forked from nuvolaris/nuvolaris
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathinit-with-audit.sh
executable file
·135 lines (129 loc) · 4.12 KB
/
init-with-audit.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
# This script performs initializations, creating a kind clusters
# that works either inside or outside of a container.
#
# check kind is in path
if ! which kind >/dev/null
then echo "Please install Kind from https://kind.sigs.k8s.io/docs/user/quick-start/#installation"
exit 1
fi
# you are requesting a destroy
# you are requesting a reset (destroy and recreate)
if test "$1" == "destroy"
then kind delete clusters nuvolaris
exit 0
elif test "$1" == "reset"
then kind delete clusters nuvolaris
elif test "$1" != ""
then echo "use either no arguments to create a cluster, destroy to destroy it, reset to rebuild it"
exit 1
fi
# set datadir
if test -f /.dockerenv
then DATADIR=$REAL_HOME/.nuvolaris_data
else DATADIR=$HOME/.nuvolaris_data
fi
# if the nuvolaris cluster already running export its configuration
if kind get clusters | grep nuvolaris >/dev/null 2>/dev/null
then kind export kubeconfig --name nuvolaris
else
# create cluster
mkdir -p $HOME/.nuvolaris/data
cat <<EOF >_kind-config-audit.yaml
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
kubeadmConfigPatches:
- |
kind: InitConfiguration
nodeRegistration:
kubeletExtraArgs:
node-labels: "ingress-ready=true,nuvolaris.io/apihost=localhost,nuvolaris.io/apiport=3233,nuvolaris.io/protocol=http,nuvolaris.io/kube=kind"
- |
kind: ClusterConfiguration
apiServer:
extraArgs:
audit-log-path: /var/log/kubernetes/kube-apiserver-audit.log
audit-policy-file: /etc/kubernetes/policies/audit-policy.yaml
extraVolumes:
- name: audit-policies
hostPath: /etc/kubernetes/policies
mountPath: /etc/kubernetes/policies
readOnly: true
pathType: "DirectoryOrCreate"
- name: "audit-logs"
hostPath: "/var/log/kubernetes"
mountPath: "/var/log/kubernetes"
readOnly: false
pathType: DirectoryOrCreate
extraPortMappings:
- containerPort: 80
hostPort: 80
protocol: TCP
- containerPort: 443
hostPort: 443
protocol: TCP
extraMounts:
- hostPath: ./audit-policy.yaml
containerPath: /etc/kubernetes/policies/audit-policy.yaml
readOnly: true
- role: worker
extraMounts:
- hostPath: $DATADIR
containerPath: /data
extraPortMappings:
- containerPort: 30232
hostPort: 3232
protocol: TCP
- containerPort: 30233
hostPort: 3233
protocol: TCP
- containerPort: 30896
hostPort: 7896
protocol: TCP
- containerPort: 30984
hostPort: 5984
protocol: TCP
- containerPort: 30017
hostPort: 27017
protocol: TCP
- containerPort: 30444
hostPort: 9444
protocol: TCP
- containerPort: 6379
hostPort: 30379
protocol: TCP
EOF
kind create cluster --wait=1m --name=nuvolaris --config=_kind-config-audit.yaml
fi
if test -f /.dockerenv
then
# copy the kubeconfig
mkdir -p /home/nuvolaris/.kube
sudo cp /root/.kube/config /home/nuvolaris/.kube/config
sudo chown nuvolaris:nuvolaris /home/nuvolaris/.kube/config
# deploy nginx ingress
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml
# proxy to sockerhost and loop forever
test -S /var/run/docker.sock || exec sudo /usr/bin/socat \
UNIX-LISTEN:/var/run/docker.sock,fork,mode=660,user=nuvolaris \
UNIX-CONNECT:/var/run/docker-host.sock
fi