...
kubectl replace -f - <<EOF
apiVersion: v1
kind: ServiceAccount
metadata:
name: default
namespace: default
automountServiceAccountToken: false
EOF
Bluval CI script
Code Block | ||||
---|---|---|---|---|
| ||||
set -euo pipefail
cwd=$(pwd)
results_dir=$cwd/results
sudo rm -fr $results_dir
sudo rm -f $cwd/results.zip
mkdir -p $results_dir
blueprint=kubeedgees
info () {
logger -s -t "run_bluval.info" "$*"
}
error () {
logger -s -t "run_bluval.error" "$*"
exit 1
}
cwd=$cwd/validation
cd $cwd
# update information in volumes yaml
sed -i \
-e "/ssh_key_dir/{n; s@local: ''@local: '$SSH_KEY_DIR'@}" \
-e "/kube_config_dir/{n; s@local: ''@local: '$K8S_CONFIG_DIR'@}" \
-e "/custom_variables_file/{n; s@local: ''@local: '$cwd/tests/variables.yaml'@}" \
-e "/blueprint_dir/{n; s@local: ''@local: '$cwd/bluval/'@}" \
-e "/results_dir/{n; s@local: ''@local: '$results_dir'@}" \
"$cwd/bluval/volumes.yaml"
sed -i \
-e "s/host: [0-9]*.[0-9]*.[0-9]*.[0-9]*/host: $CLUSTER_MASTER_IP/" \
-e "s/username: [A-Za-z0-9_]* /username: $SSH_USER/" \
-e "s/password: [A-Za-z0-9_]* /password: /" \
-e "s|ssh_keyfile: [A-Za-z0-9_]* |ssh_keyfile: /root/.ssh/id_rsa|" \
"$cwd/tests/variables.yaml"
cat >"$cwd/bluval/bluval-kubeedgees.yaml" <<EOF
blueprint:
name: kubeedgees
layers:
- os
- k8s
os: &os
-
name: lynis
what: lynis
optional: "False"
-
name: vuls
what: vuls
optional: "False"
k8s: &k8s
-
name: kube-hunter
what: kube-hunter
optional: "False"
EOF
$cwd/bluval/blucon.sh $blueprint
if [ $? -ne 0 ]; then
sudo chown -R $(id -u):$(id -g) "$results_dir"
error "blucon.sh exited with return code $?"
fi
sudo chown -R $(id -u):$(id -g) "$results_dir"
echo $BLUEPRINT_BUILD_VERSION
source ~/.lftools/bin/activate
NEXUS_PATH="${LAB_SILO}/$blueprint/$BLUEPRINT_BUILD_VERSION"
cd "$results_dir/.." && zip -r results.zip ./results
lftools deploy nexus-zip https://nexus.akraino.org/ logs "$NEXUS_PATH" results.zip |