Adding spiderfoot

manifests/workloads/applicationset.yaml

@@ -36,6 +36,9 @@ spec:
       - appName: sonarqube-oss
         namespace: sonarqube
         targetRev: main
+      - appName: spiderfoot
+        namespace: osint
+        targetRev: main
       - appName: talos-pxeboot
         namespace: pxeboot
         targetRev: pxeboot

manifests/workloads/spiderfoot/external-dns.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: spiderfoot-extname
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: spiderfoot.homelab.danmanners.com
+    external-dns.alpha.kubernetes.io/ttl: "300"
+  labels:
+    app.kubernetes.io/name: spiderfoot
+spec:
+  type: ExternalName
+  externalName: nginx.homelab.danmanners.com
+  sessionAffinity: None

manifests/workloads/spiderfoot/ingress-basicauth.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: basic-authmap
+type: Opaque
+stringData:
+  dan: $apr1$QHLOMISK$KVnciXqcww8PDTflRKtTZ1
+  tyler: $apr1$3vcQyUNf$.tdu5cu1uvn9biNqFlNk/.

manifests/workloads/spiderfoot/kustomization.yaml

@@ -0,0 +1,21 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: osint
+
+resources:
+- namespace.yaml
+- external-dns.yaml
+- ingress-basicauth.yaml
+
+helmCharts:
+- name: app-template
+  releaseName: osint
+  namespace: osint
+  repo: https://bjw-s.github.io/helm-charts
+  version: 2.0.3
+  valuesFile: values.yaml
+
+images:
+- name: spiderfoot:replaceme
+  newName: core.harbor.homelab.danmanners.com/library/smicallef/spiderfoot
+  newTag: master-f37b98eea99e9dc46d399089b85e5c4338bc81d9

manifests/workloads/spiderfoot/namespace.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    name: osint
+  name: osint

manifests/workloads/spiderfoot/readme.md

@@ -0,0 +1,3 @@
+# Spiderfoot
+
+[Spiderfoot](https://github.com/smicallef/spiderfoot) is a reconnaissance tool that automatically queries over 100 public data sources (OSINT) to gather intelligence on IP addresses, domain names, e-mail addresses, names and more. You simply specify the target you want to investigate, pick which modules to enable and then SpiderFoot will collect data to build up an understanding of all the entities and how they relate to each other.

manifests/workloads/spiderfoot/values.yaml

@@ -0,0 +1,75 @@
+global:
+  nameOverride: spiderfoot
+
+controllers:
+  main:
+    replicas: 1
+    type: deployment
+    strategy: Recreate
+    containers:
+      main:
+        nameOverride: spiderfoot
+        image:
+          repository: spiderfoot
+          tag: replaceme
+          pullPolicy: IfNotPresent
+        ports:
+        - containerPort: &containerPort1 5001
+        probes:
+          readiness:
+            enabled: false
+          startup:
+            enabled: false
+          liveness:
+            enabled: false # Need to get this working
+            # securityContext: # Need to get this working
+            #   fsGroup: 1000
+
+service:
+  main:
+    enabled: true
+    ports:
+      http:
+        port: *containerPort1
+
+ingress:
+  main:
+    enabled: true
+    nameoverride: spiderfoot
+    className: nginx
+    annotations:
+      cert-manager.io/cluster-issuer: acme-prod
+      nginx.ingress.kubernetes.io/auth-type: basic
+      nginx.ingress.kubernetes.io/auth-secret: basic-authmap
+      nginx.ingress.kubernetes.io/auth-secret-type: auth-map
+      nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required'
+    tls:
+    - secretName: spiderfoot-cert
+      hosts:
+      - &uri spiderfoot.homelab.danmanners.com
+    hosts:
+    - host: *uri
+      paths:
+      - path: /
+        service:
+          name: osint-spiderfoot
+          port:
+            port: *containerPort1
+
+persistence:
+  logs:
+    enabled: false # Need to figure out what's going on with volume mount permissions
+    storageClass: ceph-rbd
+    accessMode: ReadWriteOnce
+    size: 4Gi
+    globalMounts:
+    - path: /var/lib/spiderfoot/log
+      readOnly: false
+  cache:
+    enabled: false # Need to figure out what's going on with volume mount permissions
+    storageClass: ceph-rbd
+    accessMode: ReadWriteOnce
+    size: 20Gi
+    globalMounts:
+    - path: /var/lib/spiderfoot/cache
+      readOnly: false