diff options
-rw-r--r-- | docker/Dockerfile | 4 | ||||
-rwxr-xr-x | docker/create-user.sh | 17 | ||||
-rw-r--r-- | docker/sshd_config | 115 | ||||
-rw-r--r-- | helm/Chart.yaml | 4 | ||||
-rw-r--r-- | helm/templates/_templates.tpl | 107 | ||||
-rw-r--r-- | helm/templates/deployment.yaml | 43 | ||||
-rw-r--r-- | helm/templates/service.yaml | 39 | ||||
-rw-r--r-- | helm/values.yaml | 29 |
8 files changed, 358 insertions, 0 deletions
diff --git a/docker/Dockerfile b/docker/Dockerfile new file mode 100644 index 0000000..af3e88b --- /dev/null +++ b/docker/Dockerfile @@ -0,0 +1,4 @@ +FROM danielguerra/alpine-sshd:latest +COPY ./create-user.sh /opt/create-user.sh +COPY ./sshd_config /etc/ssh/sshd_config +RUN ["/opt/create-user.sh"]
\ No newline at end of file diff --git a/docker/create-user.sh b/docker/create-user.sh new file mode 100755 index 0000000..fc4ca8d --- /dev/null +++ b/docker/create-user.sh @@ -0,0 +1,17 @@ +#!/bin/sh + +mkdir -p /home/cdstest/dev /home/cdstest/bin /home/cdstest/lib /home/cdstest/etc +cd /home/cdstest/dev +mknod -m 666 null c 1 3 +mknod -m 666 tty c 5 0 +mknod -m 666 zero c 1 5 +mknod -m 666 random c 1 8 +cp /bin/ash /bin/ls /bin/date /home/cdstest/bin/. +cp /lib/ld-musl-x86_64.so.1 /home/cdstest/lib/. +adduser cdstest <<EOF +testcds +testcds +EOF +chown root:root /home/cdstest +chmod 0755 /home/cdstest +cp /etc/passwd /etc/group /home/cdstest/etc/.
\ No newline at end of file diff --git a/docker/sshd_config b/docker/sshd_config new file mode 100644 index 0000000..1e51369 --- /dev/null +++ b/docker/sshd_config @@ -0,0 +1,115 @@ +# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/bin:/usr/bin:/sbin:/usr/sbin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +#Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key + +# Ciphers and keying +#RekeyLimit default none + +# Logging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +#PermitRootLogin prohibit-password +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#PubkeyAuthentication yes + +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 +# but this is overridden so installations will only check .ssh/authorized_keys +AuthorizedKeysFile .ssh/authorized_keys + +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +#PermitEmptyPasswords no + +# Change to no to disable s/key passwords +#ChallengeResponseAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +#UsePAM no + +#AllowAgentForwarding yes +# Feel free to re-enable these if your use case requires them. +AllowTcpForwarding no +GatewayPorts no +X11Forwarding no +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PermitTTY yes +#PrintMotd yes +#PrintLastLog yes +#TCPKeepAlive yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS no +#PidFile /run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#VersionAddendum none + +# no default banner path +#Banner none + +# override default of no subsystems +Subsystem sftp /usr/lib/ssh/sftp-server + +# Example of overriding settings on a per-user basis +Match User cdstest + ChrootDirectory /home/cdstest + diff --git a/helm/Chart.yaml b/helm/Chart.yaml new file mode 100644 index 0000000..0cfd7c2 --- /dev/null +++ b/helm/Chart.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +description: SSH Mock server for testing CDS ssh capabilities +name: cds-mock-ssh +version: 1.0.0 diff --git a/helm/templates/_templates.tpl b/helm/templates/_templates.tpl new file mode 100644 index 0000000..3e92baf --- /dev/null +++ b/helm/templates/_templates.tpl @@ -0,0 +1,107 @@ +{{/* +# Copyright (c) 2020 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- define "common.namespace" -}} + {{- default .Release.Namespace .Values.nsPrefix -}} +{{- end -}} + + +{{/* + Expand the name of a chart. + The function takes from one to two arguments (inside a dictionary): + - .dot : environment (.) + - .suffix : add a suffix to the name +*/}} +{{- define "common.name" -}} + {{- $dot := default . .dot -}} + {{- $suffix := .suffix -}} + {{- default $dot.Chart.Name $dot.Values.nameOverride | trunc 63 | trimSuffix "-" -}}{{ if $suffix }}{{ print "-" $suffix }}{{ end }} +{{- end -}} + +{{/* + The same as common.full name but based on passed dictionary instead of trying to figure + out chart name on its own. +*/}} +{{- define "common.fullnameExplicit" -}} + {{- $dot := .dot }} + {{- $name := .chartName }} + {{- $suffix := default "" .suffix -}} + {{- printf "%s-%s-%s" (include "common.release" $dot) $name $suffix | trunc 63 | trimSuffix "-" | trimSuffix "-" -}} +{{- end -}} + +{{/* + Create a default fully qualified application name. + Truncated at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). + Usage: + include "common.fullname" . + include "common.fullname" (dict "suffix" "mySuffix" "dot" .) + The function takes from one to two arguments: + - .dot : environment (.) + - .suffix : add a suffix to the fullname +*/}} +{{- define "common.fullname" -}} +{{- $dot := default . .dot -}} +{{- $suffix := default "" .suffix -}} + {{- $name := default $dot.Chart.Name $dot.Values.nameOverride -}} + {{- include "common.fullnameExplicit" (dict "dot" $dot "chartName" $name "suffix" $suffix) }} +{{- end -}} + +{{/* + Retrieve the "original" release from the component release: + if ONAP is deploy with "helm deploy --name toto", then cassandra components + will have "toto-cassandra" as release name. + this function would answer back "toto". +*/}} +{{- define "common.release" -}} + {{- first (regexSplit "-" .Release.Name -1) }} +{{- end -}} + +{{- define "common.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* + Resolve the name of the common image repository. + The value for .Values.repository is used by default, + unless either override mechanism is used. + + - .Values.global.repository : override default image repository for all images + - .Values.repositoryOverride : override global and default image repository on a per image basis +*/}} +{{- define "common.repository" -}} + {{if .Values.repositoryOverride }} + {{- printf "%s" .Values.repositoryOverride -}} + {{else}} + {{- default .Values.repository .Values.global.repository -}} + {{end}} +{{- end -}} + +{{/* + Resolve the name of a chart's service. + + The default will be the chart name (or .Values.nameOverride if set). + And the use of .Values.service.name overrides all. + + - .Values.service.name: override default service (ie. chart) name +*/}} +{{/* + Expand the service name for a chart. +*/}} +{{- define "common.servicename" -}} + {{- $name := default .Chart.Name .Values.nameOverride -}} + {{- default $name .Values.service.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml new file mode 100644 index 0000000..700d1e5 --- /dev/null +++ b/helm/templates/deployment.yaml @@ -0,0 +1,43 @@ +# Copyright (c) 2020 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 0 + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + spec: + containers: + - name: {{ include "common.name" . }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds | default 10 }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: + - containerPort: {{ .Values.service.ssh.internalPort }} diff --git a/helm/templates/service.yaml b/helm/templates/service.yaml new file mode 100644 index 0000000..347caad --- /dev/null +++ b/helm/templates/service.yaml @@ -0,0 +1,39 @@ +# Copyright (c) 2020 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.service.ssh.portName }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} + annotations: +spec: + type: {{ .Values.service.ssh.type }} + ports: + - port: {{ .Values.service.ssh.port }} + protocol: TCP + targetPort: {{ .Values.service.ssh.internalPort }} + {{- if eq .Values.service.ssh.type "NodePort"}} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + {{- end}} + name: {{ .Values.service.ssh.portName | default "ssh" }} + selector: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + diff --git a/helm/values.yaml b/helm/values.yaml new file mode 100644 index 0000000..3024fd3 --- /dev/null +++ b/helm/values.yaml @@ -0,0 +1,29 @@ +# Copyright (c) 2020 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +image: onap/sshmock:latest + +global: + name: cds-regression-sshmock + repository: nexus3.onap.org:10001 + pullPolicy: Always + replicas: 1 + terminationGracePeriodSeconds: 10 + +service: + ssh: + type: ClusterIP + portName: cds-regression-sshmock + port: 22 + internalPort: 22 |