Simplest Kubewarden policy written using Go.
To be compiled with TinyGo:
tinygo build -o policy.wasm -target=wasi -no-debug .
For more details: https://github.com/kubewarden/go-policy-template
Simplest Kubewarden policy written using Go.
To be compiled with TinyGo:
tinygo build -o policy.wasm -target=wasi -no-debug .
For more details: https://github.com/kubewarden/go-policy-template
28789: target/release/wasmtime-provider-memory | |
Address Perm Offset Device Inode Size Rss Pss Referenced Anonymous LazyFree ShmemPmdMapped FilePmdMapped Shared_Hugetlb Private_Hugetlb Swap SwapPss Locked THPeligible Mapping | |
5654b4238000 r-xp 00000000 fe:02 584900893 9532 6048 6048 6048 0 0 0 0 0 0 0 0 0 0 /home/flavio/hacking/wasm/wapc/wasmtime-provider-memory/target/release/wasmtime-provider-memory | |
5654b4b87000 r--p 0094f000 fe:02 584900893 280 280 280 280 280 0 0 0 0 0 0 0 0 0 /home/flavio/hacking/wasm/wapc/wasmtime-provider-memory/target/release/wasmtime-provider-memory | |
5654b4bcd000 rw-p 00995000 fe:02 584900893 8 8 8 8 8 0 0 0 0 0 0 0 0 0 /home/flavio/ha |
*.wasm |
This is a set of files that can be used to reproduce an issue I'm facing with rustls.
This is the current setup:
*.suse
(yeah this is bad from a security POV)I've a simple program that uses reqwest to perform a GET request against a HTTPS server that uses this certificate.
The server FQDN is registry01.suse
.
module github.com/flavio/container-image-name | |
go 1.16 | |
require ( | |
github.com/docker/distribution v2.7.1+incompatible | |
github.com/opencontainers/go-digest v1.0.0 // indirect | |
) |
use oci_distribution::{ParseError, Reference}; | |
use std::str::FromStr; | |
use url::Url; | |
fn build_oci_reference(url: Url) -> Result<Reference, ParseError> { | |
Reference::from_str( | |
url.as_ref() | |
.strip_prefix("registry://") | |
.unwrap_or_else(|| url.as_ref()), | |
) |
Running `target/release/kwctl -v run --settings-json '{"allowed_capabilities": ["CHOWN"]}' -r ../psp-capabilities/test_data/req_pod_with_container_with_capabilities_added.json ../psp-capabilities/target/wasm32-unknown-unknown/release/psp_capabilities.wasm` | |
Jun 27 15:06:21.457 INFO validate{self=PolicyEvaluator { settings: Some({"allowed_capabilities": Array([String("CHOWN")])}) } request="{\"uid\":\"1299d386-525b-4032-98ae-1949f69f9cfc\",\"kind\":{\"group\":\"\",\"version\":\"v1\",\"kind\":\"Pod\"},\"resource\":{\"group\":\"\",\"version\":\"v1\",\"resource\":\"pods\"},\"requestKind\":{\"group\":\"\",\"version\":\"v1\",\"kind\":\"Pod\"},\"requestResource\":{\"group\":\"\",\"version\":\"v1\",\"resource\":\"pods\"},\"name\":\"nginx\",\"namespace\":\"default\",\"operation\":\"CREATE\",\"userInfo\":{\"username\":\"kubernetes-admin\",\"groups\":[\"system:masters\",\"system:authenticated\"]},\"object\":{\"kind\":\"Pod\",\"apiVersion\":\"v1\",\"metadata\":{\"name\":\"nginx\",\"namespace\":\"default\",\"uid\":\"04dc7 |
The v0.2.0 release of kubewarden-controller introduces a new version of the ClusterAdmissionPolicy
custom resource.
Starting from this release, only ClusterAdmissionPolicy
of version v1alpha2
are going to be reconciled by the controller.
This section describes how to migrate a kubewarden deployment from v0.1.4
to
v0.2.0
.
provider "libvirt" { │··························· | |
uri = "qemu:///system" │··························· | |
} │··························· | |
│··························· | |
resource "libvirt_cloudinit" "disk" { |
package main | |
import ( | |
"fmt" | |
"github.com/imdario/mergo" | |
"gopkg.in/yaml.v2" | |
) | |
type UserData struct { |