From 963585ea0a159b42bb43f4daacb602cff2ce1275 Mon Sep 17 00:00:00 2001 From: Robert Seedorff Date: Fri, 26 Jun 2020 20:21:21 +0200 Subject: [PATCH] Added helm charts for some more demo/testing apps. --- README.md | 4 ++ demo-apps/README.md | 3 + demo-apps/bodgeit/.helmignore | 22 ++++++ demo-apps/bodgeit/Chart.yaml | 19 ++++++ demo-apps/bodgeit/questions.yml | 4 ++ demo-apps/bodgeit/templates/NOTES.txt | 21 ++++++ demo-apps/bodgeit/templates/_helpers.tpl | 63 +++++++++++++++++ demo-apps/bodgeit/templates/deployment.yaml | 54 +++++++++++++++ demo-apps/bodgeit/templates/ingress.yaml | 41 +++++++++++ demo-apps/bodgeit/templates/service.yaml | 15 ++++ .../templates/tests/test-connection.yaml | 15 ++++ demo-apps/bodgeit/values.yaml | 59 ++++++++++++++++ demo-apps/juice-shop/.helmignore | 22 ++++++ demo-apps/juice-shop/Chart.yaml | 26 +++++++ demo-apps/juice-shop/questions.yml | 4 ++ demo-apps/juice-shop/templates/NOTES.txt | 20 ++++++ demo-apps/juice-shop/templates/_helpers.tpl | 52 ++++++++++++++ .../juice-shop/templates/deployment.yaml | 54 +++++++++++++++ demo-apps/juice-shop/templates/ingress.yaml | 41 +++++++++++ demo-apps/juice-shop/templates/service.yaml | 15 ++++ .../templates/tests/test-connection.yaml | 15 ++++ demo-apps/juice-shop/values.yaml | 59 ++++++++++++++++ demo-apps/old-wordpress/.helmignore | 22 ++++++ demo-apps/old-wordpress/Chart.yaml | 17 +++++ demo-apps/old-wordpress/questions.yml | 4 ++ demo-apps/old-wordpress/templates/NOTES.txt | 4 ++ .../old-wordpress/templates/_helpers.tpl | 52 ++++++++++++++ .../old-wordpress/templates/deployment.yaml | 54 +++++++++++++++ .../old-wordpress/templates/service.yaml | 15 ++++ .../templates/tests/test-connection.yaml | 15 ++++ demo-apps/old-wordpress/values.yaml | 46 +++++++++++++ demo-apps/swagger-petstore/.helmignore | 22 ++++++ demo-apps/swagger-petstore/Chart.yaml | 17 +++++ demo-apps/swagger-petstore/questions.yml | 3 + .../swagger-petstore/templates/NOTES.txt | 21 ++++++ .../swagger-petstore/templates/_helpers.tpl | 52 ++++++++++++++ .../templates/deployment.yaml | 68 +++++++++++++++++++ .../swagger-petstore/templates/ingress.yaml | 41 +++++++++++ .../swagger-petstore/templates/service.yaml | 15 ++++ .../templates/tests/test-connection.yaml | 15 ++++ demo-apps/swagger-petstore/values.yaml | 62 +++++++++++++++++ 41 files changed, 1173 insertions(+) create mode 100644 demo-apps/README.md create mode 100644 demo-apps/bodgeit/.helmignore create mode 100644 demo-apps/bodgeit/Chart.yaml create mode 100644 demo-apps/bodgeit/questions.yml create mode 100644 demo-apps/bodgeit/templates/NOTES.txt create mode 100644 demo-apps/bodgeit/templates/_helpers.tpl create mode 100644 demo-apps/bodgeit/templates/deployment.yaml create mode 100644 demo-apps/bodgeit/templates/ingress.yaml create mode 100644 demo-apps/bodgeit/templates/service.yaml create mode 100644 demo-apps/bodgeit/templates/tests/test-connection.yaml create mode 100644 demo-apps/bodgeit/values.yaml create mode 100644 demo-apps/juice-shop/.helmignore create mode 100644 demo-apps/juice-shop/Chart.yaml create mode 100644 demo-apps/juice-shop/questions.yml create mode 100644 demo-apps/juice-shop/templates/NOTES.txt create mode 100644 demo-apps/juice-shop/templates/_helpers.tpl create mode 100644 demo-apps/juice-shop/templates/deployment.yaml create mode 100644 demo-apps/juice-shop/templates/ingress.yaml create mode 100644 demo-apps/juice-shop/templates/service.yaml create mode 100644 demo-apps/juice-shop/templates/tests/test-connection.yaml create mode 100644 demo-apps/juice-shop/values.yaml create mode 100644 demo-apps/old-wordpress/.helmignore create mode 100644 demo-apps/old-wordpress/Chart.yaml create mode 100644 demo-apps/old-wordpress/questions.yml create mode 100644 demo-apps/old-wordpress/templates/NOTES.txt create mode 100644 demo-apps/old-wordpress/templates/_helpers.tpl create mode 100644 demo-apps/old-wordpress/templates/deployment.yaml create mode 100644 demo-apps/old-wordpress/templates/service.yaml create mode 100644 demo-apps/old-wordpress/templates/tests/test-connection.yaml create mode 100644 demo-apps/old-wordpress/values.yaml create mode 100644 demo-apps/swagger-petstore/.helmignore create mode 100644 demo-apps/swagger-petstore/Chart.yaml create mode 100644 demo-apps/swagger-petstore/questions.yml create mode 100644 demo-apps/swagger-petstore/templates/NOTES.txt create mode 100644 demo-apps/swagger-petstore/templates/_helpers.tpl create mode 100644 demo-apps/swagger-petstore/templates/deployment.yaml create mode 100644 demo-apps/swagger-petstore/templates/ingress.yaml create mode 100644 demo-apps/swagger-petstore/templates/service.yaml create mode 100644 demo-apps/swagger-petstore/templates/tests/test-connection.yaml create mode 100644 demo-apps/swagger-petstore/values.yaml diff --git a/README.md b/README.md index 8a3bbe19..bf31bbe5 100644 --- a/README.md +++ b/README.md @@ -100,6 +100,10 @@ Optional deploy some demo apps for scanning: ```bash helm upgrade --install dummy-ssh ./demo-apps/dummy-ssh/ +helm upgrade --install bodgeit ./demo-apps/bodgeit/ +helm upgrade --install juice-shop ./demo-apps/juice-shop/ +helm upgrade --install old-wordpress ./demo-apps/old-wordpress/ +helm upgrade --install swagger-petstore ./demo-apps/swagger-petstore/ ``` Deploy secureCodeBox Hooks: diff --git a/demo-apps/README.md b/demo-apps/README.md new file mode 100644 index 00000000..ebecbffb --- /dev/null +++ b/demo-apps/README.md @@ -0,0 +1,3 @@ +# Demo Apps +This folder contains a list of demo apps like vulnerable applications or services. +These can be used to demonstrate or test the secureCodeBox capabilities. \ No newline at end of file diff --git a/demo-apps/bodgeit/.helmignore b/demo-apps/bodgeit/.helmignore new file mode 100644 index 00000000..50af0317 --- /dev/null +++ b/demo-apps/bodgeit/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/demo-apps/bodgeit/Chart.yaml b/demo-apps/bodgeit/Chart.yaml new file mode 100644 index 00000000..b31df8ec --- /dev/null +++ b/demo-apps/bodgeit/Chart.yaml @@ -0,0 +1,19 @@ +apiVersion: v2 +version: 0.1.0 +type: application +appVersion: "latest" +name: bodgeit +description: "The BodgeIt Store is a vulnerable web app which is aimed at people who are new to pen testing" +home: https://github.com/psiinon/bodgeit +icon: https://scb-art.j12934.now.sh/bodgeit.png +keywords: +- vulnerable +- webapp +- demo +sources: +- https://github.com/secureCodeBox/helm +- https://github.com/psiinon/bodgeit +maintainers: +- name: iteratec GmbH + email: security@iteratec.com + diff --git a/demo-apps/bodgeit/questions.yml b/demo-apps/bodgeit/questions.yml new file mode 100644 index 00000000..6e7726bf --- /dev/null +++ b/demo-apps/bodgeit/questions.yml @@ -0,0 +1,4 @@ +categories: + - "Vulnerable App" + - "Demo Scan Target" +questions: [] diff --git a/demo-apps/bodgeit/templates/NOTES.txt b/demo-apps/bodgeit/templates/NOTES.txt new file mode 100644 index 00000000..0c4f52e2 --- /dev/null +++ b/demo-apps/bodgeit/templates/NOTES.txt @@ -0,0 +1,21 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "bodgeit.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "bodgeit.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "bodgeit.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "bodgeit.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80 +{{- end }} diff --git a/demo-apps/bodgeit/templates/_helpers.tpl b/demo-apps/bodgeit/templates/_helpers.tpl new file mode 100644 index 00000000..79e80c43 --- /dev/null +++ b/demo-apps/bodgeit/templates/_helpers.tpl @@ -0,0 +1,63 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "bodgeit.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "bodgeit.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "bodgeit.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "bodgeit.labels" -}} +helm.sh/chart: {{ include "bodgeit.chart" . }} +{{ include "bodgeit.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "bodgeit.selectorLabels" -}} +app.kubernetes.io/name: {{ include "bodgeit.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "bodgeit.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "bodgeit.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/demo-apps/bodgeit/templates/deployment.yaml b/demo-apps/bodgeit/templates/deployment.yaml new file mode 100644 index 00000000..4e81155a --- /dev/null +++ b/demo-apps/bodgeit/templates/deployment.yaml @@ -0,0 +1,54 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "bodgeit.fullname" . }} + labels: + {{- include "bodgeit.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "bodgeit.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "bodgeit.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: 8080 + protocol: TCP + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/demo-apps/bodgeit/templates/ingress.yaml b/demo-apps/bodgeit/templates/ingress.yaml new file mode 100644 index 00000000..49ef9de1 --- /dev/null +++ b/demo-apps/bodgeit/templates/ingress.yaml @@ -0,0 +1,41 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "bodgeit.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "bodgeit.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ . }} + backend: + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} +{{- end }} diff --git a/demo-apps/bodgeit/templates/service.yaml b/demo-apps/bodgeit/templates/service.yaml new file mode 100644 index 00000000..7d7a39c4 --- /dev/null +++ b/demo-apps/bodgeit/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "bodgeit.fullname" . }} + labels: + {{- include "bodgeit.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "bodgeit.selectorLabels" . | nindent 4 }} diff --git a/demo-apps/bodgeit/templates/tests/test-connection.yaml b/demo-apps/bodgeit/templates/tests/test-connection.yaml new file mode 100644 index 00000000..13577f8a --- /dev/null +++ b/demo-apps/bodgeit/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "bodgeit.fullname" . }}-test-connection" + labels: +{{ include "bodgeit.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test-success +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "bodgeit.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/demo-apps/bodgeit/values.yaml b/demo-apps/bodgeit/values.yaml new file mode 100644 index 00000000..8125fa71 --- /dev/null +++ b/demo-apps/bodgeit/values.yaml @@ -0,0 +1,59 @@ +# Default values for bodgeit. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: psiinon/bodgeit + pullPolicy: IfNotPresent + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 8080 + +ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: [] + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/demo-apps/juice-shop/.helmignore b/demo-apps/juice-shop/.helmignore new file mode 100644 index 00000000..50af0317 --- /dev/null +++ b/demo-apps/juice-shop/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/demo-apps/juice-shop/Chart.yaml b/demo-apps/juice-shop/Chart.yaml new file mode 100644 index 00000000..eb4e4e89 --- /dev/null +++ b/demo-apps/juice-shop/Chart.yaml @@ -0,0 +1,26 @@ +apiVersion: v2 +version: 0.1.0 +appVersion: "v10.0.0" +name: juice-shop +description: "OWASP Juice Shop: Probably the most modern and sophisticated insecure web application" +type: application +home: https://owasp.org/www-project-juice-shop/ +icon: https://raw.githubusercontent.com/bkimminich/juice-shop/bdbcc0ea4484a2dd6b8ca243daa34c882129cdd4/frontend/src/assets/public/images/JuiceShop_Logo_400px.png +keywords: +- owasp +- javascript +- vulnerable +- hacking +- application-security +- owasp-top-10 +- owasp-top-ten +- pentesting +- vulnapp +- appsec +- ctf +sources: +- https://github.com/secureCodeBox/helm +- https://github.com/bkimminich/juice-shop +maintainers: +- name: iteratec GmbH + email: security@iteratec.com diff --git a/demo-apps/juice-shop/questions.yml b/demo-apps/juice-shop/questions.yml new file mode 100644 index 00000000..6e7726bf --- /dev/null +++ b/demo-apps/juice-shop/questions.yml @@ -0,0 +1,4 @@ +categories: + - "Vulnerable App" + - "Demo Scan Target" +questions: [] diff --git a/demo-apps/juice-shop/templates/NOTES.txt b/demo-apps/juice-shop/templates/NOTES.txt new file mode 100644 index 00000000..3b981ef0 --- /dev/null +++ b/demo-apps/juice-shop/templates/NOTES.txt @@ -0,0 +1,20 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "juice-shop.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "juice-shop.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "juice-shop.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + echo "Visit http://127.0.0.1:3000 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward service/{{ include "juice-shop.fullname" . }} {{ .Values.service.port }}:3000 +{{- end }} diff --git a/demo-apps/juice-shop/templates/_helpers.tpl b/demo-apps/juice-shop/templates/_helpers.tpl new file mode 100644 index 00000000..44382bbf --- /dev/null +++ b/demo-apps/juice-shop/templates/_helpers.tpl @@ -0,0 +1,52 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "juice-shop.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "juice-shop.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "juice-shop.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "juice-shop.labels" -}} +helm.sh/chart: {{ include "juice-shop.chart" . }} +{{ include "juice-shop.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "juice-shop.selectorLabels" -}} +app.kubernetes.io/name: {{ include "juice-shop.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} diff --git a/demo-apps/juice-shop/templates/deployment.yaml b/demo-apps/juice-shop/templates/deployment.yaml new file mode 100644 index 00000000..8f4ff55a --- /dev/null +++ b/demo-apps/juice-shop/templates/deployment.yaml @@ -0,0 +1,54 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "juice-shop.fullname" . }} + labels: + {{- include "juice-shop.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "juice-shop.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "juice-shop.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: 3000 + protocol: TCP + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/demo-apps/juice-shop/templates/ingress.yaml b/demo-apps/juice-shop/templates/ingress.yaml new file mode 100644 index 00000000..23c7cc37 --- /dev/null +++ b/demo-apps/juice-shop/templates/ingress.yaml @@ -0,0 +1,41 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "juice-shop.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "juice-shop.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ . }} + backend: + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} +{{- end }} diff --git a/demo-apps/juice-shop/templates/service.yaml b/demo-apps/juice-shop/templates/service.yaml new file mode 100644 index 00000000..a11b0c3c --- /dev/null +++ b/demo-apps/juice-shop/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "juice-shop.fullname" . }} + labels: + {{- include "juice-shop.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "juice-shop.selectorLabels" . | nindent 4 }} diff --git a/demo-apps/juice-shop/templates/tests/test-connection.yaml b/demo-apps/juice-shop/templates/tests/test-connection.yaml new file mode 100644 index 00000000..e7a69ef1 --- /dev/null +++ b/demo-apps/juice-shop/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "juice-shop.fullname" . }}-test-connection" + labels: +{{ include "juice-shop.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test-success +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "juice-shop.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/demo-apps/juice-shop/values.yaml b/demo-apps/juice-shop/values.yaml new file mode 100644 index 00000000..f2bd20d5 --- /dev/null +++ b/demo-apps/juice-shop/values.yaml @@ -0,0 +1,59 @@ +# Default values for juice-shop. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: bkimminich/juice-shop + pullPolicy: IfNotPresent + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 3000 + +ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: [] + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/demo-apps/old-wordpress/.helmignore b/demo-apps/old-wordpress/.helmignore new file mode 100644 index 00000000..50af0317 --- /dev/null +++ b/demo-apps/old-wordpress/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/demo-apps/old-wordpress/Chart.yaml b/demo-apps/old-wordpress/Chart.yaml new file mode 100644 index 00000000..d797deb9 --- /dev/null +++ b/demo-apps/old-wordpress/Chart.yaml @@ -0,0 +1,17 @@ +apiVersion: v2 +version: 0.1.0 +appVersion: "4.0" +name: old-wordpress +description: "Insecure & Outdated Wordpress Instance: Never expose it to the internet!" +type: application +home: https://wordpress.org +icon: https://s.w.org/style/images/about/WordPress-logotype-alternative.png +keywords: +- vulnerable +- wordpress +sources: +- https://github.com/secureCodeBox/helm +- https://github.com/secureCodeBox/secureCodeBox/tree/master/demo/old-wordpress +maintainers: +- name: iteratec GmbH + email: security@iteratec.com diff --git a/demo-apps/old-wordpress/questions.yml b/demo-apps/old-wordpress/questions.yml new file mode 100644 index 00000000..6e7726bf --- /dev/null +++ b/demo-apps/old-wordpress/questions.yml @@ -0,0 +1,4 @@ +categories: + - "Vulnerable App" + - "Demo Scan Target" +questions: [] diff --git a/demo-apps/old-wordpress/templates/NOTES.txt b/demo-apps/old-wordpress/templates/NOTES.txt new file mode 100644 index 00000000..522c70e0 --- /dev/null +++ b/demo-apps/old-wordpress/templates/NOTES.txt @@ -0,0 +1,4 @@ +Old Wordpress Instance deployed. + +Note this should used for demo and test purposes. +Do not expose this to the Internet! \ No newline at end of file diff --git a/demo-apps/old-wordpress/templates/_helpers.tpl b/demo-apps/old-wordpress/templates/_helpers.tpl new file mode 100644 index 00000000..f119fd14 --- /dev/null +++ b/demo-apps/old-wordpress/templates/_helpers.tpl @@ -0,0 +1,52 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "old-wordpress.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "old-wordpress.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "old-wordpress.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "old-wordpress.labels" -}} +helm.sh/chart: {{ include "old-wordpress.chart" . }} +{{ include "old-wordpress.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "old-wordpress.selectorLabels" -}} +app.kubernetes.io/name: {{ include "old-wordpress.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} diff --git a/demo-apps/old-wordpress/templates/deployment.yaml b/demo-apps/old-wordpress/templates/deployment.yaml new file mode 100644 index 00000000..ef9cd93b --- /dev/null +++ b/demo-apps/old-wordpress/templates/deployment.yaml @@ -0,0 +1,54 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "old-wordpress.fullname" . }} + labels: + {{- include "old-wordpress.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "old-wordpress.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "old-wordpress.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: 80 + protocol: TCP + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/demo-apps/old-wordpress/templates/service.yaml b/demo-apps/old-wordpress/templates/service.yaml new file mode 100644 index 00000000..aa3a7837 --- /dev/null +++ b/demo-apps/old-wordpress/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "old-wordpress.fullname" . }} + labels: + {{- include "old-wordpress.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "old-wordpress.selectorLabels" . | nindent 4 }} diff --git a/demo-apps/old-wordpress/templates/tests/test-connection.yaml b/demo-apps/old-wordpress/templates/tests/test-connection.yaml new file mode 100644 index 00000000..6bb82087 --- /dev/null +++ b/demo-apps/old-wordpress/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "old-wordpress.fullname" . }}-test-connection" + labels: +{{ include "old-wordpress.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test-success +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "old-wordpress.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/demo-apps/old-wordpress/values.yaml b/demo-apps/old-wordpress/values.yaml new file mode 100644 index 00000000..140522f9 --- /dev/null +++ b/demo-apps/old-wordpress/values.yaml @@ -0,0 +1,46 @@ +# Default values for old-wordpress. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: securecodebox/old-wordpress + pullPolicy: IfNotPresent + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 80 + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/demo-apps/swagger-petstore/.helmignore b/demo-apps/swagger-petstore/.helmignore new file mode 100644 index 00000000..50af0317 --- /dev/null +++ b/demo-apps/swagger-petstore/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/demo-apps/swagger-petstore/Chart.yaml b/demo-apps/swagger-petstore/Chart.yaml new file mode 100644 index 00000000..d8fdc799 --- /dev/null +++ b/demo-apps/swagger-petstore/Chart.yaml @@ -0,0 +1,17 @@ +apiVersion: v2 +version: 0.1.0 +appVersion: "1.0.3" +name: swagger-petstore +description: "This is the sample petstore application" +type: application +home: https://github.com/swagger-api/swagger-petstore +icon: https://static1.smartbear.co/swagger/media/assets/images/swagger_logo.svg +keywords: +- swagger +- openapi +sources: +- https://github.com/secureCodeBox/helm +- https://github.com/swagger-api/swagger-petstore +maintainers: +- name: iteratec GmbH + email: security@iteratec.com diff --git a/demo-apps/swagger-petstore/questions.yml b/demo-apps/swagger-petstore/questions.yml new file mode 100644 index 00000000..938a2b60 --- /dev/null +++ b/demo-apps/swagger-petstore/questions.yml @@ -0,0 +1,3 @@ +categories: + - "Demo Scan Target" +questions: [] diff --git a/demo-apps/swagger-petstore/templates/NOTES.txt b/demo-apps/swagger-petstore/templates/NOTES.txt new file mode 100644 index 00000000..f43b7cf9 --- /dev/null +++ b/demo-apps/swagger-petstore/templates/NOTES.txt @@ -0,0 +1,21 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "swagger-petstore.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "swagger-petstore.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "swagger-petstore.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "swagger-petstore.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80 +{{- end }} diff --git a/demo-apps/swagger-petstore/templates/_helpers.tpl b/demo-apps/swagger-petstore/templates/_helpers.tpl new file mode 100644 index 00000000..95cc32b4 --- /dev/null +++ b/demo-apps/swagger-petstore/templates/_helpers.tpl @@ -0,0 +1,52 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "swagger-petstore.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "swagger-petstore.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "swagger-petstore.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "swagger-petstore.labels" -}} +helm.sh/chart: {{ include "swagger-petstore.chart" . }} +{{ include "swagger-petstore.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "swagger-petstore.selectorLabels" -}} +app.kubernetes.io/name: {{ include "swagger-petstore.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} diff --git a/demo-apps/swagger-petstore/templates/deployment.yaml b/demo-apps/swagger-petstore/templates/deployment.yaml new file mode 100644 index 00000000..c2a8c5b1 --- /dev/null +++ b/demo-apps/swagger-petstore/templates/deployment.yaml @@ -0,0 +1,68 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "swagger-petstore.fullname" . }} + labels: + {{- include "swagger-petstore.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "swagger-petstore.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "swagger-petstore.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: SWAGGER_BASE_PATH + value: "/v2" + {{- if .Values.swaggerHostOverride }} + - name: SWAGGER_HOST + value: {{ .Values.swaggerHostOverride | quote }} + - name: SWAGGER_URL + value: {{ .Values.swaggerHostOverride | quote }} + {{- else }} + - name: SWAGGER_HOST + value: "http://{{ include "swagger-petstore.fullname" . }}.{{.Release.Namespace}}.svc" + - name: SWAGGER_URL + value: "http://{{ include "swagger-petstore.fullname" . }}.{{.Release.Namespace}}.svc" + {{- end }} + ports: + - name: http + containerPort: 8080 + protocol: TCP + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/demo-apps/swagger-petstore/templates/ingress.yaml b/demo-apps/swagger-petstore/templates/ingress.yaml new file mode 100644 index 00000000..8d9362b7 --- /dev/null +++ b/demo-apps/swagger-petstore/templates/ingress.yaml @@ -0,0 +1,41 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "swagger-petstore.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "swagger-petstore.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ . }} + backend: + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} +{{- end }} diff --git a/demo-apps/swagger-petstore/templates/service.yaml b/demo-apps/swagger-petstore/templates/service.yaml new file mode 100644 index 00000000..0881ce73 --- /dev/null +++ b/demo-apps/swagger-petstore/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "swagger-petstore.fullname" . }} + labels: + {{- include "swagger-petstore.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "swagger-petstore.selectorLabels" . | nindent 4 }} diff --git a/demo-apps/swagger-petstore/templates/tests/test-connection.yaml b/demo-apps/swagger-petstore/templates/tests/test-connection.yaml new file mode 100644 index 00000000..9b1377b2 --- /dev/null +++ b/demo-apps/swagger-petstore/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "swagger-petstore.fullname" . }}-test-connection" + labels: +{{ include "swagger-petstore.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test-success +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "swagger-petstore.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/demo-apps/swagger-petstore/values.yaml b/demo-apps/swagger-petstore/values.yaml new file mode 100644 index 00000000..1a35a3ff --- /dev/null +++ b/demo-apps/swagger-petstore/values.yaml @@ -0,0 +1,62 @@ +# Default values for swagger-petstore. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: swaggerapi/petstore + pullPolicy: IfNotPresent + +# If you want to expose the petstore under a url different to the default service name address use the override to specify a the full host with protocol +swaggerHostOverride: "https://petstore.example.com" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 80 + +ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: [] + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {}