Skip to content

Commit

Permalink
[brokencrystals] Exclude ingress if repeater is used
Browse files Browse the repository at this point in the history
  • Loading branch information
Denan Musinovic committed May 28, 2024
1 parent 14b863e commit d259c62
Show file tree
Hide file tree
Showing 4 changed files with 47 additions and 41 deletions.
2 changes: 1 addition & 1 deletion charts/brokencrystals/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ description: |
Benchmark application that uses modern technologies and implements a set of
common security vulnerabilities
type: application
version: 0.0.65
version: 0.0.66
keywords:
- brokencrystals
- brkn
81 changes: 41 additions & 40 deletions charts/brokencrystals/templates/deployment.yaml
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
# templates/deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
Expand Down Expand Up @@ -47,10 +49,10 @@ spec:
cpu: 200m
memory: 100Mi
volumeMounts:
- name: {{ include "brokencrystals.fullname" . }}-postgres
mountPath: /docker-entrypoint-initdb.d/pg.sql
subPath: pg.sql
readOnly: true
- name: {{ include "brokencrystals.fullname" . }}-postgres
mountPath: /docker-entrypoint-initdb.d/pg.sql
subPath: pg.sql
readOnly: true

- name: keycloak-postgres
image: postgres:12.2-alpine
Expand All @@ -71,12 +73,12 @@ spec:
resources:
requests:
cpu: 100m
memory: 50Mi
memory: 50Mi
volumeMounts:
- name: {{ include "brokencrystals.fullname" . }}-keycloak-postgres
mountPath: /usr/local/share/postgresql/postgresql.conf.sample
subPath: postgresql.conf.sample
readOnly: true
- name: {{ include "brokencrystals.fullname" . }}-keycloak-postgres
mountPath: /usr/local/share/postgresql/postgresql.conf.sample
subPath: postgresql.conf.sample
readOnly: true

- name: keycloak
image: quay.io/keycloak/keycloak:16.1.1
Expand Down Expand Up @@ -115,10 +117,10 @@ spec:
- name: KEYCLOAK_FRONTEND_URL
value: "https://auth{{ .Values.ingress.authlevel }}{{ .Values.ingress.url }}/auth/"
volumeMounts:
- name: {{ include "brokencrystals.fullname" . }}-keycloak
mountPath: /opt/jboss/keycloak/imports/realm-export.json
subPath: realm-export.json
readOnly: true
- name: {{ include "brokencrystals.fullname" . }}-keycloak
mountPath: /opt/jboss/keycloak/imports/realm-export.json
subPath: realm-export.json
readOnly: true

- name: nodejs
image: brightsec/brokencrystals:{{ .Values.images.main }}
Expand Down Expand Up @@ -151,17 +153,17 @@ spec:
value: "config/keys/jwk.key.pem"
- name: JWK_PUBLIC_KEY_LOCATION
value: "config/keys/jwk.pub.key.pem"
- name: JWK_PUBLIC_JSON
- name: JWK_PUBLIC_JSON
value: "config/keys/jwk.pub.json"
- name: JKU_URL
value: "https://raw.githubusercontent.com/NeuraLegion/brokencrystals/development/config/keys/jku.json"
- name: X5U_URL
value: "https://raw.githubusercontent.com/NeuraLegion/brokencrystals/development/config/keys/x509.crt"
volumeMounts:
- name: {{ include "brokencrystals.fullname" . }}-nginx-proxy
mountPath: /etc/nginx/conf.d/default.conf
subPath: default.conf
readOnly: true
- name: {{ include "brokencrystals.fullname" . }}-nginx-proxy
mountPath: /etc/nginx/conf.d/default.conf
subPath: default.conf
readOnly: true
resources:
requests:
cpu: 900m
Expand All @@ -184,10 +186,10 @@ spec:
image: brightsec/cli{{ if ne .Values.repeaterImageTag "" }}:{{ .Values.repeaterImageTag }}{{ else }}:latest{{ end }}
command: ["bright-cli", "repeater"]
args:
- "--token=$(TOKEN)"
- "--id=$(REPEATER_ID)"
- "--cluster=$(CLUSTER)"
- "--timeout=$(TIMEOUT)"
- "--token=$(TOKEN)"
- "--id=$(REPEATER_ID)"
- "--cluster=$(CLUSTER)"
- "--timeout=$(TIMEOUT)"
resources:
requests:
cpu: 200m
Expand All @@ -201,20 +203,19 @@ spec:
value: "{{ .Values.cluster }}"
- name: TIMEOUT
value: "{{ .Values.timeout | default "30000" }}"
restartPolicy: Always
{{- end }}

{{- if and .Values.snifferApiKey .Values.snifferProjectID .Values.snifferApiURL }}
- name: sniffer-agent
securityContext:
capabilities:
add: ["NET_RAW", "NET_ADMIN"]
image: ghcr.io/neuralegion/sniffer-agent:latest
args:
- "-a=$(API_URL)"
- "-t=$(API_KEY)"
- "-p=$(PROJECT_ID)"
- "-i=$(NETWORK_INTERFACE)"
- "-a=$(API_URL)"
- "-t=$(API_KEY)"
- "-p=$(PROJECT_ID)"
- "-i=$(NETWORK_INTERFACE)"
resources:
requests:
cpu: 200m
Expand All @@ -232,15 +233,15 @@ spec:
restartPolicy: Always

volumes:
- name: {{ include "brokencrystals.fullname" . }}-postgres
configMap:
name: {{ include "brokencrystals.fullname" . }}-postgres
- name: {{ include "brokencrystals.fullname" . }}-keycloak-postgres
configMap:
name: {{ include "brokencrystals.fullname" . }}-keycloak-postgres
- name: {{ include "brokencrystals.fullname" . }}-keycloak
configMap:
name: {{ include "brokencrystals.fullname" . }}-keycloak
- name: {{ include "brokencrystals.fullname" . }}-nginx-proxy
configMap:
name: {{ include "brokencrystals.fullname" . }}-nginx-proxy
- name: {{ include "brokencrystals.fullname" . }}-postgres
configMap:
name: {{ include "brokencrystals.fullname" . }}-postgres
- name: {{ include "brokencrystals.fullname" . }}-keycloak-postgres
configMap:
name: {{ include "brokencrystals.fullname" . }}-keycloak-postgres
- name: {{ include "brokencrystals.fullname" . }}-keycloak
configMap:
name: {{ include "brokencrystals.fullname" . }}-keycloak
- name: {{ include "brokencrystals.fullname" . }}-nginx-proxy
configMap:
name: {{ include "brokencrystals.fullname" . }}-nginx-proxy
3 changes: 3 additions & 0 deletions charts/brokencrystals/templates/ingress.yaml
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
{{- if not (and .Values.repeaterID .Values.token .Values.cluster) }}

---
apiVersion: networking.k8s.io/v1
kind: Ingress
Expand Down Expand Up @@ -56,6 +58,7 @@ spec:
name: {{ .Release.Name }}-keycloak
port:
number: 8080
{{- end }}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
Expand Down
2 changes: 2 additions & 0 deletions charts/brokencrystals/values.yaml
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
enableIngress: true
ingress:
url: k3s.brokencrystals.nexploit.app
cert: ""
Expand All @@ -15,3 +16,4 @@ snifferApiKey: ""
snifferProjectID: ""
snifferNetworkInterface: ""


0 comments on commit d259c62

Please sign in to comment.