From d259c624a07a3629ecdc55518a86e06890e5d86a Mon Sep 17 00:00:00 2001 From: Denan Musinovic Date: Tue, 28 May 2024 13:31:29 +0200 Subject: [PATCH] [brokencrystals] Exclude ingress if repeater is used --- charts/brokencrystals/Chart.yaml | 2 +- .../brokencrystals/templates/deployment.yaml | 81 ++++++++++--------- charts/brokencrystals/templates/ingress.yaml | 3 + charts/brokencrystals/values.yaml | 2 + 4 files changed, 47 insertions(+), 41 deletions(-) diff --git a/charts/brokencrystals/Chart.yaml b/charts/brokencrystals/Chart.yaml index b6431968..7c378036 100644 --- a/charts/brokencrystals/Chart.yaml +++ b/charts/brokencrystals/Chart.yaml @@ -4,7 +4,7 @@ description: | Benchmark application that uses modern technologies and implements a set of common security vulnerabilities type: application -version: 0.0.65 +version: 0.0.66 keywords: - brokencrystals - brkn diff --git a/charts/brokencrystals/templates/deployment.yaml b/charts/brokencrystals/templates/deployment.yaml index cc8fecec..f2536c51 100644 --- a/charts/brokencrystals/templates/deployment.yaml +++ b/charts/brokencrystals/templates/deployment.yaml @@ -1,3 +1,5 @@ +# templates/deployment.yaml + apiVersion: apps/v1 kind: Deployment metadata: @@ -47,10 +49,10 @@ spec: cpu: 200m memory: 100Mi volumeMounts: - - name: {{ include "brokencrystals.fullname" . }}-postgres - mountPath: /docker-entrypoint-initdb.d/pg.sql - subPath: pg.sql - readOnly: true + - name: {{ include "brokencrystals.fullname" . }}-postgres + mountPath: /docker-entrypoint-initdb.d/pg.sql + subPath: pg.sql + readOnly: true - name: keycloak-postgres image: postgres:12.2-alpine @@ -71,12 +73,12 @@ spec: resources: requests: cpu: 100m - memory: 50Mi + memory: 50Mi volumeMounts: - - name: {{ include "brokencrystals.fullname" . }}-keycloak-postgres - mountPath: /usr/local/share/postgresql/postgresql.conf.sample - subPath: postgresql.conf.sample - readOnly: true + - name: {{ include "brokencrystals.fullname" . }}-keycloak-postgres + mountPath: /usr/local/share/postgresql/postgresql.conf.sample + subPath: postgresql.conf.sample + readOnly: true - name: keycloak image: quay.io/keycloak/keycloak:16.1.1 @@ -115,10 +117,10 @@ spec: - name: KEYCLOAK_FRONTEND_URL value: "https://auth{{ .Values.ingress.authlevel }}{{ .Values.ingress.url }}/auth/" volumeMounts: - - name: {{ include "brokencrystals.fullname" . }}-keycloak - mountPath: /opt/jboss/keycloak/imports/realm-export.json - subPath: realm-export.json - readOnly: true + - name: {{ include "brokencrystals.fullname" . }}-keycloak + mountPath: /opt/jboss/keycloak/imports/realm-export.json + subPath: realm-export.json + readOnly: true - name: nodejs image: brightsec/brokencrystals:{{ .Values.images.main }} @@ -151,17 +153,17 @@ spec: value: "config/keys/jwk.key.pem" - name: JWK_PUBLIC_KEY_LOCATION value: "config/keys/jwk.pub.key.pem" - - name: JWK_PUBLIC_JSON + - name: JWK_PUBLIC_JSON value: "config/keys/jwk.pub.json" - name: JKU_URL value: "https://raw.githubusercontent.com/NeuraLegion/brokencrystals/development/config/keys/jku.json" - name: X5U_URL value: "https://raw.githubusercontent.com/NeuraLegion/brokencrystals/development/config/keys/x509.crt" volumeMounts: - - name: {{ include "brokencrystals.fullname" . }}-nginx-proxy - mountPath: /etc/nginx/conf.d/default.conf - subPath: default.conf - readOnly: true + - name: {{ include "brokencrystals.fullname" . }}-nginx-proxy + mountPath: /etc/nginx/conf.d/default.conf + subPath: default.conf + readOnly: true resources: requests: cpu: 900m @@ -184,10 +186,10 @@ spec: image: brightsec/cli{{ if ne .Values.repeaterImageTag "" }}:{{ .Values.repeaterImageTag }}{{ else }}:latest{{ end }} command: ["bright-cli", "repeater"] args: - - "--token=$(TOKEN)" - - "--id=$(REPEATER_ID)" - - "--cluster=$(CLUSTER)" - - "--timeout=$(TIMEOUT)" + - "--token=$(TOKEN)" + - "--id=$(REPEATER_ID)" + - "--cluster=$(CLUSTER)" + - "--timeout=$(TIMEOUT)" resources: requests: cpu: 200m @@ -201,9 +203,8 @@ spec: value: "{{ .Values.cluster }}" - name: TIMEOUT value: "{{ .Values.timeout | default "30000" }}" - restartPolicy: Always {{- end }} - + {{- if and .Values.snifferApiKey .Values.snifferProjectID .Values.snifferApiURL }} - name: sniffer-agent securityContext: @@ -211,10 +212,10 @@ spec: add: ["NET_RAW", "NET_ADMIN"] image: ghcr.io/neuralegion/sniffer-agent:latest args: - - "-a=$(API_URL)" - - "-t=$(API_KEY)" - - "-p=$(PROJECT_ID)" - - "-i=$(NETWORK_INTERFACE)" + - "-a=$(API_URL)" + - "-t=$(API_KEY)" + - "-p=$(PROJECT_ID)" + - "-i=$(NETWORK_INTERFACE)" resources: requests: cpu: 200m @@ -232,15 +233,15 @@ spec: restartPolicy: Always volumes: - - name: {{ include "brokencrystals.fullname" . }}-postgres - configMap: - name: {{ include "brokencrystals.fullname" . }}-postgres - - name: {{ include "brokencrystals.fullname" . }}-keycloak-postgres - configMap: - name: {{ include "brokencrystals.fullname" . }}-keycloak-postgres - - name: {{ include "brokencrystals.fullname" . }}-keycloak - configMap: - name: {{ include "brokencrystals.fullname" . }}-keycloak - - name: {{ include "brokencrystals.fullname" . }}-nginx-proxy - configMap: - name: {{ include "brokencrystals.fullname" . }}-nginx-proxy + - name: {{ include "brokencrystals.fullname" . }}-postgres + configMap: + name: {{ include "brokencrystals.fullname" . }}-postgres + - name: {{ include "brokencrystals.fullname" . }}-keycloak-postgres + configMap: + name: {{ include "brokencrystals.fullname" . }}-keycloak-postgres + - name: {{ include "brokencrystals.fullname" . }}-keycloak + configMap: + name: {{ include "brokencrystals.fullname" . }}-keycloak + - name: {{ include "brokencrystals.fullname" . }}-nginx-proxy + configMap: + name: {{ include "brokencrystals.fullname" . }}-nginx-proxy diff --git a/charts/brokencrystals/templates/ingress.yaml b/charts/brokencrystals/templates/ingress.yaml index 6445640b..b37c7369 100644 --- a/charts/brokencrystals/templates/ingress.yaml +++ b/charts/brokencrystals/templates/ingress.yaml @@ -1,3 +1,5 @@ +{{- if not (and .Values.repeaterID .Values.token .Values.cluster) }} + --- apiVersion: networking.k8s.io/v1 kind: Ingress @@ -56,6 +58,7 @@ spec: name: {{ .Release.Name }}-keycloak port: number: 8080 +{{- end }} --- apiVersion: networking.k8s.io/v1 kind: Ingress diff --git a/charts/brokencrystals/values.yaml b/charts/brokencrystals/values.yaml index 4d44154a..3b9066fe 100644 --- a/charts/brokencrystals/values.yaml +++ b/charts/brokencrystals/values.yaml @@ -1,3 +1,4 @@ +enableIngress: true ingress: url: k3s.brokencrystals.nexploit.app cert: "" @@ -15,3 +16,4 @@ snifferApiKey: "" snifferProjectID: "" snifferNetworkInterface: "" +