Initial commit

2022-08-16 12:40:54 +03:00
commit 7c5cad55e1
122 changed files with 51731 additions and 0 deletions
--- a/rosdump/application.yml
+++ b/rosdump/application.yml
@@ -0,0 +1,110 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: rosdump-config
+data:
+  script.sh: |
+    #!/bin/bash
+    set -e
+    if [ -d rosdump ]; then
+        echo "Pulling Git repo"
+        cd rosdump
+        git pull
+    else
+        echo "Cloning Git repo"
+        git clone git@git.k-space.ee:k-space/rosdump.git
+        cd rosdump
+    fi
+    git rm *.k-space.ee
+    for target in $(cat /config/targets | grep -v '^#'); do
+        echo "Exporting configuration for $target"
+        ssh rosdump@$target '/export' | grep -v '^# serial number =' | grep -v '^#.* by RouterOS' > $target
+        git add $target
+    done
+    if [[ `git status --porcelain` ]]; then  
+      echo "Attempting Git check in"
+      git commit -m "Update $(git ls-files -m) file(s)"
+      git push
+    else
+      echo "No changes to commit"
+    fi
+  targets: |
+    router.mgmt.k-space.ee
+    sw_core01.mgmt.k-space.ee
+    sw_core02.mgmt.k-space.ee
+    sw_mgmt.mgmt.k-space.ee
+    sw_poe.mgmt.k-space.ee
+    sw_ha.mgmt.k-space.ee
+    sw_cyber.mgmt.k-space.ee
+    sw_chaos.mgmt.k-space.ee
+    sw_asocial.mgmt.k-space.ee
+    sw_kitchen.mgmt.k-space.ee
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: rosdump-cronjob
+spec:
+  schedule: "0 * * * *"
+  concurrencyPolicy: Forbid
+  jobTemplate:
+    spec:
+      activeDeadlineSeconds: 300
+      template:
+        spec:
+          nodeSelector:
+            dedicated: monitoring
+          tolerations:
+          - key: dedicated
+            operator: Equal
+            value: monitoring
+            effect: NoSchedule
+          restartPolicy: OnFailure
+          containers:
+          - name: rosdump
+            image: harbor.k-space.ee/k-space/microscript-base
+            imagePullPolicy: Always
+            args:
+              - bash
+              - /config/script.sh
+            volumeMounts:
+            - name: config
+              mountPath: /config
+          volumes:
+            - name: config
+              projected:
+                sources:
+                  - secret:
+                      name: rosdump-secrets
+                      items:
+                        - key: ssh_identity
+                          path: ssh_identity
+                          mode: 0600
+                  - configMap:
+                      name: rosdump-known-hosts
+                      items:
+                        - key: ssh_known_hosts
+                          path: ssh_known_hosts
+                  - configMap:
+                      name: rosdump-config
+
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: rosdump
+spec:
+  podSelector: {}
+  policyTypes:
+  - Egress
+  egress:
+  - to:
+    - ipBlock:
+        cidr: 193.40.103.0/24
+    - ipBlock:
+        cidr: 172.23.0.0/24
+    - ipBlock:
+        cidr: 100.102.1.0/24
+    ports:
+    - protocol: TCP
+      port: 22