42 lines
1.2 KiB
Bash
Executable File
42 lines
1.2 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# install calico
|
|
kubectl apply -f https://raw.githubusercontent.com/projectcalico/calico/v3.30.2/manifests/calico.yaml
|
|
|
|
# install metrics-server
|
|
kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
|
|
|
|
# patch metrics-server
|
|
kubectl patch deployment metrics-server -n kube-system --patch '{
|
|
"spec": {
|
|
"template": {
|
|
"spec": {
|
|
"containers": [{
|
|
"name": "metrics-server",
|
|
"args": [
|
|
"--cert-dir=/tmp",
|
|
"--secure-port=10250",
|
|
"--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname",
|
|
"--kubelet-use-node-status-port",
|
|
"--metric-resolution=15s",
|
|
"--kubelet-insecure-tls"
|
|
]
|
|
}]
|
|
}
|
|
}
|
|
}
|
|
}'
|
|
|
|
# namespace based policy
|
|
# Szintek:
|
|
# - privileged: minden engedélyezett, mint root konténer futtatása, privilege escalation stb.
|
|
# - baseline: nem engedi a privilege escalation-t, root jogot stb.
|
|
# - restricted: a legszigorúbb szabály
|
|
kubectl create namespace secure
|
|
kubectl label namespace secure \
|
|
pod-security.kubernetes.io/enforce=restricted \
|
|
pod-security.kubernetes.io/enforce-version=latest
|
|
|
|
# dev-admin és readonly user hozzáadása
|
|
./setup-kind-users.sh
|