first upload

2025-07-19 16:30:52 +02:00
parent cc0d91a220
commit 946b6ef346
10 changed files with 341 additions and 0 deletions
--- a/2.0.base.sh
+++ b/2.0.base.sh
@@ -0,0 +1,41 @@
+#!/bin/bash
+
+# install calico
+kubectl apply -f https://raw.githubusercontent.com/projectcalico/calico/v3.30.2/manifests/calico.yaml
+
+# install metrics-server
+kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
+
+# patch metrics-server
+kubectl patch deployment metrics-server -n kube-system --patch '{
+  "spec": {
+    "template": {
+      "spec": {
+        "containers": [{
+          "name": "metrics-server",
+          "args": [
+            "--cert-dir=/tmp",
+            "--secure-port=10250",
+            "--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname",
+            "--kubelet-use-node-status-port",
+            "--metric-resolution=15s",
+            "--kubelet-insecure-tls"
+          ]
+        }]
+      }
+    }
+  }
+}'
+
+# namespace based policy
+# Szintek:
+# - privileged: minden engedélyezett, mint root konténer futtatása, privilege escalation stb.
+# - baseline: nem engedi a privilege escalation-t, root jogot stb.
+# - restricted: a legszigorúbb szabály
+kubectl create namespace secure
+kubectl label namespace secure \
+  pod-security.kubernetes.io/enforce=restricted \
+  pod-security.kubernetes.io/enforce-version=latest
+
+# dev-admin és readonly user hozzáadása
+./setup-kind-users.sh