Skip to content

Commit

Permalink
k8s: my current state of work
Browse files Browse the repository at this point in the history 
This commits my current progress in re-creating the docker-compose
pipeline for PeekabooAV in Kubernetes.

That includes deployments, services, and hard-coded config files for
each step in the pipeline, modeled after what was done in the
[pipeline](/sett17/peekabooav-installer/tree/pipeline).

The yamls for cortex, and the set-up job, are included, although cortex
does currently not work inside of Kubernetes, due to the missing docker
runner. There is an open [PR](/TheHive-Project/Cortex/pull/349) and
corresponding issue.

Except for above mentioned cortex, the pipeline is fully functional.
Meaning one can send an email to the postfix_tx deployment, which is
then sent to the postfix_rx deployment and then processed by rspamd and
Peekaboo.

This was tested and developed with microk8s and a single node.
  • Loading branch information
@Sett17
Sett17 committed Mar 16, 2022
1 parent 1b69fff commit e5d19bc
Show file tree
Hide file tree
Showing 9 changed files with 767 additions and 0 deletions.
150 changes: 150 additions & 0 deletions k8s/cortex_own.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,150 @@
apiVersion: v1
kind: Service
metadata:
name: cortex
namespace: peekabooav-pipeline
spec:
selector:
app: cortex
sessionAffinity: None
type: NodePort
ports:
- name: cortex
port: 9001
protocol: TCP
targetPort: 9001
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: cortex
namespace: peekabooav-pipeline
labels:
app: cortex
spec:
replicas: 1
selector:
matchLabels:
app: cortex
template:
metadata:
labels:
app: cortex
spec:
containers:
- name: cortex
image: thehiveproject/cortex:3.1.4
volumeMounts:
- name: application
mountPath: /etc/cortex/application.conf
subPath: application.conf
- name: analyzers
mountPath: /etc/cortex/analyzers.json
subPath: analyzers.json
env:
- name: CORTEX_ADMIN_PASSWORD
value: dikka
- name: analyzer_urls
value: /etc/cortex/analyzers.json
ports:
- containerPort: 9001
name: cortex
protocol: TCP
dnsPolicy: ClusterFirst
volumes:
- name: application
configMap:
name: cortex-application-conf
- name: analyzers
configMap:
name: cortex-analyzers-json
---
apiVersion: v1
kind: ConfigMap
metadata:
name: cortex-application-conf
namespace: peekabooav-pipeline
selfLink: /api/v1/namespaces/peekabooav-pipeline/configmaps/cortex-application-conf
data:
application.conf: |
auth.method.basic=true
---
apiVersion: v1
kind: ConfigMap
metadata:
name: cortex-analyzers-json
namespace: peekabooav-pipeline
selfLink: /api/v1/namespaces/peekabooav-pipeline/configmaps/cortex-analyzers-json
data:
analyzers.json: |
[
{
"name": "FileInfo",
"version": "8.0",
"author": "TheHive-Project",
"url": "https://github.com/TheHive-Project/Cortex-Analyzers",
"license": "AGPL-V3",
"description": "Parse files in several formats such as OLE and OpenXML to detect VBA macros, extract their source code, generate useful information on PE, PDF files...",
"dataTypeList": ["file"],
"baseConfig": "FileInfo",
"configurationItems": [
{
"name": "manalyze_enable",
"description": "Wether to enable manalyze submodule or not.",
"type": "boolean",
"required": true,
"multi": false,
"defaultValue": false
},
{
"name": "manalyze_enable_docker",
"description": "Use docker to run Manalyze. Can be used only if not using the docker image of FileInfo",
"type": "boolean",
"required": false,
"multi": false,
"defaultValue": false
},
{
"name": "manalyze_enable_binary",
"description": "Use local binary to run Manalyze. Need to compile it before!",
"type": "boolean",
"required": false,
"multi": false,
"defaultValue": true
},
{
"name": "manalyze_binary_path",
"description": "Path to the Manalyze binary that was compiled before. Keep the default value if using the docker image of FileInfo ",
"type": "string",
"required": false,
"multi": false,
"defaultValue": "/worker/Manalyze/bin/manalyze"
},
{
"name": "floss_enable",
"description": "Enable the use of FireEye FLARE FLOSS",
"type": "boolean",
"required": false,
"multi": false,
"default": false
},
{
"name": "floss_binary_path",
"description": "Path to the FLOSS binary.",
"type": "string",
"required": false,
"multi": false,
"default": "/usr/bin/floss"
},
{
"name": "floss_minimal_string_length",
"description": "Length of strings must be in order to be considered.",
"type": "number",
"required": false,
"multi": false,
"default": 4
}
],
"dockerImage": "cortexneurons/fileinfo:8"
}
]
49 changes: 49 additions & 0 deletions k8s/cortex_setup.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
# apiVersion: apps/v1
# kind: Deployment
# metadata:
# name: cortex-setup
# namespace: peekabooav-pipeline
# labels:
# app: cortex-setup
# spec:
# replicas: 1
# selector:
# matchLabels:
# app: cortex-setup
# template:
# metadata:
# labels:
# app: cortex-setup
# spec:
# containers:
# - name: cortex-setup
# image: peekabooav_cortex_setup:local
# env:
# - name: ELASTIC_URL
# value: elasticsearch:9200
# - name: CORTEX_URL
# value: cortex:9001
# - name: PEEKABOO_CORTEX_API_TOKEN
# value: dikka
# dnsPolicy: ClusterFirst
apiVersion: batch/v1
kind: Job
metadata:
name: cortex-setup
namespace: peekabooav-pipeline
spec:
template:
spec:
containers:
- name: cortex-setup
image: peekabooav_cortex_setup:local
env:
- name: ELASTIC_URL
value: elasticsearch:9200
- name: CORTEX_URL
value: cortex:9001
- name: PEEKABOO_CORTEX_API_TOKEN
value: dikka
- name: CORTEX_ADMIN_PASSWORD
value: dikka
restartPolicy: Never
56 changes: 56 additions & 0 deletions k8s/elassticsearch.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
apiVersion: v1
kind: Service
metadata:
name: elasticsearch
namespace: peekabooav-pipeline
spec:
selector:
app: elasticsearch
sessionAffinity: None
type: NodePort
ports:
- name: elasticsearch
port: 9200
protocol: TCP
targetPort: 9200
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: elasticsearch
namespace: peekabooav-pipeline
labels:
app: elasticsearch
spec:
replicas: 1
selector:
matchLabels:
app: elasticsearch
template:
metadata:
labels:
app: elasticsearch
spec:
containers:
- name: elasticsearch
image: elasticsearch:7.16.2
env:
- name: http.host
value: "0.0.0.0"
- name: discovery.type
value: single-node
- name: script.allowed_types
value: inline
- name: thread_pool.search.queue_size
value: "100000"
- name: thread_pool.write.queue_size
value: "10000"
- name: ES_HEAP_SIZE
value: 1g
- name: xpack.security.enabled
value: "false"
- name: cluster.routing.allocation.disk.watermark.flood_stage
value: 99%
- name: TAKE_FILE_OWNERSHIP
value: "1"
dnsPolicy: ClusterFirst
57 changes: 57 additions & 0 deletions k8s/mariadb.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
apiVersion: v1
kind: Service
metadata:
name: mariadb
namespace: peekabooav-pipeline
spec:
selector:
app: mariadb
sessionAffinity: None
type: NodePort
ports:
- name: mariadb
port: 3306
protocol: TCP
targetPort: 3306
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mariadb
namespace: peekabooav-pipeline
labels:
app: mariadb
type: database
spec:
replicas: 1
selector:
matchLabels:
app: mariadb
template:
metadata:
labels:
app: mariadb
type: database
spec:
containers:
- name: mariadb
image: mariadb:10.3
readinessProbe:
exec:
command:
- /usr/bin/mysql
- --user=peekaboo
- --password=peekaboo
- --execute
- "SHOW DATABASES;"
initialDelaySeconds: 5
periodSeconds: 5
env:
- name: MARIADB_RANDOM_ROOT_PASSWORD
value: "true"
- name: MARIADB_DATABASE
value: peekaboo
- name: MARIADB_USER
value: peekaboo
- name: MARIADB_PASSWORD
value: peekaboo
Loading

0 comments on commit e5d19bc

Please sign in to comment.