pjbgf/k8s-security-challenge1-setup.sh

## k8s-security-challenge1-setup.sh
# Login with your Azure subscription
az login

# Register providers required within the subscription
az provider register -n Microsoft.ContainerService
az provider register -n Microsoft.Network
az provider register -n Microsoft.Compute

# Create resource group to place AKS cluster.
az group create --name k8s-security-challenge-rg --location centralus

# Provision AKS cluster based on kubernetes version 1.8.6 - latest supported at time of writing at provisioning time.
# Notice that I am provisioning it in Central US, for supported regions check https://github.com/Azure/AKS/blob/master/preview_regions.md
az aks create --name k8s-security-challenge1 --location centralus --node-count 2 -g k8s-security-challenge-rg --kubernetes-version 1.8.6

# Optional - updates to latest supported running version 1.9.1
az aks upgrade --name k8s-security-challenge1 -g k8s-security-challenge-rg --kubernetes-version 1.9.1 -y

# Install kubectl locally to manage the remote cluster
az aks install-cli

# Download credentials to manage k8s cluster
az aks get-credentials --name k8s-security-challenge1 -g k8s-security-challenge-rg

# Deploy Microsoft Voting Sample Application
kubectl apply -f https://gist.githubusercontent.com/pjbgf/cd68d149c3d4adf0ecc3b755aa9fb022/raw/2cd6ff55e69326366137e5fad93130dad10ddd41/ms-vote-sample.yaml

# Deploy Compromised .Net Application
kubectl apply -f https://gist.github.com/pjbgf/cd68d149c3d4adf0ecc3b755aa9fb022/raw/3e494a4b818c53f42b261247b9bc48fac72ef919/web-shell-app.yaml

## ms-vote-sample.yaml
apiVersion: apps/v1beta1 # for versions after 1.8.0 use apps/v1beta2
kind: Deployment
metadata:
  name: azure-vote-back
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: azure-vote-back
    spec:
      containers:
      - name: azure-vote-back
        image: redis
        ports:
        - containerPort: 6379
          name: redis
---
apiVersion: v1
kind: Service
metadata:
  name: azure-vote-back
spec:
  ports:
  - port: 6379
  selector:
    app: azure-vote-back
---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: azure-vote-front
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: azure-vote-front
    spec:
      containers:
      - name: azure-vote-front
        image: microsoft/azure-vote-front:redis-v1
        ports:
        - containerPort: 80
        env:
        - name: REDIS
          value: "azure-vote-back"
---
apiVersion: v1
kind: Service
metadata:
  name: azure-vote-front
spec:
  type: LoadBalancer
  ports:
  - port: 80
  selector:
    app: azure-vote-front

## web-shell-app.yaml
apiVersion: apps/v1beta1 # for versions after 1.8.0 use apps/v1beta2
kind: Deployment
metadata:
  name: sample-app-deploy
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: sample-web
    spec:
      containers:
        - name: sampleweb
          image: paulinhu/k8s-security-netwebshell:0.1
          ports:
            - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: sample-web-svc
spec:
  type: LoadBalancer
  ports:
    - port: 80
  selector:
    app: sample-web
	# Login with your Azure subscription
	az login

	# Register providers required within the subscription
	az provider register -n Microsoft.ContainerService
	az provider register -n Microsoft.Network
	az provider register -n Microsoft.Compute

	# Create resource group to place AKS cluster.
	az group create --name k8s-security-challenge-rg --location centralus

	# Provision AKS cluster based on kubernetes version 1.8.6 - latest supported at time of writing at provisioning time.
	# Notice that I am provisioning it in Central US, for supported regions check https://github.com/Azure/AKS/blob/master/preview_regions.md
	az aks create --name k8s-security-challenge1 --location centralus --node-count 2 -g k8s-security-challenge-rg --kubernetes-version 1.8.6

	# Optional - updates to latest supported running version 1.9.1
	az aks upgrade --name k8s-security-challenge1 -g k8s-security-challenge-rg --kubernetes-version 1.9.1 -y

	# Install kubectl locally to manage the remote cluster
	az aks install-cli

	# Download credentials to manage k8s cluster
	az aks get-credentials --name k8s-security-challenge1 -g k8s-security-challenge-rg

	# Deploy Microsoft Voting Sample Application
	kubectl apply -f https://gist.githubusercontent.com/pjbgf/cd68d149c3d4adf0ecc3b755aa9fb022/raw/2cd6ff55e69326366137e5fad93130dad10ddd41/ms-vote-sample.yaml

	# Deploy Compromised .Net Application
	kubectl apply -f https://gist.github.com/pjbgf/cd68d149c3d4adf0ecc3b755aa9fb022/raw/3e494a4b818c53f42b261247b9bc48fac72ef919/web-shell-app.yaml
	apiVersion: apps/v1beta1 # for versions after 1.8.0 use apps/v1beta2
	kind: Deployment
	metadata:
	name: azure-vote-back
	spec:
	replicas: 1
	template:
	metadata:
	labels:
	app: azure-vote-back
	spec:
	containers:
	- name: azure-vote-back
	image: redis
	ports:
	- containerPort: 6379
	name: redis
	---
	apiVersion: v1
	kind: Service
	metadata:
	name: azure-vote-back
	spec:
	ports:
	- port: 6379
	selector:
	app: azure-vote-back
	---
	apiVersion: apps/v1beta1
	kind: Deployment
	metadata:
	name: azure-vote-front
	spec:
	replicas: 1
	template:
	metadata:
	labels:
	app: azure-vote-front
	spec:
	containers:
	- name: azure-vote-front
	image: microsoft/azure-vote-front:redis-v1
	ports:
	- containerPort: 80
	env:
	- name: REDIS
	value: "azure-vote-back"
	---
	apiVersion: v1
	kind: Service
	metadata:
	name: azure-vote-front
	spec:
	type: LoadBalancer
	ports:
	- port: 80
	selector:
	app: azure-vote-front