Fixes after 20221201

Author: nicholasdille

120_kubernetes/gvisor/gvisor.demo

@@ -18,4 +18,7 @@ kubectl apply -f nginx.yaml
 # Check gvisor is really used for nginx
 docker exec -it kind-control-plane bash
 crictl ps -l
-crictl exec <id> dmesg
+crictl exec <id> dmesg
+# TODO: Improve using kubectl exec
+
+# TODO: Additional demo without runtimeClass

120_kubernetes/kyverno/kyverno.demo

@@ -12,4 +12,6 @@ helm template rekor sigstore/rekor >rekor.yaml
 kyverno test .
 
 # Succeed to deploy rekor
-helm upgrade --install rekor sigstore/rekor
+helm upgrade --install rekor sigstore/rekor
+
+# TODO: PSA

120_kubernetes/pod_security_standards/namespace.demo

@@ -55,4 +55,6 @@ docker exec kind-control-plane cat /var/log/kubernetes/kube-apiserver-audit.log
     echo "${LINE}" \
     | jq . \
     | less
-done
+done
+
+# TODO: Namespace, rollout, label!!!

120_kubernetes/pod_security_standards/slides.md

@@ -43,7 +43,7 @@ Labels for all three modes for a single policy are supported
 
 kyverno, the Kubernetes-native policy controller [](https://kyverno.io/)
 
-OPA Gatekeeper, the general puepoe policy engine [](https://open-policy-agent.github.io/gatekeeper/website/docs/)
+OPA Gatekeeper, the general purpose policy engine [](https://open-policy-agent.github.io/gatekeeper/website/docs/)
 
 ### See also
 

170_supply_chain_security/sbom-operator/sbom.demo

@@ -1,7 +1,6 @@
 # SBoM (don't forget prepare.sh)
 
 # Deploy sbom-operator
-kubectl create namespace sbom-system
 helm repo add ckotzbauer https://ckotzbauer.github.io/helm-charts
 helm upgrade --install --namespace sbom-system sbom-operator ckotzbauer/sbom-operator -f values-sbom-operator.yaml
 

2022-12-01_heise-Webinar-Sicherheit.html

@@ -14,18 +14,7 @@
 <link rel="stylesheet" href="themes/theme2022.css" id="theme"/>
 <link rel="stylesheet" href="themes/common.css"/>
 <link rel="stylesheet" href="media/[email protected]/styles/rainbow.css"/>
-
-<script>
-    var version = '6.2.0'
-    var link = document.createElement('link');
-    link.rel = 'stylesheet';
-    if (window.location.href.match(/^http(s)?:\/\/(.+\.)*dille.name/)) {
-        link.href = 'https://cdn.dille.name/fontawesome-pro@' + version + '/css/all.min.css';
-    } else {
-        link.href = 'media/fontawesome-pro@' + version + '/css/all.min.css';
-    }
-    document.head.appendChild(link);
-</script>
+<link rel="stylesheet" href="media/[email protected]/css/all.min.css"/>
 </head>
 
 <body>
@@ -56,11 +45,11 @@
 | From  | To    | What           |
 |-------|-------|----------------|
 | 09:00 |       | <i class="fa-duotone fa-roller-coaster"></i> Let's roll     |
-| 09:55 | 10:00 | <i class="fa-duotone fa-coffee-pot"></i> Coffee Break   |
-| 10:55 | 11:00 | <i class="fa-duotone fa-coffee-pot"></i> Coffee Break   |
-| 11:55 | 12:00 | <i class="fa-duotone fa-coffee-pot"></i> Coffee Break   |
+| 09:50 | 10:00 | <i class="fa-duotone fa-coffee-pot"></i> Coffee Break   |
+| 10:50 | 11:00 | <i class="fa-duotone fa-coffee-pot"></i> Coffee Break   |
+| 11:50 | 12:00 | <i class="fa-duotone fa-coffee-pot"></i> Coffee Break   |
 | 12:30 |       | <i class="fa-duotone fa-comments-question-check"></i> Q&amp;A        |
-|       | 13:00 | The End        |
+|       | 13:00 | <i class="fa-duotone fa-flag-checkered"></i> The End        |
 
 ---
 
@@ -101,7 +90,7 @@
 <section data-markdown="" data-separator="^---$" data-separator-vertical="^--$"><textarea data-template="">
 ## Summary
 
-- <span class="fa-li"><i class="fa-duotone fa-infinity"></i></span> Kubernetes comes with many features to improve security
+- <span class="fa-li"><i class="fa-duotone fa-ball-pile"></i></span> Kubernetes comes with many features to improve security
 - <span class="fa-li"><i class="fa-duotone fa-people-arrows"></i></span> RBAC impersonation protects from mistakes
 - <span class="fa-li"><i class="fa-duotone fa-shield-check"></i></span> Pod Security Policies are deprecated and removed
 - <span class="fa-li"><i class="fa-duotone fa-castle"></i></span> They are replaced by Pod Security Standards
@@ -110,7 +99,7 @@
 - <span class="fa-li"><i class="fa-duotone fa-scroll"></i></span> SBoMs describe all libraries contained in an artifact
 - <span class="fa-li"><i class="fa-duotone fa-user-police-tie"></i></span> Kyverno is a Kubernetes-native policy engine
 
-<!-- .element: class="fa-ul" -->
+<!-- .element: class="fa-ul" style="line-height: 175%;" -->
 
 ### Other content