-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Rudraksh Pareek <[email protected]>
- Loading branch information
1 parent
2818b83
commit 939c2d0
Showing
18 changed files
with
895 additions
and
306 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
{ | ||
"Version": "2012-10-17", | ||
"Statement": [ | ||
{ | ||
"Effect": "Allow", | ||
"Action": [ | ||
"ecr:GetAuthorizationToken", | ||
"ecr:BatchCheckLayerAvailability", | ||
"ecr:GetDownloadUrlForLayer", | ||
"ecr:BatchGetImage", | ||
"logs:CreateLogStream", | ||
"logs:PutLogEvents" | ||
], | ||
"Resource": "*" | ||
} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,171 @@ | ||
{ | ||
"services": [ | ||
{ | ||
"serviceArn": "<REDACTED>", | ||
"serviceName": "armored-container-service", | ||
"clusterArn": "<REDACTED>", | ||
"loadBalancers": [], | ||
"serviceRegistries": [], | ||
"status": "ACTIVE", | ||
"desiredCount": 1, | ||
"runningCount": 1, | ||
"pendingCount": 0, | ||
"launchType": "FARGATE", | ||
"platformVersion": "LATEST", | ||
"platformFamily": "Linux", | ||
"taskDefinition": "<REDACTED>", | ||
"deploymentConfiguration": { | ||
"deploymentCircuitBreaker": { | ||
"enable": true, | ||
"rollback": true | ||
}, | ||
"maximumPercent": 200, | ||
"minimumHealthyPercent": 100 | ||
}, | ||
"deployments": [ | ||
{ | ||
"id": "ecs-svc/5095800472445100540", | ||
"status": "PRIMARY", | ||
"taskDefinition": "<REDACTED>", | ||
"desiredCount": 1, | ||
"pendingCount": 0, | ||
"runningCount": 1, | ||
"failedTasks": 0, | ||
"createdAt": "2023-07-21T08:51:00.958000+05:30", | ||
"updatedAt": "2023-07-21T08:55:31.914000+05:30", | ||
"launchType": "FARGATE", | ||
"platformVersion": "1.4.0", | ||
"platformFamily": "Linux", | ||
"networkConfiguration": { | ||
"awsvpcConfiguration": { | ||
"subnets": [ | ||
"<REDACTED>" | ||
], | ||
"securityGroups": [ | ||
"<REDACTED>" | ||
], | ||
"assignPublicIp": "ENABLED" | ||
} | ||
}, | ||
"rolloutState": "COMPLETED", | ||
"rolloutStateReason": "ECS deployment ecs-svc/5095800472445100540 completed." | ||
} | ||
], | ||
"roleArn": "<REDACTED>", | ||
"events": [ | ||
{ | ||
"id": "4830fc3a-888e-42e0-9aaa-b5bbe577516a", | ||
"createdAt": "2023-07-21T14:55:57.171000+05:30", | ||
"message": "(service armored-container-service) has reached a steady state." | ||
}, | ||
{ | ||
"id": "9adf848e-5746-48a6-9ddf-bf6e91aabdfe", | ||
"createdAt": "2023-07-21T08:55:31.919000+05:30", | ||
"message": "(service armored-container-service) has reached a steady state." | ||
}, | ||
{ | ||
"id": "7876ab74-6a06-4eec-9204-83a578e06c82", | ||
"createdAt": "2023-07-21T08:55:31.918000+05:30", | ||
"message": "(service armored-container-service) (deployment ecs-svc/5095800472445100540) deployment completed." | ||
}, | ||
{ | ||
"id": "c4287cf2-6715-4dc3-a765-755ad0d9d4b3", | ||
"createdAt": "2023-07-21T08:52:53.739000+05:30", | ||
"message": "(service armored-container-service) has stopped 1 running tasks: (task 18227ab7d612451eac7fa799285fac34)." | ||
}, | ||
{ | ||
"id": "e079943b-56a2-41ca-a137-5c95d0c6ffbe", | ||
"createdAt": "2023-07-21T08:51:28.038000+05:30", | ||
"message": "(service armored-container-service) has started 1 tasks: (task 8b696488625c43b29917bc0011d514a0)." | ||
}, | ||
{ | ||
"id": "9c9f0895-6e14-40db-873e-e88f4e3076c8", | ||
"createdAt": "2023-07-21T05:35:16.087000+05:30", | ||
"message": "(service armored-container-service) has reached a steady state." | ||
}, | ||
{ | ||
"id": "1606f4cc-7ef1-4207-94e0-51909503d096", | ||
"createdAt": "2023-07-20T23:34:59.019000+05:30", | ||
"message": "(service armored-container-service) has reached a steady state." | ||
}, | ||
{ | ||
"id": "c7f1d66f-a53c-4fdb-98bf-d0b4fd043a57", | ||
"createdAt": "2023-07-20T17:34:50.060000+05:30", | ||
"message": "(service armored-container-service) has reached a steady state." | ||
}, | ||
{ | ||
"id": "00e875cf-d912-419b-9622-c5469c907e3c", | ||
"createdAt": "2023-07-20T17:34:50.059000+05:30", | ||
"message": "(service armored-container-service) (deployment ecs-svc/1917268798230133817) deployment completed." | ||
}, | ||
{ | ||
"id": "f6426454-b74f-4611-9141-2118a3c72473", | ||
"createdAt": "2023-07-20T17:32:45.974000+05:30", | ||
"message": "(service armored-container-service) has stopped 1 running tasks: (task 445da4a243334c2da49816bc8e4512c6)." | ||
}, | ||
{ | ||
"id": "84711db2-558e-4a86-bbf4-8a4cd22ecdd7", | ||
"createdAt": "2023-07-20T17:31:27.654000+05:30", | ||
"message": "(service armored-container-service) has started 1 tasks: (task 18227ab7d612451eac7fa799285fac34)." | ||
}, | ||
{ | ||
"id": "1c4d7266-e709-4ba9-9847-ba29806235e5", | ||
"createdAt": "2023-07-20T16:45:35.519000+05:30", | ||
"message": "(service armored-container-service) has reached a steady state." | ||
}, | ||
{ | ||
"id": "13e0d28e-7ca4-4f60-9fd4-102fe9ce43ec", | ||
"createdAt": "2023-07-20T16:45:35.518000+05:30", | ||
"message": "(service armored-container-service) (deployment ecs-svc/0095785089613403979) deployment completed." | ||
}, | ||
{ | ||
"id": "5c8c861e-4a2e-4a51-ab07-f03d6248292c", | ||
"createdAt": "2023-07-20T16:43:22.581000+05:30", | ||
"message": "(service armored-container-service) has stopped 1 running tasks: (task 9afc04248a984b8282619bef1c23ec19)." | ||
}, | ||
{ | ||
"id": "4df652dc-6a1f-418f-9e90-4bb2d4d1f647", | ||
"createdAt": "2023-07-20T16:42:13.912000+05:30", | ||
"message": "(service armored-container-service) has started 1 tasks: (task 445da4a243334c2da49816bc8e4512c6)." | ||
}, | ||
{ | ||
"id": "25eff47b-5fcc-4a5d-b75b-b29fea6c6df0", | ||
"createdAt": "2023-07-20T16:29:48.915000+05:30", | ||
"message": "(service armored-container-service) has reached a steady state." | ||
}, | ||
{ | ||
"id": "b67b857b-2989-4d49-9eb9-1dd361207cec", | ||
"createdAt": "2023-07-20T16:29:48.914000+05:30", | ||
"message": "(service armored-container-service) (deployment ecs-svc/5137600825021193598) deployment completed." | ||
}, | ||
{ | ||
"id": "f951a069-73d5-417c-94a8-dc4f9bfb089a", | ||
"createdAt": "2023-07-20T16:27:26.557000+05:30", | ||
"message": "(service armored-container-service) has started 1 tasks: (task 9afc04248a984b8282619bef1c23ec19)." | ||
} | ||
], | ||
"createdAt": "2023-07-20T16:27:23.049000+05:30", | ||
"placementConstraints": [], | ||
"placementStrategy": [], | ||
"networkConfiguration": { | ||
"awsvpcConfiguration": { | ||
"subnets": [ | ||
"<REDACTED>" | ||
], | ||
"securityGroups": [ | ||
"<REDACTED>" | ||
] | ||
} | ||
}, | ||
"schedulingStrategy": "REPLICA", | ||
"deploymentController": { | ||
"type": "ECS" | ||
}, | ||
"createdBy": "<REDACTED>", | ||
"enableECSManagedTags": true, | ||
"propagateTags": "NONE", | ||
"enableExecuteCommand": false | ||
} | ||
], | ||
"failures": [] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,95 @@ | ||
{ | ||
"family": "<task-family-name>", | ||
"containerDefinitions": [ | ||
{ | ||
"name": "<container-name>", | ||
"image": "<your-image>", | ||
"cpu": 0, | ||
"essential": true, | ||
"command": [ | ||
"kubearmor/bluelock", | ||
"<your-command>" | ||
], | ||
"environment": [ | ||
{ | ||
"name": "K8S", | ||
"value": "false" | ||
}, | ||
{ | ||
"name": "CONTAINERNAME", | ||
"value": "<container-name>" | ||
}, | ||
{ | ||
"name": "RELAYSERVERURL", | ||
"value": "http://<relay-server-host>:<port>" | ||
} | ||
], | ||
"mountPoints": [ | ||
{ | ||
"sourceVolume": "kubearmor-dir", | ||
"containerPath": "/kubearmor", | ||
"readOnly": true | ||
} | ||
], | ||
"volumesFrom": [], | ||
"dependsOn": [ | ||
{ | ||
"containerName": "bluelock", | ||
"condition": "SUCCESS" | ||
} | ||
], | ||
"logConfiguration": { | ||
"logDriver": "awslogs", | ||
"options": { | ||
"awslogs-create-group": "true", | ||
"awslogs-group": "/ecs/<task-family>", | ||
"awslogs-region": "us-east-2", | ||
"awslogs-stream-prefix": "ecs" | ||
} | ||
} | ||
}, | ||
{ | ||
"name": "bluelock", | ||
"image": "delusionaloptimist/bluelock:latest", | ||
"cpu": 0, | ||
"portMappings": [], | ||
"essential": false, | ||
"environment": [], | ||
"mountPoints": [ | ||
{ | ||
"sourceVolume": "kubearmor-dir", | ||
"containerPath": "/kubearmor", | ||
"readOnly": false | ||
} | ||
], | ||
"volumesFrom": [], | ||
"logConfiguration": { | ||
"logDriver": "awslogs", | ||
"options": { | ||
"awslogs-create-group": "true", | ||
"awslogs-group": "/ecs/<task-family>", | ||
"awslogs-region": "us-east-2", | ||
"awslogs-stream-prefix": "ecs" | ||
} | ||
} | ||
} | ||
], | ||
"taskRoleArn": "<REDACTED>", | ||
"executionRoleArn": "<REDACTED>", | ||
"networkMode": "awsvpc", | ||
"volumes": [ | ||
{ | ||
"name": "kubearmor-dir", | ||
"host": {} | ||
} | ||
], | ||
"requiresCompatibilities": [ | ||
"FARGATE" | ||
], | ||
"cpu": "256", | ||
"memory": "512", | ||
"runtimePlatform": { | ||
"cpuArchitecture": "X86_64", | ||
"operatingSystemFamily": "LINUX" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,86 @@ | ||
apiVersion: apps/v1 | ||
kind: Deployment | ||
metadata: | ||
# EDIT | ||
name: <deployment-name> | ||
spec: | ||
replicas: 1 | ||
selector: | ||
matchLabels: | ||
# EDIT | ||
kubearmor.io/container.name: <selector-label> | ||
template: | ||
metadata: | ||
labels: | ||
# EDIT | ||
kubearmor.io/container.name: <selector-label> | ||
spec: | ||
# init contianer injects bluelock binary into a shared volume | ||
initContainers: | ||
- name: bluelock | ||
image: daemon1024/bluelock | ||
imagePullPolicy: Always | ||
volumeMounts: | ||
- mountPath: /kubearmor | ||
name: kubearmor-dir | ||
|
||
# shared volume | ||
volumes: | ||
- emptyDir: {} | ||
name: kubearmor-dir | ||
|
||
# service account used by kubearmor, don't change this | ||
serviceAccountName: kubearmor | ||
|
||
containers: | ||
# EDIT - specify a container name | ||
- name: <container-name> | ||
# EDIT - specify a container image | ||
image: <your-image-name> | ||
# EDIT - specify image pull policy | ||
imagePullPolicy: Always | ||
|
||
# this executes bluelock, don't change this | ||
command: | ||
- /kubearmor/bluelock | ||
|
||
# EDIT - replace with your default command | ||
args: | ||
- "" | ||
|
||
# shared volume mount | ||
volumeMounts: | ||
- mountPath: /kubearmor | ||
name: kubearmor-dir | ||
env: | ||
# needed for connecting with relay-server | ||
- name: "RELAYSERVERURL" | ||
value: "http://kubearmor.kube-system.svc.cluster.local:32767" | ||
--- | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRoleBinding | ||
metadata: | ||
name: kubearmor-clusterrolebinding | ||
roleRef: | ||
apiGroup: rbac.authorization.k8s.io | ||
kind: ClusterRole | ||
name: cluster-admin | ||
subjects: | ||
- kind: ServiceAccount | ||
name: kubearmor | ||
namespace: default | ||
- kind: ServiceAccount | ||
name: kubearmor | ||
namespace: kube-system | ||
--- | ||
apiVersion: v1 | ||
kind: ServiceAccount | ||
metadata: | ||
name: kubearmor | ||
namespace: default | ||
--- | ||
apiVersion: v1 | ||
kind: ServiceAccount | ||
metadata: | ||
name: kubearmor | ||
namespace: kube-system |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.