Created
January 9, 2025 18:28
-
-
Save daxmc99/ddb3459c16f144ae1ea7e57e86bbc26e to your computer and use it in GitHub Desktop.
My lima-dev config to run Tetragon on a Mac
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Change cpu/memory if required | |
| cpus: 8 | |
| memory: "16GiB" | |
| images: | |
| - location: "https://cloud-images.ubuntu.com/releases/22.04/release/ubuntu-22.04-server-cloudimg-amd64.img" | |
| arch: "x86_64" | |
| - location: "https://cloud-images.ubuntu.com/releases/22.04/release/ubuntu-22.04-server-cloudimg-arm64.img" | |
| arch: "aarch64" | |
| # # macOS Virtualization.Framework(vz) is faster than QUEM: https://lima-vm.io/docs/config/vmtype/ | |
| vmType: "vz" | |
| mountType: "virtiofs" | |
| mounts: | |
| - location: "~" | |
| writable: true | |
| - location: "/tmp/lima" | |
| writable: true | |
| # containerd is managed by Docker, not by Lima, so the values are set to false here. | |
| containerd: | |
| system: false | |
| user: false | |
| provision: | |
| - mode: system | |
| script: | | |
| #!/bin/bash | |
| set -eux -o pipefail | |
| apt-get update | |
| apt-get install -y apt-transport-https ca-certificates curl clang llvm jq | |
| apt-get install -y linux-tools-common linux-tools-$(uname -r) | |
| apt-get install -y libelf-dev libcap-dev libpcap-dev libbfd-dev binutils-dev build-essential make | |
| apt-get install -y bpfcc-tools | |
| apt-get install -y bpftrace | |
| apt-get install -y python3-pip | |
| # differs from upstream, allows building test programsz | |
| apt-get install -y gcc-arm | |
| sysctl -w kernel.bpf_stats_enabled=1 | |
| snap install yq | |
| - mode: system | |
| script: | | |
| #!/bin/bash | |
| set -eux -o pipefail | |
| apt-get install -y libbpf-dev | |
| ln -sf /usr/include/$(uname -m)-linux-gnu/asm /usr/include/asm | |
| - mode: system | |
| script: | | |
| #!/bin/bash | |
| set -eux -o pipefail | |
| ln -sf /usr/lib/$(uname -m)-linux-gnu/libbfd.so /usr/lib/libbfd.so | |
| git clone --recurse-submodules https://github.com/libbpf/bpftool.git | |
| cd bpftool | |
| git submodule update --init | |
| cd src | |
| make install | |
| - mode: system | |
| script: | | |
| #!/bin/bash | |
| set -eux -o pipefail | |
| add-apt-repository -y ppa:longsleep/golang-backports | |
| apt update | |
| apt install -y golang-go | |
| echo 'export GOPATH=$HOME/go' >>~/.bashrc | |
| echo 'export PATH=$PATH:$GOPATH/bin' >>~/.bashrc | |
| go install github.com/google/gops@latest | |
| - mode: user | |
| script: | | |
| #!/bin/bash | |
| set -eux -o pipefail | |
| go get github.com/cilium/ebpf/cmd/bpf2go | |
| - mode: system | |
| script: | | |
| #!/bin/bash | |
| [ $(uname -m) = x86_64 ] && curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" | |
| [ $(uname -m) = aarch64 ] && curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/arm64/kubectl" | |
| chmod +x ./kubectl | |
| mv ./kubectl /usr/local/bin/kubectl | |
| apt-get install bash-completion | |
| kubectl completion bash > /etc/bash_completion.d/kubectl | |
| chmod a+r /etc/bash_completion.d/kubectl | |
| - mode: user | |
| script: | | |
| #!/bin/bash | |
| set -eux -o pipefail | |
| echo 'alias k=kubectl' >>~/.bashrc | |
| echo 'complete -o default -F __start_kubectl k' >>~/.bashrc | |
| - mode: system | |
| script: | | |
| #!/bin/bash | |
| [ $(uname -m) = x86_64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.22.0/kind-linux-amd64 | |
| [ $(uname -m) = aarch64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.22.0/kind-linux-arm64 | |
| chmod +x ./kind | |
| mv ./kind /usr/local/bin/kind | |
| - mode: system | |
| script: | | |
| #!/bin/bash | |
| curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | sudo tee /usr/share/keyrings/helm.gpg > /dev/null | |
| echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list | |
| apt update | |
| apt-get install -y helm | |
| - mode: system | |
| # This script defines the host.docker.internal hostname when hostResolver is disabled. | |
| # It is also needed for lima 0.8.2 and earlier, which does not support hostResolver.hosts. | |
| # Names defined in /etc/hosts inside the VM are not resolved inside containers when | |
| # using the hostResolver; use hostResolver.hosts instead (requires lima 0.8.3 or later). | |
| script: | | |
| #!/bin/sh | |
| sed -i 's/host.lima.internal.*/host.lima.internal host.docker.internal/' /etc/hosts | |
| - mode: system | |
| script: | | |
| #!/bin/bash | |
| set -eux -o pipefail | |
| command -v docker >/dev/null 2>&1 && exit 0 | |
| export DEBIAN_FRONTEND=noninteractive | |
| curl -fsSL https://get.docker.com | sh | |
| - mode: user | |
| script: | | |
| #!/bin/bash | |
| set -eux -o pipefail | |
| sudo usermod -aG docker $USER | |
| probes: | |
| - description: "golang to be installed" | |
| script: | | |
| #!/bin/bash | |
| set -eux -o pipefail | |
| if ! timeout 30s bash -c "until command -v go >/dev/null 2>&1; do sleep 3; done"; then | |
| echo >&2 "golang is not installed yet" | |
| exit 1 | |
| fi | |
| hint: | | |
| See "/var/log/cloud-init-output.log". in the guest | |
| - description: "kubectl to be installed" | |
| script: | | |
| #!/bin/bash | |
| set -eux -o pipefail | |
| if ! timeout 30s bash -c "until command -v kubectl >/dev/null 2>&1; do sleep 3; done"; then | |
| echo >&2 "kubectl is not installed yet" | |
| exit 1 | |
| fi | |
| hint: | | |
| See "/var/log/cloud-init-output.log". in the guest | |
| - description: "kind to be installed" | |
| script: | | |
| #!/bin/bash | |
| set -eux -o pipefail | |
| if ! timeout 30s bash -c "until command -v kind >/dev/null 2>&1; do sleep 3; done"; then | |
| echo >&2 "kind is not installed yet" | |
| exit 1 | |
| fi | |
| hint: | | |
| See "/var/log/cloud-init-output.log". in the guest | |
| - description: "helm to be installed" | |
| script: | | |
| #!/bin/bash | |
| set -eux -o pipefail | |
| if ! timeout 30s bash -c "until command -v helm >/dev/null 2>&1; do sleep 3; done"; then | |
| echo >&2 "helm is not installed yet" | |
| exit 1 | |
| fi | |
| hint: | | |
| See "/var/log/cloud-init-output.log". in the guest | |
| - description: "docker to be installed" | |
| script: | | |
| #!/bin/bash | |
| set -eux -o pipefail | |
| if ! timeout 30s bash -c "until command -v docker >/dev/null 2>&1; do sleep 3; done"; then | |
| echo >&2 "docker is not installed yet" | |
| exit 1 | |
| fi | |
| hint: See "/var/log/cloud-init-output.log". in the guest | |
| - description: "bpftool to be installed" | |
| script: | | |
| #!/bin/bash | |
| set -eux -o pipefail | |
| if ! timeout 30s bash -c "until command -v bpftool >/dev/null 2>&1; do sleep 3; done"; then | |
| echo >&2 "bpftool is not installed yet" | |
| exit 1 | |
| fi | |
| hint: See "/var/log/cloud-init-output.log". in the guest | |
| hostResolver: | |
| # hostResolver.hosts requires lima 0.8.3 or later. Names defined here will also | |
| # resolve inside containers, and not just inside the VM itself. | |
| hosts: | |
| host.docker.internal: host.lima.internal | |
| portForwards: | |
| - guestSocket: "/var/run/docker.sock" | |
| hostSocket: "{{.Dir}}/sock/docker.sock" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment