Make kCTF use a private cluster (google#41)

sirdarckcat · web-flow · commit 8ef56755bb7b · 2020-02-19T15:34:39.000+01:00
diff --git a/infrastructure/kctf/config/daemon.yaml b/infrastructure/kctf/config/daemon.yaml
@@ -19,7 +19,7 @@ spec:
         effect: NoSchedule
       containers:
       - name: ctf-daemon
-        image: google/apparmor-loader:latest
+        image: eu.gcr.io/google_containers/apparmor-loader
         securityContext:
           privileged: true
         command: ["sh", "-c", "while true; do for f in /profiles/*; do echo \"loading $f\"; apparmor_parser -r $f; sleep 30; done; done"]
diff --git a/infrastructure/kctf/scripts/cluster/start.sh b/infrastructure/kctf/scripts/cluster/start.sh
@@ -11,7 +11,10 @@ MAX_NODES="8"
 NUM_NODES="4"
 MACHINE_TYPE="n1-standard-1"
 
-gcloud container clusters create --enable-network-policy --enable-autoscaling --min-nodes ${MIN_NODES} --max-nodes ${MAX_NODES} --num-nodes ${NUM_NODES} --enable-autorepair --preemptible --machine-type ${MACHINE_TYPE} ${CLUSTER_NAME}
+gcloud container clusters create --enable-network-policy --enable-autoscaling --min-nodes ${MIN_NODES} --max-nodes ${MAX_NODES} --num-nodes ${NUM_NODES} --create-subnetwork name=kctf-${CLUSTER_NAME}-subnet --no-enable-master-authorized-networks --enable-ip-alias --enable-private-nodes --master-ipv4-cidr 172.16.0.32/28 --enable-autorepair --preemptible --machine-type ${MACHINE_TYPE} ${CLUSTER_NAME}
+
+gcloud compute routers create kctf-${CLUSTER_NAME}-nat-router --network=default --region ${ZONE::-2}
+gcloud compute routers nats create kctf-${CLUSTER_NAME}-nat-config --router-region europe-west4 --router kctf-${CLUSTER_NAME}-nat-router --nat-all-subnet-ip-ranges --auto-allocate-nat-external-ips
 
 get_cluster_creds
 
diff --git a/infrastructure/kctf/scripts/cluster/stop.sh b/infrastructure/kctf/scripts/cluster/stop.sh
@@ -7,3 +7,4 @@ source "${DIR}/scripts/lib/config.sh"
 load_config
 
 gcloud container clusters delete ${CLUSTER_NAME}
+gcloud compute routers delete kctf-${CLUSTER_NAME}-nat-router --region ${ZONE::-2}
diff --git a/infrastructure/kctf/scripts/setup/config-create.sh b/infrastructure/kctf/scripts/setup/config-create.sh
@@ -10,8 +10,8 @@ mkdir -p "${CONFIG_DIR}"
 
 CHAL_DIR=""
 PROJECT=""
-ZONE="europe-west3-c"
-CLUSTER_NAME="ctf-cluster-eu"
+ZONE="europe-west4-b"
+CLUSTER_NAME="kctf-cluster"
 DOMAIN_NAME=""
 
 config=""

Original file line number	Diff line number	Diff line change
`@@ -7,3 +7,4 @@ source "${DIR}/scripts/lib/config.sh"`
`7`	`7`	`load_config`
`8`	`8`
`9`	`9`	`gcloud container clusters delete ${CLUSTER_NAME}`
	`10`	`+gcloud compute routers delete kctf-${CLUSTER_NAME}-nat-router --region ${ZONE::-2}`