Adding spiderfoot

manifests/workloads/applicationset.yaml

@@ -36,6 +36,9 @@ spec:
       - appName: sonarqube-oss
         namespace: sonarqube
         targetRev: main
+      - appName: spiderfoot
+        namespace: osint
+        targetRev: main
       - appName: talos-pxeboot
         namespace: pxeboot
         targetRev: pxeboot

manifests/workloads/spiderfoot/external-dns.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: spiderfoot-extname
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: spiderfoot.homelab.danmanners.com
+    external-dns.alpha.kubernetes.io/ttl: "300"
+  labels:
+    app.kubernetes.io/name: spiderfoot
+spec:
+  type: ExternalName
+  externalName: nginx.homelab.danmanners.com
+  sessionAffinity: None

manifests/workloads/spiderfoot/ingress-basicauth.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: basic-authmap
+type: Opaque
+stringData:
+  dan: $apr1$QHLOMISK$KVnciXqcww8PDTflRKtTZ1
+  tyler: $apr1$3vcQyUNf$.tdu5cu1uvn9biNqFlNk/.

manifests/workloads/spiderfoot/kustomization.yaml

@@ -0,0 +1,21 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: osint
+
+resources:
+- namespace.yaml
+- external-dns.yaml
+- ingress-basicauth.yaml
+
+helmCharts:
+- name: app-template
+  releaseName: osint
+  namespace: osint
+  repo: https://bjw-s.github.io/helm-charts
+  version: 2.0.3
+  valuesFile: values.yaml
+
+images:
+- name: spiderfoot:replaceme
+  newName: core.harbor.homelab.danmanners.com/library/smicallef/spiderfoot
+  newTag: master-f37b98eea99e9dc46d399089b85e5c4338bc81d9

manifests/workloads/spiderfoot/namespace.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    name: osint
+  name: osint

manifests/workloads/spiderfoot/readme.md

@@ -0,0 +1,3 @@
+# Spiderfoot
+
+[Spiderfoot](https://github.com/smicallef/spiderfoot) is a reconnaissance tool that automatically queries over 100 public data sources (OSINT) to gather intelligence on IP addresses, domain names, e-mail addresses, names and more. You simply specify the target you want to investigate, pick which modules to enable and then SpiderFoot will collect data to build up an understanding of all the entities and how they relate to each other.

manifests/workloads/spiderfoot/values.yaml

@@ -0,0 +1,71 @@
+global:
+  nameOverride: spiderfoot
+
+controllers:
+  main:
+    replicas: 1
+    type: deployment
+    strategy: Recreate
+    containers:
+      main:
+        nameOverride: spiderfoot
+        image:
+          repository: spiderfoot
+          tag: replaceme
+          pullPolicy: IfNotPresent
+        ports:
+        - containerPort: 5001
+        probes:
+          readiness:
+            enabled: false
+          startup:
+            enabled: false
+          liveness:
+            enabled: false # Need to get this working
+
+service:
+  main:
+    enabled: true
+    ports:
+      http:
+        port: 5001
+
+ingress:
+  main:
+    enabled: true
+    className: nginx
+    annotations:
+      cert-manager.io/cluster-issuer: acme-prod
+      nginx.ingress.kubernetes.io/auth-type: basic
+      nginx.ingress.kubernetes.io/auth-secret: basic-auth
+      nginx.ingress.kubernetes.io/auth-secret-type: auth-map
+      nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required'
+    tls:
+    - secretName: spiderfoot-cert
+      hosts:
+      - spiderfoot.homelab.danmanners.com
+    hosts:
+    - host: spiderfoot.homelab.danmanners.com
+      paths:
+      - path: /
+        service:
+          name: spiderfoot
+          port: 5001
+
+persistence:
+  logs:
+    enabled: true
+    storageClass: ceph-rbd
+    accessMode: ReadWriteOnce
+    size: 4Gi
+    globalMounts:
+    - path: /var/lib/spiderfoot/log
+      readOnly: false
+  cache:
+    enabled: true
+    storageClass: ceph-rbd
+    accessMode: ReadWriteOnce
+    size: 20Gi
+    globalMounts:
+    - path: /var/lib/spiderfoot/cache
+      readOnly: false