From 4018212304b7b9d20387646e197a764e858a67e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Zubcevic?= Date: Thu, 23 Dec 2021 12:18:44 +0100 Subject: [PATCH] tested and verified version on CRC --- platformQuickStarts/helm/Readme.md | 50 +++++++++++++------ .../helm/webgoat/templates/deployment.yaml | 21 ++++++-- 2 files changed, 54 insertions(+), 17 deletions(-) diff --git a/platformQuickStarts/helm/Readme.md b/platformQuickStarts/helm/Readme.md index 30463d139..4dabb89b5 100644 --- a/platformQuickStarts/helm/Readme.md +++ b/platformQuickStarts/helm/Readme.md @@ -1,21 +1,43 @@ -# Helm chart deployment on K8s clusters +# Helm chart deployment on OpenShift K8S clusters -## install on local Docker Desktop with Kubernetes +This helm chart can be used on a OpenShift Code Ready Container environment or an OpenShift Cloud Container environment. -### ClusterIP +With the OpenShift CRC (Code Ready Container) cluster you run an entire environment on your local machine. (> 4 vCPU, >8GB mem) - helm install "mytest" ./webgoat - helm install "mytest" --debug ./webgoat - export POD_NAME=$(kubectl get pods --namespace default -l "app.kubernetes.io/name=webgoat,app.kubernetes.io/instance=mytest" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace default $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") - echo $CONTAINER_PORT - kubectl --namespace default port-forward $POD_NAME 8080:$CONTAINER_PORT - echo $POD_NAME +See the Red Hat documentation for general understanding of OpenShift. Make sure helm is installed as well. +## CRC commands -### uninstall + crc config set cpus 6 + crc config set memory 12288 + crc setup + crc start + eval $(crc oc-env) + oc login -u developer https://api.crc.testing:6443 + oc new-project demo-project - helm uninstall "mytest" +The example without modification uses *demo-project* as the project/namespace for installing WebGoat and WebWolf. -## install NodePort - helm install "mytest" --debug ./webgoat --set service.type=NodePort +## Helm install this example on your local Code Ready Container environment + + helm install goat1 ./webgoat + +## uninstall + + helm uninstall goat1 + +The URL on a Code Ready Container is build from router name + namespace + default extension .apps-crc.testing: + ++ [https://webgoat-1-goat-demo-project.apps-crc.testing/WebGoat](https://webgoat-1-goat-demo-project.apps-crc.testing/WebGoat) ++ [http://webwolf-1-wolf-demo-project.apps-crc.testing/WebWolf](http://webwolf-1-wolf-demo-project.apps-crc.testing/WebWolf) + +## Explanation + +deployment.yaml contains two K8S deployment elements. Both use the same Persistent Volume Claim and use the same Volume mapping. +They both use the same image but with other entrypoint and command arguments. The java.io.dir is also mapped to this persistent volume mapping. The number of pods is 1 for both WebGoat and WebWolf. WebGoat uses the WEBWOLF_HOST parameter to know where the external address of WebWolf is defined. WebWolf uses WEBGOAT_HOST to define the internal service address to WebGoat for connecting to the HSQL database + +persistent-storage-claim.yaml contains the OpenShift K8S extension for requestig a volume with Read-Write access that will survive any pod replacements. + +service.yaml defines the service ports for both WebGoat and WebWolf + +route-goat defines an https endpoint toward the 8080 port. route-wolf defines an http port towards the 9090 port. diff --git a/platformQuickStarts/helm/webgoat/templates/deployment.yaml b/platformQuickStarts/helm/webgoat/templates/deployment.yaml index c20286ba5..f98822c03 100644 --- a/platformQuickStarts/helm/webgoat/templates/deployment.yaml +++ b/platformQuickStarts/helm/webgoat/templates/deployment.yaml @@ -47,8 +47,19 @@ spec: image: {{ .Values.webgoat_server.image }} command: - 'java' - args: ["-Duser.home=/home/webgoat","-Dfile.encoding=UTF-8","-jar","/home/webgoat/webgoat.jar","--server.address=0.0.0.0"] - # - '--add-opens java.base/java.lang=ALL-UNNAMED --add-opens java.base/java.util=ALL-UNNAMED --add-opens java.base/java.lang.reflect=ALL-UNNAMED --add-opens java.base/java.text=ALL-UNNAMED --add-opens java.desktop/java.beans=ALL-UNNAMED --add-opens java.desktop/java.awt.font=ALL-UNNAMED --add-opens java.base/sun.nio.ch=ALL-UNNAMED --add-opens java.base/java.io=ALL-UNNAMED -Duser.home=/home/webgoat -Dfile.encoding=UTF-8 -jar /home/webgoat/webgoat.jar --server.address=0.0.0.0' + args: ["-Duser.home=/home/webgoat", + "--add-opens","java.base/java.lang=ALL-UNNAMED", + "--add-opens","java.base/java.util=ALL-UNNAMED", + "--add-opens","java.base/java.lang.reflect=ALL-UNNAMED", + "--add-opens","java.base/java.text=ALL-UNNAMED", + "--add-opens","java.desktop/java.beans=ALL-UNNAMED", + "--add-opens","java.desktop/java.awt.font=ALL-UNNAMED", + "--add-opens","java.base/sun.nio.ch=ALL-UNNAMED", + "--add-opens","java.base/java.io=ALL-UNNAMED", + "-Djava.io.tmpdir=/home/webgoat/.webgoat-8.2.3-SNAPSHOT", + "-Dfile.encoding=UTF-8", + "-jar","/home/webgoat/webgoat.jar", + "--server.address=0.0.0.0"] imagePullPolicy: Always volumeMounts: - name: webgoat-volume-1 @@ -121,7 +132,11 @@ spec: image: {{ .Values.webwolf_server.image }} command: - 'java' - args: ["-Duser.home=/home/webgoat","-Dfile.encoding=UTF-8","-jar","/home/webgoat/webwolf.jar","--server.address=0.0.0.0"] + args: ["-Duser.home=/home/webgoat", + "-Djava.io.tmpdir=/home/webgoat/.webgoat-8.2.3-SNAPSHOT", + "-Dfile.encoding=UTF-8", + "-jar","/home/webgoat/webwolf.jar", + "--server.address=0.0.0.0"] imagePullPolicy: Always volumeMounts: - name: webgoat-volume-1