code/single-node-kubernetes/setup-k8s-node.sh

#!/bin/bash

apt update
apt install containerd -y 
systemctl stop containerd
containerd config default | sed 's/SystemdCgroup.*=.*false/SystemdCgroup = true/g' > /etc/containerd/config.toml
systemctl start containerd
systemctl enable containerd
mkdir -p /etc/containerd


cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF

sudo modprobe overlay
sudo modprobe br_netfilter

cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables  = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward                 = 1
EOF

sysctl --system 

apt-get install -y apt-transport-https ca-certificates curl gpg
mkdir -p /etc/apt/keyrings
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.29/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.29/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list

sudo apt-get update
VERSION=1.29.2-1.1
sudo apt-get install -y kubelet=$VERSION kubeadm=$VERSION kubectl=$VERSION
sudo apt-mark hold kubelet kubeadm kubectl

apt-get install apt-file apparmor-utils auditd etcd-client jq strace -y 


# kube-bench
curl -L https://github.com/aquasecurity/kube-bench/releases/download/v0.7.2/kube-bench_0.7.2_linux_amd64.deb -o kube-bench_0.7.2_linux_amd64.deb
dpkg -i kube-bench_0.7.2_linux_amd64.deb 

# trivy 
sudo apt-get install wget apt-transport-https gnupg lsb-release
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | sudo tee /usr/share/keyrings/trivy.gpg > /dev/null
echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | sudo tee -a /etc/apt/sources.list.d/trivy.list
sudo apt-get update
sudo apt-get install trivy

# falco
curl -fsSL https://falco.org/repo/falcosecurity-packages.asc | \
  sudo gpg --dearmor -o /usr/share/keyrings/falco-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/falco-archive-keyring.gpg] https://download.falco.org/packages/deb stable main" | \
tee -a /etc/apt/sources.list.d/falcosecurity.list
apt-get update -y

# non-eBPF
#apt install -y dkms make linux-headers-$(uname -r)
# If you use falcoctl driver loader to build the eBPF probe locally you need also clang toolchain
#apt install -y clang llvm
# You can install also the dialog package if you want it
#apt install -y dialog
apt-get install -y falco

mkdir -p /usr/share/falco/plugins

curl -Lo /tmp/falcorules.tar.gz https://download.falco.org/rules/falco-incubating-rules-3.0.1.tar.gz
(
  cd /etc/falco/rules.d
  tar xvfz /tmp/falcorules.tar.gz
)

if grep ubuntu /etc/os-release
then
  falcoctl driver config --type ebpf
  falcoctl driver install  
  systemctl start falco-bpf
  systemctl enable falco-bpf
else
  falcoctl driver config --type modern_ebpf
  #falcoctl artifact install k8saudit-rules
  systemctl enable falco-modern-bpf
  systemctl restart falco-modern-bpf
fi
single node kubernetes cluster using vagrant. 2024-04-16 20:24:55 +00:00			`#!/bin/bash`

			`apt update`
			`apt install containerd -y`
			`systemctl stop containerd`
			`containerd config default \| sed 's/SystemdCgroup.=.false/SystemdCgroup = true/g' > /etc/containerd/config.toml`
			`systemctl start containerd`
			`systemctl enable containerd`
			`mkdir -p /etc/containerd`


			`cat <<EOF \| sudo tee /etc/modules-load.d/k8s.conf`
			`overlay`
			`br_netfilter`
			`EOF`

			`sudo modprobe overlay`
			`sudo modprobe br_netfilter`

			`cat <<EOF \| sudo tee /etc/sysctl.d/k8s.conf`
			`net.bridge.bridge-nf-call-iptables = 1`
			`net.bridge.bridge-nf-call-ip6tables = 1`
			`net.ipv4.ip_forward = 1`
			`EOF`

			`sysctl --system`

			`apt-get install -y apt-transport-https ca-certificates curl gpg`
			`mkdir -p /etc/apt/keyrings`
			`curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.29/deb/Release.key \| sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg`
			`echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.29/deb/ /' \| sudo tee /etc/apt/sources.list.d/kubernetes.list`

			`sudo apt-get update`
			`VERSION=1.29.2-1.1`
			`sudo apt-get install -y kubelet=$VERSION kubeadm=$VERSION kubectl=$VERSION`
			`sudo apt-mark hold kubelet kubeadm kubectl`

			`apt-get install apt-file apparmor-utils auditd etcd-client jq strace -y`


			`# kube-bench`
			`curl -L https://github.com/aquasecurity/kube-bench/releases/download/v0.7.2/kube-bench_0.7.2_linux_amd64.deb -o kube-bench_0.7.2_linux_amd64.deb`
			`dpkg -i kube-bench_0.7.2_linux_amd64.deb`

			`# trivy`
			`sudo apt-get install wget apt-transport-https gnupg lsb-release`
			`wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key \| gpg --dearmor \| sudo tee /usr/share/keyrings/trivy.gpg > /dev/null`
			`echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" \| sudo tee -a /etc/apt/sources.list.d/trivy.list`
			`sudo apt-get update`
			`sudo apt-get install trivy`

			`# falco`
			`curl -fsSL https://falco.org/repo/falcosecurity-packages.asc \| \`
			`sudo gpg --dearmor -o /usr/share/keyrings/falco-archive-keyring.gpg`
			`echo "deb [signed-by=/usr/share/keyrings/falco-archive-keyring.gpg] https://download.falco.org/packages/deb stable main" \| \`
			`tee -a /etc/apt/sources.list.d/falcosecurity.list`
			`apt-get update -y`

			`# non-eBPF`
			`#apt install -y dkms make linux-headers-$(uname -r)`
			`# If you use falcoctl driver loader to build the eBPF probe locally you need also clang toolchain`
			`#apt install -y clang llvm`
			`# You can install also the dialog package if you want it`
			`#apt install -y dialog`
			`apt-get install -y falco`

			`mkdir -p /usr/share/falco/plugins`

			`curl -Lo /tmp/falcorules.tar.gz https://download.falco.org/rules/falco-incubating-rules-3.0.1.tar.gz`
			`(`
			`cd /etc/falco/rules.d`
			`tar xvfz /tmp/falcorules.tar.gz`
			`)`

			`if grep ubuntu /etc/os-release`
			`then`
			`falcoctl driver config --type ebpf`
			`falcoctl driver install`
			`systemctl start falco-bpf`
			`systemctl enable falco-bpf`
			`else`
			`falcoctl driver config --type modern_ebpf`
			`#falcoctl artifact install k8saudit-rules`
			`systemctl enable falco-modern-bpf`
			`systemctl restart falco-modern-bpf`
			`fi`