forked from bblinder/Splunk
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathk8s_otel_workshop_1.sh
executable file
·152 lines (116 loc) · 4.12 KB
/
k8s_otel_workshop_1.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
#!/usr/bin/env bash
set -Eeuo pipefail
script_dir=$(cd "$(dirname "${BASH_SOURCE[0]}")" &>/dev/null && pwd -P)
die() {
echo "Error: $1" >&2
exit 1
}
usage() {
cat <<EOF
Usage: $(basename "${BASH_SOURCE[0]}") [-h] [-v] [-c]
Script to test setup of a minikube environment with audit logging and server name resolution.
Available options:
-h, --help Print this help and exit
-v, --verbose Print script debug info
-c, --cleanup Perform cleanup tasks and exit
EOF
exit
}
cleanup() {
trap - SIGINT SIGTERM ERR EXIT
# Stop minikube
minikube stop || echo "Failed to stop minikube"
# Delete all minikube configurations
minikube delete || echo "Failed to delete minikube configurations"
# Remove minikube hostname from /etc/hosts
sudo sed -i '/minikube/d' /etc/hosts || echo "Failed to remove minikube hostname from /etc/hosts"
# Remove audit policy file and directory
rm -rf ~/.minikube/files/etc/ssl/certs || echo "Failed to remove audit policy file and directory"
}
setup_minikube() {
# Set minikube driver to docker
minikube config set driver docker
# Delete all minikube configurations
minikube delete || die "Failed to delete minikube configurations"
# Start a new minikube environment from scratch
minikube start --no-vtx-check --driver=docker --subnet=192.168.49.0/24 || die "Failed to start minikube"
# Test that minikube is running
minikube status || die "Minikube is not running"
# Check configured minikube nodes
kubectl get nodes || die "Failed to get minikube nodes"
# Install a new cert-manager
kubectl apply -f \
https://github.com/cert-manager/cert-manager/releases/download/v1.9.1/cert-manager.yaml || die "Failed to install cert-manager"
# Stop minikube
minikube stop || die "Failed to stop minikube"
# Create directory where our Audit Policy will live: ~/.minikube/files/etc/ssl/certs
mkdir -p ~/.minikube/files/etc/ssl/certs || die "Failed to create directory for audit policy"
# Create a VERY basic audit-policy.yaml file
cat <<EOF > ~/.minikube/files/etc/ssl/certs/audit-policy.yaml
# Log all requests at the Metadata level.
apiVersion: audit.k8s.io/v1
kind: Policy
rules:
- level: Metadata
EOF
# Restart our minikube environment with the new audit policy configuration
minikube start --no-vtx-check --driver=docker --subnet=192.168.49.0/24 \
--extra-config=apiserver.audit-policy-file=/etc/ssl/certs/audit-policy.yaml \
--extra-config=apiserver.audit-log-path=- || die "Failed to restart minikube with audit policy"
eval $(minikube -p minikube docker-env) || die "Failed to set minikube docker environment"
}
setup_name_resolution() {
# Check the IP address of minikube and add it to /etc/hosts
minikube_ip=$(minikube ip)
if [[ -z "$minikube_ip" ]]; then
die "Failed to get minikube IP address"
fi
# Add the minikube IP address to /etc/hosts
echo -e "$minikube_ip\tminikube" | sudo tee --append /etc/hosts || die "Failed to add minikube IP to /etc/hosts"
# adding a sleep to allow the DNS entry to propagate
echo -e "Waiting for DNS entry to propagate..."
sleep 5
# Test our new name resolution
nslookup minikube || die "Failed to resolve minikube hostname"
}
prompt_cleanup() {
read -p "Do you want to run cleanup tasks now? This will remove any minikube clusters. [y/N]: " -r
if [[ $REPLY =~ ^[Yy]$ ]]; then
trap cleanup SIGINT SIGTERM ERR EXIT
fi
}
main() {
# Ensuring this will only run on Linux
if [[ "$OSTYPE" != "linux-gnu"* ]]; then
die "This script is intended to run on Linux only"
fi
# Check that minikube and kubectl are installed
if ! command -v minikube &>/dev/null; then
die "minikube is required"
fi
if ! command -v kubectl &>/dev/null; then
die "kubectl is required"
fi
local cleanup=false
local verbose=false
while :; do
case "${1-}" in
-h | --help) usage ;;
-v | --verbose) verbose=true ;;
-c | --cleanup) cleanup=true ;;
-?*) die "Unknown option: $1" ;;
*) break ;;
esac
shift
done
args=("$@")
[[ $verbose == true ]] && set -x
if [[ $cleanup == true ]]; then
cleanup
exit 0
fi
setup_minikube
setup_name_resolution
prompt_cleanup
}
main "$@"