forked from juice-shop/multi-juicer
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvalues.yaml
185 lines (176 loc) · 8.27 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
# Default values for MultiJuicer.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
imagePullPolicy: Always
nodeSelector: {}
ingress:
enabled: false
annotations:
{}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: multi-juicer.local
paths:
- "/"
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
service:
type: ClusterIP
port: 3000
balancer:
cookie:
# SET THIS TO TRUE IF IN PRODUCTION
# Sets secure Flag in cookie
# -- Sets the secure attribute on cookie so that it only be send over https
secure: false
# -- Changes the cookies name used to identify teams. Note will automatically be prefixed with "__Secure-" when balancer.cookie.secure is set to `true`
name: balancer
# -- Set this to a fixed random alpa-numeric string (recommended length 24 chars). If not set this get randomly generated with every helm upgrade, each rotation invalidates all active cookies / sessions requirering users to login again.
cookieParserSecret: null
repository: iteratec/juice-balancer
tag: null
# -- Number of replicas of the juice-balancer deployment
replicas: 1
service:
# -- Kubernetes service type
type: ClusterIP
# -- internal cluster service IP
clusterIP: null
# -- IP address to assign to load balancer (if supported)
loadBalancerIP: null
# -- list of IP CIDRs allowed access to lb (if supported)
loadBalancerSourceRanges: null
# -- IP address to assign to load balancer (if supported)
externalIPs: null
resources:
requests:
memory: 256Mi
cpu: 400m
limits:
memory: 256Mi
cpu: 400m
securityContext: {}
# -- Optional Configure kubernetes scheduling affinity for the created JuiceShops (see: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity)
affinity: {}
# -- Optional Configure kubernetes toleration for the created JuiceShops (see: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
tolerations: []
# -- If set to true this skips setting ownerReferences on the teams JuiceShop Deployment and Services. This lets MultiJuicer run in older kubernetes cluster which don't support the reference type or the app/v1 deployment type
skipOwnerReference: false
metrics:
# -- enables prometheus metrics for the balancer. If set to true you should change the prometheus-scraper password
enabled: true
dashboards:
# -- if true, creates a Grafana Dashboard Config Map. (also requires metrics.enabled to be true). These will automatically be imported by Grafana when using the Grafana helm chart, see: https://github.com/helm/charts/tree/master/stable/grafana#sidecar-for-dashboards
enabled: false
serviceMonitor:
# -- If true, creates a Prometheus Operator ServiceMonitor (also requires metrics.enabled to be true). This will also deploy a servicemonitor which monitors metrics from the Juice Shop instances
enabled: false
basicAuth:
username: prometheus-scraper
# -- Should be changed when metrics are enabled.
password: ERzCT4pwBDxfCKRGmfrMa8KQ8sXf8GKy
juiceShop:
# -- Specifies how many JuiceShop instances MultiJuicer should start at max. Set to -1 to remove the max Juice Shop instance cap
maxInstances: 10
# -- Juice Shop Image to use
image: bkimminich/juice-shop
tag: v14.0.0
# -- Change the key when hosting a CTF event. This key gets used to generate the challenge flags. See: https://pwning.owasp-juice.shop/part1/ctf.html#overriding-the-ctfkey
ctfKey: "[email protected]!9uR_K!NfkkTr"
# -- Specify a custom Juice Shop config.yaml. See the JuiceShop Config Docs for more detail: https://pwning.owasp-juice.shop/part1/customization.html#yaml-configuration-file
# @default -- See values.yaml for full details
config: |
application:
logo: https://raw.githubusercontent.com/iteratec/multi-juicer/master/images/multijuicer-icon-only-padding.png
favicon: https://raw.githubusercontent.com/iteratec/multi-juicer/master/juice-balancer/ui/public/favicon.ico
showVersionNumber: false
showGitHubLinks: false
challenges:
showHints: true
hackingInstructor:
isEnabled: true
ctf:
showFlagsInNotifications: false
# -- Specify a custom NODE_ENV for JuiceShop. If value is changed to something other than 'multi-juicer' it's not possible to set a custom config via `juiceShop.config`.
nodeEnv: "multi-juicer"
# -- Optional resources definitions to set for each JuiceShop instance
resources:
requests:
cpu: 150m
memory: 200Mi
# limits:
# cpu: 100m
# memory: 200Mi
# -- Optional securityContext definitions to set for each JuiceShop instance
securityContext: {}
# -- Optional environment variables to set for each JuiceShop instance (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/)
env: []
# env:
# - name: FOO
# valueFrom:
# secretKeyRef:
# key: FOO
# name: secret-resource
# -- Optional mount environment variables from configMaps or secrets (see: https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/#configure-all-key-value-pairs-in-a-secret-as-container-environment-variables)
envFrom: []
# -- Optional Volumes to set for each JuiceShop instance (see: https://kubernetes.io/docs/concepts/storage/volumes/)
volumes: []
# create config map with a custom logo via: kubectl create configmap custom-logo --from-file custom.png=your-logo.png
# then switch out the logo parameter in the juice-shop config section above to the mounted filename.
# volumes:
# - name: logo
# configMap:
# name: custom-logo
# -- Optional VolumeMounts to set for each JuiceShop instance (see: https://kubernetes.io/docs/concepts/storage/volumes/)
volumeMounts: []
# volumeMounts:
# - name: logo
# mountPath: /juice-shop/frontend/dist/frontend/assets/public/images/custom.png
# subPath: custom.png
# readOnly: true
# -- Optional Configure kubernetes scheduling affinity for the created JuiceShops (see: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity)
affinity: {}
# -- Optional Configure kubernetes toleration for the created JuiceShops (see: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
tolerations: []
# -- Optional Can be used to configure the runtime class for the JuiceShop pods to add an additional layer of isolation to reduce the impact of potential container escapes. (see: https://kubernetes.io/docs/concepts/containers/runtime-class/)
runtimeClassName: null
# Deletes unused JuiceShop instances after a configurable period of inactivity
progressWatchdog:
repository: iteratec/progress-watchdog
tag: null
resources:
requests:
memory: 48Mi
cpu: 20m
limits:
memory: 48Mi
cpu: 20m
securityContext: {}
# -- Optional Configure kubernetes scheduling affinity for the ProgressWatchdog (see: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity)
affinity: {}
# -- Optional Configure kubernetes toleration for the ProgressWatchdog (see: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
tolerations: []
# Deletes unused JuiceShop instances after a configurable period of inactivity
juiceShopCleanup:
repository: iteratec/cleaner
tag: null
enabled: true
# -- Specifies when Juice Shop instances will be deleted when unused for that period.
gracePeriod: 1d
# -- Cron in which the clean up job is run. Defaults to once in an hour. Change this if your grace period if shorter than 1 hour
cron: "0 * * * *"
successfulJobsHistoryLimit: 1
failedJobsHistoryLimit: 1
resources:
requests:
memory: 256Mi
limits:
memory: 256Mi
securityContext: {}
# -- Optional Configure kubernetes scheduling affinity for the JuiceShopCleanup Job(see: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity)
affinity: {}
# -- Optional Configure kubernetes toleration for the JuiceShopCleanup Job (see: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
tolerations: []