podman --version
podman version 5.0.1
tilt version
v0.33.12, built 2024-03-28
start Kind with a local registry. Just use the regular Kind with registry script
podman --version
podman version 5.0.1
tilt version
v0.33.12, built 2024-03-28
start Kind with a local registry. Just use the regular Kind with registry script
--- Changes started at 2024-03-13 20:01:22.594301 --- | |
Skipped: ./imgpkg/CODE_OF_CONDUCT.md - Reason: Unsupported file type | |
Skipped: ./imgpkg/go.mod - Reason: Unsupported file type | |
Skipped: ./imgpkg/LICENSE - Reason: Unsupported file type | |
Skipped: ./imgpkg/code-header-template.txt - Reason: Unsupported file type | |
Skipped: ./imgpkg/MAINTAINERS.md - Reason: Unsupported file type | |
Skipped: ./imgpkg/GOVERNANCE.md - Reason: Unsupported file type | |
Skipped: ./imgpkg/go.sum - Reason: Unsupported file type | |
Skipped: ./imgpkg/.golangci.yml - Reason: Unsupported file type | |
Skipped: ./imgpkg/NOTICE - Reason: Unsupported file type |
#!/bin/bash | |
# Check if an image reference is provided | |
if [ -z "$1" ]; then | |
echo "Usage: $0 <image-reference>" | |
exit 1 | |
fi | |
IMAGE_REF=$1 |
func GetDataFromFBC(report index.Data) (index.Data, error) { | |
root := "./output/" + actions.GetVersionTagFromImage(report.Flags.IndexImage) + "/configs" | |
fileSystem := os.DirFS(root) | |
fbc, err := declcfg.LoadFS(fileSystem) | |
if err != nil { | |
return report, fmt.Errorf("unable to load the file based config : %s", err) | |
} | |
model, err := declcfg.ConvertToModel(*fbc) | |
if err != nil { |
create this graph with:
opm alpha render-graph registry.redhat.io/redhat/redhat-operator-index:v4.14 --package-name quay-operator
{ | |
"schema": "olm.package", | |
"name": "amq-streams", | |
"defaultChannel": "stable", | |
"icon": { |
cd ~/workspace/sa-key-rotation
cd jwks
go run jwks.go ../../aws-pod-identity-webhook/sa-signer-pkcs8.pub ../../cloud-credential-operator/new/serviceaccount-signer.public
cat keys.json
S3_BUCKET_NAME=btofel-sts-test && aws s3 cp keys.json s3://${S3_BUCKET_NAME} --profile redhat-openshift-dev --acl public-read
PRIVKEY=`base64 -i ../cloud-credential-operator/new/serviceaccount-signer.private`
PUBKEY=`base64 -i ../cloud-credential-operator/new/serviceaccount-signer.public`
oc patch secret next-bound-service-account-signing-key -n openshift-kube-apiserver-operator --type=json -p '[{"op":"replace","path":"/data/service-account.key","value":"'"$PRIVKEY"'"},{"op":"replace","path":"/data/service-account.pub","value":"'"$PUBKEY"'"}]'
To enable faster dev process with OpenShift Local (CRC) where you can push dev images to the local internal registry included with OpenShift and pull those same images internally in the cluster you need to follow these steps:
Push images to OpenShift Local's image registry, must be labeled like:
REGISTRY=$(oc get route/default-route -n openshift-image-registry -o=jsonpath='{.spec.host}'); \
IMAGE_PUSH=$($REGISTRY/openshift/pod-identity-webhook:0.4) \
or simpler and actually working:
oc login -u kubeadmin -p zXqDV-wqxpa-YTV7N-hNpgV https://api.crc.testing:6443
oc get -n openshift-kube-apiserver cm -o json bound-sa-token-signing-certs | jq -r '.data["service-account-001.pub"]' > sa-signer-pkcs8.pub
bin/self-hosted-darwin -key "sa-signer-pkcs8.pub" | jq '.keys += [.keys[0]] | .keys[1].kid = ""' > "keys.json"
aws s3 mb s3://btofel-sts-test --profile redhat-openshift-dev
aws s3 cp keys.json s3://btofel-sts-test --profile redhat-openshift-dev --acl public-read
cp ~/hold_code/discovery.json .
vi discovery.json (verify it has bucket URL params to match above)
aws s3 cp discovery.json s3://btofel-sts-test/.well-known/openid-configuration --profile redhat-openshift-dev --acl public-read