From c55b1375adbd6f21fa1712f9bd9c05026fa34207 Mon Sep 17 00:00:00 2001 From: Patrick Di Fazio Date: Tue, 30 Dec 2025 12:12:42 +0100 Subject: [PATCH] added db config for kubernetes and helm --- helm/templates/configmap.yaml | 3 +++ helm/templates/deployment.yaml | 14 ++++++++++++++ helm/templates/pvc.yaml | 17 +++++++++++++++++ helm/values.yaml | 18 ++++++++++++++++++ kubernetes/krawl-all-in-one-deploy.yaml | 22 ++++++++++++++++++++++ kubernetes/manifests/configmap.yaml | 5 ++++- kubernetes/manifests/deployment.yaml | 5 +++++ kubernetes/manifests/kustomization.yaml | 1 + kubernetes/manifests/pvc.yaml | 13 +++++++++++++ 9 files changed, 97 insertions(+), 1 deletion(-) create mode 100644 helm/templates/pvc.yaml create mode 100644 kubernetes/manifests/pvc.yaml diff --git a/helm/templates/configmap.yaml b/helm/templates/configmap.yaml index 2990f61..17cd952 100644 --- a/helm/templates/configmap.yaml +++ b/helm/templates/configmap.yaml @@ -24,3 +24,6 @@ data: {{- if .Values.config.timezone }} TIMEZONE: {{ .Values.config.timezone | quote }} {{- end }} + # Database configuration + DATABASE_PATH: {{ .Values.database.path | quote }} + DATABASE_RETENTION_DAYS: {{ .Values.database.retentionDays | quote }} diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml index b0aeb6d..ecc9655 100644 --- a/helm/templates/deployment.yaml +++ b/helm/templates/deployment.yaml @@ -54,6 +54,10 @@ spec: mountPath: /app/wordlists.json subPath: wordlists.json readOnly: true + {{- if .Values.database.persistence.enabled }} + - name: database + mountPath: /app/data + {{- end }} {{- with .Values.resources }} resources: {{- toYaml . | nindent 12 }} @@ -62,6 +66,16 @@ spec: - name: wordlists configMap: name: {{ include "krawl.fullname" . }}-wordlists + {{- if .Values.database.persistence.enabled }} + - name: database + {{- if .Values.database.persistence.existingClaim }} + persistentVolumeClaim: + claimName: {{ .Values.database.persistence.existingClaim }} + {{- else }} + persistentVolumeClaim: + claimName: {{ include "krawl.fullname" . }}-db + {{- end }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/helm/templates/pvc.yaml b/helm/templates/pvc.yaml new file mode 100644 index 0000000..ec73af2 --- /dev/null +++ b/helm/templates/pvc.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.database.persistence.enabled (not .Values.database.persistence.existingClaim) }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "krawl.fullname" . }}-db + labels: + {{- include "krawl.labels" . | nindent 4 }} +spec: + accessModes: + - {{ .Values.database.persistence.accessMode }} + {{- if .Values.database.persistence.storageClassName }} + storageClassName: {{ .Values.database.persistence.storageClassName }} + {{- end }} + resources: + requests: + storage: {{ .Values.database.persistence.size }} +{{- end }} diff --git a/helm/values.yaml b/helm/values.yaml index 8a6bc1d..c92bc0b 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -79,6 +79,24 @@ config: # canaryTokenUrl: set-your-canary-token-url-here # timezone: "UTC" # IANA timezone (e.g., "America/New_York", "Europe/Rome"). If not set, system timezone is used. +# Database configuration +database: + # Path to the SQLite database file + path: "data/krawl.db" + # Number of days to retain access logs and attack data + retentionDays: 30 + # Persistence configuration + persistence: + enabled: true + # Storage class name (use default if not specified) + # storageClassName: "" + # Access mode for the persistent volume + accessMode: ReadWriteOnce + # Size of the persistent volume + size: 1Gi + # Optional: Use existing PVC + # existingClaim: "" + networkPolicy: enabled: true policyTypes: diff --git a/kubernetes/krawl-all-in-one-deploy.yaml b/kubernetes/krawl-all-in-one-deploy.yaml index 0362220..d1a026c 100644 --- a/kubernetes/krawl-all-in-one-deploy.yaml +++ b/kubernetes/krawl-all-in-one-deploy.yaml @@ -20,6 +20,9 @@ data: CANARY_TOKEN_TRIES: "10" PROBABILITY_ERROR_CODES: "0" # CANARY_TOKEN_URL: set-your-canary-token-url-here + # Database configuration + DATABASE_PATH: "data/krawl.db" + DATABASE_RETENTION_DAYS: "30" --- apiVersion: v1 kind: ConfigMap @@ -227,6 +230,20 @@ data: ] } --- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: krawl-db + namespace: krawl-system + labels: + app: krawl-server +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -260,6 +277,8 @@ spec: mountPath: /app/wordlists.json subPath: wordlists.json readOnly: true + - name: database + mountPath: /app/data resources: requests: memory: "64Mi" @@ -271,6 +290,9 @@ spec: - name: wordlists configMap: name: krawl-wordlists + - name: database + persistentVolumeClaim: + claimName: krawl-db --- apiVersion: v1 kind: Service diff --git a/kubernetes/manifests/configmap.yaml b/kubernetes/manifests/configmap.yaml index 073005f..ef357b0 100644 --- a/kubernetes/manifests/configmap.yaml +++ b/kubernetes/manifests/configmap.yaml @@ -15,4 +15,7 @@ data: PROBABILITY_ERROR_CODES: "0" SERVER_HEADER: "Apache/2.2.22 (Ubuntu)" # CANARY_TOKEN_URL: set-your-canary-token-url-here -# TIMEZONE: "UTC" # IANA timezone (e.g., "America/New_York", "Europe/Rome") \ No newline at end of file +# TIMEZONE: "UTC" # IANA timezone (e.g., "America/New_York", "Europe/Rome") + # Database configuration + DATABASE_PATH: "data/krawl.db" + DATABASE_RETENTION_DAYS: "30" \ No newline at end of file diff --git a/kubernetes/manifests/deployment.yaml b/kubernetes/manifests/deployment.yaml index 0552eba..1650721 100644 --- a/kubernetes/manifests/deployment.yaml +++ b/kubernetes/manifests/deployment.yaml @@ -31,6 +31,8 @@ spec: mountPath: /app/wordlists.json subPath: wordlists.json readOnly: true + - name: database + mountPath: /app/data resources: requests: memory: "64Mi" @@ -42,3 +44,6 @@ spec: - name: wordlists configMap: name: krawl-wordlists + - name: database + persistentVolumeClaim: + claimName: krawl-db diff --git a/kubernetes/manifests/kustomization.yaml b/kubernetes/manifests/kustomization.yaml index 8f41776..4a5fcd9 100644 --- a/kubernetes/manifests/kustomization.yaml +++ b/kubernetes/manifests/kustomization.yaml @@ -5,6 +5,7 @@ resources: - namespace.yaml - configmap.yaml - wordlists-configmap.yaml + - pvc.yaml - deployment.yaml - service.yaml - network-policy.yaml diff --git a/kubernetes/manifests/pvc.yaml b/kubernetes/manifests/pvc.yaml new file mode 100644 index 0000000..6b771ff --- /dev/null +++ b/kubernetes/manifests/pvc.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: krawl-db + namespace: krawl-system + labels: + app: krawl-server +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi