forked from Metarget/metarget
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathconfig.py
248 lines (216 loc) · 7.58 KB
/
config.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
import platform
# metarget version
VERSION = '0.3'
# default CNI plugin
DEFAULT_CNI_PLUGIN = 'flannel'
# default kata runtime type
DEFAULT_KATA_RUNTIME_TYPE = 'qemu'
# currently supported gadgets
gadgets_supported = [
'docker',
'k8s',
'kata',
'kernel',
]
vuln_cn_dir_wildcard = "vulns_cn/*"
vuln_app_dir_wildcard = "vulns_app/*/*"
vuln_app_dir_prefix = "vulns_app/"
vuln_app_desc_file = 'desc.yaml'
runtime_data_dir = 'data/'
runtime_host_ports_usage_file = 'data/host_ports_usage.yaml'
runtime_host_port_lower_bound = 30000
k8s_metarget_namespace = 'metarget'
k8s_metarget_namespace_file = 'yamls/k8s_metarget_namespace.yaml'
# k8s worker
k8s_worker_template = 'tools/install_k8s_worker_template.sh'
k8s_worker_script = 'tools/install_k8s_worker.sh'
k8s_hash_generator = 'tools/generate_hash.sh'
# related to kernel
kernel_packages_list = 'yamls/kernel_packages_list.yaml'
ubuntu_kernel_repo = 'https://kernel.ubuntu.com/~kernel-ppa/mainline/'
kernel_packages_dir = '/tmp'
# kata containers
kata_static_tar_file = 'kata-static-%s-x86_64.tar.xz'
kata_tar_decompress_dest = '/opt/kata/'
kata_static_url_prefix = 'https://github.com/kata-containers/runtime/releases/download/%s/'
kata_config_dir = '/etc/kata-containers/'
# kubernetes components images sources
_k8s_images_prefix_aliyun = "registry.cn-hangzhou.aliyuncs.com/google_containers/"
_k8s_images_prefix_aliyun_2 = "registry.aliyuncs.com/google_containers/"
# quay.io images sources
_quay_images_prefix_ustc = "quay.mirrors.ustc.edu.cn/"
# docker.io images sources
_docker_image_prefix_ustc = "docker.mirrors.ustc.edu.cn/"
# k8s apt repositories
_k8s_apt_repo_gpg_aliyun = "https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg"
_k8s_apt_repo_entry_aliyun = 'deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main'
_k8s_apt_repo_entry_ustc = 'deb http://mirrors.ustc.edu.cn/kubernetes/apt kubernetes-xenial main'
# docker apt repositories
_docker_apt_repo_gpg_official = 'https://download.docker.com/linux/ubuntu/gpg'
try:
release = platform.dist()[2]
except AttributeError:
release = 'trusty'
_docker_apt_repo_entry_official = 'deb [arch=amd64] https://download.docker.com/linux/ubuntu {release} stable'.format(
release=release)
# kernel apt repositories
_kernel_apt_repo_entry_trusty_official = 'deb http://security.ubuntu.com/ubuntu trusty-security main'
_kernel_apt_repo_entry_xenial_official = 'deb http://security.ubuntu.com/ubuntu xenial-security main'
_kernel_apt_repo_entry_bionic_official = 'deb http://security.ubuntu.com/ubuntu bionic-security main'
# containerd apt repository
_containerd_apt_repo_entry_xenial_official = 'deb http://archive.ubuntu.com/ubuntu xenial-updates universe'
_containerd_apt_repo_entry_bionic_official = 'deb http://archive.ubuntu.com/ubuntu bionic-updates universe'
# active k8s components images source
k8s_images_prefix_official = "k8s.gcr.io/"
k8s_images_prefix_official_9 = "gcr.io/google_containers/"
k8s_images_prefix_candidate = _k8s_images_prefix_aliyun
# active quay images source
quay_images_prefix_official = "quay.io/"
quay_images_prefix_candidate = _quay_images_prefix_ustc
# docker images source
docker_images_prefix_official = "docker.io/"
docker_image_prefix_candidate = _docker_image_prefix_ustc
# active k8s apt repository
k8s_apt_repo_gpg = _k8s_apt_repo_gpg_aliyun
k8s_apt_repo_entry = _k8s_apt_repo_entry_aliyun
# active docker apt repository
docker_apt_repo_gpg = _docker_apt_repo_gpg_official
docker_apt_repo_entry = _docker_apt_repo_entry_official
# active kernel apt repository
kernel_apt_repo_entries = [
_kernel_apt_repo_entry_trusty_official,
_kernel_apt_repo_entry_xenial_official,
_kernel_apt_repo_entry_bionic_official,
]
# active containerd apt repository
containerd_apt_repo_entries = [
_containerd_apt_repo_entry_xenial_official,
_containerd_apt_repo_entry_bionic_official,
]
# CNI plugins
available_cni_plugins = [
'flannel',
'calico',
'cilium',
]
cni_plugin_cidrs = {
'flannel': '10.244.0.0/16',
'calico': '10.10.0.0/16',
'cilium': '10.10.0.0/16',
}
flannel_yaml_k8s_1_6_to_1_15_rbac = "yamls/flannel/kube-flannel-rbac.yml"
flannel_yaml_k8s_1_6_to_1_15 = "yamls/flannel/kube-flannel-legacy.yml"
flannel_yaml_k8s_16 = "yamls/flannel/kube-flannel-16.yml"
flannel_yaml_k8s_over_16 = "yamls/flannel/kube-flannel.yml"
flannel_image_k8s_1_6_to_1_15 = "quay.io/coreos/flannel:v0.10.0-amd64"
flannel_image_k8s_from_1_16 = "quay.io/coreos/flannel:v0.13.1-rc1"
calico_yaml_below_1_14 = "yamls/calico/calico-below-14.yaml"
calico_yaml_from_1_14 = "yamls/calico/calico-from-14.yaml"
calico_images = [
"docker.io/calico/cni:v3.17.1",
"docker.io/calico/pod2daemon-flexvol:v3.17.1",
"docker.io/calico/node:v3.17.1",
"docker.io/calico/kube-controllers:v3.17.1",
]
cilium_yaml = "yamls/cilium/cilium_quick_install.yaml"
cilium_images = [
"quay.io/cilium/cilium:v1.9.0",
"quay.io/cilium/operator-generic:v1.9.0",
]
k8s_images_base_from_12 = [
'k8s.gcr.io/kube-proxy',
'k8s.gcr.io/kube-controller-manager',
'k8s.gcr.io/kube-apiserver',
'k8s.gcr.io/kube-scheduler',
]
k8s_images_base_10_to_11 = [
'k8s.gcr.io/kube-proxy-amd64',
'k8s.gcr.io/kube-controller-manager-amd64',
'k8s.gcr.io/kube-apiserver-amd64',
'k8s.gcr.io/kube-scheduler-amd64',
]
k8s_images_base_9 = [
'gcr.io/google_containers/kube-proxy-amd64',
'gcr.io/google_containers/kube-controller-manager-amd64',
'gcr.io/google_containers/kube-apiserver-amd64',
'gcr.io/google_containers/kube-scheduler-amd64',
]
# get from
# https://storage.googleapis.com/kubernetes-release/release/stable-1.xx.txt
k8s_stable_versions = {
# '1.7': 'v1.7.16',
# '1.8': 'v1.8.15',
'1.9': 'v1.9.11',
'1.10': 'v1.10.13',
'1.11': 'v1.11.10',
'1.12': 'v1.12.10',
'1.13': 'v1.13.12',
'1.14': 'v1.14.10',
'1.15': 'v1.15.12',
'1.16': 'v1.16.15',
'1.17': 'v1.17.16',
'1.18': 'v1.18.14',
'1.19': 'v1.19.6',
}
k8s_images_extra = {
'1.19': [
'k8s.gcr.io/pause:3.2',
'k8s.gcr.io/etcd:3.4.9-1',
'k8s.gcr.io/coredns:1.7.0',
],
'1.18': [
'k8s.gcr.io/pause:3.2',
'k8s.gcr.io/etcd:3.4.3-0',
'k8s.gcr.io/coredns:1.6.7',
],
'1.17': [
'k8s.gcr.io/pause:3.1',
'k8s.gcr.io/etcd:3.4.3-0',
'k8s.gcr.io/coredns:1.6.5',
],
'1.16': [
'k8s.gcr.io/pause:3.1',
'k8s.gcr.io/etcd:3.3.15-0',
'k8s.gcr.io/coredns:1.6.2',
],
'1.15': [
'k8s.gcr.io/pause:3.1',
'k8s.gcr.io/etcd:3.3.10',
'k8s.gcr.io/coredns:1.3.1',
],
'1.14': [
'k8s.gcr.io/pause:3.1',
'k8s.gcr.io/etcd:3.3.10',
'k8s.gcr.io/coredns:1.3.1',
],
'1.13': [
'k8s.gcr.io/pause:3.1',
'k8s.gcr.io/etcd:3.2.24',
'k8s.gcr.io/coredns:1.2.6',
],
'1.12': [
'k8s.gcr.io/pause:3.1',
'k8s.gcr.io/etcd:3.2.24',
'k8s.gcr.io/coredns:1.2.2',
],
'1.11': [
'k8s.gcr.io/pause:3.1',
'k8s.gcr.io/etcd-amd64:3.2.18',
'k8s.gcr.io/coredns:1.1.3',
],
'1.10': [
'k8s.gcr.io/pause-amd64:3.1',
'k8s.gcr.io/etcd-amd64:3.1.12',
# 'k8s.gcr.io/coredns:1.1.3',
'k8s.gcr.io/k8s-dns-kube-dns-amd64:1.14.8',
'k8s.gcr.io/k8s-dns-sidecar-amd64:1.14.8',
'k8s.gcr.io/k8s-dns-dnsmasq-nanny-amd64:1.14.8',
],
'1.9': [
'gcr.io/google_containers/pause-amd64:3.0',
'gcr.io/google_containers/etcd-amd64:3.1.11',
'gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.7',
'gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.7',
'gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.7',
]
}