jepio · February 22, 2024 14:34
diff --git a/deploy-snp-nginx-azure.sh b/deploy-snp-nginx-azure.sh
 #!/bin/bash

 # run as root
 set -xe

 systemctl disable --now unattended-upgrades

 apt-get update
 apt-get install -y apt-transport-https ca-certificates curl
 mkdir -p /etc/apt/keyrings
 curl -fsSL https://dl.k8s.io/apt/doc/apt-key.gpg | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-archive-keyring.gpg
 echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | tee /etc/apt/sources.list.d/kubernetes.list
 apt-get update
 apt-get install -y kubelet kubeadm kubectl containerd

 # kata-deploy does the wrong thing if this file doesn't exist
 [ -f /etc/containerd/config.toml ] || mkdir -p /etc/containerd && containerd config dump >>/etc/containerd/config.toml
 systemctl enable --now containerd

 echo net.ipv4.ip_forward = 1 >>/etc/sysctl.d/99-k8s.conf
 sysctl --system --write

 echo br_netfilter >>/etc/modules-load.d/k8s.conf
 modprobe br_netfilter

 kubeadm init --pod-network-cidr 10.244.0.0/16

 mkdir -p $HOME/.kube
 cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
 chown $(id -u):$(id -g) $HOME/.kube/config
 if [ -n "${SUDO_USER}" ]; then
  home=$(getent passwd "${SUDO_USER}" | cut -d: -f6)
  mkdir -p $home/.kube
  cp -i /etc/kubernetes/admin.conf $home/.kube/config
  chown -R "$SUDO_USER" $home/.kube
 fi

 # install network
 kubectl taint nodes --all node-role.kubernetes.io/control-plane-
 kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml

 # install coco
 export RELEASE_VERSION=v0.7.0
 kubectl label node --all node.kubernetes.io/worker=
 kubectl apply -k "github.com/confidential-containers/operator/config/release?ref=${RELEASE_VERSION}"
 kubectl apply -k "github.com/confidential-containers/operator/config/samples/ccruntime/default?ref=${RELEASE_VERSION}"

 cat <<EOF >nginx.yaml
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: nginx
 spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 4
  template:
    metadata:
      labels:
        app: nginx
    spec:
      runtimeClassName: kata-qemu-snp
      containers:
      - name: nginx
        image: nginx:latest
        ports:
        - containerPort: 80
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: nginx
 spec:
  selector:
    app: nginx
  ports:
    - protocol: TCP
      port: 80
      targetPort: 80
 EOF
	#!/bin/bash

	# run as root
	set -xe

	systemctl disable --now unattended-upgrades

	apt-get update
	apt-get install -y apt-transport-https ca-certificates curl
	mkdir -p /etc/apt/keyrings
	curl -fsSL https://dl.k8s.io/apt/doc/apt-key.gpg \| sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-archive-keyring.gpg
	echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" \| tee /etc/apt/sources.list.d/kubernetes.list
	apt-get update
	apt-get install -y kubelet kubeadm kubectl containerd

	# kata-deploy does the wrong thing if this file doesn't exist
	[ -f /etc/containerd/config.toml ] \|\| mkdir -p /etc/containerd && containerd config dump >>/etc/containerd/config.toml
	systemctl enable --now containerd

	echo net.ipv4.ip_forward = 1 >>/etc/sysctl.d/99-k8s.conf
	sysctl --system --write

	echo br_netfilter >>/etc/modules-load.d/k8s.conf
	modprobe br_netfilter

	kubeadm init --pod-network-cidr 10.244.0.0/16

	mkdir -p $HOME/.kube
	cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
	chown $(id -u):$(id -g) $HOME/.kube/config
	if [ -n "${SUDO_USER}" ]; then
	home=$(getent passwd "${SUDO_USER}" \| cut -d: -f6)
	mkdir -p $home/.kube
	cp -i /etc/kubernetes/admin.conf $home/.kube/config
	chown -R "$SUDO_USER" $home/.kube
	fi

	# install network
	kubectl taint nodes --all node-role.kubernetes.io/control-plane-
	kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml

	# install coco
	export RELEASE_VERSION=v0.7.0
	kubectl label node --all node.kubernetes.io/worker=
	kubectl apply -k "github.com/confidential-containers/operator/config/release?ref=${RELEASE_VERSION}"
	kubectl apply -k "github.com/confidential-containers/operator/config/samples/ccruntime/default?ref=${RELEASE_VERSION}"

	cat <<EOF >nginx.yaml
	---
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: nginx
	spec:
	selector:
	matchLabels:
	app: nginx
	replicas: 4
	template:
	metadata:
	labels:
	app: nginx
	spec:
	runtimeClassName: kata-qemu-snp
	containers:
	- name: nginx
	image: nginx:latest
	ports:
	- containerPort: 80
	---
	apiVersion: v1
	kind: Service
	metadata:
	name: nginx
	spec:
	selector:
	app: nginx
	ports:
	- protocol: TCP
	port: 80
	targetPort: 80
	EOF