From 98a3afaa15379d931d0e66f7d81a8f5f5a6ecfae Mon Sep 17 00:00:00 2001 From: Dan Manners Date: Mon, 23 Oct 2023 19:48:06 -0400 Subject: [PATCH] Adding spiderfoot --- manifests/workloads/applicationset.yaml | 3 + .../workloads/spiderfoot/external-dns.yaml | 13 ++++ .../spiderfoot/ingress-basicauth.yaml | 8 +++ .../workloads/spiderfoot/kustomization.yaml | 21 ++++++ manifests/workloads/spiderfoot/namespace.yaml | 6 ++ manifests/workloads/spiderfoot/readme.md | 3 + manifests/workloads/spiderfoot/values.yaml | 71 +++++++++++++++++++ 7 files changed, 125 insertions(+) create mode 100644 manifests/workloads/spiderfoot/external-dns.yaml create mode 100644 manifests/workloads/spiderfoot/ingress-basicauth.yaml create mode 100644 manifests/workloads/spiderfoot/kustomization.yaml create mode 100644 manifests/workloads/spiderfoot/namespace.yaml create mode 100644 manifests/workloads/spiderfoot/readme.md create mode 100644 manifests/workloads/spiderfoot/values.yaml diff --git a/manifests/workloads/applicationset.yaml b/manifests/workloads/applicationset.yaml index 41cf8081..b05e0cd5 100644 --- a/manifests/workloads/applicationset.yaml +++ b/manifests/workloads/applicationset.yaml @@ -36,6 +36,9 @@ spec: - appName: sonarqube-oss namespace: sonarqube targetRev: main + - appName: spiderfoot + namespace: osint + targetRev: main - appName: talos-pxeboot namespace: pxeboot targetRev: pxeboot diff --git a/manifests/workloads/spiderfoot/external-dns.yaml b/manifests/workloads/spiderfoot/external-dns.yaml new file mode 100644 index 00000000..08d7bbdd --- /dev/null +++ b/manifests/workloads/spiderfoot/external-dns.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: spiderfoot-extname + annotations: + external-dns.alpha.kubernetes.io/hostname: spiderfoot.homelab.danmanners.com + external-dns.alpha.kubernetes.io/ttl: "300" + labels: + app.kubernetes.io/name: spiderfoot +spec: + type: ExternalName + externalName: nginx.homelab.danmanners.com + sessionAffinity: None diff --git a/manifests/workloads/spiderfoot/ingress-basicauth.yaml b/manifests/workloads/spiderfoot/ingress-basicauth.yaml new file mode 100644 index 00000000..a28a323a --- /dev/null +++ b/manifests/workloads/spiderfoot/ingress-basicauth.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: basic-authmap +type: Opaque +stringData: + dan: $apr1$QHLOMISK$KVnciXqcww8PDTflRKtTZ1 + tyler: $apr1$3vcQyUNf$.tdu5cu1uvn9biNqFlNk/. diff --git a/manifests/workloads/spiderfoot/kustomization.yaml b/manifests/workloads/spiderfoot/kustomization.yaml new file mode 100644 index 00000000..be2a5c34 --- /dev/null +++ b/manifests/workloads/spiderfoot/kustomization.yaml @@ -0,0 +1,21 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: osint + +resources: +- namespace.yaml +- external-dns.yaml +- ingress-basicauth.yaml + +helmCharts: +- name: app-template + releaseName: osint + namespace: osint + repo: https://bjw-s.github.io/helm-charts + version: 2.0.3 + valuesFile: values.yaml + +images: +- name: spiderfoot:replaceme + newName: core.harbor.homelab.danmanners.com/library/smicallef/spiderfoot + newTag: master-f37b98eea99e9dc46d399089b85e5c4338bc81d9 diff --git a/manifests/workloads/spiderfoot/namespace.yaml b/manifests/workloads/spiderfoot/namespace.yaml new file mode 100644 index 00000000..44240af9 --- /dev/null +++ b/manifests/workloads/spiderfoot/namespace.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + name: osint + name: osint diff --git a/manifests/workloads/spiderfoot/readme.md b/manifests/workloads/spiderfoot/readme.md new file mode 100644 index 00000000..5c7ec39c --- /dev/null +++ b/manifests/workloads/spiderfoot/readme.md @@ -0,0 +1,3 @@ +# Spiderfoot + +[Spiderfoot](https://github.com/smicallef/spiderfoot) is a reconnaissance tool that automatically queries over 100 public data sources (OSINT) to gather intelligence on IP addresses, domain names, e-mail addresses, names and more. You simply specify the target you want to investigate, pick which modules to enable and then SpiderFoot will collect data to build up an understanding of all the entities and how they relate to each other. diff --git a/manifests/workloads/spiderfoot/values.yaml b/manifests/workloads/spiderfoot/values.yaml new file mode 100644 index 00000000..3ff23cdb --- /dev/null +++ b/manifests/workloads/spiderfoot/values.yaml @@ -0,0 +1,71 @@ +global: + nameOverride: spiderfoot + +controllers: + main: + replicas: 1 + type: deployment + strategy: Recreate + containers: + main: + nameOverride: spiderfoot + image: + repository: spiderfoot + tag: replaceme + pullPolicy: IfNotPresent + ports: + - containerPort: 5001 + probes: + readiness: + enabled: false + startup: + enabled: false + liveness: + enabled: false # Need to get this working + +service: + main: + enabled: true + ports: + http: + port: 5001 + +ingress: + main: + enabled: true + className: nginx + annotations: + cert-manager.io/cluster-issuer: acme-prod + nginx.ingress.kubernetes.io/auth-type: basic + nginx.ingress.kubernetes.io/auth-secret: basic-auth + nginx.ingress.kubernetes.io/auth-secret-type: auth-map + nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required' + tls: + - secretName: spiderfoot-cert + hosts: + - spiderfoot.homelab.danmanners.com + hosts: + - host: spiderfoot.homelab.danmanners.com + paths: + - path: / + service: + name: spiderfoot + port: 5001 + +persistence: + logs: + enabled: true + storageClass: ceph-rbd + accessMode: ReadWriteOnce + size: 4Gi + globalMounts: + - path: /var/lib/spiderfoot/log + readOnly: false + cache: + enabled: true + storageClass: ceph-rbd + accessMode: ReadWriteOnce + size: 20Gi + globalMounts: + - path: /var/lib/spiderfoot/cache + readOnly: false