From f9cc0950ab8427594ac2f14479e3300398358594 Mon Sep 17 00:00:00 2001 From: Dan Manners Date: Mon, 23 Oct 2023 19:48:06 -0400 Subject: [PATCH] Adding spiderfoot --- manifests/workloads/applicationset.yaml | 3 + .../workloads/spiderfoot/external-dns.yaml | 13 ++++ .../spiderfoot/ingress-basicauth.yaml | 8 ++ .../workloads/spiderfoot/kustomization.yaml | 21 ++++++ manifests/workloads/spiderfoot/namespace.yaml | 6 ++ manifests/workloads/spiderfoot/readme.md | 3 + manifests/workloads/spiderfoot/values.yaml | 75 +++++++++++++++++++ 7 files changed, 129 insertions(+) create mode 100644 manifests/workloads/spiderfoot/external-dns.yaml create mode 100644 manifests/workloads/spiderfoot/ingress-basicauth.yaml create mode 100644 manifests/workloads/spiderfoot/kustomization.yaml create mode 100644 manifests/workloads/spiderfoot/namespace.yaml create mode 100644 manifests/workloads/spiderfoot/readme.md create mode 100644 manifests/workloads/spiderfoot/values.yaml diff --git a/manifests/workloads/applicationset.yaml b/manifests/workloads/applicationset.yaml index 41cf8081..b05e0cd5 100644 --- a/manifests/workloads/applicationset.yaml +++ b/manifests/workloads/applicationset.yaml @@ -36,6 +36,9 @@ spec: - appName: sonarqube-oss namespace: sonarqube targetRev: main + - appName: spiderfoot + namespace: osint + targetRev: main - appName: talos-pxeboot namespace: pxeboot targetRev: pxeboot diff --git a/manifests/workloads/spiderfoot/external-dns.yaml b/manifests/workloads/spiderfoot/external-dns.yaml new file mode 100644 index 00000000..08d7bbdd --- /dev/null +++ b/manifests/workloads/spiderfoot/external-dns.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: spiderfoot-extname + annotations: + external-dns.alpha.kubernetes.io/hostname: spiderfoot.homelab.danmanners.com + external-dns.alpha.kubernetes.io/ttl: "300" + labels: + app.kubernetes.io/name: spiderfoot +spec: + type: ExternalName + externalName: nginx.homelab.danmanners.com + sessionAffinity: None diff --git a/manifests/workloads/spiderfoot/ingress-basicauth.yaml b/manifests/workloads/spiderfoot/ingress-basicauth.yaml new file mode 100644 index 00000000..a28a323a --- /dev/null +++ b/manifests/workloads/spiderfoot/ingress-basicauth.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: basic-authmap +type: Opaque +stringData: + dan: $apr1$QHLOMISK$KVnciXqcww8PDTflRKtTZ1 + tyler: $apr1$3vcQyUNf$.tdu5cu1uvn9biNqFlNk/. diff --git a/manifests/workloads/spiderfoot/kustomization.yaml b/manifests/workloads/spiderfoot/kustomization.yaml new file mode 100644 index 00000000..be2a5c34 --- /dev/null +++ b/manifests/workloads/spiderfoot/kustomization.yaml @@ -0,0 +1,21 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: osint + +resources: +- namespace.yaml +- external-dns.yaml +- ingress-basicauth.yaml + +helmCharts: +- name: app-template + releaseName: osint + namespace: osint + repo: https://bjw-s.github.io/helm-charts + version: 2.0.3 + valuesFile: values.yaml + +images: +- name: spiderfoot:replaceme + newName: core.harbor.homelab.danmanners.com/library/smicallef/spiderfoot + newTag: master-f37b98eea99e9dc46d399089b85e5c4338bc81d9 diff --git a/manifests/workloads/spiderfoot/namespace.yaml b/manifests/workloads/spiderfoot/namespace.yaml new file mode 100644 index 00000000..44240af9 --- /dev/null +++ b/manifests/workloads/spiderfoot/namespace.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + name: osint + name: osint diff --git a/manifests/workloads/spiderfoot/readme.md b/manifests/workloads/spiderfoot/readme.md new file mode 100644 index 00000000..5c7ec39c --- /dev/null +++ b/manifests/workloads/spiderfoot/readme.md @@ -0,0 +1,3 @@ +# Spiderfoot + +[Spiderfoot](https://github.com/smicallef/spiderfoot) is a reconnaissance tool that automatically queries over 100 public data sources (OSINT) to gather intelligence on IP addresses, domain names, e-mail addresses, names and more. You simply specify the target you want to investigate, pick which modules to enable and then SpiderFoot will collect data to build up an understanding of all the entities and how they relate to each other. diff --git a/manifests/workloads/spiderfoot/values.yaml b/manifests/workloads/spiderfoot/values.yaml new file mode 100644 index 00000000..b4dfc44b --- /dev/null +++ b/manifests/workloads/spiderfoot/values.yaml @@ -0,0 +1,75 @@ +global: + nameOverride: spiderfoot + +controllers: + main: + replicas: 1 + type: deployment + strategy: Recreate + containers: + main: + nameOverride: spiderfoot + image: + repository: spiderfoot + tag: replaceme + pullPolicy: IfNotPresent + ports: + - containerPort: &containerPort1 5001 + probes: + readiness: + enabled: false + startup: + enabled: false + liveness: + enabled: false # Need to get this working + # securityContext: # Need to get this working + # fsGroup: 1000 + +service: + main: + enabled: true + ports: + http: + port: *containerPort1 + +ingress: + main: + enabled: true + nameoverride: spiderfoot + className: nginx + annotations: + cert-manager.io/cluster-issuer: acme-prod + nginx.ingress.kubernetes.io/auth-type: basic + nginx.ingress.kubernetes.io/auth-secret: basic-authmap + nginx.ingress.kubernetes.io/auth-secret-type: auth-map + nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required' + tls: + - secretName: spiderfoot-cert + hosts: + - &uri spiderfoot.homelab.danmanners.com + hosts: + - host: *uri + paths: + - path: / + service: + name: osint-spiderfoot + port: + number: *containerPort1 + +persistence: + logs: + enabled: false # Need to figure out what's going on with volume mount permissions + storageClass: ceph-rbd + accessMode: ReadWriteOnce + size: 4Gi + globalMounts: + - path: /var/lib/spiderfoot/log + readOnly: false + cache: + enabled: false # Need to figure out what's going on with volume mount permissions + storageClass: ceph-rbd + accessMode: ReadWriteOnce + size: 20Gi + globalMounts: + - path: /var/lib/spiderfoot/cache + readOnly: false