Jonathan Chauncey jchauncey

## debian-base-1.0.0
2020-05-12T12:46:16.544-0400	[34mINFO[0m	Detecting Debian vulnerabilities...

k8s.gcr.io/debian-base:v1.0.0 (debian 9.8)
==========================================
Total: 129 (UNKNOWN: 0, LOW: 86, MEDIUM: 27, HIGH: 16, CRITICAL: 0)

+-------------------+---------------------+----------+-----------------------+-----------------+---------------------------------------------+
|      LIBRARY      |  VULNERABILITY ID   | SEVERITY |   INSTALLED VERSION   |  FIXED VERSION  |                    TITLE                    |
+-------------------+---------------------+----------+-----------------------+-----------------+---------------------------------------------+
| apt               | CVE-2011-3374       | LOW      | 1.4.9                 |                 | It was found that apt-key                   |

## gist:e39ddf42661e7c970e7027a962f76de1
stages:
- stage: build_and_push
  jobs:
  - job: build_component_a
    steps:
    ...
  - job: build_component_b
    steps:
    ...
  - job: build_component_c

## k8s-linux.json
{
  "apiVersion": "vlabs",
  "properties": {
    "orchestratorProfile": {
      "orchestratorType": "Kubernetes"
    },
    "masterProfile": {
      "count": 1,
      "dnsPrefix": "",
      "vmSize": "Standard_D2_v2"

## kubernetes.go
package kubernetes

import (
	"encoding/json"
	"fmt"
	"io/ioutil"
	"net/http"
	"net/url"
	"sync"
	"time"

## install_docker
#! /bin/sh
apt-get update
apt-get install -y apt-transport-https ca-certificates
apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070
echo "deb https://apt.dockerproject.org/repo ubuntu-trusty main" >> /etc/apt/sources.list.d/docker.list
apt-get update
apt-get purge lxc-docker
apt-cache policy docker-engine
apt-get install -y linux-image-extra-$(uname -r) linux-image-extra-virtual
apt-get install -y docker-engine

## nsq.json
{
  "dashboard": {
    "id": null,
    "title": "NSQ Health",
    "tags": ["deis"],
    "style": "dark",
    "timezone": "browser",
    "editable": true,
    "hideControls": false,
    "sharedCrosshair": false,

## get-pod-ips
  export GET_PODS_URL=https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT/api/v1/namespaces/$POD_NAMESPACE/pods
  pod_names=$(curl -s $GET_PODS_URL --header "Authorization: Bearer $TOKEN" --insecure  | jq --raw-output '.items[].metadata.name' | grep deis-nsqlookupd)
  while read -r pod; do
    GET_POD_URL=https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT/api/v1/namespaces/$POD_NAMESPACE/pods/${pod}
    pod_ip=$(curl -s $GET_POD_URL --header "Authorization: Bearer $TOKEN" --insecure | jq --raw-output '.status.podIP')
    export LOOKUP_COMMAND="$LOOKUP_COMMAND -lookupd-tcp-address ${pod_ip}:4161"
  done <<< "$pod_names"
  exec nsqd -broadcast-address ${NODE_NAME} ${LOOKUP_COMMAND}

## gist:b4ea7ec113747de130766739843ce1d0
require 'fluent/mixin/config_placeholders'
require 'fluent/mixin/plaintextformatter'
require 'fluent/mixin/rewrite_tag_name'
require 'fluent/output'

module Fluent
  class DeisOutput < Output
    Fluent::Plugin.register_output("deis_output", self)

    include Fluent::Mixin::PlainTextFormatter

## gist:30c48d0eb1985aa238506536a5835642
<source>
  type tail
  path /var/log/containers/*.log
  pos_file /var/log/containers.log.pos
  time_format %Y-%m-%dT%H:%M:%S.%NZ
  tag kubernetes.*
  format json
  read_from_head true
</source>

## gist:4cf09887141267214bc8
(require '[clojure.string :as str])
(require '[riemann.common :as common])

(logging/init)
(info "loading" *config-file*)


(tcp-server :host "0.0.0.0"   :port 5555)
(udp-server :host "0.0.0.0"   :port 5556)
	2020-05-12T12:46:16.544-0400 [34mINFO[0m Detecting Debian vulnerabilities...

	k8s.gcr.io/debian-base:v1.0.0 (debian 9.8)
	==========================================
	Total: 129 (UNKNOWN: 0, LOW: 86, MEDIUM: 27, HIGH: 16, CRITICAL: 0)

	+-------------------+---------------------+----------+-----------------------+-----------------+---------------------------------------------+
	\| LIBRARY \| VULNERABILITY ID \| SEVERITY \| INSTALLED VERSION \| FIXED VERSION \| TITLE \|
	+-------------------+---------------------+----------+-----------------------+-----------------+---------------------------------------------+
	\| apt \| CVE-2011-3374 \| LOW \| 1.4.9 \| \| It was found that apt-key \|
	stages:
	- stage: build_and_push
	jobs:
	- job: build_component_a
	steps:
	...
	- job: build_component_b
	steps:
	...
	- job: build_component_c
	{
	"apiVersion": "vlabs",
	"properties": {
	"orchestratorProfile": {
	"orchestratorType": "Kubernetes"
	},
	"masterProfile": {
	"count": 1,
	"dnsPrefix": "",
	"vmSize": "Standard_D2_v2"
	package kubernetes

	import (
	"encoding/json"
	"fmt"
	"io/ioutil"
	"net/http"
	"net/url"
	"sync"
	"time"
	#! /bin/sh
	apt-get update
	apt-get install -y apt-transport-https ca-certificates
	apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070
	echo "deb https://apt.dockerproject.org/repo ubuntu-trusty main" >> /etc/apt/sources.list.d/docker.list
	apt-get update
	apt-get purge lxc-docker
	apt-cache policy docker-engine
	apt-get install -y linux-image-extra-$(uname -r) linux-image-extra-virtual
	apt-get install -y docker-engine
	{
	"dashboard": {
	"id": null,
	"title": "NSQ Health",
	"tags": ["deis"],
	"style": "dark",
	"timezone": "browser",
	"editable": true,
	"hideControls": false,
	"sharedCrosshair": false,
	export GET_PODS_URL=https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT/api/v1/namespaces/$POD_NAMESPACE/pods
	pod_names=$(curl -s $GET_PODS_URL --header "Authorization: Bearer $TOKEN" --insecure \| jq --raw-output '.items[].metadata.name' \| grep deis-nsqlookupd)
	while read -r pod; do
	GET_POD_URL=https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT/api/v1/namespaces/$POD_NAMESPACE/pods/${pod}
	pod_ip=$(curl -s $GET_POD_URL --header "Authorization: Bearer $TOKEN" --insecure \| jq --raw-output '.status.podIP')
	export LOOKUP_COMMAND="$LOOKUP_COMMAND -lookupd-tcp-address ${pod_ip}:4161"
	done <<< "$pod_names"
	exec nsqd -broadcast-address ${NODE_NAME} ${LOOKUP_COMMAND}
	require 'fluent/mixin/config_placeholders'
	require 'fluent/mixin/plaintextformatter'
	require 'fluent/mixin/rewrite_tag_name'
	require 'fluent/output'

	module Fluent
	class DeisOutput < Output
	Fluent::Plugin.register_output("deis_output", self)

	include Fluent::Mixin::PlainTextFormatter
	<source>
	type tail
	path /var/log/containers/*.log
	pos_file /var/log/containers.log.pos
	time_format %Y-%m-%dT%H:%M:%S.%NZ
	tag kubernetes.*
	format json
	read_from_head true
	</source>
	(require '[clojure.string :as str])
	(require '[riemann.common :as common])

	(logging/init)
	(info "loading" config-file)


	(tcp-server :host "0.0.0.0" :port 5555)
	(udp-server :host "0.0.0.0" :port 5556)