{"id":19205738,"url":"https://github.com/fairwindsops/cloudnative-demo-2022","last_synced_at":"2026-02-27T16:33:06.276Z","repository":{"id":96499562,"uuid":"496260195","full_name":"FairwindsOps/cloudnative-demo-2022","owner":"FairwindsOps","description":null,"archived":false,"fork":false,"pushed_at":"2022-07-27T18:40:57.000Z","size":9,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-02-13T07:48:24.007Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/FairwindsOps.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-05-25T14:13:55.000Z","updated_at":"2022-07-27T18:41:00.000Z","dependencies_parsed_at":"2023-04-12T10:46:08.549Z","dependency_job_id":null,"html_url":"https://github.com/FairwindsOps/cloudnative-demo-2022","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/FairwindsOps/cloudnative-demo-2022","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FairwindsOps%2Fcloudnative-demo-2022","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FairwindsOps%2Fcloudnative-demo-2022/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FairwindsOps%2Fcloudnative-demo-2022/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FairwindsOps%2Fcloudnative-demo-2022/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/FairwindsOps","download_url":"https://codeload.github.com/FairwindsOps/cloudnative-demo-2022/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FairwindsOps%2Fcloudnative-demo-2022/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29904313,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-27T14:46:13.553Z","status":"ssl_error","status_checked_at":"2026-02-27T14:46:10.522Z","response_time":57,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-09T13:13:46.861Z","updated_at":"2026-02-27T16:33:06.265Z","avatar_url":"https://github.com/FairwindsOps.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# CloudNative 2022 Demo\n\nThis is a demo for the DevOps/Cloud-Native and Cybersecurity conferences in Boston, 5/25-26\n\n# Instructions\n## Prerequisites\n* Docker: https://docs.docker.com/engine/install/\n* kubectl: https://kubernetes.io/docs/tasks/tools/#kubectl\n* Helm: https://helm.sh/docs/intro/install/\n* KIND: https://kind.sigs.k8s.io/docs/user/quick-start/\n* insights-cli: https://github.com/FairwindsOps/insights-cli/releases/tag/v1.0.0\n\n## Set up Fairwinds Insights\nTo start, sign into Fairwinds Insights at https://insights.fairwinds.com - you'll be\nprovided with an email address and password.\n\nFind your admin token at https://insights.fairwinds.com/orgs/cloudnative-demo-2022/settings/tokens\nand run\n```bash\nexport FAIWINDS_TOKEN=yIrUK[REDACTED]VhYDX\n```\nto set it in your environment.\n\n## Build a Policy\nWe have a pre-built policy for requiring a `costCenterCode` label here in the `opa/required-label/`\ndirectory. To get started with your own policy, run\n```bash\nmv opa/required-label opa/your-name\n```\n`your-name` should be replaced by a unique string you'll remember (lowercase letters and `-` only)\n\nNow you can edit your OPA policy. At the very least, change the `title` to something unique, so your\npolicy doesn't get confused with anyone else's. You can also change the string `costCenterCode` to something\nelse, or try changing the policy entirely!\n\n### Test your Policy\nOnce you're happy with your policy, it's time to test it!\n\nChange `opa/your-name/test/deployment.success.yaml` to something that should pass your policy, and change\n`opa/your-name/deployment.failure.yaml` to something that should fail. Then you can run:\n\n```bash\ninsights-cli validate opa \\\n  --rego-file opa/required-label/policy.rego \\\n  --kube-object-file opa/required-label/test/deployment.failure.yaml\n\n# Action Item:\n#    Title: costCenterCode label is required\n#    Category: Reliability\n#    ...\n```\n\n```bash\ninsights-cli validate opa \\\n  --rego-file opa/required-label/policy.rego \\\n  --kube-object-file opa/required-label/test/deployment.success.yaml\n\n# OPA policy failed validation: 0 action items were returned, but 1 is required\n```\n\n### Sync your Policy\nOnce your tests are passing properly, it's time to sync your policy to Insights.\n\n```bash\ninsights-cli push opa\n```\n\nVisit [the Policy page](https://insights.fairwinds.com/orgs/cloudnative-demo-2022/policy/) in Insights\nand make sure you see your name there.\n\n## Scan your Cluster for violations\nFirst, let's create some files to deploy to the cluster. We can re-use the files we were using to\ntest our policy.\n```bash\ncp opa/your-name/test/* deploy/\ngit add .\ngit commit -a -m \"Create deployment files\"\n```\n\nNext, let's create a KIND cluster to deploy them to:\n```bash\nkind create cluster --image kindest/node:v1.22.0@sha256:b8bda84bb3a190e6e028b1760d277454a72267a5454b57db34437c34a588d047\n```\n\nAnd let's add them to the cluster:\n```bash\nkubectl create ns your-name\nkubectl apply -f deploy/ -n YOURNAME\n```\n\nNext, we have to add a new Kubernetes Cluster to Fairwinds Insights:\n* Visit https://insights.fairwinds.com/orgs/cloudnative-demo-2022/clusters\n* Click \"Add Cluster\" in the top right\n* Give the cluster a unique name\n* Find the \"Open Policy Agent\" report and click \"Quick Add\"\n* Click \"Ready to install\" at the top of the page\n* Copy the values.yaml files\n* Install the agent (note the version should be `2.1.*`):\n```\nhelm repo add fairwinds-stable https://charts.fairwinds.com/stable\nhelm upgrade --install insights-agent fairwinds-stable/insights-agent -f values.yaml \\\n  --version \"2.1.*\" \\\n  --create-namespace \\\n  --namespace insights-agent \\\n  --wait \\\n  --atomic\n```\n\n* Run the `helm upgrade` command\n\nOnce your `helm` command completes, you can see the new Action Items by visiting\nhttps://insights.fairwinds.com/orgs/cloudnative-demo-2022/action-items/\nand selecting your cluster.\n\n## Setting up the Admission Controller\n### Install cert-manager\nThe admission contoller requires an SSL certificate to work. So we'll need to install cert-manager\n```bash\nkubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.8.0/cert-manager.yaml\n```\n\n### Install the Admission Controller\nNext we need to install the admission controller itself:\n* Visit https://insights.fairwinds.com/orgs/cloudnative-demo-2022/clusters/\n* Choose your cluster\n* Click \"Install Hub\"\n* Add the \"Admission Controller\"\n* Click into the card\n* Under Blocking Reports uncheck Polaris\n* Turn off Passive Mode\n* Navigate back to the Hub\n* Click \"Ready to Reinstall\" at the top\n* Copy values.yaml again\n* Re-run the `helm install` command (note version should be `2.1.*`):\n```bash\nhelm repo add fairwinds-stable https://charts.fairwinds.com/stable\nhelm upgrade --install insights-agent fairwinds-stable/insights-agent -f values.yaml \\\n  --version \"2.1.*\" \\\n  --create-namespace \\\n  --namespace insights-agent \\\n  --wait \\\n  --atomic\n```\n\n### Try to deploy\nNow we can trigger the admission controller. Run:\n```bash\nkubectl delete -f deploy/ -n your-name\nkubectl apply -f deploy/ -n your-name\n```\n\nYou should see an error message that your deployment was blocked.\n\nYou can see this block event in the UI by visiting\nhttps://insights.fairwinds.com/orgs/cloudnative-demo-2022/clusters/\nand choosing your cluster, then going to the `Admission Controller` tab.\n\n## Run in CI/CD\nNow let's run our policy against Infrastructure-as-Code, like we would in a CI/CD process.\n\nIn `fairwinds-insights.yaml`, change `repositoryName` to your name so that you don't overwrite\nanyone else's results.\n\nNext run these commands to run the CI script:\n```bash\ncurl -L https://insights.fairwinds.com/v0/insights-ci-1.0.0.sh \u003e insights-ci.sh\necho \"8c193c8a333c269ed3fa50ded4bab91394f0344af531488f80a089fbcbea45b8 *insights-ci.sh\" | shasum -a 256 --check\nchmod +x insights-ci.sh\n./insights-ci.sh\n```\n\nYou should see an action item for your deployment file. You can see your repo in the UI at\nhttps://insights.fairwinds.com/orgs/cloudnative-demo-2022/repositories\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffairwindsops%2Fcloudnative-demo-2022","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffairwindsops%2Fcloudnative-demo-2022","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffairwindsops%2Fcloudnative-demo-2022/lists"}