diff --git a/lesson-1-introduction-to-microservices-security/exercises/starter/Vagrantfile b/lesson-1-introduction-to-microservices-security/exercises/starter/Vagrantfile index c189705..a8623d5 100644 --- a/lesson-1-introduction-to-microservices-security/exercises/starter/Vagrantfile +++ b/lesson-1-introduction-to-microservices-security/exercises/starter/Vagrantfile @@ -1,18 +1,19 @@ # set up the default terminal ENV["TERM"]="linux" +# set minimum version for Vagrant +Vagrant.require_version ">= 2.2.10" Vagrant.configure("2") do |config| - - # Use any version shown here https://app.vagrantup.com/opensuse/boxes/Leap-15.4.x86_64 - config.vm.box = "opensuse/Leap-15.4.x86_64" - config.vm.box_version = "15.4.13.7" + config.vm.box = "opensuse/Leap-15.6.x86_64" + config.vm.box_version = "15.6.13.356" + config.vm.boot_timeout = 900 # st the static IP for the vagrant box config.vm.network "private_network", ip: "192.168.50.4" # consifure the parameters for VirtualBox provider config.vm.provider "virtualbox" do |vb| - vb.memory = "2048" + vb.memory = "4096" vb.cpus = 4 vb.customize ["modifyvm", :id, "--ioapic", "on"] end diff --git a/lesson-3-docker-attack-surface-analysis-and-hardening/exercises/starter/Dockerfile b/lesson-3-docker-attack-surface-analysis-and-hardening/exercises/starter/Dockerfile index 518119f..9953ea2 100644 --- a/lesson-3-docker-attack-surface-analysis-and-hardening/exercises/starter/Dockerfile +++ b/lesson-3-docker-attack-surface-analysis-and-hardening/exercises/starter/Dockerfile @@ -1,7 +1,4 @@ -# syntax=docker/dockerfile:1.0-experimental - -#define base image; replace with your image location once hardened -FROM opensuse/leap:latest +FROM opensuse/leap:15.6 #define maintainer LABEL maintainer="nick.reva@snap.com" @@ -9,9 +6,9 @@ LABEL maintainer="nick.reva@snap.com" #define version LABEL version="V1" -# create a directory to work in -RUN mkdir udacity \ - && cd udacity +# set working directory +RUN mkdir -p /udacity +WORKDIR /udacity #install zypper RUN zypper refs && zypper refresh diff --git a/lesson-3-docker-attack-surface-analysis-and-hardening/exercises/starter/Vagrantfile b/lesson-3-docker-attack-surface-analysis-and-hardening/exercises/starter/Vagrantfile index c189705..03f7b4f 100644 --- a/lesson-3-docker-attack-surface-analysis-and-hardening/exercises/starter/Vagrantfile +++ b/lesson-3-docker-attack-surface-analysis-and-hardening/exercises/starter/Vagrantfile @@ -1,18 +1,18 @@ # set up the default terminal ENV["TERM"]="linux" +Vagrant.require_version ">= 2.2.10" Vagrant.configure("2") do |config| - - # Use any version shown here https://app.vagrantup.com/opensuse/boxes/Leap-15.4.x86_64 - config.vm.box = "opensuse/Leap-15.4.x86_64" - config.vm.box_version = "15.4.13.7" + config.vm.box = "opensuse/Leap-15.6.x86_64" + config.vm.box_version = "15.6.13.356" + config.vm.boot_timeout = 900 # st the static IP for the vagrant box config.vm.network "private_network", ip: "192.168.50.4" # consifure the parameters for VirtualBox provider config.vm.provider "virtualbox" do |vb| - vb.memory = "2048" + vb.memory = "4096" vb.cpus = 4 vb.customize ["modifyvm", :id, "--ioapic", "on"] end diff --git a/lesson-3-docker-attack-surface-analysis-and-hardening/exercises/starter/docs/CIS Docker Bench V1.6.0.pdf b/lesson-3-docker-attack-surface-analysis-and-hardening/exercises/starter/docs/CIS Docker Bench V1.6.0.pdf new file mode 100644 index 0000000..0c19cf1 Binary files /dev/null and b/lesson-3-docker-attack-surface-analysis-and-hardening/exercises/starter/docs/CIS Docker Bench V1.6.0.pdf differ diff --git a/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/Vagrantfile b/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/Vagrantfile index 99eb223..fe692e7 100644 --- a/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/Vagrantfile +++ b/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/Vagrantfile @@ -16,8 +16,9 @@ Vagrant.configure("2") do |config| # set base image for the vagrant box # config.vm.box = "opensuse/Leap-15.2.x86_64" # Use any version shown here https://app.vagrantup.com/opensuse/boxes/Leap-15.4.x86_64 - node.vm.box = "opensuse/Leap-15.4.x86_64" - node.vm.box_version = "15.4.13.7" + node.vm.box = "opensuse/Leap-15.6.x86_64" + node.vm.box_version = "15.6.13.356" + node.vm.boot_timeout = 900 node.vm.hostname = "node#{i}" # set the static IP for the vagrant box @@ -25,11 +26,11 @@ Vagrant.configure("2") do |config| # configure the parameters for VirtualBox provider node.vm.provider "virtualbox" do |v| v.name = "node#{i}" - v.memory = 2048 - v.cpus = 2 + v.memory = 4096 + v.cpus = 3 end # Bootstrap the machine - config.vm.provision "shell", path: "bootstrap.sh" + # config.vm.provision "shell", path: "bootstrap.sh" end end end diff --git a/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/bootstrap.sh b/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/bootstrap.sh deleted file mode 100644 index 3c28024..0000000 --- a/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/bootstrap.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash - -echo "[TASK 1] Install Docker" -# install Docker -zypper --non-interactive install docker -systemctl enable docker -usermod -G docker -a $USER -systemctl restart docker - -echo "[TASK 2] Disable firewalld" -systemctl stop firewalld -systemctl disable firewalld - -echo "[TASK 3] Disable apparmor" -systemctl stop apparmor -systemctl disable apparmor - -echo "[TASK 4] Set up rke user" -useradd rke -usermod -a -G docker rke -systemctl restart docker - -echo "[TASK 5] Copy auth_keys for rke user" -mkdir -p /home/rke/.ssh -usermod -d /home/rke/ rke -cp /root/.ssh/authorized_keys /home/rke/.ssh -chown rke /home/rke -R - diff --git a/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/config-node1.yml b/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/config-node1.yml new file mode 100644 index 0000000..161e590 --- /dev/null +++ b/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/config-node1.yml @@ -0,0 +1,3 @@ +node-name: node1 +node-ip: 192.168.50.101 +advertise-address: 192.168.50.101 \ No newline at end of file diff --git a/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/config-node2.yml b/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/config-node2.yml new file mode 100644 index 0000000..e651eb1 --- /dev/null +++ b/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/config-node2.yml @@ -0,0 +1,4 @@ +token: SERVER_NODE_TOKEN +server: https://192.168.50.101:9345 +node-name: node2 +node-ip: 192.168.50.102 \ No newline at end of file diff --git a/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/docker-clean.sh b/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/docker-clean.sh deleted file mode 100755 index 826c1c0..0000000 --- a/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/docker-clean.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -docker rm -f$(docker ps -qa) -docker volume rm $(docker volume ls -q) -cleanupdirs="/var/lib/etcd* /etc/kubernete* /etc/cni* /opt/cni* /var/lib/cni* /var/run/calico* /var/lib/kubelet*" -for dir in $cleanupdirs; do - echo "Removing $dir" - rm -Rf $dir -done diff --git a/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/docs/CIS Kubernetes Benchmark v1.10.pdf b/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/docs/CIS Kubernetes Benchmark v1.10.pdf new file mode 100644 index 0000000..5095bd2 Binary files /dev/null and b/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/docs/CIS Kubernetes Benchmark v1.10.pdf differ diff --git a/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/docs/Rancher_Benchmark_Assessment.pdf b/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/docs/RKE1_Rancher_Benchmark_Assessment.pdf similarity index 100% rename from lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/docs/Rancher_Benchmark_Assessment.pdf rename to lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/docs/RKE1_Rancher_Benchmark_Assessment.pdf diff --git a/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/refernence_hardened_cluster.sublime-workspace b/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/refernence_hardened_cluster.sublime-workspace deleted file mode 100644 index 77ed1b4..0000000 --- a/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/refernence_hardened_cluster.sublime-workspace +++ /dev/null @@ -1,214 +0,0 @@ -{ - "auto_complete": - { - "selected_items": - [ - ] - }, - "buffers": - [ - ], - "build_system": "", - "build_system_choices": - [ - ], - "build_varint": "", - "command_palette": - { - "height": 0.0, - "last_filter": "", - "selected_items": - [ - ], - "width": 0.0 - }, - "console": - { - "height": 0.0, - "history": - [ - ] - }, - "distraction_free": - { - "menu_visible": true, - "show_minimap": false, - "show_open_files": false, - "show_tabs": false, - "side_bar_visible": false, - "status_bar_visible": false - }, - "file_history": - [ - "/Users/nick.reva/udacity/nd064-c3-microservices-security-exercises/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/cluster.yml", - "/Users/nick.reva/udacity/nd064-c3-microservices-security-exercises/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/docker-clean.sh", - "/Users/nick.reva/udacity/nd064-c3-microservices-security-exercises/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/Vagrantfile", - "/Users/nick.reva/udacity/nd064-c3-microservices-security-exercises/lesson-6-runtime-monitoring-and-incident-response/exercises/starter/jaeger-app.yaml", - "/Users/nick.reva/udacity/vuln_app/docker-compose.yml", - "/Users/nick.reva/udacity/nd064-c3-microservices-security-exercises/lesson-5-software-composition-analysis/exercises/starter/Dockerfile", - "/Users/nick.reva/udacity/nd064-c3-microservices-security-exercises/lesson-4-kubernetes-attack-surface-and-hardening/exercises/cluster.yml", - "/Users/nick.reva/udacity/nd064-c3-microservices-security-exercises/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/forseb.log", - "/Users/nick.reva/udacity/nd064-c3-microservices-security-exercises/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/for-seb.log", - "/Users/nick.reva/udacity/nd064-c3-microservices-security-exercises/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/cluster.ynk", - "/Users/nick.reva/udacity/nd064-c3-microservices-security-exercises/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/cluster.", - "/Users/nick.reva/udacity/nd064-c3-microservices-security-exercises/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/cluster.yaml", - "/Users/nick.reva/udacity/nd064-c3-microservices-security-exercises/lesson-1-introduction-to-microservices-security/exercises/starter/Vagrantfile", - "/Users/nick.reva/udacity/nd064-c3-microservices-security-exercises/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/cluster.myl", - "/Users/nick.reva/udacity/rke-cluster/Vagrantfile", - "/Users/nick.reva/udacity/rke-cluster/cluster.yml", - "/Users/nick.reva/udacity/rke-cluster/cluster.", - "/Users/nick.reva/udacity/rke-cluster/kube_config_cluster.yml", - "/Users/nick.reva/udacity/nd064-c3-microservices-security-exercises/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/kube_config_cluster.yaml", - "/Users/nick.reva/udacity/nd064-c3-microservices-security-exercises/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/kube_config_cluster.yml", - "/Users/nick.reva/Desktop/Vagrantfile", - "/Users/nick.reva/Desktop/cluster.yml", - "/Users/nick.reva/udacity/vuln_app/sqli/app.py", - "/Users/nick.reva/Desktop/job-master.yaml", - "/Users/nick.reva/udacity/nd064-c3-microservices-security-exercises/lesson-2-docker-attack-surface-analysis-and-hardening/exercises/starter/docker-bench/docker-bench.txt", - "/Users/nick.reva/udacity/nd064-c3-microservices-security-exercises/lesson-2-docker-attack-surface-analysis-and-hardening/exercises/starter/docker-bench/docker-bench", - "/Users/nick.reva/udacity/nd064-c3-microservices-security-exercises/lesson-2-docker-attack-surface-analysis-and-hardening/exercises/starter/Dockerfile", - "/Users/nick.reva/udacity/nd064-c3-Microservices-Security-project-starter/starter/python/main.py", - "/Users/nick.reva/udacity/nd064-c3-microservices-security-exercises/lesson-3-kubernetes-attack-surface-and-hardening/exercises/starter/Vagrantfile", - "/Users/nick.reva/udacity/nd064-c3-Microservices-Security-project-starter/starter/docker/Dockerfile", - "/Users/nick.reva/udacity/nd064-c3-Microservices-Security-project-starter/starter/vagrant/Vagrantfile", - "/Users/nick.reva/udacity/nd064-c3-Microservices-Security/lesson-2-docker-attack-surface-analysis-and-hardening/exercises/starter/Dockerfile", - "/Users/nick.reva/udacity/nd064-c3-Microservices-Security-project-starter/starter/scripts/payload.sh", - "/Users/nick.reva/udacity/nd064-c3-Microservices-Security-project-starter/starter/python/vulnerability_index.md", - "/Users/nick.reva/udacity/nd064-c3-Microservices-Security-project-starter/README.md", - "/Users/nick.reva/acquisitions/mermaid/ariel_website/gl-sast-report.json", - "/Users/nick.reva/dev/udacity/nd064_course_1/project/go.sh", - "/Users/nick.reva/acquisitions/mermaid/app/gl-sast-report.json", - "/Users/nick.reva/acquisitions/mermaid/Blender_Exports/gl-sast-report.json", - "/Users/nick.reva/acquisitions/mermaid/AnnotationTools_workstation/gl-sast-report.json", - "/Users/nick.reva/acquisitions/mermaid/AnnotationTools/gl-sast-report.json", - "/Users/nick.reva/Downloads/extract_bigquery (1).sql", - "/Users/nick.reva/Downloads/GfyCat_Secret_Findings.json", - "/Users/nick.reva/Desktop/sophos_dropper-1.3.3.plist", - "/Users/nick.reva/acquisitions/clone_all_repos.sh", - "/Users/nick.reva/acquisitions/get_sloc.py", - "/Users/nick.reva/dev/python_training/check_for_palindorome.py", - "/Users/nick.reva/dev/css_int", - "/Users/nick.reva/Downloads/C02C2790MD6R_20200317_103113_SDU/system/install.log", - "/Users/av-test/Downloads/uninstall_sophos.bash" - ], - "find": - { - "height": 42.0 - }, - "find_in_files": - { - "height": 0.0, - "where_history": - [ - ] - }, - "find_state": - { - "case_sensitive": false, - "find_history": - [ - ], - "highlight": true, - "in_selection": false, - "preserve_case": false, - "regex": false, - "replace_history": - [ - ], - "reverse": false, - "show_context": true, - "use_buffer2": true, - "whole_word": false, - "wrap": true - }, - "groups": - [ - { - "sheets": - [ - ] - } - ], - "incremental_find": - { - "height": 30.0 - }, - "input": - { - "height": 0.0 - }, - "layout": - { - "cells": - [ - [ - 0, - 0, - 1, - 1 - ] - ], - "cols": - [ - 0.0, - 1.0 - ], - "rows": - [ - 0.0, - 1.0 - ] - }, - "menu_visible": true, - "output.find_results": - { - "height": 0.0 - }, - "pinned_build_system": "", - "project": "refernence_hardened_cluster.sublime-project", - "replace": - { - "height": 56.0 - }, - "save_all_on_build": true, - "select_file": - { - "height": 0.0, - "last_filter": "", - "selected_items": - [ - ], - "width": 0.0 - }, - "select_project": - { - "height": 0.0, - "last_filter": "", - "selected_items": - [ - ], - "width": 0.0 - }, - "select_symbol": - { - "height": 0.0, - "last_filter": "", - "selected_items": - [ - ], - "width": 0.0 - }, - "selected_group": 0, - "settings": - { - }, - "show_minimap": true, - "show_open_files": false, - "show_tabs": true, - "side_bar_visible": true, - "side_bar_width": 150.0, - "status_bar_visible": true, - "template_settings": - { - } -} diff --git a/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/cluster.yml b/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/rke1-cluster.yml similarity index 100% rename from lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/cluster.yml rename to lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/rke1-cluster.yml diff --git a/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/reference_hardened_cluster.yml b/lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/rke1-hardened_cluster.yml old mode 100755 new mode 100644 similarity index 100% rename from lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/reference_hardened_cluster.yml rename to lesson-4-kubernetes-attack-surface-and-hardening/exercises/starter/rke1-hardened_cluster.yml diff --git a/lesson-5-software-composition-analysis/exercises/starter/Dockerfile b/lesson-5-software-composition-analysis/exercises/starter/Dockerfile index 8db21e9..ca70b52 100755 --- a/lesson-5-software-composition-analysis/exercises/starter/Dockerfile +++ b/lesson-5-software-composition-analysis/exercises/starter/Dockerfile @@ -1,7 +1,7 @@ #syntax=docker/dockerfile:1.0-experimental #define base image; replace with your image location once hardened -FROM opensuse/leap:latest +FROM opensuse/leap:15.6 #define maintainer LABEL maintainer="nick.reva@snap.com" @@ -10,7 +10,7 @@ LABEL maintainer="nick.reva@snap.com" LABEL version="V1" #refresh zypper and install updates -RUN zypper ref && zypper up -y +RUN zypper ref #add local user USER $SEC_USER diff --git a/lesson-5-software-composition-analysis/exercises/starter/vuln_app/requirements.txt b/lesson-5-software-composition-analysis/exercises/starter/vuln_app/requirements.txt index 616fb50..89d4ca5 100644 --- a/lesson-5-software-composition-analysis/exercises/starter/vuln_app/requirements.txt +++ b/lesson-5-software-composition-analysis/exercises/starter/vuln_app/requirements.txt @@ -12,7 +12,7 @@ jinja2==2.11.3 # via aiohttp-jinja2 markupsafe==1.1.0 # via jinja2 multidict==4.5.2 # via aiohttp, yarl psycopg2==2.7.6.1 # via aiopg -pyyaml==5.4.1 +pyyaml>=6.0 trafaret-config==2.0.2 trafaret==1.2.0 yarl==1.3.0 # via aiohttp diff --git a/lesson-6-runtime-monitoring-and-incident-response/exercises/starter/Vagrantfile b/lesson-6-runtime-monitoring-and-incident-response/exercises/starter/Vagrantfile index 6539b41..674f5d3 100644 --- a/lesson-6-runtime-monitoring-and-incident-response/exercises/starter/Vagrantfile +++ b/lesson-6-runtime-monitoring-and-incident-response/exercises/starter/Vagrantfile @@ -15,11 +15,12 @@ Vagrant.configure("2") do |config| config.vm.define "node#{i}" do |node| # set base image for the vagrant box # Use any version shown here https://app.vagrantup.com/opensuse/boxes/Leap-15.4.x86_64 - config.vm.box = "opensuse/Leap-15.4.x86_64" - config.vm.box_version = "15.4.13.7" + config.vm.box = "opensuse/Leap-15.6.x86_64" + config.vm.box_version = "15.6.13.356" + config.vm.boot_timeout = 900 # Run ifconfig or ip a to find the appropriate interface - config.vm.network "public_network", :adapter=>3, bridge: "br1" + config.vm.network "public_network", :adapter=>3, bridge: "eth0" # NOTE: This will enable public access to the opened port # config.vm.network "forwarded_port", guest: 8080, host: 8080 @@ -33,11 +34,9 @@ Vagrant.configure("2") do |config| # configure the parameters for VirtualBox provider node.vm.provider "virtualbox" do |v| v.name = "node#{i}" - v.memory = 4096 - v.cpus = 2 + v.memory = 8192 + v.cpus = 4 end - # Bootstrap the machine - config.vm.provision "shell", path: "bootstrap.sh" end end end diff --git a/lesson-6-runtime-monitoring-and-incident-response/exercises/starter/bootstrap.sh b/lesson-6-runtime-monitoring-and-incident-response/exercises/starter/bootstrap.sh deleted file mode 100644 index 89b29d4..0000000 --- a/lesson-6-runtime-monitoring-and-incident-response/exercises/starter/bootstrap.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -echo "[TASK 1] Install Docker" -# install Docker -zypper --non-interactive install docker -systemctl enable docker -usermod -G docker -a $USER -systemctl restart docker - -echo "[TASK 2] Disable firewalld" -systemctl stop firewalld -systemctl disable firewalld - -echo "[TASK 3] Disable apparmor" -systemctl stop apparmor -systemctl disable apparmor - -echo "[TASK 4] Set up rke user" -useradd rke -usermod -a -G docker rke -systemctl restart docker - -echo "[TASK 5] Copy auth_keys for rke user" -mkdir -p /home/rke/.ssh -usermod -d /home/rke/ rke -cp /root/.ssh/authorized_keys /home/rke/.ssh -chown rke /home/rke -R diff --git a/lesson-6-runtime-monitoring-and-incident-response/exercises/starter/cluster.yml b/lesson-6-runtime-monitoring-and-incident-response/exercises/starter/cluster.yml deleted file mode 100644 index f00e9ba..0000000 --- a/lesson-6-runtime-monitoring-and-incident-response/exercises/starter/cluster.yml +++ /dev/null @@ -1,201 +0,0 @@ -# If you intened to deploy Kubernetes in an air-gapped environment, -# please consult the documentation on how to configure custom RKE images. -nodes: -- address: 192.168.50.101 - port: "22" - internal_address: 192.168.50.101 - role: - - controlplane - - worker - - etcd - hostname_override: localhost - user: root - docker_socket: /var/run/docker.sock - ssh_key: "" - ssh_key_path: ~/.ssh/id_rsa - ssh_cert: "" - ssh_cert_path: "" - labels: {} - taints: [] -services: - etcd: - image: "" - extra_args: {} - extra_binds: [] - extra_env: [] - win_extra_args: {} - win_extra_binds: [] - win_extra_env: [] - external_urls: [] - ca_cert: "" - cert: "" - key: "" - path: "" - uid: 0 - gid: 0 - snapshot: null - retention: "" - creation: "" - backup_config: null - kube-api: - image: "" - extra_args: {} - extra_binds: [] - extra_env: [] - win_extra_args: {} - win_extra_binds: [] - win_extra_env: [] - service_cluster_ip_range: 10.43.0.0/16 - service_node_port_range: "" - pod_security_policy: false - always_pull_images: false - secrets_encryption_config: null - audit_log: null - admission_configuration: null - event_rate_limit: null - kube-controller: - image: "" - extra_args: {} - extra_binds: [] - extra_env: [] - win_extra_args: {} - win_extra_binds: [] - win_extra_env: [] - cluster_cidr: 10.42.0.0/16 - service_cluster_ip_range: 10.43.0.0/16 - scheduler: - image: "" - extra_args: {} - extra_binds: [] - extra_env: [] - win_extra_args: {} - win_extra_binds: [] - win_extra_env: [] - kubelet: - image: "" - extra_args: {} - extra_binds: [] - extra_env: [] - win_extra_args: {} - win_extra_binds: [] - win_extra_env: [] - cluster_domain: cluster.local - infra_container_image: "" - cluster_dns_server: 10.43.0.10 - fail_swap_on: false - generate_serving_certificate: false - kubeproxy: - image: "" - extra_args: {} - extra_binds: [] - extra_env: [] - win_extra_args: {} - win_extra_binds: [] - win_extra_env: [] -network: - plugin: canal - options: {} - mtu: 0 - node_selector: {} - update_strategy: null - tolerations: [] -authentication: - strategy: x509 - sans: [] - webhook: null -addons: "" -addons_include: [] -system_images: - etcd: rancher/coreos-etcd:v3.4.14-rancher1 - alpine: rancher/rke-tools:v0.1.72 - nginx_proxy: rancher/rke-tools:v0.1.72 - cert_downloader: rancher/rke-tools:v0.1.72 - kubernetes_services_sidecar: rancher/rke-tools:v0.1.72 - kubedns: rancher/k8s-dns-kube-dns:1.15.10 - dnsmasq: rancher/k8s-dns-dnsmasq-nanny:1.15.10 - kubedns_sidecar: rancher/k8s-dns-sidecar:1.15.10 - kubedns_autoscaler: rancher/cluster-proportional-autoscaler:1.8.1 - coredns: rancher/coredns-coredns:1.8.0 - coredns_autoscaler: rancher/cluster-proportional-autoscaler:1.8.1 - nodelocal: rancher/k8s-dns-node-cache:1.15.13 - kubernetes: rancher/hyperkube:v1.20.4-rancher1 - flannel: rancher/coreos-flannel:v0.13.0-rancher1 - flannel_cni: rancher/flannel-cni:v0.3.0-rancher6 - calico_node: rancher/calico-node:v3.17.2 - calico_cni: rancher/calico-cni:v3.17.2 - calico_controllers: rancher/calico-kube-controllers:v3.17.2 - calico_ctl: rancher/calico-ctl:v3.17.2 - calico_flexvol: rancher/calico-pod2daemon-flexvol:v3.17.2 - canal_node: rancher/calico-node:v3.17.2 - canal_cni: rancher/calico-cni:v3.17.2 - canal_controllers: rancher/calico-kube-controllers:v3.17.2 - canal_flannel: rancher/coreos-flannel:v0.13.0-rancher1 - canal_flexvol: rancher/calico-pod2daemon-flexvol:v3.17.2 - weave_node: weaveworks/weave-kube:2.8.1 - weave_cni: weaveworks/weave-npc:2.8.1 - pod_infra_container: rancher/pause:3.2 - ingress: rancher/nginx-ingress-controller:nginx-0.43.0-rancher1 - ingress_backend: rancher/nginx-ingress-controller-defaultbackend:1.5-rancher1 - metrics_server: rancher/metrics-server:v0.4.1 - windows_pod_infra_container: rancher/kubelet-pause:v0.1.6 - aci_cni_deploy_container: noiro/cnideploy:5.1.1.0.1ae238a - aci_host_container: noiro/aci-containers-host:5.1.1.0.1ae238a - aci_opflex_container: noiro/opflex:5.1.1.0.1ae238a - aci_mcast_container: noiro/opflex:5.1.1.0.1ae238a - aci_ovs_container: noiro/openvswitch:5.1.1.0.1ae238a - aci_controller_container: noiro/aci-containers-controller:5.1.1.0.1ae238a - aci_gbp_server_container: noiro/gbp-server:5.1.1.0.1ae238a - aci_opflex_server_container: noiro/opflex-server:5.1.1.0.1ae238a -ssh_key_path: ~/.ssh/id_rsa -ssh_cert_path: "" -ssh_agent_auth: false -authorization: - mode: rbac - options: {} -ignore_docker_version: null -kubernetes_version: "" -private_registries: [] -ingress: - provider: "" - options: {} - node_selector: {} - extra_args: {} - dns_policy: "" - extra_envs: [] - extra_volumes: [] - extra_volume_mounts: [] - update_strategy: null - http_port: 0 - https_port: 0 - network_mode: "" - tolerations: [] - default_backend: null - default_http_backend_priority_class_name: "" - nginx_ingress_controller_priority_class_name: "" -cluster_name: "" -cloud_provider: - name: "" -prefix_path: "" -win_prefix_path: "" -addon_job_timeout: 0 -bastion_host: - address: "" - port: "" - user: "" - ssh_key: "" - ssh_key_path: "" - ssh_cert: "" - ssh_cert_path: "" -monitoring: - provider: "" - options: {} - node_selector: {} - update_strategy: null - replicas: null - tolerations: [] - metrics_server_priority_class_name: "" -restore: - restore: false - snapshot_name: "" -rotate_encryption_key: false -dns: null