Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug report: RSA Key Pair Generation when deployed via container to kubernetes #1969

Open
nuvious opened this issue Jan 24, 2025 · 0 comments
Open

Bug report: RSA Key Pair Generation when deployed via container to kubernetes #1969

nuvious opened this issue Jan 24, 2025 · 0 comments
Labels
bug

Comments

@nuvious
Copy link

nuvious commented Jan 24, 2025
edited
Loading

Describe the bug
When attempting to generate RSA key pairs when deployed in kubernetes with an ingress, receive the following error:

Generate RSA Key Pair - Worker constructor: Failed to load worker script at "assets/forge/prime.worker.min.js"

To Reproduce

Deploy cyberchef using kubernetes with the following configuration:

# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: cyberchef-deployment
spec:
  replicas: 1
  selector:
    matchLabels:
      app: cyberchef
  template:
    metadata:
      labels:
        app: cyberchef
    spec:
      containers:
      - name: cyberchef
        image: ghcr.io/gchq/cyberchef:10.19.4
        ports:
        - containerPort: 80

# ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: cyberchef-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
  - host: cyberchef.bearden.local
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: cyberchef-service
            port:
              number: 80

# namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
  creationTimestamp: null
  name: cyberchef
spec: {}
status: {}

# service.yaml
---
apiVersion: v1
kind: Service
metadata:
  name: cyberchef-service
spec:
  selector:
    app: cyberchef
  ports:
    - protocol: TCP
      port: 80
      targetPort: 80

# kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: cyberchef
resources:
  - namespace.yaml
  - deployment.yaml
  - ingress.yaml
  - service.yaml

Navigate to ingress domain (cyberchef.bearden.local in this example) and try to use RSA key-pair generation.

Expected behaviour

Generates an RSA key-pair. The same container run through docker functions.

Screenshots

Image

Desktop (if relevant, please complete the following information):

  • OS: Debian 12 with MicroK8s v1.31.4 revision 7514
  • Browser: Chrome/Firefox (same browser used when ruling out docker based deployment)
  • CyberChef version: 10.19.4

Additional context

This seems to be an issue with the ingress functionality in kubernetes. Ingress logs seem to show a successful 200 response code for the prime.worker.min.js asset:

192.168.11.249 - - [24/Jan/2025:04:56:20 +0000] "GET / HTTP/1.1" 200 77361 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0" 260 0.002 [cyberchef-cyberchef-service-80] [] 10.1.96.238:80 77361 0.002 200 e45f3a0e8c7d0962686ecf52c6a4ad21
192.168.11.249 - - [24/Jan/2025:05:00:22 +0000] "GET /assets HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0" 379 0.002 [cyberchef-cyberchef-service-80] [] 10.1.96.238:80 169 0.002 301 79ea4fc791fb79c30fd6a8f324a7e1d5
192.168.11.249 - - [24/Jan/2025:05:00:22 +0000] "GET /assets/ HTTP/1.1" 403 153 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0" 380 0.001 [cyberchef-cyberchef-service-80] [] 10.1.96.238:80 153 0.001 403 693bd7b0a302929217b306f8292f360a
192.168.11.249 - - [24/Jan/2025:05:00:22 +0000] "GET /favicon.ico HTTP/1.1" 404 153 "http://cyberchef.bearden.local/assets/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0" 406 0.001 [cyberchef-cyberchef-service-80] [] 10.1.96.238:80 153 0.001 404 cfc4a30e71419e2405d50e7e23e4735e
192.168.11.249 - - [24/Jan/2025:05:00:36 +0000] "GET /assets/forge/prime.worker.min.js HTTP/1.1" 200 21005 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0" 405 0.001 [cyberchef-cyberchef-service-80] [] 10.1.96.238:80 21005 0.001 200 0d880b4c3b102444884c21952f01f15b
192.168.11.249 - - [24/Jan/2025:05:08:38 +0000] "GET /assets/main.js HTTP/1.1" 200 12150517 "http://cyberchef.bearden.local/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0" 321 0.188 [cyberchef-cyberchef-service-80] [] 10.1.96.238:80 12150517 0.188 200 f5da87499793e9a1fb9efe0bfec1428a

My guess is it's how it's referenced in a link somewhere, but with the 200 response code I'm stumped still. Going to try to find the root cause on my end because I need to deploy this to kubernetes for this deployment context and had a customer run into this issue while doing some training. Using openssl on the command line as a workaround but this bug may manifest in different functions potentially.
@nuvious nuvious added the bug label Jan 24, 2025
@nuvious nuvious changed the title Bug report: <Insert title here> Bug report: RSA Key Pair Generation when deployed via container to kubernetes Jan 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nuvious