From 7522f5cb2f79cb83efad979702b40073d052affd Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Wed, 6 Mar 2024 09:50:18 +0100 Subject: [PATCH 1/3] Release 1.8.4 --- helm/wrongsecrets-ctf-party/Chart.yaml | 4 ++-- helm/wrongsecrets-ctf-party/README.md | 6 +++--- helm/wrongsecrets-ctf-party/values.yaml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/helm/wrongsecrets-ctf-party/Chart.yaml b/helm/wrongsecrets-ctf-party/Chart.yaml index a23eb3424..7e188cca9 100644 --- a/helm/wrongsecrets-ctf-party/Chart.yaml +++ b/helm/wrongsecrets-ctf-party/Chart.yaml @@ -28,11 +28,11 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 1.8.3 +version: 1.8.4 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: 1.8.3 +appVersion: 1.8.4 dependencies: - name: kube-prometheus-stack diff --git a/helm/wrongsecrets-ctf-party/README.md b/helm/wrongsecrets-ctf-party/README.md index cacb92d06..937963826 100644 --- a/helm/wrongsecrets-ctf-party/README.md +++ b/helm/wrongsecrets-ctf-party/README.md @@ -41,7 +41,7 @@ To uninstall the chart: helm delete my-wrongsecrets-ctf-party # wrongsecrets-ctf-party -![Version: 1.8.3](https://img.shields.io/badge/Version-1.8.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.8.3](https://img.shields.io/badge/AppVersion-1.8.3-informational?style=flat-square) +![Version: 1.8.4](https://img.shields.io/badge/Version-1.8.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.8.4](https://img.shields.io/badge/AppVersion-1.8.4-informational?style=flat-square) Run Multi User "Capture the Flags" or Security Trainings with OWASP Wrongsecrets @@ -116,7 +116,7 @@ Run Multi User "Capture the Flags" or Security Trainings with OWASP Wrongsecrets | balancer.service.loadBalancerSourceRanges | string | `nil` | list of IP CIDRs allowed access to lb (if supported) | | balancer.service.type | string | `"ClusterIP"` | Kubernetes service type | | balancer.skipOwnerReference | bool | `false` | If set to true this skips setting ownerReferences on the teams wrongsecrets Deployment and Services. This lets MultiJuicer run in older kubernetes cluster which don't support the reference type or the app/v1 deployment type | -| balancer.tag | string | `"1.8.3cloud"` | | +| balancer.tag | string | `"1.8.4cloud"` | | | balancer.tolerations | list | `[]` | Optional Configure kubernetes toleration for the created wrongsecrets instances (see: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) | | balancer.volumeMounts[0] | object | `{"mountPath":"/home/app/config/","name":"config-volume"}` | If true, creates a volumeMount for the created pods. This is required for the podSecurityPolicy to work | | balancer.volumes[0] | object | `{"configMap":{"name":"wrongsecrets-balancer-config"},"name":"config-volume"}` | If true, creates a volume for the created pods. This is required for the podSecurityPolicy to work | @@ -216,4 +216,4 @@ Run Multi User "Capture the Flags" or Security Trainings with OWASP Wrongsecrets | wrongsecretsCleanup.tolerations | list | `[]` | Optional Configure kubernetes toleration for the wrongsecretsCleanup Job (see: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1) diff --git a/helm/wrongsecrets-ctf-party/values.yaml b/helm/wrongsecrets-ctf-party/values.yaml index e64602e6a..b00f6f852 100644 --- a/helm/wrongsecrets-ctf-party/values.yaml +++ b/helm/wrongsecrets-ctf-party/values.yaml @@ -40,7 +40,7 @@ balancer: # -- Set this to a fixed random alpa-numeric string (recommended length 24 chars). If not set this get randomly generated with every helm upgrade, each rotation invalidates all active cookies / sessions requirering users to login again. cookieParserSecret: null repository: jeroenwillemsen/wrongsecrets-balancer - tag: 1.8.3cloud + tag: 1.8.4cloud # -- Number of replicas of the wrongsecrets-balancer deployment. Changing this in a commit? PLEASE UPDATE THE GITHUB WORKLFOWS THEN!(NUMBER OF "TRUE") replicas: 2 # -- Port to expose on the balancer pods which the container listens on From a6340ea4d737781bd63a200b03a32f70f85a6a5c Mon Sep 17 00:00:00 2001 From: "pre-commit-ci-lite[bot]" <117423508+pre-commit-ci-lite[bot]@users.noreply.github.com> Date: Wed, 6 Mar 2024 08:51:48 +0000 Subject: [PATCH 2/3] [pre-commit.ci lite] apply automatic fixes --- helm/wrongsecrets-ctf-party/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/wrongsecrets-ctf-party/README.md b/helm/wrongsecrets-ctf-party/README.md index 937963826..2b708110a 100644 --- a/helm/wrongsecrets-ctf-party/README.md +++ b/helm/wrongsecrets-ctf-party/README.md @@ -216,4 +216,4 @@ Run Multi User "Capture the Flags" or Security Trainings with OWASP Wrongsecrets | wrongsecretsCleanup.tolerations | list | `[]` | Optional Configure kubernetes toleration for the wrongsecretsCleanup Job (see: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) From ea736d2526dc7c32145e12ef5732b1435b72b6a1 Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Wed, 6 Mar 2024 09:58:44 +0100 Subject: [PATCH 3/3] Add container WF for minikube --- .github/workflows/minikube-k8s-test.yml | 29 +++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/.github/workflows/minikube-k8s-test.yml b/.github/workflows/minikube-k8s-test.yml index effbfc8a8..d5081a33a 100644 --- a/.github/workflows/minikube-k8s-test.yml +++ b/.github/workflows/minikube-k8s-test.yml @@ -14,8 +14,8 @@ permissions: contents: read # A workflow run is made up of one or more jobs that can run sequentially or in parallel jobs: - test-minikube: - name: Test with minikube + test-minikube-build: + name: Test with minikube (build) runs-on: ubuntu-latest # Steps represent a sequence of tasks that will be executed as part of the job steps: @@ -39,3 +39,28 @@ jobs: curl http://localhost:3000/balancer/ echo "logs from pod to make sure:" cat pod.log + test-minikube-containers: + name: Test with minikube (containers) + runs-on: ubuntu-latest + # Steps represent a sequence of tasks that will be executed as part of the job + steps: + - uses: actions/checkout@v4 + - name: Start minikube + uses: medyagh/setup-minikube@master + with: + minikube-version: 1.31.2 + driver: docker + kubernetes-version: v1.28.1 + - name: test script + run: | + eval $(minikube docker-env) + ./build-and-deploy-container.sh + while [[ $(kubectl get pods -l app=wrongsecrets-balancer -o 'jsonpath={..status.conditions[?(@.type=="Ready")].status}') != *"True"* ]]; do echo "waiting for wrongsecrets-balancer" && sleep 2; done + kubectl logs deployments/wrongsecrets-balancer -f >> pod.log & + echo "port forwarding" + kubectl port-forward service/wrongsecrets-balancer 3000:3000 & + echo "Awaiting the first forward to be ready" + sleep 10 + curl http://localhost:3000/balancer/ + echo "logs from pod to make sure:" + cat pod.log