added modsec chart for webgoat behind modsecurity crs

platformQuickStarts/helm/modsec/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

platformQuickStarts/helm/modsec/Chart.yaml

@@ -0,0 +1,9 @@
+apiVersion: v2
+name: modsec
+description: ModSecurity Core Rule Set
+ 
+type: application
+ 
+version: 0.1.0
+ 
+appVersion: "latest"

platformQuickStarts/helm/modsec/templates/configmap-modsec.yaml

@@ -0,0 +1,18 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: {{ .Values.modsec_server.name }}-configmap-modsec
+  namespace: {{ .Values.namespace }}
+  labels:
+    app.kubernetes.io/part-of: {{ .Values.modsec_server.name }} 
+data:
+  PARANOIA: '1'
+  EXECUTING_PARANOIA: '2'
+  ANOMALYIN: '5'
+  ANOMALYOUT: '5'
+  ALLOWED_METHODS: 'GET POST'
+  ALLOWED_REQUEST_CONTENT_TYPE: "text/xml|application/xml|text/plain"
+  MAX_FILE_SIZE: '5242880'
+  PORT: '8001'
+  RESTRICTED_EXTENSIONS: '.conf/'
+  BACKEND: 'http://{{ .Values.webgoat_server.name }}-service:8080' 

platformQuickStarts/helm/modsec/templates/deployment.yaml

@@ -0,0 +1,45 @@
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  name: {{ .Values.modsec_server.name }}
+  namespace: {{ .Values.namespace }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: {{ .Values.modsec_server.name }}
+  template:
+    metadata:
+      labels:
+        app: {{ .Values.modsec_server.name }} 
+    spec:
+      containers:
+        - resources:
+            limits:
+              memory: "2Gi"
+              cpu: "1"
+            requests:
+              memory: "1Gi"
+              cpu: "0.5"
+          name: modsec
+          ports:
+            - containerPort: 8001
+              protocol: TCP
+          image: {{ .Values.modsec_server.image }}
+          imagePullPolicy: Always
+          terminationMessagePolicy: File
+          envFrom:
+            - configMapRef:
+                name: {{ .Values.modsec_server.name }}-configmap-modsec
+      restartPolicy: Always
+      terminationGracePeriodSeconds: 30
+      dnsPolicy: ClusterFirst
+      securityContext: {}
+      schedulerName: default-scheduler
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 25%
+      maxSurge: 25%
+  revisionHistoryLimit: 10
+  progressDeadlineSeconds: 600

platformQuickStarts/helm/modsec/templates/route-modsec.yml

@@ -0,0 +1,16 @@
+apiVersion: route.openshift.io/v1
+kind: Route
+metadata:
+  labels:
+    app: {{ .Values.modsec_server.name }}
+  name: {{ .Values.modsec_server.name }}-modsec
+  namespace: {{ .Values.namespace }}
+spec:
+  path: /
+  port:
+    targetPort: 8001
+  to:
+    kind: Service
+    name: {{ .Values.modsec_server.name }}-service
+    weight: 100
+  wildcardPolicy: None

platformQuickStarts/helm/modsec/templates/service.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: {{ .Values.modsec_server.name }}
+  name: {{ .Values.modsec_server.name }}-service
+  namespace: {{ .Values.namespace }}
+spec:
+  ports:
+  - name: 8001-tcp
+    port: 8001
+    protocol: TCP
+    targetPort: 8001
+  selector:
+    app: {{ .Values.modsec_server.name }}
+  sessionAffinity: None

platformQuickStarts/helm/modsec/values.yaml

@@ -0,0 +1,13 @@
+namespace: demo-project
+urlpostfix: .apps-crc.testing
+accessMode: ReadWriteMany
+ 
+modsec_server:
+  name: modsec-1
+  #image: docker.io/franbuehler/modsecurity-crs-rp
+  #image: docker.io/owasp/modsecurity-crs
+  image: docker.io/chrira/modsecurity-crs-rp:openshift
+
+webgoat_server:
+  name: webgoat-1
+