diff --git a/manifests/workloads/applicationset.yaml b/manifests/workloads/applicationset.yaml index 41cf8081..b05e0cd5 100644 --- a/manifests/workloads/applicationset.yaml +++ b/manifests/workloads/applicationset.yaml @@ -36,6 +36,9 @@ spec: - appName: sonarqube-oss namespace: sonarqube targetRev: main + - appName: spiderfoot + namespace: osint + targetRev: main - appName: talos-pxeboot namespace: pxeboot targetRev: pxeboot diff --git a/manifests/workloads/spiderfoot/external-dns.yaml b/manifests/workloads/spiderfoot/external-dns.yaml new file mode 100644 index 00000000..08d7bbdd --- /dev/null +++ b/manifests/workloads/spiderfoot/external-dns.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: spiderfoot-extname + annotations: + external-dns.alpha.kubernetes.io/hostname: spiderfoot.homelab.danmanners.com + external-dns.alpha.kubernetes.io/ttl: "300" + labels: + app.kubernetes.io/name: spiderfoot +spec: + type: ExternalName + externalName: nginx.homelab.danmanners.com + sessionAffinity: None diff --git a/manifests/workloads/spiderfoot/ingress-basicauth.yaml b/manifests/workloads/spiderfoot/ingress-basicauth.yaml new file mode 100644 index 00000000..a28a323a --- /dev/null +++ b/manifests/workloads/spiderfoot/ingress-basicauth.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: basic-authmap +type: Opaque +stringData: + dan: $apr1$QHLOMISK$KVnciXqcww8PDTflRKtTZ1 + tyler: $apr1$3vcQyUNf$.tdu5cu1uvn9biNqFlNk/. diff --git a/manifests/workloads/spiderfoot/kustomization.yaml b/manifests/workloads/spiderfoot/kustomization.yaml new file mode 100644 index 00000000..be2a5c34 --- /dev/null +++ b/manifests/workloads/spiderfoot/kustomization.yaml @@ -0,0 +1,21 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: osint + +resources: +- namespace.yaml +- external-dns.yaml +- ingress-basicauth.yaml + +helmCharts: +- name: app-template + releaseName: osint + namespace: osint + repo: https://bjw-s.github.io/helm-charts + version: 2.0.3 + valuesFile: values.yaml + +images: +- name: spiderfoot:replaceme + newName: core.harbor.homelab.danmanners.com/library/smicallef/spiderfoot + newTag: master-f37b98eea99e9dc46d399089b85e5c4338bc81d9 diff --git a/manifests/workloads/spiderfoot/namespace.yaml b/manifests/workloads/spiderfoot/namespace.yaml new file mode 100644 index 00000000..44240af9 --- /dev/null +++ b/manifests/workloads/spiderfoot/namespace.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + name: osint + name: osint diff --git a/manifests/workloads/spiderfoot/readme.md b/manifests/workloads/spiderfoot/readme.md new file mode 100644 index 00000000..5c7ec39c --- /dev/null +++ b/manifests/workloads/spiderfoot/readme.md @@ -0,0 +1,3 @@ +# Spiderfoot + +[Spiderfoot](https://github.com/smicallef/spiderfoot) is a reconnaissance tool that automatically queries over 100 public data sources (OSINT) to gather intelligence on IP addresses, domain names, e-mail addresses, names and more. You simply specify the target you want to investigate, pick which modules to enable and then SpiderFoot will collect data to build up an understanding of all the entities and how they relate to each other. diff --git a/manifests/workloads/spiderfoot/values.yaml b/manifests/workloads/spiderfoot/values.yaml new file mode 100644 index 00000000..f901cc91 --- /dev/null +++ b/manifests/workloads/spiderfoot/values.yaml @@ -0,0 +1,75 @@ +global: + nameOverride: spiderfoot + +controllers: + main: + replicas: 1 + type: deployment + strategy: Recreate + containers: + main: + nameOverride: spiderfoot + image: + repository: spiderfoot + tag: replaceme + pullPolicy: IfNotPresent + ports: + - containerPort: &containerPort1 5001 + probes: + readiness: + enabled: false + startup: + enabled: false + liveness: + enabled: false # Need to get this working + # securityContext: # Need to get this working + # fsGroup: 1000 + +service: + main: + enabled: true + ports: + http: + port: *containerPort1 + +ingress: + main: + enabled: true + nameoverride: spiderfoot + className: nginx + annotations: + cert-manager.io/cluster-issuer: acme-prod + nginx.ingress.kubernetes.io/auth-type: basic + nginx.ingress.kubernetes.io/auth-secret: basic-authmap + nginx.ingress.kubernetes.io/auth-secret-type: auth-map + nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required' + tls: + - secretName: spiderfoot-cert + hosts: + - &uri spiderfoot.homelab.danmanners.com + hosts: + - host: *uri + paths: + - path: / + service: + name: osint-spiderfoot + port: + port: *containerPort1 + +persistence: + logs: + enabled: false # Need to figure out what's going on with volume mount permissions + storageClass: ceph-rbd + accessMode: ReadWriteOnce + size: 4Gi + globalMounts: + - path: /var/lib/spiderfoot/log + readOnly: false + cache: + enabled: false # Need to figure out what's going on with volume mount permissions + storageClass: ceph-rbd + accessMode: ReadWriteOnce + size: 20Gi + globalMounts: + - path: /var/lib/spiderfoot/cache + readOnly: false