Don't spawn ingress if repeater is used

NeuraLegion · May 29, 2024 · 8cdc6c0 · 8cdc6c0
1 parent b6f688d
commit 8cdc6c0
Show file tree

Hide file tree

Showing 5 changed files with 38 additions and 35 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -21,8 +21,8 @@ jobs:
           git config --global user.email "[email protected]"
           git config --global user.name "Bright Security"
 
-      - name: Change name to unstable
         if: ${{ github.ref == 'refs/heads/unstable' }}
+      - name: Change name to unstable
         run: |
           sed -i 's/brokencrystals/brokencrystals-unstable/g' ./charts/brokencrystals/Chart.yaml
           sed -i 's/brkn/brkn-unstbl/g' ./charts/brokencrystals/Chart.yaml

diff --git a/charts/brokencrystals/Chart.yaml b/charts/brokencrystals/Chart.yaml
@@ -4,7 +4,7 @@ description: |
   Benchmark application that uses modern technologies and implements a set of
   common security vulnerabilities
 type: application
-version: 0.0.71
+version: 0.0.72
 keywords:
   - brokencrystals
   - brkn
diff --git a/charts/brokencrystals/templates/deployment.yaml b/charts/brokencrystals/templates/deployment.yaml
@@ -1,3 +1,5 @@
+# templates/deployment.yaml
+
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -47,10 +49,10 @@ spec:
               cpu: 200m
               memory: 100Mi
           volumeMounts:
-          - name: {{ include "brokencrystals.fullname" . }}-postgres
-            mountPath: /docker-entrypoint-initdb.d/pg.sql
-            subPath: pg.sql
-            readOnly: true       
+            - name: {{ include "brokencrystals.fullname" . }}-postgres
+              mountPath: /docker-entrypoint-initdb.d/pg.sql
+              subPath: pg.sql
+              readOnly: true
 
         - name: keycloak-postgres
           image: postgres:12.2-alpine
@@ -71,13 +73,12 @@ spec:
           resources:
             requests:
               cpu: 100m
-              memory: 50Mi          
+              memory: 50Mi
           volumeMounts:
-          - name: {{ include "brokencrystals.fullname" . }}-kc-db
-            mountPath: /usr/local/share/postgresql/postgresql.conf.sample
-            subPath: postgresql.conf.sample
-            readOnly: true
-
+            - name: {{ include "brokencrystals.fullname" . }}-kc-db
+              mountPath: /usr/local/share/postgresql/postgresql.conf.sample
+              subPath: postgresql.conf.sample
+              readOnly: true
         - name: keycloak
           image: quay.io/keycloak/keycloak:16.1.1
           resources:
@@ -115,10 +116,10 @@ spec:
             - name: KEYCLOAK_FRONTEND_URL
               value: "https://auth{{ .Values.ingress.authlevel }}{{ .Values.ingress.url }}/auth/"
           volumeMounts:
-          - name: {{ include "brokencrystals.fullname" . }}-keycloak
-            mountPath: /opt/jboss/keycloak/imports/realm-export.json
-            subPath: realm-export.json
-            readOnly: true
+            - name: {{ include "brokencrystals.fullname" . }}-keycloak
+              mountPath: /opt/jboss/keycloak/imports/realm-export.json
+              subPath: realm-export.json
+              readOnly: true
 
         - name: nodejs
           image: brightsec/brokencrystals:{{ .Values.images.main }}
@@ -151,17 +152,17 @@ spec:
               value: "config/keys/jwk.key.pem"
             - name: JWK_PUBLIC_KEY_LOCATION
               value: "config/keys/jwk.pub.key.pem"
-            - name: JWK_PUBLIC_JSON 
+            - name: JWK_PUBLIC_JSON
               value: "config/keys/jwk.pub.json"
             - name: JKU_URL
               value: "https://raw.githubusercontent.com/NeuraLegion/brokencrystals/development/config/keys/jku.json"
             - name: X5U_URL
               value: "https://raw.githubusercontent.com/NeuraLegion/brokencrystals/development/config/keys/x509.crt"
           volumeMounts:
-          - name: {{ include "brokencrystals.fullname" . }}-nginx-proxy
-            mountPath: /etc/nginx/conf.d/default.conf
-            subPath: default.conf
-            readOnly: true
+            - name: {{ include "brokencrystals.fullname" . }}-nginx-proxy
+              mountPath: /etc/nginx/conf.d/default.conf
+              subPath: default.conf
+              readOnly: true
           resources:
             requests:
               cpu: 900m
@@ -184,10 +185,10 @@ spec:
           image: brightsec/cli{{ if ne .Values.repeaterImageTag "" }}:{{ .Values.repeaterImageTag }}{{ else }}:latest{{ end }}
           command: ["bright-cli", "repeater"]
           args:
-          - "--token=$(TOKEN)"
-          - "--id=$(REPEATER_ID)"
-          - "--cluster=$(CLUSTER)" 
-          - "--timeout=$(TIMEOUT)"         
+            - "--token=$(TOKEN)"
+            - "--id=$(REPEATER_ID)"
+            - "--cluster=$(CLUSTER)" 
+            - "--timeout=$(TIMEOUT)"         
           resources:
             requests:
               cpu: 200m
@@ -200,8 +201,7 @@ spec:
             - name: CLUSTER
               value: "{{ .Values.cluster }}"
             - name: TIMEOUT
-              value: "{{ .Values.timeout | default "30000" }}"
-        restartPolicy: Always      
+              value: "{{ .Values.timeout | default "30000" }}"      
         {{- end }}
 
         {{- if and .Values.snifferApiKey .Values.snifferProjectID .Values.snifferApiURL }}
@@ -211,10 +211,10 @@ spec:
               add: ["NET_RAW", "NET_ADMIN"]
           image: ghcr.io/neuralegion/sniffer-agent:latest
           args:
-          - "-a=$(API_URL)"
-          - "-t=$(API_KEY)"
-          - "-p=$(PROJECT_ID)" 
-          - "-i=$(NETWORK_INTERFACE)"        
+            - "-a=$(API_URL)"
+            - "-t=$(API_KEY)"
+            - "-p=$(PROJECT_ID)" 
+            - "-i=$(NETWORK_INTERFACE)"        
           resources:
             requests:
               cpu: 200m

diff --git a/charts/brokencrystals/templates/ingress.yaml b/charts/brokencrystals/templates/ingress.yaml
@@ -1,3 +1,5 @@
+{{- if not (and .Values.repeaterID .Values.token .Values.cluster) }}
+
 ---
 apiVersion: networking.k8s.io/v1
 kind: Ingress
@@ -56,6 +58,7 @@ spec:
                 name: {{ .Release.Name }}-keycloak
                 port:
                   number: 8080
+{{- end }}
 ---
 apiVersion: networking.k8s.io/v1
 kind: Ingress
@@ -72,10 +75,10 @@ spec:
   ingressClassName: nginx
   tls:
     - hosts:
-        - mailcatcher.{{ .Values.ingress.url }}
+        - mailcatcher-{{ .Values.ingress.url }}
       secretName: {{ if eq .Values.ingress.cert "" }}{{ include "brokencrystals.fullname" . }}-mailcatcher-secret{{ else }}{{ .Values.ingress.cert }}{{ end }}
   rules:
-    - host: mailcatcher.{{ .Values.ingress.url }}
+    - host: mailcatcher-{{ .Values.ingress.url }}
       http:
         paths:
           - path: /

diff --git a/charts/brokencrystals/values.yaml b/charts/brokencrystals/values.yaml
@@ -1,3 +1,4 @@
+enableIngress: true
 ingress:
   url: k3s.brokencrystals.nexploit.app
   cert: ""
@@ -13,5 +14,4 @@ timeout: ""
 snifferApiURL: ""
 snifferApiKey: ""
 snifferProjectID: ""
-snifferNetworkInterface: ""
-
+snifferNetworkInterface: ""