Duffie Cooley mauilion

## cluster.sh
#!/bin/bash
set -euo pipefail

reg_name="kind-registry"
reg_port="80"
cilium_agent="localhost/cilium/cilium:v1.12.2"
cilium_operator="localhost/cilium/operator-generic:v1.12.2"
cilium_ui="localhost/cilium/hubble-ui:v0.9.2"
cilium_ui_backend="localhost/cilium/hubble-ui-backend:v0.9.2"
cilium_relay_image="localhost/cilium/hubble-relay:v1.12.2"

## gist:671ae430c960906345495ce3f3099e11
{
  "status": {
    "id": "5694f82f44168cc048e014ae14d1b0c8ef673bec49f329dc169911ea638f63c2",
    "metadata": {
      "attempt": 0,
      "name": "bash"
    },
    "state": "CONTAINER_RUNNING",
    "createdAt": "2022-01-21T17:52:41.161571104Z",
    "startedAt": "2022-01-21T17:52:41.299747922Z",

## gist:fb996b0d536742ef4a072fe84a9ce39e
time="2022-01-21T17:07:51Z" level=info msg="Loaded config from directory" config-dir=/etc/hubble-enterprise
time="2022-01-21T17:07:51Z" level=info msg="Starting hubble-fgs" version=v1.6.0
time="2022-01-21T17:07:51Z" level=info msg="config settings" config="map[btf: cilium-bpf:/sys/fs/bpf/tc/globals/ config-dir:/etc/hubble-enterprise config-file: debug:false enable-cilium-api:true enable-export-aggregation:false enable-k8s-api:true enable-process-cred:false export-aggregation-buffer-size:10000 export-aggregation-window-size:15s export-allowlist:{\"event_set\":[\"PROCESS_CONNECT\", \"PROCESS_EXEC\", \"PROCESS_KPROBE\", \"PROCESS_LISTEN\", \"PROCESS_TLS\", \"PROCESS_SOCKSTATS\"]} export-denylist:{\"health_check\":true}\n{\"namespace\":[\"\", \"cilium\", \"kube-system\"]} export-file-compress:false export-file-max-backups:5 export-file-max-size-mb:10 export-file-rotation-interval:0s export-filename:/var/run/cilium/hubble/fgs.log export-rate-limit:-1 hubble-lib:/var/lib/hubble-fgs/ ignore-missing-progs:false kerne

## gist:797c5546050906cd6ded882e7d6b7bf8
# dmidecode 3.3
Getting SMBIOS data from sysfs.
SMBIOS 3.2.0 present.
Table at 0xBF704000.

Handle 0x0000, DMI type 18, 23 bytes
32-bit Memory Error Information
	Type: OK
	Granularity: Unknown
	Operation: Unknown

## .gitignore
*tfstate*
.terraform
etcd
certs
ca-keys

## etcdclient.yaml
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    component: etcdclient
    tier: debug
  name: etcdclient
  namespace: kube-system
spec:

## adv-audit.yaml
# https://www.outcoldsolutions.com/docs/monitoring-kubernetes/v4/audit/
apiVersion: audit.k8s.io/v1
kind: Policy
rules:
# Do not log from kube-system accounts
  - level: None
    userGroups:
    - system:serviceaccounts:kube-system
  - level: None
    users:

## gist:89f345507846801ef85bdebc4bd2529f
*
* ==> Audit <==
* |----------|-----------------------------------|---------|---------|---------|-------------------------------|-------------------------------|
| Command  |               Args                | Profile |  User   | Version |          Start Time           |           End Time            |
|----------|-----------------------------------|---------|---------|---------|-------------------------------|-------------------------------|
| ssh      | -- cat                            | calium  | dcooley | v1.21.0 | Tue, 06 Jul 2021 12:00:38 PDT | Tue, 06 Jul 2021 12:00:39 PDT |
|          | /etc/cni/net.d/10-calico.conflist |         |         |         |                               |                               |
| ssh      | -- cat                            | calium  | dcooley | v1.21.0 | Tue, 06 Jul 2021 12:01:57 PDT | Tue, 06 Jul 2021 12:01:57 PDT |
|          | /etc/cni/net.d/10-calico.conflist |         |         |         |                               |                               |
|

## gist:8781942b54b3600075a8098964c30f18
---
# Source: cilium/templates/cilium-agent-serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: "cilium"
  namespace: kube-system
---
# Source: cilium/templates/cilium-operator-serviceaccount.yaml
apiVersion: v1

## gist:75ff97d6b4afc92cb840eacbbafb3e2a
export KIND_CLUSTER_NAME=$(whoami)
export INSTALL_K3S_VERSION=v1.19.5+k3s2
export INSTALL_K3S_EXEC="--node-label cluster=${KIND_CLUSTER_NAME} --kubelet-arg=port=10260"
export K3S_TOKEN=K100eb593c7b4dcba3df04ffc638c7133bf66677599e3c5be1daca4bb7a7dedb27d::server:0b3300e83314273d0a4ffb08d4cb0144
export K3S_URL=https://honk.jeefy.dev:6443
cat <<EOF | kind create cluster --config=-
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
	#!/bin/bash
	set -euo pipefail

	reg_name="kind-registry"
	reg_port="80"
	cilium_agent="localhost/cilium/cilium:v1.12.2"
	cilium_operator="localhost/cilium/operator-generic:v1.12.2"
	cilium_ui="localhost/cilium/hubble-ui:v0.9.2"
	cilium_ui_backend="localhost/cilium/hubble-ui-backend:v0.9.2"
	cilium_relay_image="localhost/cilium/hubble-relay:v1.12.2"
	{
	"status": {
	"id": "5694f82f44168cc048e014ae14d1b0c8ef673bec49f329dc169911ea638f63c2",
	"metadata": {
	"attempt": 0,
	"name": "bash"
	},
	"state": "CONTAINER_RUNNING",
	"createdAt": "2022-01-21T17:52:41.161571104Z",
	"startedAt": "2022-01-21T17:52:41.299747922Z",
	time="2022-01-21T17:07:51Z" level=info msg="Loaded config from directory" config-dir=/etc/hubble-enterprise
	time="2022-01-21T17:07:51Z" level=info msg="Starting hubble-fgs" version=v1.6.0
	time="2022-01-21T17:07:51Z" level=info msg="config settings" config="map[btf: cilium-bpf:/sys/fs/bpf/tc/globals/ config-dir:/etc/hubble-enterprise config-file: debug:false enable-cilium-api:true enable-export-aggregation:false enable-k8s-api:true enable-process-cred:false export-aggregation-buffer-size:10000 export-aggregation-window-size:15s export-allowlist:{\"event_set\":[\"PROCESS_CONNECT\", \"PROCESS_EXEC\", \"PROCESS_KPROBE\", \"PROCESS_LISTEN\", \"PROCESS_TLS\", \"PROCESS_SOCKSTATS\"]} export-denylist:{\"health_check\":true}\n{\"namespace\":[\"\", \"cilium\", \"kube-system\"]} export-file-compress:false export-file-max-backups:5 export-file-max-size-mb:10 export-file-rotation-interval:0s export-filename:/var/run/cilium/hubble/fgs.log export-rate-limit:-1 hubble-lib:/var/lib/hubble-fgs/ ignore-missing-progs:false kerne
	# dmidecode 3.3
	Getting SMBIOS data from sysfs.
	SMBIOS 3.2.0 present.
	Table at 0xBF704000.

	Handle 0x0000, DMI type 18, 23 bytes
	32-bit Memory Error Information
	Type: OK
	Granularity: Unknown
	Operation: Unknown
	apiVersion: v1
	kind: Pod
	metadata:
	creationTimestamp: null
	labels:
	component: etcdclient
	tier: debug
	name: etcdclient
	namespace: kube-system
	spec:
	# https://www.outcoldsolutions.com/docs/monitoring-kubernetes/v4/audit/
	apiVersion: audit.k8s.io/v1
	kind: Policy
	rules:
	# Do not log from kube-system accounts
	- level: None
	userGroups:
	- system:serviceaccounts:kube-system
	- level: None
	users:
	*
	* ==> Audit <==
	* \|----------\|-----------------------------------\|---------\|---------\|---------\|-------------------------------\|-------------------------------\|
	\| Command \| Args \| Profile \| User \| Version \| Start Time \| End Time \|
	\|----------\|-----------------------------------\|---------\|---------\|---------\|-------------------------------\|-------------------------------\|
	\| ssh \| -- cat \| calium \| dcooley \| v1.21.0 \| Tue, 06 Jul 2021 12:00:38 PDT \| Tue, 06 Jul 2021 12:00:39 PDT \|
	\| \| /etc/cni/net.d/10-calico.conflist \| \| \| \| \| \|
	\| ssh \| -- cat \| calium \| dcooley \| v1.21.0 \| Tue, 06 Jul 2021 12:01:57 PDT \| Tue, 06 Jul 2021 12:01:57 PDT \|
	\| \| /etc/cni/net.d/10-calico.conflist \| \| \| \| \| \|
	\|
	---
	# Source: cilium/templates/cilium-agent-serviceaccount.yaml
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: "cilium"
	namespace: kube-system
	---
	# Source: cilium/templates/cilium-operator-serviceaccount.yaml
	apiVersion: v1
	export KIND_CLUSTER_NAME=$(whoami)
	export INSTALL_K3S_VERSION=v1.19.5+k3s2
	export INSTALL_K3S_EXEC="--node-label cluster=${KIND_CLUSTER_NAME} --kubelet-arg=port=10260"
	export K3S_TOKEN=K100eb593c7b4dcba3df04ffc638c7133bf66677599e3c5be1daca4bb7a7dedb27d::server:0b3300e83314273d0a4ffb08d4cb0144
	export K3S_URL=https://honk.jeefy.dev:6443
	cat <<EOF \| kind create cluster --config=-
	kind: Cluster
	apiVersion: kind.x-k8s.io/v1alpha4
	nodes:
	- role: control-plane