Skip to content

Commit 762e89a

Browse files
committed
Integrated notes from 20241112
1 parent 0ec42d0 commit 762e89a

File tree

46 files changed

+427
-208
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

46 files changed

+427
-208
lines changed

.editorconfig

+16
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
# EditorConfig is awesome: https://editorconfig.org
2+
3+
# top-most EditorConfig file
4+
root = true
5+
6+
[*]
7+
end_of_line = lf
8+
insert_final_newline = true
9+
indent_style = space
10+
indent_size = 4
11+
12+
[*.yaml,*.yml,*.json]
13+
indent_size = 2
14+
15+
[Makefile]
16+
indent_style = tab

120_kubernetes/identity/slides.md

+23
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
## Workload Identity
2+
3+
IAM Roles for Service Accounts (IRSA) https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html
4+
5+
https://azure.github.io/azure-workload-identity/docs/
6+
7+
https://cloud.google.com/config-connector/docs/overview?hl=de
8+
9+
10+
### Token Review
11+
12+
```shell
13+
#kubectl create sa bar
14+
TOKEN="$(kubectl create token bar)"
15+
cat <<EOF | kubectl apply -f - -o yaml
16+
kind: TokenReview
17+
apiVersion: authentication.k8s.io/v1
18+
metadata:
19+
name: test
20+
spec:
21+
token: ${TOKEN}
22+
EOF
23+
```

120_kubernetes/rbac/service_account_api.runme.md

+7-4
Original file line numberDiff line numberDiff line change
@@ -86,11 +86,14 @@ Configure and test kubectl
8686
```sh
8787
kubectl exec -i foo-test -- apk update
8888
kubectl exec -i foo-test -- apk add kubectl --repository=https://dl-cdn.alpinelinux.org/alpine/edge/testing
89+
kubectl exec -i foo-test -- apk add curl
8990
clear
91+
kubectl exec -i foo-test -- kubectl version
9092
kubectl exec -i foo-test -- sh <<"EOF"
91-
kubectl version \
92-
--server=https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT_HTTPS} \
93-
--certificate-authority=/run/secrets/kubernetes.io/serviceaccount/ca.crt \
94-
--token="$(cat /run/secrets/kubernetes.io/serviceaccount/token)"
93+
curl \
94+
--silent \
95+
--url https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT_HTTPS}/api \
96+
--cacert /run/secrets/kubernetes.io/serviceaccount/ca.crt \
97+
--header "Authorization: Bearer $(cat /run/secrets/kubernetes.io/serviceaccount/token)"
9598
EOF
9699
```
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
# Explore token mounted in a pod
2+
3+
https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection
4+
5+
Check projected volume with token, CA and namespace
6+
7+
```sh
8+
cat <<EOF | kubectl apply -f -
9+
apiVersion: v1
10+
kind: Pod
11+
metadata:
12+
name: foo-test
13+
spec:
14+
containers:
15+
- name: foo
16+
image: alpine
17+
command:
18+
- sh
19+
args:
20+
- -c
21+
- sleep 3600
22+
EOF
23+
sleep 5
24+
kubectl get pod foo-test --output yaml
25+
```

160_gitlab_ci.yml

+2-1
Original file line numberDiff line numberDiff line change
@@ -112,7 +112,7 @@ nav:
112112
- IDE: 000_rollout/exercise_ide.md
113113
- Project: 000_rollout/exercise_project.md
114114
- You are ready: you_are_ready.md
115-
- Basics:
115+
- Fundamentals:
116116
- Jobs and Stages: 010_jobs_and_stages/exercise.md
117117
- Variables: 020_variables/exercise.md
118118
- Scriptblocks: 030_script_blocks/exercise.md
@@ -139,5 +139,6 @@ nav:
139139
- Security: 280_security/exercise.md
140140
- CI/CD Components: 300_components/exercise.md
141141
- CI/CD Steps: 310_steps/exercise.md
142+
- Secure Files: 320_secure_files/exercise.md
142143
- Wrap Up:
143144
- You are done: you_are_done.md

160_gitlab_ci/000_rollout/generate.sh

+1-1
Original file line numberDiff line numberDiff line change
@@ -85,6 +85,6 @@ fi
8585
cat seats.json \
8686
| jq --raw-output '
8787
.seats[] |
88-
"\nHost seat\(.index).vscode.inmylab.de\nUser seat\(.index)\nCode \(.code)\nPassword \(.password)"
88+
"\nHost code.inmylab.de\nUser seat\(.index)\nCode \(.code)"
8989
' \
9090
>seats.txt

160_gitlab_ci/000_rollout/server/nginx/code.html

+6
Original file line numberDiff line numberDiff line change
@@ -12,5 +12,11 @@ <h1>Auth</h1>
1212
<p>WebDAV dev: ${SEAT_WEBDAV_DEV}</p>
1313

1414
<p>WebDAV live: ${SEAT_WEBDAV_LIVE}</p>
15+
16+
<h1>Services</h1>
17+
18+
<p><a href="https://gitlab.inmylab.de" target="_blank">GitLab</a> (login using user seat${SEAT_INDEX} and your password)</p>
19+
20+
<p><a href="https://seat${SEAT_INDEX}.vscode.inmylab.de" target="_blank">seat${SEAT_INDEX}</a></p>
1521
</body>
1622
</html>

160_gitlab_ci/000_rollout/slides.md

+2-2
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,6 @@ Containerized service stack for this workshop
1212

1313
![](160_gitlab_ci/000_rollout/stack.drawio.svg) <!-- .element: style="width: 90%; margin-top: 1em;" -->
1414

15-
Available from 2024-11-12 at 9:00 until 2024-11-12 at 18:00
15+
Available from 2024-11-21 at 9:00 until 2024-11-28 at 18:00
1616

17-
See [introduction](/hands-on/2024-11-12/)
17+
Meet your demo environment by following the [introduction](/hands-on/2024-11-21/)

160_gitlab_ci/000_rollout/vscode/vscode/Dockerfile

+11-13
Original file line numberDiff line numberDiff line change
@@ -3,12 +3,6 @@
33
FROM codercom/code-server:4.93.1
44
USER root
55

6-
RUN <<EOF
7-
code-server --install-extension redhat.vscode-yaml
8-
code-server --install-extension golang.go
9-
code-server --install-extension gitlab.gitlab-workflow
10-
EOF
11-
126
RUN <<EOF
137
apt-get update
148
apt-get -y install --no-install-recommends \
@@ -34,15 +28,19 @@ uniget install \
3428
glab
3529
EOF
3630

37-
# See https://github.com/coder/code-server/issues/5177
38-
ENV ENTRYPOINTD=/opt/entrypoint.d
39-
RUN <<EOF
40-
mkdir -p "${ENTRYPOINTD}"
41-
EOF
42-
COPY --chmod=0755 git.sh ${ENTRYPOINTD}
31+
COPY --chmod=0755 git.sh /opt/entrypoint.d/
4332

4433
RUN <<EOF
4534
useradd --user-group --create-home --shell /bin/bash seat
4635
EOF
4736
USER seat
48-
WORKDIR /home/seat
37+
WORKDIR /home/seat/demo
38+
39+
# https://open-vsx.org/
40+
# code-server --install-extension <publisher>.<extension-name>
41+
RUN <<EOF
42+
code-server --install-extension redhat.vscode-yaml
43+
code-server --install-extension golang.go
44+
code-server --install-extension gitlab.gitlab-workflow
45+
code-server --install-extension editorConfig.editorConfig
46+
EOF

160_gitlab_ci/000_rollout/vscode/vscode/git.sh

+5
Original file line numberDiff line numberDiff line change
@@ -19,3 +19,8 @@ git remote add origin https://gitlab.inmylab.de/${GIT_USER}/demo
1919
git remote add upstream https://github.com/nicholasdille/container-slides
2020

2121
git pull origin main || true
22+
23+
touch README.md
24+
git add README.md
25+
git commit -m "Initial commit"
26+
git push --set-upstream origin main

160_gitlab_ci/040_image/exercise.md

+5-5
Original file line numberDiff line numberDiff line change
@@ -10,13 +10,13 @@
1010

1111
In the previous exampes, we called `apk` at the beginning of every job to install Go. This had to be repeated for every job because Go was not present. Choosing an image for a job using the `image` directive, time is saved by avoiding commands to install required tools. See the [official documentation](https://docs.gitlab.com/ee/ci/yaml/#image).
1212

13-
Replace the calls to `apk` with the container image `golang:1.19.2`.
13+
Replace the calls to `apk` with the container image `golang:1.23.2`.
1414

1515
Afterwards check the pipeline in the GitLab UI. You should see a successful pipeline run.
1616

1717
??? info "Hint (Click if you are stuck)"
1818
- Remove `before_script`
19-
- Add `image: golang:1.19.2` instead
19+
- Add `image: golang:1.23.2` instead
2020

2121
??? example "Solution (Click if you are stuck)"
2222
`.gitlab-ci.yml`:
@@ -28,19 +28,19 @@ Afterwards check the pipeline in the GitLab UI. You should see a successful pipe
2828

2929
lint:
3030
stage: check
31-
image: golang:1.19.2
31+
image: golang:1.23.2
3232
script:
3333
- go fmt .
3434

3535
audit:
3636
stage: check
37-
image: golang:1.19.2
37+
image: golang:1.23.2
3838
script:
3939
- go vet .
4040

4141
build:
4242
stage: build
43-
image: golang:1.19.2
43+
image: golang:1.23.2
4444
script:
4545
- |
4646
go build \

160_gitlab_ci/050_defaults/exercise.md

+1-1
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ Afterwards check the pipeline in the GitLab UI. You should see a successful pipe
2727
- build
2828

2929
default:
30-
image: golang:1.19.2
30+
image: golang:1.23.2
3131

3232
lint:
3333
stage: check

160_gitlab_ci/050_defaults/slides.md

+4-6
Original file line numberDiff line numberDiff line change
@@ -8,14 +8,12 @@
88

99
## Defaults
1010

11-
Apply settings to all jobs using `default` [](https://docs.gitlab.com/ee/ci/yaml/#default)
12-
13-
`default` can contain...
11+
Apply settings to all jobs using `default` [](https://docs.gitlab.com/ee/ci/yaml/#default), e.g.
1412

1513
- `image`
16-
- `before_script`
17-
- `after_script`
18-
- and some more we will explore later <i class="fa-duotone fa-face-smile-halo fa-duotone-colors"></i>
14+
- `before_script`, `after_script`
15+
16+
...and some more we will explore later <i class="fa-duotone fa-face-smile-halo fa-duotone-colors"></i>
1917

2018
### Example
2119

160_gitlab_ci/060_artifacts/exercise.md

+3-3
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@ Afterwards check the pipeline in the GitLab UI. You should see a successful pipe
4040
- test
4141

4242
default:
43-
image: golang:1.19.2
43+
image: golang:1.23.2
4444

4545
lint:
4646
stage: check
@@ -93,7 +93,7 @@ Modify the job `test` to consume artifacts only from the job `build`.
9393
- test
9494

9595
default:
96-
image: golang:1.19.2
96+
image: golang:1.23.2
9797

9898
lint:
9999
stage: check
@@ -156,7 +156,7 @@ The following hint and solution are a working example.
156156
- test
157157

158158
default:
159-
image: golang:1.19.2
159+
image: golang:1.23.2
160160

161161
lint:
162162
stage: check

160_gitlab_ci/065_job_dependencies/exercise.md

+2-2
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ Afterwards check the pipeline in the GitLab UI. You should see a successful pipe
2222
- test
2323

2424
default:
25-
image: golang:1.19.2
25+
image: golang:1.23.2
2626

2727
lint:
2828
stage: check
@@ -73,7 +73,7 @@ Afterwards check the pipeline in the GitLab UI. You should see a successful pipe
7373
- test
7474

7575
default:
76-
image: golang:1.19.2
76+
image: golang:1.23.2
7777

7878
lint:
7979
stage: check

160_gitlab_ci/065_job_dependencies/slides.md

+9-3
Original file line numberDiff line numberDiff line change
@@ -54,12 +54,18 @@ Consume artifacts from parent (upstream) pipeline [](https://docs.gitlab.com/ee/
5454
job_name:
5555
script: cat artifact.txt
5656
needs:
57-
- pipeline: $PARENT_PIPELINE_ID
58-
job: create-artifact
57+
- pipeline: $PARENT_PIPELINE_ID
58+
job: create-artifact
5959
```
6060
6161
---
6262
6363
## Hands-On
6464
65-
See chapter [Job dependencies](/hands-on/2024-11-12/065_job_dependencies/exercise/)
65+
See chapter [Job dependencies](/hands-on/2024-11-12/065_job_dependencies/exercise/)
66+
67+
---
68+
69+
## Pro tip: XXX
70+
71+
One stage with two jobs and `needs` -> artifacts work

160_gitlab_ci/090_unit_tests/exercise.md

+1-1
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,7 @@ Afterwards check the pipeline in the GitLab UI. You should see a successful pipe
5454
- test
5555

5656
default:
57-
image: golang:1.19.2
57+
image: golang:1.23.2
5858

5959
lint:
6060
stage: check

160_gitlab_ci/100_environments/exercise.md

+3-3
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ curl https://seat${SEAT_INDEX}.dev.webdav.inmylab.de/ \
2626
--user seat${SEAT_INDEX}:${PASS}
2727
```
2828

29-
Mind that `curl` is not available in the default image `golang:1.19.2` but must be installed using the following commands. Apply what you learned about script blocks as well as separating commands into preparation, core steps and cleanup.
29+
Mind that `curl` is not available in the default image `golang:1.23.2` but must be installed using the following commands. Apply what you learned about script blocks as well as separating commands into preparation, core steps and cleanup.
3030

3131
```bash
3232
apt-get update
@@ -58,7 +58,7 @@ Afterwards check the pipeline in the GitLab UI. You should see a successful pipe
5858
- deploy
5959

6060
default:
61-
image: golang:1.19.2
61+
image: golang:1.23.2
6262

6363
lint:
6464
stage: check
@@ -135,7 +135,7 @@ Afterwards check the pipeline in the GitLab UI. You should see a successful pipe
135135
- deploy
136136

137137
default:
138-
image: golang:1.19.2
138+
image: golang:1.23.2
139139

140140
lint:
141141
stage: check

160_gitlab_ci/110_triggers/exercise.md

+3-3
Original file line numberDiff line numberDiff line change
@@ -56,7 +56,7 @@ Afterwards check the pipeline in both projects in the GitLab UI. You should see
5656
- trigger
5757
5858
default:
59-
image: golang:1.19.2
59+
image: golang:1.23.2
6060
6161
lint:
6262
stage: check
@@ -151,7 +151,7 @@ Afterwards check the pipeline in the GitLab UI. You should see a successful pipe
151151
- trigger
152152
153153
default:
154-
image: golang:1.19.2
154+
image: golang:1.23.2
155155
156156
lint:
157157
stage: check
@@ -250,7 +250,7 @@ Afterwards check the pipeline in the GitLab UI. You should see a successful pipe
250250
- trigger
251251
252252
default:
253-
image: golang:1.19.2
253+
image: golang:1.23.2
254254
255255
lint:
256256
stage: check

0 commit comments

Comments
 (0)