Migrate configuration from environment variables to YAML file

- Add YAML-based configuration loaded from config.yaml (CONFIG_LOCATION env var)
  - Add PyYAML dependency and install requirements in Dockerfile
  - Replace Config.from_env() with get_config() singleton pattern
  - Remove server_header from config (now randomized from wordlists only)
  - Update docker-compose.yaml to mount config.yaml read-only
  - Update Helm chart: restructure values.yaml, generate config.yaml in ConfigMap
  - Update Kubernetes manifests: ConfigMap now contains config.yaml, deployments mount it
  - Remove Helm secret.yaml (dashboard path now auto-generated in config.yaml)

helm/templates/configmap.yaml

@@ -5,25 +5,30 @@ metadata:
   labels:
     {{- include "krawl.labels" . | nindent 4 }}
 data:
-  PORT: {{ .Values.config.port | quote }}
-  DELAY: {{ .Values.config.delay | quote }}
-  LINKS_MIN_LENGTH: {{ .Values.config.linksMinLength | quote }}
-  LINKS_MAX_LENGTH: {{ .Values.config.linksMaxLength | quote }}
-  LINKS_MIN_PER_PAGE: {{ .Values.config.linksMinPerPage | quote }}
-  LINKS_MAX_PER_PAGE: {{ .Values.config.linksMaxPerPage | quote }}
-  MAX_COUNTER: {{ .Values.config.maxCounter | quote }}
-  CANARY_TOKEN_TRIES: {{ .Values.config.canaryTokenTries | quote }}
-  PROBABILITY_ERROR_CODES: {{ .Values.config.probabilityErrorCodes | quote }}
-  CANARY_TOKEN_URL: {{ .Values.config.canaryTokenUrl | quote }}
-  {{- if .Values.config.dashboardSecretPath }}
-  DASHBOARD_SECRET_PATH: {{ .Values.config.dashboardSecretPath | quote }}
-  {{- end }}
-  {{- if .Values.config.serverHeader }}
-  SERVER_HEADER: {{ .Values.config.serverHeader | quote }}
-  {{- end }}
-  {{- if .Values.config.timezone }}
-  TIMEZONE: {{ .Values.config.timezone | quote }}
-  {{- end }}
-  # Database configuration
-  DATABASE_PATH: {{ .Values.database.path | quote }}
-  DATABASE_RETENTION_DAYS: {{ .Values.database.retentionDays | quote }}
+  config.yaml: |
+    # Krawl Honeypot Configuration
+    server:
+      port: {{ .Values.config.server.port }}
+      delay: {{ .Values.config.server.delay }}
+      timezone: {{ .Values.config.server.timezone | toYaml }}
+    links:
+      min_length: {{ .Values.config.links.min_length }}
+      max_length: {{ .Values.config.links.max_length }}
+      min_per_page: {{ .Values.config.links.min_per_page }}
+      max_per_page: {{ .Values.config.links.max_per_page }}
+      char_space: {{ .Values.config.links.char_space | quote }}
+      max_counter: {{ .Values.config.links.max_counter }}
+    canary:
+      token_url: {{ .Values.config.canary.token_url | toYaml }}
+      token_tries: {{ .Values.config.canary.token_tries }}
+    dashboard:
+      secret_path: {{ .Values.config.dashboard.secret_path | toYaml }}
+    api:
+      server_url: {{ .Values.config.api.server_url | toYaml }}
+      server_port: {{ .Values.config.api.server_port }}
+      server_path: {{ .Values.config.api.server_path | quote }}
+    database:
+      path: {{ .Values.config.database.path | quote }}
+      retention_days: {{ .Values.config.database.retention_days }}
+    behavior:
+      probability_error_codes: {{ .Values.config.behavior.probability_error_codes }}

helm/templates/deployment.yaml

@@ -38,18 +38,16 @@ spec:
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         ports:
         - name: http
-          containerPort: {{ .Values.config.port }}
+          containerPort: {{ .Values.config.server.port }}
           protocol: TCP
-        envFrom:
-        - configMapRef:
-            name: {{ include "krawl.fullname" . }}-config
         env:
-        - name: DASHBOARD_SECRET_PATH
-          valueFrom:
-            secretKeyRef:
-              name: {{ include "krawl.fullname" . }}
-              key: dashboard-path
+        - name: CONFIG_LOCATION
+          value: "config.yaml"
         volumeMounts:
+        - name: config
+          mountPath: /app/config.yaml
+          subPath: config.yaml
+          readOnly: true
         - name: wordlists
           mountPath: /app/wordlists.json
           subPath: wordlists.json
@@ -63,6 +61,9 @@ spec:
           {{- toYaml . | nindent 12 }}
         {{- end }}
       volumes:
+      - name: config
+        configMap:
+          name: {{ include "krawl.fullname" . }}-config
       - name: wordlists
         configMap:
           name: {{ include "krawl.fullname" . }}-wordlists

helm/templates/secret.yaml

@@ -1,16 +0,0 @@
-{{- $secret := (lookup "v1" "Secret" .Release.Namespace (include "krawl.fullname" .)) -}}
-{{- $dashboardPath := "" -}}
-{{- if and $secret $secret.data -}}
-  {{- $dashboardPath = index $secret.data "dashboard-path" | b64dec -}}
-{{- else -}}
-  {{- $dashboardPath = printf "/%s" (randAlphaNum 32) -}}
-{{- end -}}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "krawl.fullname" . }}
-  labels:
-    {{- include "krawl.labels" . | nindent 4 }}
-type: Opaque
-stringData:
-  dashboard-path: {{ $dashboardPath | quote }}

helm/values.yaml

@@ -62,29 +62,36 @@ tolerations: []
 
 affinity: {}
 
-# Application configuration
+# Application configuration (config.yaml structure)
 config:
-  port: 5000
-  delay: 100
-  linksMinLength: 5
-  linksMaxLength: 15
-  linksMinPerPage: 10
-  linksMaxPerPage: 15
-  maxCounter: 10
-  canaryTokenTries: 10
-  probabilityErrorCodes: 0
-# timezone: "UTC"
-#  serverHeader: "Apache/2.2.22 (Ubuntu)"
-#  dashboardSecretPath: "/my-secret-dashboard"
-#  canaryTokenUrl: set-your-canary-token-url-here
-#  timezone: "UTC"  # IANA timezone (e.g., "America/New_York", "Europe/Rome"). If not set, system timezone is used.
+  server:
+    port: 5000
+    delay: 100
+    timezone: null  # IANA timezone (e.g., "America/New_York", "Europe/Rome"). If not set, system timezone is used.
+  links:
+    min_length: 5
+    max_length: 15
+    min_per_page: 10
+    max_per_page: 15
+    char_space: "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
+    max_counter: 10
+  canary:
+    token_url: null  # Set your canary token URL here
+    token_tries: 10
+  dashboard:
+    secret_path: null  # Auto-generated if not set, or set to "/my-secret-dashboard"
+  api:
+    server_url: null
+    server_port: 8080
+    server_path: "/api/v2/users"
+  database:
+    path: "data/krawl.db"
+    retention_days: 30
+  behavior:
+    probability_error_codes: 0
 
-# Database configuration
+# Database persistence configuration
 database:
-  # Path to the SQLite database file
-  path: "data/krawl.db"
-  # Number of days to retain access logs and attack data
-  retentionDays: 30
   # Persistence configuration
   persistence:
     enabled: true