strigazi

openstack stack create \
--template kubemaster.yaml \
--parameter name=kube \
--parameter ssh_key_name=default \
--parameter master_flavor=m1.small \
--parameter fixed_network=357dfedc-7e58-4e15-b169-96d89ef5b160 \
--parameter fixed_subnet=d1d057a8-f91c-4f3c-803f-4e4ad2201008 \
--parameter server_image=c51afe4f-8a52-4fc7-b798-0830e327dfd5 \
kube

strigazi

#!/bin/bash -x
# Upgrade curl
example_req=$(cat << EOF
{
    "max_batch_size": 1,
    "nodegroup": "master",
    "parameters": {"image": "fedora-atomic-new", "kube_tag": "v1.8.2"}
}
EOF
)

strigazi

FROM registry.fedoraproject.org/fedora:rawhide

ENV NAME=kubernetes-master VERSION=0 RELEASE=0 ARCH=x86_64
LABEL bzcomponent="$NAME" \
        name="$FGC/$NAME" \
        version="$VERSION" \
        release="$RELEASE.$DISTTAG" \
        architecture="$ARCH" \
        maintainer="Jason Brooks <jbrooks@redhat.com>"

strigazi

#!/bin/bash

#fedora atomic
rpm-ostree install kubernetes-node kubernetes-client kubernetes-kubeadm kernel-devel vim
#fedora
dnf install kubernetes-node kubernetes-client kubernetes-kubeadm kernel-devel vim
#centos
# for cc7 disable firewalld and restart the node
yum install -y http://cbs.centos.org/kojifiles/packages/centos-release-kubernetes110/1.0/1.el7.centos/x86_64/centos-release-kubernetes110-1.0-1.el7.centos.x86_64.rpm
yum install --disablerepo extras kubernetes-node kubernetes-client kubernetes-kubeadm kernel-devel vim

strigazi

" vim-bootstrap b990cad

"*****************************************************************************
"" Vim-PLug core
"*****************************************************************************
if has('vim_starting')
  set nocompatible               " Be iMproved
endif

let vimplug_exists=expand('~/./autoload/plug.vim')

strigazi

kubernetes.io/ingress.class: nginx-cluster
kubernetes.io/ingress.class: traefik

nginx.ingress.kubernetes.io/proxy-body-size: "0"
# doesn't exitst

nginx.ingress.kubernetes.io/rewrite-target: /
traefik.ingress.kubernetes.io/rewrite-target: /

# tls will be terminated at the pod

strigazi

apt-get update && \
apt-get install  -y \
    apt-transport-https \
    ca-certificates \
    curl \
    software-properties-common
    
    
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -

strigazi

#!/bin/bash

# Thanks to https://github.com/tdg5/blog/blob/0d80ab3e5ad30fe08426b444f98c0b5774cc0578/_includes/scripts/dd_obs_test.sh

# Since we're dealing with dd, abort if any errors occur
set -e

TEST_FILE=${1:-dd_obs_testfile}
TEST_FILE_EXISTS=0
if [ -e "$TEST_FILE" ]; then TEST_FILE_EXISTS=1; fi

strigazi

[root@strigazi-fa-01 fedora]# sha256sum /usr/bin/runc
32ef8e0ae2b98dd0aab3e92699cac3d99894287f94e0887c5d23dc10c7b438b8  /usr/bin/runc
[root@strigazi-fa-01 fedora]# docker run gitlab-registry.cern.ch/strigazi/containers/cve-2019-5736-poc
...
Status: Downloaded newer image for gitlab-registry.cern.ch/strigazi/containers/cve-2019-5736-poc:latest
HAX2: argv: /proc/self/fd/3
HAX2: fd: -1
HAX2: res: -1, 9
[root@strigazi-fa-01 fedora]# strings /usr/bin/runc | tail -n 3
.text

strigazi

root@strigazi-kubeadm-cluster-02:/home/ubuntu# strings /usr/bin/docker-runc  | tail -n5
.debug_str
.debug_loc
.debug_pubtypes
.debug_ranges
.debug_gdb_scripts
root@strigazi-kubeadm-cluster-02:/home/ubuntu# sha256sum /usr/bin/docker-runc 
6cd5b2d83cfe84fc59947cf4a17898ebfd03d61e13ce0dc179be787b77104a3a  /usr/bin/docker-runc
root@strigazi-kubeadm-cluster-02:/home/ubuntu# /usr/bin/docker-runc --version
runc version 1.0.0-rc5+dev