From 963e0e349fa9b5b55f3cb386e835c681dd498d28 Mon Sep 17 00:00:00 2001 From: Jason Umiker Date: Tue, 30 Apr 2024 10:12:42 +1000 Subject: [PATCH] Added support for AWS CDR from onprem --- scripts/.gitignore | 1 + scripts/install-cli-amd-linux.sh | 3 ++ scripts/refresh-security-playgrounds.sh | 1 + ...security-playground-aws-env-vars.yaml.orig | 49 +++++++++++++++++++ scripts/test-all-workshop-commands.sh | 3 ++ 5 files changed, 57 insertions(+) create mode 100644 scripts/.gitignore create mode 100644 scripts/install-cli-amd-linux.sh create mode 100644 scripts/security-playground-aws-env-vars.yaml.orig diff --git a/scripts/.gitignore b/scripts/.gitignore new file mode 100644 index 0000000..1d8b09e --- /dev/null +++ b/scripts/.gitignore @@ -0,0 +1 @@ +security-playground-aws-env-vars.yaml diff --git a/scripts/install-cli-amd-linux.sh b/scripts/install-cli-amd-linux.sh new file mode 100644 index 0000000..8e3f5da --- /dev/null +++ b/scripts/install-cli-amd-linux.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash +curl -LO "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/$(curl -L -s https://download.sysdig.com/scanning/sysdig-cli-scanner/latest_version.txt)/linux/amd64/sysdig-cli-scanner" +chmod +x ./sysdig-cli-scanner diff --git a/scripts/refresh-security-playgrounds.sh b/scripts/refresh-security-playgrounds.sh index f52164b..3f974cf 100755 --- a/scripts/refresh-security-playgrounds.sh +++ b/scripts/refresh-security-playgrounds.sh @@ -6,3 +6,4 @@ kubectl delete --all pods --namespace=security-playground-restricted-nodrift kubectl delete --all pods --namespace=security-playground-restricted-nomalware kubectl delete -f ./generated-network-policy.yml kubectl delete -f ./generated-network-policy2.yml +kubectl apply -f ../k8s-manifests/04-security-playground-deployment.yaml \ No newline at end of file diff --git a/scripts/security-playground-aws-env-vars.yaml.orig b/scripts/security-playground-aws-env-vars.yaml.orig new file mode 100644 index 0000000..636af37 --- /dev/null +++ b/scripts/security-playground-aws-env-vars.yaml.orig @@ -0,0 +1,49 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: security-playground + namespace: security-playground + labels: + app.kubernetes.io/name: security-playground +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: security-playground + template: + metadata: + labels: + app.kubernetes.io/name: security-playground + spec: + hostPID: true + containers: + - name: security-playground + image: public.ecr.aws/m9h2b5e7/security-playground:240324 + ports: + - name: http + containerPort: 8080 + protocol: TCP + livenessProbe: + httpGet: + path: /health + port: http + readinessProbe: + httpGet: + path: /health + port: http + securityContext: + privileged: true + resources: + requests: + memory: "256Mi" + cpu: "250m" + limits: + memory: "512Mi" + cpu: "500m" + env: + - name: AWS_ACCESS_KEY_ID + value: "" + - name: AWS_SECRET_ACCESS_KEY + value: "" + - name: AWS_DEFAULT_REGION + value: "ap-southeast-2" \ No newline at end of file diff --git a/scripts/test-all-workshop-commands.sh b/scripts/test-all-workshop-commands.sh index d3c02d7..4c8eb75 100755 --- a/scripts/test-all-workshop-commands.sh +++ b/scripts/test-all-workshop-commands.sh @@ -4,8 +4,11 @@ ./example-curls-restricted-nodrift.sh ./example-curls-restricted-nomalware.sh #kubectl apply -f ./security-playground-irsa.yaml +#kubectl apply -f ./security-playground-aws-env-vars.yaml #sleep 10 +#export S3_BUCKET_NAME=bucket #./example-curls-bucket-public.sh +#export SECURE_API_TOKEN=token #./sysdig-cli-scanner -a app.au1.sysdig.com logstash:7.16.1 ./example-curls-networkpolicy.sh kubectl apply -f ./generated-network-policy.yml