Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/benschlueter/delegatio

Delegatio is a framework that can be used to create isolated remote environments on a local machine. It currently supports Libvirt for Infrastructure and Kubernetes for container management.
https://github.com/benschlueter/delegatio

ctf kubernetes libvirt

Last synced: 28 days ago
JSON representation

Delegatio is a framework that can be used to create isolated remote environments on a local machine. It currently supports Libvirt for Infrastructure and Kubernetes for container management.

Host: GitHub
URL: https://github.com/benschlueter/delegatio
Owner: benschlueter
License: agpl-3.0
Created: 2022-12-02T10:31:21.000Z (almost 2 years ago)
Default Branch: main
Last Pushed: 2024-10-16T11:39:41.000Z (30 days ago)
Last Synced: 2024-10-18T06:16:03.417Z (28 days ago)
Topics: ctf, kubernetes, libvirt
Language: Go
Homepage:
Size: 20.5 MB
Stars: 5
Watchers: 1
Forks: 1
Open Issues: 13
Metadata Files:
- Readme: README.md
- License: LICENSE.md

Awesome Lists containing this project

README

# Delegatio

Delegatio is a framework that can be used to manage homework of classes (i.e. system security). The aim is to provide a infrastructure to let students work on problems independent of their hardware.

# Installation
```bash
pacman -S libvirt qemu-full go mkosi make cmake
```
`systemd 253` or newer is required to build the images, otherwise a local systemd tree is needed [mkosi issue](https://github.com/systemd/mkosi/issues/1290)

# Build
```bash
mkdir build
cd build
cmake ..
make
```

# Run
Before we start the program we have create a kubernetes persistent storage. The easiest way to do that is through NFS.
First create a shared dir and make is user accessible.
```bash
sudo mkdir /mnt/myshareddir
sudo chmod 777 /mnt/myshareddir
```
Secondly configure the shared folder in `/etc/exports` start the `nfs.service` and update the exported foler list
```bash
echo "/mnt/myshareddir *(rw,sync,no_subtree_check,no_root_squash,fsid=0)" | sudo tee -a /etc/exports
sudo systemctl enable --now nfsv4-server.service
sudo exportfs -arv
```
Lastly, you can run the cli
```bash
./cli --path=../images/image.qcow2
```
By default the ssh image will be pulled from Github, and deployed in Kubernetes. For testing you can also start the ssh binary locally with an exported kubeconfig `export KUBECONFIG=/path/to/admin.conf`.

Connecting is possible by sshing into the daemon, either on the kubernetes nodes or on localhost.
```bash
ssh testchallenge2@localhost -p 2200 -i ~/.ssh/id_rsa
```
You must provide your public keys in `./internal/config/global.go` (will be changed to read a config file soon)

## Limitations
Currently we only support one ControlPlane, thus we only have one KubeAPIServer. It might be possible that under high load (many port forward requests) the container is not capable of handing everything. However, we need to test it with some 100 users.

## TODO
* Unittests
* Abstract storage
* Webserver to deploy a website to generate ssh keys and sync them with the ssh daemon
* Support for multiple control planes
* Harden Kubernetes Pods

## Toubleshoot
`firewall_backend = "iptables"` in `/etc/libvirt/network.conf`