diff --git a/lesson-1-introduction-to-microservices-security/exercises/starter/Vagrantfile b/lesson-1-introduction-to-microservices-security/exercises/starter/Vagrantfile index c189705..6dfac3a 100644 --- a/lesson-1-introduction-to-microservices-security/exercises/starter/Vagrantfile +++ b/lesson-1-introduction-to-microservices-security/exercises/starter/Vagrantfile @@ -4,8 +4,8 @@ ENV["TERM"]="linux" Vagrant.configure("2") do |config| # Use any version shown here https://app.vagrantup.com/opensuse/boxes/Leap-15.4.x86_64 - config.vm.box = "opensuse/Leap-15.4.x86_64" - config.vm.box_version = "15.4.13.7" + config.vm.box = "opensuse/Leap-15.6.x86_64" + config.vm.box_version = "15.6.13.356" # st the static IP for the vagrant box config.vm.network "private_network", ip: "192.168.50.4" diff --git a/lesson-3-docker-attack-surface-analysis-and-hardening/exercises/starter/Dockerfile b/lesson-3-docker-attack-surface-analysis-and-hardening/exercises/starter/Dockerfile index 518119f..116cd7f 100644 --- a/lesson-3-docker-attack-surface-analysis-and-hardening/exercises/starter/Dockerfile +++ b/lesson-3-docker-attack-surface-analysis-and-hardening/exercises/starter/Dockerfile @@ -9,9 +9,11 @@ LABEL maintainer="nick.reva@snap.com" #define version LABEL version="V1" -# create a directory to work in -RUN mkdir udacity \ - && cd udacity +# create a directory to work in (using mkdir -p to avoid errors) +RUN mkdir -p /udacity + +# Set the working directory for subsequent instructions +WORKDIR /udacity #install zypper RUN zypper refs && zypper refresh diff --git a/lesson-3-docker-attack-surface-analysis-and-hardening/exercises/starter/Vagrantfile b/lesson-3-docker-attack-surface-analysis-and-hardening/exercises/starter/Vagrantfile index c189705..6dfac3a 100644 --- a/lesson-3-docker-attack-surface-analysis-and-hardening/exercises/starter/Vagrantfile +++ b/lesson-3-docker-attack-surface-analysis-and-hardening/exercises/starter/Vagrantfile @@ -4,8 +4,8 @@ ENV["TERM"]="linux" Vagrant.configure("2") do |config| # Use any version shown here https://app.vagrantup.com/opensuse/boxes/Leap-15.4.x86_64 - config.vm.box = "opensuse/Leap-15.4.x86_64" - config.vm.box_version = "15.4.13.7" + config.vm.box = "opensuse/Leap-15.6.x86_64" + config.vm.box_version = "15.6.13.356" # st the static IP for the vagrant box config.vm.network "private_network", ip: "192.168.50.4" diff --git a/lesson-3-docker-attack-surface-analysis-and-hardening/exercises/starter/docs/CIS Docker Bench V1.20.pdf b/lesson-3-docker-attack-surface-analysis-and-hardening/exercises/starter/docs/CIS Docker Bench V1.20.pdf deleted file mode 100644 index 31aabe3..0000000 Binary files a/lesson-3-docker-attack-surface-analysis-and-hardening/exercises/starter/docs/CIS Docker Bench V1.20.pdf and /dev/null differ diff --git a/lesson-3-docker-attack-surface-analysis-and-hardening/exercises/starter/docs/CIS_Docker_Benchmark_V1.6.0.PDF b/lesson-3-docker-attack-surface-analysis-and-hardening/exercises/starter/docs/CIS_Docker_Benchmark_V1.6.0.PDF new file mode 100644 index 0000000..0c19cf1 Binary files /dev/null and b/lesson-3-docker-attack-surface-analysis-and-hardening/exercises/starter/docs/CIS_Docker_Benchmark_V1.6.0.PDF differ diff --git a/lesson-4-kubernetes-attack-surface-and-hardening/exercises/cluster.yml b/lesson-4-kubernetes-attack-surface-and-hardening/exercises/cluster.yml deleted file mode 100644 index 7ac4477..0000000 --- a/lesson-4-kubernetes-attack-surface-and-hardening/exercises/cluster.yml +++ /dev/null @@ -1,214 +0,0 @@ -# If you intened to deploy Kubernetes in an air-gapped environment, -# please consult the documentation on how to configure custom RKE images. -nodes: -- address: 192.168.50.101 - port: "22" - internal_address: 192.168.50.101 - role: - - controlplane - - etcd - hostname_override: nodecontrolplane - user: root - docker_socket: /var/run/docker.sock - ssh_key: "" - ssh_key_path: ~/.ssh/id_rsa - ssh_cert: "" - ssh_cert_path: "" - labels: {} - taints: [] -- address: 192.168.50.102 - port: "22" - internal_address: 192.168.50.102 - role: - - worker - hostname_override: nodeworker - user: root - docker_socket: /var/run/docker.sock - ssh_key: "" - ssh_key_path: ~/.ssh/id_rsa - ssh_cert: "" - ssh_cert_path: "" - labels: {} - taints: [] -services: - etcd: - image: "" - extra_args: {} - extra_binds: [] - extra_env: [] - win_extra_args: {} - win_extra_binds: [] - win_extra_env: [] - external_urls: [] - ca_cert: "" - cert: "" - key: "" - path: "" - uid: 0 - gid: 0 - snapshot: null - retention: "" - creation: "" - backup_config: null - kube-api: - image: "" - extra_args: {} - extra_binds: [] - extra_env: [] - win_extra_args: {} - win_extra_binds: [] - win_extra_env: [] - service_cluster_ip_range: 10.43.0.0/16 - service_node_port_range: "" - pod_security_policy: false - always_pull_images: false - secrets_encryption_config: null - audit_log: null - admission_configuration: null - event_rate_limit: null - kube-controller: - image: "" - extra_args: {} - extra_binds: [] - extra_env: [] - win_extra_args: {} - win_extra_binds: [] - win_extra_env: [] - cluster_cidr: 10.42.0.0/16 - service_cluster_ip_range: 10.43.0.0/16 - scheduler: - image: "" - extra_args: {} - extra_binds: [] - extra_env: [] - win_extra_args: {} - win_extra_binds: [] - win_extra_env: [] - kubelet: - image: "" - extra_args: {} - extra_binds: [] - extra_env: [] - win_extra_args: {} - win_extra_binds: [] - win_extra_env: [] - cluster_domain: cluster.local - infra_container_image: "" - cluster_dns_server: 10.43.0.10 - fail_swap_on: false - generate_serving_certificate: false - kubeproxy: - image: "" - extra_args: {} - extra_binds: [] - extra_env: [] - win_extra_args: {} - win_extra_binds: [] - win_extra_env: [] -network: - plugin: calico - options: {} - mtu: 0 - node_selector: {} - update_strategy: null - tolerations: [] -authentication: - strategy: x509 - sans: [] - webhook: null -addons: "" -addons_include: [] -system_images: - etcd: rancher/coreos-etcd:v3.4.14-rancher1 - alpine: rancher/rke-tools:v0.1.72 - nginx_proxy: rancher/rke-tools:v0.1.72 - cert_downloader: rancher/rke-tools:v0.1.72 - kubernetes_services_sidecar: rancher/rke-tools:v0.1.72 - kubedns: rancher/k8s-dns-kube-dns:1.15.10 - dnsmasq: rancher/k8s-dns-dnsmasq-nanny:1.15.10 - kubedns_sidecar: rancher/k8s-dns-sidecar:1.15.10 - kubedns_autoscaler: rancher/cluster-proportional-autoscaler:1.8.1 - coredns: rancher/coredns-coredns:1.8.0 - coredns_autoscaler: rancher/cluster-proportional-autoscaler:1.8.1 - nodelocal: rancher/k8s-dns-node-cache:1.15.13 - kubernetes: rancher/hyperkube:v1.20.4-rancher1 - flannel: rancher/coreos-flannel:v0.13.0-rancher1 - flannel_cni: rancher/flannel-cni:v0.3.0-rancher6 - calico_node: rancher/calico-node:v3.17.2 - calico_cni: rancher/calico-cni:v3.17.2 - calico_controllers: rancher/calico-kube-controllers:v3.17.2 - calico_ctl: rancher/calico-ctl:v3.17.2 - calico_flexvol: rancher/calico-pod2daemon-flexvol:v3.17.2 - canal_node: rancher/calico-node:v3.17.2 - canal_cni: rancher/calico-cni:v3.17.2 - canal_controllers: rancher/calico-kube-controllers:v3.17.2 - canal_flannel: rancher/coreos-flannel:v0.13.0-rancher1 - canal_flexvol: rancher/calico-pod2daemon-flexvol:v3.17.2 - weave_node: weaveworks/weave-kube:2.8.1 - weave_cni: weaveworks/weave-npc:2.8.1 - pod_infra_container: rancher/pause:3.2 - ingress: rancher/nginx-ingress-controller:nginx-0.43.0-rancher1 - ingress_backend: rancher/nginx-ingress-controller-defaultbackend:1.5-rancher1 - metrics_server: rancher/metrics-server:v0.4.1 - windows_pod_infra_container: rancher/kubelet-pause:v0.1.6 - aci_cni_deploy_container: noiro/cnideploy:5.1.1.0.1ae238a - aci_host_container: noiro/aci-containers-host:5.1.1.0.1ae238a - aci_opflex_container: noiro/opflex:5.1.1.0.1ae238a - aci_mcast_container: noiro/opflex:5.1.1.0.1ae238a - aci_ovs_container: noiro/openvswitch:5.1.1.0.1ae238a - aci_controller_container: noiro/aci-containers-controller:5.1.1.0.1ae238a - aci_gbp_server_container: noiro/gbp-server:5.1.1.0.1ae238a - aci_opflex_server_container: noiro/opflex-server:5.1.1.0.1ae238a -ssh_key_path: ~/.ssh/id_rsa -ssh_cert_path: "" -ssh_agent_auth: false -authorization: - mode: rbac - options: {} -ignore_docker_version: null -kubernetes_version: "" -private_registries: [] -ingress: - provider: "" - options: {} - node_selector: {} - extra_args: {} - dns_policy: "" - extra_envs: [] - extra_volumes: [] - extra_volume_mounts: [] - update_strategy: null - http_port: 0 - https_port: 0 - network_mode: "" - tolerations: [] - default_backend: null - default_http_backend_priority_class_name: "" - nginx_ingress_controller_priority_class_name: "" -cluster_name: "" -cloud_provider: - name: "" -prefix_path: "" -win_prefix_path: "" -addon_job_timeout: 0 -bastion_host: - address: "" - port: "" - user: "" - ssh_key: "" - ssh_key_path: "" - ssh_cert: "" - ssh_cert_path: "" -monitoring: - provider: "" - options: {} - node_selector: {} - update_strategy: null - replicas: null - tolerations: [] - metrics_server_priority_class_name: "" -restore: - restore: false - snapshot_name: "" -rotate_encryption_key: false -dns: null diff --git a/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/Vagrantfile b/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/Vagrantfile index 5bef0fb..9a02da7 100644 --- a/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/Vagrantfile +++ b/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/Vagrantfile @@ -16,16 +16,18 @@ Vagrant.configure("2") do |config| # set base image for the vagrant box # config.vm.box = "opensuse/Leap-15.2.x86_64" # Use any version shown here https://app.vagrantup.com/opensuse/boxes/Leap-15.4.x86_64 - config.vm.box = "opensuse/Leap-15.4.x86_64" - config.vm.box_version = "15.4.13.7" - config.vm.hostname = "node#{i}" + config.vm.box = "opensuse/Leap-15.6.x86_64" + config.vm.box_version = "15.6.13.356" + + # Set a unique hostname for each node + node.vm.hostname = "node#{i}" # set the static IP for the vagrant box node.vm.network "private_network", ip: "192.168.50.10#{i}" # configure the parameters for VirtualBox provider node.vm.provider "virtualbox" do |v| v.name = "node#{i}" - v.memory = 2048 + v.memory = 4096 v.cpus = 2 end # Bootstrap the machine diff --git a/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/agent-config.yaml b/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/agent-config.yaml new file mode 100644 index 0000000..12f4ffa --- /dev/null +++ b/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/agent-config.yaml @@ -0,0 +1,5 @@ +token: YOUR_SHARED_TOKEN +server: https://192.168.50.101:9345 +node-name: node2 +node-ip: 192.168.50.102 +# profile: cis \ No newline at end of file diff --git a/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/bootstrap.sh b/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/bootstrap.sh index 3c28024..c9606e4 100644 --- a/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/bootstrap.sh +++ b/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/bootstrap.sh @@ -7,22 +7,27 @@ systemctl enable docker usermod -G docker -a $USER systemctl restart docker -echo "[TASK 2] Disable firewalld" -systemctl stop firewalld -systemctl disable firewalld +# echo "[TASK 2] Disable firewalld" +# systemctl stop firewalld +# systemctl disable firewalld -echo "[TASK 3] Disable apparmor" -systemctl stop apparmor -systemctl disable apparmor +echo "[TASK 3] Install apparmor" +zypper --non-interactive install apparmor-parser -echo "[TASK 4] Set up rke user" -useradd rke -usermod -a -G docker rke -systemctl restart docker +# echo "[TASK 4] Set up rke user" +# useradd rke +# usermod -a -G docker rke +# systemctl restart docker -echo "[TASK 5] Copy auth_keys for rke user" -mkdir -p /home/rke/.ssh -usermod -d /home/rke/ rke -cp /root/.ssh/authorized_keys /home/rke/.ssh -chown rke /home/rke -R +# echo "[TASK 5] Copy auth_keys for rke user" +# mkdir -p /home/rke/.ssh +# usermod -d /home/rke/ rke +# cp /root/.ssh/authorized_keys /home/rke/.ssh +# chown rke /home/rke -R +echo "[TASK 6] Install kubectl" +# Download and install kubectl +curl -LO "https://dl.k8s.io/release/v1.32.2/bin/linux/amd64/kubectl" +sudo mv kubectl /usr/local/bin/ +sudo chmod +x /usr/local/bin/kubectl +echo "kubectl installed successfully." \ No newline at end of file diff --git a/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/cluster.yml b/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/cluster.yml deleted file mode 100644 index ca16615..0000000 --- a/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/cluster.yml +++ /dev/null @@ -1,215 +0,0 @@ -# If you intened to deploy Kubernetes in an air-gapped environment, -# please consult the documentation on how to configure custom RKE images. -nodes: -- address: 192.168.50.101 - port: "22" - internal_address: 192.168.50.101 - role: - - controlplane - - etcd - - worker - hostname_override: node1 - user: root - docker_socket: /var/run/docker.sock - ssh_key: "" - ssh_key_path: ~/.ssh/id_rsa - ssh_cert: "" - ssh_cert_path: "" - labels: {} - taints: [] -- address: 192.168.50.102 - port: "22" - internal_address: 192.168.50.102 - role: - - worker - hostname_override: node2 - user: root - docker_socket: /var/run/docker.sock - ssh_key: "" - ssh_key_path: ~/.ssh/id_rsa - ssh_cert: "" - ssh_cert_path: "" - labels: {} - taints: [] -services: - etcd: - image: "" - extra_args: {} - extra_binds: [] - extra_env: [] - win_extra_args: {} - win_extra_binds: [] - win_extra_env: [] - external_urls: [] - ca_cert: "" - cert: "" - key: "" - path: "" - uid: 0 - gid: 0 - snapshot: null - retention: "" - creation: "" - backup_config: null - kube-api: - image: "" - extra_args: {} - extra_binds: [] - extra_env: [] - win_extra_args: {} - win_extra_binds: [] - win_extra_env: [] - service_cluster_ip_range: 10.43.0.0/16 - service_node_port_range: "" - pod_security_policy: false - always_pull_images: false - secrets_encryption_config: null - audit_log: null - admission_configuration: null - event_rate_limit: null - kube-controller: - image: "" - extra_args: {} - extra_binds: [] - extra_env: [] - win_extra_args: {} - win_extra_binds: [] - win_extra_env: [] - cluster_cidr: 10.42.0.0/16 - service_cluster_ip_range: 10.43.0.0/16 - scheduler: - image: "" - extra_args: {} - extra_binds: [] - extra_env: [] - win_extra_args: {} - win_extra_binds: [] - win_extra_env: [] - kubelet: - image: "" - extra_args: {} - extra_binds: [] - extra_env: [] - win_extra_args: {} - win_extra_binds: [] - win_extra_env: [] - cluster_domain: cluster.local - infra_container_image: "" - cluster_dns_server: 10.43.0.10 - fail_swap_on: false - generate_serving_certificate: false - kubeproxy: - image: "" - extra_args: {} - extra_binds: [] - extra_env: [] - win_extra_args: {} - win_extra_binds: [] - win_extra_env: [] -network: - plugin: calico - options: {} - mtu: 0 - node_selector: {} - update_strategy: null - tolerations: [] -authentication: - strategy: x509 - sans: [] - webhook: null -addons: "" -addons_include: [] -system_images: - etcd: rancher/coreos-etcd:v3.4.14-rancher1 - alpine: rancher/rke-tools:v0.1.72 - nginx_proxy: rancher/rke-tools:v0.1.72 - cert_downloader: rancher/rke-tools:v0.1.72 - kubernetes_services_sidecar: rancher/rke-tools:v0.1.72 - kubedns: rancher/k8s-dns-kube-dns:1.15.10 - dnsmasq: rancher/k8s-dns-dnsmasq-nanny:1.15.10 - kubedns_sidecar: rancher/k8s-dns-sidecar:1.15.10 - kubedns_autoscaler: rancher/cluster-proportional-autoscaler:1.8.1 - coredns: rancher/coredns-coredns:1.8.0 - coredns_autoscaler: rancher/cluster-proportional-autoscaler:1.8.1 - nodelocal: rancher/k8s-dns-node-cache:1.15.13 - kubernetes: rancher/hyperkube:v1.20.4-rancher1 - flannel: rancher/coreos-flannel:v0.13.0-rancher1 - flannel_cni: rancher/flannel-cni:v0.3.0-rancher6 - calico_node: rancher/calico-node:v3.17.2 - calico_cni: rancher/calico-cni:v3.17.2 - calico_controllers: rancher/calico-kube-controllers:v3.17.2 - calico_ctl: rancher/calico-ctl:v3.17.2 - calico_flexvol: rancher/calico-pod2daemon-flexvol:v3.17.2 - canal_node: rancher/calico-node:v3.17.2 - canal_cni: rancher/calico-cni:v3.17.2 - canal_controllers: rancher/calico-kube-controllers:v3.17.2 - canal_flannel: rancher/coreos-flannel:v0.13.0-rancher1 - canal_flexvol: rancher/calico-pod2daemon-flexvol:v3.17.2 - weave_node: weaveworks/weave-kube:2.8.1 - weave_cni: weaveworks/weave-npc:2.8.1 - pod_infra_container: rancher/pause:3.2 - ingress: rancher/nginx-ingress-controller:nginx-0.43.0-rancher1 - ingress_backend: rancher/nginx-ingress-controller-defaultbackend:1.5-rancher1 - metrics_server: rancher/metrics-server:v0.4.1 - windows_pod_infra_container: rancher/kubelet-pause:v0.1.6 - aci_cni_deploy_container: noiro/cnideploy:5.1.1.0.1ae238a - aci_host_container: noiro/aci-containers-host:5.1.1.0.1ae238a - aci_opflex_container: noiro/opflex:5.1.1.0.1ae238a - aci_mcast_container: noiro/opflex:5.1.1.0.1ae238a - aci_ovs_container: noiro/openvswitch:5.1.1.0.1ae238a - aci_controller_container: noiro/aci-containers-controller:5.1.1.0.1ae238a - aci_gbp_server_container: noiro/gbp-server:5.1.1.0.1ae238a - aci_opflex_server_container: noiro/opflex-server:5.1.1.0.1ae238a -ssh_key_path: ~/.ssh/id_rsa -ssh_cert_path: "" -ssh_agent_auth: false -authorization: - mode: rbac - options: {} -ignore_docker_version: null -kubernetes_version: "" -private_registries: [] -ingress: - provider: "" - options: {} - node_selector: {} - extra_args: {} - dns_policy: "" - extra_envs: [] - extra_volumes: [] - extra_volume_mounts: [] - update_strategy: null - http_port: 0 - https_port: 0 - network_mode: "" - tolerations: [] - default_backend: null - default_http_backend_priority_class_name: "" - nginx_ingress_controller_priority_class_name: "" -cluster_name: "" -cloud_provider: - name: "" -prefix_path: "" -win_prefix_path: "" -addon_job_timeout: 0 -bastion_host: - address: "" - port: "" - user: "" - ssh_key: "" - ssh_key_path: "" - ssh_cert: "" - ssh_cert_path: "" -monitoring: - provider: "" - options: {} - node_selector: {} - update_strategy: null - replicas: null - tolerations: [] - metrics_server_priority_class_name: "" -restore: - restore: false - snapshot_name: "" -rotate_encryption_key: false -dns: null diff --git a/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/docs/CIS Kubernetes Benchmark v1.10 PDF.pdf b/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/docs/CIS Kubernetes Benchmark v1.10 PDF.pdf new file mode 100644 index 0000000..5095bd2 Binary files /dev/null and b/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/docs/CIS Kubernetes Benchmark v1.10 PDF.pdf differ diff --git a/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/docs/CIS_Kubernetes_Benchmark_v1.6.0.pdf b/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/docs/CIS_Kubernetes_Benchmark_v1.6.0.pdf deleted file mode 100644 index d53c043..0000000 Binary files a/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/docs/CIS_Kubernetes_Benchmark_v1.6.0.pdf and /dev/null differ diff --git a/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/reference_hardened_cluster.yml b/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/reference_hardened_cluster.yml deleted file mode 100755 index 8bbeb0a..0000000 --- a/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/reference_hardened_cluster.yml +++ /dev/null @@ -1,229 +0,0 @@ -# If you intened to deploy Kubernetes in an air-gapped environment, -# please consult the documentation on how to configure custom RKE images. -nodes: [] -services: - etcd: - image: "" - extra_args: {} - extra_binds: [] - extra_env: [] - win_extra_args: {} - win_extra_binds: [] - win_extra_env: [] - external_urls: [] - ca_cert: "" - cert: "" - key: "" - path: "" - uid: 52034 - gid: 52034 - snapshot: true - retention: "" - creation: "" - backup_config: null - kube-api: - image: "" - extra_args: {} - extra_binds: [] - extra_env: [] - win_extra_args: {} - win_extra_binds: [] - win_extra_env: [] - service_cluster_ip_range: "" - service_node_port_range: "" - pod_security_policy: true - always_pull_images: false - secrets_encryption_config: - enabled: true - custom_config: null - audit_log: - enabled: true - configuration: null - admission_configuration: null - event_rate_limit: - enabled: true - configuration: null - kube-controller: - image: "" - extra_args: - feature-gates: RotateKubeletServerCertificate=true - extra_binds: [] - extra_env: [] - win_extra_args: {} - win_extra_binds: [] - win_extra_env: [] - cluster_cidr: "" - service_cluster_ip_range: "" - scheduler: - image: "" - extra_args: {} - extra_binds: [] - extra_env: [] - win_extra_args: {} - win_extra_binds: [] - win_extra_env: [] - kubelet: - image: "" - extra_args: - feature-gates: RotateKubeletServerCertificate=true - protect-kernel-defaults: "true" - tls-cipher-suites: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256 - extra_binds: [] - extra_env: [] - win_extra_args: {} - win_extra_binds: [] - win_extra_env: [] - cluster_domain: cluster.local - infra_container_image: "" - cluster_dns_server: "" - fail_swap_on: false - generate_serving_certificate: true - kubeproxy: - image: "" - extra_args: {} - extra_binds: [] - extra_env: [] - win_extra_args: {} - win_extra_binds: [] - win_extra_env: [] -network: - plugin: "" - options: {} - mtu: 0 - node_selector: {} - update_strategy: null -authentication: - strategy: "" - sans: [] - webhook: null -addons: | - apiVersion: policy/v1beta1 - kind: PodSecurityPolicy - metadata: - name: restricted - spec: - requiredDropCapabilities: - - NET_RAW - privileged: false - allowPrivilegeEscalation: false - defaultAllowPrivilegeEscalation: false - fsGroup: - rule: RunAsAny - runAsUser: - rule: MustRunAsNonRoot - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - emptyDir - - secret - - persistentVolumeClaim - - downwardAPI - - configMap - - projected - --- - apiVersion: networking.k8s.io/v1 - kind: NetworkPolicy - metadata: - name: default-allow-all - spec: - podSelector: {} - ingress: - - {} - egress: - - {} - policyTypes: - - Ingress - - Egress - --- - apiVersion: v1 - kind: ServiceAccount - metadata: - name: default - automountServiceAccountToken: false -addons_include: [] -system_images: - etcd: "" - alpine: "" - nginx_proxy: "" - cert_downloader: "" - kubernetes_services_sidecar: "" - kubedns: "" - dnsmasq: "" - kubedns_sidecar: "" - kubedns_autoscaler: "" - coredns: "" - coredns_autoscaler: "" - nodelocal: "" - kubernetes: "" - flannel: "" - flannel_cni: "" - calico_node: "" - calico_cni: "" - calico_controllers: "" - calico_ctl: "" - calico_flexvol: "" - canal_node: "" - canal_cni: "" - canal_controllers: "" - canal_flannel: "" - canal_flexvol: "" - weave_node: "" - weave_cni: "" - pod_infra_container: "" - ingress: "" - ingress_backend: "" - metrics_server: "" - windows_pod_infra_container: "" -ssh_key_path: "" -ssh_cert_path: "" -ssh_agent_auth: false -authorization: - mode: "" - options: {} -ignore_docker_version: false -kubernetes_version: v1.18.12-rancher1-1 -private_registries: [] -ingress: - provider: "" - options: {} - node_selector: {} - extra_args: {} - dns_policy: "" - extra_envs: [] - extra_volumes: [] - extra_volume_mounts: [] - update_strategy: null - http_port: 0 - https_port: 0 - network_mode: "" -cluster_name: -cloud_provider: - name: "" -prefix_path: "" -win_prefix_path: "" -addon_job_timeout: 0 -bastion_host: - address: "" - port: "" - user: "" - ssh_key: "" - ssh_key_path: "" - ssh_cert: "" - ssh_cert_path: "" -monitoring: - provider: "" - options: {} - node_selector: {} - update_strategy: null - replicas: null -restore: - restore: false - snapshot_name: "" -dns: null -upgrade_strategy: - max_unavailable_worker: "" - max_unavailable_controlplane: "" - drain: null - node_drain_input: null \ No newline at end of file diff --git a/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/refernence_hardened_cluster.sublime-workspace b/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/refernence_hardened_cluster.sublime-workspace deleted file mode 100644 index 77ed1b4..0000000 --- a/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/refernence_hardened_cluster.sublime-workspace +++ /dev/null @@ -1,214 +0,0 @@ -{ - "auto_complete": - { - "selected_items": - [ - ] - }, - "buffers": - [ - ], - "build_system": "", - "build_system_choices": - [ - ], - "build_varint": "", - "command_palette": - { - "height": 0.0, - "last_filter": "", - "selected_items": - [ - ], - "width": 0.0 - }, - "console": - { - "height": 0.0, - "history": - [ - ] - }, - "distraction_free": - { - "menu_visible": true, - "show_minimap": false, - "show_open_files": false, - "show_tabs": false, - "side_bar_visible": false, - "status_bar_visible": false - }, - "file_history": - [ - "/Users/nick.reva/udacity/nd064-c3-microservices-security-exercises/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/cluster.yml", - "/Users/nick.reva/udacity/nd064-c3-microservices-security-exercises/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/docker-clean.sh", - "/Users/nick.reva/udacity/nd064-c3-microservices-security-exercises/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/Vagrantfile", - "/Users/nick.reva/udacity/nd064-c3-microservices-security-exercises/lesson-6-runtime-monitoring-and-incident-response/exercises/starter/jaeger-app.yaml", - "/Users/nick.reva/udacity/vuln_app/docker-compose.yml", - "/Users/nick.reva/udacity/nd064-c3-microservices-security-exercises/lesson-5-software-composition-analysis/exercises/starter/Dockerfile", - "/Users/nick.reva/udacity/nd064-c3-microservices-security-exercises/lesson-4-kubernetes-attack-surface-and-hardening/exercises/cluster.yml", - "/Users/nick.reva/udacity/nd064-c3-microservices-security-exercises/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/forseb.log", - "/Users/nick.reva/udacity/nd064-c3-microservices-security-exercises/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/for-seb.log", - "/Users/nick.reva/udacity/nd064-c3-microservices-security-exercises/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/cluster.ynk", - "/Users/nick.reva/udacity/nd064-c3-microservices-security-exercises/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/cluster.", - "/Users/nick.reva/udacity/nd064-c3-microservices-security-exercises/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/cluster.yaml", - "/Users/nick.reva/udacity/nd064-c3-microservices-security-exercises/lesson-1-introduction-to-microservices-security/exercises/starter/Vagrantfile", - "/Users/nick.reva/udacity/nd064-c3-microservices-security-exercises/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/cluster.myl", - "/Users/nick.reva/udacity/rke-cluster/Vagrantfile", - "/Users/nick.reva/udacity/rke-cluster/cluster.yml", - "/Users/nick.reva/udacity/rke-cluster/cluster.", - "/Users/nick.reva/udacity/rke-cluster/kube_config_cluster.yml", - "/Users/nick.reva/udacity/nd064-c3-microservices-security-exercises/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/kube_config_cluster.yaml", - "/Users/nick.reva/udacity/nd064-c3-microservices-security-exercises/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/kube_config_cluster.yml", - "/Users/nick.reva/Desktop/Vagrantfile", - "/Users/nick.reva/Desktop/cluster.yml", - "/Users/nick.reva/udacity/vuln_app/sqli/app.py", - "/Users/nick.reva/Desktop/job-master.yaml", - "/Users/nick.reva/udacity/nd064-c3-microservices-security-exercises/lesson-2-docker-attack-surface-analysis-and-hardening/exercises/starter/docker-bench/docker-bench.txt", - "/Users/nick.reva/udacity/nd064-c3-microservices-security-exercises/lesson-2-docker-attack-surface-analysis-and-hardening/exercises/starter/docker-bench/docker-bench", - "/Users/nick.reva/udacity/nd064-c3-microservices-security-exercises/lesson-2-docker-attack-surface-analysis-and-hardening/exercises/starter/Dockerfile", - "/Users/nick.reva/udacity/nd064-c3-Microservices-Security-project-starter/starter/python/main.py", - "/Users/nick.reva/udacity/nd064-c3-microservices-security-exercises/lesson-3-kubernetes-attack-surface-and-hardening/exercises/starter/Vagrantfile", - "/Users/nick.reva/udacity/nd064-c3-Microservices-Security-project-starter/starter/docker/Dockerfile", - "/Users/nick.reva/udacity/nd064-c3-Microservices-Security-project-starter/starter/vagrant/Vagrantfile", - "/Users/nick.reva/udacity/nd064-c3-Microservices-Security/lesson-2-docker-attack-surface-analysis-and-hardening/exercises/starter/Dockerfile", - "/Users/nick.reva/udacity/nd064-c3-Microservices-Security-project-starter/starter/scripts/payload.sh", - "/Users/nick.reva/udacity/nd064-c3-Microservices-Security-project-starter/starter/python/vulnerability_index.md", - "/Users/nick.reva/udacity/nd064-c3-Microservices-Security-project-starter/README.md", - "/Users/nick.reva/acquisitions/mermaid/ariel_website/gl-sast-report.json", - "/Users/nick.reva/dev/udacity/nd064_course_1/project/go.sh", - "/Users/nick.reva/acquisitions/mermaid/app/gl-sast-report.json", - "/Users/nick.reva/acquisitions/mermaid/Blender_Exports/gl-sast-report.json", - "/Users/nick.reva/acquisitions/mermaid/AnnotationTools_workstation/gl-sast-report.json", - "/Users/nick.reva/acquisitions/mermaid/AnnotationTools/gl-sast-report.json", - "/Users/nick.reva/Downloads/extract_bigquery (1).sql", - "/Users/nick.reva/Downloads/GfyCat_Secret_Findings.json", - "/Users/nick.reva/Desktop/sophos_dropper-1.3.3.plist", - "/Users/nick.reva/acquisitions/clone_all_repos.sh", - "/Users/nick.reva/acquisitions/get_sloc.py", - "/Users/nick.reva/dev/python_training/check_for_palindorome.py", - "/Users/nick.reva/dev/css_int", - "/Users/nick.reva/Downloads/C02C2790MD6R_20200317_103113_SDU/system/install.log", - "/Users/av-test/Downloads/uninstall_sophos.bash" - ], - "find": - { - "height": 42.0 - }, - "find_in_files": - { - "height": 0.0, - "where_history": - [ - ] - }, - "find_state": - { - "case_sensitive": false, - "find_history": - [ - ], - "highlight": true, - "in_selection": false, - "preserve_case": false, - "regex": false, - "replace_history": - [ - ], - "reverse": false, - "show_context": true, - "use_buffer2": true, - "whole_word": false, - "wrap": true - }, - "groups": - [ - { - "sheets": - [ - ] - } - ], - "incremental_find": - { - "height": 30.0 - }, - "input": - { - "height": 0.0 - }, - "layout": - { - "cells": - [ - [ - 0, - 0, - 1, - 1 - ] - ], - "cols": - [ - 0.0, - 1.0 - ], - "rows": - [ - 0.0, - 1.0 - ] - }, - "menu_visible": true, - "output.find_results": - { - "height": 0.0 - }, - "pinned_build_system": "", - "project": "refernence_hardened_cluster.sublime-project", - "replace": - { - "height": 56.0 - }, - "save_all_on_build": true, - "select_file": - { - "height": 0.0, - "last_filter": "", - "selected_items": - [ - ], - "width": 0.0 - }, - "select_project": - { - "height": 0.0, - "last_filter": "", - "selected_items": - [ - ], - "width": 0.0 - }, - "select_symbol": - { - "height": 0.0, - "last_filter": "", - "selected_items": - [ - ], - "width": 0.0 - }, - "selected_group": 0, - "settings": - { - }, - "show_minimap": true, - "show_open_files": false, - "show_tabs": true, - "side_bar_visible": true, - "side_bar_width": 150.0, - "status_bar_visible": true, - "template_settings": - { - } -} diff --git a/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/server-config.yaml b/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/server-config.yaml new file mode 100644 index 0000000..425982d --- /dev/null +++ b/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/server-config.yaml @@ -0,0 +1,4 @@ +node-name: node1 +node-ip: 192.168.50.101 +advertise-address: 192.168.50.101 +# profile: cis \ No newline at end of file diff --git a/lesson-5-software-composition-analysis/exercises/starter/vuln_app/requirements.txt b/lesson-5-software-composition-analysis/exercises/starter/vuln_app/requirements.txt index 6b37c81..be6ed8d 100644 --- a/lesson-5-software-composition-analysis/exercises/starter/vuln_app/requirements.txt +++ b/lesson-5-software-composition-analysis/exercises/starter/vuln_app/requirements.txt @@ -1,18 +1,18 @@ aiohttp-jinja2==1.1.0 aiohttp-session==2.7.0 -aiohttp==4.0.0a0 +aiohttp==3.5.3 aiopg==0.15.0 aioredis==1.2.0 async-timeout==3.0.1 # via aiohttp, aioredis attrs==18.2.0 # via aiohttp chardet==3.0.4 # via aiohttp -hiredis==1.0.0 # via aioredis +hiredis==0.3.1 # via aioredis idna==2.8 # via yarl -jinja2==2.11.3 # via aiohttp-jinja2 +jinja2==2.10 # via aiohttp-jinja2 markupsafe==1.1.0 # via jinja2 multidict==4.5.2 # via aiohttp, yarl psycopg2==2.7.6.1 # via aiopg -pyyaml==5.4.1 +pyyaml==3.13 trafaret-config==2.0.2 trafaret==1.2.0 yarl==1.3.0 # via aiohttp diff --git a/lesson-5-software-composition-analysis/exercises/starter/vuln_app/sqli/app.py b/lesson-5-software-composition-analysis/exercises/starter/vuln_app/sqli/app.py index 3c755cb..ab5eec5 100644 --- a/lesson-5-software-composition-analysis/exercises/starter/vuln_app/sqli/app.py +++ b/lesson-5-software-composition-analysis/exercises/starter/vuln_app/sqli/app.py @@ -32,7 +32,7 @@ def init(argv): setup_jinja(app, loader=PackageLoader('sqli', 'templates'), context_processors=[csrf_processor, auth_user_processor], - autoescape=True) + autoescape=False) setup_database(app) setup_redis(app) setup_routes(app) diff --git a/lesson-6-runtime-monitoring-and-incident-response/exercises/starter/Vagrantfile b/lesson-6-runtime-monitoring-and-incident-response/exercises/starter/Vagrantfile index 6539b41..ee35876 100644 --- a/lesson-6-runtime-monitoring-and-incident-response/exercises/starter/Vagrantfile +++ b/lesson-6-runtime-monitoring-and-incident-response/exercises/starter/Vagrantfile @@ -15,11 +15,13 @@ Vagrant.configure("2") do |config| config.vm.define "node#{i}" do |node| # set base image for the vagrant box # Use any version shown here https://app.vagrantup.com/opensuse/boxes/Leap-15.4.x86_64 - config.vm.box = "opensuse/Leap-15.4.x86_64" - config.vm.box_version = "15.4.13.7" + config.vm.box = "opensuse/Leap-15.6.x86_64" + config.vm.box_version = "15.6.13.356" # Run ifconfig or ip a to find the appropriate interface - config.vm.network "public_network", :adapter=>3, bridge: "br1" + # config.vm.network "public_network", :adapter=>3, bridge: "br1" + # This is for the cloud lab environment if you are setting up a local environment uncomment the above line. Comment the below line + config.vm.network "public_network", :adapter=>3, bridge: "eth0" # NOTE: This will enable public access to the opened port # config.vm.network "forwarded_port", guest: 8080, host: 8080 @@ -33,7 +35,7 @@ Vagrant.configure("2") do |config| # configure the parameters for VirtualBox provider node.vm.provider "virtualbox" do |v| v.name = "node#{i}" - v.memory = 4096 + v.memory = 8192 v.cpus = 2 end # Bootstrap the machine diff --git a/lesson-6-runtime-monitoring-and-incident-response/exercises/starter/bootstrap.sh b/lesson-6-runtime-monitoring-and-incident-response/exercises/starter/bootstrap.sh index 89b29d4..c9606e4 100644 --- a/lesson-6-runtime-monitoring-and-incident-response/exercises/starter/bootstrap.sh +++ b/lesson-6-runtime-monitoring-and-incident-response/exercises/starter/bootstrap.sh @@ -7,21 +7,27 @@ systemctl enable docker usermod -G docker -a $USER systemctl restart docker -echo "[TASK 2] Disable firewalld" -systemctl stop firewalld -systemctl disable firewalld +# echo "[TASK 2] Disable firewalld" +# systemctl stop firewalld +# systemctl disable firewalld -echo "[TASK 3] Disable apparmor" -systemctl stop apparmor -systemctl disable apparmor +echo "[TASK 3] Install apparmor" +zypper --non-interactive install apparmor-parser -echo "[TASK 4] Set up rke user" -useradd rke -usermod -a -G docker rke -systemctl restart docker +# echo "[TASK 4] Set up rke user" +# useradd rke +# usermod -a -G docker rke +# systemctl restart docker + +# echo "[TASK 5] Copy auth_keys for rke user" +# mkdir -p /home/rke/.ssh +# usermod -d /home/rke/ rke +# cp /root/.ssh/authorized_keys /home/rke/.ssh +# chown rke /home/rke -R -echo "[TASK 5] Copy auth_keys for rke user" -mkdir -p /home/rke/.ssh -usermod -d /home/rke/ rke -cp /root/.ssh/authorized_keys /home/rke/.ssh -chown rke /home/rke -R +echo "[TASK 6] Install kubectl" +# Download and install kubectl +curl -LO "https://dl.k8s.io/release/v1.32.2/bin/linux/amd64/kubectl" +sudo mv kubectl /usr/local/bin/ +sudo chmod +x /usr/local/bin/kubectl +echo "kubectl installed successfully." \ No newline at end of file diff --git a/lesson-6-runtime-monitoring-and-incident-response/exercises/starter/cluster.yml b/lesson-6-runtime-monitoring-and-incident-response/exercises/starter/cluster.yml deleted file mode 100644 index f00e9ba..0000000 --- a/lesson-6-runtime-monitoring-and-incident-response/exercises/starter/cluster.yml +++ /dev/null @@ -1,201 +0,0 @@ -# If you intened to deploy Kubernetes in an air-gapped environment, -# please consult the documentation on how to configure custom RKE images. -nodes: -- address: 192.168.50.101 - port: "22" - internal_address: 192.168.50.101 - role: - - controlplane - - worker - - etcd - hostname_override: localhost - user: root - docker_socket: /var/run/docker.sock - ssh_key: "" - ssh_key_path: ~/.ssh/id_rsa - ssh_cert: "" - ssh_cert_path: "" - labels: {} - taints: [] -services: - etcd: - image: "" - extra_args: {} - extra_binds: [] - extra_env: [] - win_extra_args: {} - win_extra_binds: [] - win_extra_env: [] - external_urls: [] - ca_cert: "" - cert: "" - key: "" - path: "" - uid: 0 - gid: 0 - snapshot: null - retention: "" - creation: "" - backup_config: null - kube-api: - image: "" - extra_args: {} - extra_binds: [] - extra_env: [] - win_extra_args: {} - win_extra_binds: [] - win_extra_env: [] - service_cluster_ip_range: 10.43.0.0/16 - service_node_port_range: "" - pod_security_policy: false - always_pull_images: false - secrets_encryption_config: null - audit_log: null - admission_configuration: null - event_rate_limit: null - kube-controller: - image: "" - extra_args: {} - extra_binds: [] - extra_env: [] - win_extra_args: {} - win_extra_binds: [] - win_extra_env: [] - cluster_cidr: 10.42.0.0/16 - service_cluster_ip_range: 10.43.0.0/16 - scheduler: - image: "" - extra_args: {} - extra_binds: [] - extra_env: [] - win_extra_args: {} - win_extra_binds: [] - win_extra_env: [] - kubelet: - image: "" - extra_args: {} - extra_binds: [] - extra_env: [] - win_extra_args: {} - win_extra_binds: [] - win_extra_env: [] - cluster_domain: cluster.local - infra_container_image: "" - cluster_dns_server: 10.43.0.10 - fail_swap_on: false - generate_serving_certificate: false - kubeproxy: - image: "" - extra_args: {} - extra_binds: [] - extra_env: [] - win_extra_args: {} - win_extra_binds: [] - win_extra_env: [] -network: - plugin: canal - options: {} - mtu: 0 - node_selector: {} - update_strategy: null - tolerations: [] -authentication: - strategy: x509 - sans: [] - webhook: null -addons: "" -addons_include: [] -system_images: - etcd: rancher/coreos-etcd:v3.4.14-rancher1 - alpine: rancher/rke-tools:v0.1.72 - nginx_proxy: rancher/rke-tools:v0.1.72 - cert_downloader: rancher/rke-tools:v0.1.72 - kubernetes_services_sidecar: rancher/rke-tools:v0.1.72 - kubedns: rancher/k8s-dns-kube-dns:1.15.10 - dnsmasq: rancher/k8s-dns-dnsmasq-nanny:1.15.10 - kubedns_sidecar: rancher/k8s-dns-sidecar:1.15.10 - kubedns_autoscaler: rancher/cluster-proportional-autoscaler:1.8.1 - coredns: rancher/coredns-coredns:1.8.0 - coredns_autoscaler: rancher/cluster-proportional-autoscaler:1.8.1 - nodelocal: rancher/k8s-dns-node-cache:1.15.13 - kubernetes: rancher/hyperkube:v1.20.4-rancher1 - flannel: rancher/coreos-flannel:v0.13.0-rancher1 - flannel_cni: rancher/flannel-cni:v0.3.0-rancher6 - calico_node: rancher/calico-node:v3.17.2 - calico_cni: rancher/calico-cni:v3.17.2 - calico_controllers: rancher/calico-kube-controllers:v3.17.2 - calico_ctl: rancher/calico-ctl:v3.17.2 - calico_flexvol: rancher/calico-pod2daemon-flexvol:v3.17.2 - canal_node: rancher/calico-node:v3.17.2 - canal_cni: rancher/calico-cni:v3.17.2 - canal_controllers: rancher/calico-kube-controllers:v3.17.2 - canal_flannel: rancher/coreos-flannel:v0.13.0-rancher1 - canal_flexvol: rancher/calico-pod2daemon-flexvol:v3.17.2 - weave_node: weaveworks/weave-kube:2.8.1 - weave_cni: weaveworks/weave-npc:2.8.1 - pod_infra_container: rancher/pause:3.2 - ingress: rancher/nginx-ingress-controller:nginx-0.43.0-rancher1 - ingress_backend: rancher/nginx-ingress-controller-defaultbackend:1.5-rancher1 - metrics_server: rancher/metrics-server:v0.4.1 - windows_pod_infra_container: rancher/kubelet-pause:v0.1.6 - aci_cni_deploy_container: noiro/cnideploy:5.1.1.0.1ae238a - aci_host_container: noiro/aci-containers-host:5.1.1.0.1ae238a - aci_opflex_container: noiro/opflex:5.1.1.0.1ae238a - aci_mcast_container: noiro/opflex:5.1.1.0.1ae238a - aci_ovs_container: noiro/openvswitch:5.1.1.0.1ae238a - aci_controller_container: noiro/aci-containers-controller:5.1.1.0.1ae238a - aci_gbp_server_container: noiro/gbp-server:5.1.1.0.1ae238a - aci_opflex_server_container: noiro/opflex-server:5.1.1.0.1ae238a -ssh_key_path: ~/.ssh/id_rsa -ssh_cert_path: "" -ssh_agent_auth: false -authorization: - mode: rbac - options: {} -ignore_docker_version: null -kubernetes_version: "" -private_registries: [] -ingress: - provider: "" - options: {} - node_selector: {} - extra_args: {} - dns_policy: "" - extra_envs: [] - extra_volumes: [] - extra_volume_mounts: [] - update_strategy: null - http_port: 0 - https_port: 0 - network_mode: "" - tolerations: [] - default_backend: null - default_http_backend_priority_class_name: "" - nginx_ingress_controller_priority_class_name: "" -cluster_name: "" -cloud_provider: - name: "" -prefix_path: "" -win_prefix_path: "" -addon_job_timeout: 0 -bastion_host: - address: "" - port: "" - user: "" - ssh_key: "" - ssh_key_path: "" - ssh_cert: "" - ssh_cert_path: "" -monitoring: - provider: "" - options: {} - node_selector: {} - update_strategy: null - replicas: null - tolerations: [] - metrics_server_priority_class_name: "" -restore: - restore: false - snapshot_name: "" -rotate_encryption_key: false -dns: null diff --git a/lesson-6-runtime-monitoring-and-incident-response/exercises/starter/payload.sh b/lesson-6-runtime-monitoring-and-incident-response/exercises/starter/payload.sh index 1eec6b4..6e1c479 100755 --- a/lesson-6-runtime-monitoring-and-incident-response/exercises/starter/payload.sh +++ b/lesson-6-runtime-monitoring-and-incident-response/exercises/starter/payload.sh @@ -1,9 +1,9 @@ #!/bin/bash #start monero_cpu_moneropool:latest -kubectl run --kubeconfig kube_config_cluster.yml moneropool --image=servethehome/monero_cpu_moneropool:latest --replicas=1 +kubectl run moneropool --image=servethehome/monero_cpu_moneropool:latest #start xmrpooldotnet -kubectl run --kubeconfig kube_config_cluster.yml xmrpooldotnet --image=servethehome/monero_cpu_xmrpooldotnet:latest --replicas=1 +kubectl run xmrpooldotnet --image=servethehome/monero_cpu_xmrpooldotnet:latest #start minergate -kubectl run --kubeconfig kube_config_cluster.yml minergate --image=servethehome/monero_cpu_minergate:latest --replicas=1 +kubectl run minergate --image=servethehome/monero_cpu_minergate:latest echo "Can you identify the payload(s)?" \ No newline at end of file