-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathinstall.sh
executable file
·218 lines (196 loc) · 7.2 KB
/
install.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
#!/usr/bin/env bash
if [ -f "common.sh" ]; then
. common.sh
else
source <(curl -s https://raw.githubusercontent.com/accuknox/tools/main/common.sh)
fi
install_karmor_help()
{
echo "karmor cli tool not found. Use following to install:"
echo -en "\tcurl -sfL https://raw.githubusercontent.com/kubearmor/kubearmor-client/main/install.sh | sudo sh -s -- -b /usr/local/bin\n"
echo -en "\tRef: https://github.com/kubearmor/kubearmor-client\n"
}
install_cilium_help()
{
echo "cilium cli tool not found. Use following to install:"
cat << END
curl -L --remote-name-all https://github.com/cilium/cilium-cli/releases/latest/download/cilium-linux-amd64.tar.gz{,.sha256sum}
sha256sum --check cilium-linux-amd64.tar.gz.sha256sum
sudo tar xzvfC cilium-linux-amd64.tar.gz /usr/local/bin
rm cilium-linux-amd64.tar.gz{,.sha256sum}
Ref: https://docs.cilium.io/en/stable/gettingstarted/k8s-install-default/#install-the-cilium-cli
END
}
install_cilium_cli()
{
echo "Installing cilium cli tool"
curl -L --remote-name-all https://github.com/cilium/cilium-cli/releases/download/v0.11.7/cilium-linux-amd64.tar.gz{,.sha256sum}
sudo tar xzvfC cilium-linux-amd64.tar.gz /usr/local/bin
[[ $? -ne 0 ]] && install_cilium_help && exit 1
rm cilium-linux-amd64.tar.gz{,.sha256sum}
}
check_prerequisites()
{
command -v curl >/dev/null 2>&1 ||
{
statusline NOK "curl tool not found"
exit 1
}
command -v cilium >/dev/null 2>&1 ||
{
install_cilium_cli
}
command -v helm >/dev/null 2>&1 ||
{
echo "Use this command to install helm:"
echo " curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash"
statusline NOK "helm tool not found"
exit 1
}
statusline AOK "helm found"
command -v karmor >/dev/null 2>&1 ||
{
install_karmor_help
statusline NOK "karmor tool not found"
exit 1
}
statusline AOK "karmor cli tool found"
kubectl config current-context view 2>/dev/null
statusline $? "k8s cluster accessibility"
}
installMysql() {
kubectl get pod -n explorer -l "app.kubernetes.io/name=mysql" | grep "mysql" >/dev/null 2>&1
[[ $? -eq 0 ]] && statusline AOK "mysql already installed" && return 0
statusline WAIT "installing mysql"
helm install --wait mysql bitnami/mysql \
--namespace explorer \
--set auth.user="test-user" \
--set auth.password="password" \
--set auth.rootPassword="password" \
--set auth.database="knoxautopolicy"
statusline AOK "mysql installed"
}
installFeeder(){
HELM_FEEDER="helm install feeder-service-cilium feeder --namespace=explorer --set image.repository=\"accuknox/test-feeder\" --set image.tag=\"latest\" "
case $PLATFORM in
gke)
HELM_FEEDER="${HELM_FEEDER} --set platform=gke"
;;
self-managed)
;;
*)
HELM_FEEDER="${HELM_FEEDER} --set kubearmor.enabled=false"
esac
eval "$HELM_FEEDER"
}
prepare_cilium_cmd()
{
CLUSTER_NAME="$(echo $CURRENT_CONTEXT_NAME | tr [:upper:] [:lower:] | tr [:punct:] -)"
case $PLATFORM in
aks)
if [[ -z "$CILIUM_AZURE_OPTS" ]]; then
echo "Azure paramaters required for cilium installation are not provided."
echo "For AKS, please provide Azure Resource Group in the following format:"
echo -e "\t CILIUM_AZURE_OPTS=\"--azure-resource-group VALUE\" $0"
exit 1
fi
CILIUM_CMD="cilium install --cluster-name $CLUSTER_NAME $CILIUM_AZURE_OPTS --wait --wait-duration 5m"
;;
*)
CILIUM_CMD="cilium install --cluster-name $CLUSTER_NAME --wait --wait-duration 5m"
;;
esac
}
installCilium() {
kubectl get pod -A -l k8s-app=cilium | grep "cilium" >/dev/null 2>&1
[[ $? -eq 0 ]] && statusline AOK "cilium already installed" && return 0
statusline WAIT "Installing Cilium on $PLATFORM Kubernetes Cluster"
prepare_cilium_cmd
eval $CILIUM_CMD
kubectl wait --for=condition=ready pod -l k8s-app=cilium --timeout=60s --namespace kube-system
cilium hubble enable --relay-image quay.io/cilium/hubble-relay:stable
statusline $? "cilium installation"
: << 'END'
case $PLATFORM in
gke)
NATIVE_CIDR="$(gcloud container clusters describe "$CLUSTER_NAME" --zone "$ZONE" --project "$PROJECT_ID" --format 'value(clusterIpv4Cidr)')"
helm install cilium cilium \
--set image.repository=docker.io/accuknox/cilium-ci \
--set image.tag=3228007c8b07ad626cb16c80476e4846b4eb008e \
--set operator.image.repository=docker.io/accuknox/operator \
--set operator.image.suffix=-ci \
--set operator.image.tag=identity-solution \
--set operator.image.useDigest=false \
--namespace kube-system \
--set nodeinit.enabled=true \
--set nodeinit.reconfigureKubelet=true \
--set nodeinit.removeCbrBridge=true \
--set cni.binPath=/home/kubernetes/bin \
--set gke.enabled=true \
--set ipam.mode=kubernetes \
--set hubble.relay.enabled=true \
--set hubble.ui.enabled=true \
--set nativeRoutingCIDR="$NATIVE_CIDR"\
--set prometheus.enabled=true\
--set operator.prometheus.enabled=true
;;
*)
helm install cilium cilium \
--namespace kube-system \
--set image.repository=docker.io/accuknox/cilium-ci \
--set image.tag=3228007c8b07ad626cb16c80476e4846b4eb008e \
--set operator.image.repository=docker.io/accuknox/operator \
--set operator.image.suffix=-ci \
--set operator.image.tag=identity-solution \
--set operator.image.useDigest=false \
--set hubble.relay.enabled=true \
--set prometheus.enabled=true \
--set cgroup.autoMount.enabled=false \
--set operator.prometheus.enabled=true
;;
esac
END
# Installing cilium using cilium operator
}
installSpire(){
helm install spire spire --namespace=explorer
}
usage()
{
cat << END
Usage: [ENV VARS] $0"
PLATFORM=VAL ... Installation environment { aks | eks | gke | k3d | kind | minikube | self-managed }
KA_INSTALL_OPTS=<opts> ... karmor install <opts> to use (e.g., KA_INSTALL_OPTS="--image kubearmor/kubearmor:dev"
CILIUM_AZURE_OPTS=<opts> ... Parameters for Cilium installation in AKS (e.g., CILIUM_AZURE_OPTS="--azure-resource-group VALUE")
END
exit 0
}
# Processing starts here
[[ "$1" != "" ]] && usage
function show_license() {
cat << EOF
---=[License]=---
1. KubeArmor is licensed under the Apache License, Version 2.0. For details check (https://github.com/kubearmor/KubeArmor/blob/main/LICENSE)
2. The Cilium user space components are licensed under the Apache License, Version 2.0. The BPF code templates are licensed under the General Public License, Version 2.0.
EOF
statusline AOK "Please read the license"
sleep 1
}
show_license
check_prerequisites
install_cilium_cli
helm repo add bitnami https://charts.bitnami.com/bitnami &> /dev/null
helm repo update
kubectl get ns explorer >/dev/null 2>&1
[[ $? -ne 0 ]] && kubectl create ns explorer
statusline AOK "explorer namespace created/already present."
autoDetectEnvironment
installCilium
handleLocalStorage apply
#installMysql
#installFeeder
#handlePrometheusAndGrafana apply
handleKubearmor apply
# handleKubearmorPrometheusClient apply
handleKnoxAutoPolicy apply
#installSpire