From 021af8a4cca843120420da380cea04794765bf53 Mon Sep 17 00:00:00 2001 From: gornication Date: Wed, 10 Jan 2024 18:03:40 +0700 Subject: [PATCH] Put all in one pod except keycloak db --- charts/brokencrystals-experimental/Chart.yaml | 2 +- .../templates/_helpers.tpl | 6 +- .../templates/bc-postgres-deployment.yaml | 62 ------ .../templates/bc-prod-deployment.yaml | 90 -------- .../{config.yaml => config-postgres.yaml} | 0 .../{nginx-config.yaml => config-proxy.yaml} | 19 +- .../templates/deployment.yaml | 205 ++++++++++++++++++ .../templates/ingress.yaml | 12 +- .../templates/keycloak-deployment.yaml | 79 ------- .../keycloak-postgres-deployment.yaml | 4 +- .../templates/service.yaml | 25 +++ .../brokencrystals-experimental/values.yaml | 1 + 12 files changed, 245 insertions(+), 260 deletions(-) delete mode 100644 charts/brokencrystals-experimental/templates/bc-postgres-deployment.yaml delete mode 100644 charts/brokencrystals-experimental/templates/bc-prod-deployment.yaml rename charts/brokencrystals-experimental/templates/{config.yaml => config-postgres.yaml} (100%) rename charts/brokencrystals-experimental/templates/{nginx-config.yaml => config-proxy.yaml} (58%) create mode 100644 charts/brokencrystals-experimental/templates/deployment.yaml delete mode 100644 charts/brokencrystals-experimental/templates/keycloak-deployment.yaml create mode 100644 charts/brokencrystals-experimental/templates/service.yaml diff --git a/charts/brokencrystals-experimental/Chart.yaml b/charts/brokencrystals-experimental/Chart.yaml index de316d1e..892aad36 100644 --- a/charts/brokencrystals-experimental/Chart.yaml +++ b/charts/brokencrystals-experimental/Chart.yaml @@ -4,7 +4,7 @@ description: | Benchmark application that uses modern technologies and implements a set of common security vulnerabilities type: application -version: 0.0.26 +version: 0.0.27 keywords: - brokencrystals-exp - brkn-e diff --git a/charts/brokencrystals-experimental/templates/_helpers.tpl b/charts/brokencrystals-experimental/templates/_helpers.tpl index db6130ff..cd31aba8 100644 --- a/charts/brokencrystals-experimental/templates/_helpers.tpl +++ b/charts/brokencrystals-experimental/templates/_helpers.tpl @@ -12,13 +12,13 @@ If release name contains chart name it will be used as a full name. */}} {{- define "brokencrystals.fullname" -}} {{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 54 | trimSuffix "-" }} +{{- .Values.fullnameOverride | trunc 50 | trimSuffix "-" }} {{- else }} {{- $name := default .Chart.Name .Values.nameOverride }} {{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- .Release.Name | trunc 50 | trimSuffix "-" }} {{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 54 | trimSuffix "-" }} +{{- printf "%s-%s" .Release.Name $name | trunc 50 | trimSuffix "-" }} {{- end }} {{- end }} {{- end }} diff --git a/charts/brokencrystals-experimental/templates/bc-postgres-deployment.yaml b/charts/brokencrystals-experimental/templates/bc-postgres-deployment.yaml deleted file mode 100644 index e15fa4f8..00000000 --- a/charts/brokencrystals-experimental/templates/bc-postgres-deployment.yaml +++ /dev/null @@ -1,62 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "brokencrystals.fullname" . }}-postgres - namespace: {{ .Release.Namespace }} - labels: - app: {{ include "brokencrystals.fullname" . }}-postgres -spec: - selector: - matchLabels: - app: {{ include "brokencrystals.fullname" . }}-postgres - template: - metadata: - labels: - app: {{ include "brokencrystals.fullname" . }}-postgres - spec: - containers: - - name: {{ include "brokencrystals.fullname" . }}-postgres - image: postgres - livenessProbe: - tcpSocket: - port: 5432 - initialDelaySeconds: 60 - periodSeconds: 30 - env: - - name: POSTGRES_DB - value: "bc" - - name: POSTGRES_USER - value: "bc" - - name: POSTGRES_PASSWORD - value: "bc" - resources: - requests: - cpu: 200m - memory: 100Mi - volumeMounts: - - name: {{ include "brokencrystals.fullname" . }}-postgres - mountPath: /docker-entrypoint-initdb.d/pg.sql - subPath: pg.sql - readOnly: true - volumes: - - name: {{ include "brokencrystals.fullname" . }}-postgres - configMap: - name: {{ include "brokencrystals.fullname" . }}-postgres - - ---- -kind: Service -apiVersion: v1 -metadata: - name: {{ include "brokencrystals.fullname" . }}-postgres-nodejs - namespace: {{ .Release.Namespace }} -spec: - selector: - app: {{ include "brokencrystals.fullname" . }}-postgres - ports: - - name: postgres - port: 5432 - protocol: TCP - targetPort: 5432 - diff --git a/charts/brokencrystals-experimental/templates/bc-prod-deployment.yaml b/charts/brokencrystals-experimental/templates/bc-prod-deployment.yaml deleted file mode 100644 index 3840e28d..00000000 --- a/charts/brokencrystals-experimental/templates/bc-prod-deployment.yaml +++ /dev/null @@ -1,90 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "brokencrystals.fullname" . }}-nodejs - namespace: {{ .Release.Namespace }} - labels: - app: {{ include "brokencrystals.fullname" . }}-nodejs -spec: - selector: - matchLabels: - app: {{ include "brokencrystals.fullname" . }}-nodejs - template: - metadata: - labels: - app: {{ include "brokencrystals.fullname" . }}-nodejs - spec: - containers: - - name: {{ include "brokencrystals.fullname" . }}-nodejs-app - image: brightsec/brokencrystals:{{ .Values.images.main }} -# command: ["/bin/sleep"] -# args: ["10000"] - env: - - name: URL - value: "https://{{ .Values.ingress.url }}" - # value: "https://brokencrystals.com" - - name: DATABASE_HOST - value: "{{ include "brokencrystals.fullname" . }}-postgres-nodejs" - - name: DATABASE_SCHEMA - value: "bc" - - name: DATABASE_USER - value: "bc" - - name: DATABASE_PASSWORD - value: "bc" - - name: DATABASE_PORT - value: "5432" - - name: DATABASE_DEBUG - value: "true" - - name: AWS_BUCKET - value: "https://neuralegion-open-bucket.s3.amazonaws.com" - - name: GOOGLE_MAPS_API - value: "AIzaSyD2wIxpYCuNI0Zjt8kChs2hLTS5abVQfRQ" - - name: JWT_PRIVATE_KEY_LOCATION - value: "config/keys/jwtRS256.key" - - name: JWT_PUBLIC_KEY_LOCATION - value: "config/keys/jwtRS256.key.pub.pem" - - name: JWT_SECRET_KEY - value: "1234" - - name: JWK_PRIVATE_KEY_LOCATION - value: "config/keys/jwk.key.pem" - - name: JWK_PUBLIC_KEY_LOCATION - value: "config/keys/jwk.pub.key.pem" - - name: JWK_PUBLIC_JSON - value: "config/keys/jwk.pub.json" - - name: JKU_URL - value: "https://raw.githubusercontent.com/NeuraLegion/brokencrystals/development/config/keys/jku.json" - - name: X5U_URL - value: "https://raw.githubusercontent.com/NeuraLegion/brokencrystals/development/config/keys/x509.crt" - resources: - requests: - cpu: 500m - memory: 1024Mi - livenessProbe: - httpGet: - path: /api/config - port: 3000 - scheme: HTTP - initialDelaySeconds: 120 - periodSeconds: 30 - volumes: - - name: {{ include "brokencrystals.fullname" . }}-nginx - configMap: - name: {{ include "brokencrystals.fullname" . }}-nginx - ---- -kind: Service -apiVersion: v1 -metadata: -# name: bc-nodejs-service - name: {{ include "brokencrystals.fullname" . }}-nodejs - namespace: {{ .Release.Namespace }} -spec: - selector: - app: {{ include "brokencrystals.fullname" . }}-nodejs - ports: - - name: http - port: 3000 - protocol: TCP - targetPort: 3000 - diff --git a/charts/brokencrystals-experimental/templates/config.yaml b/charts/brokencrystals-experimental/templates/config-postgres.yaml similarity index 100% rename from charts/brokencrystals-experimental/templates/config.yaml rename to charts/brokencrystals-experimental/templates/config-postgres.yaml diff --git a/charts/brokencrystals-experimental/templates/nginx-config.yaml b/charts/brokencrystals-experimental/templates/config-proxy.yaml similarity index 58% rename from charts/brokencrystals-experimental/templates/nginx-config.yaml rename to charts/brokencrystals-experimental/templates/config-proxy.yaml index 43811f3f..e7d488b3 100644 --- a/charts/brokencrystals-experimental/templates/nginx-config.yaml +++ b/charts/brokencrystals-experimental/templates/config-proxy.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "brokencrystals.fullname" . }}-nginx + name: {{ include "brokencrystals.fullname" . }}-nginx-proxy namespace: {{ .Release.Namespace }} data: # /etc/nginx/conf.d/default.conf @@ -23,39 +23,24 @@ data: } location /api { - # Forward API requests to the Node.js application proxy_pass http://127.0.0.1:3000; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; } location /swagger { - # Forward /swagger requests to the Node.js application proxy_pass http://127.0.0.1:3000; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; } location /graphiql { - # Forward /graphiql requests to the Node.js application proxy_pass http://127.0.0.1:3000; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; } location /graphql { - # Forward /graphql requests to the Node.js application proxy_pass http://127.0.0.1:3000; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; } location /put.raw { - # Forward /put.raw requests to the Node.js application - rewrite ^/put.raw /api/file/raw?path=./gil.txt break; + rewrite put.raw /api/file/raw?path=./gil.txt break; proxy_pass http://127.0.0.1:3000; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; } location ~* ^/(config\.js|config\.json|\.htaccess|\.env|\.nginx\.conf|\.robots\.txt)$ { diff --git a/charts/brokencrystals-experimental/templates/deployment.yaml b/charts/brokencrystals-experimental/templates/deployment.yaml new file mode 100644 index 00000000..990968a0 --- /dev/null +++ b/charts/brokencrystals-experimental/templates/deployment.yaml @@ -0,0 +1,205 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Release.Name }} + app.kubernetes.io/instance: {{ .Release.Name }} +spec: + selector: + matchLabels: + app: {{ .Release.Name }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/instance: {{ .Release.Name }} + app: {{ .Release.Name }} + spec: + hostAliases: + - ip: "127.0.0.1" + hostnames: + - "postgres" + - "keycloak" + - "nodejs" + - "proxy" + containers: + - name: postgres + image: postgres + livenessProbe: + tcpSocket: + port: 5432 + initialDelaySeconds: 60 + periodSeconds: 30 + env: + - name: POSTGRES_DB + value: "bc" + - name: POSTGRES_USER + value: "bc" + - name: POSTGRES_PASSWORD + value: "bc" + resources: + requests: + cpu: 200m + memory: 100Mi + volumeMounts: + - name: {{ include "brokencrystals.fullname" . }}-postgres + mountPath: /docker-entrypoint-initdb.d/pg.sql + subPath: pg.sql + readOnly: true + + - name: keycloak + image: jboss/keycloak:latest + resources: + requests: + cpu: 100m + memory: 500Mi + livenessProbe: + httpGet: + path: / + port: 8080 + scheme: HTTP + initialDelaySeconds: 120 + periodSeconds: 30 + env: + - name: DB_VENDOR + value: "POSTGRES" + - name: DB_ADDR + value: "{{ include "brokencrystals.fullname" . }}-keycloak-postgres" + - name: DB_DATABASE + value: "keycloak" + - name: DB_SCHEMA + value: "public" + - name: DB_PASSWORD + value: "password" + - name: KEYCLOAK_USER + value: "admin" + - name: KEYCLOAK_PASSWORD + value: "Pa55w0rd" + - name: KEYCLOAK_IMPORT + value: "/opt/jboss/keycloak/imports/realm-export.json -Dkeycloak.profile.feature.upload_scripts=enabled" + - name: PROXY_ADDRESS_FORWARDING + value: "true" + - name: KEYCLOAK_FRONTEND_URL + value: "https://auth{{ .Values.ingress.authlevel }}{{ .Values.ingress.url }}/auth/" + volumeMounts: + - name: {{ include "brokencrystals.fullname" . }}-keycloak + mountPath: /opt/jboss/keycloak/imports/realm-export.json + subPath: realm-export.json + readOnly: true + + - name: nodejs + image: brightsec/brokencrystals:{{ .Values.images.main }} + env: + - name: URL + value: "https://{{ .Values.ingress.url }}" + - name: DATABASE_HOST + value: "postgres" + - name: DATABASE_SCHEMA + value: "bc" + - name: DATABASE_USER + value: "bc" + - name: DATABASE_PASSWORD + value: "bc" + - name: DATABASE_PORT + value: "5432" + - name: DATABASE_DEBUG + value: "true" + - name: AWS_BUCKET + value: "https://neuralegion-open-bucket.s3.amazonaws.com" + - name: GOOGLE_MAPS_API + value: "AIzaSyD2wIxpYCuNI0Zjt8kChs2hLTS5abVQfRQ" + - name: JWT_PRIVATE_KEY_LOCATION + value: "config/keys/jwtRS256.key" + - name: JWT_PUBLIC_KEY_LOCATION + value: "config/keys/jwtRS256.key.pub.pem" + - name: JWT_SECRET_KEY + value: "1234" + - name: JWK_PRIVATE_KEY_LOCATION + value: "config/keys/jwk.key.pem" + - name: JWK_PUBLIC_KEY_LOCATION + value: "config/keys/jwk.pub.key.pem" + - name: JWK_PUBLIC_JSON + value: "config/keys/jwk.pub.json" + - name: JKU_URL + value: "https://raw.githubusercontent.com/NeuraLegion/brokencrystals/development/config/keys/jku.json" + - name: X5U_URL + value: "https://raw.githubusercontent.com/NeuraLegion/brokencrystals/development/config/keys/x509.crt" + resources: + requests: + cpu: 500m + memory: 1024Mi + livenessProbe: + httpGet: + path: /api/config + port: 3000 + scheme: HTTP + initialDelaySeconds: 120 + periodSeconds: 30 + + - name: proxy + image: neuralegion/brokencrystals-proxy-http:{{ .Values.images.client }} + env: + - name: URL + value: "https://{{ .Values.ingress.url }}" + - name: DATABASE_HOST + value: "postgres" + - name: DATABASE_SCHEMA + value: "bc" + - name: DATABASE_USER + value: "bc" + - name: DATABASE_PASSWORD + value: "bc" + - name: DATABASE_PORT + value: "5432" + - name: DATABASE_DEBUG + value: "true" + - name: AWS_BUCKET + value: "https://neuralegion-open-bucket.s3.amazonaws.com" + - name: GOOGLE_MAPS_API + value: "AIzaSyD2wIxpYCuNI0Zjt8kChs2hLTS5abVQfRQ" + - name: JWT_PRIVATE_KEY_LOCATION + value: "config/keys/jwtRS256.key" + - name: JWT_PUBLIC_KEY_LOCATION + value: "config/keys/jwtRS256.key.pub.pem" + - name: JWT_SECRET_KEY + value: "1234" + - name: JWK_PRIVATE_KEY_LOCATION + value: "config/keys/jwk.key.pem" + - name: JWK_PUBLIC_KEY_LOCATION + value: "config/keys/jwk.pub.key.pem" + - name: JWK_PUBLIC_JSON + value: "config/keys/jwk.pub.json" + - name: JKU_URL + value: "https://raw.githubusercontent.com/NeuraLegion/brokencrystals/development/config/keys/jku.json" + - name: X5U_URL + value: "https://raw.githubusercontent.com/NeuraLegion/brokencrystals/development/config/keys/x509.crt" + volumeMounts: + - name: {{ include "brokencrystals.fullname" . }}-nginx-proxy + mountPath: /etc/nginx/conf.d/default.conf + subPath: default.conf + readOnly: true + resources: + requests: + cpu: 500m + memory: 50Mi + livenessProbe: + httpGet: + path: / + port: 80 + scheme: HTTP + initialDelaySeconds: 120 + periodSeconds: 30 + restartPolicy: Always + + volumes: + - name: {{ include "brokencrystals.fullname" . }}-postgres + configMap: + name: {{ include "brokencrystals.fullname" . }}-postgres + - name: {{ include "brokencrystals.fullname" . }}-keycloak + configMap: + name: {{ include "brokencrystals.fullname" . }}-keycloak + - name: {{ include "brokencrystals.fullname" . }}-nginx-proxy + configMap: + name: {{ include "brokencrystals.fullname" . }}-nginx-proxy diff --git a/charts/brokencrystals-experimental/templates/ingress.yaml b/charts/brokencrystals-experimental/templates/ingress.yaml index b6828a99..646cfdd1 100644 --- a/charts/brokencrystals-experimental/templates/ingress.yaml +++ b/charts/brokencrystals-experimental/templates/ingress.yaml @@ -14,19 +14,19 @@ metadata: spec: tls: - hosts: - - {{ .Values.ingress.url }} + - {{ .Release.Name }}.{{ .Values.ingress.url }} secretName: {{ if eq .Values.ingress.cert "" }}{{ include "brokencrystals.fullname" . }}-brokencrystals-secret{{ else }}{{ .Values.ingress.cert }}{{ end }} rules: - - host: {{ .Values.ingress.url }} + - host: {{ .Release.Name }}.{{ .Values.ingress.url }} http: paths: - path: / pathType: Prefix backend: service: - name: {{ include "brokencrystals.fullname" . }}-nodejs + name: {{ .Release.Name }} port: - number: 3000 + number: 80 --- apiVersion: networking.k8s.io/v1 @@ -54,6 +54,6 @@ spec: pathType: Prefix backend: service: - name: {{ include "brokencrystals.fullname" . }}-keycloak + name: {{ .Release.Name }}-keycloak-keycloak port: - number: 8080 \ No newline at end of file + number: 8080 diff --git a/charts/brokencrystals-experimental/templates/keycloak-deployment.yaml b/charts/brokencrystals-experimental/templates/keycloak-deployment.yaml deleted file mode 100644 index 5d90c6ce..00000000 --- a/charts/brokencrystals-experimental/templates/keycloak-deployment.yaml +++ /dev/null @@ -1,79 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "brokencrystals.fullname" . }}-keycloak - namespace: {{ .Release.Namespace }} - labels: - app: {{ include "brokencrystals.fullname" . }}-keycloak -spec: - selector: - matchLabels: - app: {{ include "brokencrystals.fullname" . }}-keycloak - template: - metadata: - labels: - app: {{ include "brokencrystals.fullname" . }}-keycloak - spec: - containers: - - name: {{ include "brokencrystals.fullname" . }}-keycloak - image: jboss/keycloak:latest - resources: - requests: - cpu: 100m - memory: 500Mi - livenessProbe: - httpGet: - path: / - port: 8080 - scheme: HTTP - initialDelaySeconds: 120 - periodSeconds: 30 - - env: - - name: DB_VENDOR - value: "POSTGRES" - - name: DB_ADDR - value: "{{ include "brokencrystals.fullname" . }}-postgres" - - name: DB_DATABASE - value: "keycloak" - - name: DB_SCHEMA - value: "public" - - name: DB_PASSWORD - value: "password" - - name: KEYCLOAK_USER - value: "admin" - - name: KEYCLOAK_PASSWORD - value: "Pa55w0rd" - - name: KEYCLOAK_IMPORT - value: "/opt/jboss/keycloak/imports/realm-export.json -Dkeycloak.profile.feature.upload_scripts=enabled" - - name: PROXY_ADDRESS_FORWARDING - value: "true" - - name: KEYCLOAK_FRONTEND_URL - value: "https://auth{{ .Values.ingress.authlevel }}{{ .Values.ingress.url }}/auth/" - - volumeMounts: - - name: {{ include "brokencrystals.fullname" . }}-keycloak - mountPath: /opt/jboss/keycloak/imports/realm-export.json - subPath: realm-export.json - readOnly: true - - volumes: - - name: {{ include "brokencrystals.fullname" . }}-keycloak - configMap: - name: {{ include "brokencrystals.fullname" . }}-keycloak ---- -kind: Service -apiVersion: v1 -metadata: - name: {{ include "brokencrystals.fullname" . }}-keycloak - namespace: {{ .Release.Namespace }} -spec: - selector: - app: {{ include "brokencrystals.fullname" . }}-keycloak - ports: - - name: http - port: 8080 - protocol: TCP - targetPort: 8080 - diff --git a/charts/brokencrystals-experimental/templates/keycloak-postgres-deployment.yaml b/charts/brokencrystals-experimental/templates/keycloak-postgres-deployment.yaml index 5c6af70a..53a8455e 100644 --- a/charts/brokencrystals-experimental/templates/keycloak-postgres-deployment.yaml +++ b/charts/brokencrystals-experimental/templates/keycloak-postgres-deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "brokencrystals.fullname" . }}-keycloak-postgres + name: {{ .Release.Name }}-keycloak-postgres namespace: {{ .Release.Namespace }} labels: app: {{ include "brokencrystals.fullname" . }}-keycloak-postgres @@ -40,7 +40,7 @@ spec: kind: Service apiVersion: v1 metadata: - name: {{ include "brokencrystals.fullname" . }}-postgres + name: {{ include "brokencrystals.fullname" . }}-keycloak-postgres namespace: {{ .Release.Namespace }} spec: selector: diff --git a/charts/brokencrystals-experimental/templates/service.yaml b/charts/brokencrystals-experimental/templates/service.yaml new file mode 100644 index 00000000..31dbe8ec --- /dev/null +++ b/charts/brokencrystals-experimental/templates/service.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }} +spec: + selector: + app: {{ .Release.Name }} + ports: + - protocol: TCP + port: 80 + targetPort: 80 + +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }}-keycloak +spec: + selector: + app: {{ .Release.Name }} + ports: + - protocol: TCP + port: 8080 + targetPort: 8080 + \ No newline at end of file diff --git a/charts/brokencrystals-experimental/values.yaml b/charts/brokencrystals-experimental/values.yaml index 9239c6c5..3b879e65 100644 --- a/charts/brokencrystals-experimental/values.yaml +++ b/charts/brokencrystals-experimental/values.yaml @@ -4,3 +4,4 @@ ingress: authlevel: "." images: main: experimental + client: latest