Skip to content

Commit

Permalink
Harden MicroK8s (canonical#590)
Browse files Browse the repository at this point in the history 
* Remove the insecure 8080 port
* Change permissions to certs and credentials
* Move etcd to a port and use certs to access it
  • Loading branch information
@ktsakalozos
ktsakalozos committed Aug 19, 2019
1 parent 690fe95 commit 8173dce
Show file tree
Hide file tree
Showing 39 changed files with 307 additions and 78 deletions.
4 changes: 2 additions & 2 deletions .travis.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ script:
- ./tests/smoke-test.sh
- export UNDER_TIME_PRESURE="True"
- (cd tests; pytest -s verify-branches.py)
- (cd tests; pytest -s test-addons.py)
- (cd tests; sudo pytest -s test-addons.py)
- sudo microk8s.reset
- sudo snap remove microk8s
- UPGRADE_MICROK8S_FROM=edge UPGRADE_MICROK8S_TO=`pwd`/`ls microk8s*.snap` pytest -s ./tests/test-upgrade.py
- sudo UPGRADE_MICROK8S_FROM=edge UPGRADE_MICROK8S_TO=`pwd`/`ls microk8s*.snap` pytest -s ./tests/test-upgrade.py
14 changes: 11 additions & 3 deletions microk8s-resources/actions/common/utils.sh
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,13 @@
#!/usr/bin/env bash

exit_if_no_permissions() {
# test if we can access the default kubeconfig
if [ ! -r $SNAP_DATA/credentials/client.config ]; then
echo "You do not have enough permissions to access MicroK8s. Please try again with sudo."
exit 1
fi
}

exit_if_stopped() {
# test if the snap is marked as stopped
if [ -e ${SNAP_DATA}/var/lock/stopped.lock ]
Expand Down Expand Up @@ -239,7 +247,7 @@ render_csr_conf() {
get_node() {
# Returns the node name or no_node_found in case no node is present

KUBECTL="$SNAP/kubectl --kubeconfig=$SNAP/client.config"
KUBECTL="$SNAP/kubectl --kubeconfig=${SNAP_DATA}/credentials/client.config"

timeout=60
start_timer="$(date +%s)"
Expand Down Expand Up @@ -267,7 +275,7 @@ drain_node() {
# Drain node

node="$(get_node)"
KUBECTL="$SNAP/kubectl --kubeconfig=$SNAP/client.config"
KUBECTL="$SNAP/kubectl --kubeconfig=${SNAP_DATA}/credentials/client.config"
if ! [ "${node}" == "no_node_found" ]
then
$KUBECTL drain $node --timeout=120s --grace-period=60 --delete-local-data=true || true
Expand All @@ -279,7 +287,7 @@ uncordon_node() {
# Un-drain node

node="$(get_node)"
KUBECTL="$SNAP/kubectl --kubeconfig=$SNAP/client.config"
KUBECTL="$SNAP/kubectl --kubeconfig=${SNAP_DATA}/credentials/client.config"
if ! [ "${node}" == "no_node_found" ]
then
$KUBECTL uncordon $node || true
Expand Down
2 changes: 1 addition & 1 deletion microk8s-resources/actions/disable.dns.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ source $SNAP/actions/common/utils.sh

echo "Disabling DNS"
echo "Reconfiguring kubelet"
KUBECTL="$SNAP/kubectl --kubeconfig=$SNAP/client.config"
KUBECTL="$SNAP/kubectl --kubeconfig=${SNAP_DATA}/credentials/client.config"

# Delete the dns yaml
# We need to wait for the dns pods to terminate before we restart kubelet
Expand Down
8 changes: 5 additions & 3 deletions microk8s-resources/actions/disable.fluentd.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,12 @@ source $SNAP/actions/common/utils.sh

echo "Disabling Fluentd-Elasticsearch"

NODENAME="$("$SNAP/kubectl" "--kubeconfig=$SNAP/client.config" get no -o yaml | grep " name:"| awk '{print $2}')"
KUBECTL="$SNAP/kubectl --kubeconfig=${SNAP_DATA}/credentials/client.config"

"$SNAP/kubectl" "--kubeconfig=$SNAP/client.config" label nodes "$NODENAME" beta.kubernetes.io/fluentd-ds-ready- || true
NODENAME="$($KUBECTL get no -o yaml | grep " name:"| awk '{print $2}')"

"$SNAP/kubectl" "--kubeconfig=$SNAP/client.config" delete -f "${SNAP}/actions/fluentd"
$KUBECTL label nodes "$NODENAME" beta.kubernetes.io/fluentd-ds-ready- || true

$KUBECTL delete -f "${SNAP}/actions/fluentd"

echo "Fluentd-Elasticsearch is disabled"
4 changes: 3 additions & 1 deletion microk8s-resources/actions/disable.istio.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,9 @@ source $SNAP/actions/common/utils.sh

echo "Disabling Istio"

"$SNAP/kubectl" "--kubeconfig=$SNAP_DATA/credentials/client.config" delete namespaces istio-system
KUBECTL="$SNAP/kubectl --kubeconfig=${SNAP_DATA}/credentials/client.config"

$KUBECTL delete namespaces istio-system
sudo rm -rf "${SNAP_DATA}/bin/istioctl"
sudo rm -rf "$SNAP_USER_COMMON/istio-auth.lock"
sudo rm -rf "$SNAP_USER_COMMON/istio.lock"
Expand Down
5 changes: 3 additions & 2 deletions microk8s-resources/actions/disable.jaeger.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
set -e
source $SNAP/actions/common/utils.sh
echo "Disabling Jaeger"
"$SNAP/kubectl" "--kubeconfig=$SNAP/client.config" delete -f "${SNAP}/actions/jaeger"
"$SNAP/kubectl" "--kubeconfig=$SNAP/client.config" delete -f "${SNAP}/actions/jaeger/crds"
KUBECTL="$SNAP/kubectl --kubeconfig=${SNAP_DATA}/credentials/client.config"
$KUBECTL delete -f "${SNAP}/actions/jaeger"
$KUBECTL delete -f "${SNAP}/actions/jaeger/crds"
echo "The Jaeger operator is disabled"
3 changes: 2 additions & 1 deletion microk8s-resources/actions/disable.knative.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ source $SNAP/actions/common/utils.sh
echo "Disabling Knative"

# || true is there to handle race conditions in deleteing resources
"$SNAP/kubectl" "--kubeconfig=$SNAP_DATA/credentials/client.config" delete -f "$SNAP/actions/knative/" || true
KUBECTL="$SNAP/kubectl --kubeconfig=${SNAP_DATA}/credentials/client.config"
$KUBECTL delete -f "$SNAP/actions/knative/" || true

echo "Knative is terminating"
7 changes: 4 additions & 3 deletions microk8s-resources/actions/disable.linkerd.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,9 @@ source $SNAP/actions/common/utils.sh
echo "Disabling Linkerd"
echo "Removing linkerd data plane."
#This statement will not terminate the script if there is an error. Error happens when there is no result returned by getting the resources with label -l "linkerd.io/control-plane-ns"
"$SNAP/kubectl" "--kubeconfig=$SNAP/client.config" get --all-namespaces daemonset,deploy,job,statefulset -l "linkerd.io/control-plane-ns" -o yaml | "$SNAP_DATA/bin/linkerd" uninject - | "$SNAP/kubectl" "--kubeconfig=$SNAP/client.config" apply -f - || true
KUBECTL="$SNAP/kubectl --kubeconfig=${SNAP_DATA}/credentials/client.config"
$KUBECTL get --all-namespaces daemonset,deploy,job,statefulset -l "linkerd.io/control-plane-ns" -o yaml | "$SNAP_DATA/bin/linkerd" uninject - | $KUBECTL apply -f - || true
echo "Removing linkerd control plane"
"$SNAP_DATA/bin/linkerd" "--kubeconfig=$SNAP/client.config" install "--ignore-cluster" | "$SNAP/kubectl" "--kubeconfig=$SNAP/client.config" delete -f -
"$SNAP_DATA/bin/linkerd" "--kubeconfig=${SNAP_DATA}/credentials/client.config" install "--ignore-cluster" | $KUBECTL delete -f -
echo "Deleting linkerd binary."
sudo rm -f "$SNAP_DATA/bin/linkerd"
sudo rm -f "$SNAP_DATA/bin/linkerd"
6 changes: 4 additions & 2 deletions microk8s-resources/actions/disable.prometheus.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,9 @@ set -e
source $SNAP/actions/common/utils.sh

echo "Disabling Prometheus"
"$SNAP/kubectl" "--kubeconfig=$SNAP/client.config" delete -f "${SNAP}/actions/prometheus"
"$SNAP/kubectl" "--kubeconfig=$SNAP/client.config" delete -f "${SNAP}/actions/prometheus/resources"
KUBECTL="$SNAP/kubectl --kubeconfig=${SNAP_DATA}/credentials/client.config"

$KUBECTL delete -f "${SNAP}/actions/prometheus"
$KUBECTL delete -f "${SNAP}/actions/prometheus/resources"

echo "The Prometheus operator is disabled"
2 changes: 1 addition & 1 deletion microk8s-resources/actions/disable.rbac.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ else
fi

echo "Removing default RBAC resources"
KUBECTL="$SNAP/kubectl --kubeconfig=$SNAP/client.config"
KUBECTL="$SNAP/kubectl --kubeconfig=${SNAP_DATA}/credentials/client.config"
tmp_manifest="${SNAP_USER_DATA}/tmp/temp.rbac.yaml"
trap "rm -f '${tmp_manifest}'" EXIT ERR INT TERM
mkdir -p "${SNAP_USER_DATA}/tmp"
Expand Down
7 changes: 4 additions & 3 deletions microk8s-resources/actions/enable.fluentd.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,10 @@ source $SNAP/actions/common/utils.sh

echo "Enabling Fluentd-Elasticsearch"

KUBECTL="$SNAP/kubectl --kubeconfig=${SNAP_DATA}/credentials/client.config"
echo "Labeling nodes"
NODENAME="$("$SNAP/kubectl" "--kubeconfig=$SNAP/client.config" get no -o yaml | grep " name:"| awk '{print $2}')"
"$SNAP/kubectl" "--kubeconfig=$SNAP/client.config" label nodes "$NODENAME" beta.kubernetes.io/fluentd-ds-ready=true || true
NODENAME="$($KUBECTL get no -o yaml | grep " name:"| awk '{print $2}')"
$KUBECTL label nodes "$NODENAME" beta.kubernetes.io/fluentd-ds-ready=true || true


"$SNAP/microk8s-enable.wrapper" dns
Expand All @@ -21,6 +22,6 @@ sudo systemctl restart snap.${SNAP_NAME}.daemon-apiserver

sleep 5

"$SNAP/kubectl" "--kubeconfig=$SNAP/client.config" apply -f "${SNAP}/actions/fluentd"
$KUBECTL apply -f "${SNAP}/actions/fluentd"

echo "Fluentd-Elasticsearch is enabled"
7 changes: 4 additions & 3 deletions microk8s-resources/actions/enable.istio.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,17 +34,18 @@ fi

read -p "Enforce mutual TLS authentication (https://bit.ly/2KB4j04) between sidecars? If unsure, choose N. (y/N): " confirm

KUBECTL="$SNAP/kubectl --kubeconfig=${SNAP_DATA}/credentials/client.config"
for i in "${SNAP_DATA}"/actions/istio/crd*yaml
do
"$SNAP/kubectl" "--kubeconfig=$SNAP/client.config" apply -f "$i"
$KUBECTL apply -f "$i"
done

if [[ $confirm == [yY] || $confirm == [yY][eE][sS] ]]
then
"$SNAP/kubectl" "--kubeconfig=$SNAP/client.config" apply -f "${SNAP_DATA}/actions/istio/istio-demo-auth.yaml"
$KUBECTL apply -f "${SNAP_DATA}/actions/istio/istio-demo-auth.yaml"
sudo touch "$SNAP_USER_COMMON/istio-auth.lock"
else
"$SNAP/kubectl" "--kubeconfig=$SNAP/client.config" apply -f "${SNAP_DATA}/actions/istio/istio-demo.yaml"
$KUBECTL apply -f "${SNAP_DATA}/actions/istio/istio-demo.yaml"
sudo touch "$SNAP_USER_COMMON/istio.lock"
fi

Expand Down
5 changes: 3 additions & 2 deletions microk8s-resources/actions/enable.jaeger.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,13 +8,14 @@ echo "Enabling Jaeger"

"$SNAP/microk8s-enable.wrapper" dns ingress

"$SNAP/kubectl" "--kubeconfig=$SNAP/client.config" apply -f "${SNAP}/actions/jaeger/crds"
KUBECTL="$SNAP/kubectl --kubeconfig=${SNAP_DATA}/credentials/client.config"
$KUBECTL apply -f "${SNAP}/actions/jaeger/crds"

n=0
until [ $n -ge 10 ]
do
sleep 3
("$SNAP/kubectl" "--kubeconfig=$SNAP/client.config" apply -f "${SNAP}/actions/jaeger/") && break
($KUBECTL apply -f "${SNAP}/actions/jaeger/") && break
n=$[$n+1]
if [ $n -ge 10 ]; then
echo "Jaeger operator failed to install"
Expand Down
7 changes: 4 additions & 3 deletions microk8s-resources/actions/enable.knative.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,9 @@ echo "Enabling Knative"
echo "Waiting for Istio to be ready"
JSONPATH='{range .items[*]}{range @.status.readyReplicas}{@}{"\n"}{end}{end}'

KUBECTL="$SNAP/kubectl --kubeconfig=${SNAP_DATA}/credentials/client.config"
# Wait for all 12 Istio deployments to be ready.
while ! [ $($SNAP/kubectl get deployments -n istio-system -o jsonpath="$JSONPATH" | grep 1 | wc -l) -eq 12 ]
while ! [ $($KUBECTL get deployments -n istio-system -o jsonpath="$JSONPATH" | grep 1 | wc -l) -eq 12 ]
do
echo -n "."
sleep 2
Expand All @@ -25,7 +26,7 @@ n=0
until [ $n -ge 10 ]
do
sleep 3
("$SNAP/kubectl" "--kubeconfig=$SNAP/client.config" apply --selector knative.dev/crd-install=true \
($KUBECTL apply --selector knative.dev/crd-install=true \
-f ${SNAP}/actions/knative/serving.yaml \
-f ${SNAP}/actions/knative/build.yaml \
-f ${SNAP}/actions/knative/release.yaml \
Expand All @@ -42,7 +43,7 @@ n=0
until [ $n -ge 10 ]
do
sleep 3
("$SNAP/kubectl" "--kubeconfig=$SNAP/client.config" apply \
($KUBECTL apply \
-f ${SNAP}/actions/knative/serving.yaml \
-f ${SNAP}/actions/knative/build.yaml \
-f ${SNAP}/actions/knative/release.yaml \
Expand Down
5 changes: 3 additions & 2 deletions microk8s-resources/actions/enable.linkerd.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ fi

echo "Enabling Linkerd2"
# pod/servicegraph will start failing without dns
KUBECTL="$SNAP/kubectl --kubeconfig=${SNAP_DATA}/credentials/client.config"
"$SNAP/microk8s-enable.wrapper" dns
"$SNAP_DATA/bin/linkerd" "--kubeconfig=$SNAP/client.config" install "${argz[@]}" | "$SNAP/kubectl" "--kubeconfig=$SNAP/client.config" apply -f -
echo "Linkerd is starting"
"$SNAP_DATA/bin/linkerd" "--kubeconfig=$SNAP_DATA/credentials/client.config" install "${argz[@]}" | $KUBECTL apply -f -
echo "Linkerd is starting"
5 changes: 3 additions & 2 deletions microk8s-resources/actions/enable.prometheus.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,13 +5,14 @@ set -e
source $SNAP/actions/common/utils.sh

echo "Enabling Prometheus"
"$SNAP/kubectl" "--kubeconfig=$SNAP/client.config" apply -f "${SNAP}/actions/prometheus/resources"
KUBECTL="$SNAP/kubectl --kubeconfig=${SNAP_DATA}/credentials/client.config"
$KUBECTL apply -f "${SNAP}/actions/prometheus/resources"

n=0
until [ $n -ge 10 ]
do
sleep 3
("$SNAP/kubectl" "--kubeconfig=$SNAP/client.config" apply -f "${SNAP}/actions/prometheus/") && break
($KUBECTL apply -f "${SNAP}/actions/prometheus/") && break
n=$[$n+1]
if [ $n -ge 10 ]; then
echo "The Prometheus operator failed to install"
Expand Down
2 changes: 1 addition & 1 deletion microk8s-resources/actions/enable.rbac.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ source $SNAP/actions/common/utils.sh
echo "Enabling RBAC"

echo "Reconfiguring apiserver"
refresh_opt_in_config "authorization-mode" "RBAC" kube-apiserver
refresh_opt_in_config "authorization-mode" "RBAC,Node" kube-apiserver
sudo systemctl restart snap.${SNAP_NAME}.daemon-apiserver

echo "RBAC is enabled"
8 changes: 4 additions & 4 deletions microk8s-resources/client.config.template
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,13 +7,13 @@ clusters:
contexts:
- context:
cluster: microk8s-cluster
user: admin
user: NAME
name: microk8s
current-context: microk8s
kind: Config
preferences: {}
users:
- name: admin
- name: NAME
user:
username: admin
password: PASSWORD
username: NAME
AUTHTYPE: PASSWORD
8 changes: 6 additions & 2 deletions microk8s-resources/default-args/etcd
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
--data-dir=${SNAP_COMMON}/var/run/etcd
--advertise-client-urls=unix://etcd.socket:2379
--listen-client-urls=unix://etcd.socket:2379
--advertise-client-urls=https://${DEFAULT_INTERFACE_IP_ADDR}:12379
--listen-client-urls=https://0.0.0.0:12379
--client-cert-auth
--trusted-ca-file=${SNAP_DATA}/certs/ca.crt
--cert-file=${SNAP_DATA}/certs/server.crt
--key-file=${SNAP_DATA}/certs/server.key
9 changes: 6 additions & 3 deletions microk8s-resources/default-args/kube-apiserver
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,4 @@
--insecure-bind-address=127.0.0.1
--cert-dir=${SNAP_DATA}/certs
--etcd-servers='unix://etcd.socket:2379'
--service-cluster-ip-range=10.152.183.0/24
--authorization-mode=AlwaysAllow
--basic-auth-file=${SNAP_DATA}/credentials/basic_auth.csv
Expand All @@ -11,7 +9,12 @@
--kubelet-client-certificate=${SNAP_DATA}/certs/server.crt
--kubelet-client-key=${SNAP_DATA}/certs/server.key
--secure-port=16443
--insecure-port=8080
--token-auth-file=${SNAP_DATA}/credentials/known_tokens.csv
--token-auth-file=${SNAP_DATA}/credentials/known_tokens.csv
--etcd-servers='https://127.0.0.1:12379'
--etcd-cafile=${SNAP_DATA}/certs/ca.crt
--etcd-certfile=${SNAP_DATA}/certs/server.crt
--etcd-keyfile=${SNAP_DATA}/certs/server.key

# Enable the aggregation layer
--requestheader-client-ca-file=${SNAP_DATA}/certs/ca.crt
Expand Down
3 changes: 2 additions & 1 deletion microk8s-resources/default-args/kube-controller-manager
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
--master='http://127.0.0.1:8080'
--kubeconfig=${SNAP_DATA}/credentials/controller.config
--service-account-private-key-file=${SNAP_DATA}/certs/serviceaccount.key
--root-ca-file=${SNAP_DATA}/certs/ca.crt
--cluster-signing-cert-file=${SNAP_DATA}/certs/ca.crt
--cluster-signing-key-file=${SNAP_DATA}/certs/ca.key
--address=127.0.0.1
--use-service-account-credentials
3 changes: 1 addition & 2 deletions microk8s-resources/default-args/kube-proxy
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
--master='http://127.0.0.1:8080'
--kubeconfig=${SNAP_DATA}/credentials/proxy.config
--cluster-cidr=10.152.183.0/24
--kubeconfig=${SNAP}/kubeproxy.config
--healthz-bind-address=127.0.0.1
2 changes: 1 addition & 1 deletion microk8s-resources/default-args/kube-scheduler
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
--master='http://127.0.0.1:8080'
--kubeconfig=${SNAP_DATA}/credentials/scheduler.config
--address=127.0.0.1
2 changes: 1 addition & 1 deletion microk8s-resources/default-args/kubelet
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
--kubeconfig=${SNAP}/configs/kubelet.config
--kubeconfig=${SNAP_DATA}/credentials/kubelet.config
--cert-dir=${SNAP_DATA}/certs
--client-ca-file=${SNAP_DATA}/certs/ca.crt
--anonymous-auth=false
Expand Down
1 change: 1 addition & 0 deletions microk8s-resources/wrappers/apiservice-kicker
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ do
then
echo "CSR change detected. Reconfiguring the kube-apiserver"
rm -rf .srl
systemctl restart snap.microk8s.daemon-etcd.service
systemctl restart snap.microk8s.daemon-containerd.service
systemctl restart snap.microk8s.daemon-apiserver.service
systemctl restart snap.microk8s.daemon-proxy.service
Expand Down
2 changes: 2 additions & 0 deletions microk8s-resources/wrappers/microk8s-config.wrapper
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,8 @@ while true; do
esac
done

exit_if_no_permissions

if [[ "$USE_LOOPBACK" == "true" ]]; then
cat "$SNAP_DATA/credentials/client.config"
else
Expand Down
2 changes: 2 additions & 0 deletions microk8s-resources/wrappers/microk8s-disable.wrapper
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,8 @@ if echo "$*" | grep -q -- '--help'; then
fi

exit_if_stopped
exit_if_no_permissions

result=1
for action in "$@"; do
# If there is a script to execute for the action $1 run the script and ignore any yamls
Expand Down
2 changes: 2 additions & 0 deletions microk8s-resources/wrappers/microk8s-enable.wrapper
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,8 @@ if echo "$*" | grep -q -- '--help'; then
fi

exit_if_stopped
exit_if_no_permissions

result=1
for addon in "$@"; do

Expand Down
7 changes: 6 additions & 1 deletion microk8s-resources/wrappers/microk8s-istioctl.wrapper
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,11 +11,16 @@ if [ ! -f "${SNAP_DATA}/bin/istioctl" ]; then
fi

source $SNAP/actions/common/utils.sh

if echo "$*" | grep -v -q -- '--kubeconfig'; then
exit_if_no_permissions
fi

ARCH=$(arch)
if ! [ "${ARCH}" = "amd64" ]
then
echo "Istio is not available for ${ARCH}"
else
exit_if_stopped
"${SNAP_DATA}/bin/istioctl" --kubeconfig=$SNAP/client.config "$@"
"${SNAP_DATA}/bin/istioctl" --kubeconfig=${SNAP_DATA}/credentials/client.config "$@"
fi
Loading

0 comments on commit 8173dce

Please sign in to comment.