From e1209446e37e3dc00714d60ab1d453d1c515a5b5 Mon Sep 17 00:00:00 2001 From: Schirrms Date: Thu, 8 Dec 2022 13:16:12 +0100 Subject: [PATCH 01/12] add 'include_timestamp true' in the elastic part of the configmap to actually get the timestamp in elasticsearch --- .../logging/fluentd/kubernetes/counter-err.yaml | 14 ++++++++++++++ .../fluentd/kubernetes/dockerfiles/dockerfile | 4 +++- .../fluentd/kubernetes/fluentd-configmap.yaml | 5 +++-- 3 files changed, 20 insertions(+), 3 deletions(-) create mode 100644 monitoring/logging/fluentd/kubernetes/counter-err.yaml diff --git a/monitoring/logging/fluentd/kubernetes/counter-err.yaml b/monitoring/logging/fluentd/kubernetes/counter-err.yaml new file mode 100644 index 0000000..be19daf --- /dev/null +++ b/monitoring/logging/fluentd/kubernetes/counter-err.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: v1 +kind: Pod +metadata: + name: counter-err + labels: + app: counter-err + version: v1.2 +spec: + containers: + - name: count + image: busybox + args: [/bin/sh, -c, + 'i=0; RANDOM=$$; while true; do R=$(($RANDOM%100)); echo "loop:$i value:$R"; if [ $R -gt 80 ]; then echo "Warning:$R too high" 1>&2; fi; i=$((i+1)); sleep 1; done'] diff --git a/monitoring/logging/fluentd/kubernetes/dockerfiles/dockerfile b/monitoring/logging/fluentd/kubernetes/dockerfiles/dockerfile index 9d9e135..8d19789 100644 --- a/monitoring/logging/fluentd/kubernetes/dockerfiles/dockerfile +++ b/monitoring/logging/fluentd/kubernetes/dockerfiles/dockerfile @@ -33,10 +33,12 @@ RUN touch /fluentd/etc/disable.conf # Copy plugins COPY plugins /fluentd/plugins/ COPY entrypoint.sh /fluentd/entrypoint.sh +# chmod needed in full Linux env :) +RUN chmod 755 /fluentd/entrypoint.sh # Environment variables ENV FLUENTD_OPT="" ENV FLUENTD_CONF="fluent.conf" # Overwrite ENTRYPOINT to run fluentd as root for /var/log / /var/lib -ENTRYPOINT ["tini", "--", "/fluentd/entrypoint.sh"] \ No newline at end of file +ENTRYPOINT ["tini", "--", "/fluentd/entrypoint.sh"] diff --git a/monitoring/logging/fluentd/kubernetes/fluentd-configmap.yaml b/monitoring/logging/fluentd/kubernetes/fluentd-configmap.yaml index 027aa7e..3e92c69 100644 --- a/monitoring/logging/fluentd/kubernetes/fluentd-configmap.yaml +++ b/monitoring/logging/fluentd/kubernetes/fluentd-configmap.yaml @@ -51,7 +51,7 @@ data: @type kubernetes @type "#{ENV['FLUENT_CONTAINER_TAIL_PARSER_TYPE'] || 'json'}" - time_format %Y-%m-%dT%H:%M:%S.%NZ + time_format "%Y-%m-%dT%H:%M:%S.%NZ" @@ -78,4 +78,5 @@ data: port "#{ENV['FLUENT_ELASTICSEARCH_PORT'] || '9200'}" index_name fluentd-k8s type_name fluentd - \ No newline at end of file + include_timestamp true + From 9f720b1046bbb56f1d4d8036c48f74dbf7049564 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 13 Dec 2022 13:22:11 +0000 Subject: [PATCH 02/12] Bump express in /monitoring/prometheus/nodejs-application/src Bumps [express](https://github.com/expressjs/express) from 4.17.1 to 4.17.3. - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](https://github.com/expressjs/express/compare/4.17.1...4.17.3) --- updated-dependencies: - dependency-name: express dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- .../nodejs-application/src/package-lock.json | 769 +++++++++--------- 1 file changed, 395 insertions(+), 374 deletions(-) diff --git a/monitoring/prometheus/nodejs-application/src/package-lock.json b/monitoring/prometheus/nodejs-application/src/package-lock.json index 2cf16d9..3283ec8 100644 --- a/monitoring/prometheus/nodejs-application/src/package-lock.json +++ b/monitoring/prometheus/nodejs-application/src/package-lock.json @@ -1,374 +1,395 @@ -{ - "name": "docker_web_app", - "version": "1.0.0", - "lockfileVersion": 1, - "requires": true, - "dependencies": { - "accepts": { - "version": "1.3.7", - "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.7.tgz", - "integrity": "sha512-Il80Qs2WjYlJIBNzNkK6KYqlVMTbZLXgHx2oT0pU/fjRHyEp+PEfEPY0R3WCwAGVOtauxh1hOxNgIf5bv7dQpA==", - "requires": { - "mime-types": "~2.1.24", - "negotiator": "0.6.2" - } - }, - "array-flatten": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz", - "integrity": "sha1-ml9pkFGx5wczKPKgCJaLZOopVdI=" - }, - "body-parser": { - "version": "1.19.0", - "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.19.0.tgz", - "integrity": "sha512-dhEPs72UPbDnAQJ9ZKMNTP6ptJaionhP5cBb541nXPlW60Jepo9RV/a4fX4XWW9CuFNK22krhrj1+rgzifNCsw==", - "requires": { - "bytes": "3.1.0", - "content-type": "~1.0.4", - "debug": "2.6.9", - "depd": "~1.1.2", - "http-errors": "1.7.2", - "iconv-lite": "0.4.24", - "on-finished": "~2.3.0", - "qs": "6.7.0", - "raw-body": "2.4.0", - "type-is": "~1.6.17" - } - }, - "bytes": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.0.tgz", - "integrity": "sha512-zauLjrfCG+xvoyaqLoV8bLVXXNGC4JqlxFCutSDWA6fJrTo2ZuvLYTqZ7aHBLZSMOopbzwv8f+wZcVzfVTI2Dg==" - }, - "content-disposition": { - "version": "0.5.3", - "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.3.tgz", - "integrity": "sha512-ExO0774ikEObIAEV9kDo50o+79VCUdEB6n6lzKgGwupcVeRlhrj3qGAfwq8G6uBJjkqLrhT0qEYFcWng8z1z0g==", - "requires": { - "safe-buffer": "5.1.2" - } - }, - "content-type": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz", - "integrity": "sha512-hIP3EEPs8tB9AT1L+NUqtwOAps4mk2Zob89MWXMHjHWg9milF/j4osnnQLXBCBFBk/tvIG/tUc9mOUJiPBhPXA==" - }, - "cookie": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.4.0.tgz", - "integrity": "sha512-+Hp8fLp57wnUSt0tY0tHEXh4voZRDnoIrZPqlo3DPiI4y9lwg/jqx+1Om94/W6ZaPDOUbnjOt/99w66zk+l1Xg==" - }, - "cookie-signature": { - "version": "1.0.6", - "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz", - "integrity": "sha1-4wOogrNCzD7oylE6eZmXNNqzriw=" - }, - "debug": { - "version": "2.6.9", - "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", - "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", - "requires": { - "ms": "2.0.0" - } - }, - "depd": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/depd/-/depd-1.1.2.tgz", - "integrity": "sha1-m81S4UwJd2PnSbJ0xDRu0uVgtak=" - }, - "destroy": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/destroy/-/destroy-1.0.4.tgz", - "integrity": "sha1-l4hXRCxEdJ5CBmE+N5RiBYJqvYA=" - }, - "ee-first": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", - "integrity": "sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0=" - }, - "encodeurl": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz", - "integrity": "sha1-rT/0yG7C0CkyL1oCw6mmBslbP1k=" - }, - "escape-html": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", - "integrity": "sha1-Aljq5NPQwJdN4cFpGI7wBR0dGYg=" - }, - "etag": { - "version": "1.8.1", - "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz", - "integrity": "sha1-Qa4u62XvpiJorr/qg6x9eSmbCIc=" - }, - "express": { - "version": "4.17.1", - "resolved": "https://registry.npmjs.org/express/-/express-4.17.1.tgz", - "integrity": "sha512-mHJ9O79RqluphRrcw2X/GTh3k9tVv8YcoyY4Kkh4WDMUYKRZUq0h1o0w2rrrxBqM7VoeUVqgb27xlEMXTnYt4g==", - "requires": { - "accepts": "~1.3.7", - "array-flatten": "1.1.1", - "body-parser": "1.19.0", - "content-disposition": "0.5.3", - "content-type": "~1.0.4", - "cookie": "0.4.0", - "cookie-signature": "1.0.6", - "debug": "2.6.9", - "depd": "~1.1.2", - "encodeurl": "~1.0.2", - "escape-html": "~1.0.3", - "etag": "~1.8.1", - "finalhandler": "~1.1.2", - "fresh": "0.5.2", - "merge-descriptors": "1.0.1", - "methods": "~1.1.2", - "on-finished": "~2.3.0", - "parseurl": "~1.3.3", - "path-to-regexp": "0.1.7", - "proxy-addr": "~2.0.5", - "qs": "6.7.0", - "range-parser": "~1.2.1", - "safe-buffer": "5.1.2", - "send": "0.17.1", - "serve-static": "1.14.1", - "setprototypeof": "1.1.1", - "statuses": "~1.5.0", - "type-is": "~1.6.18", - "utils-merge": "1.0.1", - "vary": "~1.1.2" - } - }, - "finalhandler": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.1.2.tgz", - "integrity": "sha512-aAWcW57uxVNrQZqFXjITpW3sIUQmHGG3qSb9mUah9MgMC4NeWhNOlNjXEYq3HjRAvL6arUviZGGJsBg6z0zsWA==", - "requires": { - "debug": "2.6.9", - "encodeurl": "~1.0.2", - "escape-html": "~1.0.3", - "on-finished": "~2.3.0", - "parseurl": "~1.3.3", - "statuses": "~1.5.0", - "unpipe": "~1.0.0" - } - }, - "forwarded": { - "version": "0.1.2", - "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.1.2.tgz", - "integrity": "sha1-mMI9qxF1ZXuMBXPozszZGw/xjIQ=" - }, - "fresh": { - "version": "0.5.2", - "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz", - "integrity": "sha1-PYyt2Q2XZWn6g1qx+OSyOhBWBac=" - }, - "http-errors": { - "version": "1.7.2", - "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.7.2.tgz", - "integrity": "sha512-uUQBt3H/cSIVfch6i1EuPNy/YsRSOUBXTVfZ+yR7Zjez3qjBz6i9+i4zjNaoqcoFVI4lQJ5plg63TvGfRSDCRg==", - "requires": { - "depd": "~1.1.2", - "inherits": "2.0.3", - "setprototypeof": "1.1.1", - "statuses": ">= 1.5.0 < 2", - "toidentifier": "1.0.0" - } - }, - "iconv-lite": { - "version": "0.4.24", - "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz", - "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==", - "requires": { - "safer-buffer": ">= 2.1.2 < 3" - } - }, - "inherits": { - "version": "2.0.3", - "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz", - "integrity": "sha1-Yzwsg+PaQqUC9SRmAiSA9CCCYd4=" - }, - "ipaddr.js": { - "version": "1.9.0", - "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.0.tgz", - "integrity": "sha512-M4Sjn6N/+O6/IXSJseKqHoFc+5FdGJ22sXqnjTpdZweHK64MzEPAyQZyEU3R/KRv2GLoa7nNtg/C2Ev6m7z+eA==" - }, - "media-typer": { - "version": "0.3.0", - "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz", - "integrity": "sha1-hxDXrwqmJvj/+hzgAWhUUmMlV0g=" - }, - "merge-descriptors": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz", - "integrity": "sha1-sAqqVW3YtEVoFQ7J0blT8/kMu2E=" - }, - "methods": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz", - "integrity": "sha1-VSmk1nZUE07cxSZmVoNbD4Ua/O4=" - }, - "mime": { - "version": "1.6.0", - "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz", - "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==" - }, - "mime-db": { - "version": "1.40.0", - "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.40.0.tgz", - "integrity": "sha512-jYdeOMPy9vnxEqFRRo6ZvTZ8d9oPb+k18PKoYNYUe2stVEBPPwsln/qWzdbmaIvnhZ9v2P+CuecK+fpUfsV2mA==" - }, - "mime-types": { - "version": "2.1.24", - "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.24.tgz", - "integrity": "sha512-WaFHS3MCl5fapm3oLxU4eYDw77IQM2ACcxQ9RIxfaC3ooc6PFuBMGZZsYpvoXS5D5QTWPieo1jjLdAm3TBP3cQ==", - "requires": { - "mime-db": "1.40.0" - } - }, - "ms": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", - "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=" - }, - "negotiator": { - "version": "0.6.2", - "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.2.tgz", - "integrity": "sha512-hZXc7K2e+PgeI1eDBe/10Ard4ekbfrrqG8Ep+8Jmf4JID2bNg7NvCPOZN+kfF574pFQI7mum2AUqDidoKqcTOw==" - }, - "on-finished": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.3.0.tgz", - "integrity": "sha1-IPEzZIGwg811M3mSoWlxqi2QaUc=", - "requires": { - "ee-first": "1.1.1" - } - }, - "parseurl": { - "version": "1.3.3", - "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz", - "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==" - }, - "path-to-regexp": { - "version": "0.1.7", - "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz", - "integrity": "sha1-32BBeABfUi8V60SQ5yR6G/qmf4w=" - }, - "proxy-addr": { - "version": "2.0.5", - "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.5.tgz", - "integrity": "sha512-t/7RxHXPH6cJtP0pRG6smSr9QJidhB+3kXu0KgXnbGYMgzEnUxRQ4/LDdfOwZEMyIh3/xHb8PX3t+lfL9z+YVQ==", - "requires": { - "forwarded": "~0.1.2", - "ipaddr.js": "1.9.0" - } - }, - "qs": { - "version": "6.7.0", - "resolved": "https://registry.npmjs.org/qs/-/qs-6.7.0.tgz", - "integrity": "sha512-VCdBRNFTX1fyE7Nb6FYoURo/SPe62QCaAyzJvUjwRaIsc+NePBEniHlvxFmmX56+HZphIGtV0XeCirBtpDrTyQ==" - }, - "range-parser": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", - "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==" - }, - "raw-body": { - "version": "2.4.0", - "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.4.0.tgz", - "integrity": "sha512-4Oz8DUIwdvoa5qMJelxipzi/iJIi40O5cGV1wNYp5hvZP8ZN0T+jiNkL0QepXs+EsQ9XJ8ipEDoiH70ySUJP3Q==", - "requires": { - "bytes": "3.1.0", - "http-errors": "1.7.2", - "iconv-lite": "0.4.24", - "unpipe": "1.0.0" - } - }, - "safe-buffer": { - "version": "5.1.2", - "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", - "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==" - }, - "safer-buffer": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", - "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==" - }, - "send": { - "version": "0.17.1", - "resolved": "https://registry.npmjs.org/send/-/send-0.17.1.tgz", - "integrity": "sha512-BsVKsiGcQMFwT8UxypobUKyv7irCNRHk1T0G680vk88yf6LBByGcZJOTJCrTP2xVN6yI+XjPJcNuE3V4fT9sAg==", - "requires": { - "debug": "2.6.9", - "depd": "~1.1.2", - "destroy": "~1.0.4", - "encodeurl": "~1.0.2", - "escape-html": "~1.0.3", - "etag": "~1.8.1", - "fresh": "0.5.2", - "http-errors": "~1.7.2", - "mime": "1.6.0", - "ms": "2.1.1", - "on-finished": "~2.3.0", - "range-parser": "~1.2.1", - "statuses": "~1.5.0" - }, - "dependencies": { - "ms": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.1.tgz", - "integrity": "sha512-tgp+dl5cGk28utYktBsrFqA7HKgrhgPsg6Z/EfhWI4gl1Hwq8B/GmY/0oXZ6nF8hDVesS/FpnYaD/kOWhYQvyg==" - } - } - }, - "serve-static": { - "version": "1.14.1", - "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.14.1.tgz", - "integrity": "sha512-JMrvUwE54emCYWlTI+hGrGv5I8dEwmco/00EvkzIIsR7MqrHonbD9pO2MOfFnpFntl7ecpZs+3mW+XbQZu9QCg==", - "requires": { - "encodeurl": "~1.0.2", - "escape-html": "~1.0.3", - "parseurl": "~1.3.3", - "send": "0.17.1" - } - }, - "setprototypeof": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.1.1.tgz", - "integrity": "sha512-JvdAWfbXeIGaZ9cILp38HntZSFSo3mWg6xGcJJsd+d4aRMOqauag1C63dJfDw7OaMYwEbHMOxEZ1lqVRYP2OAw==" - }, - "statuses": { - "version": "1.5.0", - "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz", - "integrity": "sha1-Fhx9rBd2Wf2YEfQ3cfqZOBR4Yow=" - }, - "toidentifier": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.0.tgz", - "integrity": "sha512-yaOH/Pk/VEhBWWTlhI+qXxDFXlejDGcQipMlyxda9nthulaxLZUNcUqFxokp0vcYnvteJln5FNQDRrxj3YcbVw==" - }, - "type-is": { - "version": "1.6.18", - "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz", - "integrity": "sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==", - "requires": { - "media-typer": "0.3.0", - "mime-types": "~2.1.24" - } - }, - "unpipe": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", - "integrity": "sha1-sr9O6FFKrmFltIF4KdIbLvSZBOw=" - }, - "utils-merge": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz", - "integrity": "sha1-n5VxD1CiZ5R7LMwSR0HBAoQn5xM=" - }, - "vary": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz", - "integrity": "sha1-IpnwLG3tMNSllhsLn3RSShj2NPw=" - } - } -} +{ + "name": "docker_web_app", + "version": "1.0.0", + "lockfileVersion": 1, + "requires": true, + "dependencies": { + "accepts": { + "version": "1.3.8", + "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz", + "integrity": "sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==", + "requires": { + "mime-types": "~2.1.34", + "negotiator": "0.6.3" + } + }, + "array-flatten": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz", + "integrity": "sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg==" + }, + "bintrees": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/bintrees/-/bintrees-1.0.2.tgz", + "integrity": "sha512-VOMgTMwjAaUG580SXn3LacVgjurrbMme7ZZNYGSSV7mmtY6QQRh0Eg3pwIcntQ77DErK1L0NxkbetjcoXzVwKw==" + }, + "body-parser": { + "version": "1.19.2", + "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.19.2.tgz", + "integrity": "sha512-SAAwOxgoCKMGs9uUAUFHygfLAyaniaoun6I8mFY9pRAJL9+Kec34aU+oIjDhTycub1jozEfEwx1W1IuOYxVSFw==", + "requires": { + "bytes": "3.1.2", + "content-type": "~1.0.4", + "debug": "2.6.9", + "depd": "~1.1.2", + "http-errors": "1.8.1", + "iconv-lite": "0.4.24", + "on-finished": "~2.3.0", + "qs": "6.9.7", + "raw-body": "2.4.3", + "type-is": "~1.6.18" + } + }, + "bytes": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz", + "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==" + }, + "content-disposition": { + "version": "0.5.4", + "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz", + "integrity": "sha512-FveZTNuGw04cxlAiWbzi6zTAL/lhehaWbTtgluJh4/E95DqMwTmha3KZN1aAWA8cFIhHzMZUvLevkw5Rqk+tSQ==", + "requires": { + "safe-buffer": "5.2.1" + } + }, + "content-type": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz", + "integrity": "sha512-hIP3EEPs8tB9AT1L+NUqtwOAps4mk2Zob89MWXMHjHWg9milF/j4osnnQLXBCBFBk/tvIG/tUc9mOUJiPBhPXA==" + }, + "cookie": { + "version": "0.4.2", + "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.4.2.tgz", + "integrity": "sha512-aSWTXFzaKWkvHO1Ny/s+ePFpvKsPnjc551iI41v3ny/ow6tBG5Vd+FuqGNhh1LxOmVzOlGUriIlOaokOvhaStA==" + }, + "cookie-signature": { + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz", + "integrity": "sha512-QADzlaHc8icV8I7vbaJXJwod9HWYp8uCqf1xa4OfNu1T7JVxQIrUgOWtHdNDtPiywmFbiS12VjotIXLrKM3orQ==" + }, + "debug": { + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", + "requires": { + "ms": "2.0.0" + } + }, + "depd": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/depd/-/depd-1.1.2.tgz", + "integrity": "sha512-7emPTl6Dpo6JRXOXjLRxck+FlLRX5847cLKEn00PLAgc3g2hTZZgr+e4c2v6QpSmLeFP3n5yUo7ft6avBK/5jQ==" + }, + "destroy": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/destroy/-/destroy-1.0.4.tgz", + "integrity": "sha512-3NdhDuEXnfun/z7x9GOElY49LoqVHoGScmOKwmxhsS8N5Y+Z8KyPPDnaSzqWgYt/ji4mqwfTS34Htrk0zPIXVg==" + }, + "ee-first": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", + "integrity": "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==" + }, + "encodeurl": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz", + "integrity": "sha512-TPJXq8JqFaVYm2CWmPvnP2Iyo4ZSM7/QKcSmuMLDObfpH5fi7RUGmd/rTDf+rut/saiDiQEeVTNgAmJEdAOx0w==" + }, + "escape-html": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", + "integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow==" + }, + "etag": { + "version": "1.8.1", + "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz", + "integrity": "sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==" + }, + "express": { + "version": "4.17.3", + "resolved": "https://registry.npmjs.org/express/-/express-4.17.3.tgz", + "integrity": "sha512-yuSQpz5I+Ch7gFrPCk4/c+dIBKlQUxtgwqzph132bsT6qhuzss6I8cLJQz7B3rFblzd6wtcI0ZbGltH/C4LjUg==", + "requires": { + "accepts": "~1.3.8", + "array-flatten": "1.1.1", + "body-parser": "1.19.2", + "content-disposition": "0.5.4", + "content-type": "~1.0.4", + "cookie": "0.4.2", + "cookie-signature": "1.0.6", + "debug": "2.6.9", + "depd": "~1.1.2", + "encodeurl": "~1.0.2", + "escape-html": "~1.0.3", + "etag": "~1.8.1", + "finalhandler": "~1.1.2", + "fresh": "0.5.2", + "merge-descriptors": "1.0.1", + "methods": "~1.1.2", + "on-finished": "~2.3.0", + "parseurl": "~1.3.3", + "path-to-regexp": "0.1.7", + "proxy-addr": "~2.0.7", + "qs": "6.9.7", + "range-parser": "~1.2.1", + "safe-buffer": "5.2.1", + "send": "0.17.2", + "serve-static": "1.14.2", + "setprototypeof": "1.2.0", + "statuses": "~1.5.0", + "type-is": "~1.6.18", + "utils-merge": "1.0.1", + "vary": "~1.1.2" + } + }, + "finalhandler": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.1.2.tgz", + "integrity": "sha512-aAWcW57uxVNrQZqFXjITpW3sIUQmHGG3qSb9mUah9MgMC4NeWhNOlNjXEYq3HjRAvL6arUviZGGJsBg6z0zsWA==", + "requires": { + "debug": "2.6.9", + "encodeurl": "~1.0.2", + "escape-html": "~1.0.3", + "on-finished": "~2.3.0", + "parseurl": "~1.3.3", + "statuses": "~1.5.0", + "unpipe": "~1.0.0" + } + }, + "forwarded": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz", + "integrity": "sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==" + }, + "fresh": { + "version": "0.5.2", + "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz", + "integrity": "sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q==" + }, + "http-errors": { + "version": "1.8.1", + "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.8.1.tgz", + "integrity": "sha512-Kpk9Sm7NmI+RHhnj6OIWDI1d6fIoFAtFt9RLaTMRlg/8w49juAStsrBgp0Dp4OdxdVbRIeKhtCUvoi/RuAhO4g==", + "requires": { + "depd": "~1.1.2", + "inherits": "2.0.4", + "setprototypeof": "1.2.0", + "statuses": ">= 1.5.0 < 2", + "toidentifier": "1.0.1" + } + }, + "iconv-lite": { + "version": "0.4.24", + "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz", + "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==", + "requires": { + "safer-buffer": ">= 2.1.2 < 3" + } + }, + "inherits": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==" + }, + "ipaddr.js": { + "version": "1.9.1", + "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz", + "integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==" + }, + "media-typer": { + "version": "0.3.0", + "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz", + "integrity": "sha512-dq+qelQ9akHpcOl/gUVRTxVIOkAJ1wR3QAvb4RsVjS8oVoFjDGTc679wJYmUmknUF5HwMLOgb5O+a3KxfWapPQ==" + }, + "merge-descriptors": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz", + "integrity": "sha512-cCi6g3/Zr1iqQi6ySbseM1Xvooa98N0w31jzUYrXPX2xqObmFGHJ0tQ5u74H3mVh7wLouTseZyYIq39g8cNp1w==" + }, + "methods": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz", + "integrity": "sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==" + }, + "mime": { + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz", + "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==" + }, + "mime-db": { + "version": "1.52.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", + "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==" + }, + "mime-types": { + "version": "2.1.35", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", + "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==", + "requires": { + "mime-db": "1.52.0" + } + }, + "ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==" + }, + "negotiator": { + "version": "0.6.3", + "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz", + "integrity": "sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==" + }, + "on-finished": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.3.0.tgz", + "integrity": "sha512-ikqdkGAAyf/X/gPhXGvfgAytDZtDbr+bkNUJ0N9h5MI/dmdgCs3l6hoHrcUv41sRKew3jIwrp4qQDXiK99Utww==", + "requires": { + "ee-first": "1.1.1" + } + }, + "parseurl": { + "version": "1.3.3", + "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz", + "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==" + }, + "path-to-regexp": { + "version": "0.1.7", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz", + "integrity": "sha512-5DFkuoqlv1uYQKxy8omFBeJPQcdoE07Kv2sferDCrAq1ohOU+MSDswDIbnx3YAM60qIOnYa53wBhXW0EbMonrQ==" + }, + "prom-client": { + "version": "11.5.3", + "resolved": "https://registry.npmjs.org/prom-client/-/prom-client-11.5.3.tgz", + "integrity": "sha512-iz22FmTbtkyL2vt0MdDFY+kWof+S9UB/NACxSn2aJcewtw+EERsen0urSkZ2WrHseNdydsvcxCTAnPcSMZZv4Q==", + "requires": { + "tdigest": "^0.1.1" + } + }, + "proxy-addr": { + "version": "2.0.7", + "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz", + "integrity": "sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==", + "requires": { + "forwarded": "0.2.0", + "ipaddr.js": "1.9.1" + } + }, + "qs": { + "version": "6.9.7", + "resolved": "https://registry.npmjs.org/qs/-/qs-6.9.7.tgz", + "integrity": "sha512-IhMFgUmuNpyRfxA90umL7ByLlgRXu6tIfKPpF5TmcfRLlLCckfP/g3IQmju6jjpu+Hh8rA+2p6A27ZSPOOHdKw==" + }, + "range-parser": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", + "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==" + }, + "raw-body": { + "version": "2.4.3", + "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.4.3.tgz", + "integrity": "sha512-UlTNLIcu0uzb4D2f4WltY6cVjLi+/jEN4lgEUj3E04tpMDpUlkBo/eSn6zou9hum2VMNpCCUone0O0WeJim07g==", + "requires": { + "bytes": "3.1.2", + "http-errors": "1.8.1", + "iconv-lite": "0.4.24", + "unpipe": "1.0.0" + } + }, + "safe-buffer": { + "version": "5.2.1", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==" + }, + "safer-buffer": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", + "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==" + }, + "send": { + "version": "0.17.2", + "resolved": "https://registry.npmjs.org/send/-/send-0.17.2.tgz", + "integrity": "sha512-UJYB6wFSJE3G00nEivR5rgWp8c2xXvJ3OPWPhmuteU0IKj8nKbG3DrjiOmLwpnHGYWAVwA69zmTm++YG0Hmwww==", + "requires": { + "debug": "2.6.9", + "depd": "~1.1.2", + "destroy": "~1.0.4", + "encodeurl": "~1.0.2", + "escape-html": "~1.0.3", + "etag": "~1.8.1", + "fresh": "0.5.2", + "http-errors": "1.8.1", + "mime": "1.6.0", + "ms": "2.1.3", + "on-finished": "~2.3.0", + "range-parser": "~1.2.1", + "statuses": "~1.5.0" + }, + "dependencies": { + "ms": { + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==" + } + } + }, + "serve-static": { + "version": "1.14.2", + "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.14.2.tgz", + "integrity": "sha512-+TMNA9AFxUEGuC0z2mevogSnn9MXKb4fa7ngeRMJaaGv8vTwnIEkKi+QGvPt33HSnf8pRS+WGM0EbMtCJLKMBQ==", + "requires": { + "encodeurl": "~1.0.2", + "escape-html": "~1.0.3", + "parseurl": "~1.3.3", + "send": "0.17.2" + } + }, + "setprototypeof": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz", + "integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==" + }, + "statuses": { + "version": "1.5.0", + "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz", + "integrity": "sha512-OpZ3zP+jT1PI7I8nemJX4AKmAX070ZkYPVWV/AaKTJl+tXCTGyVdC1a4SL8RUQYEwk/f34ZX8UTykN68FwrqAA==" + }, + "tdigest": { + "version": "0.1.2", + "resolved": "https://registry.npmjs.org/tdigest/-/tdigest-0.1.2.tgz", + "integrity": "sha512-+G0LLgjjo9BZX2MfdvPfH+MKLCrxlXSYec5DaPYP1fe6Iyhf0/fSmJ0bFiZ1F8BT6cGXl2LpltQptzjXKWEkKA==", + "requires": { + "bintrees": "1.0.2" + } + }, + "toidentifier": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz", + "integrity": "sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==" + }, + "type-is": { + "version": "1.6.18", + "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz", + "integrity": "sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==", + "requires": { + "media-typer": "0.3.0", + "mime-types": "~2.1.24" + } + }, + "unpipe": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", + "integrity": "sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==" + }, + "utils-merge": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz", + "integrity": "sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA==" + }, + "vary": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz", + "integrity": "sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==" + } + } +} From 12509343791497418cf33d65eda5dd51d3b1ad73 Mon Sep 17 00:00:00 2001 From: Manju <36835720+manju369@users.noreply.github.com> Date: Wed, 14 Dec 2022 11:39:27 +0530 Subject: [PATCH 03/12] Update ssl_generate_self_signed.txt not able to download by just using `curl` , worked after using `curl -L` option more info here - https://unix.stackexchange.com/a/321751/537201 --- hashicorp/vault/tls/ssl_generate_self_signed.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hashicorp/vault/tls/ssl_generate_self_signed.txt b/hashicorp/vault/tls/ssl_generate_self_signed.txt index ae8d476..b5705d3 100644 --- a/hashicorp/vault/tls/ssl_generate_self_signed.txt +++ b/hashicorp/vault/tls/ssl_generate_self_signed.txt @@ -4,8 +4,8 @@ cd ./hashicorp/vault/tls/ docker run -it --rm -v ${PWD}:/work -w /work debian:buster bash apt-get update && apt-get install -y curl && -curl https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 -o /usr/local/bin/cfssl && \ -curl https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 -o /usr/local/bin/cfssljson && \ +curl -L https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 -o /usr/local/bin/cfssl && \ +curl -L https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 -o /usr/local/bin/cfssljson && \ chmod +x /usr/local/bin/cfssl && \ chmod +x /usr/local/bin/cfssljson From 84ffb46275c816161eb95f01f7237d18978fdb83 Mon Sep 17 00:00:00 2001 From: Aimon Date: Thu, 22 Dec 2022 21:35:12 -0300 Subject: [PATCH 04/12] fix: docker build failing because of deprecated go version --- .../rabbitmq/applications/consumer/dockerfile | 11 ++++++----- messaging/rabbitmq/applications/consumer/go.mod | 8 ++++++++ messaging/rabbitmq/applications/consumer/go.sum | 14 ++++++++++++++ .../rabbitmq/applications/publisher/dockerfile | 11 ++++++----- messaging/rabbitmq/applications/publisher/go.mod | 9 +++++++++ messaging/rabbitmq/applications/publisher/go.sum | 16 ++++++++++++++++ 6 files changed, 59 insertions(+), 10 deletions(-) create mode 100644 messaging/rabbitmq/applications/consumer/go.mod create mode 100644 messaging/rabbitmq/applications/consumer/go.sum create mode 100644 messaging/rabbitmq/applications/publisher/go.mod create mode 100644 messaging/rabbitmq/applications/publisher/go.sum diff --git a/messaging/rabbitmq/applications/consumer/dockerfile b/messaging/rabbitmq/applications/consumer/dockerfile index b63b85d..a74323e 100644 --- a/messaging/rabbitmq/applications/consumer/dockerfile +++ b/messaging/rabbitmq/applications/consumer/dockerfile @@ -1,17 +1,18 @@ -FROM golang:1.14-alpine as build +FROM golang:1.16-alpine as build RUN apk add --no-cache git WORKDIR /src -RUN go get github.com/sirupsen/logrus -RUN go get github.com/streadway/amqp +COPY go.mod ./ +COPY go.sum ./ -COPY consumer.go /src +RUN go mod download + +COPY consumer.go ./ RUN go build consumer.go - FROM alpine as runtime COPY --from=build /src/consumer /app/consumer diff --git a/messaging/rabbitmq/applications/consumer/go.mod b/messaging/rabbitmq/applications/consumer/go.mod new file mode 100644 index 0000000..50db9c5 --- /dev/null +++ b/messaging/rabbitmq/applications/consumer/go.mod @@ -0,0 +1,8 @@ +module consumerMod + +go 1.16 + +require ( + github.com/sirupsen/logrus v1.6.0 + github.com/streadway/amqp v1.0.0 +) diff --git a/messaging/rabbitmq/applications/consumer/go.sum b/messaging/rabbitmq/applications/consumer/go.sum new file mode 100644 index 0000000..511e758 --- /dev/null +++ b/messaging/rabbitmq/applications/consumer/go.sum @@ -0,0 +1,14 @@ +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/konsorten/go-windows-terminal-sequences v1.0.3 h1:CE8S1cTafDpPvMhIxNJKvHsGVBgn1xWYf1NbHQhywc8= +github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/sirupsen/logrus v1.6.0 h1:UBcNElsrwanuuMsnGSlYmtmgbb23qDR5dG+6X6Oo89I= +github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= +github.com/streadway/amqp v1.0.0 h1:kuuDrUJFZL1QYL9hUNuCxNObNzB0bV/ZG5jV3RWAQgo= +github.com/streadway/amqp v1.0.0/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= +github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w= +github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +golang.org/x/sys v0.0.0-20190422165155-953cdadca894 h1:Cz4ceDQGXuKRnVBDTS23GTn/pU5OE2C0WrNTOYK1Uuc= +golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= diff --git a/messaging/rabbitmq/applications/publisher/dockerfile b/messaging/rabbitmq/applications/publisher/dockerfile index 6d7a0b6..0fe669d 100644 --- a/messaging/rabbitmq/applications/publisher/dockerfile +++ b/messaging/rabbitmq/applications/publisher/dockerfile @@ -1,14 +1,15 @@ -FROM golang:1.14-alpine as build +FROM golang:1.16-alpine as build RUN apk add --no-cache git WORKDIR /src -RUN go get github.com/julienschmidt/httprouter -RUN go get github.com/sirupsen/logrus -RUN go get github.com/streadway/amqp +COPY go.mod ./ +COPY go.sum ./ -COPY publisher.go /src +RUN go mod download + +COPY publisher.go ./ RUN go build publisher.go diff --git a/messaging/rabbitmq/applications/publisher/go.mod b/messaging/rabbitmq/applications/publisher/go.mod new file mode 100644 index 0000000..26b6733 --- /dev/null +++ b/messaging/rabbitmq/applications/publisher/go.mod @@ -0,0 +1,9 @@ +module publisherMod + +go 1.16 + +require ( + github.com/julienschmidt/httprouter v1.3.0 + github.com/sirupsen/logrus v1.6.0 + github.com/streadway/amqp v1.0.0 +) diff --git a/messaging/rabbitmq/applications/publisher/go.sum b/messaging/rabbitmq/applications/publisher/go.sum new file mode 100644 index 0000000..c3ae922 --- /dev/null +++ b/messaging/rabbitmq/applications/publisher/go.sum @@ -0,0 +1,16 @@ +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/julienschmidt/httprouter v1.3.0 h1:U0609e9tgbseu3rBINet9P48AI/D3oJs4dN7jwJOQ1U= +github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= +github.com/konsorten/go-windows-terminal-sequences v1.0.3 h1:CE8S1cTafDpPvMhIxNJKvHsGVBgn1xWYf1NbHQhywc8= +github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/sirupsen/logrus v1.6.0 h1:UBcNElsrwanuuMsnGSlYmtmgbb23qDR5dG+6X6Oo89I= +github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= +github.com/streadway/amqp v1.0.0 h1:kuuDrUJFZL1QYL9hUNuCxNObNzB0bV/ZG5jV3RWAQgo= +github.com/streadway/amqp v1.0.0/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= +github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w= +github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +golang.org/x/sys v0.0.0-20190422165155-953cdadca894 h1:Cz4ceDQGXuKRnVBDTS23GTn/pU5OE2C0WrNTOYK1Uuc= +golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= From ff52e92164118f29eef9ae4bc3930d5190e9a5e6 Mon Sep 17 00:00:00 2001 From: marcel-dempers Date: Mon, 9 Jan 2023 21:42:34 +1100 Subject: [PATCH 05/12] datree scoring walkthrough --- kubernetes/datree/README-2023.md | 172 +++++ kubernetes/datree/example/cms/deploy.yaml | 42 + kubernetes/datree/example/cms/ingress.yaml | 18 + kubernetes/datree/example/cms/service.yaml | 14 + .../datree/example/cms/statefulset.yaml | 69 ++ .../datree/manifests/datree.0.1.41.yaml | 718 ++++++++++++++++++ 6 files changed, 1033 insertions(+) create mode 100644 kubernetes/datree/README-2023.md create mode 100644 kubernetes/datree/example/cms/deploy.yaml create mode 100644 kubernetes/datree/example/cms/ingress.yaml create mode 100644 kubernetes/datree/example/cms/service.yaml create mode 100644 kubernetes/datree/example/cms/statefulset.yaml create mode 100644 kubernetes/datree/manifests/datree.0.1.41.yaml diff --git a/kubernetes/datree/README-2023.md b/kubernetes/datree/README-2023.md new file mode 100644 index 0000000..88c944c --- /dev/null +++ b/kubernetes/datree/README-2023.md @@ -0,0 +1,172 @@ + +# Whats new 👉🏽 Datree in 2023 + +## Create a Kubernetes cluster + +Let's start by creating a local `kind` [cluster](https://kind.sigs.k8s.io/) + +Note that we create a Kubernetes 1.23 cluster.
+So we want to use `datree` to validate and ensure our manifests comply with that version of Kubernetes.
+ +``` +kind create cluster --name datree --image kindest/node:v1.23.6 +``` + +## Installation + +Best place to start is the [documentation](https://hub.datree.io/) + +I like to start all my work inside a docker container.
+Let's run a small Alpine linux container + +``` +docker run -it -v ${PWD}:/work -v ${HOME}/.kube/:/root/.kube/ -w /work --net host alpine sh +``` +### Install Kubectl + +Let's install `kubectl` in our container
+ +``` +apk add curl jq +curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.23.6/bin/linux/amd64/kubectl +chmod +x ./kubectl +mv ./kubectl /usr/local/bin/kubectl +``` + +### Install Helm + +Let's install `helm` in our container
+ +``` +curl -L https://get.helm.sh/helm-v3.5.4-linux-amd64.tar.gz -o /tmp/helm.tar.gz && \ +tar -xzf /tmp/helm.tar.gz -C /tmp && \ +chmod +x /tmp/linux-amd64/helm && \ +mv /tmp/linux-amd64/helm /usr/local/bin/helm + +``` + +## Install Datree on our cluster + +Add the Helm repo: +``` +helm repo add datree-webhook https://datreeio.github.io/admission-webhook-datree +helm search repo datree-webhook --versions +``` + +Grab the manifest: +``` +CHART_VERSION="0.3.22" +APP_VERSION="0.1.41" +DATREE_TOKEN="" + +mkdir ./kubernetes/datree/manifests/ + +helm template datree-webhook datree-webhook/datree-admission-webhook \ +--create-namespace \ +--set datree.token=${DATREE_TOKEN} \ +--set datree.clusterName=$(kubectl config current-context) \ +--version ${CHART_VERSION} \ +--namespace datree \ +> ./kubernetes/datree/manifests/datree.${APP_VERSION}.yaml + +``` + +Apply the manifests: +``` +kubectl create namespace datree +kubectl apply -n datree -f kubernetes/datree/manifests/ +``` +Check the install + +``` +kubectl -n datree get pods +``` + +## View our Cluster Score + +Now with Datree installed in our cluster, we can review it's current scoring in the Datree [Dashboard](https://app.datree.io/overview)
+ +As we are running a test cluster or if you run in the cloud, there may be some cloud components in namespaces that you may want to ignore.
+ +We can do this by labeling a namespace which is [documented here](https://hub.datree.io/configuration/behavior#ignore-a-namespace) + +``` +kubectl label namespaces local-path-storage "admission.datree/validate=skip" +``` + +According to the dashboard, we still have a `D` score, let's rerun the scan: + +``` +kubectl get job "scan-job" -n datree -o json | jq 'del(.spec.selector)' | jq 'del(.spec.template.metadata.labels)' | kubectl replace --force -f - +``` + +Now we can see that we have an `A` score.
+ +## Deploy some workloads to our cluster + +For most companies and larger teams, it's extremely difficult to fix policy issues.
+Let's walk through what this may look like.
+ +Deploy some sample workloads: + +``` +kubectl create namespace cms +kubectl -n cms create configmap mysql \ +--from-literal MYSQL_RANDOM_ROOT_PASSWORD=1 + +kubectl -n cms create secret generic wordpress \ +--from-literal WORDPRESS_DB_HOST=mysql \ +--from-literal WORDPRESS_DB_USER=exampleuser \ +--from-literal WORDPRESS_DB_PASSWORD=examplepassword \ +--from-literal WORDPRESS_DB_NAME=exampledb + +kubectl -n cms create secret generic mysql \ +--from-literal MYSQL_USER=exampleuser \ +--from-literal MYSQL_PASSWORD=examplepassword \ +--from-literal MYSQL_DATABASE=exampledb + +kubectl -n cms apply -f kubernetes/datree/example/cms/ +``` + +Check out workloads + +``` +kubectl -n cms get all +``` + +Rerun our scan: + +``` +kubectl get job "scan-job" -n datree -o json | jq 'del(.spec.selector)' | jq 'del(.spec.template.metadata.labels)' | kubectl replace --force -f - +``` + +Now we can follow the dashboard, to check our `namespace` for policy issues and start fixing them.
+ +Datree has a ton of features and capabilities.
+We can even run it locally using the CLI + +## Datree CLI : Testing our YAML locally + +We can install the latest version of Datree with the command advertised: + +``` +curl https://get.datree.io | /bin/bash +``` + +### Policy check + +Let's test my example manifests under our datree folder `kubernetes\datree\example` + +``` +datree test ./kubernetes/datree/example/cms/ +``` + +# CI/CD examples + +The tools as well as the dashboards help us solve these policy issues locally.
+Once we have sorted out our policy issues, we can add Datree to our CI/CD pipeline.
+ +Checkout the [CI/CD integrations](https://hub.datree.io/cicd-examples) page.
+ + + diff --git a/kubernetes/datree/example/cms/deploy.yaml b/kubernetes/datree/example/cms/deploy.yaml new file mode 100644 index 0000000..121fefe --- /dev/null +++ b/kubernetes/datree/example/cms/deploy.yaml @@ -0,0 +1,42 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: wordpress-deployment + labels: + app: wordpress +spec: + replicas: 2 + selector: + matchLabels: + app: wordpress + template: + metadata: + labels: + app: wordpress + spec: + containers: + - name: wordpress + image: aimvector/wordpress-example + ports: + - containerPort: 80 + env: + - name: WORDPRESS_DB_HOST + valueFrom: + secretKeyRef: + name: wordpress + key: WORDPRESS_DB_HOST + - name: WORDPRESS_DB_USER + valueFrom: + secretKeyRef: + name: wordpress + key: WORDPRESS_DB_USER + - name: WORDPRESS_DB_PASSWORD + valueFrom: + secretKeyRef: + name: wordpress + key: WORDPRESS_DB_PASSWORD + - name: WORDPRESS_DB_NAME + valueFrom: + secretKeyRef: + name: wordpress + key: WORDPRESS_DB_NAME \ No newline at end of file diff --git a/kubernetes/datree/example/cms/ingress.yaml b/kubernetes/datree/example/cms/ingress.yaml new file mode 100644 index 0000000..77ccdc0 --- /dev/null +++ b/kubernetes/datree/example/cms/ingress.yaml @@ -0,0 +1,18 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: wordpress + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / +spec: + ingressClassName: nginx + rules: + - http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: wordpress + port: + number: 80 diff --git a/kubernetes/datree/example/cms/service.yaml b/kubernetes/datree/example/cms/service.yaml new file mode 100644 index 0000000..87112d9 --- /dev/null +++ b/kubernetes/datree/example/cms/service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: wordpress + labels: + app: wordpress +spec: + ports: + - port: 80 + name: wordpress + targetPort: 80 + type: ClusterIP + selector: + app: wordpress \ No newline at end of file diff --git a/kubernetes/datree/example/cms/statefulset.yaml b/kubernetes/datree/example/cms/statefulset.yaml new file mode 100644 index 0000000..c377d64 --- /dev/null +++ b/kubernetes/datree/example/cms/statefulset.yaml @@ -0,0 +1,69 @@ +apiVersion: v1 +kind: Service +metadata: + name: mysql + labels: + app: mysql +spec: + ports: + - port: 3306 + name: db + type: ClusterIP + selector: + app: mysql +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: mysql +spec: + selector: + matchLabels: + app: mysql # has to match .spec.template.metadata.labels + serviceName: "mysql" + replicas: 1 + template: + metadata: + labels: + app: mysql # has to match .spec.selector.matchLabels + spec: + terminationGracePeriodSeconds: 10 + containers: + - name: mysql + image: aimvector/mysql-example + ports: + - containerPort: 3306 + name: db + env: + - name: MYSQL_DATABASE + valueFrom: + secretKeyRef: + name: mysql + key: MYSQL_DATABASE + - name: MYSQL_USER + valueFrom: + secretKeyRef: + name: mysql + key: MYSQL_USER + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: mysql + key: MYSQL_PASSWORD + - name: MYSQL_RANDOM_ROOT_PASSWORD + valueFrom: + configMapKeyRef: + name: mysql + key: MYSQL_RANDOM_ROOT_PASSWORD + volumeMounts: + - name: db + mountPath: /var/lib/mysql + volumeClaimTemplates: + - metadata: + name: db + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 500Mi \ No newline at end of file diff --git a/kubernetes/datree/manifests/datree.0.1.41.yaml b/kubernetes/datree/manifests/datree.0.1.41.yaml new file mode 100644 index 0000000..7b0e76e --- /dev/null +++ b/kubernetes/datree/manifests/datree.0.1.41.yaml @@ -0,0 +1,718 @@ +--- +# Source: datree-admission-webhook/templates/cluster-scan-cronjob.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: cluster-scan-job-service-account + namespace: datree +--- +# Source: datree-admission-webhook/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: datree-webhook-server + namespace: datree + labels: + app.kubernetes.io/name: datree-admission-webhook + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "datree-webhook" + app.kubernetes.io/version: 0.1.41 + app.kubernetes.io/part-of: "datree" + meta.helm.sh/release-name: "datree-admission-webhook" + meta.helm.sh/release-namespace: "datree" + helm.sh/chart: datree-admission-webhook-0.3.22 +--- +# Source: datree-admission-webhook/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: datree-label-namespaces-hook-post-install + labels: + app.kubernetes.io/name: datree-admission-webhook + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "datree-webhook" + app.kubernetes.io/version: 0.1.41 + app.kubernetes.io/part-of: "datree" + meta.helm.sh/release-name: "datree-admission-webhook" + meta.helm.sh/release-namespace: "datree" + helm.sh/chart: datree-admission-webhook-0.3.22 +--- +# Source: datree-admission-webhook/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: datree-cleanup-namespaces-hook-pre-delete + labels: + app.kubernetes.io/name: datree-admission-webhook + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "datree-webhook" + app.kubernetes.io/version: 0.1.41 + app.kubernetes.io/part-of: "datree" + meta.helm.sh/release-name: "datree-admission-webhook" + meta.helm.sh/release-namespace: "datree" + helm.sh/chart: datree-admission-webhook-0.3.22 +--- +# Source: datree-admission-webhook/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: datree-wait-server-ready-hook-post-install + labels: + app.kubernetes.io/name: datree-admission-webhook + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "datree-webhook" + app.kubernetes.io/version: 0.1.41 + app.kubernetes.io/part-of: "datree" + meta.helm.sh/release-name: "datree-admission-webhook" + meta.helm.sh/release-namespace: "datree" + helm.sh/chart: datree-admission-webhook-0.3.22 +--- +# Source: datree-admission-webhook/templates/webhook-with-cert-secrets.yaml +apiVersion: v1 +kind: Secret +metadata: + name: datree-ca-tls + labels: + app.kubernetes.io/name: datree-admission-webhook + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "datree-webhook" + app.kubernetes.io/version: 0.1.41 + app.kubernetes.io/part-of: "datree" + meta.helm.sh/release-name: "datree-admission-webhook" + meta.helm.sh/release-namespace: "datree" + helm.sh/chart: datree-admission-webhook-0.3.22 + namespace: datree +type: kubernetes.io/tls +data: + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBN0tDOWljWjhUdlZwd1NUZk45S1hDNU8xZXo1alFXY1U4WE1qT1lFaDNLS3MrREIrCkJYM2luZVFMdTJ3TnJPdHA0MVllVTI5K1VrQ0RWQTdVdnpEVW5mT1RaenJwenRXcVFuc0hIVkpSSU0yTlViNjEKQnVPMjdGTzBqcTFLYWtZMFlNTUtDYVdiMHFOalloZEcwWlM0aUhOVlNWamxTeFFLRUJsMWh5OXJaTFN1NzE4UgorL2RmakxPR1JvT1QrR2ptUEpTVVBQYmlHZjVVTlpyaE9EcGtVc0o2NG9iU2t2bC9kNy9NN0dTbXRoWTd4UHVWCmJBZXdlaENzNng5Z0JaMEVEakVMR3prckJhR3dEWWl5OFVLcVZtYlpJNkFxMDNMYm9hVStVMGRheG4rY2dKZjMKd2tPa2V0eEFWUkZRSVlnNUVLL1l0UE1BQk1xNnpicWZ1MHEwOXdJREFRQUJBb0lCQVFEckJXdTduOHh2a0FpTgpzVldUV0RKMWFTdmpVTCs4Z2Vtbk5yaFJzUlEwMDg0QVpBbUc0dFZtQk00eVJNd0FaNEV3THFUSU1nREJLUnBICkxzUFhjV1I3elNVbWJya3ltYjBWY3FSS1Z5d0U3S1BrQVFwRDRZQVprYm5QekFZUkw5RnVHY21xY3pZbEsrclYKemxDa2NKWW4wSVZ3NkQ0MUo1NG5CMkpYOXAwdjB1eTZlV01zZHRZdU9MNkppOSswb0J3Q2Qzd0VqZXo1WUFUMwpHMmZVUTdJbXpnMUd4VnA4VG5ZdnBGTXFFKzdrMGZMY3o0a3ZZZzNtdTVSMmI5ZjBmYlJtK3VsVDVwdnpVS0IvCmNkTGNIalFQSHNqeER2NzJUM3l6bHVEWE0xU3NjTitjM1lwSjB2K3JVZWY3SnlFbUhpWFI5bEpWc3Vrc1djNkIKa05aL2NvZmhBb0dCQVBzYWt0UUpyMVREbFliYkQvTE1JY0loamJVYVlJaVJacG9kR0pZKzN6TWkrd1RwcDJHagpmR1E4elFac0hDWHYyTXFLVitGTVdFK09CbzlhVDVOand5OHpiRlN0WW1KRFRXY3pKeEFiTytDT0NFcUlxNXQrCkRBVW1KYy95UXErRE54TnFPSjlDWkNDNkxLTTJNdUk5eUowK1V4YWJCbWM1UGZYd1p4N2NnYnE5QW9HQkFQRTkKNkcwdVdqZXA1T3VxNTBSN0ErTFRPdHJQQzRNMWtyOGVGNXNBZkFlNVhlTEl4V0o4eFRIRDdkY2l1eWFsS3ozNgovdXhXUXN0UHhadU5UV2dYSTVma1dnVVRiZ3MvdVRBTFNDQkpxa2tyL0h4em9HbGVQN3VsNFZ2S3M4c2V3NmFQCndMWTNDK3RGNlJtRmtYQU9RZ29aaEFYbmYrVmxKQ3laM3lzSm9rUERBb0dBUmgrdnJXTmZBVzcxVFFuVU5GdnAKZVl0aFJaZ3VLVFZoejl3Y1I2a2JMKzZ1NXpwUk1pVXowZEpnOTFBdHRESjgrbU1VRTZqOGFJc2pMZGxzcTU2SwpuWjNndk8wR3NxWlU4V01KbjZmYld1U1BVREZHcTAvU0Q0WU52VHJNZ0xOR0tEZmJ4QzRJUkZONXI4S3RCeDExCjd1TysxR3RLcUgwRjNxN2FQWFliRElrQ2dZRUFvcGNBOGFVTjlQb3lhWXR6OXptWnN1UitoRDZMR2RHZnArT1cKTVVld1VGeGtwSmFBUWhLcHJSTEtWL2IyZitOT002WFk3bHh0QkM0dGx0c3pVblpWN09kZ3JJOGQyY01IQXhSMwpkaHR3QTRUNzFMenhYbExCVGExTko5cUVOdC96S1cwMWl4bXFsTlUzZDVZSUlhZmFab2d2N1BMTHhrWFdqYURmClFsaHAzcFVDZ1lBZkNudGJRak53SmM3M3draUFheGl4Q0tlTDE1eFFzdkl6ZlZqUHpRODBaNm42ZVZDYVU1a1YKc0hGZHZJZmM1eVQ4c0xKcGpLeXJYVXF5Q0pSTFFXcXZKaDladDhrdTNHOWRGWlQyUyt4dEFFcmo0LzkrZVNMbgo3ZmpQclFwVVl0SkxWQXdlZUkxUUhRejVya1NZVWtkWW9hcFpYUGpxbFNxaXZJK0tMVitPS0E9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVakNDQWpxZ0F3SUJBZ0lSQUxKOUsyZ3FEaUVxdXNPNUlWREJBWmt3RFFZSktvWklodmNOQVFFTEJRQXcKTXpFeE1DOEdBMVVFQXhNb0wwTk9QVUZrYldsemMybHZiaUJEYjI1MGNtOXNiR1Z5SUZkbFltaHZiMnNnUkdWdApieUJEUVRBZUZ3MHlNakV5TWpZd01ERTJNRFJhRncweU56RXlNamN3TURFMk1EUmFNRE14TVRBdkJnTlZCQU1UCktDOURUajFCWkcxcGMzTnBiMjRnUTI5dWRISnZiR3hsY2lCWFpXSm9iMjlySUVSbGJXOGdRMEV3Z2dFaU1BMEcKQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUURzb0wySnhueE85V25CSk44MzBwY0xrN1Y3UG1OQgpaeFR4Y3lNNWdTSGNvcXo0TUg0RmZlS2Q1QXU3YkEyczYybmpWaDVUYjM1U1FJTlVEdFMvTU5TZDg1Tm5PdW5PCjFhcENld2NkVWxFZ3pZMVJ2clVHNDdic1U3U09yVXBxUmpSZ3d3b0pwWnZTbzJOaUYwYlJsTGlJYzFWSldPVkwKRkFvUUdYV0hMMnRrdEs3dlh4SDc5MStNczRaR2c1UDRhT1k4bEpRODl1SVovbFExbXVFNE9tUlN3bnJpaHRLUworWDkzdjh6c1pLYTJGanZFKzVWc0I3QjZFS3pySDJBRm5RUU9NUXNiT1NzRm9iQU5pTEx4UXFwV1p0a2pvQ3JUCmN0dWhwVDVUUjFyR2Y1eUFsL2ZDUTZSNjNFQlZFVkFoaURrUXI5aTA4d0FFeXJyTnVwKzdTclQzQWdNQkFBR2oKWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDcERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSApBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVMEs1OFlROERCM3dVYXZxVEw0QVBUK0RqClFId3dEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQU9uUE9YMjNEdldoVWY3WUhwbHE0LzhpN1F1cnlZbVdHenoKUXlMMGRQZm92d2VyQ080NUY1ZGY4dVdqSW5yc2xKN1gwVkR3VVQ3QXg0aHI4dkFqVjRyRGltOWw2dm96cDJPbwp5Zm1wcHlvWDU0VnVvVGFEYkxFUkpTaXVBaXJDcGxURkFxQ0NRM29qa0Rpb0ZjdU1oZEZQNFdDSHV0YUEybTYrCkVyTkd6WkFnZ3UrNWRpcnN6WTZ6L0NtSnNwcnhxeFFzNm16a3RpN3dhNWVNR21BeUNNaDBDcnRsTmRaQ0xBL08KZll3eFRvOFVralUxNGhKVUVsOHlaOEhPS3duN0dTUkJleFdKeHJDWkw4MExYeGRzMnpwMWVIQ3kxZXEvNTQrSAplV2w2Z3dJOFNkc3lScnFUbEcwTGw4aUJ5MjBYSGtRaU5CY2FER3AyU1BUYkp3Sk1LVmM9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K +--- +# Source: datree-admission-webhook/templates/webhook-with-cert-secrets.yaml +apiVersion: v1 +kind: Secret +metadata: + name: webhook-server-tls + labels: + app.kubernetes.io/name: datree-admission-webhook + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "datree-webhook" + app.kubernetes.io/version: 0.1.41 + app.kubernetes.io/part-of: "datree" + meta.helm.sh/release-name: "datree-admission-webhook" + meta.helm.sh/release-namespace: "datree" + helm.sh/chart: datree-admission-webhook-0.3.22 + namespace: datree + annotations: + self-signed-cert: "true" +type: kubernetes.io/tls +data: + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBeUVOamtDUU1ZK0NwKzhndE5zK014dnJ1WFA4dnVIa2pYS255aEF5YXBMb2VDdU80Ci90L0FlRWE1SFMyZHk3MVppemNNZ0xaanFqcGxBdk5qTFhEbjE3dG00eTVZUFJwQUgzWDhwcUN2bW0ya1dzM1QKUEZhY3BrRkljc2VCdTROVEJvSHVMbVcvTm9RMVcrS21DbHFEd3ZYKzk4ZzZQUmc1dkVCRmszUUkvM0RrRWlGdQo1R3lHQWZ2Tnp5cUVTbDNaajEzYm5rY0RuOXZ3VHE3RXY2YWhlbi83QjhELzB2YnBScFpYSkw4UTF4T1JOZDk0Cmh1VDh6U1QwekRZZnRLZDNYY0YrVWxKZklkNkNYSHc4THFkVUxJM3E4blhIb3NVeEtaY0ZWQ3YweGlaaWQvTk4KL3lTZGt0V3lNWEZHZDVIWjdqenVlVFdXZjB5bjJ4Vm5WbGNweVFJREFRQUJBb0lCQVFDZGlQVnZWQXd6SFc1YQpWRFBOSkNQWCsxazY2cnM5WUgzQ3pTV3JYc2Jmd2xFVHUrT3hDNDY2anRmYjdpQnRQenlMV1BpSzMrOHkzOURLCksyL2ZOU3dMOXEyUEZNdnc5UTl3TUQ1WlRab1YzeDRsR0RpTkJJMGg4OFRzRmFrbU9yNDdKa2FaVlF5LzgreU4KcFpOOEhZdjg5OHBrWEt3RGwyVURnNE8zNU5XWEtuQzdTaGNtL281RU5aOTRETjVBVFRxL1N1em0xYVJycXZiVQo2OEFrZllMNnFDbUFyaDlsb2w0aE9iTmE1MlZsdGtCNGE0R3hsNWlETjBNQlhJV1lmVUM2c1JIam1UUWJyUkd6CllRTE5tNmdwYTRPMUJDVjU1eVp5aFZrMlVyRENrandqaERiVGRHVGlDU25BRU9iSFJIUjhoYnFlQWwwbk5XQ1cKa3F5dXp5b0JBb0dCQU9sRGlMb1pEVEJuR2ZpYWhoY1lINmFvSUt3c2dLRHVPNDdOZkltSjAwZzRBTzFmOXNPNgptb1MyNUdMSVpFS1p0WmFtK2NGckk3RVBJSTVxV3lmQ3h5QURzdDhSdG5RVU5vUmFtVEVISE5sODBXVDVBd2xuCm9VYUdoaVV5RC9lYkNEU0wreGF2cFVtS29DeTR1Y095RjVHNEhsSmNCZE9HUWJiVUhtbzhsNkloQW9HQkFOdkkKYWtacGhUbmlBc3ZwV2VaN1daKzgrUTR2Z3FoVGE4Q1Q4WlU4a2hldXJETk5DaEFqNlljMnVKMldjd1JIMFExZApZOFhycHJXTDhjd2xRYmFmRmFMNnF1c2s4ZUtna0ltWm1DdWJZejNmSHRQNDg4N3FXSVZtQ2ZSbm0vcUZPdGo5CmZ5UTIxM3l0eTBIVlE0STI0eXNKeVBkZFNkaHZ3bC9QdllVTm5PS3BBb0dBUDc0eHZkRWN0bzVtSFhaMGtCa0sKaFN0S2ltSTY0RDlaelNOQUZnR3cxL3BkM29BcjJiN0RmT0xSdEdEWWJRNjkvYVl4ZC9hRU1WMVY0elVUSmVGbgpNc3R2OU45TlFabEljSkNsYmkxb1o5SmhFanV0NWNNSTRsSGVsSW1DcllJVEV2RHhzM2hhTGFlUkw4ZG5GQ0ExCnFwOXF3Y3pkMXJqSWVtS3EwUk12eUtFQ2dZQmlNVWhKN1JyNG9XRmVlUU1SVmtyVWN6bFNmU2VDek1KM1o2R24KYTBoYURGQWpHMmhEamNmb0FTcTZQVjFsckRCYUtEOUxUZDFOZnhpb2ZIeS9lcFBRSE8zLzRLR3cvc3VVcm1xdQpFTjVsNWlsL3l0b2l0OUNVeU9IcHIrQ2dMS1grREVPaGlsNzc5U202WCsycFg1eGV2aUJyWStKNk1IUkhHaWt5CktNTFBBUUtCZ1FDNXdvMFU2REF6NlN4Z3lCQkM3N2lBVWtsbU5vOFhoZnlEWGlwUWJDalMwV0RycWZPd2EyVDgKRkR1aXhhOHBmM0taWEdDQzQ1eU1BblZmWUY0dW1GU09xZkRPR0QyZFBlOWk3RWl1cWtOT1BZR0VXbk9hNzVuSApvdlNMN0Qvakg2L2Z0Tmh2UkVtdER2elBiT2x6VmY5bkk4M1pYZmpXQWl3YVFjMDlyYVlUbFE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURmRENDQW1TZ0F3SUJBZ0lSQU1yQTQreVRCL1dzejJDVzVKTkZRd1F3RFFZSktvWklodmNOQVFFTEJRQXcKTXpFeE1DOEdBMVVFQXhNb0wwTk9QVUZrYldsemMybHZiaUJEYjI1MGNtOXNiR1Z5SUZkbFltaHZiMnNnUkdWdApieUJEUVRBZUZ3MHlNakV5TWpZd01ERTJNRFJhRncweU56RXlNamN3TURFMk1EUmFNQzh4TFRBckJnTlZCQU1UCkpDOURUajFrWVhSeVpXVXRkMlZpYUc5dmF5MXpaWEoyWlhJdVpHRjBjbVZsTG5OMll6Q0NBU0l3RFFZSktvWkkKaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFNaERZNUFrREdQZ3FmdklMVGJQak1iNjdsei9MN2g1STF5cAo4b1FNbXFTNkhncmp1UDdmd0hoR3VSMHRuY3U5V1lzM0RJQzJZNm82WlFMell5MXc1OWU3WnVNdVdEMGFRQjkxCi9LYWdyNXB0cEZyTjB6eFduS1pCU0hMSGdidURVd2FCN2k1bHZ6YUVOVnZpcGdwYWc4TDEvdmZJT2owWU9ieEEKUlpOMENQOXc1QkloYnVSc2hnSDd6YzhxaEVwZDJZOWQyNTVIQTUvYjhFNnV4TCttb1hwLyt3ZkEvOUwyNlVhVwpWeVMvRU5jVGtUWGZlSWJrL00wazlNdzJIN1NuZDEzQmZsSlNYeUhlZ2x4OFBDNm5WQ3lONnZKMXg2TEZNU21YCkJWUXI5TVltWW5melRmOGtuWkxWc2pGeFJuZVIyZTQ4N25rMWxuOU1wOXNWWjFaWEtja0NBd0VBQWFPQmpqQ0IKaXpBT0JnTlZIUThCQWY4RUJBTUNCYUF3SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQwpNQXdHQTFVZEV3RUIvd1FDTUFBd0h3WURWUjBqQkJnd0ZvQVUwSzU4WVE4REIzd1VhdnFUTDRBUFQrRGpRSHd3Ckt3WURWUjBSQkNRd0lvSWdaR0YwY21WbExYZGxZbWh2YjJzdGMyVnlkbVZ5TG1SaGRISmxaUzV6ZG1Nd0RRWUoKS29aSWh2Y05BUUVMQlFBRGdnRUJBSGc0UmYwaU9TajR2cFozdUNtVXlUM2ZCV0Z6L3ZDOEcxeUVzWVZXR1NYSwo2Ni8zRHEyazR0Vkd0MWhSaFp3a1R4dVRXTkpiejRzcmZYOEhIVi8va2RsbmlmbldLQnFKNFVYVHFSS1ZjaWc5ClkyYWtleXEydEN5MUFTcVltMVBLWGVxUjFrZkpoZVhKZU80UVorWnpoaE45VmNqWUpQTCs0OWhFc2tFRmJRenIKSHZPUDVwamsyYjl3K0plUExaMkVHZC9KeG11cjhmVzA4YjFkMTYvUjVxMUZ2bnN0Z2RFUjV2b2k4UmJhSmV0agplSmtyc096YUovUC93K3NaaUZVU2todnlNZkpiZ0RVSTh2aG80VFl6aFlZV0NPUnJoRzdGSFVsWWpMNU0xVnQwCjFEWkJvNEdkUFhPRFErRTRQdzIvM0xwdGs3RDBPWlJRVWhZRFgrL2VmMHM9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K +--- +# Source: datree-admission-webhook/templates/cluster-scan-cronjob.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cluster-scan-job-role +rules: + - apiGroups: + - "*" + resources: + - "*" + verbs: + - "get" + - "list" +--- +# Source: datree-admission-webhook/templates/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: datree-webhook-server-read + labels: + app.kubernetes.io/name: datree-admission-webhook + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "datree-webhook" + app.kubernetes.io/version: 0.1.41 + app.kubernetes.io/part-of: "datree" + meta.helm.sh/release-name: "datree-admission-webhook" + meta.helm.sh/release-namespace: "datree" + helm.sh/chart: datree-admission-webhook-0.3.22 +rules: + - apiGroups: + - "" + resources: + - "nodes" + - "namespaces" + verbs: + - "get" + - "list" +--- +# Source: datree-admission-webhook/templates/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: datree-namespaces-update + labels: + app.kubernetes.io/name: datree-admission-webhook + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "datree-webhook" + app.kubernetes.io/version: 0.1.41 + app.kubernetes.io/part-of: "datree" + meta.helm.sh/release-name: "datree-admission-webhook" + meta.helm.sh/release-namespace: "datree" + helm.sh/chart: datree-admission-webhook-0.3.22 +rules: + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - update + - patch + resourceNames: + - kube-system + - datree +--- +# Source: datree-admission-webhook/templates/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: datree-validationwebhook-delete + labels: + app.kubernetes.io/name: datree-admission-webhook + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "datree-webhook" + app.kubernetes.io/version: 0.1.41 + app.kubernetes.io/part-of: "datree" + meta.helm.sh/release-name: "datree-admission-webhook" + meta.helm.sh/release-namespace: "datree" + helm.sh/chart: datree-admission-webhook-0.3.22 +rules: + - apiGroups: + - "admissionregistration.k8s.io" + resources: + - validatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + resourceNames: + - datree-webhook +--- +# Source: datree-admission-webhook/templates/cluster-scan-cronjob.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: cluster-scan-job-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-scan-job-role +subjects: + - kind: ServiceAccount + name: cluster-scan-job-service-account + namespace: datree +--- +# Source: datree-admission-webhook/templates/clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: datree-webhook-server-read + labels: + app.kubernetes.io/name: datree-admission-webhook + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "datree-webhook" + app.kubernetes.io/version: 0.1.41 + app.kubernetes.io/part-of: "datree" + meta.helm.sh/release-name: "datree-admission-webhook" + meta.helm.sh/release-namespace: "datree" + helm.sh/chart: datree-admission-webhook-0.3.22 +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datree-webhook-server-read # datree-webhook-server-read +subjects: + - kind: ServiceAccount + name: datree-webhook-server # datree-webhook-server + namespace: datree +--- +# Source: datree-admission-webhook/templates/clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: datree-namespaces-update + labels: + app.kubernetes.io/name: datree-admission-webhook + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "datree-webhook" + app.kubernetes.io/version: 0.1.41 + app.kubernetes.io/part-of: "datree" + meta.helm.sh/release-name: "datree-admission-webhook" + meta.helm.sh/release-namespace: "datree" + helm.sh/chart: datree-admission-webhook-0.3.22 +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datree-namespaces-update +subjects: + - kind: ServiceAccount + name: "datree-label-namespaces-hook-post-install" + namespace: "datree" + - kind: ServiceAccount + name: "datree-cleanup-namespaces-hook-pre-delete" + namespace: "datree" +--- +# Source: datree-admission-webhook/templates/clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: datree-validationwebhook-delete + labels: + app.kubernetes.io/name: datree-admission-webhook + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "datree-webhook" + app.kubernetes.io/version: 0.1.41 + app.kubernetes.io/part-of: "datree" + meta.helm.sh/release-name: "datree-admission-webhook" + meta.helm.sh/release-namespace: "datree" + helm.sh/chart: datree-admission-webhook-0.3.22 +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datree-validationwebhook-delete +subjects: + - kind: ServiceAccount + name: "datree-cleanup-namespaces-hook-pre-delete" + namespace: "datree" +--- +# Source: datree-admission-webhook/templates/role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: datree-pods-reader + labels: + app.kubernetes.io/name: datree-admission-webhook + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "datree-webhook" + app.kubernetes.io/version: 0.1.41 + app.kubernetes.io/part-of: "datree" + meta.helm.sh/release-name: "datree-admission-webhook" + meta.helm.sh/release-namespace: "datree" + helm.sh/chart: datree-admission-webhook-0.3.22 +rules: + - apiGroups: + - "" + resources: + - "pods" + - "jobs" + verbs: + - "get" + - "list" + - "watch" +--- +# Source: datree-admission-webhook/templates/rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: datree-pods-reader + labels: + app.kubernetes.io/name: datree-admission-webhook + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "datree-webhook" + app.kubernetes.io/version: 0.1.41 + app.kubernetes.io/part-of: "datree" + meta.helm.sh/release-name: "datree-admission-webhook" + meta.helm.sh/release-namespace: "datree" + helm.sh/chart: datree-admission-webhook-0.3.22 +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datree-pods-reader +subjects: + - kind: ServiceAccount + name: datree-wait-server-ready-hook-post-install + namespace: "datree" +--- +# Source: datree-admission-webhook/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: datree-webhook-server + namespace: datree + labels: + app.kubernetes.io/name: datree-admission-webhook + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "datree-webhook" + app.kubernetes.io/version: 0.1.41 + app.kubernetes.io/part-of: "datree" + meta.helm.sh/release-name: "datree-admission-webhook" + meta.helm.sh/release-namespace: "datree" + helm.sh/chart: datree-admission-webhook-0.3.22 +spec: + selector: + app: "datree-webhook-server" + ports: + - port: 443 + targetPort: webhook-api +--- +# Source: datree-admission-webhook/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: datree-webhook-server + namespace: datree + labels: + app.kubernetes.io/name: datree-admission-webhook + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "datree-webhook" + app.kubernetes.io/version: 0.1.41 + app.kubernetes.io/part-of: "datree" + meta.helm.sh/release-name: "datree-admission-webhook" + meta.helm.sh/release-namespace: "datree" + helm.sh/chart: datree-admission-webhook-0.3.22 + owner: datree + app: "datree-webhook-server" +spec: + replicas: 2 + selector: + matchLabels: + app: "datree-webhook-server" + template: + metadata: + labels: + app.kubernetes.io/name: datree-admission-webhook + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "datree-webhook" + app.kubernetes.io/version: 0.1.41 + app.kubernetes.io/part-of: "datree" + meta.helm.sh/release-name: "datree-admission-webhook" + meta.helm.sh/release-namespace: "datree" + helm.sh/chart: datree-admission-webhook-0.3.22 + app: "datree-webhook-server" + spec: + serviceAccountName: datree-webhook-server + containers: + - name: server + # caution: don't change the order of the environment variables + # changing the order will harm resource patching + env: + - name: DATREE_TOKEN + value: "ef7088eb-3096-4533-97d8-f16fb3a5b0c1" + - name: DATREE_POLICY + value: Starter + - name: DATREE_VERBOSE + value: "" + - name: DATREE_OUTPUT + value: "" + - name: DATREE_NO_RECORD + value: "" + - name: DATREE_ENFORCE + value: "" + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 25000 + livenessProbe: + httpGet: + path: /health + port: 8443 + scheme: HTTPS + initialDelaySeconds: 5 + periodSeconds: 10 + readinessProbe: + httpGet: + path: /ready + port: 8443 + scheme: HTTPS + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + {} + image: "datree/admission-webhook:0.1.41" + imagePullPolicy: Always + ports: + - containerPort: 8443 + name: webhook-api + volumeMounts: + - name: webhook-tls-certs + mountPath: /run/secrets/tls + readOnly: true + - name: webhook-config + mountPath: /config + readOnly: true + volumes: + - name: webhook-tls-certs + secret: + secretName: webhook-server-tls + - name: webhook-config + configMap: + name: webhook-scanning-filters + optional: true +--- +# Source: datree-admission-webhook/templates/cluster-scan-cronjob.yaml +apiVersion: batch/v1 +kind: Job +metadata: + name: scan-job + namespace: datree +spec: + backoffLimit: 4 + template: + spec: + serviceAccountName: cluster-scan-job-service-account + restartPolicy: Never + containers: + - name: scan-job + env: + - name: DATREE_TOKEN + value: ef7088eb-3096-4533-97d8-f16fb3a5b0c1 + - name: DATREE_POLICY + value: Starter + - name: CLUSTER_NAME + value: kind-datree + securityContext: + + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 25000 + seccompProfile: + type: RuntimeDefault + image: "datree/scan-job:0.0.13" + imagePullPolicy: Always + resources: + {} + volumeMounts: + - name: webhook-config + mountPath: /config + readOnly: true + volumes: + - name: webhook-config + configMap: + name: webhook-scanning-filters + optional: true +--- +# Source: datree-admission-webhook/templates/cluster-scan-cronjob.yaml +apiVersion: batch/v1beta1 +kind: CronJob +metadata: + name: scan-cronjob + namespace: datree +spec: + # get the current time, subtract 5 minutes, extract the minutes and inject it into the cron expression + # if helm installation was done at 13:35, the cron expression will be 30 * * * *, which means the job will run at 14:30, 15:30, 16:30, etc. + schedule: "11 * * * *" # every hour, starting 55 minutes after helm installation + jobTemplate: + spec: + backoffLimit: 4 + template: + spec: + serviceAccountName: cluster-scan-job-service-account + restartPolicy: Never + containers: + - name: scan-job + env: + - name: DATREE_TOKEN + value: ef7088eb-3096-4533-97d8-f16fb3a5b0c1 + - name: DATREE_POLICY + value: Starter + - name: CLUSTER_NAME + value: kind-datree + securityContext: + + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 25000 + seccompProfile: + type: RuntimeDefault + image: "datree/scan-job:0.0.13" + imagePullPolicy: Always + resources: + {} + volumeMounts: + - name: webhook-config + mountPath: /config + readOnly: true + volumes: + - name: webhook-config + configMap: + name: webhook-scanning-filters + optional: true +--- +# Source: datree-admission-webhook/templates/namespace-post-delete.yaml +apiVersion: batch/v1 +kind: Job +metadata: + name: datree-cleanup-namespaces-hook-pre-delete + labels: + app.kubernetes.io/name: datree-admission-webhook + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "datree-webhook" + app.kubernetes.io/version: 0.1.41 + app.kubernetes.io/part-of: "datree" + meta.helm.sh/release-name: "datree-admission-webhook" + meta.helm.sh/release-namespace: "datree" + helm.sh/chart: datree-admission-webhook-0.3.22 + namespace: datree + annotations: + "helm.sh/hook": pre-delete, pre-upgrade + "helm.sh/hook-delete-policy": hook-succeeded, hook-failed +spec: + template: + metadata: + labels: + app.kubernetes.io/name: datree-admission-webhook + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "datree-webhook" + app.kubernetes.io/version: 0.1.41 + app.kubernetes.io/part-of: "datree" + meta.helm.sh/release-name: "datree-admission-webhook" + meta.helm.sh/release-namespace: "datree" + helm.sh/chart: datree-admission-webhook-0.3.22 + spec: + restartPolicy: OnFailure + serviceAccount: datree-cleanup-namespaces-hook-pre-delete + nodeSelector: + kubernetes.io/os: linux + containers: + - name: kubectl-label + image: "clastix/kubectl:v1.25" + imagePullPolicy: IfNotPresent + command: + - sh + - "-c" + - >- + kubectl delete validatingwebhookconfigurations.admissionregistration.k8s.io datree-webhook -n datree; + kubectl label ns kube-system datree datree.io/skip-; +--- +# Source: datree-admission-webhook/templates/namespace-post-install.yaml +apiVersion: batch/v1 +kind: Job +metadata: + name: datree-label-namespaces-hook-post-install + namespace: datree + labels: + app.kubernetes.io/name: datree-admission-webhook + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "datree-webhook" + app.kubernetes.io/version: 0.1.41 + app.kubernetes.io/part-of: "datree" + meta.helm.sh/release-name: "datree-admission-webhook" + meta.helm.sh/release-namespace: "datree" + helm.sh/chart: datree-admission-webhook-0.3.22 + annotations: + "helm.sh/hook": post-install, post-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded, hook-failed +spec: + template: + metadata: + labels: + app.kubernetes.io/name: datree-admission-webhook + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "datree-webhook" + app.kubernetes.io/version: 0.1.41 + app.kubernetes.io/part-of: "datree" + meta.helm.sh/release-name: "datree-admission-webhook" + meta.helm.sh/release-namespace: "datree" + helm.sh/chart: datree-admission-webhook-0.3.22 + spec: + serviceAccount: datree-label-namespaces-hook-post-install + restartPolicy: OnFailure + nodeSelector: + kubernetes.io/os: linux + containers: + - name: kubectl-label + image: "clastix/kubectl:v1.25" + imagePullPolicy: IfNotPresent + args: + - label + - ns + - kube-system + - datree + - admission.datree/validate=skip + - --overwrite +--- +# Source: datree-admission-webhook/templates/wait-server-ready-post-install.yaml +apiVersion: batch/v1 +kind: Job +metadata: + name: datree-wait-server-ready-hook-post-install + namespace: datree + labels: + app.kubernetes.io/name: datree-admission-webhook + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "datree-webhook" + app.kubernetes.io/version: 0.1.41 + app.kubernetes.io/part-of: "datree" + meta.helm.sh/release-name: "datree-admission-webhook" + meta.helm.sh/release-namespace: "datree" + helm.sh/chart: datree-admission-webhook-0.3.22 + annotations: + "helm.sh/hook": post-install, post-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded, hook-failed +spec: + template: + metadata: + name: datree-wait-server-ready-hook-post-install + labels: + app.kubernetes.io/name: datree-admission-webhook + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "datree-webhook" + app.kubernetes.io/version: 0.1.41 + app.kubernetes.io/part-of: "datree" + meta.helm.sh/release-name: "datree-admission-webhook" + meta.helm.sh/release-namespace: "datree" + helm.sh/chart: datree-admission-webhook-0.3.22 + spec: + serviceAccountName: datree-wait-server-ready-hook-post-install + restartPolicy: Never + containers: + - name: kubectl-client + image: "clastix/kubectl:v1.25" + imagePullPolicy: IfNotPresent + command: + - sh + - "-c" + - >- + kubectl wait --for=condition=ready pod -l app=datree-webhook-server --timeout="180s" +--- +# Source: datree-admission-webhook/templates/webhook-with-cert-secrets.yaml +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: datree-webhook + annotations: + "helm.sh/hook": post-install, post-upgrade + "helm.sh/hook-weight": "-5" +webhooks: + - name: webhook-server.datree.svc + sideEffects: None + timeoutSeconds: 30 + failurePolicy: Ignore + admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: datree-webhook-server + namespace: datree + path: "/validate" + caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVakNDQWpxZ0F3SUJBZ0lSQUxKOUsyZ3FEaUVxdXNPNUlWREJBWmt3RFFZSktvWklodmNOQVFFTEJRQXcKTXpFeE1DOEdBMVVFQXhNb0wwTk9QVUZrYldsemMybHZiaUJEYjI1MGNtOXNiR1Z5SUZkbFltaHZiMnNnUkdWdApieUJEUVRBZUZ3MHlNakV5TWpZd01ERTJNRFJhRncweU56RXlNamN3TURFMk1EUmFNRE14TVRBdkJnTlZCQU1UCktDOURUajFCWkcxcGMzTnBiMjRnUTI5dWRISnZiR3hsY2lCWFpXSm9iMjlySUVSbGJXOGdRMEV3Z2dFaU1BMEcKQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUURzb0wySnhueE85V25CSk44MzBwY0xrN1Y3UG1OQgpaeFR4Y3lNNWdTSGNvcXo0TUg0RmZlS2Q1QXU3YkEyczYybmpWaDVUYjM1U1FJTlVEdFMvTU5TZDg1Tm5PdW5PCjFhcENld2NkVWxFZ3pZMVJ2clVHNDdic1U3U09yVXBxUmpSZ3d3b0pwWnZTbzJOaUYwYlJsTGlJYzFWSldPVkwKRkFvUUdYV0hMMnRrdEs3dlh4SDc5MStNczRaR2c1UDRhT1k4bEpRODl1SVovbFExbXVFNE9tUlN3bnJpaHRLUworWDkzdjh6c1pLYTJGanZFKzVWc0I3QjZFS3pySDJBRm5RUU9NUXNiT1NzRm9iQU5pTEx4UXFwV1p0a2pvQ3JUCmN0dWhwVDVUUjFyR2Y1eUFsL2ZDUTZSNjNFQlZFVkFoaURrUXI5aTA4d0FFeXJyTnVwKzdTclQzQWdNQkFBR2oKWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDcERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSApBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVMEs1OFlROERCM3dVYXZxVEw0QVBUK0RqClFId3dEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQU9uUE9YMjNEdldoVWY3WUhwbHE0LzhpN1F1cnlZbVdHenoKUXlMMGRQZm92d2VyQ080NUY1ZGY4dVdqSW5yc2xKN1gwVkR3VVQ3QXg0aHI4dkFqVjRyRGltOWw2dm96cDJPbwp5Zm1wcHlvWDU0VnVvVGFEYkxFUkpTaXVBaXJDcGxURkFxQ0NRM29qa0Rpb0ZjdU1oZEZQNFdDSHV0YUEybTYrCkVyTkd6WkFnZ3UrNWRpcnN6WTZ6L0NtSnNwcnhxeFFzNm16a3RpN3dhNWVNR21BeUNNaDBDcnRsTmRaQ0xBL08KZll3eFRvOFVralUxNGhKVUVsOHlaOEhPS3duN0dTUkJleFdKeHJDWkw4MExYeGRzMnpwMWVIQ3kxZXEvNTQrSAplV2w2Z3dJOFNkc3lScnFUbEcwTGw4aUJ5MjBYSGtRaU5CY2FER3AyU1BUYkp3Sk1LVmM9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + namespaceSelector: + matchExpressions: + - key: admission.datree/validate + operator: DoesNotExist + rules: + - operations: ["CREATE", "UPDATE"] + apiGroups: ["*"] + apiVersions: ["*"] + resources: ["*"] From 51bf4bd38370dd6f6e30baeb2092b8e014106a27 Mon Sep 17 00:00:00 2001 From: marcel-dempers Date: Thu, 12 Jan 2023 16:42:33 +1100 Subject: [PATCH 06/12] datree test --- .github/cicd.yaml | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 .github/cicd.yaml diff --git a/.github/cicd.yaml b/.github/cicd.yaml new file mode 100644 index 0000000..a7df956 --- /dev/null +++ b/.github/cicd.yaml @@ -0,0 +1,34 @@ +on: + workflow_dispatch: + push: + branches: [ datree-scoping ] +env: + DATREE_TOKEN: ${{ secrets.DATREE_TOKEN }} + +jobs: + k8sPolicyCheck: + runs-on: ubuntu-latest + + steps: + - name: checkout + uses: actions/checkout@v2 + - name: run datree policy check + uses: datreeio/action-datree@main + with: + path: 'kubernetes/datree/example/deployment.yaml' + cliArguments: '--only-k8s-files' + - name: docker login + env: + DOCKER_USER: ${{ secrets.DOCKER_USER }} + DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} + run: | + docker login -u $DOCKER_USER -p $DOCKER_PASSWORD + - name: build + run: | + docker build ./c# -t aimvector/csharp:1.0.0 + - name: push + run: | + docker push aimvector/csharp:1.0.0 + - name: deploy + run: | + echo 'deploying...' \ No newline at end of file From 7125049bab9fa81fd0a8c562191ea43d837d4796 Mon Sep 17 00:00:00 2001 From: marcel-dempers Date: Thu, 12 Jan 2023 16:43:31 +1100 Subject: [PATCH 07/12] datree test --- .github/cicd.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/cicd.yaml b/.github/cicd.yaml index a7df956..adf19f2 100644 --- a/.github/cicd.yaml +++ b/.github/cicd.yaml @@ -1,10 +1,9 @@ on: workflow_dispatch: push: - branches: [ datree-scoping ] + branches: [ datree-scoring ] env: DATREE_TOKEN: ${{ secrets.DATREE_TOKEN }} - jobs: k8sPolicyCheck: runs-on: ubuntu-latest From 93fef37b6e160dcb0bf0bb3f16a89f876f225dc6 Mon Sep 17 00:00:00 2001 From: marcel-dempers Date: Thu, 12 Jan 2023 16:45:11 +1100 Subject: [PATCH 08/12] some new change --- .github/workflows/cicd.yaml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 .github/workflows/cicd.yaml diff --git a/.github/workflows/cicd.yaml b/.github/workflows/cicd.yaml new file mode 100644 index 0000000..adf19f2 --- /dev/null +++ b/.github/workflows/cicd.yaml @@ -0,0 +1,33 @@ +on: + workflow_dispatch: + push: + branches: [ datree-scoring ] +env: + DATREE_TOKEN: ${{ secrets.DATREE_TOKEN }} +jobs: + k8sPolicyCheck: + runs-on: ubuntu-latest + + steps: + - name: checkout + uses: actions/checkout@v2 + - name: run datree policy check + uses: datreeio/action-datree@main + with: + path: 'kubernetes/datree/example/deployment.yaml' + cliArguments: '--only-k8s-files' + - name: docker login + env: + DOCKER_USER: ${{ secrets.DOCKER_USER }} + DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} + run: | + docker login -u $DOCKER_USER -p $DOCKER_PASSWORD + - name: build + run: | + docker build ./c# -t aimvector/csharp:1.0.0 + - name: push + run: | + docker push aimvector/csharp:1.0.0 + - name: deploy + run: | + echo 'deploying...' \ No newline at end of file From d271b8090128fb3d2c5c433bef67725eebfbe3ac Mon Sep 17 00:00:00 2001 From: marcel-dempers Date: Sat, 14 Jan 2023 09:14:40 +1100 Subject: [PATCH 09/12] datree updates --- .github/cicd.yaml | 33 - .github/workflows/cicd.yaml | 33 - kubernetes/datree/README-2023.md | 103 ++- kubernetes/datree/configuration/config.yaml | 8 + kubernetes/datree/example/cms/deploy.yaml | 2 +- kubernetes/datree/github-actions/datree.yaml | 6 +- .../manifests/datree.0.1.46-enforce.yaml | 718 ++++++++++++++++++ ...{datree.0.1.41.yaml => datree.0.1.46.yaml} | 12 +- 8 files changed, 830 insertions(+), 85 deletions(-) delete mode 100644 .github/cicd.yaml delete mode 100644 .github/workflows/cicd.yaml create mode 100644 kubernetes/datree/configuration/config.yaml create mode 100644 kubernetes/datree/manifests/datree.0.1.46-enforce.yaml rename kubernetes/datree/manifests/{datree.0.1.41.yaml => datree.0.1.46.yaml} (73%) diff --git a/.github/cicd.yaml b/.github/cicd.yaml deleted file mode 100644 index adf19f2..0000000 --- a/.github/cicd.yaml +++ /dev/null @@ -1,33 +0,0 @@ -on: - workflow_dispatch: - push: - branches: [ datree-scoring ] -env: - DATREE_TOKEN: ${{ secrets.DATREE_TOKEN }} -jobs: - k8sPolicyCheck: - runs-on: ubuntu-latest - - steps: - - name: checkout - uses: actions/checkout@v2 - - name: run datree policy check - uses: datreeio/action-datree@main - with: - path: 'kubernetes/datree/example/deployment.yaml' - cliArguments: '--only-k8s-files' - - name: docker login - env: - DOCKER_USER: ${{ secrets.DOCKER_USER }} - DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} - run: | - docker login -u $DOCKER_USER -p $DOCKER_PASSWORD - - name: build - run: | - docker build ./c# -t aimvector/csharp:1.0.0 - - name: push - run: | - docker push aimvector/csharp:1.0.0 - - name: deploy - run: | - echo 'deploying...' \ No newline at end of file diff --git a/.github/workflows/cicd.yaml b/.github/workflows/cicd.yaml deleted file mode 100644 index adf19f2..0000000 --- a/.github/workflows/cicd.yaml +++ /dev/null @@ -1,33 +0,0 @@ -on: - workflow_dispatch: - push: - branches: [ datree-scoring ] -env: - DATREE_TOKEN: ${{ secrets.DATREE_TOKEN }} -jobs: - k8sPolicyCheck: - runs-on: ubuntu-latest - - steps: - - name: checkout - uses: actions/checkout@v2 - - name: run datree policy check - uses: datreeio/action-datree@main - with: - path: 'kubernetes/datree/example/deployment.yaml' - cliArguments: '--only-k8s-files' - - name: docker login - env: - DOCKER_USER: ${{ secrets.DOCKER_USER }} - DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} - run: | - docker login -u $DOCKER_USER -p $DOCKER_PASSWORD - - name: build - run: | - docker build ./c# -t aimvector/csharp:1.0.0 - - name: push - run: | - docker push aimvector/csharp:1.0.0 - - name: deploy - run: | - echo 'deploying...' \ No newline at end of file diff --git a/kubernetes/datree/README-2023.md b/kubernetes/datree/README-2023.md index 88c944c..a0c044e 100644 --- a/kubernetes/datree/README-2023.md +++ b/kubernetes/datree/README-2023.md @@ -56,7 +56,7 @@ helm search repo datree-webhook --versions Grab the manifest: ``` CHART_VERSION="0.3.22" -APP_VERSION="0.1.41" +APP_VERSION="0.1.46" DATREE_TOKEN="" mkdir ./kubernetes/datree/manifests/ @@ -85,13 +85,22 @@ kubectl -n datree get pods ## View our Cluster Score Now with Datree installed in our cluster, we can review it's current scoring in the Datree [Dashboard](https://app.datree.io/overview)
- As we are running a test cluster or if you run in the cloud, there may be some cloud components in namespaces that you may want to ignore.
-We can do this by labeling a namespace which is [documented here](https://hub.datree.io/configuration/behavior#ignore-a-namespace) +We can do this by labeling a namespace which is [documented here](https://hub.datree.io/configuration/behavior#ignore-a-namespace)
+

+OR
+ +We can do this by using the [configuration file](https://hub.datree.io/configuration/behavior#ignore-a-namespace) for datree + ``` +# skip namespace using label kubectl label namespaces local-path-storage "admission.datree/validate=skip" +# skip namespace using configmap + +kubectl -n datree apply -f kubernetes/datree/configuration/config.yaml +kubectl rollout restart deployment -n datree ``` According to the dashboard, we still have a `D` score, let's rerun the scan: @@ -142,15 +151,68 @@ kubectl get job "scan-job" -n datree -o json | jq 'del(.spec.selector)' | jq 'de Now we can follow the dashboard, to check our `namespace` for policy issues and start fixing them.
-Datree has a ton of features and capabilities.
-We can even run it locally using the CLI +Summary of our fixes: + +``` +spec: + containers: + - name: wordpress + image: wordpress:5.9-apache + +kind: Deployment +spec: + template: + spec: + containers: + - name: wordpress + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + resources: + limits: + memory: "500Mi" + requests: + memory: "500Mi" + +spec: + containers: + - name: wordpress + livenessProbe: + httpGet: + path: / + port: 80 + readinessProbe: + httpGet: + path: / + port: 80 + +kind: Deployment +spec: + template: + spec: + containers: + - name: wordpress + volumeMounts: + - mountPath: /tmp + name: temp + - mountPath: /var/run/apache2/ + name: apache + volumes: + - emptyDir: {} + name: temp + - emptyDir: {} + name: apache + +kubectl -n cms apply -f kubernetes/datree/example/cms/ +``` ## Datree CLI : Testing our YAML locally We can install the latest version of Datree with the command advertised: ``` -curl https://get.datree.io | /bin/bash +apk add unzip +curl https://get.datree.io | /bin/sh ``` ### Policy check @@ -158,7 +220,7 @@ curl https://get.datree.io | /bin/bash Let's test my example manifests under our datree folder `kubernetes\datree\example` ``` -datree test ./kubernetes/datree/example/cms/ +datree test ./kubernetes/datree/example/cms/*.yaml ``` # CI/CD examples @@ -168,5 +230,32 @@ Once we have sorted out our policy issues, we can add Datree to our CI/CD pipeli Checkout the [CI/CD integrations](https://hub.datree.io/cicd-examples) page.
+# Enforcing Policies +Configure Datree to enforce policies.
+We can use `helm upgrade` with the `--set` flag and set enforce to true like: +``` +--set datree.enforce=true +``` + +Let's apply it to a new manifest and deploy it to our cluster: + +``` +helm template datree-webhook datree-webhook/datree-admission-webhook \ +--create-namespace \ +--set datree.enforce=true \ +--set datree.token=${DATREE_TOKEN} \ +--set datree.clusterName=$(kubectl config current-context) \ +--version ${CHART_VERSION} \ +--namespace datree \ +> ./kubernetes/datree/manifests/datree.${APP_VERSION}-enforce.yaml + +kubectl apply -n datree -f kubernetes/datree/manifests/datree.0.1.46-enforce.yaml +``` + +Try to apply our Wordpress MySQL which violates policies : + +``` +kubectl -n cms apply -f kubernetes/datree/example/cms/statefulset.yaml +``` \ No newline at end of file diff --git a/kubernetes/datree/configuration/config.yaml b/kubernetes/datree/configuration/config.yaml new file mode 100644 index 0000000..0cf2993 --- /dev/null +++ b/kubernetes/datree/configuration/config.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: webhook-scanning-filters + namespace: datree +data: + skiplist: | + - local-path-storage;(.*);(.*) \ No newline at end of file diff --git a/kubernetes/datree/example/cms/deploy.yaml b/kubernetes/datree/example/cms/deploy.yaml index 121fefe..74ffc3e 100644 --- a/kubernetes/datree/example/cms/deploy.yaml +++ b/kubernetes/datree/example/cms/deploy.yaml @@ -16,7 +16,7 @@ spec: spec: containers: - name: wordpress - image: aimvector/wordpress-example + image: wordpress ports: - containerPort: 80 env: diff --git a/kubernetes/datree/github-actions/datree.yaml b/kubernetes/datree/github-actions/datree.yaml index c1e1762..adf19f2 100644 --- a/kubernetes/datree/github-actions/datree.yaml +++ b/kubernetes/datree/github-actions/datree.yaml @@ -1,13 +1,9 @@ on: workflow_dispatch: push: - branches: [ datree ] - pull_request: - branches: [ datree ] - + branches: [ datree-scoring ] env: DATREE_TOKEN: ${{ secrets.DATREE_TOKEN }} - jobs: k8sPolicyCheck: runs-on: ubuntu-latest diff --git a/kubernetes/datree/manifests/datree.0.1.46-enforce.yaml b/kubernetes/datree/manifests/datree.0.1.46-enforce.yaml new file mode 100644 index 0000000..4124f41 --- /dev/null +++ b/kubernetes/datree/manifests/datree.0.1.46-enforce.yaml @@ -0,0 +1,718 @@ +--- +# Source: datree-admission-webhook/templates/cluster-scan-cronjob.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: cluster-scan-job-service-account + namespace: datree +--- +# Source: datree-admission-webhook/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: datree-webhook-server + namespace: datree + labels: + app.kubernetes.io/name: datree-admission-webhook + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "datree-webhook" + app.kubernetes.io/version: 0.1.41 + app.kubernetes.io/part-of: "datree" + meta.helm.sh/release-name: "datree-admission-webhook" + meta.helm.sh/release-namespace: "datree" + helm.sh/chart: datree-admission-webhook-0.3.22 +--- +# Source: datree-admission-webhook/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: datree-label-namespaces-hook-post-install + labels: + app.kubernetes.io/name: datree-admission-webhook + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "datree-webhook" + app.kubernetes.io/version: 0.1.41 + app.kubernetes.io/part-of: "datree" + meta.helm.sh/release-name: "datree-admission-webhook" + meta.helm.sh/release-namespace: "datree" + helm.sh/chart: datree-admission-webhook-0.3.22 +--- +# Source: datree-admission-webhook/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: datree-cleanup-namespaces-hook-pre-delete + labels: + app.kubernetes.io/name: datree-admission-webhook + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "datree-webhook" + app.kubernetes.io/version: 0.1.41 + app.kubernetes.io/part-of: "datree" + meta.helm.sh/release-name: "datree-admission-webhook" + meta.helm.sh/release-namespace: "datree" + helm.sh/chart: datree-admission-webhook-0.3.22 +--- +# Source: datree-admission-webhook/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: datree-wait-server-ready-hook-post-install + labels: + app.kubernetes.io/name: datree-admission-webhook + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "datree-webhook" + app.kubernetes.io/version: 0.1.41 + app.kubernetes.io/part-of: "datree" + meta.helm.sh/release-name: "datree-admission-webhook" + meta.helm.sh/release-namespace: "datree" + helm.sh/chart: datree-admission-webhook-0.3.22 +--- +# Source: datree-admission-webhook/templates/webhook-with-cert-secrets.yaml +apiVersion: v1 +kind: Secret +metadata: + name: datree-ca-tls + labels: + app.kubernetes.io/name: datree-admission-webhook + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "datree-webhook" + app.kubernetes.io/version: 0.1.41 + app.kubernetes.io/part-of: "datree" + meta.helm.sh/release-name: "datree-admission-webhook" + meta.helm.sh/release-namespace: "datree" + helm.sh/chart: datree-admission-webhook-0.3.22 + namespace: datree +type: kubernetes.io/tls +data: + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBNHZiVnZJUzc0N1B2eFQyMER4amQ5ZFBUSGhJcWlYbUdlc1BEd2EwdFVoUFJPZjFLCm0yZ0Z4YjVpNkl5TEE2Zi81R00wT0xZVGVNc1pQSUlycytSMGpyZ016b1lXdWRZSlQ2ayttZmFyaGtlUGJ1NTcKWGg5NHBOamttTVhkOHNROS8rVkpoTnRNRFN0MjlkaHlOZ2o1am1Ea3NUNHRFUXF3aHcvOXZSRVlYYlJOazR4LwovMm5TMkdjdnhXVkU3WFlzZ3pNOVRXS3VqR01tQ2h1dXY3WEZweEtBbllRbDNPUUV2YUVQNC9rdmUyWFJsZStPCmNYbW16eXhMa29VMXNPQlRMclhqMU04V3pIRTNiMGtPcFdHV2toVjc3b0RJRlAwS1RXY29kVTN5V2JxaU9TM2UKajJmSGJlaXpmRXZsUWdsOStTdUwvNjdjK2RLTHBSbTJva0JSS1FJREFRQUJBb0lCQURkdVhZa3JTZEEwOUF4UwpJNVhFVndGZytLRFJndjRNWmlHNWlpZlZLY3B2K0p1WEZ3K1plajl2WGl5NWxvSVFGOWtwdVdsWVhxMFR2VmdmCjJwaVc1VGl1RHNLcDBRY1dGVFFWZTZxU3FoV2ppSTVwUkV3YWw1WjdPbWx0ZWVWK3REMjVQQmxzamNoeG94NHIKL01qaHJFRnZ2S3JsS3BDTThjd3F4YWZWY3dQL1BUdzFwUkVxRnpTRkxjamplK2xCNWZUWFdxV2RqMFpkQzdjQwpyVTVQNXZMZEVSRUZnU1dLY3FMd0RRL3MyclNqTEEzREdSSzJQa0hDblJ6cm52ZmIxNWVxNHhCQ253eTQ4WlByCnAzekxZV29BSXlMendObHNTdW5ETU01T1VjRE9wYk84a3RFVHZKZVErUGkvSVBpMXNHUUQ4MEdyS1NuazBkZHQKbWpBNWtXRUNnWUVBL3kxSm5KWUl1anExOGFsZGY4d0R6SWN4RVRLNUxIcW5ZRjhJZ2NLcDQ3WXdGK0d1c2c5cApia2lIdnBqY3pvNVVmZUNvMUhoSGw3L2NRUTIza2E0MW1aRnByYzhna0dINlFTd0h3RERHeHBjZXJRY2hOeVdpCkJPL2dYdC9nRUlSTWN6cE1IVTMrSTVBQm9uamZJUFdLTDVXYXFUellHV1FrZUU1cEVlRXEvUjBDZ1lFQTQ3SkEKTGxDSnZ6dFN0cE5DNXkrZTJkQ2NubG1NR014SVMxQXcwdFNZSVR1ajM2bnBVSEJ1cDBMTmdZZ2RBaDhwc05lYwo2N2ZDVHlucHFsN0tNQS90MEF1K250UWErYllOYmNHT1Y5SWZyL0F3K2VrRnZ6d2J4bm5kd1BSNnhicndIRmNxCkVpaWxKS0V5UXZ1dW9uVkZmSDBGNEtmdUtua2xubk5VQXkrQ2duMENnWUJpRktBa3BhNTVGalAwelNwNUFvdTcKUTROaW51SjU3RE1GWWNHOVRudEtZUzZmSDBtc2V5d0ZEYS9QWEtZU1pyYW5JNEVCR2JJNjY2M1crMVRCay9wYQpLb0E2SkZEWjdpN29lZW9JdnpiSUFqSHlRN2xLbnhabFcyWWNVV1NvTkpIR0FIUmRGeXRGdEFaTTByVEEwRi9xCjVrL3FHTTdmQTVUWkFScDFtdHlSS1FLQmdRQ2QrKy9NTXRWZ2Vpakp4U09HaE9RUy9VdXVFelBCZ1B3b1JWdWEKN1NjZzUrQ3NMNWhTMTYvdkhjcTVOVmZyUVBRTVg0M2hmMzZ5cnNJU0UvTDFwaGU3WW1yQWlTcXVXRUs1QkxOZQorOHhBcHNkVW52bjkxaGJ2ZjE3OW9xUU16Y2dMNGU2dTZzU3F4YTI2RENiL1VaOEU0VHBTeGpIYUJuU3puQkdPCnBFaEpnUUtCZ1FEb1NVNDJQbnl4djlOM2JMYmc1SE1rTHp5cDVHdVhOVTdRZjN2dEw0TzB5M2gxcDN0N1c1QnEKM2tuTzI4SS8yR3hibTE5RllOdnlHMnpvaG5ReHFUR2dGTmx2aGMyKzMxaGRpMVZyZndGVENlbzNPbTRuWm04ZApBdEE0Z0x0aE55K3hDWHZieHZuT0x4WkU3UWh4aE1UdWkyYW4rY1I4L0xHdHNaNXc1R09jK2c9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVVENDQWptZ0F3SUJBZ0lRQTZSWVVlb1BUQzRuc2dOQ3JWQXZBekFOQmdrcWhraUc5dzBCQVFzRkFEQXoKTVRFd0x3WURWUVFERXlndlEwNDlRV1J0YVhOemFXOXVJRU52Ym5SeWIyeHNaWElnVjJWaWFHOXZheUJFWlcxdgpJRU5CTUI0WERUSXpNREV4TXpBeE1ESXdNbG9YRFRJNE1ERXhOREF4TURJd01sb3dNekV4TUM4R0ExVUVBeE1vCkwwTk9QVUZrYldsemMybHZiaUJEYjI1MGNtOXNiR1Z5SUZkbFltaHZiMnNnUkdWdGJ5QkRRVENDQVNJd0RRWUoKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBT0wyMWJ5RXUrT3o3OFU5dEE4WTNmWFQweDRTS29sNQpobnJEdzhHdExWSVQwVG45U3B0b0JjVytZdWlNaXdPbi8rUmpORGkyRTNqTEdUeUNLN1BrZEk2NERNNkdGcm5XCkNVK3BQcG4ycTRaSGoyN3VlMTRmZUtUWTVKakYzZkxFUGYvbFNZVGJUQTByZHZYWWNqWUkrWTVnNUxFK0xSRUsKc0ljUC9iMFJHRjIwVFpPTWYvOXAwdGhuTDhWbFJPMTJMSU16UFUxaXJveGpKZ29icnIrMXhhY1NnSjJFSmR6awpCTDJoRCtQNUwzdGwwWlh2am5GNXBzOHNTNUtGTmJEZ1V5NjE0OVRQRnN4eE4yOUpEcVZobHBJVmUrNkF5QlQ5CkNrMW5LSFZOOGxtNm9qa3QzbzlueDIzb3MzeEw1VUlKZmZrcmkvK3UzUG5TaTZVWnRxSkFVU2tDQXdFQUFhTmgKTUY4d0RnWURWUjBQQVFIL0JBUURBZ0trTUIwR0ExVWRKUVFXTUJRR0NDc0dBUVVGQndNQkJnZ3JCZ0VGQlFjRApBakFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQjBHQTFVZERnUVdCQlFSU3FISWVWN3k5cGlDdDRYYXpNYjVIMEI0CnpEQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFvblpOQ0NlU1lkSmZuTHhXWGM4T1pkcDJudWFxVUFEU2M0M0gKSFhsSzk5c3hlUWRZUEVyaGxLTHhyNmNaT0lXZTRjSVNVdnEzL3B1bktieCsva3FiQU5TRWhaQ1hkMjhIbWtoMgpIc0hXRjFlWkZDR0FEMDZ6TlJzUHNhTllIUHlyN3lGbmlTc0hOME81YUxWT2FDaVYzZHJCRmRReG5LemVrbnlkClVmaURNUExyazNveENCYnBpMlIyS3hQckU4T1hTcWtoem9RbzdtQys5M1dHdXJHckNyWnoyRUEyL0ZSdll6Uk8KVU43Q0haU1c1UGFRWGtIQlozTzFRTTZKdmhjdTNEM3VnZVhFN2d1NW5qYWVWL1hyWW04M09kUDBTY3AwSytsTwpOT1JNUmlGakJmcHliQ2NVR205THNEamF4UExEY2RHVnIrNWF6SVBNckx2VlhLdS9jZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K +--- +# Source: datree-admission-webhook/templates/webhook-with-cert-secrets.yaml +apiVersion: v1 +kind: Secret +metadata: + name: webhook-server-tls + labels: + app.kubernetes.io/name: datree-admission-webhook + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "datree-webhook" + app.kubernetes.io/version: 0.1.41 + app.kubernetes.io/part-of: "datree" + meta.helm.sh/release-name: "datree-admission-webhook" + meta.helm.sh/release-namespace: "datree" + helm.sh/chart: datree-admission-webhook-0.3.22 + namespace: datree + annotations: + self-signed-cert: "true" +type: kubernetes.io/tls +data: + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcGdJQkFBS0NBUUVBeXNsMEEra2R6dVkyTm1JaUliOGJLVEhYWUJrbDhsU0M2YU5pbUVFQkc0ZGdPbkluClhiSXlMU0tMRG9lcU9MdU9kcnVWcHNJTTRoeldPcGN3MVRQSi91MjBFVVVvUlB3QXFrUk1jV1RqNnlDU3VkRmEKa05IaE00U2Y4QTMzekJEbVVLWWZFcVpxMktFcWRVbkc0SGluTTNNVTRxYnM5b01FbVY0TG9KbGFDL2FkYlQvdAo4bCtDb0RPYytnWERQWDhXd3IvcEROS1JocVQ5Q1VzUFJHNWlZSGR4S0VuQmtiaG1ZTlVwcVhaVEtRWEkzNVdqCmd6R3M0TXBiVGZHVVBFS2ZIZjdPNEJRdmhtK3JsWGM5UnRPc2xESS8zVnJuRDVEVE5VZVRxRlFHT29IeDVGbUgKaU94MFRnN1l3cm1abkZrTUNLcjJqUkNnSjY1UklzWWFMRzQ1RXdJREFRQUJBb0lCQVFDekJGcWRwU3JDWHFxWApJZFNkMC9ablRHK2tqeTdYbWRHajdhOTVWMUZoK3dWeE14c2JkTmNrenl6UkcrU2locmlDaXFEWEFOR2N2dlpECjdQcVlERXNTK01jUXcrdUQwcS9IbjltWDlRZmJwdnJBZlZlbEp4TFdod3NtUVQ1eThLeFJvQVVvVXE5YUpCUzIKUy9YOGJhYTFIYS9mVXBzNEYzdDA1UGdBdzhBaGMvYXZVRE5id3p3RTZONmR1RmVFTkJ0MWNwNkI3a3Y1RzJrUgo3SGxMMEdKU0tEdlk0K0lwQTdvSDNVTW5nT3ZmR3g4d1kxKzZxTm1JV1lOZkRQdVRvWFl5Qmg3VEo3SC9sdFdECnZDOUdBZ29tWFNTdXE2UVFkZVVVN0hET0JVQ09wMUFWYVVmcWs1Tk04WVNDQ20vanVtazZRYVRSTUJ4TkY1MkgKVy9MMHQ0b0pBb0dCQVBDVDNLNDl1TXJFS2FQZG1pNm9rWDB5ajhWMzZXeDMzK0cwVnpMRDNjc3d5TzNoQmNCeApRZkNCMTVDazYrYUJnYWxZRkRYQlU2T01nWnBvaDJKK2FSSXdST1Ztb2ZUYXhHbWhZakdIeVpDd3lYYTJDb29kCkVzM0lQS1FTb0J1dS9leE1EZ1hsdk9XYmtLTHZWVVllcEs4V2QxWEQ5QnRYRCt6OUFlUFU4cUJIQW9HQkFOZkoKWjliQXNFdG4yeVI4T2pZVDVHU3FndHVBdGsyNFoyZStRZDdkSWxxQ240YWE5b1ZDQXpKNlYzQ2RqQ1lCeXNLZgpiK2ZpRmlrVG9lYjh1M1E0Nndydi84dGU4cWZPOGRWbm9UbXFvcFdXZHRiQm8xNi9hWE82dzFOQnpHYVp3NnBzCkJ1N1d6ZEFhYURpZGlHWGFlOHZCT2xxQWZ0UDg2cE5iUGo1ME56TFZBb0dCQU9HOGZGZHFSdGpMMDU2VXNyV1IKS21MbGJJNEhoQmxwS2NPbzZpRVNOQzBTYTViNWkrSVU0NkIrMVB3K0k3TzRWU2ZISTcrRTFhd2lqUUdMajIxVgoyOVZiUVdwWE1TU0ZtY0xiMFQxVWdrZW4rb0hQTW5pQjYwRDM0QjY3ODB2R21UQjk5TEtIN1FVdFFUd0JnbXczCkdLUEpXdFE0OS9ZbmJTUWNDd2Z5cW03RkFvR0JBTmMvSzFwM21TT090SFUvaWQxNW1FQ21LYVFGVDFSVmxxaFEKaTJwZzBTelIwWWsydUtPU2hwZnFtNkJWTjRDT0Z4QnVjL1V0ZkFkN2N1dHp2UlVnMWF4eVhJa2o3QTlpQ2E5agpFTnJ5RC80Qk9nZmMzamJiM3JlM1c3R0lGL2xjZG1aZ0hjWk85THdhSzA0V0xnSFRuOXRPb3dPMTIwMWdveWxjClFjbVFxYU1GQW9HQkFLQlhoVWorWE9zWXoyOVFxMU9DTWZvU1hEQlFYQWtLNnROYjk3Ym9VZ3BmYlNLSkl1bEgKT01CVWpkZ09DSzBZOGw0TTRaYWVGY25uL3RJMlhMQ1V2Q24yUEViOUovS05hWEhxL25xR1BiYnd3NWl4ZXdzZQpJQlBoYkJjM3NtMzBQOXJ4R2FWNGNYdUpDN08yaG1yQlFsZHdtOGRGMDdXbmRabHhzNnlMT2tqeAotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURlekNDQW1PZ0F3SUJBZ0lRV3BOb0FoT1FNTmw2M3owalF3RXVmakFOQmdrcWhraUc5dzBCQVFzRkFEQXoKTVRFd0x3WURWUVFERXlndlEwNDlRV1J0YVhOemFXOXVJRU52Ym5SeWIyeHNaWElnVjJWaWFHOXZheUJFWlcxdgpJRU5CTUI0WERUSXpNREV4TXpBeE1ESXdNbG9YRFRJNE1ERXhOREF4TURJd01sb3dMekV0TUNzR0ExVUVBeE1rCkwwTk9QV1JoZEhKbFpTMTNaV0pvYjI5ckxYTmxjblpsY2k1a1lYUnlaV1V1YzNaak1JSUJJakFOQmdrcWhraUcKOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXlzbDBBK2tkenVZMk5tSWlJYjhiS1RIWFlCa2w4bFNDNmFOaQptRUVCRzRkZ09uSW5YYkl5TFNLTERvZXFPTHVPZHJ1VnBzSU00aHpXT3BjdzFUUEovdTIwRVVVb1JQd0Fxa1JNCmNXVGo2eUNTdWRGYWtOSGhNNFNmOEEzM3pCRG1VS1lmRXFacTJLRXFkVW5HNEhpbk0zTVU0cWJzOW9NRW1WNEwKb0psYUMvYWRiVC90OGwrQ29ET2MrZ1hEUFg4V3dyL3BETktSaHFUOUNVc1BSRzVpWUhkeEtFbkJrYmhtWU5VcApxWFpUS1FYSTM1V2pnekdzNE1wYlRmR1VQRUtmSGY3TzRCUXZobStybFhjOVJ0T3NsREkvM1ZybkQ1RFROVWVUCnFGUUdPb0h4NUZtSGlPeDBUZzdZd3JtWm5Ga01DS3IyalJDZ0o2NVJJc1lhTEc0NUV3SURBUUFCbzRHT01JR0wKTUE0R0ExVWREd0VCL3dRRUF3SUZvREFkQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJdwpEQVlEVlIwVEFRSC9CQUl3QURBZkJnTlZIU01FR0RBV2dCUVJTcUhJZVY3eTlwaUN0NFhhek1iNUgwQjR6REFyCkJnTlZIUkVFSkRBaWdpQmtZWFJ5WldVdGQyVmlhRzl2YXkxelpYSjJaWEl1WkdGMGNtVmxMbk4yWXpBTkJna3EKaGtpRzl3MEJBUXNGQUFPQ0FRRUFoQ25WWjF5aktXOGhoc2x1ZmRZdzZ0b3ZXSjdrRFhHUVNrL3cxbjhGUFZKQQpHZm90NzZGSzZHckQ5YlV1MWlXUWQzUTFVUE1Bb1A5ajRFYUxBeWdZUG1SVDZHOFJvRzM3bWVlaVU2Mmo2THQyCmVZUWdKT0xNMWlzMGdLdXJvSzBBMjN6RzZHMldIeHphODBpVVN1Ky9OM1U2NHZKVDQ4NHNpOW1uNjc0OUNkNFAKYUVmWXZCY0dHZmwzNW9WazJkMzhZeThPd1gyd2ovTXRmakc0eDdweElJMUQ4TVV5TWY5M2liOFpKSS9RVUx5MQpYRVFIeFZ5bzJBTTEyYWNRQjBkZnlac24rRzBpZXVTYTQ2czdRSFVjSnRsOG5ieGJLMEhET25DVWxBeUl4RjFLClRzNDBKMXJiMFJFUlJMYlkvczMvOU1hYlNrWHhtSURLb2FybkFZVHZNUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K +--- +# Source: datree-admission-webhook/templates/cluster-scan-cronjob.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cluster-scan-job-role +rules: + - apiGroups: + - "*" + resources: + - "*" + verbs: + - "get" + - "list" +--- +# Source: datree-admission-webhook/templates/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: datree-webhook-server-read + labels: + app.kubernetes.io/name: datree-admission-webhook + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "datree-webhook" + app.kubernetes.io/version: 0.1.41 + app.kubernetes.io/part-of: "datree" + meta.helm.sh/release-name: "datree-admission-webhook" + meta.helm.sh/release-namespace: "datree" + helm.sh/chart: datree-admission-webhook-0.3.22 +rules: + - apiGroups: + - "" + resources: + - "nodes" + - "namespaces" + verbs: + - "get" + - "list" +--- +# Source: datree-admission-webhook/templates/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: datree-namespaces-update + labels: + app.kubernetes.io/name: datree-admission-webhook + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "datree-webhook" + app.kubernetes.io/version: 0.1.41 + app.kubernetes.io/part-of: "datree" + meta.helm.sh/release-name: "datree-admission-webhook" + meta.helm.sh/release-namespace: "datree" + helm.sh/chart: datree-admission-webhook-0.3.22 +rules: + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - update + - patch + resourceNames: + - kube-system + - datree +--- +# Source: datree-admission-webhook/templates/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: datree-validationwebhook-delete + labels: + app.kubernetes.io/name: datree-admission-webhook + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "datree-webhook" + app.kubernetes.io/version: 0.1.41 + app.kubernetes.io/part-of: "datree" + meta.helm.sh/release-name: "datree-admission-webhook" + meta.helm.sh/release-namespace: "datree" + helm.sh/chart: datree-admission-webhook-0.3.22 +rules: + - apiGroups: + - "admissionregistration.k8s.io" + resources: + - validatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + resourceNames: + - datree-webhook +--- +# Source: datree-admission-webhook/templates/cluster-scan-cronjob.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: cluster-scan-job-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-scan-job-role +subjects: + - kind: ServiceAccount + name: cluster-scan-job-service-account + namespace: datree +--- +# Source: datree-admission-webhook/templates/clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: datree-webhook-server-read + labels: + app.kubernetes.io/name: datree-admission-webhook + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "datree-webhook" + app.kubernetes.io/version: 0.1.41 + app.kubernetes.io/part-of: "datree" + meta.helm.sh/release-name: "datree-admission-webhook" + meta.helm.sh/release-namespace: "datree" + helm.sh/chart: datree-admission-webhook-0.3.22 +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datree-webhook-server-read # datree-webhook-server-read +subjects: + - kind: ServiceAccount + name: datree-webhook-server # datree-webhook-server + namespace: datree +--- +# Source: datree-admission-webhook/templates/clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: datree-namespaces-update + labels: + app.kubernetes.io/name: datree-admission-webhook + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "datree-webhook" + app.kubernetes.io/version: 0.1.41 + app.kubernetes.io/part-of: "datree" + meta.helm.sh/release-name: "datree-admission-webhook" + meta.helm.sh/release-namespace: "datree" + helm.sh/chart: datree-admission-webhook-0.3.22 +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datree-namespaces-update +subjects: + - kind: ServiceAccount + name: "datree-label-namespaces-hook-post-install" + namespace: "datree" + - kind: ServiceAccount + name: "datree-cleanup-namespaces-hook-pre-delete" + namespace: "datree" +--- +# Source: datree-admission-webhook/templates/clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: datree-validationwebhook-delete + labels: + app.kubernetes.io/name: datree-admission-webhook + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "datree-webhook" + app.kubernetes.io/version: 0.1.41 + app.kubernetes.io/part-of: "datree" + meta.helm.sh/release-name: "datree-admission-webhook" + meta.helm.sh/release-namespace: "datree" + helm.sh/chart: datree-admission-webhook-0.3.22 +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datree-validationwebhook-delete +subjects: + - kind: ServiceAccount + name: "datree-cleanup-namespaces-hook-pre-delete" + namespace: "datree" +--- +# Source: datree-admission-webhook/templates/role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: datree-pods-reader + labels: + app.kubernetes.io/name: datree-admission-webhook + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "datree-webhook" + app.kubernetes.io/version: 0.1.41 + app.kubernetes.io/part-of: "datree" + meta.helm.sh/release-name: "datree-admission-webhook" + meta.helm.sh/release-namespace: "datree" + helm.sh/chart: datree-admission-webhook-0.3.22 +rules: + - apiGroups: + - "" + resources: + - "pods" + - "jobs" + verbs: + - "get" + - "list" + - "watch" +--- +# Source: datree-admission-webhook/templates/rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: datree-pods-reader + labels: + app.kubernetes.io/name: datree-admission-webhook + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "datree-webhook" + app.kubernetes.io/version: 0.1.41 + app.kubernetes.io/part-of: "datree" + meta.helm.sh/release-name: "datree-admission-webhook" + meta.helm.sh/release-namespace: "datree" + helm.sh/chart: datree-admission-webhook-0.3.22 +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datree-pods-reader +subjects: + - kind: ServiceAccount + name: datree-wait-server-ready-hook-post-install + namespace: "datree" +--- +# Source: datree-admission-webhook/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: datree-webhook-server + namespace: datree + labels: + app.kubernetes.io/name: datree-admission-webhook + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "datree-webhook" + app.kubernetes.io/version: 0.1.41 + app.kubernetes.io/part-of: "datree" + meta.helm.sh/release-name: "datree-admission-webhook" + meta.helm.sh/release-namespace: "datree" + helm.sh/chart: datree-admission-webhook-0.3.22 +spec: + selector: + app: "datree-webhook-server" + ports: + - port: 443 + targetPort: webhook-api +--- +# Source: datree-admission-webhook/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: datree-webhook-server + namespace: datree + labels: + app.kubernetes.io/name: datree-admission-webhook + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "datree-webhook" + app.kubernetes.io/version: 0.1.41 + app.kubernetes.io/part-of: "datree" + meta.helm.sh/release-name: "datree-admission-webhook" + meta.helm.sh/release-namespace: "datree" + helm.sh/chart: datree-admission-webhook-0.3.22 + owner: datree + app: "datree-webhook-server" +spec: + replicas: 2 + selector: + matchLabels: + app: "datree-webhook-server" + template: + metadata: + labels: + app.kubernetes.io/name: datree-admission-webhook + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "datree-webhook" + app.kubernetes.io/version: 0.1.41 + app.kubernetes.io/part-of: "datree" + meta.helm.sh/release-name: "datree-admission-webhook" + meta.helm.sh/release-namespace: "datree" + helm.sh/chart: datree-admission-webhook-0.3.22 + app: "datree-webhook-server" + spec: + serviceAccountName: datree-webhook-server + containers: + - name: server + # caution: don't change the order of the environment variables + # changing the order will harm resource patching + env: + - name: DATREE_TOKEN + value: "ef7088eb-3096-4533-97d8-f16fb3a5b0c1" + - name: DATREE_POLICY + value: Starter + - name: DATREE_VERBOSE + value: "" + - name: DATREE_OUTPUT + value: "" + - name: DATREE_NO_RECORD + value: "" + - name: DATREE_ENFORCE + value: "true" + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 25000 + livenessProbe: + httpGet: + path: /health + port: 8443 + scheme: HTTPS + initialDelaySeconds: 5 + periodSeconds: 10 + readinessProbe: + httpGet: + path: /ready + port: 8443 + scheme: HTTPS + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + {} + image: "datree/admission-webhook:0.1.41" + imagePullPolicy: Always + ports: + - containerPort: 8443 + name: webhook-api + volumeMounts: + - name: webhook-tls-certs + mountPath: /run/secrets/tls + readOnly: true + - name: webhook-config + mountPath: /config + readOnly: true + volumes: + - name: webhook-tls-certs + secret: + secretName: webhook-server-tls + - name: webhook-config + configMap: + name: webhook-scanning-filters + optional: true +--- +# Source: datree-admission-webhook/templates/cluster-scan-cronjob.yaml +apiVersion: batch/v1 +kind: Job +metadata: + name: scan-job + namespace: datree +spec: + backoffLimit: 4 + template: + spec: + serviceAccountName: cluster-scan-job-service-account + restartPolicy: Never + containers: + - name: scan-job + env: + - name: DATREE_TOKEN + value: ef7088eb-3096-4533-97d8-f16fb3a5b0c1 + - name: DATREE_POLICY + value: Starter + - name: CLUSTER_NAME + value: kind-datree + securityContext: + + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 25000 + seccompProfile: + type: RuntimeDefault + image: "datree/scan-job:0.0.13" + imagePullPolicy: Always + resources: + {} + volumeMounts: + - name: webhook-config + mountPath: /config + readOnly: true + volumes: + - name: webhook-config + configMap: + name: webhook-scanning-filters + optional: true +--- +# Source: datree-admission-webhook/templates/cluster-scan-cronjob.yaml +apiVersion: batch/v1beta1 +kind: CronJob +metadata: + name: scan-cronjob + namespace: datree +spec: + # get the current time, subtract 5 minutes, extract the minutes and inject it into the cron expression + # if helm installation was done at 13:35, the cron expression will be 30 * * * *, which means the job will run at 14:30, 15:30, 16:30, etc. + schedule: "57 * * * *" # every hour, starting 55 minutes after helm installation + jobTemplate: + spec: + backoffLimit: 4 + template: + spec: + serviceAccountName: cluster-scan-job-service-account + restartPolicy: Never + containers: + - name: scan-job + env: + - name: DATREE_TOKEN + value: ef7088eb-3096-4533-97d8-f16fb3a5b0c1 + - name: DATREE_POLICY + value: Starter + - name: CLUSTER_NAME + value: kind-datree + securityContext: + + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 25000 + seccompProfile: + type: RuntimeDefault + image: "datree/scan-job:0.0.13" + imagePullPolicy: Always + resources: + {} + volumeMounts: + - name: webhook-config + mountPath: /config + readOnly: true + volumes: + - name: webhook-config + configMap: + name: webhook-scanning-filters + optional: true +--- +# Source: datree-admission-webhook/templates/namespace-post-delete.yaml +apiVersion: batch/v1 +kind: Job +metadata: + name: datree-cleanup-namespaces-hook-pre-delete + labels: + app.kubernetes.io/name: datree-admission-webhook + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "datree-webhook" + app.kubernetes.io/version: 0.1.41 + app.kubernetes.io/part-of: "datree" + meta.helm.sh/release-name: "datree-admission-webhook" + meta.helm.sh/release-namespace: "datree" + helm.sh/chart: datree-admission-webhook-0.3.22 + namespace: datree + annotations: + "helm.sh/hook": pre-delete, pre-upgrade + "helm.sh/hook-delete-policy": hook-succeeded, hook-failed +spec: + template: + metadata: + labels: + app.kubernetes.io/name: datree-admission-webhook + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "datree-webhook" + app.kubernetes.io/version: 0.1.41 + app.kubernetes.io/part-of: "datree" + meta.helm.sh/release-name: "datree-admission-webhook" + meta.helm.sh/release-namespace: "datree" + helm.sh/chart: datree-admission-webhook-0.3.22 + spec: + restartPolicy: OnFailure + serviceAccount: datree-cleanup-namespaces-hook-pre-delete + nodeSelector: + kubernetes.io/os: linux + containers: + - name: kubectl-label + image: "clastix/kubectl:v1.25" + imagePullPolicy: IfNotPresent + command: + - sh + - "-c" + - >- + kubectl delete validatingwebhookconfigurations.admissionregistration.k8s.io datree-webhook -n datree; + kubectl label ns kube-system datree datree.io/skip-; +--- +# Source: datree-admission-webhook/templates/namespace-post-install.yaml +apiVersion: batch/v1 +kind: Job +metadata: + name: datree-label-namespaces-hook-post-install + namespace: datree + labels: + app.kubernetes.io/name: datree-admission-webhook + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "datree-webhook" + app.kubernetes.io/version: 0.1.41 + app.kubernetes.io/part-of: "datree" + meta.helm.sh/release-name: "datree-admission-webhook" + meta.helm.sh/release-namespace: "datree" + helm.sh/chart: datree-admission-webhook-0.3.22 + annotations: + "helm.sh/hook": post-install, post-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded, hook-failed +spec: + template: + metadata: + labels: + app.kubernetes.io/name: datree-admission-webhook + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "datree-webhook" + app.kubernetes.io/version: 0.1.41 + app.kubernetes.io/part-of: "datree" + meta.helm.sh/release-name: "datree-admission-webhook" + meta.helm.sh/release-namespace: "datree" + helm.sh/chart: datree-admission-webhook-0.3.22 + spec: + serviceAccount: datree-label-namespaces-hook-post-install + restartPolicy: OnFailure + nodeSelector: + kubernetes.io/os: linux + containers: + - name: kubectl-label + image: "clastix/kubectl:v1.25" + imagePullPolicy: IfNotPresent + args: + - label + - ns + - kube-system + - datree + - admission.datree/validate=skip + - --overwrite +--- +# Source: datree-admission-webhook/templates/wait-server-ready-post-install.yaml +apiVersion: batch/v1 +kind: Job +metadata: + name: datree-wait-server-ready-hook-post-install + namespace: datree + labels: + app.kubernetes.io/name: datree-admission-webhook + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "datree-webhook" + app.kubernetes.io/version: 0.1.41 + app.kubernetes.io/part-of: "datree" + meta.helm.sh/release-name: "datree-admission-webhook" + meta.helm.sh/release-namespace: "datree" + helm.sh/chart: datree-admission-webhook-0.3.22 + annotations: + "helm.sh/hook": post-install, post-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded, hook-failed +spec: + template: + metadata: + name: datree-wait-server-ready-hook-post-install + labels: + app.kubernetes.io/name: datree-admission-webhook + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "datree-webhook" + app.kubernetes.io/version: 0.1.41 + app.kubernetes.io/part-of: "datree" + meta.helm.sh/release-name: "datree-admission-webhook" + meta.helm.sh/release-namespace: "datree" + helm.sh/chart: datree-admission-webhook-0.3.22 + spec: + serviceAccountName: datree-wait-server-ready-hook-post-install + restartPolicy: Never + containers: + - name: kubectl-client + image: "clastix/kubectl:v1.25" + imagePullPolicy: IfNotPresent + command: + - sh + - "-c" + - >- + kubectl wait --for=condition=ready pod -l app=datree-webhook-server --timeout="180s" +--- +# Source: datree-admission-webhook/templates/webhook-with-cert-secrets.yaml +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: datree-webhook + annotations: + "helm.sh/hook": post-install, post-upgrade + "helm.sh/hook-weight": "-5" +webhooks: + - name: webhook-server.datree.svc + sideEffects: None + timeoutSeconds: 30 + failurePolicy: Ignore + admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: datree-webhook-server + namespace: datree + path: "/validate" + caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVVENDQWptZ0F3SUJBZ0lRQTZSWVVlb1BUQzRuc2dOQ3JWQXZBekFOQmdrcWhraUc5dzBCQVFzRkFEQXoKTVRFd0x3WURWUVFERXlndlEwNDlRV1J0YVhOemFXOXVJRU52Ym5SeWIyeHNaWElnVjJWaWFHOXZheUJFWlcxdgpJRU5CTUI0WERUSXpNREV4TXpBeE1ESXdNbG9YRFRJNE1ERXhOREF4TURJd01sb3dNekV4TUM4R0ExVUVBeE1vCkwwTk9QVUZrYldsemMybHZiaUJEYjI1MGNtOXNiR1Z5SUZkbFltaHZiMnNnUkdWdGJ5QkRRVENDQVNJd0RRWUoKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBT0wyMWJ5RXUrT3o3OFU5dEE4WTNmWFQweDRTS29sNQpobnJEdzhHdExWSVQwVG45U3B0b0JjVytZdWlNaXdPbi8rUmpORGkyRTNqTEdUeUNLN1BrZEk2NERNNkdGcm5XCkNVK3BQcG4ycTRaSGoyN3VlMTRmZUtUWTVKakYzZkxFUGYvbFNZVGJUQTByZHZYWWNqWUkrWTVnNUxFK0xSRUsKc0ljUC9iMFJHRjIwVFpPTWYvOXAwdGhuTDhWbFJPMTJMSU16UFUxaXJveGpKZ29icnIrMXhhY1NnSjJFSmR6awpCTDJoRCtQNUwzdGwwWlh2am5GNXBzOHNTNUtGTmJEZ1V5NjE0OVRQRnN4eE4yOUpEcVZobHBJVmUrNkF5QlQ5CkNrMW5LSFZOOGxtNm9qa3QzbzlueDIzb3MzeEw1VUlKZmZrcmkvK3UzUG5TaTZVWnRxSkFVU2tDQXdFQUFhTmgKTUY4d0RnWURWUjBQQVFIL0JBUURBZ0trTUIwR0ExVWRKUVFXTUJRR0NDc0dBUVVGQndNQkJnZ3JCZ0VGQlFjRApBakFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQjBHQTFVZERnUVdCQlFSU3FISWVWN3k5cGlDdDRYYXpNYjVIMEI0CnpEQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFvblpOQ0NlU1lkSmZuTHhXWGM4T1pkcDJudWFxVUFEU2M0M0gKSFhsSzk5c3hlUWRZUEVyaGxLTHhyNmNaT0lXZTRjSVNVdnEzL3B1bktieCsva3FiQU5TRWhaQ1hkMjhIbWtoMgpIc0hXRjFlWkZDR0FEMDZ6TlJzUHNhTllIUHlyN3lGbmlTc0hOME81YUxWT2FDaVYzZHJCRmRReG5LemVrbnlkClVmaURNUExyazNveENCYnBpMlIyS3hQckU4T1hTcWtoem9RbzdtQys5M1dHdXJHckNyWnoyRUEyL0ZSdll6Uk8KVU43Q0haU1c1UGFRWGtIQlozTzFRTTZKdmhjdTNEM3VnZVhFN2d1NW5qYWVWL1hyWW04M09kUDBTY3AwSytsTwpOT1JNUmlGakJmcHliQ2NVR205THNEamF4UExEY2RHVnIrNWF6SVBNckx2VlhLdS9jZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + namespaceSelector: + matchExpressions: + - key: admission.datree/validate + operator: DoesNotExist + rules: + - operations: ["CREATE", "UPDATE"] + apiGroups: ["*"] + apiVersions: ["*"] + resources: ["*"] diff --git a/kubernetes/datree/manifests/datree.0.1.41.yaml b/kubernetes/datree/manifests/datree.0.1.46.yaml similarity index 73% rename from kubernetes/datree/manifests/datree.0.1.41.yaml rename to kubernetes/datree/manifests/datree.0.1.46.yaml index 7b0e76e..a1f6538 100644 --- a/kubernetes/datree/manifests/datree.0.1.41.yaml +++ b/kubernetes/datree/manifests/datree.0.1.46.yaml @@ -84,8 +84,8 @@ metadata: namespace: datree type: kubernetes.io/tls data: - tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBN0tDOWljWjhUdlZwd1NUZk45S1hDNU8xZXo1alFXY1U4WE1qT1lFaDNLS3MrREIrCkJYM2luZVFMdTJ3TnJPdHA0MVllVTI5K1VrQ0RWQTdVdnpEVW5mT1RaenJwenRXcVFuc0hIVkpSSU0yTlViNjEKQnVPMjdGTzBqcTFLYWtZMFlNTUtDYVdiMHFOalloZEcwWlM0aUhOVlNWamxTeFFLRUJsMWh5OXJaTFN1NzE4UgorL2RmakxPR1JvT1QrR2ptUEpTVVBQYmlHZjVVTlpyaE9EcGtVc0o2NG9iU2t2bC9kNy9NN0dTbXRoWTd4UHVWCmJBZXdlaENzNng5Z0JaMEVEakVMR3prckJhR3dEWWl5OFVLcVZtYlpJNkFxMDNMYm9hVStVMGRheG4rY2dKZjMKd2tPa2V0eEFWUkZRSVlnNUVLL1l0UE1BQk1xNnpicWZ1MHEwOXdJREFRQUJBb0lCQVFEckJXdTduOHh2a0FpTgpzVldUV0RKMWFTdmpVTCs4Z2Vtbk5yaFJzUlEwMDg0QVpBbUc0dFZtQk00eVJNd0FaNEV3THFUSU1nREJLUnBICkxzUFhjV1I3elNVbWJya3ltYjBWY3FSS1Z5d0U3S1BrQVFwRDRZQVprYm5QekFZUkw5RnVHY21xY3pZbEsrclYKemxDa2NKWW4wSVZ3NkQ0MUo1NG5CMkpYOXAwdjB1eTZlV01zZHRZdU9MNkppOSswb0J3Q2Qzd0VqZXo1WUFUMwpHMmZVUTdJbXpnMUd4VnA4VG5ZdnBGTXFFKzdrMGZMY3o0a3ZZZzNtdTVSMmI5ZjBmYlJtK3VsVDVwdnpVS0IvCmNkTGNIalFQSHNqeER2NzJUM3l6bHVEWE0xU3NjTitjM1lwSjB2K3JVZWY3SnlFbUhpWFI5bEpWc3Vrc1djNkIKa05aL2NvZmhBb0dCQVBzYWt0UUpyMVREbFliYkQvTE1JY0loamJVYVlJaVJacG9kR0pZKzN6TWkrd1RwcDJHagpmR1E4elFac0hDWHYyTXFLVitGTVdFK09CbzlhVDVOand5OHpiRlN0WW1KRFRXY3pKeEFiTytDT0NFcUlxNXQrCkRBVW1KYy95UXErRE54TnFPSjlDWkNDNkxLTTJNdUk5eUowK1V4YWJCbWM1UGZYd1p4N2NnYnE5QW9HQkFQRTkKNkcwdVdqZXA1T3VxNTBSN0ErTFRPdHJQQzRNMWtyOGVGNXNBZkFlNVhlTEl4V0o4eFRIRDdkY2l1eWFsS3ozNgovdXhXUXN0UHhadU5UV2dYSTVma1dnVVRiZ3MvdVRBTFNDQkpxa2tyL0h4em9HbGVQN3VsNFZ2S3M4c2V3NmFQCndMWTNDK3RGNlJtRmtYQU9RZ29aaEFYbmYrVmxKQ3laM3lzSm9rUERBb0dBUmgrdnJXTmZBVzcxVFFuVU5GdnAKZVl0aFJaZ3VLVFZoejl3Y1I2a2JMKzZ1NXpwUk1pVXowZEpnOTFBdHRESjgrbU1VRTZqOGFJc2pMZGxzcTU2SwpuWjNndk8wR3NxWlU4V01KbjZmYld1U1BVREZHcTAvU0Q0WU52VHJNZ0xOR0tEZmJ4QzRJUkZONXI4S3RCeDExCjd1TysxR3RLcUgwRjNxN2FQWFliRElrQ2dZRUFvcGNBOGFVTjlQb3lhWXR6OXptWnN1UitoRDZMR2RHZnArT1cKTVVld1VGeGtwSmFBUWhLcHJSTEtWL2IyZitOT002WFk3bHh0QkM0dGx0c3pVblpWN09kZ3JJOGQyY01IQXhSMwpkaHR3QTRUNzFMenhYbExCVGExTko5cUVOdC96S1cwMWl4bXFsTlUzZDVZSUlhZmFab2d2N1BMTHhrWFdqYURmClFsaHAzcFVDZ1lBZkNudGJRak53SmM3M3draUFheGl4Q0tlTDE1eFFzdkl6ZlZqUHpRODBaNm42ZVZDYVU1a1YKc0hGZHZJZmM1eVQ4c0xKcGpLeXJYVXF5Q0pSTFFXcXZKaDladDhrdTNHOWRGWlQyUyt4dEFFcmo0LzkrZVNMbgo3ZmpQclFwVVl0SkxWQXdlZUkxUUhRejVya1NZVWtkWW9hcFpYUGpxbFNxaXZJK0tMVitPS0E9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVakNDQWpxZ0F3SUJBZ0lSQUxKOUsyZ3FEaUVxdXNPNUlWREJBWmt3RFFZSktvWklodmNOQVFFTEJRQXcKTXpFeE1DOEdBMVVFQXhNb0wwTk9QVUZrYldsemMybHZiaUJEYjI1MGNtOXNiR1Z5SUZkbFltaHZiMnNnUkdWdApieUJEUVRBZUZ3MHlNakV5TWpZd01ERTJNRFJhRncweU56RXlNamN3TURFMk1EUmFNRE14TVRBdkJnTlZCQU1UCktDOURUajFCWkcxcGMzTnBiMjRnUTI5dWRISnZiR3hsY2lCWFpXSm9iMjlySUVSbGJXOGdRMEV3Z2dFaU1BMEcKQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUURzb0wySnhueE85V25CSk44MzBwY0xrN1Y3UG1OQgpaeFR4Y3lNNWdTSGNvcXo0TUg0RmZlS2Q1QXU3YkEyczYybmpWaDVUYjM1U1FJTlVEdFMvTU5TZDg1Tm5PdW5PCjFhcENld2NkVWxFZ3pZMVJ2clVHNDdic1U3U09yVXBxUmpSZ3d3b0pwWnZTbzJOaUYwYlJsTGlJYzFWSldPVkwKRkFvUUdYV0hMMnRrdEs3dlh4SDc5MStNczRaR2c1UDRhT1k4bEpRODl1SVovbFExbXVFNE9tUlN3bnJpaHRLUworWDkzdjh6c1pLYTJGanZFKzVWc0I3QjZFS3pySDJBRm5RUU9NUXNiT1NzRm9iQU5pTEx4UXFwV1p0a2pvQ3JUCmN0dWhwVDVUUjFyR2Y1eUFsL2ZDUTZSNjNFQlZFVkFoaURrUXI5aTA4d0FFeXJyTnVwKzdTclQzQWdNQkFBR2oKWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDcERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSApBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVMEs1OFlROERCM3dVYXZxVEw0QVBUK0RqClFId3dEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQU9uUE9YMjNEdldoVWY3WUhwbHE0LzhpN1F1cnlZbVdHenoKUXlMMGRQZm92d2VyQ080NUY1ZGY4dVdqSW5yc2xKN1gwVkR3VVQ3QXg0aHI4dkFqVjRyRGltOWw2dm96cDJPbwp5Zm1wcHlvWDU0VnVvVGFEYkxFUkpTaXVBaXJDcGxURkFxQ0NRM29qa0Rpb0ZjdU1oZEZQNFdDSHV0YUEybTYrCkVyTkd6WkFnZ3UrNWRpcnN6WTZ6L0NtSnNwcnhxeFFzNm16a3RpN3dhNWVNR21BeUNNaDBDcnRsTmRaQ0xBL08KZll3eFRvOFVralUxNGhKVUVsOHlaOEhPS3duN0dTUkJleFdKeHJDWkw4MExYeGRzMnpwMWVIQ3kxZXEvNTQrSAplV2w2Z3dJOFNkc3lScnFUbEcwTGw4aUJ5MjBYSGtRaU5CY2FER3AyU1BUYkp3Sk1LVmM9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBd3EzU3JXOFMxY1VSUjIwTWozMHVZeVhvRmZaaElVNW1KWnpqZW1VWHZSUE9QbkV6CkExWGNuVGlXYjBTYk1qL1cxbWkyTXFaWmUxYUpRMDZIWURab0YvamcrYUlQdkU3dk05d1RGeTF2UjZhQTRDa2kKUlp5TUp4MW45V2RWdmZxc1F5aEd0VnVWL0w0K2JNb1VwU0VnRU5ZK29kQlY0S0owYkZHN3RDQzYrQ2VMeVlSQgpKY1U2UndQQmFsRzNXNFkweVRwWUZhRlRHNHRkOFNWRGtaSCt6M3pZTkczazZhc004NThtQmpiTGhYcHNEU0tUCkhZcW5yaDdXN25hYjdDdCsrK282YWNxMnFiSU1UNGt4Tm4yOEs5U05PUkY5RmRaNTZGeDNDVy8zUVdmSzVESE4KcHlGUTNxWGJxYWFpbDI4bGpUME5uZDgwcHJpcXFPNW5hcEdORXdJREFRQUJBb0lCQUdKZHBlZlFDYnBOdXE5VwpZRlJZTWdvUzZ6TzlxOUpDWk1aNGdWQWtxRnYzRit6aEVaK0wwTTczK3JyNTlWanNmTWNWWFlvMkYxeUVteEtSCktVSHArNnF4TEN1MlFURXF5UjV4QW94aGZxcTdiTDdXeWVSV2QxS0VQelQySTVLOGlESGV0ZXVJL1Q0WmVqMUoKMWlpaGxpd3J0TFhhS0tvNks0MVh0dm9LMTYzdW1zYW02WjhuTjBHRjBKSkpPSkdacEluQXZEUTJaa2hIR0s3RgpvZmdzamVEbGVod2Q1MzBIMzczMHN4bGRybVBkT2s3bUk2cVdyd1RXTTJhK1lsY3V3Q0xNdkJLWGJIVm43enJkCjFDTUxLSDhkcHhzZ3ZGZ2tXdnpJWDNYUjVmd2RMZ29Wa0F2WkYwMlBWeVpyV2FDU0Y2S2N1ZkVGS282MVZJQUQKTEZhRTI5RUNnWUVBeXQvWXRYZitwNk1BU3FESVFQanNYeDZ1QTlnZXJRMit3ZmhrZ2dzYnR5QzAxei9QTS90SApYUUtuOWFreTRFZUswTGJoL1N0cEx0MmxNSG1ITy9EeUo5cHdaenZBWEhEazY2SDZPdmRHMFhFclJFNXFYYkZzCjFHZTAwejMzbC8xK2IzT3YxWThhbFQ0MWZrZDdia2VCdXdhSXJBdGVEQ1VMMDlObWFLcCswUzhDZ1lFQTlhaVUKSG5UaXJkaitIUS9mdjI5K2p4NTBlTkMvY0x5UmJnVTZaemI0SEtCRWhsamJ0TW9YRlhiZ1ZBeHNOZEZDSStUZQpMczkyZTgxYm94d1g5QitrdGtFK05wSzNPTlZsREwzWTBKczNvYmQ1bVYrYlRHajM3cUMyUThhaXVTelpYbG9iClVWQUpEd21xb25QeUpuR1RCblBPdlRkSmc4TS96eU9sZmsvZm9WMENnWUFka0F6Mk5Ld3BKWG1QWm1xSC9UNEUKaG1YNUxXOGE3SnZWakNxcFFKRWpXR0xCMHd5UW1KZEhtSEY5UE5DckdnSENkRVB1TG5zL1Z4RVJSVVJObWNqUAp3ZWNMUkF1OTdMMlBFS1YwSGtCMW1MWWpXQUhyOFVUWWx0d2t4Q3ptT3d4SGxXWVVDcXhtL3crd2ZSNGhiYzRiCndOSDlzQkplVnErb2lHK3Q1TnBpQlFLQmdRRG14d0szQmZsNWRqTnJHK0dIbHZkZS9pNU8zVlFyVllxTnYrMlkKenlRUXlHTDNqdngvZjZabDdMSmJZdnc1SnFlcXpyUUhaN0NZSjFpaUI1OWRJR2o5S3BlR2J4Z2ZGU0dEOGNtQQpWNERRdEd0UXNXZFVSZnc4dWMvZ0pmZnlXL2FzVTV2OExHTUdOSCtQYzdzVmNIYTloZ2UrNi9SdEN2eWozSW40CitwSk1wUUtCZ1FDTUxhWFUyN2ppUE42Q1RUTkQ4bGZiSXp1YlJrRDJIazFSckF0NXpGMDUvVDljOHRyMG9uSXAKdnZPUTc0bGhUWWZIZWlYaUFIb2h4WjRNZGRTYnlEU2REdVI4OUtUYnNjV082RUpxZ0Vwb1FuTzE1cU5PazllbAp1OE1DdytYNDc0T0doVnk0U0RSL0FWSWhqeWl5czc0VzBIUHR0TzczVGhTQVlFYUxJckZHV1E9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVakNDQWpxZ0F3SUJBZ0lSQUl0anNlN1l6N3ZuSHVSMHExb1JtWnd3RFFZSktvWklodmNOQVFFTEJRQXcKTXpFeE1DOEdBMVVFQXhNb0wwTk9QVUZrYldsemMybHZiaUJEYjI1MGNtOXNiR1Z5SUZkbFltaHZiMnNnUkdWdApieUJEUVRBZUZ3MHlNekF4TVRJd016RTVNRFZhRncweU9EQXhNVE13TXpFNU1EVmFNRE14TVRBdkJnTlZCQU1UCktDOURUajFCWkcxcGMzTnBiMjRnUTI5dWRISnZiR3hsY2lCWFpXSm9iMjlySUVSbGJXOGdRMEV3Z2dFaU1BMEcKQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUURDcmRLdGJ4TFZ4UkZIYlF5UGZTNWpKZWdWOW1FaApUbVlsbk9ONlpSZTlFODQrY1RNRFZkeWRPSlp2UkpzeVA5YldhTFl5cGxsN1ZvbERUb2RnTm1nWCtPRDVvZys4ClR1OHozQk1YTFc5SHBvRGdLU0pGbkl3bkhXZjFaMVc5K3F4REtFYTFXNVg4dmo1c3loU2xJU0FRMWo2aDBGWGcKb25Sc1VidTBJTHI0SjR2SmhFRWx4VHBIQThGcVViZGJoalRKT2xnVm9WTWJpMTN4SlVPUmtmN1BmTmcwYmVUcApxd3p6bnlZR05zdUZlbXdOSXBNZGlxZXVIdGJ1ZHB2c0szNzc2anBweXJhcHNneFBpVEUyZmJ3cjFJMDVFWDBWCjFubm9YSGNKYi9kQlo4cmtNYzJuSVZEZXBkdXBwcUtYYnlXTlBRMmQzelNtdUtxbzdtZHFrWTBUQWdNQkFBR2oKWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDcERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSApBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVMFdOeTZkQTdFZERobUg1azBBVFZGOExXCitIQXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBRU1uRExjOXZoTkVMa1BzME5HdHMzTlp6RVQ4M2E4ODMvLzIKQm9iaXJTUThOWDhpc1A2WmYwcDRtWEtnU2dzN3FEai9qblowZFdiN2tlUDFxZnRmZktrMnNCRmUraEI2VUxQUgoycFZoQkVURXlIcktYNklnTFpUejBBcU1YWDVXemVUVTRCNlNzRXR0bTVGOWtWK1luWE85S2dNWnlzZEYxU1lQCitoOHY0QTJmUVVBSCtkcDd3ZHRzcnZxN0QzMUlaNlZkWlU3RXRzUjZJZExTYnluck15QXFHT0hyKzdxRTNqUmQKS2UxcXlTQkJRQWxSY3NWb29Ud2V3SjI0MTVENGF6WWhKa1NiQXhPK0gvaFkrb0w2UDhkeTdUbU1YQTRsNkdYVQp6T3pqMm9LRzVzRGlHVmNyM250TGpBelh0Q2ZuZHU0bUhPQTlDS0t4OGlzY1R3VVcydG89Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K --- # Source: datree-admission-webhook/templates/webhook-with-cert-secrets.yaml apiVersion: v1 @@ -106,8 +106,8 @@ metadata: self-signed-cert: "true" type: kubernetes.io/tls data: - tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBeUVOamtDUU1ZK0NwKzhndE5zK014dnJ1WFA4dnVIa2pYS255aEF5YXBMb2VDdU80Ci90L0FlRWE1SFMyZHk3MVppemNNZ0xaanFqcGxBdk5qTFhEbjE3dG00eTVZUFJwQUgzWDhwcUN2bW0ya1dzM1QKUEZhY3BrRkljc2VCdTROVEJvSHVMbVcvTm9RMVcrS21DbHFEd3ZYKzk4ZzZQUmc1dkVCRmszUUkvM0RrRWlGdQo1R3lHQWZ2Tnp5cUVTbDNaajEzYm5rY0RuOXZ3VHE3RXY2YWhlbi83QjhELzB2YnBScFpYSkw4UTF4T1JOZDk0Cmh1VDh6U1QwekRZZnRLZDNYY0YrVWxKZklkNkNYSHc4THFkVUxJM3E4blhIb3NVeEtaY0ZWQ3YweGlaaWQvTk4KL3lTZGt0V3lNWEZHZDVIWjdqenVlVFdXZjB5bjJ4Vm5WbGNweVFJREFRQUJBb0lCQVFDZGlQVnZWQXd6SFc1YQpWRFBOSkNQWCsxazY2cnM5WUgzQ3pTV3JYc2Jmd2xFVHUrT3hDNDY2anRmYjdpQnRQenlMV1BpSzMrOHkzOURLCksyL2ZOU3dMOXEyUEZNdnc5UTl3TUQ1WlRab1YzeDRsR0RpTkJJMGg4OFRzRmFrbU9yNDdKa2FaVlF5LzgreU4KcFpOOEhZdjg5OHBrWEt3RGwyVURnNE8zNU5XWEtuQzdTaGNtL281RU5aOTRETjVBVFRxL1N1em0xYVJycXZiVQo2OEFrZllMNnFDbUFyaDlsb2w0aE9iTmE1MlZsdGtCNGE0R3hsNWlETjBNQlhJV1lmVUM2c1JIam1UUWJyUkd6CllRTE5tNmdwYTRPMUJDVjU1eVp5aFZrMlVyRENrandqaERiVGRHVGlDU25BRU9iSFJIUjhoYnFlQWwwbk5XQ1cKa3F5dXp5b0JBb0dCQU9sRGlMb1pEVEJuR2ZpYWhoY1lINmFvSUt3c2dLRHVPNDdOZkltSjAwZzRBTzFmOXNPNgptb1MyNUdMSVpFS1p0WmFtK2NGckk3RVBJSTVxV3lmQ3h5QURzdDhSdG5RVU5vUmFtVEVISE5sODBXVDVBd2xuCm9VYUdoaVV5RC9lYkNEU0wreGF2cFVtS29DeTR1Y095RjVHNEhsSmNCZE9HUWJiVUhtbzhsNkloQW9HQkFOdkkKYWtacGhUbmlBc3ZwV2VaN1daKzgrUTR2Z3FoVGE4Q1Q4WlU4a2hldXJETk5DaEFqNlljMnVKMldjd1JIMFExZApZOFhycHJXTDhjd2xRYmFmRmFMNnF1c2s4ZUtna0ltWm1DdWJZejNmSHRQNDg4N3FXSVZtQ2ZSbm0vcUZPdGo5CmZ5UTIxM3l0eTBIVlE0STI0eXNKeVBkZFNkaHZ3bC9QdllVTm5PS3BBb0dBUDc0eHZkRWN0bzVtSFhaMGtCa0sKaFN0S2ltSTY0RDlaelNOQUZnR3cxL3BkM29BcjJiN0RmT0xSdEdEWWJRNjkvYVl4ZC9hRU1WMVY0elVUSmVGbgpNc3R2OU45TlFabEljSkNsYmkxb1o5SmhFanV0NWNNSTRsSGVsSW1DcllJVEV2RHhzM2hhTGFlUkw4ZG5GQ0ExCnFwOXF3Y3pkMXJqSWVtS3EwUk12eUtFQ2dZQmlNVWhKN1JyNG9XRmVlUU1SVmtyVWN6bFNmU2VDek1KM1o2R24KYTBoYURGQWpHMmhEamNmb0FTcTZQVjFsckRCYUtEOUxUZDFOZnhpb2ZIeS9lcFBRSE8zLzRLR3cvc3VVcm1xdQpFTjVsNWlsL3l0b2l0OUNVeU9IcHIrQ2dMS1grREVPaGlsNzc5U202WCsycFg1eGV2aUJyWStKNk1IUkhHaWt5CktNTFBBUUtCZ1FDNXdvMFU2REF6NlN4Z3lCQkM3N2lBVWtsbU5vOFhoZnlEWGlwUWJDalMwV0RycWZPd2EyVDgKRkR1aXhhOHBmM0taWEdDQzQ1eU1BblZmWUY0dW1GU09xZkRPR0QyZFBlOWk3RWl1cWtOT1BZR0VXbk9hNzVuSApvdlNMN0Qvakg2L2Z0Tmh2UkVtdER2elBiT2x6VmY5bkk4M1pYZmpXQWl3YVFjMDlyYVlUbFE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURmRENDQW1TZ0F3SUJBZ0lSQU1yQTQreVRCL1dzejJDVzVKTkZRd1F3RFFZSktvWklodmNOQVFFTEJRQXcKTXpFeE1DOEdBMVVFQXhNb0wwTk9QVUZrYldsemMybHZiaUJEYjI1MGNtOXNiR1Z5SUZkbFltaHZiMnNnUkdWdApieUJEUVRBZUZ3MHlNakV5TWpZd01ERTJNRFJhRncweU56RXlNamN3TURFMk1EUmFNQzh4TFRBckJnTlZCQU1UCkpDOURUajFrWVhSeVpXVXRkMlZpYUc5dmF5MXpaWEoyWlhJdVpHRjBjbVZsTG5OMll6Q0NBU0l3RFFZSktvWkkKaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFNaERZNUFrREdQZ3FmdklMVGJQak1iNjdsei9MN2g1STF5cAo4b1FNbXFTNkhncmp1UDdmd0hoR3VSMHRuY3U5V1lzM0RJQzJZNm82WlFMell5MXc1OWU3WnVNdVdEMGFRQjkxCi9LYWdyNXB0cEZyTjB6eFduS1pCU0hMSGdidURVd2FCN2k1bHZ6YUVOVnZpcGdwYWc4TDEvdmZJT2owWU9ieEEKUlpOMENQOXc1QkloYnVSc2hnSDd6YzhxaEVwZDJZOWQyNTVIQTUvYjhFNnV4TCttb1hwLyt3ZkEvOUwyNlVhVwpWeVMvRU5jVGtUWGZlSWJrL00wazlNdzJIN1NuZDEzQmZsSlNYeUhlZ2x4OFBDNm5WQ3lONnZKMXg2TEZNU21YCkJWUXI5TVltWW5melRmOGtuWkxWc2pGeFJuZVIyZTQ4N25rMWxuOU1wOXNWWjFaWEtja0NBd0VBQWFPQmpqQ0IKaXpBT0JnTlZIUThCQWY4RUJBTUNCYUF3SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQwpNQXdHQTFVZEV3RUIvd1FDTUFBd0h3WURWUjBqQkJnd0ZvQVUwSzU4WVE4REIzd1VhdnFUTDRBUFQrRGpRSHd3Ckt3WURWUjBSQkNRd0lvSWdaR0YwY21WbExYZGxZbWh2YjJzdGMyVnlkbVZ5TG1SaGRISmxaUzV6ZG1Nd0RRWUoKS29aSWh2Y05BUUVMQlFBRGdnRUJBSGc0UmYwaU9TajR2cFozdUNtVXlUM2ZCV0Z6L3ZDOEcxeUVzWVZXR1NYSwo2Ni8zRHEyazR0Vkd0MWhSaFp3a1R4dVRXTkpiejRzcmZYOEhIVi8va2RsbmlmbldLQnFKNFVYVHFSS1ZjaWc5ClkyYWtleXEydEN5MUFTcVltMVBLWGVxUjFrZkpoZVhKZU80UVorWnpoaE45VmNqWUpQTCs0OWhFc2tFRmJRenIKSHZPUDVwamsyYjl3K0plUExaMkVHZC9KeG11cjhmVzA4YjFkMTYvUjVxMUZ2bnN0Z2RFUjV2b2k4UmJhSmV0agplSmtyc096YUovUC93K3NaaUZVU2todnlNZkpiZ0RVSTh2aG80VFl6aFlZV0NPUnJoRzdGSFVsWWpMNU0xVnQwCjFEWkJvNEdkUFhPRFErRTRQdzIvM0xwdGs3RDBPWlJRVWhZRFgrL2VmMHM9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBNkI4STdsckhCR1BDOUowSkFpZldGNDFLbGRBVlN1Z29uQUFjeDU4UzdqRUVabEZNClBpcWpsdDhUenFaOVlQVThYT25xSFc4NmZ0ZlJZQXI2czFWaERJT0NCMjVXM3h1MDVKelg4aFpMK2tjcTNMWGQKZWZPc2hUSVkwN2wwZHpNR3QzZ1V5SnptLzZkUlRQQzg0VjU4dWpxbGRjbEJTY1JWVnFRSTZPemwzVVFva3RLegpPcEYrQUMwci90cDBoWnlEd3gwMGUrYkZCS2ExbEtSYTNhTllHWVRuU2p6cm1EY0FDU21LcmZDM3BCLzh3V3lnClpuNHVEeU1GVjhnaHJNVFNiQUUzOFRud08xQU81c0RDUk92Qm5CQ3lpTUtUditHMmNLTFRtRm1wMUxkWlRSOVAKdy9BZzZocVVWOUdYQ0hpTGJoVkRJZ3pYS2lXVzgrNVMyb2tCendJREFRQUJBb0lCQUV4VmFHcDZEOWl4dGZzYgphVXI4THJ1d0MwY1pGdWQ3VVY5NzZmcjdwUTRQc0pLMVNZMW9HRVFWT0Q1TklnNHdsNWsyazNiNmpSSUpoeUUrCmV4TmVrSHU5QTVYT0EyTjdpUkZsUXQ2cDFuS0gxT0NnTGlWY3JPOWdlaW1tWTFhUHdUVzBsNkVoZUJXNndGRzkKR1dCRDRtQ2J5SzNqY1VVQSs4OXlRanZYTEFDSE9TODlyeWpBRGJHeFJWR1FLRy9BMXBKaWhGaFVqUlI2a3F5TApyMng5aUpuYmlKYm1tY1N6VklqOFgra3d1TEQwWjlWbTB6N1duZ1kvYktIS0U3OWRxQkRpaG1mMzFuNHB4ZzJOCktnTU5ka1JZVGllYVJDQmJIRlBDR1VQTWlWMzNLd0I5eGVLamVsK0k1OXFSL0JldFovQ0FjV1FNZTVTM0phY2cKYUhGOEhBRUNnWUVBN2NDdW03OUh3ZjBIbFUyWWpDYkFvWnZsYjlRVWUxNDE3emN2YkQ1dVFmMTdkd1ZFQWlqdApYcG9STzB4dGZwUTgvTERpT00rcWl4NWdlZGRLLzJ3WnRJZ09nRjFRY09Kd3gvdTZwODAveTNNdE5IclJ5aU40CnpVZk1jdDQ1REF6UXl0OG4xVG5ZU3I4by9jRHNRVDVQSXBqTDFWRlNqNnJBTGdlMVdBalpLMkVDZ1lFQStlKzEKSHRFemEvckwvYXE3Q3NWZ2R1ejBPRVN5M1dkQW0xUXA2TksvWWp1SlVJQjMyODZKd2lxcVdyZko1bDZhUzhkaQo5ZytWSllzY3lSQjM3OGJVRkdlMzU0bEtRSThJcUlTTU1MTnpCbnVVQlY5ZmN0STBIYUNXdnV3N2NvT3FaTGVhClJ3ZkwyZTdaTEgvSVhqb3QrYTEzWmlqdjROcjRBYjY2YVFiWTZ5OENnWUVBakpjZUtaZEk5WnVNdW1zeVE5NCsKbHRJN01JKzJ0T1VXKzZna2NOdlNFMCt6ak1RZVhUQ2FmUkNhRS9pejN1QUYyRjg0eHVOMk0rSDRwdFA2MDJPMwpKNXcxQnc4bkhEbXErM2NOLzJCTjB4Nytva1BtZnFQUE1ZUzlqMGQ5Y0hTN210dXZFRld1WXpUN0ptTEkwaVBvClk4cjY3ZCt5OUtYQ0V2WVg5RUQzT3NFQ2dZRUE2Q0pZQVpCaUJ5Yy9zWkdSK1ZZSzIwb0hKZi9BZE55Q2FBSUsKanNDMm1vRWJieFp5dkVlZk1TUzVabHFPL2hUZGtBWlhCcHpBZE1jNDdCSU1vem56SGlTYTdVUlpINDc1aHJMZApGaHFGZWY3ckl2Wkt5M1VxakYzcnhOWFovT2tIS0ZaU3h5Z1prSWREVkE0MnhqV1pIKzJhR050cXVGZ0h3bThuCjZZWS9rR2NDZ1lCWlo2dUFNd0ozcHNTd0lESFRhYk1JLzRnU2ZUYTdwSTh3VHBiQkROTnRvcE94eEw3V1RXVE8KbW5mOVk3YkYyMjkxMnBaL2lhMXM1MlVWMU8vdTB0R3Q1OVNvN1ExclBrSHc0THQ2UjhTK3NRaG1GbC9xcmc4ZApITlBPN2tHbmdVZUhQZjRPdXB2WHVNTXNzTVNoK2JWQVZSMTJwV05BUjEraER1cVNLQTBGZ3c9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURmRENDQW1TZ0F3SUJBZ0lSQUltM3hneEF2MVNwRm5BdlVrMk85UFl3RFFZSktvWklodmNOQVFFTEJRQXcKTXpFeE1DOEdBMVVFQXhNb0wwTk9QVUZrYldsemMybHZiaUJEYjI1MGNtOXNiR1Z5SUZkbFltaHZiMnNnUkdWdApieUJEUVRBZUZ3MHlNekF4TVRJd016RTVNRFZhRncweU9EQXhNVE13TXpFNU1EVmFNQzh4TFRBckJnTlZCQU1UCkpDOURUajFrWVhSeVpXVXRkMlZpYUc5dmF5MXpaWEoyWlhJdVpHRjBjbVZsTG5OMll6Q0NBU0l3RFFZSktvWkkKaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFPZ2ZDTzVheHdSand2U2RDUUluMWhlTlNwWFFGVXJvS0p3QQpITWVmRXU0eEJHWlJURDRxbzViZkU4Nm1mV0QxUEZ6cDZoMXZPbjdYMFdBSytyTlZZUXlEZ2dkdVZ0OGJ0T1NjCjEvSVdTL3BIS3R5MTNYbnpySVV5R05PNWRIY3pCcmQ0Rk1pYzV2K25VVXp3dk9GZWZMbzZwWFhKUVVuRVZWYWsKQ09qczVkMUVLSkxTc3pxUmZnQXRLLzdhZElXY2c4TWROSHZteFFTbXRaU2tXdDJqV0JtRTUwbzg2NWczQUFrcAppcTN3dDZRZi9NRnNvR1orTGc4akJWZklJYXpFMG13Qk4vRTU4RHRRRHViQXdrVHJ3WndRc29qQ2s3L2h0bkNpCjA1aFpxZFMzV1UwZlQ4UHdJT29hbEZmUmx3aDRpMjRWUXlJTTF5b2xsdlB1VXRxSkFjOENBd0VBQWFPQmpqQ0IKaXpBT0JnTlZIUThCQWY4RUJBTUNCYUF3SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQwpNQXdHQTFVZEV3RUIvd1FDTUFBd0h3WURWUjBqQkJnd0ZvQVUwV055NmRBN0VkRGhtSDVrMEFUVkY4TFcrSEF3Ckt3WURWUjBSQkNRd0lvSWdaR0YwY21WbExYZGxZbWh2YjJzdGMyVnlkbVZ5TG1SaGRISmxaUzV6ZG1Nd0RRWUoKS29aSWh2Y05BUUVMQlFBRGdnRUJBQTZNVWhOVFFJYjN6cGhXdDR3aWNkK2g1emVGb0R5T2NDbkJ4eFFYeEhYcgpoVVBYYUhlakJHTkNnK1orR0REenJway9CMG1EdXppU3ordkc1SEhnSW5WbGNMK3JDeGMvcno3N3loamEwUXRMCnJQQ3JEYmo2UXY3THFuKzZHMUVheldYM3QxSUs3RU9QSjhpbDdncmM4UmV0WUNEdUt3RE9JT2dRTndmamJaUnEKb3lOMWNYNjU2OS82YXFTU3pDT3BCd3VqanJ6SFlpUU5UakRraTB1a0dyYkcyYlJxVGVwd2wrTkpjN2EzMkwxTQpiMGE3dWNHSFQ3K0hxcjFhd3BRM3d4S0FZd3RlTUFJeFAvZGVOQlY4UHNBRmtBNnpueklmMjNDTDRVRG9lbU9sClRXMU5nb0hSVHBUeTd2cGZQRjNmUjlxWEk5K0I1ZkhjSVlKeEc3Zmp4c289Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K --- # Source: datree-admission-webhook/templates/cluster-scan-cronjob.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -507,7 +507,7 @@ metadata: spec: # get the current time, subtract 5 minutes, extract the minutes and inject it into the cron expression # if helm installation was done at 13:35, the cron expression will be 30 * * * *, which means the job will run at 14:30, 15:30, 16:30, etc. - schedule: "11 * * * *" # every hour, starting 55 minutes after helm installation + schedule: "14 * * * *" # every hour, starting 55 minutes after helm installation jobTemplate: spec: backoffLimit: 4 @@ -706,7 +706,7 @@ webhooks: name: datree-webhook-server namespace: datree path: "/validate" - caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVakNDQWpxZ0F3SUJBZ0lSQUxKOUsyZ3FEaUVxdXNPNUlWREJBWmt3RFFZSktvWklodmNOQVFFTEJRQXcKTXpFeE1DOEdBMVVFQXhNb0wwTk9QVUZrYldsemMybHZiaUJEYjI1MGNtOXNiR1Z5SUZkbFltaHZiMnNnUkdWdApieUJEUVRBZUZ3MHlNakV5TWpZd01ERTJNRFJhRncweU56RXlNamN3TURFMk1EUmFNRE14TVRBdkJnTlZCQU1UCktDOURUajFCWkcxcGMzTnBiMjRnUTI5dWRISnZiR3hsY2lCWFpXSm9iMjlySUVSbGJXOGdRMEV3Z2dFaU1BMEcKQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUURzb0wySnhueE85V25CSk44MzBwY0xrN1Y3UG1OQgpaeFR4Y3lNNWdTSGNvcXo0TUg0RmZlS2Q1QXU3YkEyczYybmpWaDVUYjM1U1FJTlVEdFMvTU5TZDg1Tm5PdW5PCjFhcENld2NkVWxFZ3pZMVJ2clVHNDdic1U3U09yVXBxUmpSZ3d3b0pwWnZTbzJOaUYwYlJsTGlJYzFWSldPVkwKRkFvUUdYV0hMMnRrdEs3dlh4SDc5MStNczRaR2c1UDRhT1k4bEpRODl1SVovbFExbXVFNE9tUlN3bnJpaHRLUworWDkzdjh6c1pLYTJGanZFKzVWc0I3QjZFS3pySDJBRm5RUU9NUXNiT1NzRm9iQU5pTEx4UXFwV1p0a2pvQ3JUCmN0dWhwVDVUUjFyR2Y1eUFsL2ZDUTZSNjNFQlZFVkFoaURrUXI5aTA4d0FFeXJyTnVwKzdTclQzQWdNQkFBR2oKWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDcERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSApBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVMEs1OFlROERCM3dVYXZxVEw0QVBUK0RqClFId3dEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQU9uUE9YMjNEdldoVWY3WUhwbHE0LzhpN1F1cnlZbVdHenoKUXlMMGRQZm92d2VyQ080NUY1ZGY4dVdqSW5yc2xKN1gwVkR3VVQ3QXg0aHI4dkFqVjRyRGltOWw2dm96cDJPbwp5Zm1wcHlvWDU0VnVvVGFEYkxFUkpTaXVBaXJDcGxURkFxQ0NRM29qa0Rpb0ZjdU1oZEZQNFdDSHV0YUEybTYrCkVyTkd6WkFnZ3UrNWRpcnN6WTZ6L0NtSnNwcnhxeFFzNm16a3RpN3dhNWVNR21BeUNNaDBDcnRsTmRaQ0xBL08KZll3eFRvOFVralUxNGhKVUVsOHlaOEhPS3duN0dTUkJleFdKeHJDWkw4MExYeGRzMnpwMWVIQ3kxZXEvNTQrSAplV2w2Z3dJOFNkc3lScnFUbEcwTGw4aUJ5MjBYSGtRaU5CY2FER3AyU1BUYkp3Sk1LVmM9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVakNDQWpxZ0F3SUJBZ0lSQUl0anNlN1l6N3ZuSHVSMHExb1JtWnd3RFFZSktvWklodmNOQVFFTEJRQXcKTXpFeE1DOEdBMVVFQXhNb0wwTk9QVUZrYldsemMybHZiaUJEYjI1MGNtOXNiR1Z5SUZkbFltaHZiMnNnUkdWdApieUJEUVRBZUZ3MHlNekF4TVRJd016RTVNRFZhRncweU9EQXhNVE13TXpFNU1EVmFNRE14TVRBdkJnTlZCQU1UCktDOURUajFCWkcxcGMzTnBiMjRnUTI5dWRISnZiR3hsY2lCWFpXSm9iMjlySUVSbGJXOGdRMEV3Z2dFaU1BMEcKQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUURDcmRLdGJ4TFZ4UkZIYlF5UGZTNWpKZWdWOW1FaApUbVlsbk9ONlpSZTlFODQrY1RNRFZkeWRPSlp2UkpzeVA5YldhTFl5cGxsN1ZvbERUb2RnTm1nWCtPRDVvZys4ClR1OHozQk1YTFc5SHBvRGdLU0pGbkl3bkhXZjFaMVc5K3F4REtFYTFXNVg4dmo1c3loU2xJU0FRMWo2aDBGWGcKb25Sc1VidTBJTHI0SjR2SmhFRWx4VHBIQThGcVViZGJoalRKT2xnVm9WTWJpMTN4SlVPUmtmN1BmTmcwYmVUcApxd3p6bnlZR05zdUZlbXdOSXBNZGlxZXVIdGJ1ZHB2c0szNzc2anBweXJhcHNneFBpVEUyZmJ3cjFJMDVFWDBWCjFubm9YSGNKYi9kQlo4cmtNYzJuSVZEZXBkdXBwcUtYYnlXTlBRMmQzelNtdUtxbzdtZHFrWTBUQWdNQkFBR2oKWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDcERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSApBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVMFdOeTZkQTdFZERobUg1azBBVFZGOExXCitIQXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBRU1uRExjOXZoTkVMa1BzME5HdHMzTlp6RVQ4M2E4ODMvLzIKQm9iaXJTUThOWDhpc1A2WmYwcDRtWEtnU2dzN3FEai9qblowZFdiN2tlUDFxZnRmZktrMnNCRmUraEI2VUxQUgoycFZoQkVURXlIcktYNklnTFpUejBBcU1YWDVXemVUVTRCNlNzRXR0bTVGOWtWK1luWE85S2dNWnlzZEYxU1lQCitoOHY0QTJmUVVBSCtkcDd3ZHRzcnZxN0QzMUlaNlZkWlU3RXRzUjZJZExTYnluck15QXFHT0hyKzdxRTNqUmQKS2UxcXlTQkJRQWxSY3NWb29Ud2V3SjI0MTVENGF6WWhKa1NiQXhPK0gvaFkrb0w2UDhkeTdUbU1YQTRsNkdYVQp6T3pqMm9LRzVzRGlHVmNyM250TGpBelh0Q2ZuZHU0bUhPQTlDS0t4OGlzY1R3VVcydG89Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K namespaceSelector: matchExpressions: - key: admission.datree/validate From bd566f9666a42f03b41a4d798d44c56986b42ecb Mon Sep 17 00:00:00 2001 From: marcel-dempers Date: Wed, 18 Jan 2023 20:02:59 +1100 Subject: [PATCH 10/12] updates and testing --- .../datree/manifests/datree.0.1.46-enforce.yaml | 12 ++++++------ kubernetes/datree/manifests/datree.0.1.46.yaml | 12 ++++++------ 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/kubernetes/datree/manifests/datree.0.1.46-enforce.yaml b/kubernetes/datree/manifests/datree.0.1.46-enforce.yaml index 4124f41..3acfd78 100644 --- a/kubernetes/datree/manifests/datree.0.1.46-enforce.yaml +++ b/kubernetes/datree/manifests/datree.0.1.46-enforce.yaml @@ -84,8 +84,8 @@ metadata: namespace: datree type: kubernetes.io/tls data: - tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBNHZiVnZJUzc0N1B2eFQyMER4amQ5ZFBUSGhJcWlYbUdlc1BEd2EwdFVoUFJPZjFLCm0yZ0Z4YjVpNkl5TEE2Zi81R00wT0xZVGVNc1pQSUlycytSMGpyZ016b1lXdWRZSlQ2ayttZmFyaGtlUGJ1NTcKWGg5NHBOamttTVhkOHNROS8rVkpoTnRNRFN0MjlkaHlOZ2o1am1Ea3NUNHRFUXF3aHcvOXZSRVlYYlJOazR4LwovMm5TMkdjdnhXVkU3WFlzZ3pNOVRXS3VqR01tQ2h1dXY3WEZweEtBbllRbDNPUUV2YUVQNC9rdmUyWFJsZStPCmNYbW16eXhMa29VMXNPQlRMclhqMU04V3pIRTNiMGtPcFdHV2toVjc3b0RJRlAwS1RXY29kVTN5V2JxaU9TM2UKajJmSGJlaXpmRXZsUWdsOStTdUwvNjdjK2RLTHBSbTJva0JSS1FJREFRQUJBb0lCQURkdVhZa3JTZEEwOUF4UwpJNVhFVndGZytLRFJndjRNWmlHNWlpZlZLY3B2K0p1WEZ3K1plajl2WGl5NWxvSVFGOWtwdVdsWVhxMFR2VmdmCjJwaVc1VGl1RHNLcDBRY1dGVFFWZTZxU3FoV2ppSTVwUkV3YWw1WjdPbWx0ZWVWK3REMjVQQmxzamNoeG94NHIKL01qaHJFRnZ2S3JsS3BDTThjd3F4YWZWY3dQL1BUdzFwUkVxRnpTRkxjamplK2xCNWZUWFdxV2RqMFpkQzdjQwpyVTVQNXZMZEVSRUZnU1dLY3FMd0RRL3MyclNqTEEzREdSSzJQa0hDblJ6cm52ZmIxNWVxNHhCQ253eTQ4WlByCnAzekxZV29BSXlMendObHNTdW5ETU01T1VjRE9wYk84a3RFVHZKZVErUGkvSVBpMXNHUUQ4MEdyS1NuazBkZHQKbWpBNWtXRUNnWUVBL3kxSm5KWUl1anExOGFsZGY4d0R6SWN4RVRLNUxIcW5ZRjhJZ2NLcDQ3WXdGK0d1c2c5cApia2lIdnBqY3pvNVVmZUNvMUhoSGw3L2NRUTIza2E0MW1aRnByYzhna0dINlFTd0h3RERHeHBjZXJRY2hOeVdpCkJPL2dYdC9nRUlSTWN6cE1IVTMrSTVBQm9uamZJUFdLTDVXYXFUellHV1FrZUU1cEVlRXEvUjBDZ1lFQTQ3SkEKTGxDSnZ6dFN0cE5DNXkrZTJkQ2NubG1NR014SVMxQXcwdFNZSVR1ajM2bnBVSEJ1cDBMTmdZZ2RBaDhwc05lYwo2N2ZDVHlucHFsN0tNQS90MEF1K250UWErYllOYmNHT1Y5SWZyL0F3K2VrRnZ6d2J4bm5kd1BSNnhicndIRmNxCkVpaWxKS0V5UXZ1dW9uVkZmSDBGNEtmdUtua2xubk5VQXkrQ2duMENnWUJpRktBa3BhNTVGalAwelNwNUFvdTcKUTROaW51SjU3RE1GWWNHOVRudEtZUzZmSDBtc2V5d0ZEYS9QWEtZU1pyYW5JNEVCR2JJNjY2M1crMVRCay9wYQpLb0E2SkZEWjdpN29lZW9JdnpiSUFqSHlRN2xLbnhabFcyWWNVV1NvTkpIR0FIUmRGeXRGdEFaTTByVEEwRi9xCjVrL3FHTTdmQTVUWkFScDFtdHlSS1FLQmdRQ2QrKy9NTXRWZ2Vpakp4U09HaE9RUy9VdXVFelBCZ1B3b1JWdWEKN1NjZzUrQ3NMNWhTMTYvdkhjcTVOVmZyUVBRTVg0M2hmMzZ5cnNJU0UvTDFwaGU3WW1yQWlTcXVXRUs1QkxOZQorOHhBcHNkVW52bjkxaGJ2ZjE3OW9xUU16Y2dMNGU2dTZzU3F4YTI2RENiL1VaOEU0VHBTeGpIYUJuU3puQkdPCnBFaEpnUUtCZ1FEb1NVNDJQbnl4djlOM2JMYmc1SE1rTHp5cDVHdVhOVTdRZjN2dEw0TzB5M2gxcDN0N1c1QnEKM2tuTzI4SS8yR3hibTE5RllOdnlHMnpvaG5ReHFUR2dGTmx2aGMyKzMxaGRpMVZyZndGVENlbzNPbTRuWm04ZApBdEE0Z0x0aE55K3hDWHZieHZuT0x4WkU3UWh4aE1UdWkyYW4rY1I4L0xHdHNaNXc1R09jK2c9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVVENDQWptZ0F3SUJBZ0lRQTZSWVVlb1BUQzRuc2dOQ3JWQXZBekFOQmdrcWhraUc5dzBCQVFzRkFEQXoKTVRFd0x3WURWUVFERXlndlEwNDlRV1J0YVhOemFXOXVJRU52Ym5SeWIyeHNaWElnVjJWaWFHOXZheUJFWlcxdgpJRU5CTUI0WERUSXpNREV4TXpBeE1ESXdNbG9YRFRJNE1ERXhOREF4TURJd01sb3dNekV4TUM4R0ExVUVBeE1vCkwwTk9QVUZrYldsemMybHZiaUJEYjI1MGNtOXNiR1Z5SUZkbFltaHZiMnNnUkdWdGJ5QkRRVENDQVNJd0RRWUoKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBT0wyMWJ5RXUrT3o3OFU5dEE4WTNmWFQweDRTS29sNQpobnJEdzhHdExWSVQwVG45U3B0b0JjVytZdWlNaXdPbi8rUmpORGkyRTNqTEdUeUNLN1BrZEk2NERNNkdGcm5XCkNVK3BQcG4ycTRaSGoyN3VlMTRmZUtUWTVKakYzZkxFUGYvbFNZVGJUQTByZHZYWWNqWUkrWTVnNUxFK0xSRUsKc0ljUC9iMFJHRjIwVFpPTWYvOXAwdGhuTDhWbFJPMTJMSU16UFUxaXJveGpKZ29icnIrMXhhY1NnSjJFSmR6awpCTDJoRCtQNUwzdGwwWlh2am5GNXBzOHNTNUtGTmJEZ1V5NjE0OVRQRnN4eE4yOUpEcVZobHBJVmUrNkF5QlQ5CkNrMW5LSFZOOGxtNm9qa3QzbzlueDIzb3MzeEw1VUlKZmZrcmkvK3UzUG5TaTZVWnRxSkFVU2tDQXdFQUFhTmgKTUY4d0RnWURWUjBQQVFIL0JBUURBZ0trTUIwR0ExVWRKUVFXTUJRR0NDc0dBUVVGQndNQkJnZ3JCZ0VGQlFjRApBakFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQjBHQTFVZERnUVdCQlFSU3FISWVWN3k5cGlDdDRYYXpNYjVIMEI0CnpEQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFvblpOQ0NlU1lkSmZuTHhXWGM4T1pkcDJudWFxVUFEU2M0M0gKSFhsSzk5c3hlUWRZUEVyaGxLTHhyNmNaT0lXZTRjSVNVdnEzL3B1bktieCsva3FiQU5TRWhaQ1hkMjhIbWtoMgpIc0hXRjFlWkZDR0FEMDZ6TlJzUHNhTllIUHlyN3lGbmlTc0hOME81YUxWT2FDaVYzZHJCRmRReG5LemVrbnlkClVmaURNUExyazNveENCYnBpMlIyS3hQckU4T1hTcWtoem9RbzdtQys5M1dHdXJHckNyWnoyRUEyL0ZSdll6Uk8KVU43Q0haU1c1UGFRWGtIQlozTzFRTTZKdmhjdTNEM3VnZVhFN2d1NW5qYWVWL1hyWW04M09kUDBTY3AwSytsTwpOT1JNUmlGakJmcHliQ2NVR205THNEamF4UExEY2RHVnIrNWF6SVBNckx2VlhLdS9jZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBM3gydlg4YzdlanZpb0dyZWJmeGNSaDA5WWk2bmFxU3YvQXlEQ0lnVW9LSnFIZ1NBCmNUbU1FVXY0R3F2YUFGdWk5QmVFY0lZUXNhektZSWRTUkUxdmw3bm94K2hLSmRmRVZ4Y1lVaHZaOExaQ0tDNzEKRTdsZGZmUmQyM0kveHhrRE1rZCtTN1FNV1IxaXd5U05nRDU3cktBbVNxQlNVWStkSVpwQWNyQ0EwVStaY2ZteAprNUtRQXRodk9GYzZXWndtVjNpSjhOdzk0Q3ppVkIyRTNIVDZDZDlYcG9IdWlhN3pPWFZKamlCT0RubVRlZ0Y1Cmg5ZStZekx6cThxbUFLb3RkU08xNUQvSVhqSUNIYXdGMUFYeHNDQXlFUm1iN2FvZmo5a3N0M3BiTVJZeG0zTVUKbnY2aUJ6MGxKOXExcTBoNUJleXVmdk5JWTVXY3l5cEd2SGQrd1FJREFRQUJBb0lCQUVpMzlDRFRYcDlJUldUagpiL3VJOU1vbFhZeFNpRjVKcnRJSGdlMlY3S011VEVmY1Q4Q1hjUDl5TXpyK0o5OVYvcFp2MDhxWTUzZ0JTVFNNCjVsTThxZEpaMVhUU1VOaGtxcWwzN1lWVmJvTDE1RG9Vayt3SnpsN3U5bWcvcEduUHpTcm1BbFBLS3Z3Z2g3L3kKZWV3Q2NXeWlCZGpzeCtldFZ4bE1uUlRFVWpmbGpkbzhJdHJ4ajBEem5zUmgxZDVJaC9NZjJ6ekRQTXN0UGMyZgpxUDBGNGFNVkFLN2p6Qnp6cjNMNC81d1lwUXR2RUowSDcrViswTjZYOTFJUE85YWtaVE5UMmJXNDR1MXN6UmhFCkJ3dDJINmJUQ1VoTjVMUmszYTRnNEozTVd0cEhZSThHRVRVeGdaeElBeFhMRiszak1zU3JGb3NyN05EUTZhUWQKL1BDVWJRRUNnWUVBOURmcGxNdkNMVnhQRUF6RDdhcDQvNGRxYloyTXU5SGVwcFpkbUViRTVoWE9zNXVRZzN1dQp1U203OVB4dXQ0QTlhK3Z2NWNIditXWVdQc005MnAyWXA5Z2k3OVJQeHJFclhTdlFHU3E0UGh4MVlKV0VnY2R3ClIra1NiYm9rdTNLeGZKYlJta21SR2dMQ2tyOE9WSjBMWENnamEvaEJUQmkvZ0svUDZQZHRlWDBDZ1lFQTZlRW8KZ0RnaDgvbUl6TUxkOXBVVHZIQVUxNFlsTk11ay9qOW8rajFNd3gxbjJMcnM0RFlVeWMxR0RTeFlaK2l5VTRQTgppZ1lwRlY0SmRiTDRaYThBc21TRVcxUXNUckFZN1Y2UzN6Nkc1NVNZQmtYTnRSQnhQSHREbU5oY2JIYlhEdUNBCkc5cEpBK3ZSY21sbFBVZlRRTkt3bElaSU90aGgrQy80djJTUlBaVUNnWUErdnRiT21nTkxzRG5ILzkrZkFudVAKKzNUR3NRSGxoNmhTMkxNM1dvZGdMaDRyV3o2bjZYRWN0YkpLNFVoNDhRUFc1SW1BV0hHVmZEc2U2UDdOV2t4TQpZMldtaEwveVpyYWplNHc5eXhJSE16eWRFZzAzWXN4Z1RXdWtzWHlhaEg5QmFXWjA0NDNhUnZkQ3lMK2YwYkdICmZmQ0wzdjYzMUd2dlhqeG11SnR4NlFLQmdDNDRxV0J0dDRnWUVNa20yZWNabjBUbWdiZjJjdlAwS3k5MEtMTUwKMmxmVlAraTlTSU1uTFFTVTVQdEZnRk5JMGJWZm53ZGdJRTV3dnozYm1PdS9va3VmUWVrcXdYYnJwb0dDNTFQbgpiNUhrOUFhSlZSWXJvYlZxUnZtMkNNNEd6b25LSklkY3BJRjU0WExURVljQzR1VTB2bUVjQ0xwWWVVUXJkdVdjClluZmhBb0dBSkttM0RIYmlTU3MyaXZQa1FJNVFDNGZtLzBLV0IyZmpkVkZwTitLSzFrdDBBVUxWbTQ0OWhwTFcKWmVWMndGM29qUkxhamRmZnFGNjJCekYrU2pyY25Ed1g2SXFsT0F6b0xvaFdMc3hRYUlNL0xQRk9OakxlQW1YTAp2UUt6UXdJRElIaCtnekFDUy9jdEFzVXpuS0tIRTRqWmxFVnRnUko0WWxVSDdwd0FaZTQ9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVakNDQWpxZ0F3SUJBZ0lSQUs4TTRaaDl3TzJicFJieUY5VVR1UU13RFFZSktvWklodmNOQVFFTEJRQXcKTXpFeE1DOEdBMVVFQXhNb0wwTk9QVUZrYldsemMybHZiaUJEYjI1MGNtOXNiR1Z5SUZkbFltaHZiMnNnUkdWdApieUJEUVRBZUZ3MHlNekF4TVRnd09EVTFNRFphRncweU9EQXhNVGt3T0RVMU1EWmFNRE14TVRBdkJnTlZCQU1UCktDOURUajFCWkcxcGMzTnBiMjRnUTI5dWRISnZiR3hsY2lCWFpXSm9iMjlySUVSbGJXOGdRMEV3Z2dFaU1BMEcKQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUURmSGE5Znh6dDZPK0tnYXQ1dC9GeEdIVDFpTHFkcQpwSy84RElNSWlCU2dvbW9lQklCeE9Zd1JTL2dhcTlvQVc2TDBGNFJ3aGhDeHJNcGdoMUpFVFcrWHVlakg2RW9sCjE4UlhGeGhTRzlud3RrSW9MdlVUdVYxOTlGM2Jjai9IR1FNeVIzNUx0QXhaSFdMREpJMkFQbnVzb0NaS29GSlIKajUwaG1rQnlzSURSVDVseCtiR1RrcEFDMkc4NFZ6cFpuQ1pYZUludzNEM2dMT0pVSFlUY2RQb0ozMWVtZ2U2Sgpydk01ZFVtT0lFNE9lWk42QVhtSDE3NWpNdk9yeXFZQXFpMTFJN1hrUDhoZU1nSWRyQVhVQmZHd0lESVJHWnZ0CnFoK1AyU3kzZWxzeEZqR2JjeFNlL3FJSFBTVW4ycldyU0hrRjdLNSs4MGhqbFp6TEtrYThkMzdCQWdNQkFBR2oKWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDcERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSApBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVV0MvNUp3bTNQZ1BXYW9TanNpelE2aHJCCm82Y3dEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBS2lEdDZoVkZVN1RTekkvQWV4bXd0b3I3eUo4Qmg4L2Y1ZVIKTWJCSGN3dFRrTUpIazFuVUV2WG5GQS9xK1BDdzd3eXdUaHp0T0hwUkM1N3QvWkMwYkF5WUtRV1JJVEx5NWpDVwpUbDJRL1l5UkdKVlJjT0xQUWhWT1krcW1BdzluVklVTGRROWs0SEtPeUM0T1g2TmRCUktOazdjdlBzakpOc1M5CjRreUtCVUQyelArUGpGdDVEZUFFZXpRSmRwR2xiNXVyQnNHUldCZC8zODNYa01pOG5sSWhtbUFxVVlpcjFsc3cKRlNEWS9saDc5RDg0bTUzdFlVc0R2UjdwZ0pKbUtCOWRBUGJxOG1jQzdRUm5jd0tQSjdhUUJjTlpvNU1IZ3FFNAptelRlMnNybGhqbXcvSEFnMGdiM0RnME5hQzNzYlpTUytzeUhyVllyWVdQSHRWdDk2ZXc9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K --- # Source: datree-admission-webhook/templates/webhook-with-cert-secrets.yaml apiVersion: v1 @@ -106,8 +106,8 @@ metadata: self-signed-cert: "true" type: kubernetes.io/tls data: - tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcGdJQkFBS0NBUUVBeXNsMEEra2R6dVkyTm1JaUliOGJLVEhYWUJrbDhsU0M2YU5pbUVFQkc0ZGdPbkluClhiSXlMU0tMRG9lcU9MdU9kcnVWcHNJTTRoeldPcGN3MVRQSi91MjBFVVVvUlB3QXFrUk1jV1RqNnlDU3VkRmEKa05IaE00U2Y4QTMzekJEbVVLWWZFcVpxMktFcWRVbkc0SGluTTNNVTRxYnM5b01FbVY0TG9KbGFDL2FkYlQvdAo4bCtDb0RPYytnWERQWDhXd3IvcEROS1JocVQ5Q1VzUFJHNWlZSGR4S0VuQmtiaG1ZTlVwcVhaVEtRWEkzNVdqCmd6R3M0TXBiVGZHVVBFS2ZIZjdPNEJRdmhtK3JsWGM5UnRPc2xESS8zVnJuRDVEVE5VZVRxRlFHT29IeDVGbUgKaU94MFRnN1l3cm1abkZrTUNLcjJqUkNnSjY1UklzWWFMRzQ1RXdJREFRQUJBb0lCQVFDekJGcWRwU3JDWHFxWApJZFNkMC9ablRHK2tqeTdYbWRHajdhOTVWMUZoK3dWeE14c2JkTmNrenl6UkcrU2locmlDaXFEWEFOR2N2dlpECjdQcVlERXNTK01jUXcrdUQwcS9IbjltWDlRZmJwdnJBZlZlbEp4TFdod3NtUVQ1eThLeFJvQVVvVXE5YUpCUzIKUy9YOGJhYTFIYS9mVXBzNEYzdDA1UGdBdzhBaGMvYXZVRE5id3p3RTZONmR1RmVFTkJ0MWNwNkI3a3Y1RzJrUgo3SGxMMEdKU0tEdlk0K0lwQTdvSDNVTW5nT3ZmR3g4d1kxKzZxTm1JV1lOZkRQdVRvWFl5Qmg3VEo3SC9sdFdECnZDOUdBZ29tWFNTdXE2UVFkZVVVN0hET0JVQ09wMUFWYVVmcWs1Tk04WVNDQ20vanVtazZRYVRSTUJ4TkY1MkgKVy9MMHQ0b0pBb0dCQVBDVDNLNDl1TXJFS2FQZG1pNm9rWDB5ajhWMzZXeDMzK0cwVnpMRDNjc3d5TzNoQmNCeApRZkNCMTVDazYrYUJnYWxZRkRYQlU2T01nWnBvaDJKK2FSSXdST1Ztb2ZUYXhHbWhZakdIeVpDd3lYYTJDb29kCkVzM0lQS1FTb0J1dS9leE1EZ1hsdk9XYmtLTHZWVVllcEs4V2QxWEQ5QnRYRCt6OUFlUFU4cUJIQW9HQkFOZkoKWjliQXNFdG4yeVI4T2pZVDVHU3FndHVBdGsyNFoyZStRZDdkSWxxQ240YWE5b1ZDQXpKNlYzQ2RqQ1lCeXNLZgpiK2ZpRmlrVG9lYjh1M1E0Nndydi84dGU4cWZPOGRWbm9UbXFvcFdXZHRiQm8xNi9hWE82dzFOQnpHYVp3NnBzCkJ1N1d6ZEFhYURpZGlHWGFlOHZCT2xxQWZ0UDg2cE5iUGo1ME56TFZBb0dCQU9HOGZGZHFSdGpMMDU2VXNyV1IKS21MbGJJNEhoQmxwS2NPbzZpRVNOQzBTYTViNWkrSVU0NkIrMVB3K0k3TzRWU2ZISTcrRTFhd2lqUUdMajIxVgoyOVZiUVdwWE1TU0ZtY0xiMFQxVWdrZW4rb0hQTW5pQjYwRDM0QjY3ODB2R21UQjk5TEtIN1FVdFFUd0JnbXczCkdLUEpXdFE0OS9ZbmJTUWNDd2Z5cW03RkFvR0JBTmMvSzFwM21TT090SFUvaWQxNW1FQ21LYVFGVDFSVmxxaFEKaTJwZzBTelIwWWsydUtPU2hwZnFtNkJWTjRDT0Z4QnVjL1V0ZkFkN2N1dHp2UlVnMWF4eVhJa2o3QTlpQ2E5agpFTnJ5RC80Qk9nZmMzamJiM3JlM1c3R0lGL2xjZG1aZ0hjWk85THdhSzA0V0xnSFRuOXRPb3dPMTIwMWdveWxjClFjbVFxYU1GQW9HQkFLQlhoVWorWE9zWXoyOVFxMU9DTWZvU1hEQlFYQWtLNnROYjk3Ym9VZ3BmYlNLSkl1bEgKT01CVWpkZ09DSzBZOGw0TTRaYWVGY25uL3RJMlhMQ1V2Q24yUEViOUovS05hWEhxL25xR1BiYnd3NWl4ZXdzZQpJQlBoYkJjM3NtMzBQOXJ4R2FWNGNYdUpDN08yaG1yQlFsZHdtOGRGMDdXbmRabHhzNnlMT2tqeAotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURlekNDQW1PZ0F3SUJBZ0lRV3BOb0FoT1FNTmw2M3owalF3RXVmakFOQmdrcWhraUc5dzBCQVFzRkFEQXoKTVRFd0x3WURWUVFERXlndlEwNDlRV1J0YVhOemFXOXVJRU52Ym5SeWIyeHNaWElnVjJWaWFHOXZheUJFWlcxdgpJRU5CTUI0WERUSXpNREV4TXpBeE1ESXdNbG9YRFRJNE1ERXhOREF4TURJd01sb3dMekV0TUNzR0ExVUVBeE1rCkwwTk9QV1JoZEhKbFpTMTNaV0pvYjI5ckxYTmxjblpsY2k1a1lYUnlaV1V1YzNaak1JSUJJakFOQmdrcWhraUcKOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXlzbDBBK2tkenVZMk5tSWlJYjhiS1RIWFlCa2w4bFNDNmFOaQptRUVCRzRkZ09uSW5YYkl5TFNLTERvZXFPTHVPZHJ1VnBzSU00aHpXT3BjdzFUUEovdTIwRVVVb1JQd0Fxa1JNCmNXVGo2eUNTdWRGYWtOSGhNNFNmOEEzM3pCRG1VS1lmRXFacTJLRXFkVW5HNEhpbk0zTVU0cWJzOW9NRW1WNEwKb0psYUMvYWRiVC90OGwrQ29ET2MrZ1hEUFg4V3dyL3BETktSaHFUOUNVc1BSRzVpWUhkeEtFbkJrYmhtWU5VcApxWFpUS1FYSTM1V2pnekdzNE1wYlRmR1VQRUtmSGY3TzRCUXZobStybFhjOVJ0T3NsREkvM1ZybkQ1RFROVWVUCnFGUUdPb0h4NUZtSGlPeDBUZzdZd3JtWm5Ga01DS3IyalJDZ0o2NVJJc1lhTEc0NUV3SURBUUFCbzRHT01JR0wKTUE0R0ExVWREd0VCL3dRRUF3SUZvREFkQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJdwpEQVlEVlIwVEFRSC9CQUl3QURBZkJnTlZIU01FR0RBV2dCUVJTcUhJZVY3eTlwaUN0NFhhek1iNUgwQjR6REFyCkJnTlZIUkVFSkRBaWdpQmtZWFJ5WldVdGQyVmlhRzl2YXkxelpYSjJaWEl1WkdGMGNtVmxMbk4yWXpBTkJna3EKaGtpRzl3MEJBUXNGQUFPQ0FRRUFoQ25WWjF5aktXOGhoc2x1ZmRZdzZ0b3ZXSjdrRFhHUVNrL3cxbjhGUFZKQQpHZm90NzZGSzZHckQ5YlV1MWlXUWQzUTFVUE1Bb1A5ajRFYUxBeWdZUG1SVDZHOFJvRzM3bWVlaVU2Mmo2THQyCmVZUWdKT0xNMWlzMGdLdXJvSzBBMjN6RzZHMldIeHphODBpVVN1Ky9OM1U2NHZKVDQ4NHNpOW1uNjc0OUNkNFAKYUVmWXZCY0dHZmwzNW9WazJkMzhZeThPd1gyd2ovTXRmakc0eDdweElJMUQ4TVV5TWY5M2liOFpKSS9RVUx5MQpYRVFIeFZ5bzJBTTEyYWNRQjBkZnlac24rRzBpZXVTYTQ2czdRSFVjSnRsOG5ieGJLMEhET25DVWxBeUl4RjFLClRzNDBKMXJiMFJFUlJMYlkvczMvOU1hYlNrWHhtSURLb2FybkFZVHZNUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBeDV5WmFMaWFaMFdrQXFWMFBSejRFR0plYldyYkJ2bFl0RGxwbDZxa241U3FXdUE0ClR1amdLVW8zNFYvcjQ4N3JWR3c5eHBaN3FoWkxCQzRBYndjZWJuRGI3UFdHZzc5TXNUTjl3M0tzUEY2YkthcUcKWkdUOUk3WVZGc2QycUJleGVnSEtFSVFQc3NXelNteVFHUWRGZXlsSDlPRkN5a1ZKUDJpdTM2T1dWc3NwbHpCSgp3RW56MjYzQ2JIQXIvWFZ3QUE0MXlBaXRIUDJrWmYyL2ZaWGRKU0JCQ0JnSjdGb1YzTVZVbmRhVzhXRWVYRDdhCjQ1MkJKWkpLQzJORCs2WFEwdHluaFFVeFlYSzA3eTdTSHZiSDlOTWQ4bWd5S3NHVWdTRFdNV3lBV2srMElYTlcKZVFpbVNkd1I3czFyMkFJNUNteUVWSmMwMTk3VFR0ZGluNzBQSFFJREFRQUJBb0lCQUdvdDNkaTdvYjVmWi8vVQpYUUdKSUZjdXpFWHR1alo2ZW5uYnRGUnQvQVc3QWVjM01CeWhlV1BkUzk1QnRPdklESndxdTYyZ0xJWHNOOWt3ClV5QzhLNjdacjlMYlE4TmZCZitZZ1VSdkFqbFdwYmpETVp2RHNIZkhpbTVFaWRTZVRkUzFrUE82RzlPZm9HQnQKWVRVL0RmR1dvdVVhMGZsZ1k3Y3NDeUdCRmg1eUlKOUhHRUl5d1NBNUNQd2tnR3RtYks5M085MXNWcG13YjcvVAo1aTJOUGRVOThHaHFORjJMQjg3cTBBYVI3ekhPMGNkQ29OZitZUTQzR0JKM0hvRFpSNHJCQ2xvY3dacXJrN2FPClF6Mlp3SDQ2U084cHlkTWdTUE1IckpOdVlqZ01peWdZQ2ZXT0VqcHVwVThUWVZ6T3V6TmQ0TWQyU3doSVVYUm8KVWNRNHAwMENnWUVBN0lLODAraXpNYTNDZkFyM05UangzWnhFUjFodXdUTGJXUHg3VmNQdktoYkJNajRpVUVHVQptY1BKeWdscmF2TUlEMm9tdzBlTzhJSDdWTDU5Tm9rcGFSV0RZbU84eFFrRyt1TVFUcGtpaTYvOWJxNVg5eEQrClRNaUZWcGxFNGZBQThwcFhxSVRIUHFrQTlOeFhHWXROMjJOaEtBUWJuYTFPSHNXVzVrbFdnZE1DZ1lFQTJBOTMKaGsrMG92b3JKM0VGdWZVT0tDTmpLRXBIeFN1Ym5xMTJBS1Q3enFSVlpYZm9NV0hBcWpVZVBWTG9jK3l0NzkvOQpVVGJpY2ZmcDFaS1VTSS90Yk9iZkkrM2MvM3VqZjFmRHBieWw0Q05iaUZIOUZpbnBCbUpXM3BMaDZQWjVTNGt2ClZJZFFzQ2ZwQkVEWWdBeEZ2bm1saHlWdldHZXBBYkllcnJscXBVOENnWUVBeHFBWmN5SW5jOTVJeWlIdmNNd3QKRy85RHZHTkJTSkdzY3pRL1pFelR5NVltbEVwb1NOeDZyeFFsb0w1K2J1aEI2YWd0ZTZ6YUY1UWgvZzZvVzZlZgpsbmdSeWd5WEdTYTJyUGNLMStkMWdyaS9iemVOK3BsVDZDb3pDUUpaUGlKd3VVM3p0andrbExRY2NJZW53blVpCll0QTRaUUhtSzJyRGc4WlBMNEdCM0M4Q2dZRUFwTU0rdWF6a3FuZ3VHbmpGRGljRE1iYXlzaEhiSTAvNjc0bUYKK0QzWVRKL2pBMnJxSldaUEh6MDhuelV2VU4vSFVLcTJLWTI2SjRFUHo2OWs1dVRqQU80YWNmSzlXaEsxL3JFMQo0Smk0d2ZFVXB5TW01aFQxdjhtVVIwMHBlNWNocm1taUwwcTFUSEJTOE14bWpWZE9oRStOM0Q2KzUySzliaTZmCjJVeEtPRjhDZ1lBLzlBc3hmRHVYRHdlb044eDZRODZlaTM1VTQxNE1NK1ZZK0l1ZWRlMU1MN1p1UCtSMTlvVEQKSjdYTERXaHZpUWMxMThYcWNRb2l6czdmcXB3YlRPM2gwNDBxMFV5Zk9TalQxb2VZcjVua1pIR2VrT0tINldGMQpXcFhCMWZSWDZ2SUxPVVloSGtEUWtCMTI2cWJIRmRXVUkrMENhOVRxeDFlNWN3YVNOOHo4cVE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURlekNDQW1PZ0F3SUJBZ0lRRXN2eFdLU3hJTnVtMUlhOTdmK1RNakFOQmdrcWhraUc5dzBCQVFzRkFEQXoKTVRFd0x3WURWUVFERXlndlEwNDlRV1J0YVhOemFXOXVJRU52Ym5SeWIyeHNaWElnVjJWaWFHOXZheUJFWlcxdgpJRU5CTUI0WERUSXpNREV4T0RBNE5UVXdObG9YRFRJNE1ERXhPVEE0TlRVd05sb3dMekV0TUNzR0ExVUVBeE1rCkwwTk9QV1JoZEhKbFpTMTNaV0pvYjI5ckxYTmxjblpsY2k1a1lYUnlaV1V1YzNaak1JSUJJakFOQmdrcWhraUcKOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXg1eVphTGlhWjBXa0FxVjBQUno0RUdKZWJXcmJCdmxZdERscApsNnFrbjVTcVd1QTRUdWpnS1VvMzRWL3I0ODdyVkd3OXhwWjdxaFpMQkM0QWJ3Y2VibkRiN1BXR2c3OU1zVE45CnczS3NQRjZiS2FxR1pHVDlJN1lWRnNkMnFCZXhlZ0hLRUlRUHNzV3pTbXlRR1FkRmV5bEg5T0ZDeWtWSlAyaXUKMzZPV1Zzc3BsekJKd0VuejI2M0NiSEFyL1hWd0FBNDF5QWl0SFAya1pmMi9mWlhkSlNCQkNCZ0o3Rm9WM01WVQpuZGFXOFdFZVhEN2E0NTJCSlpKS0MyTkQrNlhRMHR5bmhRVXhZWEswN3k3U0h2Ykg5Tk1kOG1neUtzR1VnU0RXCk1XeUFXayswSVhOV2VRaW1TZHdSN3MxcjJBSTVDbXlFVkpjMDE5N1RUdGRpbjcwUEhRSURBUUFCbzRHT01JR0wKTUE0R0ExVWREd0VCL3dRRUF3SUZvREFkQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJdwpEQVlEVlIwVEFRSC9CQUl3QURBZkJnTlZIU01FR0RBV2dCUllML2tuQ2JjK0E5WnFoS095TE5EcUdzR2pwekFyCkJnTlZIUkVFSkRBaWdpQmtZWFJ5WldVdGQyVmlhRzl2YXkxelpYSjJaWEl1WkdGMGNtVmxMbk4yWXpBTkJna3EKaGtpRzl3MEJBUXNGQUFPQ0FRRUFLU2E3TXowSG9xMEprT3h5UjI3Um9rQVM3MVVuVDFZTG5QS2tFSVpZaHVncAowSU5yZFpTVjVDa0FPWitCWkJHRElia2lVVzdnM3lNNUJjRDM3NmV0cFpXWlNnL1JyZ1FvRkxrY2t5dnczWHVDCk43QjU1Y3gvMFozemFOVXg5d1BlSXFJd0FwZjgxQUVqSlEwNllLSFhvbE5aakNTRTdNSlQyc2VpY054MTJUMGgKUVUvdHhLRm03MEhYSlN6L0YzVWxaaUxEeGswZnd3a2FvVVk0ZDlHL0tuRlRRaDEybW05QlNHQVNIdW5zUHdMSwpNcUF3SngzU2lpSURpQk82cVNWdlB0dWhlUHp3S2MxNDYzSHk2dUs4RkVnaktqSGlUd2pMSjNlZTBUZTFOVEtCCmlWTk5VSmxKNHhBa1Fqd1dGbUYvUkdqS1dBRmtwRFAzWUZlMnYwSG1XQT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K --- # Source: datree-admission-webhook/templates/cluster-scan-cronjob.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -507,7 +507,7 @@ metadata: spec: # get the current time, subtract 5 minutes, extract the minutes and inject it into the cron expression # if helm installation was done at 13:35, the cron expression will be 30 * * * *, which means the job will run at 14:30, 15:30, 16:30, etc. - schedule: "57 * * * *" # every hour, starting 55 minutes after helm installation + schedule: "50 * * * *" # every hour, starting 55 minutes after helm installation jobTemplate: spec: backoffLimit: 4 @@ -706,7 +706,7 @@ webhooks: name: datree-webhook-server namespace: datree path: "/validate" - caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVVENDQWptZ0F3SUJBZ0lRQTZSWVVlb1BUQzRuc2dOQ3JWQXZBekFOQmdrcWhraUc5dzBCQVFzRkFEQXoKTVRFd0x3WURWUVFERXlndlEwNDlRV1J0YVhOemFXOXVJRU52Ym5SeWIyeHNaWElnVjJWaWFHOXZheUJFWlcxdgpJRU5CTUI0WERUSXpNREV4TXpBeE1ESXdNbG9YRFRJNE1ERXhOREF4TURJd01sb3dNekV4TUM4R0ExVUVBeE1vCkwwTk9QVUZrYldsemMybHZiaUJEYjI1MGNtOXNiR1Z5SUZkbFltaHZiMnNnUkdWdGJ5QkRRVENDQVNJd0RRWUoKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBT0wyMWJ5RXUrT3o3OFU5dEE4WTNmWFQweDRTS29sNQpobnJEdzhHdExWSVQwVG45U3B0b0JjVytZdWlNaXdPbi8rUmpORGkyRTNqTEdUeUNLN1BrZEk2NERNNkdGcm5XCkNVK3BQcG4ycTRaSGoyN3VlMTRmZUtUWTVKakYzZkxFUGYvbFNZVGJUQTByZHZYWWNqWUkrWTVnNUxFK0xSRUsKc0ljUC9iMFJHRjIwVFpPTWYvOXAwdGhuTDhWbFJPMTJMSU16UFUxaXJveGpKZ29icnIrMXhhY1NnSjJFSmR6awpCTDJoRCtQNUwzdGwwWlh2am5GNXBzOHNTNUtGTmJEZ1V5NjE0OVRQRnN4eE4yOUpEcVZobHBJVmUrNkF5QlQ5CkNrMW5LSFZOOGxtNm9qa3QzbzlueDIzb3MzeEw1VUlKZmZrcmkvK3UzUG5TaTZVWnRxSkFVU2tDQXdFQUFhTmgKTUY4d0RnWURWUjBQQVFIL0JBUURBZ0trTUIwR0ExVWRKUVFXTUJRR0NDc0dBUVVGQndNQkJnZ3JCZ0VGQlFjRApBakFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQjBHQTFVZERnUVdCQlFSU3FISWVWN3k5cGlDdDRYYXpNYjVIMEI0CnpEQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFvblpOQ0NlU1lkSmZuTHhXWGM4T1pkcDJudWFxVUFEU2M0M0gKSFhsSzk5c3hlUWRZUEVyaGxLTHhyNmNaT0lXZTRjSVNVdnEzL3B1bktieCsva3FiQU5TRWhaQ1hkMjhIbWtoMgpIc0hXRjFlWkZDR0FEMDZ6TlJzUHNhTllIUHlyN3lGbmlTc0hOME81YUxWT2FDaVYzZHJCRmRReG5LemVrbnlkClVmaURNUExyazNveENCYnBpMlIyS3hQckU4T1hTcWtoem9RbzdtQys5M1dHdXJHckNyWnoyRUEyL0ZSdll6Uk8KVU43Q0haU1c1UGFRWGtIQlozTzFRTTZKdmhjdTNEM3VnZVhFN2d1NW5qYWVWL1hyWW04M09kUDBTY3AwSytsTwpOT1JNUmlGakJmcHliQ2NVR205THNEamF4UExEY2RHVnIrNWF6SVBNckx2VlhLdS9jZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVakNDQWpxZ0F3SUJBZ0lSQUs4TTRaaDl3TzJicFJieUY5VVR1UU13RFFZSktvWklodmNOQVFFTEJRQXcKTXpFeE1DOEdBMVVFQXhNb0wwTk9QVUZrYldsemMybHZiaUJEYjI1MGNtOXNiR1Z5SUZkbFltaHZiMnNnUkdWdApieUJEUVRBZUZ3MHlNekF4TVRnd09EVTFNRFphRncweU9EQXhNVGt3T0RVMU1EWmFNRE14TVRBdkJnTlZCQU1UCktDOURUajFCWkcxcGMzTnBiMjRnUTI5dWRISnZiR3hsY2lCWFpXSm9iMjlySUVSbGJXOGdRMEV3Z2dFaU1BMEcKQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUURmSGE5Znh6dDZPK0tnYXQ1dC9GeEdIVDFpTHFkcQpwSy84RElNSWlCU2dvbW9lQklCeE9Zd1JTL2dhcTlvQVc2TDBGNFJ3aGhDeHJNcGdoMUpFVFcrWHVlakg2RW9sCjE4UlhGeGhTRzlud3RrSW9MdlVUdVYxOTlGM2Jjai9IR1FNeVIzNUx0QXhaSFdMREpJMkFQbnVzb0NaS29GSlIKajUwaG1rQnlzSURSVDVseCtiR1RrcEFDMkc4NFZ6cFpuQ1pYZUludzNEM2dMT0pVSFlUY2RQb0ozMWVtZ2U2Sgpydk01ZFVtT0lFNE9lWk42QVhtSDE3NWpNdk9yeXFZQXFpMTFJN1hrUDhoZU1nSWRyQVhVQmZHd0lESVJHWnZ0CnFoK1AyU3kzZWxzeEZqR2JjeFNlL3FJSFBTVW4ycldyU0hrRjdLNSs4MGhqbFp6TEtrYThkMzdCQWdNQkFBR2oKWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDcERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSApBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVV0MvNUp3bTNQZ1BXYW9TanNpelE2aHJCCm82Y3dEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBS2lEdDZoVkZVN1RTekkvQWV4bXd0b3I3eUo4Qmg4L2Y1ZVIKTWJCSGN3dFRrTUpIazFuVUV2WG5GQS9xK1BDdzd3eXdUaHp0T0hwUkM1N3QvWkMwYkF5WUtRV1JJVEx5NWpDVwpUbDJRL1l5UkdKVlJjT0xQUWhWT1krcW1BdzluVklVTGRROWs0SEtPeUM0T1g2TmRCUktOazdjdlBzakpOc1M5CjRreUtCVUQyelArUGpGdDVEZUFFZXpRSmRwR2xiNXVyQnNHUldCZC8zODNYa01pOG5sSWhtbUFxVVlpcjFsc3cKRlNEWS9saDc5RDg0bTUzdFlVc0R2UjdwZ0pKbUtCOWRBUGJxOG1jQzdRUm5jd0tQSjdhUUJjTlpvNU1IZ3FFNAptelRlMnNybGhqbXcvSEFnMGdiM0RnME5hQzNzYlpTUytzeUhyVllyWVdQSHRWdDk2ZXc9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K namespaceSelector: matchExpressions: - key: admission.datree/validate diff --git a/kubernetes/datree/manifests/datree.0.1.46.yaml b/kubernetes/datree/manifests/datree.0.1.46.yaml index a1f6538..f050067 100644 --- a/kubernetes/datree/manifests/datree.0.1.46.yaml +++ b/kubernetes/datree/manifests/datree.0.1.46.yaml @@ -84,8 +84,8 @@ metadata: namespace: datree type: kubernetes.io/tls data: - tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBd3EzU3JXOFMxY1VSUjIwTWozMHVZeVhvRmZaaElVNW1KWnpqZW1VWHZSUE9QbkV6CkExWGNuVGlXYjBTYk1qL1cxbWkyTXFaWmUxYUpRMDZIWURab0YvamcrYUlQdkU3dk05d1RGeTF2UjZhQTRDa2kKUlp5TUp4MW45V2RWdmZxc1F5aEd0VnVWL0w0K2JNb1VwU0VnRU5ZK29kQlY0S0owYkZHN3RDQzYrQ2VMeVlSQgpKY1U2UndQQmFsRzNXNFkweVRwWUZhRlRHNHRkOFNWRGtaSCt6M3pZTkczazZhc004NThtQmpiTGhYcHNEU0tUCkhZcW5yaDdXN25hYjdDdCsrK282YWNxMnFiSU1UNGt4Tm4yOEs5U05PUkY5RmRaNTZGeDNDVy8zUVdmSzVESE4KcHlGUTNxWGJxYWFpbDI4bGpUME5uZDgwcHJpcXFPNW5hcEdORXdJREFRQUJBb0lCQUdKZHBlZlFDYnBOdXE5VwpZRlJZTWdvUzZ6TzlxOUpDWk1aNGdWQWtxRnYzRit6aEVaK0wwTTczK3JyNTlWanNmTWNWWFlvMkYxeUVteEtSCktVSHArNnF4TEN1MlFURXF5UjV4QW94aGZxcTdiTDdXeWVSV2QxS0VQelQySTVLOGlESGV0ZXVJL1Q0WmVqMUoKMWlpaGxpd3J0TFhhS0tvNks0MVh0dm9LMTYzdW1zYW02WjhuTjBHRjBKSkpPSkdacEluQXZEUTJaa2hIR0s3RgpvZmdzamVEbGVod2Q1MzBIMzczMHN4bGRybVBkT2s3bUk2cVdyd1RXTTJhK1lsY3V3Q0xNdkJLWGJIVm43enJkCjFDTUxLSDhkcHhzZ3ZGZ2tXdnpJWDNYUjVmd2RMZ29Wa0F2WkYwMlBWeVpyV2FDU0Y2S2N1ZkVGS282MVZJQUQKTEZhRTI5RUNnWUVBeXQvWXRYZitwNk1BU3FESVFQanNYeDZ1QTlnZXJRMit3ZmhrZ2dzYnR5QzAxei9QTS90SApYUUtuOWFreTRFZUswTGJoL1N0cEx0MmxNSG1ITy9EeUo5cHdaenZBWEhEazY2SDZPdmRHMFhFclJFNXFYYkZzCjFHZTAwejMzbC8xK2IzT3YxWThhbFQ0MWZrZDdia2VCdXdhSXJBdGVEQ1VMMDlObWFLcCswUzhDZ1lFQTlhaVUKSG5UaXJkaitIUS9mdjI5K2p4NTBlTkMvY0x5UmJnVTZaemI0SEtCRWhsamJ0TW9YRlhiZ1ZBeHNOZEZDSStUZQpMczkyZTgxYm94d1g5QitrdGtFK05wSzNPTlZsREwzWTBKczNvYmQ1bVYrYlRHajM3cUMyUThhaXVTelpYbG9iClVWQUpEd21xb25QeUpuR1RCblBPdlRkSmc4TS96eU9sZmsvZm9WMENnWUFka0F6Mk5Ld3BKWG1QWm1xSC9UNEUKaG1YNUxXOGE3SnZWakNxcFFKRWpXR0xCMHd5UW1KZEhtSEY5UE5DckdnSENkRVB1TG5zL1Z4RVJSVVJObWNqUAp3ZWNMUkF1OTdMMlBFS1YwSGtCMW1MWWpXQUhyOFVUWWx0d2t4Q3ptT3d4SGxXWVVDcXhtL3crd2ZSNGhiYzRiCndOSDlzQkplVnErb2lHK3Q1TnBpQlFLQmdRRG14d0szQmZsNWRqTnJHK0dIbHZkZS9pNU8zVlFyVllxTnYrMlkKenlRUXlHTDNqdngvZjZabDdMSmJZdnc1SnFlcXpyUUhaN0NZSjFpaUI1OWRJR2o5S3BlR2J4Z2ZGU0dEOGNtQQpWNERRdEd0UXNXZFVSZnc4dWMvZ0pmZnlXL2FzVTV2OExHTUdOSCtQYzdzVmNIYTloZ2UrNi9SdEN2eWozSW40CitwSk1wUUtCZ1FDTUxhWFUyN2ppUE42Q1RUTkQ4bGZiSXp1YlJrRDJIazFSckF0NXpGMDUvVDljOHRyMG9uSXAKdnZPUTc0bGhUWWZIZWlYaUFIb2h4WjRNZGRTYnlEU2REdVI4OUtUYnNjV082RUpxZ0Vwb1FuTzE1cU5PazllbAp1OE1DdytYNDc0T0doVnk0U0RSL0FWSWhqeWl5czc0VzBIUHR0TzczVGhTQVlFYUxJckZHV1E9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVakNDQWpxZ0F3SUJBZ0lSQUl0anNlN1l6N3ZuSHVSMHExb1JtWnd3RFFZSktvWklodmNOQVFFTEJRQXcKTXpFeE1DOEdBMVVFQXhNb0wwTk9QVUZrYldsemMybHZiaUJEYjI1MGNtOXNiR1Z5SUZkbFltaHZiMnNnUkdWdApieUJEUVRBZUZ3MHlNekF4TVRJd016RTVNRFZhRncweU9EQXhNVE13TXpFNU1EVmFNRE14TVRBdkJnTlZCQU1UCktDOURUajFCWkcxcGMzTnBiMjRnUTI5dWRISnZiR3hsY2lCWFpXSm9iMjlySUVSbGJXOGdRMEV3Z2dFaU1BMEcKQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUURDcmRLdGJ4TFZ4UkZIYlF5UGZTNWpKZWdWOW1FaApUbVlsbk9ONlpSZTlFODQrY1RNRFZkeWRPSlp2UkpzeVA5YldhTFl5cGxsN1ZvbERUb2RnTm1nWCtPRDVvZys4ClR1OHozQk1YTFc5SHBvRGdLU0pGbkl3bkhXZjFaMVc5K3F4REtFYTFXNVg4dmo1c3loU2xJU0FRMWo2aDBGWGcKb25Sc1VidTBJTHI0SjR2SmhFRWx4VHBIQThGcVViZGJoalRKT2xnVm9WTWJpMTN4SlVPUmtmN1BmTmcwYmVUcApxd3p6bnlZR05zdUZlbXdOSXBNZGlxZXVIdGJ1ZHB2c0szNzc2anBweXJhcHNneFBpVEUyZmJ3cjFJMDVFWDBWCjFubm9YSGNKYi9kQlo4cmtNYzJuSVZEZXBkdXBwcUtYYnlXTlBRMmQzelNtdUtxbzdtZHFrWTBUQWdNQkFBR2oKWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDcERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSApBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVMFdOeTZkQTdFZERobUg1azBBVFZGOExXCitIQXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBRU1uRExjOXZoTkVMa1BzME5HdHMzTlp6RVQ4M2E4ODMvLzIKQm9iaXJTUThOWDhpc1A2WmYwcDRtWEtnU2dzN3FEai9qblowZFdiN2tlUDFxZnRmZktrMnNCRmUraEI2VUxQUgoycFZoQkVURXlIcktYNklnTFpUejBBcU1YWDVXemVUVTRCNlNzRXR0bTVGOWtWK1luWE85S2dNWnlzZEYxU1lQCitoOHY0QTJmUVVBSCtkcDd3ZHRzcnZxN0QzMUlaNlZkWlU3RXRzUjZJZExTYnluck15QXFHT0hyKzdxRTNqUmQKS2UxcXlTQkJRQWxSY3NWb29Ud2V3SjI0MTVENGF6WWhKa1NiQXhPK0gvaFkrb0w2UDhkeTdUbU1YQTRsNkdYVQp6T3pqMm9LRzVzRGlHVmNyM250TGpBelh0Q2ZuZHU0bUhPQTlDS0t4OGlzY1R3VVcydG89Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBbjBET0hhcklRU1A3Skc1Y1dEZWFmSmFVSHM2YklMTEFtMEF4Q1RFbVpud29BUTlHCmFEM01uNklqd3BGaVV4UGJMcEtqTUtRZm5jYTVLdWhleHZ2LzlNOGN4TFVCK0RGZnhlYkZvaGdoZHhFam94NnEKS0JmcVVqaURhY2xLMUJGWEtnQnZHZjFWczIxbWZwLzA2QnI1alRSTEJZdVZrWmEwNjZJK0drSkpVQ1c1MGpwcApYREdtdVhUaEYwQVhNT01RQS9Nb0tQTlBrYVA1UUZ6bUtyUFkxencxQ0xzVTk3eXRzK2d4N01ZM1dsVHRDWnVVCjYxNnRhNE1qSmNMRXF2ZVNVblhsUUNFMTBJYnJpNTl5eEtZTzRhUHNRUlpBaUd0WWhjWXVhNHdWdXpJK0xTZlcKN202NHlNOWNpN1Z4UlVjemNqRlM5NWR6R1hKWk9VVVB3YUduMndJREFRQUJBb0lCQVFDVHBjaXpWcmh0TklmTwpnZ2RadnN1YlFSdzQ1OEtKY1ZFRFgyTlhLMXQzM3hwVHlTNjB6TDhmTFh0TUUvQitKOFdwaTBpRGUxYll0L3JMCkhqOW82eENtanpNVDZPSFhreWRCV3pEV2xOcktBbmp3N2loQ0hkSWd3c2FMMkpWb3dsNzIwUW93cFdERWh1UmsKOTdaZlQwc1pNR2R4ejdVdkV2UFFGMDdPbDdCUy9nQzc0dnlaYTR4VmptdXBKNld5Y1VOTlR0WG42MUVxLzVjVwpTL3ZzRFNxdzlCaXIvRUUrL3N3K3lSdnlXeXIzMC9iZm44ZVY0blZnZmJic2U1Z1B3dmVNYlJOR2R3cjNzL1hzClcycW5tZ3NLWFg4b3lmUjlWUy82alozNnNzY0NLckx3bFhNQTRlcUhEWXJtOFZDZk5sc0ZFMnFhOVpOd21ublUKeHV6T2V4R3hBb0dCQU1nRllSakRyK283NDNFL3RlUXJLcTViN25XcktRbjdxdWpIVXg5b1pQYzFvajdDSUdndApITVQyaTM4eU1tbEw1ZXZ0cTd5NjNUcXA1ZGdIVlZaRjZqTENrZnBBTlhLaDBHL3FlaFFkMTNnMlZYTVBWTFRSCnUvUWdha2kxdEYwWkkyOTEzZU1zazdscVJOVGJxOGVTbmpPdkF6NXFtTXY3TU9DZ2JuQTJEbVhUQW9HQkFNdlMKbHFhc3E3RlNIMUVDNXE0b1pURTlYVFUxTkNRM09oSGtwTTBkMjJURmp0bGVWVnFPZ0c1Y0cwMHlTN2dyTGtZRwowbGV6Tm1TSVhFZ1VqYjZSRjg3aTlieXFIeFQ2cXNlNEU3LzlYNDM3NWkxTHlnSkxNY0xEMGo2aUpxdUJQZ01WCjBMT1BFdUZNczdmL3FyY2ozSHpyTlVMT1pFZEdYOTBOVGtGaHpralpBb0dBVkhWNUIzVHgzZzFGdjdjd1BkVkEKWTNsc0dvR1loWitnRGtURVE1bllNRTZVWUwybDQzZFJFNVlyVngxQ0RoWS9Vcno3N0doWExBTTdpMW1sWGhXTgppN3QrMmxXc2UrZjUxSmdFem1PL2JRSThXS1pibFRLT2s4bndOeDJLdUZqNkRvR05uUFJndUVVNEpVMVFucWU1Clo0ZDU3aXdpc3RjeFQxaE82ZERaaVlNQ2dZQkl4eXdsM1pmODIrNzB0VTE3T0U5UnNyQ2FkQ0huSUpVcW1ITEUKRHZvczFHSDZlYldPZlQyY3FtVFJQcmxNekpaY1NNbElxV1F0cDRjVDhjcmZGZDNqY0tVQU5kcWRXaGdxOGk2VApLank1YlEyMmRNNXYzVHVxYU5Pa3E2K1ZJN1BwMUJ0T1VqTVNvWm0yaEtNSGU5V2FBVDVtV1YzekdVelhtSTJ0CnlPZW9tUUtCZ0NtYUJadUdpaEYyTlJORjBRUkhaRmdXRWdwRk1rWFFVcHFSOHVFNlRTTlFJUWVSSEYzaXFhbzMKSmsvYjgzbzZlTUlTMTN0RDNWN0JMY1J2ckhQK0pBcG5sNk5BeXUrUVMzOVpkOVp4d0RGOUZueVJxRVg4ZE9uZApZWkVoMXNFTEdyRlVNa1hkRVZUNFFsQUN1Q01sUmQ0NGNaZ3lPSFZzMWlIZDZyUUJubjUyCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVakNDQWpxZ0F3SUJBZ0lSQUxKTmg1YnVYN1A0V1ZkcndXWWQzRG93RFFZSktvWklodmNOQVFFTEJRQXcKTXpFeE1DOEdBMVVFQXhNb0wwTk9QVUZrYldsemMybHZiaUJEYjI1MGNtOXNiR1Z5SUZkbFltaHZiMnNnUkdWdApieUJEUVRBZUZ3MHlNekF4TVRnd05URXhNVGxhRncweU9EQXhNVGt3TlRFeE1UbGFNRE14TVRBdkJnTlZCQU1UCktDOURUajFCWkcxcGMzTnBiMjRnUTI5dWRISnZiR3hsY2lCWFpXSm9iMjlySUVSbGJXOGdRMEV3Z2dFaU1BMEcKQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUNmUU00ZHFzaEJJL3NrYmx4WU41cDhscFFlenBzZwpzc0NiUURFSk1TWm1mQ2dCRDBab1BjeWZvaVBDa1dKVEU5c3VrcU13cEIrZHhya3E2RjdHKy8vMHp4ekV0UUg0Ck1WL0Y1c1dpR0NGM0VTT2pIcW9vRitwU09JTnB5VXJVRVZjcUFHOFovVld6YldaK24vVG9Hdm1OTkVzRmk1V1IKbHJUcm9qNGFRa2xRSmJuU09tbGNNYWE1ZE9FWFFCY3c0eEFEOHlnbzgwK1JvL2xBWE9ZcXM5alhQRFVJdXhUMwp2SzJ6NkRIc3hqZGFWTzBKbTVUclhxMXJneU1sd3NTcTk1SlNkZVZBSVRYUWh1dUxuM0xFcGc3aG8reEJGa0NJCmExaUZ4aTVyakJXN01qNHRKOWJ1YnJqSXoxeUx0WEZGUnpOeU1WTDNsM01aY2xrNVJRL0JvYWZiQWdNQkFBR2oKWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDcERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSApBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVeG82MXp0eEUrbEdia2JGcGpUOU0wTWVnCkgzWXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQ2lWSVhqREJPcXU5elR0d1FUMkFpZkJ2eFlXTWM4bXJoVnUKcWMzMnJUT0VRQ05vUkpQYkxZM01KeUFwZjJtOUxJNEN2SU1SMTIwc0ttYzRQTXE5ZzRCb291Yng0aWNsOFl1OAp1bmRuVWhmODAwSUp5YUthMittZjgzZjJmcmZXSlF1NzVMMnRrYys4WWtFWFZnR2cyazdxVXZkeThzdzRUTEZICmlPMktvVm5Xeit4R2FQb25BK09OK01lSUxDOGgrNlVNdjM5a2pTb29TV1M3amFHVDZXS2Z3aFExa1JJM2JIZS8KL05ZZHpjVkJibXJ0eFg1K1RvcmxNOSswcnoybnBwNkN5MlFSZHpuM3hKWHNGVk4wTml6V3pVZWErLzVEVndwSQpBeE1uSXBJNmpzME02cVJ4VUdZVHFOdTk1YkJSanVwQTFwVDJDZGFhYnp5NU0xK2VTaTg9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K --- # Source: datree-admission-webhook/templates/webhook-with-cert-secrets.yaml apiVersion: v1 @@ -106,8 +106,8 @@ metadata: self-signed-cert: "true" type: kubernetes.io/tls data: - tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBNkI4STdsckhCR1BDOUowSkFpZldGNDFLbGRBVlN1Z29uQUFjeDU4UzdqRUVabEZNClBpcWpsdDhUenFaOVlQVThYT25xSFc4NmZ0ZlJZQXI2czFWaERJT0NCMjVXM3h1MDVKelg4aFpMK2tjcTNMWGQKZWZPc2hUSVkwN2wwZHpNR3QzZ1V5SnptLzZkUlRQQzg0VjU4dWpxbGRjbEJTY1JWVnFRSTZPemwzVVFva3RLegpPcEYrQUMwci90cDBoWnlEd3gwMGUrYkZCS2ExbEtSYTNhTllHWVRuU2p6cm1EY0FDU21LcmZDM3BCLzh3V3lnClpuNHVEeU1GVjhnaHJNVFNiQUUzOFRud08xQU81c0RDUk92Qm5CQ3lpTUtUditHMmNLTFRtRm1wMUxkWlRSOVAKdy9BZzZocVVWOUdYQ0hpTGJoVkRJZ3pYS2lXVzgrNVMyb2tCendJREFRQUJBb0lCQUV4VmFHcDZEOWl4dGZzYgphVXI4THJ1d0MwY1pGdWQ3VVY5NzZmcjdwUTRQc0pLMVNZMW9HRVFWT0Q1TklnNHdsNWsyazNiNmpSSUpoeUUrCmV4TmVrSHU5QTVYT0EyTjdpUkZsUXQ2cDFuS0gxT0NnTGlWY3JPOWdlaW1tWTFhUHdUVzBsNkVoZUJXNndGRzkKR1dCRDRtQ2J5SzNqY1VVQSs4OXlRanZYTEFDSE9TODlyeWpBRGJHeFJWR1FLRy9BMXBKaWhGaFVqUlI2a3F5TApyMng5aUpuYmlKYm1tY1N6VklqOFgra3d1TEQwWjlWbTB6N1duZ1kvYktIS0U3OWRxQkRpaG1mMzFuNHB4ZzJOCktnTU5ka1JZVGllYVJDQmJIRlBDR1VQTWlWMzNLd0I5eGVLamVsK0k1OXFSL0JldFovQ0FjV1FNZTVTM0phY2cKYUhGOEhBRUNnWUVBN2NDdW03OUh3ZjBIbFUyWWpDYkFvWnZsYjlRVWUxNDE3emN2YkQ1dVFmMTdkd1ZFQWlqdApYcG9STzB4dGZwUTgvTERpT00rcWl4NWdlZGRLLzJ3WnRJZ09nRjFRY09Kd3gvdTZwODAveTNNdE5IclJ5aU40CnpVZk1jdDQ1REF6UXl0OG4xVG5ZU3I4by9jRHNRVDVQSXBqTDFWRlNqNnJBTGdlMVdBalpLMkVDZ1lFQStlKzEKSHRFemEvckwvYXE3Q3NWZ2R1ejBPRVN5M1dkQW0xUXA2TksvWWp1SlVJQjMyODZKd2lxcVdyZko1bDZhUzhkaQo5ZytWSllzY3lSQjM3OGJVRkdlMzU0bEtRSThJcUlTTU1MTnpCbnVVQlY5ZmN0STBIYUNXdnV3N2NvT3FaTGVhClJ3ZkwyZTdaTEgvSVhqb3QrYTEzWmlqdjROcjRBYjY2YVFiWTZ5OENnWUVBakpjZUtaZEk5WnVNdW1zeVE5NCsKbHRJN01JKzJ0T1VXKzZna2NOdlNFMCt6ak1RZVhUQ2FmUkNhRS9pejN1QUYyRjg0eHVOMk0rSDRwdFA2MDJPMwpKNXcxQnc4bkhEbXErM2NOLzJCTjB4Nytva1BtZnFQUE1ZUzlqMGQ5Y0hTN210dXZFRld1WXpUN0ptTEkwaVBvClk4cjY3ZCt5OUtYQ0V2WVg5RUQzT3NFQ2dZRUE2Q0pZQVpCaUJ5Yy9zWkdSK1ZZSzIwb0hKZi9BZE55Q2FBSUsKanNDMm1vRWJieFp5dkVlZk1TUzVabHFPL2hUZGtBWlhCcHpBZE1jNDdCSU1vem56SGlTYTdVUlpINDc1aHJMZApGaHFGZWY3ckl2Wkt5M1VxakYzcnhOWFovT2tIS0ZaU3h5Z1prSWREVkE0MnhqV1pIKzJhR050cXVGZ0h3bThuCjZZWS9rR2NDZ1lCWlo2dUFNd0ozcHNTd0lESFRhYk1JLzRnU2ZUYTdwSTh3VHBiQkROTnRvcE94eEw3V1RXVE8KbW5mOVk3YkYyMjkxMnBaL2lhMXM1MlVWMU8vdTB0R3Q1OVNvN1ExclBrSHc0THQ2UjhTK3NRaG1GbC9xcmc4ZApITlBPN2tHbmdVZUhQZjRPdXB2WHVNTXNzTVNoK2JWQVZSMTJwV05BUjEraER1cVNLQTBGZ3c9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURmRENDQW1TZ0F3SUJBZ0lSQUltM3hneEF2MVNwRm5BdlVrMk85UFl3RFFZSktvWklodmNOQVFFTEJRQXcKTXpFeE1DOEdBMVVFQXhNb0wwTk9QVUZrYldsemMybHZiaUJEYjI1MGNtOXNiR1Z5SUZkbFltaHZiMnNnUkdWdApieUJEUVRBZUZ3MHlNekF4TVRJd016RTVNRFZhRncweU9EQXhNVE13TXpFNU1EVmFNQzh4TFRBckJnTlZCQU1UCkpDOURUajFrWVhSeVpXVXRkMlZpYUc5dmF5MXpaWEoyWlhJdVpHRjBjbVZsTG5OMll6Q0NBU0l3RFFZSktvWkkKaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFPZ2ZDTzVheHdSand2U2RDUUluMWhlTlNwWFFGVXJvS0p3QQpITWVmRXU0eEJHWlJURDRxbzViZkU4Nm1mV0QxUEZ6cDZoMXZPbjdYMFdBSytyTlZZUXlEZ2dkdVZ0OGJ0T1NjCjEvSVdTL3BIS3R5MTNYbnpySVV5R05PNWRIY3pCcmQ0Rk1pYzV2K25VVXp3dk9GZWZMbzZwWFhKUVVuRVZWYWsKQ09qczVkMUVLSkxTc3pxUmZnQXRLLzdhZElXY2c4TWROSHZteFFTbXRaU2tXdDJqV0JtRTUwbzg2NWczQUFrcAppcTN3dDZRZi9NRnNvR1orTGc4akJWZklJYXpFMG13Qk4vRTU4RHRRRHViQXdrVHJ3WndRc29qQ2s3L2h0bkNpCjA1aFpxZFMzV1UwZlQ4UHdJT29hbEZmUmx3aDRpMjRWUXlJTTF5b2xsdlB1VXRxSkFjOENBd0VBQWFPQmpqQ0IKaXpBT0JnTlZIUThCQWY4RUJBTUNCYUF3SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQwpNQXdHQTFVZEV3RUIvd1FDTUFBd0h3WURWUjBqQkJnd0ZvQVUwV055NmRBN0VkRGhtSDVrMEFUVkY4TFcrSEF3Ckt3WURWUjBSQkNRd0lvSWdaR0YwY21WbExYZGxZbWh2YjJzdGMyVnlkbVZ5TG1SaGRISmxaUzV6ZG1Nd0RRWUoKS29aSWh2Y05BUUVMQlFBRGdnRUJBQTZNVWhOVFFJYjN6cGhXdDR3aWNkK2g1emVGb0R5T2NDbkJ4eFFYeEhYcgpoVVBYYUhlakJHTkNnK1orR0REenJway9CMG1EdXppU3ordkc1SEhnSW5WbGNMK3JDeGMvcno3N3loamEwUXRMCnJQQ3JEYmo2UXY3THFuKzZHMUVheldYM3QxSUs3RU9QSjhpbDdncmM4UmV0WUNEdUt3RE9JT2dRTndmamJaUnEKb3lOMWNYNjU2OS82YXFTU3pDT3BCd3VqanJ6SFlpUU5UakRraTB1a0dyYkcyYlJxVGVwd2wrTkpjN2EzMkwxTQpiMGE3dWNHSFQ3K0hxcjFhd3BRM3d4S0FZd3RlTUFJeFAvZGVOQlY4UHNBRmtBNnpueklmMjNDTDRVRG9lbU9sClRXMU5nb0hSVHBUeTd2cGZQRjNmUjlxWEk5K0I1ZkhjSVlKeEc3Zmp4c289Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBcDk2Yzc2eTREMlVybGtVNlZDMmZzZytaWS9VWFVmL1NvZFZyVlBFbU5zMUpNbGp0CmZOYSt2RVZXNllqQ3cyQnc2RExBZURGeWw2SWsvYjR1TGpHOEYwSEhhK3RjMk5Mc2tnLzJhUTQrM1NnWkxsM3UKOXJmaFNDMWUwMkVNWHh0bnIyZU82RW1EVlE1SjFCSzVWSG1Qa1VYMHI5Mm84TXVSOGZERytPYjFPUW82TWtocgo1WHZNWW0wMmVURnlwLzc3alNzN1JLZEZnOXF0Z1VVcHhYejVOVnhLNDlRaVpleWIvSklUbnc4T0R6Qk5ac0FZCjJScStiZjhFUU95MktFNDZmNWhSN2Vhb1VsRFp3RnFYRzRkRkhzRmNkRlNhYzh5SXJJUXlNejFxVEZSanFyYjQKU2JWVjNzY0RFZ3lwUVh0Z3NHcjFVbUFwcDJCVXRVSDhHUm1BZFFJREFRQUJBb0lCQUFxTHBJWTE3blloSCtUWAp3bnRKUm0vMEpPbXZtdUJ1MXJlTjVhazNZUFF1WHp2SGRGdlVUYlVjRWdLbnNieCtVWGwwdnJ5T05xbXA2UEw3CndJRHNaT2w5RzE3L01SejUyeHl0M2dmcGVpK0FkbHlBVUNPMWwzUm1UVCt3S0F2TmQrei83MjFPT083ZDcrdGYKcGI3VnlCd1RMZlRpVXR1Vm5qeDVxTFk0SkEyS0tkdVJnZXg4R0lVcXNtQncrcms0T04xRVJFOWZKQjVveHV6bgo1VmhnU2VhaVVWVXRrYmFtYjBLNDBpTVRKSUh2bWlMTGwyTkxaeTVkSkg3MFlaQkh6bEtLaFpqY3huaXBVOURECkVpSmp2TllkUXVlMisyNlB4bENpNC8rdDNtQ015T01LcjFqZzJ0TnZrQzNMNjBzb1BCQUZ6S2VMSW41dVZLcWsKS2RmY3BrRUNnWUVBMmdVanlTa2M2dXhlQ1R5cXV2WWtudGRLRlV1eEF4TTk2SGlNZG1Sb2tQSmkzUjdvQk5SRgpuZEVLV3pGcEFBc2RnZzlEdFprK3lYTkowWGxtZUV4WEU2QnFBemtOZ1Fic0NTMG5TV1ovazFDdjdCNUdYbFRJCkxMNk5SaS9wK2NMaWxtS1d1SlE0aW5mQi9nZ3QvbXVLVDIrWDRKVFVMK2haNTlqaHZqRlBQOUVDZ1lFQXhSejAKQ3FRZVpnUGhrR2dud2JHTG9ySXo0Q3BlTWkwbStrZm9vSFdQWW12Z1AxbnFJZWh5dERvVFUzUFpjVUNSbzdVbAowZkJubGhyMXNHRWVuWlBBQlpWUnZmeWs5blNDRW9zdnBDd3RYTUFTUHZjOGZSRVRXam1nVTRKZTBMU0dxdWdGClBQQWNubDE3VC9ITXNQeWwwSUd3Sjc4ZFNtd1dGcjNiQlFJUDQyVUNnWUJjcWhpV3RHbTlFKyszLzFnVmxPN2wKc0YybGhZRmI3RDdBNHhQWWNqN2JkSm8rbjVkQURqVDBxZGU4QU5rL0VucGRRRDJvSHRWSDdEOXcwQ2VVYytZQwp5b2lrakFoSVVmZmF3cDFUSGtTVkNaTnNTVVhoYkNtVWt2MGEydHlZc3BONkZiYzRCbyt0a3M4YU9NSEx4RXVLCkRjVkF5Q0VUcDY4bTB0REg5TTlaTVFLQmdRQ2lYK1o5T1pNOUVHZHBFUlBuRUgzcHlZaklXYjU4OFFzUjA5akQKRGZUTzYvU3Yyejd2TGRBSHZXdWNMR3ZzU25kdTkxT3ZiSzI0VG44a0MrMHZlNzRNRzJSWjhGeG9GYlBzMkxHbgpPU2twSmFRaU1JS291RDlMN1Bxd3NFMncrWFdTSmszaVZCNFBLd3pnMzF4eVU3MjRWSTByUU5rOUxHckoweDR3Ck12R3ByUUtCZ0JYejVhVUIrQk8wQVBna1ZZZFo2TElIRHJod3lnc0Y4T0VYcFEzbHdkM0pIS1Y0VVpOUVQya0wKZXhZK3g3Z0FadytKTVczdmpkaVVpVzV6cjBESUlNMDF1QitQcGFRemZ3QkM2Qy8vSVUrZy9Sa1R0TlJ3NzRkaAp3QWN1azRMRWxiNTVNT1VjRlJ2d2EvWXY3NWpRK3BGOUYwa3JNS1U2bDhReEQyaFhCcjJUCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURlekNDQW1PZ0F3SUJBZ0lRYzlNU2dBY1VhcWpMdG9vYUYrdlVxREFOQmdrcWhraUc5dzBCQVFzRkFEQXoKTVRFd0x3WURWUVFERXlndlEwNDlRV1J0YVhOemFXOXVJRU52Ym5SeWIyeHNaWElnVjJWaWFHOXZheUJFWlcxdgpJRU5CTUI0WERUSXpNREV4T0RBMU1URXhPVm9YRFRJNE1ERXhPVEExTVRFeE9Wb3dMekV0TUNzR0ExVUVBeE1rCkwwTk9QV1JoZEhKbFpTMTNaV0pvYjI5ckxYTmxjblpsY2k1a1lYUnlaV1V1YzNaak1JSUJJakFOQmdrcWhraUcKOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXA5NmM3Nnk0RDJVcmxrVTZWQzJmc2crWlkvVVhVZi9Tb2RWcgpWUEVtTnMxSk1sanRmTmErdkVWVzZZakN3MkJ3NkRMQWVERnlsNklrL2I0dUxqRzhGMEhIYSt0YzJOTHNrZy8yCmFRNCszU2daTGwzdTlyZmhTQzFlMDJFTVh4dG5yMmVPNkVtRFZRNUoxQks1VkhtUGtVWDByOTJvOE11UjhmREcKK09iMU9RbzZNa2hyNVh2TVltMDJlVEZ5cC83N2pTczdSS2RGZzlxdGdVVXB4WHo1TlZ4SzQ5UWlaZXliL0pJVApudzhPRHpCTlpzQVkyUnErYmY4RVFPeTJLRTQ2ZjVoUjdlYW9VbERad0ZxWEc0ZEZIc0ZjZEZTYWM4eUlySVF5Ck16MXFURlJqcXJiNFNiVlYzc2NERWd5cFFYdGdzR3IxVW1BcHAyQlV0VUg4R1JtQWRRSURBUUFCbzRHT01JR0wKTUE0R0ExVWREd0VCL3dRRUF3SUZvREFkQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJdwpEQVlEVlIwVEFRSC9CQUl3QURBZkJnTlZIU01FR0RBV2dCVEdqclhPM0VUNlVadVJzV21OUDB6UXg2QWZkakFyCkJnTlZIUkVFSkRBaWdpQmtZWFJ5WldVdGQyVmlhRzl2YXkxelpYSjJaWEl1WkdGMGNtVmxMbk4yWXpBTkJna3EKaGtpRzl3MEJBUXNGQUFPQ0FRRUFDSThNc1hMejcyRThwOUE2MGdqVzZWdkcrdlN3ZzczQys3TDgxYUIvd0IzTwpxVnVYaVRHQmgrZmI2UlJLbzQxS25Pa0RkRlNCM0lWTHFJaHQvOU5uVHl0eWlVSFRmcEhvVGUwak1meFRXeGQ0CndVMnhLeWNRVmVBcFkzSlFpMWU4MEhZU3NFQ3NMVDBlRloxNmcyVmE0bUhvUnpHOWswTk5LL2tVc0xRL3lUMlcKUk5vWjcwV0NNdEV0MlE0eUU3NXBDdXBnc3B5b1J2SUNScjczTiszOVBVVDA2SndZSnZnaTBVQ3RjMlhVK2I5SQpVYU5TK3JSQzRFVm5qM003VVgrZVZXKzJFNXdpT3NKU1g0Z0M3S0kxcTNTcnlveXNlbVJJYXNaZjBkaENmNjI0CkE2ZmtZdGRVMmN3SzBrMVhnVC9oaHVZS2FpRDc1TjlTSWYxTGZtZklrUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K --- # Source: datree-admission-webhook/templates/cluster-scan-cronjob.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -507,7 +507,7 @@ metadata: spec: # get the current time, subtract 5 minutes, extract the minutes and inject it into the cron expression # if helm installation was done at 13:35, the cron expression will be 30 * * * *, which means the job will run at 14:30, 15:30, 16:30, etc. - schedule: "14 * * * *" # every hour, starting 55 minutes after helm installation + schedule: "06 * * * *" # every hour, starting 55 minutes after helm installation jobTemplate: spec: backoffLimit: 4 @@ -706,7 +706,7 @@ webhooks: name: datree-webhook-server namespace: datree path: "/validate" - caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVakNDQWpxZ0F3SUJBZ0lSQUl0anNlN1l6N3ZuSHVSMHExb1JtWnd3RFFZSktvWklodmNOQVFFTEJRQXcKTXpFeE1DOEdBMVVFQXhNb0wwTk9QVUZrYldsemMybHZiaUJEYjI1MGNtOXNiR1Z5SUZkbFltaHZiMnNnUkdWdApieUJEUVRBZUZ3MHlNekF4TVRJd016RTVNRFZhRncweU9EQXhNVE13TXpFNU1EVmFNRE14TVRBdkJnTlZCQU1UCktDOURUajFCWkcxcGMzTnBiMjRnUTI5dWRISnZiR3hsY2lCWFpXSm9iMjlySUVSbGJXOGdRMEV3Z2dFaU1BMEcKQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUURDcmRLdGJ4TFZ4UkZIYlF5UGZTNWpKZWdWOW1FaApUbVlsbk9ONlpSZTlFODQrY1RNRFZkeWRPSlp2UkpzeVA5YldhTFl5cGxsN1ZvbERUb2RnTm1nWCtPRDVvZys4ClR1OHozQk1YTFc5SHBvRGdLU0pGbkl3bkhXZjFaMVc5K3F4REtFYTFXNVg4dmo1c3loU2xJU0FRMWo2aDBGWGcKb25Sc1VidTBJTHI0SjR2SmhFRWx4VHBIQThGcVViZGJoalRKT2xnVm9WTWJpMTN4SlVPUmtmN1BmTmcwYmVUcApxd3p6bnlZR05zdUZlbXdOSXBNZGlxZXVIdGJ1ZHB2c0szNzc2anBweXJhcHNneFBpVEUyZmJ3cjFJMDVFWDBWCjFubm9YSGNKYi9kQlo4cmtNYzJuSVZEZXBkdXBwcUtYYnlXTlBRMmQzelNtdUtxbzdtZHFrWTBUQWdNQkFBR2oKWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDcERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSApBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVMFdOeTZkQTdFZERobUg1azBBVFZGOExXCitIQXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBRU1uRExjOXZoTkVMa1BzME5HdHMzTlp6RVQ4M2E4ODMvLzIKQm9iaXJTUThOWDhpc1A2WmYwcDRtWEtnU2dzN3FEai9qblowZFdiN2tlUDFxZnRmZktrMnNCRmUraEI2VUxQUgoycFZoQkVURXlIcktYNklnTFpUejBBcU1YWDVXemVUVTRCNlNzRXR0bTVGOWtWK1luWE85S2dNWnlzZEYxU1lQCitoOHY0QTJmUVVBSCtkcDd3ZHRzcnZxN0QzMUlaNlZkWlU3RXRzUjZJZExTYnluck15QXFHT0hyKzdxRTNqUmQKS2UxcXlTQkJRQWxSY3NWb29Ud2V3SjI0MTVENGF6WWhKa1NiQXhPK0gvaFkrb0w2UDhkeTdUbU1YQTRsNkdYVQp6T3pqMm9LRzVzRGlHVmNyM250TGpBelh0Q2ZuZHU0bUhPQTlDS0t4OGlzY1R3VVcydG89Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVakNDQWpxZ0F3SUJBZ0lSQUxKTmg1YnVYN1A0V1ZkcndXWWQzRG93RFFZSktvWklodmNOQVFFTEJRQXcKTXpFeE1DOEdBMVVFQXhNb0wwTk9QVUZrYldsemMybHZiaUJEYjI1MGNtOXNiR1Z5SUZkbFltaHZiMnNnUkdWdApieUJEUVRBZUZ3MHlNekF4TVRnd05URXhNVGxhRncweU9EQXhNVGt3TlRFeE1UbGFNRE14TVRBdkJnTlZCQU1UCktDOURUajFCWkcxcGMzTnBiMjRnUTI5dWRISnZiR3hsY2lCWFpXSm9iMjlySUVSbGJXOGdRMEV3Z2dFaU1BMEcKQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUNmUU00ZHFzaEJJL3NrYmx4WU41cDhscFFlenBzZwpzc0NiUURFSk1TWm1mQ2dCRDBab1BjeWZvaVBDa1dKVEU5c3VrcU13cEIrZHhya3E2RjdHKy8vMHp4ekV0UUg0Ck1WL0Y1c1dpR0NGM0VTT2pIcW9vRitwU09JTnB5VXJVRVZjcUFHOFovVld6YldaK24vVG9Hdm1OTkVzRmk1V1IKbHJUcm9qNGFRa2xRSmJuU09tbGNNYWE1ZE9FWFFCY3c0eEFEOHlnbzgwK1JvL2xBWE9ZcXM5alhQRFVJdXhUMwp2SzJ6NkRIc3hqZGFWTzBKbTVUclhxMXJneU1sd3NTcTk1SlNkZVZBSVRYUWh1dUxuM0xFcGc3aG8reEJGa0NJCmExaUZ4aTVyakJXN01qNHRKOWJ1YnJqSXoxeUx0WEZGUnpOeU1WTDNsM01aY2xrNVJRL0JvYWZiQWdNQkFBR2oKWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDcERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSApBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVeG82MXp0eEUrbEdia2JGcGpUOU0wTWVnCkgzWXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQ2lWSVhqREJPcXU5elR0d1FUMkFpZkJ2eFlXTWM4bXJoVnUKcWMzMnJUT0VRQ05vUkpQYkxZM01KeUFwZjJtOUxJNEN2SU1SMTIwc0ttYzRQTXE5ZzRCb291Yng0aWNsOFl1OAp1bmRuVWhmODAwSUp5YUthMittZjgzZjJmcmZXSlF1NzVMMnRrYys4WWtFWFZnR2cyazdxVXZkeThzdzRUTEZICmlPMktvVm5Xeit4R2FQb25BK09OK01lSUxDOGgrNlVNdjM5a2pTb29TV1M3amFHVDZXS2Z3aFExa1JJM2JIZS8KL05ZZHpjVkJibXJ0eFg1K1RvcmxNOSswcnoybnBwNkN5MlFSZHpuM3hKWHNGVk4wTml6V3pVZWErLzVEVndwSQpBeE1uSXBJNmpzME02cVJ4VUdZVHFOdTk1YkJSanVwQTFwVDJDZGFhYnp5NU0xK2VTaTg9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K namespaceSelector: matchExpressions: - key: admission.datree/validate From 7a89e2443703247714d0fdd2e9b5700e6517c9fd Mon Sep 17 00:00:00 2001 From: marcel-dempers Date: Tue, 7 Feb 2023 12:19:01 +1100 Subject: [PATCH 11/12] update video links --- argo/argo-cd/README.md | 3 +++ deno/README.md | 3 +++ drone-ci/README.md | 3 +++ flux/readme.md | 2 ++ github/actions/self-hosted-runner/README.md | 3 +++ golang/introduction/part-2.json/readme.md | 2 ++ golang/introduction/part-3.http/readme.md | 2 ++ golang/introduction/part-4.commandline/readme.md | 2 ++ golang/introduction/part-5.database.redis/readme.md | 2 ++ golang/introduction/readme.md | 2 ++ hashicorp/vault-2022/readme.md | 2 ++ hashicorp/vault/readme.md | 2 ++ jenkins/amazon-eks/readme.md | 2 ++ jenkins/readme.md | 2 ++ kubernetes/admissioncontrollers/introduction/README.md | 2 ++ kubernetes/autoscaling/readme.md | 4 ++++ kubernetes/autoscaling/vertical-pod-autoscaling/readme.md | 2 ++ kubernetes/cert-manager/README.md | 2 ++ kubernetes/cloud/amazon/getting-started.md | 2 ++ kubernetes/cloud/azure/getting-started.md | 2 ++ kubernetes/cloud/digitalocean/getting-started.md | 2 ++ kubernetes/cloud/google/getting-started.md | 2 ++ kubernetes/cloud/linode/getting-started.md | 2 ++ kubernetes/configmaps/README.md | 3 +++ kubernetes/daemonsets/README.md | 2 ++ kubernetes/datree/README-2023.md | 2 ++ kubernetes/datree/README.md | 2 ++ kubernetes/deployments/readme.md | 4 +++- kubernetes/helm/README.md | 2 ++ kubernetes/kubectl/README.md | 2 ++ kubernetes/kustomize/readme.md | 5 ++++- kubernetes/persistentvolume/readme.md | 2 ++ kubernetes/portainer/README.md | 2 ++ kubernetes/rancher/README.md | 2 ++ kubernetes/rbac/README.md | 3 ++- kubernetes/secrets/README.md | 3 +++ kubernetes/secrets/sealed-secrets/README.md | 2 ++ kubernetes/servicemonitors/README.md | 2 ++ kubernetes/services/README.md | 3 +++ kubernetes/shipa/README.md | 2 ++ kubernetes/statefulsets/notes.md | 2 ++ kubernetes/velero/README.md | 2 ++ messaging/kafka/README.md | 2 ++ messaging/rabbitmq/kubernetes/readme.md | 2 ++ messaging/rabbitmq/readme.md | 2 ++ monitoring/logging/fluentd/basic-demo/readme.md | 2 ++ monitoring/logging/fluentd/introduction/readme.md | 2 ++ monitoring/logging/fluentd/kubernetes/README.md | 2 ++ monitoring/logging/readme.md | 4 ++++ storage/redis/clustering/readme.md | 2 ++ storage/redis/kubernetes/readme.md | 2 ++ storage/redis/readme.md | 2 ++ tracing/README.md | 2 ++ 53 files changed, 120 insertions(+), 3 deletions(-) create mode 100644 argo/argo-cd/README.md create mode 100644 deno/README.md create mode 100644 drone-ci/README.md create mode 100644 github/actions/self-hosted-runner/README.md create mode 100644 kubernetes/configmaps/README.md create mode 100644 kubernetes/secrets/README.md create mode 100644 kubernetes/services/README.md diff --git a/argo/argo-cd/README.md b/argo/argo-cd/README.md new file mode 100644 index 0000000..90e48d6 --- /dev/null +++ b/argo/argo-cd/README.md @@ -0,0 +1,3 @@ +# Introduction to Argo CD + +introduction to argo cd diff --git a/deno/README.md b/deno/README.md new file mode 100644 index 0000000..75fd3c2 --- /dev/null +++ b/deno/README.md @@ -0,0 +1,3 @@ +# Introduction to Deno with Docker + +introduction to deno \ No newline at end of file diff --git a/drone-ci/README.md b/drone-ci/README.md new file mode 100644 index 0000000..d1b2961 --- /dev/null +++ b/drone-ci/README.md @@ -0,0 +1,3 @@ +# Introduction to Drone CI + +introduction to drone ci \ No newline at end of file diff --git a/flux/readme.md b/flux/readme.md index d63edb5..59f70b5 100644 --- a/flux/readme.md +++ b/flux/readme.md @@ -1,5 +1,7 @@ # Flux Getting Started Guide +introduction to flux cd + # 1 - Kubernetes Get a Kubernetes Cluster. In this video, I use Docker for Windows. diff --git a/github/actions/self-hosted-runner/README.md b/github/actions/self-hosted-runner/README.md new file mode 100644 index 0000000..a96b9fa --- /dev/null +++ b/github/actions/self-hosted-runner/README.md @@ -0,0 +1,3 @@ +# Introduction to GitHub Actions: Self hosted runners + +introduction to github actions runners diff --git a/golang/introduction/part-2.json/readme.md b/golang/introduction/part-2.json/readme.md index d93645d..ec1a2da 100644 --- a/golang/introduction/part-2.json/readme.md +++ b/golang/introduction/part-2.json/readme.md @@ -1,5 +1,7 @@ # Introduction to Go: JSON +introduction to Go part 2 + In programming languages, you will very often deal with data structures internally.
Sometimes, you need to pass data outside of your application or read data from another application, or even a file.
diff --git a/golang/introduction/part-3.http/readme.md b/golang/introduction/part-3.http/readme.md index a8cb1f4..81741af 100644 --- a/golang/introduction/part-3.http/readme.md +++ b/golang/introduction/part-3.http/readme.md @@ -1,5 +1,7 @@ # Introduction to Go: HTTP +introduction to Go part 3 + HTTP is a fundamental part of Microservices and Web distributed systems
Go has a built in HTTP web server package. The package can be found [here](https://golang.org/pkg/net/http/)
diff --git a/golang/introduction/part-4.commandline/readme.md b/golang/introduction/part-4.commandline/readme.md index 5a29a50..4aab884 100644 --- a/golang/introduction/part-4.commandline/readme.md +++ b/golang/introduction/part-4.commandline/readme.md @@ -1,5 +1,7 @@ # Introduction to Go: Command Line +introduction to Go part 4 + Command line apps are a fundamental part of software development
Go has a built in Commandline parser package. The package can be found [here](https://golang.org/pkg/flag/)
diff --git a/golang/introduction/part-5.database.redis/readme.md b/golang/introduction/part-5.database.redis/readme.md index 125dddc..905034c 100644 --- a/golang/introduction/part-5.database.redis/readme.md +++ b/golang/introduction/part-5.database.redis/readme.md @@ -1,5 +1,7 @@ # Introduction to Go: Storing data in Redis Database +introduction to Go part 5 + Up until now, we've learned the fundamentals of Go and built a small web microservice that handles our video data. Our service has a `/` `GET` endpoint for returning all videos, as well as a simple `/update` endpoint for updating our list of videos. diff --git a/golang/introduction/readme.md b/golang/introduction/readme.md index 41bdf9a..630121f 100644 --- a/golang/introduction/readme.md +++ b/golang/introduction/readme.md @@ -1,5 +1,7 @@ # Introduction to Learning Go +introduction to Go part 1 + Go can be downloaded from [golang.org](https://golang.org/doc/install)
Test your `go` installation: diff --git a/hashicorp/vault-2022/readme.md b/hashicorp/vault-2022/readme.md index 12bd9cf..dbd8da3 100644 --- a/hashicorp/vault-2022/readme.md +++ b/hashicorp/vault-2022/readme.md @@ -1,5 +1,7 @@ # Hashicorp Vault Guide +introduction hashicorp vault + Requirements: * Kubernetes 1.21 diff --git a/hashicorp/vault/readme.md b/hashicorp/vault/readme.md index 5939154..35426bb 100644 --- a/hashicorp/vault/readme.md +++ b/hashicorp/vault/readme.md @@ -1,5 +1,7 @@ # Hashicorp Vault Guide - Deprecated +introduction to vault + # Vault For this tutorial, I use Kubernetes 1.17 diff --git a/jenkins/amazon-eks/readme.md b/jenkins/amazon-eks/readme.md index de4f1ed..137f657 100644 --- a/jenkins/amazon-eks/readme.md +++ b/jenkins/amazon-eks/readme.md @@ -1,5 +1,7 @@ # Jenkins on Amazon Kubernetes +jenkins eks + ## Create a cluster Follow my Introduction to Amazon EKS for beginners guide, to create a cluster
diff --git a/jenkins/readme.md b/jenkins/readme.md index 7bb70ea..6502bca 100644 --- a/jenkins/readme.md +++ b/jenkins/readme.md @@ -5,6 +5,8 @@ For running Jenkins on AMAZON, start [here](./amazon-eks/readme.md) # Jenkins on Local (Docker Windows \ Minikube \ etc) +jenkins + For running Jenkins on Local Docker for Windows or Minikube
Watch the [video](https://youtu.be/eRWIJGF3Y2g) diff --git a/kubernetes/admissioncontrollers/introduction/README.md b/kubernetes/admissioncontrollers/introduction/README.md index 5249a22..3a6a38e 100644 --- a/kubernetes/admissioncontrollers/introduction/README.md +++ b/kubernetes/admissioncontrollers/introduction/README.md @@ -2,6 +2,8 @@ [Admission Webhook](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#what-are-admission-webhooks) +Kubernetes Admission Controllers +
## Installation (local) diff --git a/kubernetes/autoscaling/readme.md b/kubernetes/autoscaling/readme.md index b2d357b..a973942 100644 --- a/kubernetes/autoscaling/readme.md +++ b/kubernetes/autoscaling/readme.md @@ -6,10 +6,14 @@ Cluster autoscaler allows us to scale cluster nodes when they become full
I would recommend to learn about scaling your cluster nodes before scaling pods.
Video [here](https://youtu.be/jM36M39MA3I) +Kubernetes cluster auto scaling + ## Horizontal Pod Autoscaling HPA allows us to scale pods when their resource utilisation goes over a threshold
+Pod auto scaling + ## Requirements ### A Cluster diff --git a/kubernetes/autoscaling/vertical-pod-autoscaling/readme.md b/kubernetes/autoscaling/vertical-pod-autoscaling/readme.md index ed210cc..605398a 100644 --- a/kubernetes/autoscaling/vertical-pod-autoscaling/readme.md +++ b/kubernetes/autoscaling/vertical-pod-autoscaling/readme.md @@ -1,5 +1,7 @@ # Vertical Pod Autoscaling +vertical auto scaling + ## We need a Kubernetes cluster Lets create a Kubernetes cluster to play with using [kind](https://kind.sigs.k8s.io/docs/user/quick-start/) diff --git a/kubernetes/cert-manager/README.md b/kubernetes/cert-manager/README.md index 951bd73..6ce4ae2 100644 --- a/kubernetes/cert-manager/README.md +++ b/kubernetes/cert-manager/README.md @@ -1,5 +1,7 @@ # Introduction to cert-manager for Kubernetes +introduction to certmanager + ## We need a Kubernetes cluster Lets create a Kubernetes cluster to play with using [kind](https://kind.sigs.k8s.io/docs/user/quick-start/) diff --git a/kubernetes/cloud/amazon/getting-started.md b/kubernetes/cloud/amazon/getting-started.md index 05e4245..41904ed 100644 --- a/kubernetes/cloud/amazon/getting-started.md +++ b/kubernetes/cloud/amazon/getting-started.md @@ -1,5 +1,7 @@ # Getting Started with EKS +k8s-eks + ## Amazon CLI ``` diff --git a/kubernetes/cloud/azure/getting-started.md b/kubernetes/cloud/azure/getting-started.md index 99e7bea..cdd924d 100644 --- a/kubernetes/cloud/azure/getting-started.md +++ b/kubernetes/cloud/azure/getting-started.md @@ -1,5 +1,7 @@ # Getting Started with AKS +k8s-aks + ## Azure CLI ``` diff --git a/kubernetes/cloud/digitalocean/getting-started.md b/kubernetes/cloud/digitalocean/getting-started.md index cc8e9f3..ddabeb0 100644 --- a/kubernetes/cloud/digitalocean/getting-started.md +++ b/kubernetes/cloud/digitalocean/getting-started.md @@ -1,5 +1,7 @@ # Getting Started with DGO +k8s-do + ## Trial Account Coupon Link to get $100 credit for 60 days:
diff --git a/kubernetes/cloud/google/getting-started.md b/kubernetes/cloud/google/getting-started.md index bc7e3f6..ea95160 100644 --- a/kubernetes/cloud/google/getting-started.md +++ b/kubernetes/cloud/google/getting-started.md @@ -1,5 +1,7 @@ # Getting Started with GKE +k8s-gke + ## Google Cloud CLI https://hub.docker.com/r/google/cloud-sdk/ diff --git a/kubernetes/cloud/linode/getting-started.md b/kubernetes/cloud/linode/getting-started.md index 915e88c..587f82b 100644 --- a/kubernetes/cloud/linode/getting-started.md +++ b/kubernetes/cloud/linode/getting-started.md @@ -1,5 +1,7 @@ # Getting Started with Linode +k8s-linode + ## Trial Account Promo Link to get $20 credit to try out Linode:
diff --git a/kubernetes/configmaps/README.md b/kubernetes/configmaps/README.md new file mode 100644 index 0000000..b343030 --- /dev/null +++ b/kubernetes/configmaps/README.md @@ -0,0 +1,3 @@ +# Introduction to Kubernetes: Configmaps + +k8s-cm \ No newline at end of file diff --git a/kubernetes/daemonsets/README.md b/kubernetes/daemonsets/README.md index 5791faf..b8b6e5b 100644 --- a/kubernetes/daemonsets/README.md +++ b/kubernetes/daemonsets/README.md @@ -1,5 +1,7 @@ # Kubernetes Daemonsets +k8s-daemonset + ## We need a Kubernetes cluster Lets create a Kubernetes cluster to play with using [kind](https://kind.sigs.k8s.io/docs/user/quick-start/)
diff --git a/kubernetes/datree/README-2023.md b/kubernetes/datree/README-2023.md index a0c044e..894177a 100644 --- a/kubernetes/datree/README-2023.md +++ b/kubernetes/datree/README-2023.md @@ -1,6 +1,8 @@ # Whats new 👉🏽 Datree in 2023 +Kubernetes Guide + ## Create a Kubernetes cluster Let's start by creating a local `kind` [cluster](https://kind.sigs.k8s.io/) diff --git a/kubernetes/datree/README.md b/kubernetes/datree/README.md index d905875..10fd8ac 100644 --- a/kubernetes/datree/README.md +++ b/kubernetes/datree/README.md @@ -1,6 +1,8 @@ # Introduction to Datree +Kubernetes Guide + ## Installation Best place to start is the [documentation](https://hub.datree.io/) diff --git a/kubernetes/deployments/readme.md b/kubernetes/deployments/readme.md index e570fe3..d59a685 100644 --- a/kubernetes/deployments/readme.md +++ b/kubernetes/deployments/readme.md @@ -1,4 +1,6 @@ -# Deployments +# Introduction to Kubernetes: Deployments + +k8s-deployments Build an example app: diff --git a/kubernetes/helm/README.md b/kubernetes/helm/README.md index 8a722b7..cc635a0 100644 --- a/kubernetes/helm/README.md +++ b/kubernetes/helm/README.md @@ -1,5 +1,7 @@ # Introduction to Helm +k8s-helm + ## We need a Kubernetes cluster Lets create a Kubernetes cluster to play with using [kind](https://kind.sigs.k8s.io/docs/user/quick-start/) diff --git a/kubernetes/kubectl/README.md b/kubernetes/kubectl/README.md index 014eeb2..723c151 100644 --- a/kubernetes/kubectl/README.md +++ b/kubernetes/kubectl/README.md @@ -1,5 +1,7 @@ # Introduction to KUBECTL +k8s-kubectl + To start off this tutorial, we will be using [kind](https://kind.sigs.k8s.io/) to create our test cluster.
You can use `minikube` or any Kubernetes cluster.
diff --git a/kubernetes/kustomize/readme.md b/kubernetes/kustomize/readme.md index ed4b345..0dd2884 100644 --- a/kubernetes/kustomize/readme.md +++ b/kubernetes/kustomize/readme.md @@ -1,5 +1,8 @@ - # The Basics + +k8s-kustomize + + ``` kubectl apply -f kubernetes/kustomize/application/namespace.yaml diff --git a/kubernetes/persistentvolume/readme.md b/kubernetes/persistentvolume/readme.md index 41be817..0a4a175 100644 --- a/kubernetes/persistentvolume/readme.md +++ b/kubernetes/persistentvolume/readme.md @@ -1,5 +1,7 @@ # Persistent Volumes Demo +k8s-pv + ## Container Storage By default containers store their data on the file system like any other process. diff --git a/kubernetes/portainer/README.md b/kubernetes/portainer/README.md index 906654b..fec505c 100644 --- a/kubernetes/portainer/README.md +++ b/kubernetes/portainer/README.md @@ -1,5 +1,7 @@ # Introduction to Portainer +k8s-portainer + Start here 👉🏽[https://www.portainer.io/](https://www.portainer.io/)
Documentation 👉🏽[https://docs.portainer.io/](https://docs.portainer.io/) diff --git a/kubernetes/rancher/README.md b/kubernetes/rancher/README.md index c27ae9c..5462ad5 100644 --- a/kubernetes/rancher/README.md +++ b/kubernetes/rancher/README.md @@ -1,5 +1,7 @@ # Introduction to Rancher: On-prem Kubernetes +k8s-rancher + This guide follows the general instructions of running a [manual rancher install](https://rancher.com/docs/rancher/v2.5/en/quick-start-guide/deployment/quickstart-manual-setup/) and running our own infrastructure on Hyper-v # Hyper-V : Prepare our infrastructure diff --git a/kubernetes/rbac/README.md b/kubernetes/rbac/README.md index e1531ad..0fa33f0 100644 --- a/kubernetes/rbac/README.md +++ b/kubernetes/rbac/README.md @@ -1,7 +1,8 @@ # Introduction to Kubernetes: RBAC -## Create Kubernetes cluster +k8s-rbac +## Create Kubernetes cluster ``` kind create cluster --name rbac --image kindest/node:v1.20.2 diff --git a/kubernetes/secrets/README.md b/kubernetes/secrets/README.md new file mode 100644 index 0000000..08ca214 --- /dev/null +++ b/kubernetes/secrets/README.md @@ -0,0 +1,3 @@ +# Introduction to Kubernetes: Secrets + +k8s-secrets \ No newline at end of file diff --git a/kubernetes/secrets/sealed-secrets/README.md b/kubernetes/secrets/sealed-secrets/README.md index 62f905b..0ebfd55 100644 --- a/kubernetes/secrets/sealed-secrets/README.md +++ b/kubernetes/secrets/sealed-secrets/README.md @@ -1,5 +1,7 @@ # Introduction to Sealed Secrets +k8s-sealedsecrets + Checkout the [Sealed Secrets GitHub Repo](https://github.com/bitnami-labs/sealed-secrets)
There are a number of use-cases where this is a really great concept.
diff --git a/kubernetes/servicemonitors/README.md b/kubernetes/servicemonitors/README.md index d6aed8e..cd4dbb1 100644 --- a/kubernetes/servicemonitors/README.md +++ b/kubernetes/servicemonitors/README.md @@ -1,5 +1,7 @@ # Introduction to Service Monitors +k8s-servicemonitors + In order to understand service monitors, we will need to understand how to monitor kubernetes environment.
You will need a base understanding of Kubernetes and have a basic understanding of the `kube-prometheus` monitoring stack.
diff --git a/kubernetes/services/README.md b/kubernetes/services/README.md new file mode 100644 index 0000000..cb27d7f --- /dev/null +++ b/kubernetes/services/README.md @@ -0,0 +1,3 @@ +# Introduction to Kubernetes: Services + +k8s-services \ No newline at end of file diff --git a/kubernetes/shipa/README.md b/kubernetes/shipa/README.md index ea657ec..4f9fce9 100644 --- a/kubernetes/shipa/README.md +++ b/kubernetes/shipa/README.md @@ -1,5 +1,7 @@ # Introduction to Shipa +shipa + ## We need a Kubernetes cluster To get the most out of Shipa, I'll be using real Cloud Provider Kubernetes as well as a local
diff --git a/kubernetes/statefulsets/notes.md b/kubernetes/statefulsets/notes.md index 5c89a17..5f2e9fe 100644 --- a/kubernetes/statefulsets/notes.md +++ b/kubernetes/statefulsets/notes.md @@ -1,4 +1,6 @@ +k8s-sts + # Create a namespace ``` diff --git a/kubernetes/velero/README.md b/kubernetes/velero/README.md index fa94e95..15646af 100644 --- a/kubernetes/velero/README.md +++ b/kubernetes/velero/README.md @@ -1,5 +1,7 @@ # Introduction to Velero +k8s-velero + ## We need a Kubernetes cluster Lets create a Kubernetes cluster to play with using [kind](https://kind.sigs.k8s.io/docs/user/quick-start/) diff --git a/messaging/kafka/README.md b/messaging/kafka/README.md index d5d8017..f0e3d5d 100644 --- a/messaging/kafka/README.md +++ b/messaging/kafka/README.md @@ -1,5 +1,7 @@ # Introduction to Kafka +kafka-intro + Official [Docs](https://kafka.apache.org/) ## Building a Docker file diff --git a/messaging/rabbitmq/kubernetes/readme.md b/messaging/rabbitmq/kubernetes/readme.md index e4da339..de9903b 100644 --- a/messaging/rabbitmq/kubernetes/readme.md +++ b/messaging/rabbitmq/kubernetes/readme.md @@ -1,5 +1,7 @@ # RabbitMQ on Kubernetes +rabbitmq-k8s + Create a cluster with [kind](https://kind.sigs.k8s.io/docs/user/quick-start/) ``` diff --git a/messaging/rabbitmq/readme.md b/messaging/rabbitmq/readme.md index 06aaf98..4ca8e5b 100644 --- a/messaging/rabbitmq/readme.md +++ b/messaging/rabbitmq/readme.md @@ -1,5 +1,7 @@ # RabbitMQ +rabbitmq-intro + Docker image over [here](https://hub.docker.com/_/rabbitmq) ``` # run a standalone instance diff --git a/monitoring/logging/fluentd/basic-demo/readme.md b/monitoring/logging/fluentd/basic-demo/readme.md index 6915e65..a791be9 100644 --- a/monitoring/logging/fluentd/basic-demo/readme.md +++ b/monitoring/logging/fluentd/basic-demo/readme.md @@ -1,5 +1,7 @@ # Fluentd basic demo +fluentd-intro + Check out the [video](https://youtu.be/MMVdkzeQ848) In my video: Introduction to logging
I run fluentd locally
diff --git a/monitoring/logging/fluentd/introduction/readme.md b/monitoring/logging/fluentd/introduction/readme.md index 53631ac..c23ae59 100644 --- a/monitoring/logging/fluentd/introduction/readme.md +++ b/monitoring/logging/fluentd/introduction/readme.md @@ -1,5 +1,7 @@ # Introduction to Fluentd +fluentd-intro + ## Collecting logs from files Reading logs from a file we need an application that writes logs to a file.
diff --git a/monitoring/logging/fluentd/kubernetes/README.md b/monitoring/logging/fluentd/kubernetes/README.md index 34e0fdc..a3cdd97 100644 --- a/monitoring/logging/fluentd/kubernetes/README.md +++ b/monitoring/logging/fluentd/kubernetes/README.md @@ -1,5 +1,7 @@ # Introduction to Fluentd on Kubernetes +fluentd-k8s + ## Prerequisites You will need a basic understanding of Fluentd before you attempt to run it on Kubernetes.
diff --git a/monitoring/logging/readme.md b/monitoring/logging/readme.md index 5fbe28d..05ef174 100644 --- a/monitoring/logging/readme.md +++ b/monitoring/logging/readme.md @@ -2,6 +2,8 @@ ## Logging Basics +logging-intro + * Standardised Logging * Centralised Logging @@ -9,6 +11,8 @@ ## Introduction to Fluentd +fluentd-intro + * What is fluentd * Configuration * Plugins diff --git a/storage/redis/clustering/readme.md b/storage/redis/clustering/readme.md index 6d7b3c3..091bac4 100644 --- a/storage/redis/clustering/readme.md +++ b/storage/redis/clustering/readme.md @@ -1,6 +1,8 @@ ## Replication +redis-cluster + Documentation [here](https://redis.io/topics/replication) ### Configuration diff --git a/storage/redis/kubernetes/readme.md b/storage/redis/kubernetes/readme.md index 7ec8171..5dbdb2e 100644 --- a/storage/redis/kubernetes/readme.md +++ b/storage/redis/kubernetes/readme.md @@ -1,5 +1,7 @@ # Redis on Kubernetes +redis-k8s + Create a cluster with [kind](https://kind.sigs.k8s.io/docs/user/quick-start/) ``` diff --git a/storage/redis/readme.md b/storage/redis/readme.md index 12a0511..7700f6f 100644 --- a/storage/redis/readme.md +++ b/storage/redis/readme.md @@ -1,5 +1,7 @@ # Redis +redis-intro + ## Docker Docker image over [here](https://hub.docker.com/_/redis) diff --git a/tracing/README.md b/tracing/README.md index 57025d9..43f879b 100644 --- a/tracing/README.md +++ b/tracing/README.md @@ -1,5 +1,7 @@ # Introduction to Distributed Tracing +tracing-intro + In this episode we take a look at distributed tracing. We'll take a look at the concept, what distributed tracing is, what problems it solves, how to emit traces and the platform architecture to collect traces. From 812f2c141c9e7aa0982fd8ca51622f752a6974a5 Mon Sep 17 00:00:00 2001 From: marcel-dempers Date: Thu, 9 Mar 2023 13:03:40 +1100 Subject: [PATCH 12/12] postgres config files for part 2 --- .../postgresql/2-configuration/README.md | 189 ++++++++++++++++++ .../2-configuration/config/pg_hba.conf | 15 ++ .../2-configuration/config/pg_ident.conf | 42 ++++ .../2-configuration/config/postgresql.conf | 27 +++ .../2-configuration/docker-compose.yaml | 21 ++ 5 files changed, 294 insertions(+) create mode 100644 storage/databases/postgresql/2-configuration/README.md create mode 100644 storage/databases/postgresql/2-configuration/config/pg_hba.conf create mode 100644 storage/databases/postgresql/2-configuration/config/pg_ident.conf create mode 100644 storage/databases/postgresql/2-configuration/config/postgresql.conf create mode 100644 storage/databases/postgresql/2-configuration/docker-compose.yaml diff --git a/storage/databases/postgresql/2-configuration/README.md b/storage/databases/postgresql/2-configuration/README.md new file mode 100644 index 0000000..566a451 --- /dev/null +++ b/storage/databases/postgresql/2-configuration/README.md @@ -0,0 +1,189 @@ +# How to configure PostgreSQL + +This is part 2 of our PostgreSQL series.
+In this chapter, we learn about fundamentals of the Postgres configuration.
+ +Many people make the mistakes of relying directly on Kubernetes PostgreSQL controllers +and Helm charts without having any understanding of Databases.
+ +Let's start where we left off, and review our simple PostgreSQL database: + +## Run a simple PostgreSQL database (docker) + +``` +cd storage/databases/postgresql/2-configuration +docker run -it --rm --name postgres ` + -e POSTGRES_PASSWORD=admin123 ` + -v ${PWD}/pgdata:/var/lib/postgresql/data ` + -p 5000:5432 ` + postgres:15.0 +``` + +## Environment Variables + +Many settings can be specified using environment variables.
+I generally recommend not relying on default values and set most of the settings +possible.
+ +I personally prefer most or all settings in a configuration file, so it can be committed to source control.
+This is where Environment variables are great because we can inject secrets there +and keep passwords out of our configuration files and out of source control.
+ +This will be important in Kubernetes later on.
+ +We will not learn all or even most of the configurations in this chapter, as PostgreSQL has a lot of depth. So we will only learn what we need, one step at a time.
+ +Let's take a look at some basic configurations [here](https://hub.docker.com/_/postgres) + +Let's set a few things here: + +| Environment Variable | Meaning | +|----------------------|---------| +| POSTGRES_USER | Username for the Postgres Admin | +| POSTGRES_PASSWORD | Password for the Postgres Admin | +| POSTGRES_DB | Default database for your Postgres Server | +| PGDATA | Path where data is stored | + + +## Configuration files + +If we take a look at our `docker` mount that we defined in our `docker run` command:
+ +`-v ${PWD}/pgdata:/var/lib/postgresql/data `
+ +The `{PWD}/pgdata` folder that we have mounted contains not only data, but some default configuration files that we can explore.
+ +Three files are important here: + + + +|Configuration file | Meaning | Documentation +|----------------------|---------|-------| +| pg_hba.conf | Host Based Authentication file | [Official Documentation](https://www.postgresql.org/docs/current/auth-pg-hba-conf.html) | +| pg_ident.conf | User Mappings file | [Official Documentation](https://www.postgresql.org/docs/current/auth-username-maps.html) +| postgresql.conf | PostgreSQL main configuraiton | + +## The pg_hba.conf File + +We'll start this guide with the host based authentication file.
+This file is automatically created in the data directory as we see.
+We should create a copy of this file and configure it ourselves.
+ +It controls who can access our PostgreSQL server.
+Let's refer to the official documentation as well as walk through the config.
+The config file itself has a great description of the contents.
+ +As mentioned in the previous chapter, it's always good not to rely on default configurations. So let's create our own `pg_hba.conf` file.
+ +We can grab the content from the default configuration and we may edit it as we go. + +``` +# TYPE DATABASE USER ADDRESS METHOD + +# "local" is for Unix domain socket connections only +local all all trust +# IPv4 local connections: +host all all 127.0.0.1/32 trust +# IPv6 local connections: +host all all ::1/128 trust +# Allow replication connections from localhost, by a user with the +# replication privilege. +local replication all trust +host replication all 127.0.0.1/32 trust +host replication all ::1/128 trust + +host all all all scram-sha-256 +``` + +## The pg_ident.conf File + +This config file is a mapping file between system users and database users.
+Let's refer to the official documentation and walk through the config.
+This is not a feature that we will need in this series, so we will skip this config for the time being.
+ +## The postgresql.conf File + +This configuration file is the main one for PostgreSQL.
+As you can see this is a large file with in-depth tuning and customization capability.
+ +### File Locations + +Let's set our data directory locations as well as config file locations
+Our volume mount path in the container is also short and simple.
+Note that we also split config from data so we have separate paths : + +``` +data_directory = '/data' +hba_file = '/config/pg_hba.conf' +ident_file = '/config/pg_ident.conf' +``` + +### Connection and Authentication + +The shared_buffers parameter determines how much memory is dedicated to the server for caching data. The value should be set to 15% to 25% of the machine's total RAM. For example: if your machine's RAM size is 32 GB, then the recommended value for shared_buffers is 8 GB
+ +We will take a look at `WAL` (Write Ahead Log), Archiving, Primary, and Standby configurations in a future chapter on replication
+ +``` +port = 5432 +listen_addresses = '*' +max_connections = 100 +shared_buffers = 128MB +dynamic_shared_memory_type = posix +max_wal_size = 1GB +min_wal_size = 80MB +log_timezone = 'Etc/UTC' +datestyle = 'iso, mdy' +timezone = 'Etc/UTC' + +#locale settings +lc_messages = 'en_US.utf8' # locale for system error message +lc_monetary = 'en_US.utf8' # locale for monetary formatting +lc_numeric = 'en_US.utf8' # locale for number formatting +lc_time = 'en_US.utf8' # locale for time formatting + +default_text_search_config = 'pg_catalog.english' + +``` + +We can also include other configurations from other locations with the `include_dir` and `include` options.
+We will skip these for the sake of keeping things simple.
+Nested configurations can over complicate a setup and makes it hard to troubleshoot when issues occur.
+ +### Specifying Custom Configuration + +If we run on Linux, we need to ensure that the `postgres` user which has a user ID of `999` by default, should have access to the configuration files.
+ +``` +sudo chown 999:999 config/postgresql.conf +sudo chown 999:999 config/pg_hba.conf +sudo chown 999:999 config/pg_ident.conf +``` + +There is another important gotcha here.
+The `PGDATA` variable tells PostgreSQL where our data directory is.
+Similarly, we've learnt that our configuration file also has `data_directory` which tells PostgreSQL the same.
+ +However, the latter is only read by PostgreSQL after initialization has occurred.
+PostgreSQL's initialization phase sets up directory permissions on the data directory.
+If we leave out `PGDATA`, then we will get errors that the data directory is invalid.
+Hence `PGDATA` is important here.
+ +## Running our PostgreSQL + +Finally, we can run our database with our custom configuration files: + +``` +docker run -it --rm --name postgres ` +-e POSTGRES_USER=postgresadmin ` +-e POSTGRES_PASSWORD=admin123 ` +-e POSTGRES_DB=postgresdb ` +-e PGDATA="/data" ` +-v ${PWD}/pgdata:/data ` +-v ${PWD}/config:/config ` +-p 5000:5432 ` +postgres:15.0 -c 'config_file=/config/postgresql.conf' +``` + +That's it for chapter two!
+In [chapter 3](../3-replication/README.md), we will take a look at Replication and how to replicate our data to another PostgreSQL instance for better availability. \ No newline at end of file diff --git a/storage/databases/postgresql/2-configuration/config/pg_hba.conf b/storage/databases/postgresql/2-configuration/config/pg_hba.conf new file mode 100644 index 0000000..8a28f88 --- /dev/null +++ b/storage/databases/postgresql/2-configuration/config/pg_hba.conf @@ -0,0 +1,15 @@ +# TYPE DATABASE USER ADDRESS METHOD + +# "local" is for Unix domain socket connections only +local all all trust +# IPv4 local connections: +host all all 127.0.0.1/32 trust +# IPv6 local connections: +host all all ::1/128 trust +# Allow replication connections from localhost, by a user with the +# replication privilege. +local replication all trust +host replication all 127.0.0.1/32 trust +host replication all ::1/128 trust + +host all all all scram-sha-256 diff --git a/storage/databases/postgresql/2-configuration/config/pg_ident.conf b/storage/databases/postgresql/2-configuration/config/pg_ident.conf new file mode 100644 index 0000000..a5870e6 --- /dev/null +++ b/storage/databases/postgresql/2-configuration/config/pg_ident.conf @@ -0,0 +1,42 @@ +# PostgreSQL User Name Maps +# ========================= +# +# Refer to the PostgreSQL documentation, chapter "Client +# Authentication" for a complete description. A short synopsis +# follows. +# +# This file controls PostgreSQL user name mapping. It maps external +# user names to their corresponding PostgreSQL user names. Records +# are of the form: +# +# MAPNAME SYSTEM-USERNAME PG-USERNAME +# +# (The uppercase quantities must be replaced by actual values.) +# +# MAPNAME is the (otherwise freely chosen) map name that was used in +# pg_hba.conf. SYSTEM-USERNAME is the detected user name of the +# client. PG-USERNAME is the requested PostgreSQL user name. The +# existence of a record specifies that SYSTEM-USERNAME may connect as +# PG-USERNAME. +# +# If SYSTEM-USERNAME starts with a slash (/), it will be treated as a +# regular expression. Optionally this can contain a capture (a +# parenthesized subexpression). The substring matching the capture +# will be substituted for \1 (backslash-one) if present in +# PG-USERNAME. +# +# Multiple maps may be specified in this file and used by pg_hba.conf. +# +# No map names are defined in the default configuration. If all +# system user names and PostgreSQL user names are the same, you don't +# need anything in this file. +# +# This file is read on server startup and when the postmaster receives +# a SIGHUP signal. If you edit the file on a running system, you have +# to SIGHUP the postmaster for the changes to take effect. You can +# use "pg_ctl reload" to do that. + +# Put your actual configuration here +# ---------------------------------- + +# MAPNAME SYSTEM-USERNAME PG-USERNAME diff --git a/storage/databases/postgresql/2-configuration/config/postgresql.conf b/storage/databases/postgresql/2-configuration/config/postgresql.conf new file mode 100644 index 0000000..6b49304 --- /dev/null +++ b/storage/databases/postgresql/2-configuration/config/postgresql.conf @@ -0,0 +1,27 @@ +# ----------------------------- +# PostgreSQL configuration file +# ----------------------------- +# + +data_directory = '/data' +hba_file = '/config/pg_hba.conf' +ident_file = '/config/pg_ident.conf' + +port = 5432 +listen_addresses = '*' +max_connections = 100 +shared_buffers = 128MB +dynamic_shared_memory_type = posix +max_wal_size = 1GB +min_wal_size = 80MB +log_timezone = 'Etc/UTC' +datestyle = 'iso, mdy' +timezone = 'Etc/UTC' + +#locale settings +lc_messages = 'en_US.utf8' # locale for system error message +lc_monetary = 'en_US.utf8' # locale for monetary formatting +lc_numeric = 'en_US.utf8' # locale for number formatting +lc_time = 'en_US.utf8' # locale for time formatting + +default_text_search_config = 'pg_catalog.english' \ No newline at end of file diff --git a/storage/databases/postgresql/2-configuration/docker-compose.yaml b/storage/databases/postgresql/2-configuration/docker-compose.yaml new file mode 100644 index 0000000..927a4df --- /dev/null +++ b/storage/databases/postgresql/2-configuration/docker-compose.yaml @@ -0,0 +1,21 @@ +version: '3.1' +services: + db: + container_name: postgres + image: postgres:15.0 + command: "postgres -c config_file=/config/postgresql.conf" + environment: + POSTGRES_USER: "postgresadmin" + POSTGRES_PASSWORD: "admin123" + POSTGRES_DB: "postgresdb" + PGDATA: "/data" + volumes: + - ./pgdata:/data + - ./config:/config/ + ports: + - 5000:5432 + adminer: + image: adminer + restart: always + ports: + - 8080:8080 \ No newline at end of file