scanner icon indicating copy to clipboard operation
scanner copied to clipboard

Published 20 hours ago verified publisher icon scanner-research

AWS_Kubernetes Examples: Some suggested improvements in the docs and scripts

Open jblakley opened this issue 6 years ago • 1 comments

I ran into several issues while getting the AWS_Kubernetes example to run. Not done yet but here are some so far. Mostly documentation and account specific stuff.

  1. the example wants to run in a directory ~/capture but that directory doesn't seem to get created by default. Perhaps I missed it. I fixed this with: ln -s ~/git/scanner/examples/apps/aws_kubernetes ~/capture

  2. By default, I had my aws output format set to text. The scripts expect it to be set to json. aws configure --output json

  3. Aside from altering the <BUCKET_NAME> in scanner-config.yaml.template, I also had to change the region and endpoint to us-east-1. I also changed the clustername but not sure I should have or needed to.

  4. The trickiest -- I had to create an EKS IAM role called eksServiceRole through the AWS console and add the EKS Permissions that it suggested. There's certainly a way to do this through CLI but I didn't try that.

  5. Related to #4. The create_eks_cluster.sh script has an account number hardcoded into the ROLE_ARN string definition. I had to edit to change to my account. Would be better if this were a command line parameter.

  6. It would be nice if the create_eks_cluster.sh would give a short status message while waiting . E.g., echo Cluster Status is $COND.

  7. helm wasn't installed by default --> pip install helm

Still working through an issue around NodeInstanceRole. Will add to this thread as I get further.

jblakley avatar Feb 26 '19 20:02 jblakley

More progress.

  1. Need to change in create_eks_cluster.sh. Need to find the right AMI for the region. ParameterKey=NodeImageId,ParameterValue=ami-dea4d5a1 \# us-east-1 ami name -- change if not in us-west-2 as the default ParameterKey=KeyName,ParameterValue=<YOUR_SSH_KEY_NAME> \ # SSH Key Name

  2. I'm getting a helm error. However, I think things might still be working OK. Traceback (most recent call last): File "/home/ubuntu/.local/bin/helm", line 24, in import glib ImportError: No module named 'glib' Traceback (most recent call last): File "/home/ubuntu/.local/bin/helm", line 24, in import glib ImportError: No module named 'glib' clusterrolebinding.rbac.authorization.k8s.io/kube-system-default-admin created configmap/scanner-configmap created

jblakley avatar Feb 28 '19 16:02 jblakley