First commit

helm/templates/NOTES.txt

@@ -0,0 +1,60 @@
+▄▄▄   ▄▄▄ ▄▄▄▄▄▄▄     ▄▄▄▄   ▄▄▄▄  ▄▄▄  ▄▄▄▄ ▄▄▄      
+███ ▄███▀ ███▀▀███▄ ▄██▀▀██▄ ▀███  ███  ███▀ ███      
+███████   ███▄▄███▀ ███  ███  ███  ███  ███  ███      
+███▀███▄  ███▀▀██▄  ███▀▀███  ███▄▄███▄▄███  ███      
+███  ▀███ ███  ▀███ ███  ███   ▀████▀████▀   ████████ 
+              |                                                 
+              | 
+              | 
+              | 
+              | 
+           ||   ||
+           \\(_)//
+          //(___)\\
+          ||     ||
+
+WARNING: This is a deception/honeypot service. Monitor access logs for security events.
+
+For more information, visit: https://github.com/blessedrebus/deception
+
+Your deception honeypot server has been deployed successfully.
+
+{{- if .Values.service.type }}
+
+Service Type: {{ .Values.service.type }}
+{{- if eq .Values.service.type "LoadBalancer" }}
+
+To get the LoadBalancer IP address, run:
+  kubectl get svc {{ include "krawl.fullname" . }} -n {{ .Release.Namespace }}
+
+Once the EXTERNAL-IP is assigned, access your deception server at:
+  http://<EXTERNAL-IP>:{{ .Values.service.port }}
+{{- else if eq .Values.service.type "NodePort" }}
+
+To get the NodePort, run:
+  export NODE_PORT=$(kubectl get svc {{ include "krawl.fullname" . }} -n {{ .Release.Namespace }} -o jsonpath='{.spec.ports[0].nodePort}')
+  export NODE_IP=$(kubectl get nodes -o jsonpath='{.items[0].status.addresses[0].address}')
+  echo "Access at: http://$NODE_IP:$NODE_PORT"
+{{- else if eq .Values.service.type "ClusterIP" }}
+
+To access the service from your local machine:
+  kubectl port-forward svc/{{ include "krawl.fullname" . }} {{ .Values.service.port }}:{{ .Values.service.port }} -n {{ .Release.Namespace }}
+
+Then access at: http://localhost:{{ .Values.service.port }}
+{{- end }}
+{{- end }}
+
+Dashboard Access:
+  To retrieve the dashboard path, run:
+    kubectl get secret {{ include "krawl.fullname" . }} -n {{ .Release.Namespace }} -o jsonpath='{.data.dashboard-path}' | base64 -d && echo
+  
+  Then access the dashboard at:
+    http://<EXTERNAL-IP>:{{ .Values.service.port }}/<dashboard-path>
+
+{{- if .Values.ingress.enabled }}
+
+Ingress is ENABLED. Your service will be available at:
+{{- range .Values.ingress.hosts }}
+  - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .host }}
+{{- end }}
+{{- end }}

helm/templates/_helpers.tpl

@@ -0,0 +1,60 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "krawl.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+*/}}
+{{- define "krawl.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "krawl.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "krawl.labels" -}}
+helm.sh/chart: {{ include "krawl.chart" . }}
+{{ include "krawl.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "krawl.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "krawl.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "krawl.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "krawl.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

helm/templates/configmap.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "krawl.fullname" . }}-config
+  labels:
+    {{- include "krawl.labels" . | nindent 4 }}
+data:
+  PORT: {{ .Values.config.port | quote }}
+  DELAY: {{ .Values.config.delay | quote }}
+  LINKS_MIN_LENGTH: {{ .Values.config.linksMinLength | quote }}
+  LINKS_MAX_LENGTH: {{ .Values.config.linksMaxLength | quote }}
+  LINKS_MIN_PER_PAGE: {{ .Values.config.linksMinPerPage | quote }}
+  LINKS_MAX_PER_PAGE: {{ .Values.config.linksMaxPerPage | quote }}
+  MAX_COUNTER: {{ .Values.config.maxCounter | quote }}
+  CANARY_TOKEN_TRIES: {{ .Values.config.canaryTokenTries | quote }}
+  PROBABILITY_ERROR_CODES: {{ .Values.config.probabilityErrorCodes | quote }}
+  CANARY_TOKEN_URL: {{ .Values.config.canaryTokenUrl | quote }}

helm/templates/deployment.yaml

@@ -0,0 +1,84 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "krawl.fullname" . }}
+  labels:
+    {{- include "krawl.labels" . | nindent 4 }}
+spec:
+  {{- if not .Values.autoscaling.enabled }}
+  replicas: {{ .Values.replicaCount }}
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- include "krawl.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "krawl.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.podSecurityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+      - name: {{ .Chart.Name }}
+        {{- with .Values.securityContext }}
+        securityContext:
+          {{- toYaml . | nindent 12 }}
+        {{- end }}
+        image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        ports:
+        - name: http
+          containerPort: {{ .Values.config.port }}
+          protocol: TCP
+        envFrom:
+        - configMapRef:
+            name: {{ include "krawl.fullname" . }}-config
+        env:
+        - name: DASHBOARD_SECRET_PATH
+          valueFrom:
+            secretKeyRef:
+              name: {{ include "krawl.fullname" . }}
+              key: dashboard-path
+        volumeMounts:
+        - name: wordlists
+          mountPath: /app/wordlists.json
+          subPath: wordlists.json
+          readOnly: true
+        {{- with .Values.livenessProbe }}
+        livenessProbe:
+          {{- toYaml . | nindent 12 }}
+        {{- end }}
+        {{- with .Values.readinessProbe }}
+        readinessProbe:
+          {{- toYaml . | nindent 12 }}
+        {{- end }}
+        {{- with .Values.resources }}
+        resources:
+          {{- toYaml . | nindent 12 }}
+        {{- end }}
+      volumes:
+      - name: wordlists
+        configMap:
+          name: {{ include "krawl.fullname" . }}-wordlists
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

helm/templates/hpa.yaml

@@ -0,0 +1,32 @@
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ include "krawl.fullname" . }}
+  labels:
+    {{- include "krawl.labels" . | nindent 4 }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ include "krawl.fullname" . }}
+  minReplicas: {{ .Values.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+  metrics:
+  {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
+  - type: Resource
+    resource:
+      name: cpu
+      target:
+        type: Utilization
+        averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
+  {{- end }}
+  {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
+  - type: Resource
+    resource:
+      name: memory
+      target:
+        type: Utilization
+        averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
+  {{- end }}
+{{- end }}

helm/templates/ingress.yaml

@@ -0,0 +1,42 @@
+{{- if .Values.ingress.enabled -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ include "krawl.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "krawl.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if .Values.ingress.className }}
+  ingressClassName: {{ .Values.ingress.className }}
+  {{- end }}
+  {{- if .Values.ingress.tls }}
+  tls:
+    {{- range .Values.ingress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+          {{- range .paths }}
+          - path: {{ .path }}
+            pathType: {{ .pathType }}
+            backend:
+              service:
+                name: {{ include "krawl.fullname" $ }}
+                port:
+                  number: {{ $.Values.service.port }}
+          {{- end }}
+    {{- end }}
+{{- end }}

helm/templates/network-policy.yaml

@@ -0,0 +1,24 @@
+{{- if .Values.networkPolicy.enabled -}}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ include "krawl.fullname" . }}
+  labels:
+    {{- include "krawl.labels" . | nindent 4 }}
+spec:
+  podSelector:
+    matchLabels:
+      {{- include "krawl.selectorLabels" . | nindent 6 }}
+  {{- with .Values.networkPolicy.policyTypes }}
+  policyTypes:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.networkPolicy.ingress }}
+  ingress:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.networkPolicy.egress }}
+  egress:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}

helm/templates/secret.yaml

@@ -0,0 +1,16 @@
+{{- $secret := (lookup "v1" "Secret" .Release.Namespace (include "krawl.fullname" .)) -}}
+{{- $dashboardPath := "" -}}
+{{- if and $secret $secret.data -}}
+  {{- $dashboardPath = index $secret.data "dashboard-path" | b64dec -}}
+{{- else -}}
+  {{- $dashboardPath = printf "/%s" (randAlphaNum 32) -}}
+{{- end -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "krawl.fullname" . }}
+  labels:
+    {{- include "krawl.labels" . | nindent 4 }}
+type: Opaque
+stringData:
+  dashboard-path: {{ $dashboardPath | quote }}

helm/templates/service.yaml

@@ -0,0 +1,26 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "krawl.fullname" . }}
+  labels:
+    {{- include "krawl.labels" . | nindent 4 }}
+  {{- with .Values.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  type: {{ .Values.service.type }}
+  {{- if .Values.service.externalTrafficPolicy }}
+  externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }}
+  {{- end }}
+  sessionAffinity: ClientIP
+  sessionAffinityConfig:
+    clientIP:
+      timeoutSeconds: 10800
+  ports:
+  - port: {{ .Values.service.port }}
+    targetPort: http
+    protocol: TCP
+    name: http
+  selector:
+    {{- include "krawl.selectorLabels" . | nindent 4 }}

helm/templates/wordlists-configmap.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "krawl.fullname" . }}-wordlists
+  labels:
+    {{- include "krawl.labels" . | nindent 4 }}
+data:
+  wordlists.json: |
+    {{- .Values.wordlists | toJson | nindent 4 }}