forked from porec/kubeinstall
-
Notifications
You must be signed in to change notification settings - Fork 0
/
pcc_deploy.sh
204 lines (146 loc) · 7.94 KB
/
pcc_deploy.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
#!/bin/bash
green=`tput setaf 2`
red=`tput setaf 1`
reset=`tput sgr0`
echo "${red}Please Copy-Paste Prisma Cloud Compute Download link below:${reset}"
read pcc_lnk
export PCC_LINK=$pcc_lnk
export PCC_FILE=$(echo $PCC_LINK | cut -d "/" -f 6)
echo "${red}Please Copy-Paste Prisma Cloud Compute Access Token below:${reset}"
read pcc_tok
export PCC_TOKEN=$pcc_tok
echo "${red}Please Copy-Paste Prisma Cloud Compute License key below:${reset}"
read pcc_lic
export PCC_LICENSE=$pcc_lic
echo "${red}Please provide initial user name for login to Prisma Cloud Compute Console below: i.e. admin${reset}"
read usr_nam
export PCC_USER=$usr_nam
echo "${red}Please provide password for initial user ${PCC_USER} below: ${reset}"
read usr_pas
export PCC_PASS=$usr_pas
sleep 1s
echo "------------------------------------------------------------------------------------------------------------------------------------"
echo "${green}Downloading Prisma Cloud Compute Software${reset}"
echo "------------------------------------------------------------------------------------------------------------------------------------"
mkdir prisma_cloud
wget $PCC_LINK
tar xvzf $PCC_FILE -C prisma_cloud/
sleep 1s
echo "------------------------------------------------------------------------------------------------------------------------------------"
echo "${green}Creating Persistent Volume for Prisma Cloud Compute Console: 1GB is enough for Test deployment${reset}"
echo "------------------------------------------------------------------------------------------------------------------------------------"
#Creating directory mapping for persistent volume
mkdir /var/pcc-volume
# Creating local persistent volume on Master Node
cat << EOF > pcc-pv.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: pcc-volume
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: local-storage
local:
path: /var/pcc-volume
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- master
EOF
kubectl apply -f pcc-pv.yaml
sleep 1s
echo "------------------------------------------------------------------------------------------------------------------------------------"
echo "${green}Generating Prisma Cloud Compute Console Deployment file while exposing port 8083 over Master Node port 30083 and port 8084 via Master Node Port 30084 ${reset}"
echo "------------------------------------------------------------------------------------------------------------------------------------"
cd prisma_cloud
# Generating Prisma Cloud Compute Console Deployment File, while exposing port 8083 over Master Node port 30083 and port 8084 via Master Node Port 30084
linux/twistcli console export kubernetes --service-type LoadBalancer --persistent-volume-storage 1Gi --storage-class local-storage --registry-token $PCC_TOKEN
sleep 2s
sed -i '/ port: 8083/a\ nodePort: 30083' twistlock_console.yaml
sed -i '/ port: 8084/a\ nodePort: 30084' twistlock_console.yaml
sleep 3s
echo "------------------------------------------------------------------------------------------------------------------------------------"
echo "${green}Deploying Prisma Cloud Compute Console. Please Wait for 1 minute ${reset}"
echo "------------------------------------------------------------------------------------------------------------------------------------"
#Deploying Console
kubectl create -f twistlock_console.yaml
#Getting Service IP - PCC_SIP and Cluster IP PCC_CIP
sleep 60s
export PCC_CIP=$(kubectl get pod -A -o wide | grep etcd-master | awk '{print $7}')
export PCC_SIP=$(kubectl get services -A | grep twistlock-console | awk '{print $5}')
echo "------------------------------------------------------------------------------------------------------------------------------------"
echo "${green}Service IP Adress is: ${PCC_SIP} ${reset}"
echo "${green}Cluster IP Adress is: ${PCC_CIP} ${reset}"
echo "------------------------------------------------------------------------------------------------------------------------------------"
echo "------------------------------------------------------------------------------------------------------------------------------------"
echo "${green}Creating Initital User for Prisma Cloud Compute. Please Wait for 1 minute. ${reset}"
echo "------------------------------------------------------------------------------------------------------------------------------------"
sleep 60s
#Create initial username
curl -k \
-H 'Content-Type: application/json' \
-X POST \
-d '{"username": "'${PCC_USER}'", "password": "'${PCC_PASS}'"}' \
https://$PCC_SIP:8083/api/v1/signup
#Generating API Token
sleep 3s
echo "------------------------------------------------------------------------------------------------------------------------------------"
echo "${green}Creating API Token ${reset}"
echo "------------------------------------------------------------------------------------------------------------------------------------"
export API_TOKEN=$(curl -H "Content-Type: application/json" -d '{"username":"'${PCC_USER}'", "password":"'${PCC_PASS}'"}' https://$PCC_SIP:8083/api/v1/authenticate --insecure | cut -d ":" -f 2 | tr -d "}" | tr -d '"')
sleep 3s
echo "------------------------------------------------------------------------------------------------------------------------------------"
echo "${green}Licensing Prisma Cloud Compute ${reset}"
echo "------------------------------------------------------------------------------------------------------------------------------------"
#License twistlock_console
curl -k \
-H 'Authorization: Bearer '${API_TOKEN}'' \
-H 'Content-Type: application/json' \
-X POST \
-d '{"key": "'${PCC_LICENSE}'"}' \
https://$PCC_SIP:8083/api/v1/settings/license --insecure
sleep 3s
echo "------------------------------------------------------------------------------------------------------------------------------------"
echo "${green}Adding SAN Fields with Service IP address: ${PCC_SIP} and Cluster IP address: ${PCC_CIP} ${reset}"
echo "------------------------------------------------------------------------------------------------------------------------------------"
curl -k \
-H 'Authorization: Bearer '${API_TOKEN}'' \
-H 'Content-Type: application/json' \
-w "\nResponse code: %{http_code}\n" \
-X POST \
-d '
{
"consoleSAN": [
"'${PCC_SIP}'",
"'${PCC_CIP}'",
"127.0.0.1"
]
}' \
https://$PCC_SIP:8083/api/v1/settings/certs --insecure
sleep 10s
echo "------------------------------------------------------------------------------------------------------------------------------------"
echo "${green}Generating Defender Deployment File ${reset}"
echo "------------------------------------------------------------------------------------------------------------------------------------"
linux/twistcli defender export kubernetes --privileged --address https://$PCC_SIP:8083 --user $PCC_USER --password $PCC_PASS --cluster-address $PCC_CIP:30084
sleep 10s
echo "------------------------------------------------------------------------------------------------------------------------------------"
echo "${green}Deploying Defenders ${reset}"
echo "------------------------------------------------------------------------------------------------------------------------------------"
kubectl create -f defender.yaml
sleep 10s
echo "------------------------------------------------------------------------------------------------------------------------------------"
echo "${green}You can access Prisma Cloud Compute console via Service IP address: https://${PCC_SIP}:8083${reset}"
echo "------------------------------------------------------------------------------------------------------------------------------------"
#curl -k \
# -H 'Authorization: Bearer '${API_TOKEN}'' \
# -H 'Content-Type: application/json' \
# -X GET \
# https://$PCC_SIP:8083/api/v1/defenders --insecure