├── .gitattributes ├── .github └── ISSUE_TEMPLATE │ └── standard-self-medicate--help--issue-template.md ├── .gitignore ├── LICENSE ├── README.md ├── Vagrantfile ├── anti-up.bat ├── antidote-config.yml ├── container-start.sh ├── manifests ├── acore.yaml ├── aweb.yaml ├── jaeger.yaml ├── multus-cni.conf ├── multusinstall.yml ├── new-nginx-controller.yaml ├── nginx-controller.yaml └── webssh2.yaml ├── selfmedicate.sh └── vagrant-provision.sh /.gitattributes: -------------------------------------------------------------------------------- 1 | *.sh text eol=lf -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/standard-self-medicate--help--issue-template.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Help with Selfmedicate 3 | about: Select this if you're looking for help with selfmedicate. 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Have you read the [selfmedicate documentation](https://antidoteproject.readthedocs.io/en/latest/hacking/curriculum/selfmedicate.html) in its entirety? (yes/no)** 11 | 12 | **Link to Debug Information** 13 | Please post a link to a Github Gist containing the output of `./selfmedicate.sh debug` [as described here](https://antidoteproject.readthedocs.io/en/latest/hacking/curriculum/selfmedicate.html#troubleshooting-self-medicate) - DO NOT paste the contents here. 14 | 15 | **Expected behavior** 16 | A clear and concise description of what you expected to happen. 17 | 18 | **Observed behavior** 19 | A clear and concise description of what you are seeing happen. 20 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .terraform/ 2 | .vagrant/ 3 | *.log 4 | *tfstate* 5 | *.qcow2* 6 | *account.json* 7 | *.retry 8 | hosts 9 | venv/ 10 | .idea/ 11 | 12 | # This is where I placed my updated gcp provider 13 | terraform.d/ 14 | 15 | # This is where ansible places files for copying between instances 16 | tmp/ 17 | 18 | csrx-18.1R1.9.img.bz2 19 | 20 | infra/antidote-web/target/ 21 | 22 | # Certs stuff 23 | platform/ssl/ 24 | platform/letsencrypt/ 25 | 26 | # Docs 27 | docs/.Python 28 | docs/bin/ 29 | docs/include/ 30 | docs/lib/ 31 | docs/_build/ 32 | *.DS_Store* 33 | docs/local/ 34 | *pip-selfcheck.json 35 | docs/virtualenv/ 36 | 37 | *billing_override.tf* 38 | 39 | _old_contrail/ 40 | *ansiblekey.json 41 | 42 | platform/antidote-web/target/ 43 | 44 | selfmedicatedebug -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | | :exclamation: NOTE - this project has been archived. Please see [this blog post](https://nrelabs.io/2021/12/goodbye-for-now/) for more details. :exclamation: | 2 | |-----------------------------------------| 3 | 4 | # antidote-selfmedicate 5 | 6 | This is where you can set up a development environment for antidote 7 | curriculum. 8 | 9 | Selfmedicate will be run inside a Vagrant environment so that it can run in a consistent, properly configured virtual machine with all of the dependencies needed. 10 | 11 | If you want to create new lessons 12 | or add to existing ones, this is what you will need to be able to preview your changes locally before opening a Pull Request. 13 | 14 | It is **highly recommended** that you start by reading [the docs](https://antidoteproject.readthedocs.io/en/latest/). 15 | 16 | -------------------------------------------------------------------------------- /Vagrantfile: -------------------------------------------------------------------------------- 1 | 2 | # -*- mode: ruby -*- 3 | # vi: set ft=ruby ts=2 sw=2 et: 4 | Vagrant.require_version ">= 2.1.0" 5 | require 'fileutils' 6 | require 'yaml' 7 | 8 | ### PRE PROVISONING ### 9 | 10 | ## Constants 11 | vagrant_dir = File.expand_path(File.dirname(__FILE__)) 12 | 13 | ## Load Configuration (antidote-custom.yml) 14 | antidote_config_file = File.join(vagrant_dir, 'antidote-config.yml') 15 | antidote_config = YAML.load_file(antidote_config_file) 16 | 17 | ## Configure VM Defaults 18 | defaults = Hash.new 19 | defaults['memory'] = 2048 20 | defaults['cores'] = 1 21 | # This should rarely be overridden, so it's not included in the default antidote-config.yml file by default. 22 | defaults['private_network_ip'] = '192.168.34.100' 23 | antidote_config['vm_config'] = defaults.merge(antidote_config['vm_config']) 24 | 25 | if defined? antidote_config['vm_config']['provider'] then 26 | # Override or set the vagrant provider. 27 | ENV['VAGRANT_DEFAULT_PROVIDER'] = antidote_config['vm_config']['provider'] 28 | end 29 | 30 | ## Configure VAGRANT Variables 31 | trimmed_version = antidote_config['version'].to_s.tr('.','') 32 | antidote_config['hostname'] = "antidote-#{trimmed_version}" 33 | 34 | ### VAGRANT CONFIGURATION ### 35 | Vagrant.configure("2") do |config| 36 | # Store the current version of Vagrant for use in conditionals when dealing 37 | # with possible backward compatible issues. 38 | vagrant_version = Vagrant::VERSION.sub(/^v/, '') 39 | 40 | # Configurations from 1.0.x can be placed in Vagrant 1.1.x specs like the following. 41 | config.vm.provider :virtualbox do |v| 42 | v.customize ["modifyvm", :id, "--memory", antidote_config['vm_config']['memory']] 43 | v.customize ["modifyvm", :id, "--cpus", antidote_config['vm_config']['cores']] 44 | v.customize ["modifyvm", :id, "--natdnshostresolver1", "on"] 45 | v.customize ["modifyvm", :id, "--natdnsproxy1", "on"] 46 | v.customize ["modifyvm", :id, "--nictype1", "virtio"] 47 | v.customize ["modifyvm", :id, "--rtcuseutc", "on"] 48 | v.customize ["modifyvm", :id, "--audio", "none"] 49 | v.customize ["modifyvm", :id, "--paravirtprovider", "kvm"] 50 | end 51 | 52 | # Configuration options for Hyper-V. 53 | config.vm.provider :hyperv do |v, override| 54 | v.memory = antidote_config['vm_config']['memory'] 55 | v.cpus = antidote_config['vm_config']['cores'] 56 | end 57 | 58 | 59 | # Configuration options for Parallels. 60 | config.vm.provider :parallels do |v| 61 | v.update_guest_tools = true 62 | v.customize ["set", :id, "--longer-battery-life", "off"] 63 | v.memory = antidote_config['vm_config']['memory'] 64 | v.cpus = antidote_config['vm_config']['cores'] 65 | end 66 | 67 | # Configuration options for VMware Fusion. 68 | config.vm.provider :vmware_fusion do |v| 69 | v.vmx["memsize"] = antidote_config['vm_config']['memory'] 70 | v.vmx["numvcpus"] = antidote_config['vm_config']['cores'] 71 | end 72 | 73 | # Configuration options for Libvirt. 74 | config.vm.provider :libvirt do |v, override| 75 | v.memory = antidote_config['vm_config']['memory'] 76 | v.cpus = antidote_config['vm_config']['cores'] 77 | v.nested = true 78 | override.vm.box = "generic/ubuntu1804" 79 | end 80 | 81 | 82 | # Base Ubuntu Box 83 | config.vm.box = "bento/ubuntu-18.04" 84 | 85 | config.vm.hostname = "antidote-#{antidote_config['version'].to_s.tr('.', '')}" 86 | 87 | config.vm.define "Antidote #{antidote_config['version']}" 88 | 89 | # Please see (https://github.com/cogitatio/vagrant-hostsupdater) for more information 90 | if defined?(VagrantPlugins::HostsUpdater) 91 | config.hostsupdater.aliases = ["antidote-local"] 92 | config.hostsupdater.remove_on_suspend = false 93 | end 94 | 95 | config.vm.network :private_network, id: "antidote_primary", ip: antidote_config['vm_config']['private_network_ip'] 96 | 97 | config.vm.network "forwarded_port", guest: 30001, host: 30001 98 | # Temporary to enable webssh2 - should be made available via ingress ASAP 99 | config.vm.network "forwarded_port", guest: 30010, host: 30010 100 | 101 | # config.vm.provider :hyperv do |v, override| 102 | # override.vm.network :private_network, id: "vvv_primary", ip: nil 103 | # end 104 | 105 | # /shared 106 | config.vm.synced_folder "../nrelabs-curriculum", "/curriculum" 107 | 108 | # Disable default synced folder 109 | config.vm.synced_folder ".", "/vagrant", disabled: true 110 | 111 | # Copy selfmedicate and the manifests folder to the VM. 112 | config.vm.provision "file", source: "selfmedicate.sh", destination: "$HOME/selfmedicate.sh" 113 | config.vm.provision "file", source: "container-start.sh", destination: "$HOME/container-start.sh" 114 | config.vm.synced_folder "manifests", "/home/vagrant/manifests" 115 | 116 | # Provisioning antidote vagrant vm 117 | # This will install docker, kubectl and minikube 118 | config.vm.provision "default", type: "shell", path: "vagrant-provision.sh", env: {CHANGE_MINIKUBE_NONE_USER: true} 119 | 120 | # Running initial selfmedicate script as the Vagrant user. 121 | $script = "/bin/bash --login $HOME/selfmedicate.sh start" 122 | config.vm.provision "custom", type: "shell", privileged: false, inline: $script 123 | 124 | # Start antidote on reload 125 | $script = "/bin/bash --login $HOME/selfmedicate.sh resume" 126 | config.vm.provision "reload", type: "shell", privileged: false, inline: $script, run: "always" 127 | 128 | end 129 | 130 | -------------------------------------------------------------------------------- /anti-up.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal enabledelayedexpansion enableextensions 3 | 4 | ECHO Welcome to antidote-selfmedicate. Take the red pill, it's more fun! 5 | 6 | where /q scp 7 | IF ERRORLEVEL 1 ( 8 | ECHO Cygwin not found. Please install Cygwin or enable ssh/scp on Windows 10. 9 | EXIT /B 10 | ) 11 | 12 | where /q minikube 13 | IF ERRORLEVEL 1 ( 14 | ECHO Minikube not found. Please follow installation instructions at: https://antidoteproject.readthedocs.io/en/latest/building/buildlocal.html 15 | EXIT /B 16 | ) ELSE ( 17 | ECHO WARNING, this will delete any existing minikube cluster. 18 | PAUSE 19 | ) 20 | 21 | 22 | 23 | IF NOT exist %USERPROFILE%/.kube/premselfmedicate_bkp ( 24 | ECHO Backing up existing kubeconfig to %USERPROFILE%/.kube/preminikube_bkp... 25 | cp %USERPROFILE%/.kube/config %USERPROFILE%/.kube/premselfmedicate_bkp 26 | ) ELSE ( 27 | ECHO Existing kubeconfig backup found, not re-copying. 28 | ) 29 | 30 | ECHO Creating minikube cluster. This can take a few minutes, please be patient... 31 | minikube stop >nul 2>&1 32 | minikube delete >nul 2>&1 33 | minikube start --cpus 4 --memory 8192 --network-plugin=cni --extra-config=kubelet.network-plugin=cni >nul 2>&1 34 | 35 | :: Set environment variables 36 | FOR /F "tokens=* USEBACKQ" %%F IN (`minikube ip`) DO ( 37 | SET minikube_ip=%%F 38 | ) 39 | REM ECHO %minikube_ip% 40 | 41 | FOR /F "tokens=* USEBACKQ" %%F IN (`minikube ssh-key`) DO ( 42 | SET minikube_ssh-key=%%F 43 | ) 44 | REM ECHO %minikube_ssh-key% 45 | 46 | scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i %minikube_ssh-key% multus-cni.conf docker@%minikube_ip%:/home/docker/multus.conf >nul 2>&1 47 | ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i %minikube_ssh-key% -t docker@%minikube_ip% "sudo cp /home/docker/multus.conf /etc/cni/net.d/1-multus.conf" >nul 2>&1 48 | ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i %minikube_ssh-key% -t docker@%minikube_ip% "sudo systemctl restart localkube" >nul 2>&1 49 | 50 | ECHO About to modify %WINDIR%\system32\drivers\etc\hosts to add record for 'antidote-local'. 51 | SET NEWLINE=^& echo. 52 | FIND /C /I "antidote-local" %WINDIR%\system32\drivers\etc\hosts 53 | IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^%minikube_ip% antidote-local>>%WINDIR%\System32\drivers\etc\hosts 54 | 55 | echo "Uploading platform manifests..." 56 | kubectl create -f weaveinstall.yml >nul 2>&1 57 | kubectl create -f multusinstall.yml >nul 2>&1 58 | kubectl create -f nginx-controller.yaml >nul 2>&1 59 | kubectl create -f syringe.yml >nul 2>&1 60 | kubectl create -f antidote-web.yaml >nul 2>&1 61 | 62 | ECHO "Finished! Antidote is being spun up right now. Soon, it will be available at:" 63 | ECHO https://antidote-local:30002/ 64 | EXIT /B 65 | 66 | -------------------------------------------------------------------------------- /antidote-config.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # Antidote Version 4 | version: "0.6.0" 5 | 6 | # Customizable configuration options are provided here for the vagrant up command. 7 | # This is used in conjuction with the vagrantfile. Any changes in this file require 8 | # vagrant reload --provision 9 | # 10 | vm_config: 11 | memory: 4096 12 | cores: 2 13 | provider: virtualbox 14 | -------------------------------------------------------------------------------- /container-start.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | PROGNAME=$(basename $0) 4 | SUBCOMMAND=$1 5 | 6 | RED='\033[31m' 7 | GREEN='\033[32m' 8 | YELLOW='\033[33m' 9 | WHITE='\033[37m' 10 | NC='\033[0m' 11 | 12 | KUBECTL=${KUBECTL:="kubectl"} 13 | 14 | sub_run(){ 15 | $KUBECTL apply -f "https://cloud.weave.works/k8s/net?k8s-version=$($KUBECTL version | base64 | tr -d '\n')" 16 | $KUBECTL create -f manifests/multusinstall.yml 17 | sub_wait_system 18 | 19 | $KUBECTL create -f manifests/nginx-controller.yaml > /dev/null 20 | $KUBECTL create -f manifests/acore.yaml > /dev/null 21 | $KUBECTL create -f manifests/aweb.yaml > /dev/null 22 | $KUBECTL create -f manifests/webssh2.yaml > /dev/null 23 | $KUBECTL create -f manifests/jaeger.yaml > /dev/null 24 | sub_wait_platform 25 | } 26 | print_progress() { 27 | percentage=$1 28 | chars=$(echo "40 * $percentage"/1| bc) 29 | v=$(printf "%-${chars}s" "#") 30 | s=$(printf "%-$((40 - chars))s") 31 | echo "${v// /#}""${s// /-}" 32 | } 33 | 34 | sub_wait_system(){ 35 | running_system_pods=0 36 | total_system_pods=$($KUBECTL get pods -n=kube-system | tail -n +2 | wc -l) 37 | while [ $running_system_pods -lt $total_system_pods ] 38 | do 39 | running_system_pods=$($KUBECTL get pods -n=kube-system | grep Running | wc -l) 40 | percentage="$( echo "$running_system_pods/$total_system_pods" | bc -l )" 41 | echo -ne $(print_progress $percentage) "${YELLOW}Installing additional infrastructure components...${NC}\r" 42 | sleep 5 43 | done 44 | 45 | # Clear line and print finished progress 46 | echo -ne "$pc%\033[0K\r" 47 | echo -ne $(print_progress 1) "${GREEN}Done.${NC}\n" 48 | } 49 | 50 | sub_wait_platform(){ 51 | running_platform_pods=0 52 | total_platform_pods=$($KUBECTL get pods | tail -n +2 | wc -l) 53 | while [ $running_platform_pods -lt $total_platform_pods ] 54 | do 55 | running_platform_pods=$($KUBECTL get pods | grep Running | wc -l) 56 | percentage="$( echo "$running_platform_pods/$total_platform_pods" | bc -l )" 57 | echo -ne $(print_progress $percentage) "${YELLOW}Starting the antidote platform...${NC}\r" 58 | sleep 5 59 | done 60 | 61 | # Clear line and print finished progress 62 | echo -ne "$pc%\033[0K\r" 63 | echo -ne $(print_progress 1) "${GREEN}Done.${NC}\n" 64 | } 65 | 66 | sub_help(){ 67 | echo "Usage: $PROGNAME [options]" 68 | echo "Subcommands:" 69 | echo " run Start the Antidote containers" 70 | echo " wait_system Reload Antidote components" 71 | echo " wait_platform Stop local instance of Antidote" 72 | echo " resume Resume stopped Antidote instance" 73 | echo "" 74 | echo "options:" 75 | echo "-h show brief help" 76 | echo "" 77 | echo "For help with each subcommand run:" 78 | echo "$PROGNAME -h|--help" 79 | echo "" 80 | } 81 | 82 | while getopts "h" OPTION 83 | do 84 | case $OPTION in 85 | h) 86 | sub_help 87 | exit 88 | ;; 89 | \?) 90 | sub_help 91 | exit 92 | ;; 93 | esac 94 | done 95 | 96 | # Direct to appropriate subcommand 97 | subcommand=$1 98 | case $subcommand in 99 | "") 100 | sub_help 101 | ;; 102 | *) 103 | shift 104 | sub_${subcommand} $@ 105 | if [ $? = 127 ]; then 106 | echo "Error: '$subcommand' is not a known subcommand." >&2 107 | echo " Run '$PROGNAME --help' for a list of known subcommands." >&2 108 | exit 1 109 | fi 110 | ;; 111 | esac 112 | 113 | exit 0 -------------------------------------------------------------------------------- /manifests/acore.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: antidotesa 6 | namespace: default 7 | 8 | --- 9 | apiVersion: rbac.authorization.k8s.io/v1 10 | kind: ClusterRole 11 | metadata: 12 | name: antidote-role 13 | namespace: default 14 | rules: 15 | - apiGroups: 16 | - '*' 17 | resources: 18 | - '*' 19 | verbs: 20 | - '*' 21 | - nonResourceURLs: 22 | - '*' 23 | verbs: 24 | - '*' 25 | 26 | --- 27 | apiVersion: rbac.authorization.k8s.io/v1 28 | kind: ClusterRoleBinding 29 | metadata: 30 | name: antidote-binding 31 | namespace: default 32 | roleRef: 33 | apiGroup: rbac.authorization.k8s.io 34 | kind: ClusterRole 35 | name: antidote-role 36 | subjects: 37 | - kind: ServiceAccount 38 | name: antidotesa 39 | namespace: default 40 | 41 | 42 | --- 43 | apiVersion: v1 44 | kind: ConfigMap 45 | metadata: 46 | name: acore-conf 47 | labels: 48 | name: acore-conf 49 | data: 50 | antidote-config.yml: |- 51 | curriculumDir: /curriculum 52 | instanceId: selfmedicate 53 | alwaysPull: false 54 | tier: local 55 | domain: antidote-local 56 | enabledServices: 57 | - api 58 | - stats 59 | - scheduler 60 | 61 | --- 62 | apiVersion: extensions/v1beta1 63 | kind: Deployment 64 | metadata: 65 | name: acore 66 | spec: 67 | replicas: 1 68 | revisionHistoryLimit: 3 69 | template: 70 | metadata: 71 | name: acore 72 | labels: 73 | app: acore 74 | antidote_role: infra 75 | spec: 76 | initContainers: 77 | - name: copy-local-files 78 | image: antidotelabs/deployer 79 | env: 80 | - name: SOURCE_DIR 81 | value: /antidote-ro 82 | - name: DEST_DIR 83 | value: /curriculum 84 | command: 85 | - /copy.sh 86 | volumeMounts: 87 | - mountPath: /curriculum 88 | name: local-copy 89 | readOnly: false 90 | - mountPath: /antidote-ro 91 | name: host-volume 92 | readOnly: true 93 | serviceAccount: antidotesa 94 | containers: 95 | - name: acore 96 | image: antidotelabs/antidote-core:release-v0.6.0 97 | imagePullPolicy: Always 98 | ports: 99 | # Only accessible from within the container 100 | # - containerPort: 50099 # GRPC 101 | - containerPort: 8086 # REST/HTTP 102 | readinessProbe: 103 | httpGet: 104 | path: / 105 | port: 8086 106 | volumeMounts: 107 | - name: antidote-config-volume 108 | mountPath: /etc/antidote/ 109 | - mountPath: /curriculum 110 | name: local-copy 111 | readOnly: false 112 | - mountPath: /antidote-ro 113 | name: host-volume 114 | readOnly: true 115 | - image: nats 116 | name: nats 117 | ports: 118 | - containerPort: 4222 119 | protocol: TCP 120 | - containerPort: 6222 121 | protocol: TCP 122 | - containerPort: 8222 123 | protocol: TCP 124 | - image: jaegertracing/jaeger-agent:1.9 # Ensure this matches what's deployed in the jaeger collector deployment 125 | name: jaeger-agent 126 | ports: 127 | - containerPort: 5775 128 | protocol: UDP 129 | - containerPort: 6831 130 | protocol: UDP 131 | - containerPort: 6832 132 | protocol: UDP 133 | - containerPort: 5778 134 | protocol: TCP 135 | # args: ["--reporter.grpc.host-port=127.0.0.1:30840"] 136 | # args: ["--reporter.grpc.host-port=jaeger:14267"] 137 | args: ["--collector.host-port=jaeger.prod.svc.cluster.local:14267"] #OLD 138 | # NOTE that grpc probably has a different port. Might want to label things properly and link to docs 139 | # also for testing if you're using nodeport might want to pick your ports so they don't change. 140 | 141 | volumes: 142 | - name: antidote-config-volume 143 | configMap: 144 | defaultMode: 420 145 | name: acore-conf 146 | - name: host-volume 147 | hostPath: 148 | path: "/curriculum" 149 | - name: local-copy 150 | emptyDir: {} 151 | 152 | --- 153 | kind: Service 154 | apiVersion: v1 155 | metadata: 156 | name: acore 157 | spec: 158 | selector: 159 | app: acore 160 | ports: 161 | # Only enable HTTP - grpc only accessible within the pod 162 | - name: http 163 | port: 8086 164 | targetPort: 8086 165 | type: ClusterIP 166 | 167 | --- 168 | apiVersion: extensions/v1beta1 169 | kind: Ingress 170 | metadata: 171 | annotations: 172 | ingress.kubernetes.io/ingress.class: "nginx" 173 | ingress.kubernetes.io/ssl-services: "acore" 174 | ingress.kubernetes.io/ssl-redirect: "false" 175 | ingress.kubernetes.io/force-ssl-redirect: "false" 176 | ingress.kubernetes.io/rewrite-target: "/" 177 | nginx.ingress.kubernetes.io/rewrite-target: "/" 178 | name: acore-ingress 179 | namespace: default 180 | spec: 181 | rules: 182 | - http: 183 | paths: 184 | - path: "/acore" 185 | backend: 186 | serviceName: acore 187 | servicePort: 8086 -------------------------------------------------------------------------------- /manifests/aweb.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: extensions/v1beta1 3 | kind: Deployment 4 | metadata: 5 | name: aweb 6 | spec: 7 | replicas: 1 8 | revisionHistoryLimit: 3 9 | template: 10 | metadata: 11 | name: aweb 12 | labels: 13 | app: aweb 14 | antidote_role: infra 15 | spec: 16 | containers: 17 | - name: aweb 18 | image: antidotelabs/antidote-web:release-v0.6.0 19 | imagePullPolicy: Always 20 | env: 21 | - name: WEBSSH2_LOCATION 22 | value: "http://antidote-local:30010" 23 | ports: 24 | - containerPort: 80 25 | readinessProbe: 26 | httpGet: 27 | path: / 28 | port: 80 29 | 30 | --- 31 | kind: Service 32 | apiVersion: v1 33 | metadata: 34 | name: aweb 35 | spec: 36 | selector: 37 | app: aweb 38 | ports: 39 | - port: 80 40 | targetPort: 80 41 | type: ClusterIP 42 | 43 | --- 44 | apiVersion: extensions/v1beta1 45 | kind: Ingress 46 | metadata: 47 | annotations: 48 | ingress.kubernetes.io/ingress.class: "nginx" 49 | ingress.kubernetes.io/ssl-services: "aweb" 50 | ingress.kubernetes.io/ssl-redirect: "false" 51 | ingress.kubernetes.io/force-ssl-redirect: "false" 52 | nginx.ingress.kubernetes.io/limit-connections: "10" 53 | nginx.ingress.kubernetes.io/limit-rps: "5" 54 | name: aweb 55 | spec: 56 | rules: 57 | - http: 58 | paths: 59 | - path: "/" 60 | backend: 61 | serviceName: aweb 62 | servicePort: 80 63 | -------------------------------------------------------------------------------- /manifests/jaeger.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: extensions/v1beta1 3 | kind: Deployment 4 | metadata: 5 | name: jaeger 6 | spec: 7 | replicas: 1 8 | revisionHistoryLimit: 3 9 | template: 10 | metadata: 11 | name: jaeger 12 | annotations: 13 | foobar: "" 14 | labels: 15 | app: jaeger 16 | antidote_role: infra 17 | spec: 18 | containers: 19 | - name: jaeger 20 | image: jaegertracing/all-in-one:1.17 21 | env: 22 | - name: COLLECTOR_ZIPKIN_HTTP_PORT 23 | value: "9411" 24 | ports: 25 | - containerPort: 5775 26 | protocol: UDP 27 | - containerPort: 6831 28 | protocol: UDP 29 | - containerPort: 6832 30 | protocol: UDP 31 | - containerPort: 5778 32 | - containerPort: 16686 33 | - containerPort: 14268 34 | - containerPort: 9411 35 | - containerPort: 14250 36 | 37 | --- 38 | kind: Service 39 | apiVersion: v1 40 | metadata: 41 | name: jaeger 42 | namespace: default 43 | spec: 44 | selector: 45 | app: jaeger 46 | ports: 47 | # https://www.jaegertracing.io/docs/1.17/getting-started/ 48 | - name: zipkin-thrift-deprecated 49 | port: 5775 50 | targetPort: 5775 51 | protocol: UDP 52 | - name: compact-thrift 53 | port: 6831 54 | targetPort: 6831 55 | protocol: UDP 56 | - name: binary-thrift 57 | port: 6832 58 | targetPort: 6832 59 | protocol: UDP 60 | - name: serve-configs 61 | port: 5778 62 | targetPort: 5778 63 | - name: port-16686 64 | port: 16686 65 | targetPort: 16686 66 | nodePort: 30086 67 | - name: port-14267 68 | port: 14267 69 | targetPort: 14267 70 | nodePort: 30007 71 | - name: port-9411 72 | port: 9411 73 | targetPort: 9411 74 | - name: port-14250-grpc 75 | port: 14250 76 | targetPort: 14250 77 | type: NodePort 78 | -------------------------------------------------------------------------------- /manifests/multus-cni.conf: -------------------------------------------------------------------------------- 1 | { 2 | "name": "node-cni-network", 3 | "type": "multus", 4 | "logFile": "/var/log/multus.log", 5 | "logLevel": "debug", 6 | "kubeconfig": "/etc/cni/net.d/multus.d/multus.kubeconfig", 7 | "delegates": [{ 8 | "type": "weave-net", 9 | "hairpinMode": true, 10 | "masterplugin": true 11 | }] 12 | } 13 | -------------------------------------------------------------------------------- /manifests/multusinstall.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apiextensions.k8s.io/v1beta1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: network-attachment-definitions.k8s.cni.cncf.io 6 | spec: 7 | group: k8s.cni.cncf.io 8 | version: v1 9 | scope: Namespaced 10 | names: 11 | plural: network-attachment-definitions 12 | singular: network-attachment-definition 13 | kind: NetworkAttachmentDefinition 14 | shortNames: 15 | - net-attach-def 16 | - net 17 | validation: 18 | openAPIV3Schema: 19 | properties: 20 | spec: 21 | properties: 22 | config: 23 | type: string 24 | --- 25 | kind: ClusterRole 26 | apiVersion: rbac.authorization.k8s.io/v1beta1 27 | metadata: 28 | name: multus 29 | rules: 30 | - apiGroups: 31 | - '*' 32 | resources: 33 | - '*' 34 | verbs: 35 | - '*' 36 | - nonResourceURLs: 37 | - '*' 38 | verbs: 39 | - '*' 40 | --- 41 | kind: ClusterRoleBinding 42 | apiVersion: rbac.authorization.k8s.io/v1beta1 43 | metadata: 44 | name: multus 45 | roleRef: 46 | apiGroup: rbac.authorization.k8s.io 47 | kind: ClusterRole 48 | name: multus 49 | subjects: 50 | - kind: ServiceAccount 51 | name: multus 52 | namespace: kube-system 53 | --- 54 | apiVersion: v1 55 | kind: ServiceAccount 56 | metadata: 57 | name: multus 58 | namespace: kube-system 59 | --- 60 | # ------------------------------------------------------ 61 | # Currently unused! 62 | # If you wish to customize, mount this in the 63 | # daemonset @ /usr/src/multus-cni/images/70-multus.conf 64 | # ------------------------------------------------------ 65 | kind: ConfigMap 66 | apiVersion: v1 67 | metadata: 68 | name: multus-cni-config 69 | namespace: kube-system 70 | labels: 71 | tier: node 72 | app: multus 73 | data: 74 | cni-conf.json: | 75 | { 76 | "name": "multus-cni-network", 77 | "type": "multus", 78 | "delegates": [ 79 | { 80 | "type": "flannel", 81 | "name": "flannel.1", 82 | "delegate": { 83 | "isDefaultGateway": true 84 | } 85 | } 86 | ], 87 | "kubeconfig": "/etc/cni/net.d/multus.d/multus.kubeconfig" 88 | } 89 | # -------------- for openshift. 90 | # "delegates": [{ 91 | # "type": "openshift-sdn", 92 | # "name:" "openshift.1", 93 | # "masterplugin": true 94 | # }], 95 | --- 96 | apiVersion: extensions/v1beta1 97 | kind: DaemonSet 98 | metadata: 99 | name: kube-multus-ds-amd64 100 | namespace: kube-system 101 | labels: 102 | tier: node 103 | app: multus 104 | spec: 105 | template: 106 | metadata: 107 | labels: 108 | tier: node 109 | app: multus 110 | spec: 111 | hostNetwork: true 112 | nodeSelector: 113 | beta.kubernetes.io/arch: amd64 114 | tolerations: 115 | - key: node-role.kubernetes.io/master 116 | operator: Exists 117 | effect: NoSchedule 118 | serviceAccountName: multus 119 | containers: 120 | - name: kube-multus 121 | image: nfvpe/multus:v3.1 122 | resources: 123 | requests: 124 | cpu: "100m" 125 | memory: "50Mi" 126 | limits: 127 | cpu: "100m" 128 | memory: "50Mi" 129 | securityContext: 130 | privileged: true 131 | volumeMounts: 132 | - name: cni 133 | mountPath: /host/etc/cni/net.d 134 | - name: cnibin 135 | mountPath: /host/opt/cni/bin 136 | volumes: 137 | - name: cni 138 | hostPath: 139 | path: /etc/cni/net.d 140 | - name: cnibin 141 | hostPath: 142 | path: /opt/cni/bin 143 | - name: multus-cfg 144 | configMap: 145 | name: multus-cni-config -------------------------------------------------------------------------------- /manifests/new-nginx-controller.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: ingress-nginx 5 | 6 | --- 7 | 8 | kind: ConfigMap 9 | apiVersion: v1 10 | metadata: 11 | name: nginx-configuration 12 | namespace: ingress-nginx 13 | labels: 14 | app.kubernetes.io/name: ingress-nginx 15 | app.kubernetes.io/part-of: ingress-nginx 16 | 17 | --- 18 | 19 | apiVersion: v1 20 | kind: ServiceAccount 21 | metadata: 22 | name: nginx-ingress-serviceaccount 23 | namespace: ingress-nginx 24 | labels: 25 | app.kubernetes.io/name: ingress-nginx 26 | app.kubernetes.io/part-of: ingress-nginx 27 | 28 | --- 29 | apiVersion: rbac.authorization.k8s.io/v1beta1 30 | kind: ClusterRole 31 | metadata: 32 | name: nginx-ingress-clusterrole 33 | labels: 34 | app.kubernetes.io/name: ingress-nginx 35 | app.kubernetes.io/part-of: ingress-nginx 36 | rules: 37 | - apiGroups: 38 | - "" 39 | resources: 40 | - configmaps 41 | - endpoints 42 | - nodes 43 | - pods 44 | - secrets 45 | verbs: 46 | - list 47 | - watch 48 | - apiGroups: 49 | - "" 50 | resources: 51 | - nodes 52 | verbs: 53 | - get 54 | - apiGroups: 55 | - "" 56 | resources: 57 | - services 58 | verbs: 59 | - get 60 | - list 61 | - watch 62 | - apiGroups: 63 | - "extensions" 64 | resources: 65 | - ingresses 66 | verbs: 67 | - get 68 | - list 69 | - watch 70 | - apiGroups: 71 | - "" 72 | resources: 73 | - events 74 | verbs: 75 | - create 76 | - patch 77 | - apiGroups: 78 | - "extensions" 79 | resources: 80 | - ingresses/status 81 | verbs: 82 | - update 83 | 84 | --- 85 | apiVersion: rbac.authorization.k8s.io/v1beta1 86 | kind: Role 87 | metadata: 88 | name: nginx-ingress-role 89 | namespace: ingress-nginx 90 | labels: 91 | app.kubernetes.io/name: ingress-nginx 92 | app.kubernetes.io/part-of: ingress-nginx 93 | rules: 94 | - apiGroups: 95 | - "" 96 | resources: 97 | - configmaps 98 | - pods 99 | - secrets 100 | - namespaces 101 | verbs: 102 | - get 103 | - apiGroups: 104 | - "" 105 | resources: 106 | - configmaps 107 | resourceNames: 108 | # Defaults to "-" 109 | # Here: "-" 110 | # This has to be adapted if you change either parameter 111 | # when launching the nginx-ingress-controller. 112 | - "ingress-controller-leader-nginx" 113 | verbs: 114 | - get 115 | - update 116 | - apiGroups: 117 | - "" 118 | resources: 119 | - configmaps 120 | verbs: 121 | - create 122 | - apiGroups: 123 | - "" 124 | resources: 125 | - endpoints 126 | verbs: 127 | - get 128 | 129 | --- 130 | apiVersion: rbac.authorization.k8s.io/v1beta1 131 | kind: RoleBinding 132 | metadata: 133 | name: nginx-ingress-role-nisa-binding 134 | namespace: ingress-nginx 135 | labels: 136 | app.kubernetes.io/name: ingress-nginx 137 | app.kubernetes.io/part-of: ingress-nginx 138 | roleRef: 139 | apiGroup: rbac.authorization.k8s.io 140 | kind: Role 141 | name: nginx-ingress-role 142 | subjects: 143 | - kind: ServiceAccount 144 | name: nginx-ingress-serviceaccount 145 | namespace: ingress-nginx 146 | 147 | --- 148 | apiVersion: rbac.authorization.k8s.io/v1beta1 149 | kind: ClusterRoleBinding 150 | metadata: 151 | name: nginx-ingress-clusterrole-nisa-binding 152 | labels: 153 | app.kubernetes.io/name: ingress-nginx 154 | app.kubernetes.io/part-of: ingress-nginx 155 | roleRef: 156 | apiGroup: rbac.authorization.k8s.io 157 | kind: ClusterRole 158 | name: nginx-ingress-clusterrole 159 | subjects: 160 | - kind: ServiceAccount 161 | name: nginx-ingress-serviceaccount 162 | namespace: ingress-nginx 163 | 164 | --- 165 | 166 | apiVersion: extensions/v1beta1 167 | kind: Deployment 168 | metadata: 169 | name: nginx-ingress-controller 170 | namespace: ingress-nginx 171 | labels: 172 | app.kubernetes.io/name: ingress-nginx 173 | app.kubernetes.io/part-of: ingress-nginx 174 | spec: 175 | replicas: 1 176 | selector: 177 | matchLabels: 178 | app.kubernetes.io/name: ingress-nginx 179 | app.kubernetes.io/part-of: ingress-nginx 180 | template: 181 | metadata: 182 | labels: 183 | app.kubernetes.io/name: ingress-nginx 184 | app.kubernetes.io/part-of: ingress-nginx 185 | annotations: 186 | prometheus.io/port: "10254" 187 | prometheus.io/scrape: "true" 188 | spec: 189 | serviceAccountName: nginx-ingress-serviceaccount 190 | containers: 191 | - name: nginx-ingress-controller 192 | image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.20.0 193 | args: 194 | - /nginx-ingress-controller 195 | - --configmap=$(POD_NAMESPACE)/nginx-configuration 196 | - --publish-service=$(POD_NAMESPACE)/ingress-nginx 197 | - --annotations-prefix=nginx.ingress.kubernetes.io 198 | securityContext: 199 | capabilities: 200 | drop: 201 | - ALL 202 | add: 203 | - NET_BIND_SERVICE 204 | # www-data -> 33 205 | runAsUser: 33 206 | env: 207 | - name: POD_NAME 208 | valueFrom: 209 | fieldRef: 210 | fieldPath: metadata.name 211 | - name: POD_NAMESPACE 212 | valueFrom: 213 | fieldRef: 214 | fieldPath: metadata.namespace 215 | ports: 216 | - name: http 217 | containerPort: 80 218 | - name: https 219 | containerPort: 443 220 | livenessProbe: 221 | failureThreshold: 3 222 | httpGet: 223 | path: /healthz 224 | port: 10254 225 | scheme: HTTP 226 | initialDelaySeconds: 10 227 | periodSeconds: 10 228 | successThreshold: 1 229 | timeoutSeconds: 1 230 | readinessProbe: 231 | failureThreshold: 3 232 | httpGet: 233 | path: /healthz 234 | port: 10254 235 | scheme: HTTP 236 | periodSeconds: 10 237 | successThreshold: 1 238 | timeoutSeconds: 1 239 | 240 | --- 241 | apiVersion: v1 242 | kind: Service 243 | metadata: 244 | name: ingress-nginx 245 | namespace: ingress-nginx 246 | spec: 247 | type: NodePort 248 | ports: 249 | - name: https 250 | port: 443 251 | nodePort: 30002 252 | targetPort: https 253 | selector: 254 | app.kubernetes.io/name: ingress-nginx 255 | -------------------------------------------------------------------------------- /manifests/nginx-controller.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: nginxsa 6 | --- 7 | apiVersion: rbac.authorization.k8s.io/v1 8 | kind: ClusterRole 9 | metadata: 10 | name: ingress 11 | rules: 12 | - apiGroups: 13 | - "" 14 | - "extensions" 15 | resources: 16 | - configmaps 17 | - secrets 18 | - services 19 | - endpoints 20 | - ingresses 21 | - nodes 22 | verbs: 23 | - list 24 | - watch 25 | - apiGroups: 26 | - "extensions" 27 | resources: 28 | - ingresses 29 | verbs: 30 | - get 31 | - apiGroups: 32 | - "" 33 | resources: 34 | - events 35 | verbs: 36 | - create 37 | - patch 38 | - apiGroups: 39 | - "extensions" 40 | resources: 41 | - ingresses/status 42 | verbs: 43 | - update 44 | - apiGroups: 45 | - "" 46 | - "extensions" 47 | resources: 48 | - configmaps 49 | verbs: 50 | - create 51 | - update 52 | - apiGroups: 53 | - "" 54 | - "extensions" 55 | resources: 56 | - nodes 57 | verbs: 58 | - get 59 | 60 | --- 61 | apiVersion: rbac.authorization.k8s.io/v1 62 | kind: Role 63 | metadata: 64 | name: ingress-ns 65 | namespace: default 66 | rules: 67 | - apiGroups: 68 | - "" 69 | resources: 70 | - pods 71 | - configmaps 72 | verbs: 73 | - list 74 | - apiGroups: 75 | - "" 76 | resources: 77 | - services 78 | - configmaps 79 | verbs: 80 | - get 81 | - apiGroups: 82 | - "" 83 | resources: 84 | - endpoints 85 | verbs: 86 | - get 87 | - create 88 | - update 89 | --- 90 | apiVersion: rbac.authorization.k8s.io/v1 91 | kind: RoleBinding 92 | metadata: 93 | name: ingress-ns-binding 94 | namespace: default 95 | roleRef: 96 | apiGroup: rbac.authorization.k8s.io 97 | kind: Role 98 | name: ingress-ns 99 | subjects: 100 | - kind: ServiceAccount 101 | name: default 102 | namespace: default 103 | --- 104 | apiVersion: rbac.authorization.k8s.io/v1 105 | kind: ClusterRoleBinding 106 | metadata: 107 | name: ingress-binding 108 | roleRef: 109 | apiGroup: rbac.authorization.k8s.io 110 | kind: ClusterRole 111 | name: ingress 112 | subjects: 113 | - kind: ServiceAccount 114 | name: default 115 | namespace: default 116 | --- 117 | 118 | apiVersion: extensions/v1beta1 119 | kind: Deployment 120 | metadata: 121 | name: nginx-ingress-controller 122 | spec: 123 | replicas: 1 124 | revisionHistoryLimit: 3 125 | template: 126 | metadata: 127 | labels: 128 | k8s-app: nginx-ingress-lb 129 | spec: 130 | serviceAccount: default 131 | containers: 132 | - args: 133 | - /nginx-ingress-controller 134 | - "--default-backend-service=$(POD_NAMESPACE)/aweb" 135 | env: 136 | - name: POD_NAME 137 | valueFrom: 138 | fieldRef: 139 | fieldPath: metadata.name 140 | - name: POD_NAMESPACE 141 | valueFrom: 142 | fieldRef: 143 | fieldPath: metadata.namespace 144 | # image: "quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.20.0" 145 | image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.5 146 | imagePullPolicy: Always 147 | livenessProbe: 148 | httpGet: 149 | path: /healthz 150 | port: 10254 151 | scheme: HTTP 152 | initialDelaySeconds: 10 153 | timeoutSeconds: 5 154 | name: nginx-ingress-controller 155 | ports: 156 | - containerPort: 80 157 | name: http 158 | protocol: TCP 159 | - containerPort: 443 160 | name: https 161 | protocol: TCP 162 | terminationGracePeriodSeconds: 60 163 | 164 | --- 165 | apiVersion: v1 166 | kind: Service 167 | metadata: 168 | name: nginx-ingress 169 | spec: 170 | type: NodePort 171 | ports: 172 | - name: http 173 | port: 80 174 | nodePort: 30001 175 | targetPort: http 176 | selector: 177 | k8s-app: nginx-ingress-lb 178 | -------------------------------------------------------------------------------- /manifests/webssh2.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: extensions/v1beta1 3 | kind: Deployment 4 | metadata: 5 | name: webssh2 6 | spec: 7 | replicas: 1 8 | revisionHistoryLimit: 3 9 | template: 10 | metadata: 11 | name: webssh2 12 | labels: 13 | app: webssh2 14 | spec: 15 | containers: 16 | - name: webssh2 17 | image: antidotelabs/webssh2:ssh-auth 18 | # imagePullPolicy: Never 19 | ports: 20 | - containerPort: 8080 21 | 22 | --- 23 | kind: Service 24 | apiVersion: v1 25 | metadata: 26 | name: webssh2 27 | spec: 28 | selector: 29 | app: webssh2 30 | ports: 31 | - name: http 32 | port: 8080 33 | nodePort: 30010 34 | targetPort: 8080 35 | type: NodePort 36 | -------------------------------------------------------------------------------- /selfmedicate.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | PROGNAME=$(basename $0) 4 | SUBCOMMAND=$1 5 | 6 | RED='\033[31m' 7 | GREEN='\033[32m' 8 | YELLOW='\033[33m' 9 | WHITE='\033[37m' 10 | NC='\033[0m' 11 | 12 | if [ -f $HOME/.antidote/config ] 13 | then 14 | echo -e "${YELLOW}Reading your preferences from '$HOME/.antidote/config'.${NC}" 15 | . $HOME/.antidote/config 16 | fi 17 | 18 | CPUS=${CPUS:=2} 19 | MEMORY=${MEMORY:=8192} 20 | VMDRIVER=${VMDRIVER:="none"} 21 | LESSON_DIRECTORY=${LESSON_DIRECTORY:="/curriculum"} 22 | MINIKUBE=${MINIKUBE:="sudo minikube"} 23 | KUBECTL=${KUBECTL:="kubectl"} 24 | # PRELOADED_IMAGES=${PRELOADED_IMAGES:="vqfx-snap1 vqfx-snap2 vqfx-snap3 utility"} 25 | PRELOADED_IMAGES=${PRELOADED_IMAGES:=""} 26 | ANTIDOTEVERSION=${ANTIDOTEVERSION:="release-v0.4.0"} 27 | K8SVERSION=${K8SVERSION:="v1.14.10"} # Needs to reflect the targeted version the Antidoteplatform was built against. 28 | 29 | # Checking for prerequisites 30 | command -v $MINIKUBE > /dev/null 31 | if [ $? -ne 0 ]; then 32 | echo "Minikube not found. Please follow installation instructions at: https://antidoteproject.readthedocs.io/en/latest/building/buildlocal.html" 33 | exit 1 34 | fi 35 | 36 | set -e 37 | 38 | sub_help(){ 39 | echo "Usage: $PROGNAME [options]" 40 | echo "Subcommands:" 41 | echo " start Start local instance of Antidote" 42 | echo " reload Reload Antidote components" 43 | echo " stop Stop local instance of Antidote" 44 | echo " resume Resume stopped Antidote instance" 45 | echo "" 46 | echo "options:" 47 | echo "-h show brief help" 48 | echo "" 49 | echo "For help with each subcommand run:" 50 | echo "$PROGNAME -h|--help" 51 | echo "" 52 | } 53 | 54 | sub_resume(){ 55 | 56 | $MINIKUBE config set WantReportErrorPrompt false 57 | if [ ! -f $HOME/.minikube/config/config.json ]; then 58 | echo -e "${RED}No existing cluster detected.${NC}" 59 | echo -e "This subcommand is used to resume an existing selfmedicate setup." 60 | echo -e "Please use the ${WHITE}'start'${NC} subcommand instead." 61 | exit 1 62 | fi 63 | 64 | $MINIKUBE start \ 65 | --cpus $CPUS \ 66 | --memory $MEMORY \ 67 | --vm-driver $VMDRIVER \ 68 | --network-plugin=cni \ 69 | --extra-config=kubelet.network-plugin=cni \ 70 | --kubernetes-version=$K8SVERSION 71 | 72 | bash container-start.sh wait_system 73 | bash container-start.sh wait_platform 74 | echo -e "${GREEN}Finished!${NC} Antidote should now be available at http://antidote-local:30001/" 75 | } 76 | 77 | sub_start(){ 78 | 79 | if [ -z "$LESSON_DIRECTORY" ] 80 | then 81 | echo -e "${RED}Error${NC} - Must provide lesson directory as the final parameter" 82 | fi 83 | 84 | if [ ! -d "$LESSON_DIRECTORY/lessons" ]; then 85 | echo -e "${RED}Error${NC} - $LESSON_DIRECTORY doesn't look like a proper curriculum directory." 86 | echo -e "Either this directory wasn't found, or the subdirectory 'lessons' within that directory wasn't found.\n" 87 | echo -e "In either case, this script cannot continue. Please either place the appropriate directory in place, or" 88 | echo -e "edit the LESSON_DIRECTORY variable at the top of this script." 89 | exit 1 90 | fi 91 | 92 | if [ -f $HOME/.minikube/config/config.json ]; then 93 | echo -e "${RED}WARNING - EXISTING MINIKUBE CONFIGURATION DETECTED${NC}" 94 | echo -e "This command is designed to start a new minikube cluster from scratch, and must delete any existing configurations in order to move forward." 95 | read -p "Press any key to DESTROY THE EXISTING CLUSTER and create a new one for antidote (Ctrl+C will escape)." 96 | set +e 97 | $MINIKUBE delete > /dev/null 98 | set -e 99 | fi 100 | 101 | if [ -d "~/.kube/config" ]; then 102 | if [ ! -f ~/.kube/premselfmedicate_bkp ]; then 103 | echo "Backing up existing kubeconfig to ~/.kube/premselfmedicate_bkp..." 104 | cp ~/.kube/config ~/.kube/premselfmedicate_bkp 105 | else 106 | echo "Existing kubeconfig backup found, not re-copying." 107 | fi 108 | fi 109 | 110 | sudo mkdir -p /opt/cni/bin > /dev/null 2>&1 111 | curl -L -o cniplugins.tgz https://github.com/containernetworking/plugins/releases/download/v0.8.1/cni-plugins-linux-amd64-v0.8.1.tgz > /dev/null 2>&1 112 | sudo tar zxvf cniplugins.tgz -C /opt/cni/bin > /dev/null 2>&1 113 | sudo curl -L https://github.com/nre-learning/plugins/blob/master/bin/antibridge?raw=true -o /opt/cni/bin/antibridge > /dev/null 2>&1 && sudo chmod a+x /opt/cni/bin/antibridge > /dev/null 2>&1 114 | rm -f cniplugins.tgz > /dev/null 2>&1 115 | 116 | sudo mkdir -p /etc/cni/net.d 117 | sudo cp manifests/multus-cni.conf /etc/cni/net.d/1-multus.conf 118 | echo "Creating minikube cluster. This can take a few minutes, please be patient..." 119 | $MINIKUBE config set WantReportErrorPrompt false 120 | # Avoid CoreDNS loop caused by systemd's local DNS cache 121 | if [ "$VMDRIVER" = "none" ]; then 122 | EXTRA_PARAMS="--extra-config=kubelet.resolv-conf=/run/systemd/resolve/resolv.conf" 123 | fi 124 | $MINIKUBE start \ 125 | --cpus $CPUS \ 126 | --memory $MEMORY \ 127 | --vm-driver $VMDRIVER \ 128 | --network-plugin=cni \ 129 | --extra-config=kubelet.network-plugin=cni \ 130 | $EXTRA_PARAMS \ 131 | --kubernetes-version=$K8SVERSION # Needs to reflect the targeted version the platform was built against. 132 | 133 | echo -e "\nThe minikube cluster ${WHITE}is now online${NC}. Now, we need to add some additional infrastructure components.\n" 134 | echo -e "\n${YELLOW}This will take some time${NC} - this script will pre-download large images so that you don't have to later. BE PATIENT.\n" 135 | 136 | sudo chown -R $USER $HOME/.kube $HOME/.minikube 137 | 138 | bash container-start.sh run 139 | 140 | # Moved antidote up message to before image pull due to docker timeout issues. 141 | echo -e "${GREEN}Finished!${NC} Antidote should now be available at http://antidote-local:30001/" 142 | 143 | # Pre-download large common images 144 | for i in $(echo $PRELOADED_IMAGES) 145 | do 146 | echo -e "${YELLOW}Pre-emptively pulling image antidotelabs/$i...${NC}\n" 147 | sudo docker pull antidotelabs/$i > /dev/null 2>&1 148 | # Add 3 second sleep due to docker timeout issue 149 | sleep 3 150 | done 151 | 152 | } 153 | 154 | sub_reload(){ 155 | echo "Reloading lesson content, please wait..." 156 | $KUBECTL delete pod $($KUBECTL get pods | grep syringe | awk '{ print $1 }') >> /dev/null 157 | while [ $($KUBECTL get ns -L syringeManaged | grep yes | wc -l) -gt 0 ] 158 | do 159 | echo "Waiting for running lessons to terminate..." 160 | sleep 1 161 | done 162 | echo -e "${GREEN}Reload complete.${NC}" 163 | } 164 | 165 | sub_stop(){ 166 | echo -e "About to stop minikube. You may safely ignore any messages that say 'Errors occurred deleting mount process'" 167 | $MINIKUBE stop 168 | } 169 | 170 | sub_debug(){ 171 | debugs=( 172 | "ls -lha $LESSON_DIRECTORY" 173 | 174 | # "docker run -v $LESSON_DIRECTORY:/antidote antidotelabs/syringe:$ANTIDOTEVERSION syrctl validate /antidote" 175 | 176 | "kubectl describe pods --all-namespaces" 177 | "kubectl describe services --all-namespaces" 178 | "kubectl describe network-attachment-definitions --all-namespaces" 179 | "kubectl logs $(kubectl get pods | awk '/syringe/ {print $1;exit}')" 180 | 181 | "kubectl -n=kube-system logs $(kubectl -n=kube-system get pods | awk '/multus/ {print $1;exit}')" 182 | ) 183 | 184 | echo "Please wait while selfmedicate debug information is gathered..." 185 | 186 | for i in "${debugs[@]}" 187 | do 188 | echo -e "\n==============================" 189 | echo "$i" 190 | echo -e "==============================\n" 191 | 192 | eval $i 193 | done 194 | 195 | echo "Selfmedicate debug report complete." 196 | } 197 | 198 | while getopts "h" OPTION 199 | do 200 | case $OPTION in 201 | h) 202 | sub_help 203 | exit 204 | ;; 205 | \?) 206 | sub_help 207 | exit 208 | ;; 209 | esac 210 | done 211 | 212 | # Direct to appropriate subcommand 213 | subcommand=$1 214 | case $subcommand in 215 | "") 216 | sub_help 217 | ;; 218 | *) 219 | shift 220 | sub_${subcommand} $@ 221 | if [ $? = 127 ]; then 222 | echo "Error: '$subcommand' is not a known subcommand." >&2 223 | echo " Run '$PROGNAME --help' for a list of known subcommands." >&2 224 | exit 1 225 | fi 226 | ;; 227 | esac 228 | 229 | exit 0 230 | 231 | -------------------------------------------------------------------------------- /vagrant-provision.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # provision.sh 4 | # 5 | # This file is specified in Vagrantfile and is loaded by Vagrant as the primary 6 | # provisioning script whenever the commands `vagrant up`, `vagrant provision`, 7 | # or `vagrant reload` are used. It provides all of the default packages and 8 | # configurations included with Varying Vagrant Vagrants. 9 | 10 | # By storing the date now, we can calculate the duration of provisioning at the 11 | # end of this script. 12 | start_seconds="$(date +%s)" 13 | 14 | # PACKAGE INSTALLATION 15 | # 16 | # Build a bash array to pass all of the packages we want to install to a single 17 | # apt-get command. This avoids doing all the leg work each time a package is 18 | # set to install. It also allows us to easily comment out or add single 19 | # packages. 20 | apt_package_install_list=( 21 | # Please avoid apostrophes in these comments - they break vim syntax 22 | # highlighting. 23 | # 24 | software-properties-common 25 | gnupg-agent 26 | bash-completion 27 | apt-transport-https 28 | ca-certificates 29 | curl 30 | bc 31 | docker-ce 32 | docker-ce-cli 33 | containerd.io 34 | ) 35 | 36 | ### FUNCTIONS 37 | 38 | docker_repo() { 39 | # Docker 40 | # 41 | # apt-get does not have latest stable version of Docker CE, 42 | # so let's the use the docker repository instead. 43 | # 44 | # Install prerequisites. 45 | sudo apt-get install -y software-properties-common apt-transport-https ca-certificates curl gnupg-agent &>/dev/null 46 | # Get GPG Key 47 | curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - 48 | # Verifying key 49 | if [[ $(sudo apt-key fingerprint 0EBFCD88 | grep 'docker') = *Docker* ]]; then 50 | echo "Apt-Key verified..." 51 | else 52 | echo "Apt-Key verification failed, exiting." 53 | exit 1 54 | fi 55 | # Add Docker repo. 56 | echo "Adding Docker CE Stable repository..." 57 | sudo add-apt-repository \ 58 | "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ 59 | $(lsb_release -cs) \ 60 | stable" &>/dev/null 61 | # Update apt-get info. 62 | sudo apt-get update &>/dev/null 63 | } 64 | 65 | package_install() { 66 | # Install required packages 67 | echo "Installing apt-get packages..." 68 | if ! apt-get -y -o Dpkg::Options::=--force-confdef -o Dpkg::Options::=--force-confnew install --fix-missing --fix-broken ${apt_package_install_list[@]}; then 69 | apt-get clean 70 | return 1 71 | fi 72 | 73 | # Remove unnecessary packages 74 | echo "Removing unnecessary packages..." 75 | apt-get autoremove -y 76 | 77 | # Clean up apt caches 78 | apt-get clean 79 | 80 | return 0 81 | } 82 | 83 | setup_docker() { 84 | if ! [ -x "$(command -v docker)" ]; then 85 | echo "Error: docker was not installed properly. Exiting..." 86 | return 1 87 | fi 88 | 89 | echo " " 90 | echo "Setting up docker... " 91 | usermod -a -G docker vagrant 92 | systemctl enable docker 93 | return 0 94 | } 95 | 96 | install_kubectl() { 97 | # Download the latest version of kubectl 98 | echo "Installing Kubectl" 99 | curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl &>/dev/null 100 | # Make the kubectl binary executable 101 | chmod +x ./kubectl 102 | # Move the binary into the PATH 103 | sudo mv ./kubectl /usr/local/bin/kubectl 104 | 105 | # Enable kubectl autocompletion 106 | echo 'source <(kubectl completion bash)' >>/home/vagrant/.bashrc 107 | 108 | # Verify Kubectl is installed 109 | if hash kubectl 2>/dev/null; then 110 | echo "Successfully installed kubectl" 111 | return 0 112 | else 113 | echo "Failed to install kubectl, exiting" 114 | exit 1 115 | fi 116 | } 117 | 118 | install_minikube() { 119 | # Download the latest version 120 | curl -Lo minikube https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64 &>/dev/null \ 121 | && chmod +x minikube &>/dev/null 122 | # Install into PATH 123 | sudo install minikube /usr/local/bin 124 | # Verify minikube installed 125 | if hash minikube 2>/dev/null; then 126 | echo "Successfully installed minikube" 127 | return 0 128 | else 129 | echo "Failed to install minikube, exiting" 130 | exit 1 131 | fi 132 | } 133 | 134 | ### SCRIPT 135 | echo " " 136 | echo "Main packages check and install." 137 | export DEBIAN_FRONTEND=noninteractive 138 | 139 | docker_repo 140 | if ! package_install; then 141 | echo "Main packages check and install failed, halting provision." 142 | exit 1 143 | fi 144 | setup_docker 145 | install_kubectl 146 | install_minikube 147 | export CHANGE_MINIKUBE_NONE_USER 148 | echo "export CHANGE_MINIKUBE_NONE_USER=true" >> /etc/profile.d/vagrant.sh 149 | chmod +x /home/vagrant/selfmedicate.sh 150 | chmod +x /home/vagrant/container-start.sh 151 | echo "done" 152 | --------------------------------------------------------------------------------