iSharkFly-Docs/pulumi-hugo-cn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix formatting issues on the CrossGuard page, remove template plugin (#3152)

Browse Source
This commit is contained in:
Christian Nunciato
2023-07-12 13:20:57 -07:00
committed by GitHub
parent adb85da71c
commit 36be48397f
6 changed files with 117 additions and 107 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.prettierignore
+1 -1
View File
@@ -11,6 +11,6 @@ yarn-error.log
.hugo_build.lock
*.md
themes/default/layouts/partials/assets.html
themes/default/theme
themes/default/assets
themes/default/layouts
.prettierrc.json
-6
View File
@@ -10,12 +10,6 @@
"trailingComma": "all",
"useTabs": false,
"overrides": [
{
"files": ["*.html"],
"options": {
"parser": "go-template"
}
},
{
"files": ["*.yml", "*.yaml"],
"options": {
package.json
+1 -2
View File
@@ -14,8 +14,7 @@
"devDependencies": {
"husky": "^8.0.1",
"lint-staged": "^13.0.3",
"prettier": "^2.6.2",
"prettier-plugin-go-template": "^0.0.13"
"prettier": "^2.6.2"
},
"scripts": {
"prepare": "husky install"
themes/default/layouts/crosswalk/kubernetes.html
+58 -31
View File
@@ -67,27 +67,52 @@
</p>
</div>
<div class="md:w-1/2 md:ml:4">
{{ $code := `import * as gcp from "@pulumi/gcp";
import * as k8s from "@pulumi/kubernetes";
{{ $code := `import * as gcp from "@pulumi/gcp";
import * as k8s from "@pulumi/kubernetes";
// Create a GKE cluster.
const cluster = new gcp.container.Cluster("gke-cluster");
// Create a GKE cluster.
const cluster = new gcp.container.Cluster("gke-cluster");
// Create a performant node pool in the cluster.
const performantNodes = new gcp.container.NodePool("performant-nodes", {
cluster: cluster.name,
nodeConfig: { machineType: "n1-standard-16"}
});
// Create a performant node pool in the cluster.
const performantNodes = new gcp.container.NodePool("performant-nodes", {
cluster: cluster.name,
nodeConfig: {
machineType: "n1-standard-16"
}
});
// Create an Apps namespace.
const appsNamespace = new k8s.core.v1.Namespace("apps");
// Create an Apps namespace.
const appsNamespace = new k8s.core.v1.Namespace("apps");
// Create a quota.
const quotaAppNamespace = new k8s.core.v1.ResourceQuota("apps", {
spec: {hard: {cpu: "200", memory: "1Gi", pods: "10"
}},
}) // Create a restrictive PodSecurityPolicy. const restrictivePSP = new k8s.policy.v1beta1.PodSecurityPolicy("restrictive", { spec: { privileged: false,
runAsUser: { rule: "RunAsAny" }, fsGroup: { rule: "RunAsAny" }, seLinux: { rule: "RunAsAny" }, supplementalGroups: { rule: "RunAsAny" }, } });` }}
// Create a quota.
const quotaAppNamespace = new k8s.core.v1.ResourceQuota("apps", {
spec: {
hard: {
cpu: "200",
memory: "1Gi",
pods: "10"
}
},
})
// Create a restrictive PodSecurityPolicy.
const restrictivePSP = new k8s.policy.v1beta1.PodSecurityPolicy("restrictive", {
spec: {
privileged: false,
runAsUser: {
rule: "RunAsAny"
},
fsGroup: {
rule: "RunAsAny"
},
seLinux: {
rule: "RunAsAny"
},
supplementalGroups: {
rule: "RunAsAny"
},
}
});` }}
{{ partial "code" (dict "code" $code "lang" "js" "mode" "dark") }}
</div>
</div>
@@ -112,23 +137,25 @@
</p>
</div>
<div class="md:w-1/2 md:ml:4">
{{ $code := `import * as kx from "@pulumi/kubernetesx";
{{ $code := `import * as kx from "@pulumi/kubernetesx";
// Define a Pod.
const pb = new kx.PodBuilder({
containers: [{ image: "nginx" }]
});
// Define a Pod.
const pb = new kx.PodBuilder({
containers: [{
image: "nginx"
}]
});
// Create a Kubernetes Deployment using the previous Pod definition.
const deployment = new kx.Deployment("nginx", {
spec: pb.asDeploymentSpec()
});
// Create a Kubernetes Deployment using the previous Pod definition.
const deployment = new kx.Deployment("nginx", {
spec: pb.asDeploymentSpec()
});
// Expose the Deployment using a load balanced Kubernetes Service.
const service = deployment.createService({
type: kx.types.ServiceType.LoadBalancer,
});`
}}
// Expose the Deployment using a load balanced Kubernetes Service.
const service = deployment.createService({
type: kx.types.ServiceType.LoadBalancer,
});`
}}
{{ partial "code" (dict "code" $code "lang" "js" "mode" "dark") }}
</div>
themes/default/layouts/page/crossguard.html
+57 -55
View File
@@ -5,7 +5,7 @@
{{ define "main" }}
<section id="overview" class="my-12">
<div class="container mx-auto text-center flex-col">
<h2>Pulumi Crossguard</h2>
<h2>Pulumi CrossGuard</h2>
<p>Continuously enforce your organization's cloud governance &mdash; security, compliance, cost controls, and more.</p>
<div class="header-hero-actions mt-8">
<a class="btn-primary" href="{{ relref . "/docs/using-pulumi/crossguard/get-started" }}">Try CrossGuard</a>
@@ -95,51 +95,53 @@
<h4>Security</h4>
<p>Maintain security across all cloud infrastructure assets.</p>
<div class="md:ml:4">
{{ $code := `new PolicyPack("acmecorp-security", {
policies: [{
name: "prohibited-public-internet",
description: "Reject public internet access.",
enforcementLevel: "mandatory",
validateResource: validateResourceOfType(
aws.ec2.SecurityGroup, (sg, args, reportViolation) => {
const hasInternetAccess = sg.ingress.find(
rule => rule.cidrBlocks.includes("0.0.0.0/0"));
if (hasInternetAccess) {
reportViolation("Illegal internet access");
}
}
),
}],
);`
}}
{{ $code := `new PolicyPack("acmecorp-security", {
policies: [{
name: "prohibited-public-internet",
description: "Reject public internet access.",
enforcementLevel: "mandatory",
validateResource: validateResourceOfType(
aws.ec2.SecurityGroup,
(sg, args, reportViolation) => {
const hasInternetAccess = sg.ingress.find(
rule => rule.cidrBlocks.includes("0.0.0.0/0")
);
if (hasInternetAccess) {
reportViolation("Illegal internet access");
}
},
),
}],
);`
}}
{{ partial "code" (dict "code" $code "lang" "js" "mode" "dark") }}
{{ partial "code" (dict "code" $code "lang" "js") }}
</div>
<p class="text-sm italic mt-0 ml-4">Prohibiting network access from the Internet.</p>
<p class="text-sm italic mt-0">Prohibiting network access from the Internet.</p>
</div>
<div class="md:w-1/2 flex-shrink-0 md:mr-8">
<h4>Compliance</h4>
<p>Meet, and stay meeting, compliance standards.</p>
<div class="md:ml:4">
{{ $code := `new PolicyPack("acmecorp-compliance", {
policies: [{
name: "required-storage-region",
description: "Data must be stored in the US.",
enforcementLevel: "mandatory",
validateResource: validateResourceOfType(
aws.s3.Bucket, (bucket, args, reportViolation) => {
if (!bucket.region.startsWith("us-")) {
reportViolation("Non-US bucket detected");
}
}
),
}],
);`
}}
{{ $code := `new PolicyPack("acmecorp-compliance", {
policies: [{
name: "required-storage-region",
description: "Data must be stored in the US.",
enforcementLevel: "mandatory",
validateResource: validateResourceOfType(
aws.s3.Bucket, (bucket, args, reportViolation) => {
if (!bucket.region.startsWith("us-")) {
reportViolation("Non-US bucket detected");
}
},
),
}],
);`
}}
{{ partial "code" (dict "code" $code "lang" "js" "mode" "dark") }}
{{ partial "code" (dict "code" $code "lang" "js") }}
</div>
<p class="text-sm italic mt-0 ml-4">Disallowing storage outside of specific regions.</p>
<p class="text-sm italic mt-0">Disallowing storage outside of specific regions.</p>
</div>
</div>
<div class="container md:mx-auto md:flex">
@@ -147,30 +149,30 @@
<h4>Cost Controls</h4>
<p>Ensure cost conscious deployments.</p>
<div class="md:ml:4">
{{ $code := `new PolicyPack("acmecorp-cost", {
policies: [{
name: "required-cost-tags",
description: "Cost tags are required.",
enforcementLevel: "mandatory",
validateResource: (args, reportViolation) => {
if (isTaggable(args.type) &&
!args.resource["tags"]["Cost Center"]) {
reportViolation("Resource missing tags");
}
),
}],
);`
}}
{{ $code := `new PolicyPack("acmecorp-cost", {
policies: [{
name: "required-cost-tags",
description: "Cost tags are required.",
enforcementLevel: "mandatory",
validateResource: (args, reportViolation) => {
if (isTaggable(args.type) &&
!args.resource["tags"]["Cost Center"]) {
reportViolation("Resource missing tags");
}
),
}],
);`
}}
{{ partial "code" (dict "code" $code "lang" "js" "mode" "dark") }}
{{ partial "code" (dict "code" $code "lang" "js") }}
</div>
<p class="text-sm italic mt-0 ml-4">Requiring a specific cost allocation tags.</p>
<p class="text-sm italic mt-0">Requiring specific cost allocation tags.</p>
</div>
<div class="md:w-1/2 flex-shrink-0 md:mr-8">
<h4>Continuous Delivery</h4>
<p>Catch policy violations before they escape using CI/CD.</p>
<img class="block mx-auto" src="/images/screens/pac-in-action.png" alt="Policy as Code in CI/CD" />
<p class="text-sm italic mt-0 ml-4">A live dashboard of organizational violations in Pulumi Enterprise.</p>
<img class="block mx-auto rounded" src="/images/screens/pac-in-action.png" alt="Policy as Code in CI/CD" />
<p class="text-sm italic">A live dashboard of organizational violations in Pulumi Cloud.</p>
</div>
</div>
</section>
yarn.lock
-12
View File
@@ -649,13 +649,6 @@ pidtree@^0.6.0:
resolved "https://registry.yarnpkg.com/pidtree/-/pidtree-0.6.0.tgz#90ad7b6d42d5841e69e0a2419ef38f8883aa057c"
integrity sha512-eG2dWTVw5bzqGRztnHExczNxt5VGsE6OwTeCG3fdUf9KBsZzO3R5OIIIzWR+iZA0NtZ+RDVdaoE2dK1cn6jH4g==
prettier-plugin-go-template@^0.0.13:
version "0.0.13"
resolved "https://registry.yarnpkg.com/prettier-plugin-go-template/-/prettier-plugin-go-template-0.0.13.tgz#b4047bce76430bc89a8ee8f27fad1b1c14d942be"
integrity sha512-gG/xT5kd+kCzoMaTchXvdfBdsunyRCV6G8cgdPGPd2V5JGGKXUG7SjzBKU7jaGh2RTeblcAdBb/E+S/duOAMsA==
dependencies:
ulid "^2.3.0"
prettier@^2.6.2:
version "2.6.2"
resolved "https://registry.yarnpkg.com/prettier/-/prettier-2.6.2.tgz#e26d71a18a74c3d0f0597f55f01fb6c06c206032"
@@ -914,11 +907,6 @@ uc.micro@^1.0.1, uc.micro@^1.0.5:
resolved "https://registry.npmjs.org/uc.micro/-/uc.micro-1.0.6.tgz"
integrity sha512-8Y75pvTYkLJW2hWQHXxoqRgV7qb9B+9vFEtidML+7koHUFapnVJAZ6cKs+Qjz5Aw3aZWHMC6u0wJE3At+nSGwA==
ulid@^2.3.0:
version "2.3.0"
resolved "https://registry.yarnpkg.com/ulid/-/ulid-2.3.0.tgz#93063522771a9774121a84d126ecd3eb9804071f"
integrity sha512-keqHubrlpvT6G2wH0OEfSW4mquYRcbe/J8NMmveoQOjUqmo+hXtO+ORCpWhdbZ7k72UtY61BL7haGxW6enBnjw==
validate-npm-package-license@^3.0.1:
version "3.0.4"
resolved "https://registry.npmjs.org/validate-npm-package-license/-/validate-npm-package-license-3.0.4.tgz"