jepio/deploy-snp-nginx-azure.sh

## deploy-snp-nginx-azure.sh
#!/bin/bash

# run as root
set -xe

systemctl disable --now unattended-upgrades

apt-get update
apt-get install -y apt-transport-https ca-certificates curl
mkdir -p /etc/apt/keyrings
curl -fsSL https://dl.k8s.io/apt/doc/apt-key.gpg | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-archive-keyring.gpg
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | tee /etc/apt/sources.list.d/kubernetes.list
apt-get update
apt-get install -y kubelet kubeadm kubectl containerd

# kata-deploy does the wrong thing if this file doesn't exist
[ -f /etc/containerd/config.toml ] || mkdir -p /etc/containerd && containerd config dump >>/etc/containerd/config.toml
systemctl enable --now containerd

echo net.ipv4.ip_forward = 1 >>/etc/sysctl.d/99-k8s.conf
sysctl --system --write

echo br_netfilter >>/etc/modules-load.d/k8s.conf
modprobe br_netfilter

kubeadm init --pod-network-cidr 10.244.0.0/16

mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
if [ -n "${SUDO_USER}" ]; then
  home=$(getent passwd "${SUDO_USER}" | cut -d: -f6)
  mkdir -p $home/.kube
  cp -i /etc/kubernetes/admin.conf $home/.kube/config
  chown -R "$SUDO_USER" $home/.kube
fi

# install network
kubectl taint nodes --all node-role.kubernetes.io/control-plane-
kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml

# install coco
export RELEASE_VERSION=v0.7.0
kubectl label node --all node.kubernetes.io/worker=
kubectl apply -k "github.com/confidential-containers/operator/config/release?ref=${RELEASE_VERSION}"
kubectl apply -k "github.com/confidential-containers/operator/config/samples/ccruntime/default?ref=${RELEASE_VERSION}"

cat <<EOF >nginx.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 4
  template:
    metadata:
      labels:
        app: nginx
    spec:
      runtimeClassName: kata-qemu-snp
      containers:
      - name: nginx
        image: nginx:latest
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: nginx
spec:
  selector:
    app: nginx
  ports:
    - protocol: TCP
      port: 80
      targetPort: 80
EOF
	#!/bin/bash

	# run as root
	set -xe

	systemctl disable --now unattended-upgrades

	apt-get update
	apt-get install -y apt-transport-https ca-certificates curl
	mkdir -p /etc/apt/keyrings
	curl -fsSL https://dl.k8s.io/apt/doc/apt-key.gpg \| sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-archive-keyring.gpg
	echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" \| tee /etc/apt/sources.list.d/kubernetes.list
	apt-get update
	apt-get install -y kubelet kubeadm kubectl containerd

	# kata-deploy does the wrong thing if this file doesn't exist
	[ -f /etc/containerd/config.toml ] \|\| mkdir -p /etc/containerd && containerd config dump >>/etc/containerd/config.toml
	systemctl enable --now containerd

	echo net.ipv4.ip_forward = 1 >>/etc/sysctl.d/99-k8s.conf
	sysctl --system --write

	echo br_netfilter >>/etc/modules-load.d/k8s.conf
	modprobe br_netfilter

	kubeadm init --pod-network-cidr 10.244.0.0/16

	mkdir -p $HOME/.kube
	cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
	chown $(id -u):$(id -g) $HOME/.kube/config
	if [ -n "${SUDO_USER}" ]; then
	home=$(getent passwd "${SUDO_USER}" \| cut -d: -f6)
	mkdir -p $home/.kube
	cp -i /etc/kubernetes/admin.conf $home/.kube/config
	chown -R "$SUDO_USER" $home/.kube
	fi

	# install network
	kubectl taint nodes --all node-role.kubernetes.io/control-plane-
	kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml

	# install coco
	export RELEASE_VERSION=v0.7.0
	kubectl label node --all node.kubernetes.io/worker=
	kubectl apply -k "github.com/confidential-containers/operator/config/release?ref=${RELEASE_VERSION}"
	kubectl apply -k "github.com/confidential-containers/operator/config/samples/ccruntime/default?ref=${RELEASE_VERSION}"

	cat <<EOF >nginx.yaml
	---
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: nginx
	spec:
	selector:
	matchLabels:
	app: nginx
	replicas: 4
	template:
	metadata:
	labels:
	app: nginx
	spec:
	runtimeClassName: kata-qemu-snp
	containers:
	- name: nginx
	image: nginx:latest
	ports:
	- containerPort: 80
	---
	apiVersion: v1
	kind: Service
	metadata:
	name: nginx
	spec:
	selector:
	app: nginx
	ports:
	- protocol: TCP
	port: 80
	targetPort: 80
	EOF