forked from juice-shop/multi-juicer
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvalues.yaml
232 lines (223 loc) · 10.7 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
# Default values for MultiJuicer.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
imagePullPolicy: IfNotPresent
nodeSelector: {}
ingress:
enabled: false
ingressClassName: nginx
annotations:
{}
# kubernetes.io/tls-acme: "true"
hosts:
- host: multi-juicer.local
paths:
- "/"
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
service:
type: ClusterIP
port: 3000
balancer:
cookie:
# SET THIS TO TRUE IF IN PRODUCTION
# Sets secure Flag in cookie
# -- Sets the secure attribute on cookie so that it only be send over https
secure: false
# -- Changes the cookies name used to identify teams. Note will automatically be prefixed with "__Secure-" when balancer.cookie.secure is set to `true`
name: balancer
# -- Set this to a fixed random alpha-numeric string (recommended length 24 chars). If not set this gets randomly generated with every helm upgrade, each rotation invalidates all active cookies / sessions requiring users to login again.
cookieParserSecret: null
repository: ghcr.io/juice-shop/multi-juicer/juice-balancer
tag: null
# -- Number of replicas of the juice-balancer deployment
replicas: 1
service:
# -- Kubernetes service type
type: ClusterIP
# -- internal cluster service IP
clusterIP: null
# -- IP address to assign to load balancer (if supported)
loadBalancerIP: null
# -- list of IP CIDRs allowed access to lb (if supported)
loadBalancerSourceRanges: null
# -- IP address to assign to load balancer (if supported)
externalIPs: null
resources:
requests:
memory: 256Mi
cpu: 400m
limits:
memory: 256Mi
cpu: 400m
# -- Optional securityContext on pod level: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#podsecuritycontext-v1-core
podSecurityContext:
runAsNonRoot: true
# -- Optional securityContext on container level: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#securitycontext-v1-core
containerSecurityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
# -- Optional Configure kubernetes scheduling affinity for the created JuiceShops (see: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity)
affinity: {}
# -- Optional Configure kubernetes toleration for the created JuiceShops (see: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
tolerations: []
# -- If set to true this skips setting ownerReferences on the teams JuiceShop Deployment and Services. This lets MultiJuicer run in older kubernetes cluster which don't support the reference type or the app/v1 deployment type
skipOwnerReference: false
pod:
# -- Optional Additional annotations for the balancer pods.
annotations: {}
# -- Optional Additional labels for the balancer pods.
labels: {}
metrics:
# -- enables prometheus metrics for the balancer. If set to true you should change the prometheus-scraper password
enabled: true
dashboards:
# -- if true, creates a Grafana Dashboard Config Map. (also requires metrics.enabled to be true). These will automatically be imported by Grafana when using the Grafana helm chart, see: https://github.com/helm/charts/tree/main/stable/grafana#sidecar-for-dashboards
enabled: false
serviceMonitor:
# -- If true, creates a Prometheus Operator ServiceMonitor (also requires metrics.enabled to be true). This will also deploy a servicemonitor which monitors metrics from the Juice Shop instances
enabled: false
# -- Optional Allows to add additional labels to the service monitor. The Prometheus Operator can be adjusted to look for specific labels in ServiceMonitors.
# -- If you use the kube-prometheus-stack helm chart, the default label looked for is `release=<kube-prometheus-release-name>
labels: {}
basicAuth:
username: prometheus-scraper
# -- Should be changed when metrics are enabled.
password: ERzCT4pwBDxfCKRGmfrMa8KQ8sXf8GKy
juiceShop:
# -- Specifies how many JuiceShop instances MultiJuicer should start at max. Set to -1 to remove the max Juice Shop instance cap
maxInstances: 10
# -- Juice Shop Image to use
image: bkimminich/juice-shop
tag: v16.0.0
# -- Change the key when hosting a CTF event. This key gets used to generate the challenge flags. See: https://pwning.owasp-juice.shop/companion-guide/latest/part4/ctf.html#_overriding_the_ctf_key
ctfKey: "[email protected]!9uR_K!NfkkTr"
# -- Specify a custom Juice Shop config.yaml. See the JuiceShop Config Docs for more detail: https://pwning.owasp-juice.shop/companion-guide/latest/part4/customization.html#_yaml_configuration_file
# @default -- See values.yaml for full details
config: |
application:
logo: https://raw.githubusercontent.com/juice-shop/multi-juicer/main/images/multijuicer-icon-only-padding.png
favicon: https://raw.githubusercontent.com/juice-shop/multi-juicer/main/juice-balancer/ui/public/favicon.ico
showVersionNumber: false
showGitHubLinks: false
challenges:
showHints: true
hackingInstructor:
isEnabled: true
ctf:
showFlagsInNotifications: false
# -- Specify a custom NODE_ENV for JuiceShop. If value is changed to something other than 'multi-juicer' it's not possible to set a custom config via `juiceShop.config`.
nodeEnv: "multi-juicer"
# -- Optional resources definitions to set for each JuiceShop instance
resources:
requests:
cpu: 150m
memory: 300Mi
# limits:
# cpu: 100m
# memory: 200Mi
# -- Optional securityContext on pod level: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#podsecuritycontext-v1-core
podSecurityContext:
runAsNonRoot: true
# -- Optional securityContext on container level: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#securitycontext-v1-core
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
# -- Optional environment variables to set for each JuiceShop instance (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/)
env: []
# env:
# - name: FOO
# valueFrom:
# secretKeyRef:
# key: FOO
# name: secret-resource
# -- Optional mount environment variables from configMaps or secrets (see: https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/#configure-all-key-value-pairs-in-a-secret-as-container-environment-variables)
envFrom: []
# -- Optional Volumes to set for each JuiceShop instance (see: https://kubernetes.io/docs/concepts/storage/volumes/)
volumes: []
# create config map with a custom logo via: kubectl create configmap custom-logo --from-file custom.png=your-logo.png
# then switch out the logo parameter in the juice-shop config section above to the mounted filename.
# volumes:
# - name: logo
# configMap:
# name: custom-logo
# -- Optional VolumeMounts to set for each JuiceShop instance (see: https://kubernetes.io/docs/concepts/storage/volumes/)
volumeMounts: []
# volumeMounts:
# - name: logo
# mountPath: /juice-shop/frontend/dist/frontend/assets/public/images/custom.png
# subPath: custom.png
# readOnly: true
# -- Optional Configure kubernetes scheduling affinity for the created JuiceShops (see: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity)
affinity: {}
# -- Optional Configure kubernetes toleration for the created JuiceShops (see: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
tolerations: []
pod:
# -- Optional Additional annotations for the Juice Shop pods.
annotations: {}
# -- Optional Additional labels for the Juice Shop pods.
labels: {}
# -- Optional Can be used to configure the runtime class for the JuiceShop pods to add an additional layer of isolation to reduce the impact of potential container escapes. (see: https://kubernetes.io/docs/concepts/containers/runtime-class/)
runtimeClassName: null
# Collects JuiceShop progress and sends and backs it up to the related kubernetes deployment
progressWatchdog:
repository: ghcr.io/juice-shop/multi-juicer/progress-watchdog
tag: null
resources:
requests:
memory: 48Mi
cpu: 20m
limits:
memory: 48Mi
cpu: 20m
# -- Optional securityContext on pod level: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#podsecuritycontext-v1-core
podSecurityContext:
runAsNonRoot: true
# -- Optional securityContext on container level: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#securitycontext-v1-core
containerSecurityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
# -- Optional Configure kubernetes scheduling affinity for the ProgressWatchdog (see: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity)
affinity: {}
# -- Optional Configure kubernetes toleration for the ProgressWatchdog (see: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
tolerations: []
# Deletes unused JuiceShop instances after a configurable period of inactivity
juiceShopCleanup:
repository: ghcr.io/juice-shop/multi-juicer/cleaner
tag: null
enabled: true
# -- Specifies when Juice Shop instances will be deleted when unused for that period.
gracePeriod: 1d
# -- Cron in which the clean up job is run. Defaults to once in an hour. Change this if your grace period if shorter than 1 hour
cron: "0 * * * *"
successfulJobsHistoryLimit: 1
failedJobsHistoryLimit: 1
resources:
requests:
memory: 256Mi
limits:
memory: 256Mi
# -- Optional securityContext on pod level: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#podsecuritycontext-v1-core
podSecurityContext:
runAsNonRoot: true
# -- Optional securityContext on container level: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#securitycontext-v1-core
containerSecurityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
# -- Optional Configure kubernetes scheduling affinity for the JuiceShopCleanup Job(see: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity)
affinity: {}
# -- Optional Configure kubernetes toleration for the JuiceShopCleanup Job (see: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
tolerations: []