mauilion

apiVersion: cluster.x-k8s.io/v1beta1
kind: ClusterClass
metadata:
  name: quick-start
  namespace: c1
spec:
  controlPlane:
    machineInfrastructure:
      ref:
        apiVersion: infrastructure.cluster.x-k8s.io/v1beta1

mauilion

#!/bin/bash
set -euo pipefail

reg_name="kind-registry"
reg_port="80"
cilium_agent="localhost/cilium/cilium:v1.12.2"
cilium_operator="localhost/cilium/operator-generic:v1.12.2"
cilium_ui="localhost/cilium/hubble-ui:v0.9.2"
cilium_ui_backend="localhost/cilium/hubble-ui-backend:v0.9.2"
cilium_relay_image="localhost/cilium/hubble-relay:v1.12.2"

mauilion

{
  "status": {
    "id": "5694f82f44168cc048e014ae14d1b0c8ef673bec49f329dc169911ea638f63c2",
    "metadata": {
      "attempt": 0,
      "name": "bash"
    },
    "state": "CONTAINER_RUNNING",
    "createdAt": "2022-01-21T17:52:41.161571104Z",
    "startedAt": "2022-01-21T17:52:41.299747922Z",

mauilion

time="2022-01-21T17:07:51Z" level=info msg="Loaded config from directory" config-dir=/etc/hubble-enterprise
time="2022-01-21T17:07:51Z" level=info msg="Starting hubble-fgs" version=v1.6.0
time="2022-01-21T17:07:51Z" level=info msg="config settings" config="map[btf: cilium-bpf:/sys/fs/bpf/tc/globals/ config-dir:/etc/hubble-enterprise config-file: debug:false enable-cilium-api:true enable-export-aggregation:false enable-k8s-api:true enable-process-cred:false export-aggregation-buffer-size:10000 export-aggregation-window-size:15s export-allowlist:{\"event_set\":[\"PROCESS_CONNECT\", \"PROCESS_EXEC\", \"PROCESS_KPROBE\", \"PROCESS_LISTEN\", \"PROCESS_TLS\", \"PROCESS_SOCKSTATS\"]} export-denylist:{\"health_check\":true}\n{\"namespace\":[\"\", \"cilium\", \"kube-system\"]} export-file-compress:false export-file-max-backups:5 export-file-max-size-mb:10 export-file-rotation-interval:0s export-filename:/var/run/cilium/hubble/fgs.log export-rate-limit:-1 hubble-lib:/var/lib/hubble-fgs/ ignore-missing-progs:false kerne

mauilion

# dmidecode 3.3
Getting SMBIOS data from sysfs.
SMBIOS 3.2.0 present.
Table at 0xBF704000.

Handle 0x0000, DMI type 18, 23 bytes
32-bit Memory Error Information
	Type: OK
	Granularity: Unknown
	Operation: Unknown

mauilion

*tfstate*
.terraform
etcd
certs
ca-keys

mauilion

apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    component: etcdclient
    tier: debug
  name: etcdclient
  namespace: kube-system
spec:

mauilion

# https://www.outcoldsolutions.com/docs/monitoring-kubernetes/v4/audit/
apiVersion: audit.k8s.io/v1
kind: Policy
rules:
# Do not log from kube-system accounts
  - level: None
    userGroups:
    - system:serviceaccounts:kube-system
  - level: None
    users:

mauilion

* 
* ==> Audit <==
* |----------|-----------------------------------|---------|---------|---------|-------------------------------|-------------------------------|
| Command  |               Args                | Profile |  User   | Version |          Start Time           |           End Time            |
|----------|-----------------------------------|---------|---------|---------|-------------------------------|-------------------------------|
| ssh      | -- cat                            | calium  | dcooley | v1.21.0 | Tue, 06 Jul 2021 12:00:38 PDT | Tue, 06 Jul 2021 12:00:39 PDT |
|          | /etc/cni/net.d/10-calico.conflist |         |         |         |                               |                               |
| ssh      | -- cat                            | calium  | dcooley | v1.21.0 | Tue, 06 Jul 2021 12:01:57 PDT | Tue, 06 Jul 2021 12:01:57 PDT |
|          | /etc/cni/net.d/10-calico.conflist |         |         |         |                               |                               |
| 

mauilion

---
# Source: cilium/templates/cilium-agent-serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: "cilium"
  namespace: kube-system
---
# Source: cilium/templates/cilium-operator-serviceaccount.yaml
apiVersion: v1