From 5df769e46bc9f1f1f62daf3b6b5ba493fe86feff Mon Sep 17 00:00:00 2001 From: Denan Musinovic Date: Tue, 12 Nov 2024 11:19:01 +0100 Subject: [PATCH 1/9] chore: update webgoat chart version to 0.0.4 and adjust resource limits --- charts/webgoat/Chart.yaml | 2 +- charts/webgoat/values.yaml | 7 ++----- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/charts/webgoat/Chart.yaml b/charts/webgoat/Chart.yaml index fd2d1f1..d885865 100644 --- a/charts/webgoat/Chart.yaml +++ b/charts/webgoat/Chart.yaml @@ -4,7 +4,7 @@ description: Vulnerable app for testing apps based on Java type: application keywords: - webgoat -version: 0.0.3 +version: 0.0.4 dependencies: - name: simple-service version: 0.0.1 diff --git a/charts/webgoat/values.yaml b/charts/webgoat/values.yaml index c010d91..f4ce22c 100644 --- a/charts/webgoat/values.yaml +++ b/charts/webgoat/values.yaml @@ -5,10 +5,7 @@ simple-service: resources: requests: cpu: 256m - memory: 750Mi - limits: - memory: 1024Mi - ephemeral-storage: "4Gi" + memory: 512Mi targetPorts: - name: web-port containerPort: 8080 @@ -19,7 +16,7 @@ simple-service: protocol: TCP livenessProbe: httpGet: - path: / + path: /webgoat port: 8080 scheme: HTTP initialDelaySeconds: 120 From fe43a6b860175a2ab21e9300bdef1d78c1fcbb3b Mon Sep 17 00:00:00 2001 From: Denan Musinovic Date: Tue, 12 Nov 2024 14:35:09 +0100 Subject: [PATCH 2/9] feat: update webgoat chart to version 0.0.5 with new deployment and ingress configurations --- charts/webgoat/.helmignore | 23 ++++++++++++++++ charts/webgoat/Chart.yaml | 7 ++--- charts/webgoat/templates/deployment.yaml | 34 ++++++++++++++++++++++++ charts/webgoat/templates/ingress.yaml | 29 ++++++++++++++++++++ charts/webgoat/templates/service.yaml | 29 ++++++++++++++++++++ charts/webgoat/values.yaml | 27 +++---------------- 6 files changed, 121 insertions(+), 28 deletions(-) create mode 100644 charts/webgoat/.helmignore create mode 100644 charts/webgoat/templates/deployment.yaml create mode 100644 charts/webgoat/templates/ingress.yaml create mode 100644 charts/webgoat/templates/service.yaml diff --git a/charts/webgoat/.helmignore b/charts/webgoat/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/webgoat/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/webgoat/Chart.yaml b/charts/webgoat/Chart.yaml index d885865..1a66b40 100644 --- a/charts/webgoat/Chart.yaml +++ b/charts/webgoat/Chart.yaml @@ -4,8 +4,5 @@ description: Vulnerable app for testing apps based on Java type: application keywords: - webgoat -version: 0.0.4 -dependencies: -- name: simple-service - version: 0.0.1 - repository: "file://../../simple-service" +version: 0.0.5 +appVersion: "1.0.0" diff --git a/charts/webgoat/templates/deployment.yaml b/charts/webgoat/templates/deployment.yaml new file mode 100644 index 0000000..f6b59b7 --- /dev/null +++ b/charts/webgoat/templates/deployment.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Release.Name }} + app.kubernetes.io/instance: {{ .Release.Name }} +spec: + selector: + matchLabels: + app: {{ .Release.Name }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/instance: {{ .Release.Name }} + app: {{ .Release.Name }} + spec: + containers: + - name: {{ .Chart.Name }} + image: webgoat/webgoat + resources: + requests: + cpu: 250m + memory: 512Mi + livenessProbe: + httpGet: + path: /webgoat + port: 8080 + scheme: HTTP + initialDelaySeconds: 120 + periodSeconds: 30 diff --git a/charts/webgoat/templates/ingress.yaml b/charts/webgoat/templates/ingress.yaml new file mode 100644 index 0000000..cc90cbe --- /dev/null +++ b/charts/webgoat/templates/ingress.yaml @@ -0,0 +1,29 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + annotations: + nginx.ingress.kubernetes.io/proxy-ssl-protocols: "TLSv1.1 TLSv1.2" + nginx.ingress.kubernetes.io/ssl-redirect: "false" + {{ if eq .Values.ingress.cert "" }} + cert-manager.io/cluster-issuer: letsencrypt-cf-prod + {{ end }} +spec: + ingressClassName: nginx + tls: + - hosts: + - {{ .Values.ingress.url }} + secretName: {{ if eq .Values.ingress.cert "" }}distributorwildcard{{ else }}{{ .Values.ingress.cert }}{{ end }} + rules: + - host: {{ .Values.ingress.url }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: {{ .Release.Name }} + port: + number: 8080 diff --git a/charts/webgoat/templates/service.yaml b/charts/webgoat/templates/service.yaml new file mode 100644 index 0000000..604d894 --- /dev/null +++ b/charts/webgoat/templates/service.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} +spec: + ports: + - port: 9090 + selector: + app.kubernetes.io/instance: {{ .Release.Name }} + app: {{ .Release.Name }} + + +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} +spec: + ports: + - name: web-port + port: 80 + targetPort: 8080 + - name: webgoat-port + port: 9090 + targetPort: 9090 + selector: + app.kubernetes.io/instance: {{ .Release.Name }} + app: {{ .Release.Name }} diff --git a/charts/webgoat/values.yaml b/charts/webgoat/values.yaml index f4ce22c..02f27a6 100644 --- a/charts/webgoat/values.yaml +++ b/charts/webgoat/values.yaml @@ -1,23 +1,4 @@ -simple-service: - application: - image: webgoat/webgoat - port: 80 - resources: - requests: - cpu: 256m - memory: 512Mi - targetPorts: - - name: web-port - containerPort: 8080 - protocol: TCP - path: /webgoat - - name: webgoat-port - containerPort: 9090 - protocol: TCP - livenessProbe: - httpGet: - path: /webgoat - port: 8080 - scheme: HTTP - initialDelaySeconds: 120 - periodSeconds: 30 +ingress: + url: dev.vuln.nexploit.app + cert: "" + authlevel: "." From 6f9ddb177ce1d8d17bccc78ee9a14a6b4ed64189 Mon Sep 17 00:00:00 2001 From: Denan Musinovic Date: Wed, 13 Nov 2024 13:22:00 +0100 Subject: [PATCH 3/9] chore: update xvwa chart version to 0.0.4 and change image source --- charts/xvwa/Chart.yaml | 2 +- charts/xvwa/values.yaml | 7 ++----- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/charts/xvwa/Chart.yaml b/charts/xvwa/Chart.yaml index 61e7638..78697ac 100644 --- a/charts/xvwa/Chart.yaml +++ b/charts/xvwa/Chart.yaml @@ -4,7 +4,7 @@ description: Badly coded xtreme vulnerable web app type: application keywords: - xvwa -version: 0.0.3 +version: 0.0.4 dependencies: - name: simple-service version: 0.0.1 diff --git a/charts/xvwa/values.yaml b/charts/xvwa/values.yaml index 619c551..419ef10 100644 --- a/charts/xvwa/values.yaml +++ b/charts/xvwa/values.yaml @@ -1,14 +1,11 @@ simple-service: application: - image: tuxotron/xvwa + image: brightsec/xvwa port: 80 resources: requests: cpu: 50m - memory: 750Mi - limits: - memory: 1024Mi - ephemeral-storage: "4Gi" + memory: 256Mi livenessProbe: httpGet: path: / From 026382c6c5d9e60a504ffb4cb2b2a3a4c5ce0b4f Mon Sep 17 00:00:00 2001 From: Denan Musinovic Date: Thu, 14 Nov 2024 16:57:38 +0100 Subject: [PATCH 4/9] feat: add static-app-with-delay Helm chart for Kubernetes deployment with TLS support --- charts/static-app-with-delay/Chart.yaml | 6 + .../templates/_helpers.tpl | 8 ++ .../templates/deployment.yaml | 103 ++++++++++++++++++ .../templates/secret.yaml | 9 ++ .../templates/service.yaml | 18 +++ charts/static-app-with-delay/values.yaml | 15 +++ 6 files changed, 159 insertions(+) create mode 100644 charts/static-app-with-delay/Chart.yaml create mode 100644 charts/static-app-with-delay/templates/_helpers.tpl create mode 100644 charts/static-app-with-delay/templates/deployment.yaml create mode 100644 charts/static-app-with-delay/templates/secret.yaml create mode 100644 charts/static-app-with-delay/templates/service.yaml create mode 100644 charts/static-app-with-delay/values.yaml diff --git a/charts/static-app-with-delay/Chart.yaml b/charts/static-app-with-delay/Chart.yaml new file mode 100644 index 0000000..513ea06 --- /dev/null +++ b/charts/static-app-with-delay/Chart.yaml @@ -0,0 +1,6 @@ +# static-app-with-delay/Chart.yaml +apiVersion: v2 +name: static-app-with-delay +description: A Helm chart for Kubernetes deployment with self-signed certificate +version: 0.0.1 +appVersion: "1.0" diff --git a/charts/static-app-with-delay/templates/_helpers.tpl b/charts/static-app-with-delay/templates/_helpers.tpl new file mode 100644 index 0000000..a5e3904 --- /dev/null +++ b/charts/static-app-with-delay/templates/_helpers.tpl @@ -0,0 +1,8 @@ +# static-app-with-delay/templates/_helpers.tpl +{{- define "static-app-with-delay.name" -}} +static-app-with-delay +{{- end -}} + +{{- define "static-app-with-delay.fullname" -}} +{{- .Release.Name }}-static-app-with-delay +{{- end -}} diff --git a/charts/static-app-with-delay/templates/deployment.yaml b/charts/static-app-with-delay/templates/deployment.yaml new file mode 100644 index 0000000..ffa0a83 --- /dev/null +++ b/charts/static-app-with-delay/templates/deployment.yaml @@ -0,0 +1,103 @@ +# static-app-with-delay/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "static-app-with-delay.fullname" . }} + labels: + app: {{ include "static-app-with-delay.name" . }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ include "static-app-with-delay.name" . }} + template: + metadata: + labels: + app: {{ include "static-app-with-delay.name" . }} + spec: + hostAliases: + - ip: "127.0.0.1" + hostnames: + - "target.local" + containers: + - name: static-app + image: "{{ .Values.staticApp.image }}" + ports: + - containerPort: 80 + env: + - name: RESPONSE_SIZE + value: "{{ .Values.staticApp.responseSize }}" + + - name: nginx + image: "{{ .Values.nginx.image }}" + ports: + - containerPort: 443 + volumeMounts: + - name: tls-certs + mountPath: "/etc/nginx/tls" + readOnly: true + command: ["/bin/sh", "-c"] + args: + - | + echo ' + server { + listen 443 ssl; + server_name {{ .Values.nginx.serverName }}; + + ssl_certificate /etc/nginx/tls/tls.crt; + ssl_certificate_key /etc/nginx/tls/tls.key; + + location / { + proxy_pass http://localhost:8080; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + } + + server { + listen 80; + server_name {{ .Values.nginx.serverName }}; + + location / { + proxy_pass http://localhost:8080; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + } + ' > /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;' + + {{- if and .Values.repeaterID .Values.token .Values.cluster }} + {{- range $index, $repeaterID := .Values.repeaterID }} + - name: repeater-{{ $index }} + image: brightsec/cli{{ if $.Values.repeaterImageTag }}:{{ $.Values.repeaterImageTag }}{{ else }}:latest{{ end }} + command: ["bright-cli", "repeater"] + args: + - "--token=$(TOKEN)" + - "--id=$(REPEATER_ID)" + - "--cluster=$(CLUSTER)" + - "--timeout=$(TIMEOUT)" + - "--log-level=verbose" + resources: + requests: + cpu: 200m + memory: 100Mi + env: + - name: REPEATER_ID + value: "{{ $repeaterID }}" + - name: TOKEN + value: "{{ $.Values.token }}" + - name: CLUSTER + value: "{{ $.Values.cluster }}" + - name: TIMEOUT + value: "{{ $.Values.timeout | default "30000" }}" + {{- end }} + {{- end }} + + volumes: + - name: tls-certs + secret: + secretName: {{ include "static-app-with-delay.fullname" . }}-tls diff --git a/charts/static-app-with-delay/templates/secret.yaml b/charts/static-app-with-delay/templates/secret.yaml new file mode 100644 index 0000000..3cbfba6 --- /dev/null +++ b/charts/static-app-with-delay/templates/secret.yaml @@ -0,0 +1,9 @@ +# static-app-with-delay/templates/secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "static-app-with-delay.fullname" . }}-tls +type: kubernetes.io/tls +data: + tls.crt: {{ .Values.tls.crt }} + tls.key: {{ .Values.tls.key }} diff --git a/charts/static-app-with-delay/templates/service.yaml b/charts/static-app-with-delay/templates/service.yaml new file mode 100644 index 0000000..49eba4d --- /dev/null +++ b/charts/static-app-with-delay/templates/service.yaml @@ -0,0 +1,18 @@ +# static-app-with-delay/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: {{ include "static-app-with-delay.fullname" . }} +spec: + type: ClusterIP + ports: + - name: http + port: 80 + targetPort: 8080 + protocol: TCP + - name: https + port: 443 + targetPort: 443 + protocol: TCP + selector: + app: {{ include "static-app-with-delay.name" . }} diff --git a/charts/static-app-with-delay/values.yaml b/charts/static-app-with-delay/values.yaml new file mode 100644 index 0000000..0339bd4 --- /dev/null +++ b/charts/static-app-with-delay/values.yaml @@ -0,0 +1,15 @@ +# static-app-with-delay/values.yaml +staticApp: + image: "454884832027.dkr.ecr.us-east-1.amazonaws.com/static-app-with-delay:latest" # Replace with your app image if different + responseSize: "" +nginx: + image: "nginx:latest" + serverName: "static.local" # Replace with your actual domain name if needed +repeaterID: "" +token: "" +cluster: "" +timeout: "30000" +repeaterImageTag: "" +tls: + crt: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUROVENDQWgyZ0F3SUJBZ0lVY1B5K2VpWjgyZTY0WEt6aUpLQWZKbTRWNTYwd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0tqRVZNQk1HQTFVRUF3d01jM1JoZEdsakxteHZZMkZzTVJFd0R3WURWUVFLREFoWmIzVnlJRTl5WnpBZQpGdzB5TkRFeE1UTXhNREl4TlRSYUZ3MHlOVEV4TVRNeE1ESXhOVFJhTUNveEZUQVRCZ05WQkFNTURITjBZWFJwCll5NXNiMk5oYkRFUk1BOEdBMVVFQ2d3SVdXOTFjaUJQY21jd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUIKRHdBd2dnRUtBb0lCQVFDNldtTDJwdmtyYkhQY2JiRkRUeWF1Y1ptUnV1aHFjZFZXREVkc3dQTkkxbm9XS3cxZwpoZWQzRDIrUG5EWHZxRFh3c2NvKzVEdG43SllKU2dKVXpxQ1BkOWdVWWMrZTBGWkZyRWt6bnpnVXdOc1VpbUh3Cmt2ejd2REdtNGs3V3lLa3JXTEc3MTE1V2hIYmRWWjF5UWJjZ2hoOFRXQ1pjZFNqbmxuS0F4OTV2eXl3bzFVcG0Ka1ZzdTgzWm91NTQ2TCtSV0Q3VkNmMlZQclQ1MVVCV08vMFNySTNaUFVhMkpUK2V2UEhWRi8wS2ZibWRqVTlGagpZdmgrRWhHUWhXdHIzUWxsbmlGMis4Z0lDM3o3ckl5ays3K1hQZW5nNnE2cmVBVmU3WmlLU2VjMk0rNFc5NHBrCmx6VThXQWM2YStTSitnOVFudGo3UFZ4MkxSM2lZWVBZT0VJeEFnTUJBQUdqVXpCUk1CMEdBMVVkRGdRV0JCU1oKZjArK3JZSHlXeU1TdklMZm1MZElpN3EyN2pBZkJnTlZIU01FR0RBV2dCU1pmMCsrcllIeVd5TVN2SUxmbUxkSQppN3EyN2pBUEJnTlZIUk1CQWY4RUJUQURBUUgvTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFBMTl6NnVEakRqCngrWXRqSEpONThuVStiUTIxWnZ2OFNJekhuUjFTUS9TcUJnZ0RQY2NFa0dONHJJVjVmMDA0U1g4UmthbG5EMEYKNG1oSGRwclpGdE9abndyR2FrRTF6NGJWTXA4cnZwME40T3BsKzhKWENybzBTYzlwL3grY2ZBN1B1TFFUNW0rLwp1WVpjRDE3aG1oZlppVlZ2RTAzZ2ovKzFmSnpxZTNYUGhxME1OaWJnTjBIWkRDdUtBZ3RmOEJ1REVBNjljM092CnMwOXYxeERnaWZidXNLRHpaTHZJMzA3WVNCMEIxMFY4QVFXZ0Z1Sk8ydFBhWnBOczFnNkVRNnFOMmxkMFVvTFkKSmIzd0ZvMjVSVUV5Y080c0pneDdLSmdoSHBkODdueHkwMEdxMGNzSU5lK3dHNnk1TUlhN0RlLzJsb0trcFgvdQo3WUtHWExPSTlvWUQKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=" + key: "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRQzZXbUwycHZrcmJIUGMKYmJGRFR5YXVjWm1SdXVocWNkVldERWRzd1BOSTFub1dLdzFnaGVkM0QyK1BuRFh2cURYd3Njbys1RHRuN0pZSgpTZ0pVenFDUGQ5Z1VZYytlMEZaRnJFa3puemdVd05zVWltSHdrdno3dkRHbTRrN1d5S2tyV0xHNzExNVdoSGJkClZaMXlRYmNnaGg4VFdDWmNkU2pubG5LQXg5NXZ5eXdvMVVwbWtWc3U4M1pvdTU0NkwrUldEN1ZDZjJWUHJUNTEKVUJXTy8wU3JJM1pQVWEySlQrZXZQSFZGLzBLZmJtZGpVOUZqWXZoK0VoR1FoV3RyM1FsbG5pRjIrOGdJQzN6NwpySXlrKzcrWFBlbmc2cTZyZUFWZTdaaUtTZWMyTSs0Vzk0cGtselU4V0FjNmErU0orZzlRbnRqN1BWeDJMUjNpCllZUFlPRUl4QWdNQkFBRUNnZ0VBREZYeDRaNTFkWXFwRThFZUlCVEQvSDJ3R3YyNnAxc3dNbEUvUkNOMHAxQnQKUmZ6bEZvdmVvZHEvZVl2dlpSVW5OdTdwOHFaVWlXRlhvRGRLTnJkejJQTm50aGV3Y1BTZEZXRWRlbUdTaW9zbQpwWEl3b0FaMjRTb1l4bEdLUXYwRzk4UFlCaFZ3WFAxSlNnY0NGRjlsd2kwbXJ2YmhtVEszT2JkVGpwTk1kZTFwCnpNSXRvSlhhRklBczRzcTZVK0d2dW9YUE1pU0Nwa0hWUVFxdnZQVjJWNnRiSGErdCtNeGt1SFg0TEtwWkRBV2EKb3Z1NjhvZVM1bi9TbjRTZ01mWTRHMnRselZKWVlZN3FId3hGM21PWmZiR2pMMzF2SGxVN0MraHYxM2RIUzBHdgp0UFMweGtTdUNiR1V5UTV3am0zem05d0VHYVRsWVRmZlVCcFNKOHczZlFLQmdRREcrMkdaNjhSbUlDRUhSSkRhCm1NNCsrVElRUk5VeFEzb2M0bkhMTHdvMllqdmEyOEl0VnV1aTJZZTU3MnJtN2dQYytYcW4wZXo5ZSt4ckJ3TzIKc0FoM0RxRm9ndXhNWlh4MC93MjRLajBsLy9ZRDJKeWdmQUtkaEJrTFVidUJzVjF4ODZ0eHI0QmxUWC91dUNhVwo1YkN6UGtadlp2R1JaZjBCckV6VjgwdnNUUUtCZ1FEdndKZzFZbFBVWEQ0bUZzQVU5RlYzK01TVTlTOU1QWjhpCks5TmZOaWJRSENuWUJjeWdNa0NKaCs4ejR6cDgrM3JDVWZ5U2k5NVFjMVJzYUM1TUxYbFBCQmU0b1hBVnhsU3cKY3AzNnNaRVE2OWxzbktZZkUzUFpXakNFeWNtVlBidGpBWWl2cUFrdGVLUGZodERpZk1PZ1JOSXVqMU1mc1FqRApjbXppU2IvUGRRS0JnUUNOWkVscFgyQVNsWmdDbXhVM1Q4ZVdkZXErSnJzN0kxQ2RQOGRPY3VHVjNWM2MyYlYwCkZFU2lWbUtjbStUaHJaV3ZLdE9lZG93cFh5cVNyc3hUdjJoMGVULzJqTG11VzVzQlk4OXk0d2pLZk1ScTNUd0cKeWJmdUI5VG45eTcvTEhKVEs2dlN2N3ZEd0RzOC9Udm1rOVpvdDhMREhHcGhRQkIxWk9MQVVQN05MUUtCZ1FETQpvdlRIekErRldONXJJRXYvRnJYRTJ2N2ZyWThiWWhWcjAwQnRLZ2xpNUVjSzdaaEV1OSsrQTlxMXpTTmsvamsvCmx6OGZ6bWFKQUlkMHFFK3NFYnhUSjBrZi9CdHhXb0Y2d2JuNStvbTVpYlZoTVN2UnBvYmhaRXU1YTRxMTZhVUIKMHBOYWF2QzZjUmhlZC9IZS8yTHlid3QvVmpJN0FKNWNSRlNQcVNjZzZRS0JnRjNpd2pxaGNjNG1mdktOZStFdwpUN1lhOEp0cERjOThIVHNlUWhybi9JT1hHL0pEY3hNVG9CTUxpYmhNQllTMDlrU0EzVzV2UURuT1JqYm9UcXQrCitSU3gydVlMUzhxa0VCbFdjTC81RFJjeDB5TmRJL3AvaDZMK2h2WWNQMlhBcDdHajl5ZWNFVFRhZEFqYkw3bE0KRHFKdmcyaGJvR1ZpYXlBcjNtWkJkYkR5Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K" From 38fef484f69aee6c72aa041bbbd2610509a8f140 Mon Sep 17 00:00:00 2001 From: Denan Musinovic Date: Tue, 26 Nov 2024 14:23:22 +0100 Subject: [PATCH 5/9] [log4shell] Upgrade resources --- charts/log4shell/Chart.yaml | 2 +- charts/log4shell/values.yaml | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/log4shell/Chart.yaml b/charts/log4shell/Chart.yaml index 6cc201f..fd06a0a 100644 --- a/charts/log4shell/Chart.yaml +++ b/charts/log4shell/Chart.yaml @@ -4,7 +4,7 @@ description: log4shell app type: application keywords: - log4shell -version: 0.0.2 +version: 0.0.3 dependencies: - name: simple-service version: 0.0.1 diff --git a/charts/log4shell/values.yaml b/charts/log4shell/values.yaml index 19ec259..d4e6108 100644 --- a/charts/log4shell/values.yaml +++ b/charts/log4shell/values.yaml @@ -4,11 +4,11 @@ simple-service: port: 8080 resources: requests: - cpu: 50m - memory: 128Mi - limits: - cpu: 125m + cpu: 150m memory: 256Mi + limits: + cpu: 500m + memory: 768Mi livenessProbe: httpGet: path: / From 5913e292e7564809887db3820af6fd703523e777 Mon Sep 17 00:00:00 2001 From: Denan Musinovic Date: Wed, 27 Nov 2024 12:50:33 +0100 Subject: [PATCH 6/9] Adding stresstesting-webdriver app --- charts/stresstesting-webdriver/Chart.yaml | 11 +++++++++++ charts/stresstesting-webdriver/values.yaml | 23 ++++++++++++++++++++++ 2 files changed, 34 insertions(+) create mode 100644 charts/stresstesting-webdriver/Chart.yaml create mode 100644 charts/stresstesting-webdriver/values.yaml diff --git a/charts/stresstesting-webdriver/Chart.yaml b/charts/stresstesting-webdriver/Chart.yaml new file mode 100644 index 0000000..4a15ed5 --- /dev/null +++ b/charts/stresstesting-webdriver/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +name: stresstesting-webdriver +description: https://github.com/NeuraLegion/mock-servers +type: application +keywords: +- stresstesting-webdriver +version: 0.0.1 +dependencies: +- name: simple-service + version: 0.0.1 + repository: "file://../../simple-service" diff --git a/charts/stresstesting-webdriver/values.yaml b/charts/stresstesting-webdriver/values.yaml new file mode 100644 index 0000000..e023ad9 --- /dev/null +++ b/charts/stresstesting-webdriver/values.yaml @@ -0,0 +1,23 @@ +simple-service: + application: + image: ghcr.io/neuralegion/stress_web + port: 3000 + resources: + requests: + cpu: 50m + memory: 128Mi + limits: + cpu: 250m + memory: 512Mi + livenessProbe: + httpGet: + path: / + port: 3000 + scheme: HTTP + initialDelaySeconds: 30 + periodSeconds: 30 + startupProbe: + httpGet: + path: / + port: 3000 + scheme: HTTP From e33bf20630acdfdec41d1578854aa4c9dd738193 Mon Sep 17 00:00:00 2001 From: Denan Musinovic Date: Wed, 27 Nov 2024 14:41:24 +0100 Subject: [PATCH 7/9] Adding stress-nonweb app --- charts/stress-nonweb/.helmignore | 23 ++++++++++ charts/stress-nonweb/Chart.yaml | 21 +++++++++ .../stress-nonweb/templates/deployment.yaml | 44 +++++++++++++++++++ charts/stress-nonweb/templates/ingress.yaml | 29 ++++++++++++ charts/stress-nonweb/templates/service.yaml | 11 +++++ charts/stress-nonweb/values.yaml | 5 +++ 6 files changed, 133 insertions(+) create mode 100644 charts/stress-nonweb/.helmignore create mode 100644 charts/stress-nonweb/Chart.yaml create mode 100644 charts/stress-nonweb/templates/deployment.yaml create mode 100644 charts/stress-nonweb/templates/ingress.yaml create mode 100644 charts/stress-nonweb/templates/service.yaml create mode 100644 charts/stress-nonweb/values.yaml diff --git a/charts/stress-nonweb/.helmignore b/charts/stress-nonweb/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/stress-nonweb/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/stress-nonweb/Chart.yaml b/charts/stress-nonweb/Chart.yaml new file mode 100644 index 0000000..967720e --- /dev/null +++ b/charts/stress-nonweb/Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v2 +name: stress-nonweb +description: A Helm chart for Kubernetes + +# To use chart you can use the following commands (small image size is default): +# helm upgrade --install releaseName --set imageSize=small|medium|large --set ingress.url=something.k3s.brokencrystals.nexploit.app . --namespace distributor --wait + +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +keywords: +- stress-nonweb +version: 1.0.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.0.0" diff --git a/charts/stress-nonweb/templates/deployment.yaml b/charts/stress-nonweb/templates/deployment.yaml new file mode 100644 index 0000000..6f7e820 --- /dev/null +++ b/charts/stress-nonweb/templates/deployment.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Release.Name }} + app.kubernetes.io/instance: {{ .Release.Name }} +spec: + selector: + matchLabels: + app: {{ .Release.Name }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/instance: {{ .Release.Name }} + app: {{ .Release.Name }} + spec: + containers: + - name: {{ .Chart.Name }} + image: ghcr.io/neuralegion/stress_nonweb:{{ .Values.imageSize }} + resources: + requests: + cpu: 50m + memory: 128Mi + limits: + cpu: 250m + memory: 512Mi + livenessProbe: + httpGet: + path: / + port: 3000 + scheme: HTTP + initialDelaySeconds: 30 + periodSeconds: 30 + startupProbe: + httpGet: + path: / + port: 3000 + scheme: HTTP + imagePullSecrets: + - name: pull-ghcr-io diff --git a/charts/stress-nonweb/templates/ingress.yaml b/charts/stress-nonweb/templates/ingress.yaml new file mode 100644 index 0000000..05b30aa --- /dev/null +++ b/charts/stress-nonweb/templates/ingress.yaml @@ -0,0 +1,29 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + annotations: + nginx.ingress.kubernetes.io/proxy-ssl-protocols: "TLSv1.1 TLSv1.2" + nginx.ingress.kubernetes.io/ssl-redirect: "false" + {{ if eq .Values.ingress.cert "" }} + cert-manager.io/cluster-issuer: letsencrypt-cf-prod + {{ end }} +spec: + ingressClassName: nginx + tls: + - hosts: + - {{ .Values.ingress.url }} + secretName: {{ if eq .Values.ingress.cert "" }}distributorwildcard{{ else }}{{ .Values.ingress.cert }}{{ end }} + rules: + - host: {{ .Values.ingress.url }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: {{ .Release.Name }} + port: + number: 3000 diff --git a/charts/stress-nonweb/templates/service.yaml b/charts/stress-nonweb/templates/service.yaml new file mode 100644 index 0000000..c7f91db --- /dev/null +++ b/charts/stress-nonweb/templates/service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} +spec: + ports: + - port: 3000 + selector: + app.kubernetes.io/instance: {{ .Release.Name }} + app: {{ .Release.Name }} diff --git a/charts/stress-nonweb/values.yaml b/charts/stress-nonweb/values.yaml new file mode 100644 index 0000000..354980b --- /dev/null +++ b/charts/stress-nonweb/values.yaml @@ -0,0 +1,5 @@ +ingress: + url: dev.vuln.nexploit.app + cert: "" + authlevel: "." +imageSize: "small" From b3760c8b22c67f5c1b57452d81db837106adb868 Mon Sep 17 00:00:00 2001 From: Denan Musinovic Date: Wed, 27 Nov 2024 16:18:57 +0100 Subject: [PATCH 8/9] Adding flood-testing app chore: update flood-testing chart version to 1.0.1 and adjust keywords --- charts/flood-testing/.helmignore | 23 ++++++++++ charts/flood-testing/Chart.yaml | 23 ++++++++++ .../flood-testing/templates/deployment.yaml | 44 +++++++++++++++++++ charts/flood-testing/templates/ingress.yaml | 29 ++++++++++++ charts/flood-testing/templates/service.yaml | 11 +++++ charts/flood-testing/values.yaml | 5 +++ 6 files changed, 135 insertions(+) create mode 100644 charts/flood-testing/.helmignore create mode 100644 charts/flood-testing/Chart.yaml create mode 100644 charts/flood-testing/templates/deployment.yaml create mode 100644 charts/flood-testing/templates/ingress.yaml create mode 100644 charts/flood-testing/templates/service.yaml create mode 100644 charts/flood-testing/values.yaml diff --git a/charts/flood-testing/.helmignore b/charts/flood-testing/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/flood-testing/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/flood-testing/Chart.yaml b/charts/flood-testing/Chart.yaml new file mode 100644 index 0000000..f320fbc --- /dev/null +++ b/charts/flood-testing/Chart.yaml @@ -0,0 +1,23 @@ +apiVersion: v2 +name: flood-testing +description: A Helm chart for Kubernetes + +# To use chart you can use the following commands (small image size is default): +# helm upgrade --install releaseName --set imageSize=small|medium|large --set ingress.url=something.k3s.brokencrystals.nexploit.app . --namespace distributor --wait + + +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +keywords: + - flood-testing + - ft +version: 1.0.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.0.0" diff --git a/charts/flood-testing/templates/deployment.yaml b/charts/flood-testing/templates/deployment.yaml new file mode 100644 index 0000000..f3f647f --- /dev/null +++ b/charts/flood-testing/templates/deployment.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Release.Name }} + app.kubernetes.io/instance: {{ .Release.Name }} +spec: + selector: + matchLabels: + app: {{ .Release.Name }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/instance: {{ .Release.Name }} + app: {{ .Release.Name }} + spec: + containers: + - name: {{ .Chart.Name }} + image: ghcr.io/neuralegion/floodtest_tgt:{{ .Values.imageSize }} + resources: + requests: + cpu: 50m + memory: 128Mi + limits: + cpu: 250m + memory: 512Mi + livenessProbe: + httpGet: + path: / + port: 3000 + scheme: HTTP + initialDelaySeconds: 30 + periodSeconds: 30 + startupProbe: + httpGet: + path: / + port: 3000 + scheme: HTTP + imagePullSecrets: + - name: pull-ghcr-io diff --git a/charts/flood-testing/templates/ingress.yaml b/charts/flood-testing/templates/ingress.yaml new file mode 100644 index 0000000..05b30aa --- /dev/null +++ b/charts/flood-testing/templates/ingress.yaml @@ -0,0 +1,29 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + annotations: + nginx.ingress.kubernetes.io/proxy-ssl-protocols: "TLSv1.1 TLSv1.2" + nginx.ingress.kubernetes.io/ssl-redirect: "false" + {{ if eq .Values.ingress.cert "" }} + cert-manager.io/cluster-issuer: letsencrypt-cf-prod + {{ end }} +spec: + ingressClassName: nginx + tls: + - hosts: + - {{ .Values.ingress.url }} + secretName: {{ if eq .Values.ingress.cert "" }}distributorwildcard{{ else }}{{ .Values.ingress.cert }}{{ end }} + rules: + - host: {{ .Values.ingress.url }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: {{ .Release.Name }} + port: + number: 3000 diff --git a/charts/flood-testing/templates/service.yaml b/charts/flood-testing/templates/service.yaml new file mode 100644 index 0000000..c7f91db --- /dev/null +++ b/charts/flood-testing/templates/service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} +spec: + ports: + - port: 3000 + selector: + app.kubernetes.io/instance: {{ .Release.Name }} + app: {{ .Release.Name }} diff --git a/charts/flood-testing/values.yaml b/charts/flood-testing/values.yaml new file mode 100644 index 0000000..354980b --- /dev/null +++ b/charts/flood-testing/values.yaml @@ -0,0 +1,5 @@ +ingress: + url: dev.vuln.nexploit.app + cert: "" + authlevel: "." +imageSize: "small" From 109e2939d45af3e5f7d234145750fbb6555dc1b9 Mon Sep 17 00:00:00 2001 From: Denan Musinovic Date: Thu, 28 Nov 2024 10:16:20 +0100 Subject: [PATCH 9/9] chore: update stresstesting-webdriver chart version to 0.0.2 and modify keywords --- charts/stresstesting-webdriver/Chart.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/charts/stresstesting-webdriver/Chart.yaml b/charts/stresstesting-webdriver/Chart.yaml index 4a15ed5..e19bc5a 100644 --- a/charts/stresstesting-webdriver/Chart.yaml +++ b/charts/stresstesting-webdriver/Chart.yaml @@ -4,7 +4,8 @@ description: https://github.com/NeuraLegion/mock-servers type: application keywords: - stresstesting-webdriver -version: 0.0.1 +- stress-web +version: 0.0.2 dependencies: - name: simple-service version: 0.0.1