diff --git a/utilities/k8s-coredump/debian/deb_folder/rules b/utilities/k8s-coredump/debian/deb_folder/rules index eb023ba3..cb5da7f2 100755 --- a/utilities/k8s-coredump/debian/deb_folder/rules +++ b/utilities/k8s-coredump/debian/deb_folder/rules @@ -17,4 +17,5 @@ override_dh_install: install -d -m 755 $(ETC_K8S_DIR) install -p -D -m 644 files/k8s-coredump.yaml $(ETC_K8S_DIR) + install -p -D -m 644 files/create-k8s-account.sh $(ETC_K8S_DIR) dh_install diff --git a/utilities/k8s-coredump/files/create-k8s-account.sh b/utilities/k8s-coredump/files/create-k8s-account.sh new file mode 100644 index 00000000..50f724f3 --- /dev/null +++ b/utilities/k8s-coredump/files/create-k8s-account.sh @@ -0,0 +1,21 @@ +#! /bin/bash + +LOG_FILE="/var/log/k8s-account-creation-script.log" +FILE="/etc/k8s-coredump-conf.json" + +echo "Initializing k8s-coredump kubernetes ServiceAccount creation" >$LOG_FILE + +# Create k8s-coredump account +echo "Running kubectl apply" >$LOG_FILE +kubectl --kubeconfig=/etc/kubernetes/admin.conf apply -f /etc/k8s-coredump/k8s-coredump.yaml -n kube-system >$LOG_FILE 2>&1 + +echo "Getting token and creating config file" >$LOG_FILE + +# Create token file +TOKEN=$(kubectl --kubeconfig=/etc/kubernetes/admin.conf -n kube-system get secrets coredump-secret-token -ojsonpath='{.data.token}' | base64 -d) +echo "TOKEN='$TOKEN'" >$LOG_FILE +/bin/cat <$FILE +{ + "k8s_coredump_token": "$TOKEN" +} +EOM diff --git a/utilities/stx-extensions/files/coredump-sysctl-debian.conf b/utilities/stx-extensions/files/coredump-sysctl-debian.conf index 929e415c..90d6262e 100644 --- a/utilities/stx-extensions/files/coredump-sysctl-debian.conf +++ b/utilities/stx-extensions/files/coredump-sysctl-debian.conf @@ -13,7 +13,7 @@ # the core dump. # # See systemd-coredump(8) and core(5). -kernel.core_pattern=|/usr/bin/k8s-coredump %P %u %g %s %t 9223372036854775808 %h %e" +kernel.core_pattern=|/usr/bin/k8s-coredump %P %u %g %s %t 9223372036854775808 %h %e # Allow that 16 coredumps are dispatched in parallel by the kernel. We want to # be able to collect process metadata from /proc/%P/ while processing