Create demo cluster for policy demo
$ kind create cluster --name policy-demo
$ kind get clusters
It will start a gitserver.
docker run -d -v `pwd`/repositories:/var/lib/git -p "8282:80" cirocosta/gitserver-http
Create an empty repository deployments.
Refer KPT official documentation for installtion of kpt, porch and configsync.
After installation of configsync create the RootSync resource.
apiVersion: configsync.gke.io/v1beta1
kind: RootSync
metadata:
name: pkg-sync
namespace: config-management-system
spec:
sourceType: git
sourceFormat: unstructured
git:
repo: http://{ip}:{port}/deployments.git
branch: main
auth: none
Refer gatekeeper official documentation to install gatekeeper in workload cluster.
Register the repository in kpt :
kpt alpha repo register --namespace default http://{ip}:{port}/deployments.git # Ensure main branch is available as we configured our RootSync for this branch
Fetch the example package for demo :
$ kpt pkg get https://github.com/GoogleContainerTools/kpt-functions-catalog.git/examples/gatekeeper-disallow-root-user
Execute the demo.sh for the end to end execution of demo:
$ ./demo.sh