added modsec chart for webgoat behind modsecurity crs

2022-01-07 16:06:20 +01:00
parent ee31633822
commit 386ebfe142
7 changed files with 140 additions and 0 deletions
--- a/platformQuickStarts/helm/modsec/templates/configmap-modsec.yaml
+++ b/platformQuickStarts/helm/modsec/templates/configmap-modsec.yaml
@ -0,0 +1,18 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: {{ .Values.modsec_server.name }}-configmap-modsec
+  namespace: {{ .Values.namespace }}
+  labels:
+    app.kubernetes.io/part-of: {{ .Values.modsec_server.name }} 
+data:
+  PARANOIA: '1'
+  EXECUTING_PARANOIA: '2'
+  ANOMALYIN: '5'
+  ANOMALYOUT: '5'
+  ALLOWED_METHODS: 'GET POST'
+  ALLOWED_REQUEST_CONTENT_TYPE: "text/xml|application/xml|text/plain"
+  MAX_FILE_SIZE: '5242880'
+  PORT: '8001'
+  RESTRICTED_EXTENSIONS: '.conf/'
+  BACKEND: 'http://{{ .Values.webgoat_server.name }}-service:8080' 
--- a/platformQuickStarts/helm/modsec/templates/deployment.yaml
+++ b/platformQuickStarts/helm/modsec/templates/deployment.yaml
@ -0,0 +1,45 @@
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  name: {{ .Values.modsec_server.name }}
+  namespace: {{ .Values.namespace }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: {{ .Values.modsec_server.name }}
+  template:
+    metadata:
+      labels:
+        app: {{ .Values.modsec_server.name }} 
+    spec:
+      containers:
+        - resources:
+            limits:
+              memory: "2Gi"
+              cpu: "1"
+            requests:
+              memory: "1Gi"
+              cpu: "0.5"
+          name: modsec
+          ports:
+            - containerPort: 8001
+              protocol: TCP
+          image: {{ .Values.modsec_server.image }}
+          imagePullPolicy: Always
+          terminationMessagePolicy: File
+          envFrom:
+            - configMapRef:
+                name: {{ .Values.modsec_server.name }}-configmap-modsec
+      restartPolicy: Always
+      terminationGracePeriodSeconds: 30
+      dnsPolicy: ClusterFirst
+      securityContext: {}
+      schedulerName: default-scheduler
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 25%
+      maxSurge: 25%
+  revisionHistoryLimit: 10
+  progressDeadlineSeconds: 600
--- a/platformQuickStarts/helm/modsec/templates/route-modsec.yml
+++ b/platformQuickStarts/helm/modsec/templates/route-modsec.yml
@ -0,0 +1,16 @@
+apiVersion: route.openshift.io/v1
+kind: Route
+metadata:
+  labels:
+    app: {{ .Values.modsec_server.name }}
+  name: {{ .Values.modsec_server.name }}-modsec
+  namespace: {{ .Values.namespace }}
+spec:
+  path: /
+  port:
+    targetPort: 8001
+  to:
+    kind: Service
+    name: {{ .Values.modsec_server.name }}-service
+    weight: 100
+  wildcardPolicy: None
--- a/platformQuickStarts/helm/modsec/templates/service.yaml
+++ b/platformQuickStarts/helm/modsec/templates/service.yaml
@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: {{ .Values.modsec_server.name }}
+  name: {{ .Values.modsec_server.name }}-service
+  namespace: {{ .Values.namespace }}
+spec:
+  ports:
+  - name: 8001-tcp
+    port: 8001
+    protocol: TCP
+    targetPort: 8001
+  selector:
+    app: {{ .Values.modsec_server.name }}
+  sessionAffinity: None