md
+++ b/kubernetes/rbac/README.md
@@ -1,7 +1,8 @@
# Introduction to Kubernetes: RBAC
-## Create Kubernetes cluster
+
+## Create Kubernetes cluster
```
kind create cluster --name rbac --image kindest/node:v1.20.2
diff --git a/kubernetes/secrets/README.md b/kubernetes/secrets/README.md
new file mode 100644
index 0000000..08ca214
--- /dev/null
+++ b/kubernetes/secrets/README.md
@@ -0,0 +1,3 @@
+# Introduction to Kubernetes: Secrets
+
+
\ No newline at end of file
diff --git a/kubernetes/secrets/sealed-secrets/README.md b/kubernetes/secrets/sealed-secrets/README.md
index 62f905b..0ebfd55 100644
--- a/kubernetes/secrets/sealed-secrets/README.md
+++ b/kubernetes/secrets/sealed-secrets/README.md
@@ -1,5 +1,7 @@
# Introduction to Sealed Secrets
+
+
Checkout the [Sealed Secrets GitHub Repo](https://github.com/bitnami-labs/sealed-secrets)
There are a number of use-cases where this is a really great concept.
diff --git a/kubernetes/servicemonitors/README.md b/kubernetes/servicemonitors/README.md
index d6aed8e..cd4dbb1 100644
--- a/kubernetes/servicemonitors/README.md
+++ b/kubernetes/servicemonitors/README.md
@@ -1,5 +1,7 @@
# Introduction to Service Monitors
+
+
In order to understand service monitors, we will need to understand how to monitor
kubernetes environment.
You will need a base understanding of Kubernetes and have a basic understanding of the `kube-prometheus` monitoring stack.
diff --git a/kubernetes/services/README.md b/kubernetes/services/README.md
new file mode 100644
index 0000000..cb27d7f
--- /dev/null
+++ b/kubernetes/services/README.md
@@ -0,0 +1,3 @@
+# Introduction to Kubernetes: Services
+
+
\ No newline at end of file
diff --git a/kubernetes/shipa/README.md b/kubernetes/shipa/README.md
index ea657ec..4f9fce9 100644
--- a/kubernetes/shipa/README.md
+++ b/kubernetes/shipa/README.md
@@ -1,5 +1,7 @@
# Introduction to Shipa
+
+
## We need a Kubernetes cluster
To get the most out of Shipa, I'll be using real Cloud Provider Kubernetes as well as a local
diff --git a/kubernetes/statefulsets/notes.md b/kubernetes/statefulsets/notes.md
index 5c89a17..5f2e9fe 100644
--- a/kubernetes/statefulsets/notes.md
+++ b/kubernetes/statefulsets/notes.md
@@ -1,4 +1,6 @@
+
+
# Create a namespace
```
diff --git a/kubernetes/velero/README.md b/kubernetes/velero/README.md
index fa94e95..15646af 100644
--- a/kubernetes/velero/README.md
+++ b/kubernetes/velero/README.md
@@ -1,5 +1,7 @@
# Introduction to Velero
+
+
## We need a Kubernetes cluster
Lets create a Kubernetes cluster to play with using [kind](https://kind.sigs.k8s.io/docs/user/quick-start/)
diff --git a/messaging/kafka/README.md b/messaging/kafka/README.md
index d5d8017..f0e3d5d 100644
--- a/messaging/kafka/README.md
+++ b/messaging/kafka/README.md
@@ -1,5 +1,7 @@
# Introduction to Kafka
+
+
Official [Docs](https://kafka.apache.org/)
## Building a Docker file
diff --git a/messaging/rabbitmq/applications/consumer/dockerfile b/messaging/rabbitmq/applications/consumer/dockerfile
index b63b85d..a74323e 100644
--- a/messaging/rabbitmq/applications/consumer/dockerfile
+++ b/messaging/rabbitmq/applications/consumer/dockerfile
@@ -1,17 +1,18 @@
-FROM golang:1.14-alpine as build
+FROM golang:1.16-alpine as build
RUN apk add --no-cache git
WORKDIR /src
-RUN go get github.com/sirupsen/logrus
-RUN go get github.com/streadway/amqp
+COPY go.mod ./
+COPY go.sum ./
-COPY consumer.go /src
+RUN go mod download
+
+COPY consumer.go ./
RUN go build consumer.go
-
FROM alpine as runtime
COPY --from=build /src/consumer /app/consumer
diff --git a/messaging/rabbitmq/applications/consumer/go.mod b/messaging/rabbitmq/applications/consumer/go.mod
new file mode 100644
index 0000000..50db9c5
--- /dev/null
+++ b/messaging/rabbitmq/applications/consumer/go.mod
@@ -0,0 +1,8 @@
+module consumerMod
+
+go 1.16
+
+require (
+ github.com/sirupsen/logrus v1.6.0
+ github.com/streadway/amqp v1.0.0
+)
diff --git a/messaging/rabbitmq/applications/consumer/go.sum b/messaging/rabbitmq/applications/consumer/go.sum
new file mode 100644
index 0000000..511e758
--- /dev/null
+++ b/messaging/rabbitmq/applications/consumer/go.sum
@@ -0,0 +1,14 @@
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/konsorten/go-windows-terminal-sequences v1.0.3 h1:CE8S1cTafDpPvMhIxNJKvHsGVBgn1xWYf1NbHQhywc8=
+github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/sirupsen/logrus v1.6.0 h1:UBcNElsrwanuuMsnGSlYmtmgbb23qDR5dG+6X6Oo89I=
+github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
+github.com/streadway/amqp v1.0.0 h1:kuuDrUJFZL1QYL9hUNuCxNObNzB0bV/ZG5jV3RWAQgo=
+github.com/streadway/amqp v1.0.0/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
+github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w=
+github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+golang.org/x/sys v0.0.0-20190422165155-953cdadca894 h1:Cz4ceDQGXuKRnVBDTS23GTn/pU5OE2C0WrNTOYK1Uuc=
+golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
diff --git a/messaging/rabbitmq/applications/publisher/dockerfile b/messaging/rabbitmq/applications/publisher/dockerfile
index 6d7a0b6..0fe669d 100644
--- a/messaging/rabbitmq/applications/publisher/dockerfile
+++ b/messaging/rabbitmq/applications/publisher/dockerfile
@@ -1,14 +1,15 @@
-FROM golang:1.14-alpine as build
+FROM golang:1.16-alpine as build
RUN apk add --no-cache git
WORKDIR /src
-RUN go get github.com/julienschmidt/httprouter
-RUN go get github.com/sirupsen/logrus
-RUN go get github.com/streadway/amqp
+COPY go.mod ./
+COPY go.sum ./
-COPY publisher.go /src
+RUN go mod download
+
+COPY publisher.go ./
RUN go build publisher.go
diff --git a/messaging/rabbitmq/applications/publisher/go.mod b/messaging/rabbitmq/applications/publisher/go.mod
new file mode 100644
index 0000000..26b6733
--- /dev/null
+++ b/messaging/rabbitmq/applications/publisher/go.mod
@@ -0,0 +1,9 @@
+module publisherMod
+
+go 1.16
+
+require (
+ github.com/julienschmidt/httprouter v1.3.0
+ github.com/sirupsen/logrus v1.6.0
+ github.com/streadway/amqp v1.0.0
+)
diff --git a/messaging/rabbitmq/applications/publisher/go.sum b/messaging/rabbitmq/applications/publisher/go.sum
new file mode 100644
index 0000000..c3ae922
--- /dev/null
+++ b/messaging/rabbitmq/applications/publisher/go.sum
@@ -0,0 +1,16 @@
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/julienschmidt/httprouter v1.3.0 h1:U0609e9tgbseu3rBINet9P48AI/D3oJs4dN7jwJOQ1U=
+github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
+github.com/konsorten/go-windows-terminal-sequences v1.0.3 h1:CE8S1cTafDpPvMhIxNJKvHsGVBgn1xWYf1NbHQhywc8=
+github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/sirupsen/logrus v1.6.0 h1:UBcNElsrwanuuMsnGSlYmtmgbb23qDR5dG+6X6Oo89I=
+github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
+github.com/streadway/amqp v1.0.0 h1:kuuDrUJFZL1QYL9hUNuCxNObNzB0bV/ZG5jV3RWAQgo=
+github.com/streadway/amqp v1.0.0/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
+github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w=
+github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+golang.org/x/sys v0.0.0-20190422165155-953cdadca894 h1:Cz4ceDQGXuKRnVBDTS23GTn/pU5OE2C0WrNTOYK1Uuc=
+golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
diff --git a/messaging/rabbitmq/kubernetes/readme.md b/messaging/rabbitmq/kubernetes/readme.md
index e4da339..de9903b 100644
--- a/messaging/rabbitmq/kubernetes/readme.md
+++ b/messaging/rabbitmq/kubernetes/readme.md
@@ -1,5 +1,7 @@
# RabbitMQ on Kubernetes
+
+
Create a cluster with [kind](https://kind.sigs.k8s.io/docs/user/quick-start/)
```
diff --git a/messaging/rabbitmq/readme.md b/messaging/rabbitmq/readme.md
index 06aaf98..4ca8e5b 100644
--- a/messaging/rabbitmq/readme.md
+++ b/messaging/rabbitmq/readme.md
@@ -1,5 +1,7 @@
# RabbitMQ
+
+
Docker image over [here](https://hub.docker.com/_/rabbitmq)
```
# run a standalone instance
diff --git a/monitoring/logging/fluentd/basic-demo/readme.md b/monitoring/logging/fluentd/basic-demo/readme.md
index 6915e65..a791be9 100644
--- a/monitoring/logging/fluentd/basic-demo/readme.md
+++ b/monitoring/logging/fluentd/basic-demo/readme.md
@@ -1,5 +1,7 @@
# Fluentd basic demo
+
+
Check out the [video](https://youtu.be/MMVdkzeQ848)
In my video: Introduction to logging
I run fluentd locally
diff --git a/monitoring/logging/fluentd/introduction/readme.md b/monitoring/logging/fluentd/introduction/readme.md
index 53631ac..c23ae59 100644
--- a/monitoring/logging/fluentd/introduction/readme.md
+++ b/monitoring/logging/fluentd/introduction/readme.md
@@ -1,5 +1,7 @@
# Introduction to Fluentd
+
+
## Collecting logs from files
Reading logs from a file we need an application that writes logs to a file.
diff --git a/monitoring/logging/fluentd/kubernetes/README.md b/monitoring/logging/fluentd/kubernetes/README.md
index 34e0fdc..a3cdd97 100644
--- a/monitoring/logging/fluentd/kubernetes/README.md
+++ b/monitoring/logging/fluentd/kubernetes/README.md
@@ -1,5 +1,7 @@
# Introduction to Fluentd on Kubernetes
+
+
## Prerequisites
You will need a basic understanding of Fluentd before you attempt to run it on Kubernetes.
diff --git a/monitoring/logging/fluentd/kubernetes/counter-err.yaml b/monitoring/logging/fluentd/kubernetes/counter-err.yaml
new file mode 100644
index 0000000..be19daf
--- /dev/null
+++ b/monitoring/logging/fluentd/kubernetes/counter-err.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+kind: Pod
+metadata:
+ name: counter-err
+ labels:
+ app: counter-err
+ version: v1.2
+spec:
+ containers:
+ - name: count
+ image: busybox
+ args: [/bin/sh, -c,
+ 'i=0; RANDOM=$$; while true; do R=$(($RANDOM%100)); echo "loop:$i value:$R"; if [ $R -gt 80 ]; then echo "Warning:$R too high" 1>&2; fi; i=$((i+1)); sleep 1; done']
diff --git a/monitoring/logging/fluentd/kubernetes/dockerfiles/dockerfile b/monitoring/logging/fluentd/kubernetes/dockerfiles/dockerfile
index 9d9e135..8d19789 100644
--- a/monitoring/logging/fluentd/kubernetes/dockerfiles/dockerfile
+++ b/monitoring/logging/fluentd/kubernetes/dockerfiles/dockerfile
@@ -33,10 +33,12 @@ RUN touch /fluentd/etc/disable.conf
# Copy plugins
COPY plugins /fluentd/plugins/
COPY entrypoint.sh /fluentd/entrypoint.sh
+# chmod needed in full Linux env :)
+RUN chmod 755 /fluentd/entrypoint.sh
# Environment variables
ENV FLUENTD_OPT=""
ENV FLUENTD_CONF="fluent.conf"
# Overwrite ENTRYPOINT to run fluentd as root for /var/log / /var/lib
-ENTRYPOINT ["tini", "--", "/fluentd/entrypoint.sh"]
\ No newline at end of file
+ENTRYPOINT ["tini", "--", "/fluentd/entrypoint.sh"]
diff --git a/monitoring/logging/fluentd/kubernetes/fluentd-configmap.yaml b/monitoring/logging/fluentd/kubernetes/fluentd-configmap.yaml
index 027aa7e..3e92c69 100644
--- a/monitoring/logging/fluentd/kubernetes/fluentd-configmap.yaml
+++ b/monitoring/logging/fluentd/kubernetes/fluentd-configmap.yaml
@@ -51,7 +51,7 @@ data:
@type kubernetes
@type "#{ENV['FLUENT_CONTAINER_TAIL_PARSER_TYPE'] || 'json'}"
- time_format %Y-%m-%dT%H:%M:%S.%NZ
+ time_format "%Y-%m-%dT%H:%M:%S.%NZ"
@@ -78,4 +78,5 @@ data:
port "#{ENV['FLUENT_ELASTICSEARCH_PORT'] || '9200'}"
index_name fluentd-k8s
type_name fluentd
-
\ No newline at end of file
+ include_timestamp true
+
diff --git a/monitoring/logging/readme.md b/monitoring/logging/readme.md
index 5fbe28d..05ef174 100644
--- a/monitoring/logging/readme.md
+++ b/monitoring/logging/readme.md
@@ -2,6 +2,8 @@
## Logging Basics
+
+
* Standardised Logging
* Centralised Logging
@@ -9,6 +11,8 @@
## Introduction to Fluentd
+
+
* What is fluentd
* Configuration
* Plugins
diff --git a/monitoring/prometheus/nodejs-application/src/package-lock.json b/monitoring/prometheus/nodejs-application/src/package-lock.json
index 2cf16d9..3283ec8 100644
--- a/monitoring/prometheus/nodejs-application/src/package-lock.json
+++ b/monitoring/prometheus/nodejs-application/src/package-lock.json
@@ -1,374 +1,395 @@
-{
- "name": "docker_web_app",
- "version": "1.0.0",
- "lockfileVersion": 1,
- "requires": true,
- "dependencies": {
- "accepts": {
- "version": "1.3.7",
- "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.7.tgz",
- "integrity": "sha512-Il80Qs2WjYlJIBNzNkK6KYqlVMTbZLXgHx2oT0pU/fjRHyEp+PEfEPY0R3WCwAGVOtauxh1hOxNgIf5bv7dQpA==",
- "requires": {
- "mime-types": "~2.1.24",
- "negotiator": "0.6.2"
- }
- },
- "array-flatten": {
- "version": "1.1.1",
- "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz",
- "integrity": "sha1-ml9pkFGx5wczKPKgCJaLZOopVdI="
- },
- "body-parser": {
- "version": "1.19.0",
- "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.19.0.tgz",
- "integrity": "sha512-dhEPs72UPbDnAQJ9ZKMNTP6ptJaionhP5cBb541nXPlW60Jepo9RV/a4fX4XWW9CuFNK22krhrj1+rgzifNCsw==",
- "requires": {
- "bytes": "3.1.0",
- "content-type": "~1.0.4",
- "debug": "2.6.9",
- "depd": "~1.1.2",
- "http-errors": "1.7.2",
- "iconv-lite": "0.4.24",
- "on-finished": "~2.3.0",
- "qs": "6.7.0",
- "raw-body": "2.4.0",
- "type-is": "~1.6.17"
- }
- },
- "bytes": {
- "version": "3.1.0",
- "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.0.tgz",
- "integrity": "sha512-zauLjrfCG+xvoyaqLoV8bLVXXNGC4JqlxFCutSDWA6fJrTo2ZuvLYTqZ7aHBLZSMOopbzwv8f+wZcVzfVTI2Dg=="
- },
- "content-disposition": {
- "version": "0.5.3",
- "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.3.tgz",
- "integrity": "sha512-ExO0774ikEObIAEV9kDo50o+79VCUdEB6n6lzKgGwupcVeRlhrj3qGAfwq8G6uBJjkqLrhT0qEYFcWng8z1z0g==",
- "requires": {
- "safe-buffer": "5.1.2"
- }
- },
- "content-type": {
- "version": "1.0.4",
- "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz",
- "integrity": "sha512-hIP3EEPs8tB9AT1L+NUqtwOAps4mk2Zob89MWXMHjHWg9milF/j4osnnQLXBCBFBk/tvIG/tUc9mOUJiPBhPXA=="
- },
- "cookie": {
- "version": "0.4.0",
- "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.4.0.tgz",
- "integrity": "sha512-+Hp8fLp57wnUSt0tY0tHEXh4voZRDnoIrZPqlo3DPiI4y9lwg/jqx+1Om94/W6ZaPDOUbnjOt/99w66zk+l1Xg=="
- },
- "cookie-signature": {
- "version": "1.0.6",
- "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz",
- "integrity": "sha1-4wOogrNCzD7oylE6eZmXNNqzriw="
- },
- "debug": {
- "version": "2.6.9",
- "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
- "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==",
- "requires": {
- "ms": "2.0.0"
- }
- },
- "depd": {
- "version": "1.1.2",
- "resolved": "https://registry.npmjs.org/depd/-/depd-1.1.2.tgz",
- "integrity": "sha1-m81S4UwJd2PnSbJ0xDRu0uVgtak="
- },
- "destroy": {
- "version": "1.0.4",
- "resolved": "https://registry.npmjs.org/destroy/-/destroy-1.0.4.tgz",
- "integrity": "sha1-l4hXRCxEdJ5CBmE+N5RiBYJqvYA="
- },
- "ee-first": {
- "version": "1.1.1",
- "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz",
- "integrity": "sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0="
- },
- "encodeurl": {
- "version": "1.0.2",
- "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz",
- "integrity": "sha1-rT/0yG7C0CkyL1oCw6mmBslbP1k="
- },
- "escape-html": {
- "version": "1.0.3",
- "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz",
- "integrity": "sha1-Aljq5NPQwJdN4cFpGI7wBR0dGYg="
- },
- "etag": {
- "version": "1.8.1",
- "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz",
- "integrity": "sha1-Qa4u62XvpiJorr/qg6x9eSmbCIc="
- },
- "express": {
- "version": "4.17.1",
- "resolved": "https://registry.npmjs.org/express/-/express-4.17.1.tgz",
- "integrity": "sha512-mHJ9O79RqluphRrcw2X/GTh3k9tVv8YcoyY4Kkh4WDMUYKRZUq0h1o0w2rrrxBqM7VoeUVqgb27xlEMXTnYt4g==",
- "requires": {
- "accepts": "~1.3.7",
- "array-flatten": "1.1.1",
- "body-parser": "1.19.0",
- "content-disposition": "0.5.3",
- "content-type": "~1.0.4",
- "cookie": "0.4.0",
- "cookie-signature": "1.0.6",
- "debug": "2.6.9",
- "depd": "~1.1.2",
- "encodeurl": "~1.0.2",
- "escape-html": "~1.0.3",
- "etag": "~1.8.1",
- "finalhandler": "~1.1.2",
- "fresh": "0.5.2",
- "merge-descriptors": "1.0.1",
- "methods": "~1.1.2",
- "on-finished": "~2.3.0",
- "parseurl": "~1.3.3",
- "path-to-regexp": "0.1.7",
- "proxy-addr": "~2.0.5",
- "qs": "6.7.0",
- "range-parser": "~1.2.1",
- "safe-buffer": "5.1.2",
- "send": "0.17.1",
- "serve-static": "1.14.1",
- "setprototypeof": "1.1.1",
- "statuses": "~1.5.0",
- "type-is": "~1.6.18",
- "utils-merge": "1.0.1",
- "vary": "~1.1.2"
- }
- },
- "finalhandler": {
- "version": "1.1.2",
- "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.1.2.tgz",
- "integrity": "sha512-aAWcW57uxVNrQZqFXjITpW3sIUQmHGG3qSb9mUah9MgMC4NeWhNOlNjXEYq3HjRAvL6arUviZGGJsBg6z0zsWA==",
- "requires": {
- "debug": "2.6.9",
- "encodeurl": "~1.0.2",
- "escape-html": "~1.0.3",
- "on-finished": "~2.3.0",
- "parseurl": "~1.3.3",
- "statuses": "~1.5.0",
- "unpipe": "~1.0.0"
- }
- },
- "forwarded": {
- "version": "0.1.2",
- "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.1.2.tgz",
- "integrity": "sha1-mMI9qxF1ZXuMBXPozszZGw/xjIQ="
- },
- "fresh": {
- "version": "0.5.2",
- "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz",
- "integrity": "sha1-PYyt2Q2XZWn6g1qx+OSyOhBWBac="
- },
- "http-errors": {
- "version": "1.7.2",
- "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.7.2.tgz",
- "integrity": "sha512-uUQBt3H/cSIVfch6i1EuPNy/YsRSOUBXTVfZ+yR7Zjez3qjBz6i9+i4zjNaoqcoFVI4lQJ5plg63TvGfRSDCRg==",
- "requires": {
- "depd": "~1.1.2",
- "inherits": "2.0.3",
- "setprototypeof": "1.1.1",
- "statuses": ">= 1.5.0 < 2",
- "toidentifier": "1.0.0"
- }
- },
- "iconv-lite": {
- "version": "0.4.24",
- "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz",
- "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==",
- "requires": {
- "safer-buffer": ">= 2.1.2 < 3"
- }
- },
- "inherits": {
- "version": "2.0.3",
- "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz",
- "integrity": "sha1-Yzwsg+PaQqUC9SRmAiSA9CCCYd4="
- },
- "ipaddr.js": {
- "version": "1.9.0",
- "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.0.tgz",
- "integrity": "sha512-M4Sjn6N/+O6/IXSJseKqHoFc+5FdGJ22sXqnjTpdZweHK64MzEPAyQZyEU3R/KRv2GLoa7nNtg/C2Ev6m7z+eA=="
- },
- "media-typer": {
- "version": "0.3.0",
- "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz",
- "integrity": "sha1-hxDXrwqmJvj/+hzgAWhUUmMlV0g="
- },
- "merge-descriptors": {
- "version": "1.0.1",
- "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz",
- "integrity": "sha1-sAqqVW3YtEVoFQ7J0blT8/kMu2E="
- },
- "methods": {
- "version": "1.1.2",
- "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz",
- "integrity": "sha1-VSmk1nZUE07cxSZmVoNbD4Ua/O4="
- },
- "mime": {
- "version": "1.6.0",
- "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz",
- "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg=="
- },
- "mime-db": {
- "version": "1.40.0",
- "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.40.0.tgz",
- "integrity": "sha512-jYdeOMPy9vnxEqFRRo6ZvTZ8d9oPb+k18PKoYNYUe2stVEBPPwsln/qWzdbmaIvnhZ9v2P+CuecK+fpUfsV2mA=="
- },
- "mime-types": {
- "version": "2.1.24",
- "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.24.tgz",
- "integrity": "sha512-WaFHS3MCl5fapm3oLxU4eYDw77IQM2ACcxQ9RIxfaC3ooc6PFuBMGZZsYpvoXS5D5QTWPieo1jjLdAm3TBP3cQ==",
- "requires": {
- "mime-db": "1.40.0"
- }
- },
- "ms": {
- "version": "2.0.0",
- "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
- "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g="
- },
- "negotiator": {
- "version": "0.6.2",
- "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.2.tgz",
- "integrity": "sha512-hZXc7K2e+PgeI1eDBe/10Ard4ekbfrrqG8Ep+8Jmf4JID2bNg7NvCPOZN+kfF574pFQI7mum2AUqDidoKqcTOw=="
- },
- "on-finished": {
- "version": "2.3.0",
- "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.3.0.tgz",
- "integrity": "sha1-IPEzZIGwg811M3mSoWlxqi2QaUc=",
- "requires": {
- "ee-first": "1.1.1"
- }
- },
- "parseurl": {
- "version": "1.3.3",
- "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz",
- "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ=="
- },
- "path-to-regexp": {
- "version": "0.1.7",
- "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz",
- "integrity": "sha1-32BBeABfUi8V60SQ5yR6G/qmf4w="
- },
- "proxy-addr": {
- "version": "2.0.5",
- "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.5.tgz",
- "integrity": "sha512-t/7RxHXPH6cJtP0pRG6smSr9QJidhB+3kXu0KgXnbGYMgzEnUxRQ4/LDdfOwZEMyIh3/xHb8PX3t+lfL9z+YVQ==",
- "requires": {
- "forwarded": "~0.1.2",
- "ipaddr.js": "1.9.0"
- }
- },
- "qs": {
- "version": "6.7.0",
- "resolved": "https://registry.npmjs.org/qs/-/qs-6.7.0.tgz",
- "integrity": "sha512-VCdBRNFTX1fyE7Nb6FYoURo/SPe62QCaAyzJvUjwRaIsc+NePBEniHlvxFmmX56+HZphIGtV0XeCirBtpDrTyQ=="
- },
- "range-parser": {
- "version": "1.2.1",
- "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
- "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg=="
- },
- "raw-body": {
- "version": "2.4.0",
- "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.4.0.tgz",
- "integrity": "sha512-4Oz8DUIwdvoa5qMJelxipzi/iJIi40O5cGV1wNYp5hvZP8ZN0T+jiNkL0QepXs+EsQ9XJ8ipEDoiH70ySUJP3Q==",
- "requires": {
- "bytes": "3.1.0",
- "http-errors": "1.7.2",
- "iconv-lite": "0.4.24",
- "unpipe": "1.0.0"
- }
- },
- "safe-buffer": {
- "version": "5.1.2",
- "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
- "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
- },
- "safer-buffer": {
- "version": "2.1.2",
- "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
- "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg=="
- },
- "send": {
- "version": "0.17.1",
- "resolved": "https://registry.npmjs.org/send/-/send-0.17.1.tgz",
- "integrity": "sha512-BsVKsiGcQMFwT8UxypobUKyv7irCNRHk1T0G680vk88yf6LBByGcZJOTJCrTP2xVN6yI+XjPJcNuE3V4fT9sAg==",
- "requires": {
- "debug": "2.6.9",
- "depd": "~1.1.2",
- "destroy": "~1.0.4",
- "encodeurl": "~1.0.2",
- "escape-html": "~1.0.3",
- "etag": "~1.8.1",
- "fresh": "0.5.2",
- "http-errors": "~1.7.2",
- "mime": "1.6.0",
- "ms": "2.1.1",
- "on-finished": "~2.3.0",
- "range-parser": "~1.2.1",
- "statuses": "~1.5.0"
- },
- "dependencies": {
- "ms": {
- "version": "2.1.1",
- "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.1.tgz",
- "integrity": "sha512-tgp+dl5cGk28utYktBsrFqA7HKgrhgPsg6Z/EfhWI4gl1Hwq8B/GmY/0oXZ6nF8hDVesS/FpnYaD/kOWhYQvyg=="
- }
- }
- },
- "serve-static": {
- "version": "1.14.1",
- "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.14.1.tgz",
- "integrity": "sha512-JMrvUwE54emCYWlTI+hGrGv5I8dEwmco/00EvkzIIsR7MqrHonbD9pO2MOfFnpFntl7ecpZs+3mW+XbQZu9QCg==",
- "requires": {
- "encodeurl": "~1.0.2",
- "escape-html": "~1.0.3",
- "parseurl": "~1.3.3",
- "send": "0.17.1"
- }
- },
- "setprototypeof": {
- "version": "1.1.1",
- "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.1.1.tgz",
- "integrity": "sha512-JvdAWfbXeIGaZ9cILp38HntZSFSo3mWg6xGcJJsd+d4aRMOqauag1C63dJfDw7OaMYwEbHMOxEZ1lqVRYP2OAw=="
- },
- "statuses": {
- "version": "1.5.0",
- "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz",
- "integrity": "sha1-Fhx9rBd2Wf2YEfQ3cfqZOBR4Yow="
- },
- "toidentifier": {
- "version": "1.0.0",
- "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.0.tgz",
- "integrity": "sha512-yaOH/Pk/VEhBWWTlhI+qXxDFXlejDGcQipMlyxda9nthulaxLZUNcUqFxokp0vcYnvteJln5FNQDRrxj3YcbVw=="
- },
- "type-is": {
- "version": "1.6.18",
- "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz",
- "integrity": "sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==",
- "requires": {
- "media-typer": "0.3.0",
- "mime-types": "~2.1.24"
- }
- },
- "unpipe": {
- "version": "1.0.0",
- "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz",
- "integrity": "sha1-sr9O6FFKrmFltIF4KdIbLvSZBOw="
- },
- "utils-merge": {
- "version": "1.0.1",
- "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz",
- "integrity": "sha1-n5VxD1CiZ5R7LMwSR0HBAoQn5xM="
- },
- "vary": {
- "version": "1.1.2",
- "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz",
- "integrity": "sha1-IpnwLG3tMNSllhsLn3RSShj2NPw="
- }
- }
-}
+{
+ "name": "docker_web_app",
+ "version": "1.0.0",
+ "lockfileVersion": 1,
+ "requires": true,
+ "dependencies": {
+ "accepts": {
+ "version": "1.3.8",
+ "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz",
+ "integrity": "sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==",
+ "requires": {
+ "mime-types": "~2.1.34",
+ "negotiator": "0.6.3"
+ }
+ },
+ "array-flatten": {
+ "version": "1.1.1",
+ "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz",
+ "integrity": "sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg=="
+ },
+ "bintrees": {
+ "version": "1.0.2",
+ "resolved": "https://registry.npmjs.org/bintrees/-/bintrees-1.0.2.tgz",
+ "integrity": "sha512-VOMgTMwjAaUG580SXn3LacVgjurrbMme7ZZNYGSSV7mmtY6QQRh0Eg3pwIcntQ77DErK1L0NxkbetjcoXzVwKw=="
+ },
+ "body-parser": {
+ "version": "1.19.2",
+ "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.19.2.tgz",
+ "integrity": "sha512-SAAwOxgoCKMGs9uUAUFHygfLAyaniaoun6I8mFY9pRAJL9+Kec34aU+oIjDhTycub1jozEfEwx1W1IuOYxVSFw==",
+ "requires": {
+ "bytes": "3.1.2",
+ "content-type": "~1.0.4",
+ "debug": "2.6.9",
+ "depd": "~1.1.2",
+ "http-errors": "1.8.1",
+ "iconv-lite": "0.4.24",
+ "on-finished": "~2.3.0",
+ "qs": "6.9.7",
+ "raw-body": "2.4.3",
+ "type-is": "~1.6.18"
+ }
+ },
+ "bytes": {
+ "version": "3.1.2",
+ "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz",
+ "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg=="
+ },
+ "content-disposition": {
+ "version": "0.5.4",
+ "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz",
+ "integrity": "sha512-FveZTNuGw04cxlAiWbzi6zTAL/lhehaWbTtgluJh4/E95DqMwTmha3KZN1aAWA8cFIhHzMZUvLevkw5Rqk+tSQ==",
+ "requires": {
+ "safe-buffer": "5.2.1"
+ }
+ },
+ "content-type": {
+ "version": "1.0.4",
+ "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz",
+ "integrity": "sha512-hIP3EEPs8tB9AT1L+NUqtwOAps4mk2Zob89MWXMHjHWg9milF/j4osnnQLXBCBFBk/tvIG/tUc9mOUJiPBhPXA=="
+ },
+ "cookie": {
+ "version": "0.4.2",
+ "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.4.2.tgz",
+ "integrity": "sha512-aSWTXFzaKWkvHO1Ny/s+ePFpvKsPnjc551iI41v3ny/ow6tBG5Vd+FuqGNhh1LxOmVzOlGUriIlOaokOvhaStA=="
+ },
+ "cookie-signature": {
+ "version": "1.0.6",
+ "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz",
+ "integrity": "sha512-QADzlaHc8icV8I7vbaJXJwod9HWYp8uCqf1xa4OfNu1T7JVxQIrUgOWtHdNDtPiywmFbiS12VjotIXLrKM3orQ=="
+ },
+ "debug": {
+ "version": "2.6.9",
+ "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
+ "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==",
+ "requires": {
+ "ms": "2.0.0"
+ }
+ },
+ "depd": {
+ "version": "1.1.2",
+ "resolved": "https://registry.npmjs.org/depd/-/depd-1.1.2.tgz",
+ "integrity": "sha512-7emPTl6Dpo6JRXOXjLRxck+FlLRX5847cLKEn00PLAgc3g2hTZZgr+e4c2v6QpSmLeFP3n5yUo7ft6avBK/5jQ=="
+ },
+ "destroy": {
+ "version": "1.0.4",
+ "resolved": "https://registry.npmjs.org/destroy/-/destroy-1.0.4.tgz",
+ "integrity": "sha512-3NdhDuEXnfun/z7x9GOElY49LoqVHoGScmOKwmxhsS8N5Y+Z8KyPPDnaSzqWgYt/ji4mqwfTS34Htrk0zPIXVg=="
+ },
+ "ee-first": {
+ "version": "1.1.1",
+ "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz",
+ "integrity": "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow=="
+ },
+ "encodeurl": {
+ "version": "1.0.2",
+ "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz",
+ "integrity": "sha512-TPJXq8JqFaVYm2CWmPvnP2Iyo4ZSM7/QKcSmuMLDObfpH5fi7RUGmd/rTDf+rut/saiDiQEeVTNgAmJEdAOx0w=="
+ },
+ "escape-html": {
+ "version": "1.0.3",
+ "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz",
+ "integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow=="
+ },
+ "etag": {
+ "version": "1.8.1",
+ "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz",
+ "integrity": "sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg=="
+ },
+ "express": {
+ "version": "4.17.3",
+ "resolved": "https://registry.npmjs.org/express/-/express-4.17.3.tgz",
+ "integrity": "sha512-yuSQpz5I+Ch7gFrPCk4/c+dIBKlQUxtgwqzph132bsT6qhuzss6I8cLJQz7B3rFblzd6wtcI0ZbGltH/C4LjUg==",
+ "requires": {
+ "accepts": "~1.3.8",
+ "array-flatten": "1.1.1",
+ "body-parser": "1.19.2",
+ "content-disposition": "0.5.4",
+ "content-type": "~1.0.4",
+ "cookie": "0.4.2",
+ "cookie-signature": "1.0.6",
+ "debug": "2.6.9",
+ "depd": "~1.1.2",
+ "encodeurl": "~1.0.2",
+ "escape-html": "~1.0.3",
+ "etag": "~1.8.1",
+ "finalhandler": "~1.1.2",
+ "fresh": "0.5.2",
+ "merge-descriptors": "1.0.1",
+ "methods": "~1.1.2",
+ "on-finished": "~2.3.0",
+ "parseurl": "~1.3.3",
+ "path-to-regexp": "0.1.7",
+ "proxy-addr": "~2.0.7",
+ "qs": "6.9.7",
+ "range-parser": "~1.2.1",
+ "safe-buffer": "5.2.1",
+ "send": "0.17.2",
+ "serve-static": "1.14.2",
+ "setprototypeof": "1.2.0",
+ "statuses": "~1.5.0",
+ "type-is": "~1.6.18",
+ "utils-merge": "1.0.1",
+ "vary": "~1.1.2"
+ }
+ },
+ "finalhandler": {
+ "version": "1.1.2",
+ "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.1.2.tgz",
+ "integrity": "sha512-aAWcW57uxVNrQZqFXjITpW3sIUQmHGG3qSb9mUah9MgMC4NeWhNOlNjXEYq3HjRAvL6arUviZGGJsBg6z0zsWA==",
+ "requires": {
+ "debug": "2.6.9",
+ "encodeurl": "~1.0.2",
+ "escape-html": "~1.0.3",
+ "on-finished": "~2.3.0",
+ "parseurl": "~1.3.3",
+ "statuses": "~1.5.0",
+ "unpipe": "~1.0.0"
+ }
+ },
+ "forwarded": {
+ "version": "0.2.0",
+ "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz",
+ "integrity": "sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow=="
+ },
+ "fresh": {
+ "version": "0.5.2",
+ "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz",
+ "integrity": "sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q=="
+ },
+ "http-errors": {
+ "version": "1.8.1",
+ "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.8.1.tgz",
+ "integrity": "sha512-Kpk9Sm7NmI+RHhnj6OIWDI1d6fIoFAtFt9RLaTMRlg/8w49juAStsrBgp0Dp4OdxdVbRIeKhtCUvoi/RuAhO4g==",
+ "requires": {
+ "depd": "~1.1.2",
+ "inherits": "2.0.4",
+ "setprototypeof": "1.2.0",
+ "statuses": ">= 1.5.0 < 2",
+ "toidentifier": "1.0.1"
+ }
+ },
+ "iconv-lite": {
+ "version": "0.4.24",
+ "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz",
+ "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==",
+ "requires": {
+ "safer-buffer": ">= 2.1.2 < 3"
+ }
+ },
+ "inherits": {
+ "version": "2.0.4",
+ "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
+ "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ=="
+ },
+ "ipaddr.js": {
+ "version": "1.9.1",
+ "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz",
+ "integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g=="
+ },
+ "media-typer": {
+ "version": "0.3.0",
+ "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz",
+ "integrity": "sha512-dq+qelQ9akHpcOl/gUVRTxVIOkAJ1wR3QAvb4RsVjS8oVoFjDGTc679wJYmUmknUF5HwMLOgb5O+a3KxfWapPQ=="
+ },
+ "merge-descriptors": {
+ "version": "1.0.1",
+ "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz",
+ "integrity": "sha512-cCi6g3/Zr1iqQi6ySbseM1Xvooa98N0w31jzUYrXPX2xqObmFGHJ0tQ5u74H3mVh7wLouTseZyYIq39g8cNp1w=="
+ },
+ "methods": {
+ "version": "1.1.2",
+ "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz",
+ "integrity": "sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w=="
+ },
+ "mime": {
+ "version": "1.6.0",
+ "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz",
+ "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg=="
+ },
+ "mime-db": {
+ "version": "1.52.0",
+ "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz",
+ "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg=="
+ },
+ "mime-types": {
+ "version": "2.1.35",
+ "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz",
+ "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==",
+ "requires": {
+ "mime-db": "1.52.0"
+ }
+ },
+ "ms": {
+ "version": "2.0.0",
+ "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
+ "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A=="
+ },
+ "negotiator": {
+ "version": "0.6.3",
+ "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz",
+ "integrity": "sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg=="
+ },
+ "on-finished": {
+ "version": "2.3.0",
+ "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.3.0.tgz",
+ "integrity": "sha512-ikqdkGAAyf/X/gPhXGvfgAytDZtDbr+bkNUJ0N9h5MI/dmdgCs3l6hoHrcUv41sRKew3jIwrp4qQDXiK99Utww==",
+ "requires": {
+ "ee-first": "1.1.1"
+ }
+ },
+ "parseurl": {
+ "version": "1.3.3",
+ "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz",
+ "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ=="
+ },
+ "path-to-regexp": {
+ "version": "0.1.7",
+ "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz",
+ "integrity": "sha512-5DFkuoqlv1uYQKxy8omFBeJPQcdoE07Kv2sferDCrAq1ohOU+MSDswDIbnx3YAM60qIOnYa53wBhXW0EbMonrQ=="
+ },
+ "prom-client": {
+ "version": "11.5.3",
+ "resolved": "https://registry.npmjs.org/prom-client/-/prom-client-11.5.3.tgz",
+ "integrity": "sha512-iz22FmTbtkyL2vt0MdDFY+kWof+S9UB/NACxSn2aJcewtw+EERsen0urSkZ2WrHseNdydsvcxCTAnPcSMZZv4Q==",
+ "requires": {
+ "tdigest": "^0.1.1"
+ }
+ },
+ "proxy-addr": {
+ "version": "2.0.7",
+ "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz",
+ "integrity": "sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==",
+ "requires": {
+ "forwarded": "0.2.0",
+ "ipaddr.js": "1.9.1"
+ }
+ },
+ "qs": {
+ "version": "6.9.7",
+ "resolved": "https://registry.npmjs.org/qs/-/qs-6.9.7.tgz",
+ "integrity": "sha512-IhMFgUmuNpyRfxA90umL7ByLlgRXu6tIfKPpF5TmcfRLlLCckfP/g3IQmju6jjpu+Hh8rA+2p6A27ZSPOOHdKw=="
+ },
+ "range-parser": {
+ "version": "1.2.1",
+ "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
+ "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg=="
+ },
+ "raw-body": {
+ "version": "2.4.3",
+ "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.4.3.tgz",
+ "integrity": "sha512-UlTNLIcu0uzb4D2f4WltY6cVjLi+/jEN4lgEUj3E04tpMDpUlkBo/eSn6zou9hum2VMNpCCUone0O0WeJim07g==",
+ "requires": {
+ "bytes": "3.1.2",
+ "http-errors": "1.8.1",
+ "iconv-lite": "0.4.24",
+ "unpipe": "1.0.0"
+ }
+ },
+ "safe-buffer": {
+ "version": "5.2.1",
+ "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz",
+ "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ=="
+ },
+ "safer-buffer": {
+ "version": "2.1.2",
+ "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
+ "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg=="
+ },
+ "send": {
+ "version": "0.17.2",
+ "resolved": "https://registry.npmjs.org/send/-/send-0.17.2.tgz",
+ "integrity": "sha512-UJYB6wFSJE3G00nEivR5rgWp8c2xXvJ3OPWPhmuteU0IKj8nKbG3DrjiOmLwpnHGYWAVwA69zmTm++YG0Hmwww==",
+ "requires": {
+ "debug": "2.6.9",
+ "depd": "~1.1.2",
+ "destroy": "~1.0.4",
+ "encodeurl": "~1.0.2",
+ "escape-html": "~1.0.3",
+ "etag": "~1.8.1",
+ "fresh": "0.5.2",
+ "http-errors": "1.8.1",
+ "mime": "1.6.0",
+ "ms": "2.1.3",
+ "on-finished": "~2.3.0",
+ "range-parser": "~1.2.1",
+ "statuses": "~1.5.0"
+ },
+ "dependencies": {
+ "ms": {
+ "version": "2.1.3",
+ "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
+ "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="
+ }
+ }
+ },
+ "serve-static": {
+ "version": "1.14.2",
+ "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.14.2.tgz",
+ "integrity": "sha512-+TMNA9AFxUEGuC0z2mevogSnn9MXKb4fa7ngeRMJaaGv8vTwnIEkKi+QGvPt33HSnf8pRS+WGM0EbMtCJLKMBQ==",
+ "requires": {
+ "encodeurl": "~1.0.2",
+ "escape-html": "~1.0.3",
+ "parseurl": "~1.3.3",
+ "send": "0.17.2"
+ }
+ },
+ "setprototypeof": {
+ "version": "1.2.0",
+ "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz",
+ "integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw=="
+ },
+ "statuses": {
+ "version": "1.5.0",
+ "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz",
+ "integrity": "sha512-OpZ3zP+jT1PI7I8nemJX4AKmAX070ZkYPVWV/AaKTJl+tXCTGyVdC1a4SL8RUQYEwk/f34ZX8UTykN68FwrqAA=="
+ },
+ "tdigest": {
+ "version": "0.1.2",
+ "resolved": "https://registry.npmjs.org/tdigest/-/tdigest-0.1.2.tgz",
+ "integrity": "sha512-+G0LLgjjo9BZX2MfdvPfH+MKLCrxlXSYec5DaPYP1fe6Iyhf0/fSmJ0bFiZ1F8BT6cGXl2LpltQptzjXKWEkKA==",
+ "requires": {
+ "bintrees": "1.0.2"
+ }
+ },
+ "toidentifier": {
+ "version": "1.0.1",
+ "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz",
+ "integrity": "sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA=="
+ },
+ "type-is": {
+ "version": "1.6.18",
+ "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz",
+ "integrity": "sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==",
+ "requires": {
+ "media-typer": "0.3.0",
+ "mime-types": "~2.1.24"
+ }
+ },
+ "unpipe": {
+ "version": "1.0.0",
+ "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz",
+ "integrity": "sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ=="
+ },
+ "utils-merge": {
+ "version": "1.0.1",
+ "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz",
+ "integrity": "sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA=="
+ },
+ "vary": {
+ "version": "1.1.2",
+ "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz",
+ "integrity": "sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg=="
+ }
+ }
+}
diff --git a/storage/databases/postgresql/2-configuration/README.md b/storage/databases/postgresql/2-configuration/README.md
new file mode 100644
index 0000000..566a451
--- /dev/null
+++ b/storage/databases/postgresql/2-configuration/README.md
@@ -0,0 +1,189 @@
+# How to configure PostgreSQL
+
+This is part 2 of our PostgreSQL series.
+In this chapter, we learn about fundamentals of the Postgres configuration.
+
+Many people make the mistakes of relying directly on Kubernetes PostgreSQL controllers
+and Helm charts without having any understanding of Databases.
+
+Let's start where we left off, and review our simple PostgreSQL database:
+
+## Run a simple PostgreSQL database (docker)
+
+```
+cd storage/databases/postgresql/2-configuration
+docker run -it --rm --name postgres `
+ -e POSTGRES_PASSWORD=admin123 `
+ -v ${PWD}/pgdata:/var/lib/postgresql/data `
+ -p 5000:5432 `
+ postgres:15.0
+```
+
+## Environment Variables
+
+Many settings can be specified using environment variables.
+I generally recommend not relying on default values and set most of the settings
+possible.
+
+I personally prefer most or all settings in a configuration file, so it can be committed to source control.
+This is where Environment variables are great because we can inject secrets there
+and keep passwords out of our configuration files and out of source control.
+
+This will be important in Kubernetes later on.
+
+We will not learn all or even most of the configurations in this chapter, as PostgreSQL has a lot of depth. So we will only learn what we need, one step at a time.
+
+Let's take a look at some basic configurations [here](https://hub.docker.com/_/postgres)
+
+Let's set a few things here:
+
+| Environment Variable | Meaning |
+|----------------------|---------|
+| POSTGRES_USER | Username for the Postgres Admin |
+| POSTGRES_PASSWORD | Password for the Postgres Admin |
+| POSTGRES_DB | Default database for your Postgres Server |
+| PGDATA | Path where data is stored |
+
+
+## Configuration files
+
+If we take a look at our `docker` mount that we defined in our `docker run` command:
+
+`-v ${PWD}/pgdata:/var/lib/postgresql/data `
+
+The `{PWD}/pgdata` folder that we have mounted contains not only data, but some default configuration files that we can explore.
+
+Three files are important here:
+
+
+
+|Configuration file | Meaning | Documentation
+|----------------------|---------|-------|
+| pg_hba.conf | Host Based Authentication file | [Official Documentation](https://www.postgresql.org/docs/current/auth-pg-hba-conf.html) |
+| pg_ident.conf | User Mappings file | [Official Documentation](https://www.postgresql.org/docs/current/auth-username-maps.html)
+| postgresql.conf | PostgreSQL main configuraiton |
+
+## The pg_hba.conf File
+
+We'll start this guide with the host based authentication file.
+This file is automatically created in the data directory as we see.
+We should create a copy of this file and configure it ourselves.
+
+It controls who can access our PostgreSQL server.
+Let's refer to the official documentation as well as walk through the config.
+The config file itself has a great description of the contents.
+
+As mentioned in the previous chapter, it's always good not to rely on default configurations. So let's create our own `pg_hba.conf` file.
+
+We can grab the content from the default configuration and we may edit it as we go.
+
+```
+# TYPE DATABASE USER ADDRESS METHOD
+
+# "local" is for Unix domain socket connections only
+local all all trust
+# IPv4 local connections:
+host all all 127.0.0.1/32 trust
+# IPv6 local connections:
+host all all ::1/128 trust
+# Allow replication connections from localhost, by a user with the
+# replication privilege.
+local replication all trust
+host replication all 127.0.0.1/32 trust
+host replication all ::1/128 trust
+
+host all all all scram-sha-256
+```
+
+## The pg_ident.conf File
+
+This config file is a mapping file between system users and database users.
+Let's refer to the official documentation and walk through the config.
+This is not a feature that we will need in this series, so we will skip this config for the time being.
+
+## The postgresql.conf File
+
+This configuration file is the main one for PostgreSQL.
+As you can see this is a large file with in-depth tuning and customization capability.
+
+### File Locations
+
+Let's set our data directory locations as well as config file locations
+Our volume mount path in the container is also short and simple.
+Note that we also split config from data so we have separate paths :
+
+```
+data_directory = '/data'
+hba_file = '/config/pg_hba.conf'
+ident_file = '/config/pg_ident.conf'
+```
+
+### Connection and Authentication
+
+The shared_buffers parameter determines how much memory is dedicated to the server for caching data. The value should be set to 15% to 25% of the machine's total RAM. For example: if your machine's RAM size is 32 GB, then the recommended value for shared_buffers is 8 GB
+
+We will take a look at `WAL` (Write Ahead Log), Archiving, Primary, and Standby configurations in a future chapter on replication
+
+```
+port = 5432
+listen_addresses = '*'
+max_connections = 100
+shared_buffers = 128MB
+dynamic_shared_memory_type = posix
+max_wal_size = 1GB
+min_wal_size = 80MB
+log_timezone = 'Etc/UTC'
+datestyle = 'iso, mdy'
+timezone = 'Etc/UTC'
+
+#locale settings
+lc_messages = 'en_US.utf8' # locale for system error message
+lc_monetary = 'en_US.utf8' # locale for monetary formatting
+lc_numeric = 'en_US.utf8' # locale for number formatting
+lc_time = 'en_US.utf8' # locale for time formatting
+
+default_text_search_config = 'pg_catalog.english'
+
+```
+
+We can also include other configurations from other locations with the `include_dir` and `include` options.
+We will skip these for the sake of keeping things simple.
+Nested configurations can over complicate a setup and makes it hard to troubleshoot when issues occur.
+
+### Specifying Custom Configuration
+
+If we run on Linux, we need to ensure that the `postgres` user which has a user ID of `999` by default, should have access to the configuration files.
+
+```
+sudo chown 999:999 config/postgresql.conf
+sudo chown 999:999 config/pg_hba.conf
+sudo chown 999:999 config/pg_ident.conf
+```
+
+There is another important gotcha here.
+The `PGDATA` variable tells PostgreSQL where our data directory is.
+Similarly, we've learnt that our configuration file also has `data_directory` which tells PostgreSQL the same.
+
+However, the latter is only read by PostgreSQL after initialization has occurred.
+PostgreSQL's initialization phase sets up directory permissions on the data directory.
+If we leave out `PGDATA`, then we will get errors that the data directory is invalid.
+Hence `PGDATA` is important here.
+
+## Running our PostgreSQL
+
+Finally, we can run our database with our custom configuration files:
+
+```
+docker run -it --rm --name postgres `
+-e POSTGRES_USER=postgresadmin `
+-e POSTGRES_PASSWORD=admin123 `
+-e POSTGRES_DB=postgresdb `
+-e PGDATA="/data" `
+-v ${PWD}/pgdata:/data `
+-v ${PWD}/config:/config `
+-p 5000:5432 `
+postgres:15.0 -c 'config_file=/config/postgresql.conf'
+```
+
+That's it for chapter two!
+In [chapter 3](../3-replication/README.md), we will take a look at Replication and how to replicate our data to another PostgreSQL instance for better availability.
\ No newline at end of file
diff --git a/storage/databases/postgresql/2-configuration/config/pg_hba.conf b/storage/databases/postgresql/2-configuration/config/pg_hba.conf
new file mode 100644
index 0000000..8a28f88
--- /dev/null
+++ b/storage/databases/postgresql/2-configuration/config/pg_hba.conf
@@ -0,0 +1,15 @@
+# TYPE DATABASE USER ADDRESS METHOD
+
+# "local" is for Unix domain socket connections only
+local all all trust
+# IPv4 local connections:
+host all all 127.0.0.1/32 trust
+# IPv6 local connections:
+host all all ::1/128 trust
+# Allow replication connections from localhost, by a user with the
+# replication privilege.
+local replication all trust
+host replication all 127.0.0.1/32 trust
+host replication all ::1/128 trust
+
+host all all all scram-sha-256
diff --git a/storage/databases/postgresql/2-configuration/config/pg_ident.conf b/storage/databases/postgresql/2-configuration/config/pg_ident.conf
new file mode 100644
index 0000000..a5870e6
--- /dev/null
+++ b/storage/databases/postgresql/2-configuration/config/pg_ident.conf
@@ -0,0 +1,42 @@
+# PostgreSQL User Name Maps
+# =========================
+#
+# Refer to the PostgreSQL documentation, chapter "Client
+# Authentication" for a complete description. A short synopsis
+# follows.
+#
+# This file controls PostgreSQL user name mapping. It maps external
+# user names to their corresponding PostgreSQL user names. Records
+# are of the form:
+#
+# MAPNAME SYSTEM-USERNAME PG-USERNAME
+#
+# (The uppercase quantities must be replaced by actual values.)
+#
+# MAPNAME is the (otherwise freely chosen) map name that was used in
+# pg_hba.conf. SYSTEM-USERNAME is the detected user name of the
+# client. PG-USERNAME is the requested PostgreSQL user name. The
+# existence of a record specifies that SYSTEM-USERNAME may connect as
+# PG-USERNAME.
+#
+# If SYSTEM-USERNAME starts with a slash (/), it will be treated as a
+# regular expression. Optionally this can contain a capture (a
+# parenthesized subexpression). The substring matching the capture
+# will be substituted for \1 (backslash-one) if present in
+# PG-USERNAME.
+#
+# Multiple maps may be specified in this file and used by pg_hba.conf.
+#
+# No map names are defined in the default configuration. If all
+# system user names and PostgreSQL user names are the same, you don't
+# need anything in this file.
+#
+# This file is read on server startup and when the postmaster receives
+# a SIGHUP signal. If you edit the file on a running system, you have
+# to SIGHUP the postmaster for the changes to take effect. You can
+# use "pg_ctl reload" to do that.
+
+# Put your actual configuration here
+# ----------------------------------
+
+# MAPNAME SYSTEM-USERNAME PG-USERNAME
diff --git a/storage/databases/postgresql/2-configuration/config/postgresql.conf b/storage/databases/postgresql/2-configuration/config/postgresql.conf
new file mode 100644
index 0000000..6b49304
--- /dev/null
+++ b/storage/databases/postgresql/2-configuration/config/postgresql.conf
@@ -0,0 +1,27 @@
+# -----------------------------
+# PostgreSQL configuration file
+# -----------------------------
+#
+
+data_directory = '/data'
+hba_file = '/config/pg_hba.conf'
+ident_file = '/config/pg_ident.conf'
+
+port = 5432
+listen_addresses = '*'
+max_connections = 100
+shared_buffers = 128MB
+dynamic_shared_memory_type = posix
+max_wal_size = 1GB
+min_wal_size = 80MB
+log_timezone = 'Etc/UTC'
+datestyle = 'iso, mdy'
+timezone = 'Etc/UTC'
+
+#locale settings
+lc_messages = 'en_US.utf8' # locale for system error message
+lc_monetary = 'en_US.utf8' # locale for monetary formatting
+lc_numeric = 'en_US.utf8' # locale for number formatting
+lc_time = 'en_US.utf8' # locale for time formatting
+
+default_text_search_config = 'pg_catalog.english'
\ No newline at end of file
diff --git a/storage/databases/postgresql/2-configuration/docker-compose.yaml b/storage/databases/postgresql/2-configuration/docker-compose.yaml
new file mode 100644
index 0000000..927a4df
--- /dev/null
+++ b/storage/databases/postgresql/2-configuration/docker-compose.yaml
@@ -0,0 +1,21 @@
+version: '3.1'
+services:
+ db:
+ container_name: postgres
+ image: postgres:15.0
+ command: "postgres -c config_file=/config/postgresql.conf"
+ environment:
+ POSTGRES_USER: "postgresadmin"
+ POSTGRES_PASSWORD: "admin123"
+ POSTGRES_DB: "postgresdb"
+ PGDATA: "/data"
+ volumes:
+ - ./pgdata:/data
+ - ./config:/config/
+ ports:
+ - 5000:5432
+ adminer:
+ image: adminer
+ restart: always
+ ports:
+ - 8080:8080
\ No newline at end of file
diff --git a/storage/redis/clustering/readme.md b/storage/redis/clustering/readme.md
index 6d7b3c3..091bac4 100644
--- a/storage/redis/clustering/readme.md
+++ b/storage/redis/clustering/readme.md
@@ -1,6 +1,8 @@
## Replication
+
+
Documentation [here](https://redis.io/topics/replication)
### Configuration
diff --git a/storage/redis/kubernetes/readme.md b/storage/redis/kubernetes/readme.md
index 7ec8171..5dbdb2e 100644
--- a/storage/redis/kubernetes/readme.md
+++ b/storage/redis/kubernetes/readme.md
@@ -1,5 +1,7 @@
# Redis on Kubernetes
+
+
Create a cluster with [kind](https://kind.sigs.k8s.io/docs/user/quick-start/)
```
diff --git a/storage/redis/readme.md b/storage/redis/readme.md
index 12a0511..7700f6f 100644
--- a/storage/redis/readme.md
+++ b/storage/redis/readme.md
@@ -1,5 +1,7 @@
# Redis
+
+
## Docker
Docker image over [here](https://hub.docker.com/_/redis)
diff --git a/tracing/README.md b/tracing/README.md
index 57025d9..43f879b 100644
--- a/tracing/README.md
+++ b/tracing/README.md
@@ -1,5 +1,7 @@
# Introduction to Distributed Tracing
+
+
In this episode we take a look at distributed tracing.
We'll take a look at the concept, what distributed tracing is, what problems it solves, how to emit traces and the platform architecture to collect traces.