Skip to content

Commit

Permalink
feat: initial release
Browse files Browse the repository at this point in the history
  • Loading branch information
@ialejandro
ialejandro committed Aug 16, 2024
1 parent d27bcc6 commit bc0d82b
Show file tree
Hide file tree
Showing 28 changed files with 1,966 additions and 0 deletions.
23 changes: 23 additions & 0 deletions charts/openbas/.helmignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
28 changes: 28 additions & 0 deletions charts/openbas/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
apiVersion: v2
name: openbas
description: A Helm chart to deploy Open Breach and Attack Simulation platform
type: application
maintainers:
- name: ialejandro
email: [email protected]
url: https://ialejandro.rocks
sources:
- https://github.com/OpenBAS-Platform/openbas
version: 1.0.0
appVersion: 1.4.0
home: https://www.filigran.io/en/solutions/products/openbas/
keywords:
- openbas
dependencies:
- name: minio
version: 14.6.32
repository: oci://registry-1.docker.io/bitnamicharts
condition: minio.enabled
- name: postgresql
version: 15.5.21
repository: oci://registry-1.docker.io/bitnamicharts
condition: postgresql.enabled
- name: rabbitmq
version: 14.6.6
repository: oci://registry-1.docker.io/bitnamicharts
condition: rabbitmq.enabled
108 changes: 108 additions & 0 deletions charts/openbas/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,108 @@
# openbas

![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.0](https://img.shields.io/badge/AppVersion-1.4.0-informational?style=flat-square)

A Helm chart to deploy Open Breach and Attack Simulation platform

**Homepage:** <https://www.filigran.io/en/solutions/products/openbas/>

## Maintainers

| Name | Email | Url |
| ---- | ------ | --- |
| ialejandro | <[email protected]> | <https://ialejandro.rocks> |

## Source Code

* <https://github.com/OpenBAS-Platform/openbas>

## Requirements

| Repository | Name | Version |
|------------|------|---------|
| oci://registry-1.docker.io/bitnamicharts | minio | 14.6.32 |
| oci://registry-1.docker.io/bitnamicharts | postgresql | 15.5.21 |
| oci://registry-1.docker.io/bitnamicharts | rabbitmq | 14.6.6 |

## Values

| Key | Type | Default | Description |
|-----|------|---------|-------------|
| affinity | object | `{}` | Affinity for pod assignment |
| autoscaling | object | `{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80}` | Autoscaling with CPU or memory utilization percentage |
| caldera | object | `{"affinity":{},"autoscaling":{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80},"config":{},"enabled":true,"env":{},"envFromSecrets":{},"image":{"pullPolicy":"IfNotPresent","repository":"openbas/caldera-server","tag":"5.0.0"},"ingress":{"annotations":{},"className":"","enabled":false,"hosts":[{"host":"chart-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]},"nodeSelector":{},"replicaCount":1,"resources":{},"service":{"port":8888,"targetPort":8888,"type":"ClusterIP"},"tolerations":[]}` | OpenBAS caldera-server deployment configuration |
| caldera.affinity | object | `{}` | Affinity for pod assignment |
| caldera.autoscaling | object | `{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80}` | Autoscaling with CPU or memory utilization percentage |
| caldera.config | object | `{}` | Caldera configuration Ref: https://github.com/OpenBAS-Platform/docker/blob/master/caldera.yml |
| caldera.env | object | `{}` | Environment variables to configure application Ref: https://docs.openbas.io/latest/deployment/configuration/#platform |
| caldera.envFromSecrets | object | `{}` | Secrets from variables |
| caldera.image | object | `{"pullPolicy":"IfNotPresent","repository":"openbas/caldera-server","tag":"5.0.0"}` | Image registry |
| caldera.ingress | object | `{"annotations":{},"className":"","enabled":false,"hosts":[{"host":"chart-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]}` | Ingress configuration to expose app |
| caldera.nodeSelector | object | `{}` | Node labels for pod assignment |
| caldera.replicaCount | int | `1` | Number of replicas |
| caldera.resources | object | `{}` | The resources limits and requested |
| caldera.service | object | `{"port":8888,"targetPort":8888,"type":"ClusterIP"}` | Kubernetes service to expose Pod |
| caldera.service.port | int | `8888` | Kubernetes Service port |
| caldera.service.targetPort | int | `8888` | Pod expose port |
| caldera.service.type | string | `"ClusterIP"` | Kubernetes Service type. Allowed values: NodePort, LoadBalancer or ClusterIP |
| caldera.tolerations | list | `[]` | Tolerations for pod assignment |
| collectorGlobalEnv | string | `nil` | Connector Global environment |
| collectors | list | `[]` | Collectors Ref: https://github.com/OpenBAS-Platform/collectors |
| env | object | `{"INJECTOR_CALDERA_API_KEY":"ChangeMe","INJECTOR_CALDERA_PUBLIC_URL":"http://release-name-caldera:8888","INJECTOR_CALDERA_URL":"http://release-name-caldera:8888","MINIO_ENDPOINT":"release-name-minio:9000","OPENBAS_ADMIN_EMAIL":"[email protected]","OPENBAS_ADMIN_PASSWORD":"ChangeMe","OPENBAS_ADMIN_TOKEN":"ChangeMe","OPENBAS_AUTH-LOCAL-ENABLE":true,"OPENBAS_BASE-URL":"http://localhost:8080","OPENBAS_RABBITMQ_HOSTNAME":"release-name-rabbitmq","OPENBAS_RABBITMQ_MANAGEMENT-PORT":15672,"OPENBAS_RABBITMQ_PASS":"ChangeMe","OPENBAS_RABBITMQ_PORT":5672,"OPENBAS_RABBITMQ_USER":"user","SERVER_ADDRESS":"0.0.0.0","SERVER_PORT":8080,"SPRING_DATASOURCE_PASSWORD":"ChangeMe","SPRING_DATASOURCE_URL":"jdbc:postgresql://release-name-postgresql:5432/openbas","SPRING_DATASOURCE_USERNAME":"user"}` | Environment variables to configure application Ref: https://docs.openbas.io/latest/deployment/configuration/#platform |
| envFromSecrets | object | `{}` | Secrets from variables |
| fullnameOverride | string | `""` | String to fully override openbas.fullname template |
| global | object | `{"imagePullSecrets":[],"imageRegistry":""}` | Global configuration |
| image | object | `{"pullPolicy":"IfNotPresent","repository":"openbas/platform","tag":""}` | Image registry |
| imagePullSecrets | list | `[]` | Global Docker registry secret names as an array |
| ingress | object | `{"annotations":{},"className":"","enabled":false,"hosts":[{"host":"chart-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]}` | Ingress configuration to expose app |
| livenessProbe | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":180,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":5}` | Configure liveness checker Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes |
| livenessProbeCustom | object | `{}` | Custom livenessProbe |
| minio | object | `{"auth":{"rootPassword":"ChangeMe","rootUser":"ChangeMe"},"enabled":true,"mode":"standalone","persistence":{"enabled":false}}` | MinIO subchart deployment Ref: https://github.com/bitnami/charts/blob/main/bitnami/minio/values.yaml |
| minio.auth.rootPassword | string | `"ChangeMe"` | Password for Minio root user |
| minio.auth.rootUser | string | `"ChangeMe"` | Minio root username |
| minio.enabled | bool | `true` | Enable or disable MinIO subchart |
| minio.mode | string | `"standalone"` | mode Minio server mode (`standalone` or `distributed`) Ref: https://docs.minio.io/docs/distributed-minio-quickstart-guide |
| minio.persistence | object | `{"enabled":false}` | Enable persistence using Persistent Volume Claims Ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ |
| minio.persistence.enabled | bool | `false` | Enable MinIO data persistence using PVC. If false, use emptyDir |
| nameOverride | string | `""` | String to partially override openbas.fullname template (will maintain the release name) |
| nodeSelector | object | `{}` | Node labels for pod assignment |
| postgresql | object | `{"auth":{"database":"openbas","password":"ChangeMe","username":"user"},"enabled":true,"persistence":{"enabled":false},"replicaCount":1}` | PostgreSQL subchart deployment Ref: https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml |
| postgresql.auth | object | `{"database":"openbas","password":"ChangeMe","username":"user"}` | PostgreSQL Authentication parameters |
| postgresql.auth.database | string | `"openbas"` | PostgreSQL application database Ref: https://github.com/bitnami/containers/tree/main/bitnami/postgresql#environment-variables |
| postgresql.auth.password | string | `"ChangeMe"` | PostgreSQL application password Ref: https://github.com/bitnami/containers/tree/main/bitnami/postgresql#environment-variables |
| postgresql.auth.username | string | `"user"` | PostgreSQL application username Ref: https://github.com/bitnami/containers/tree/main/bitnami/postgresql#environment-variables |
| postgresql.enabled | bool | `true` | Enable or disable PostgreSQL subchart |
| postgresql.persistence | object | `{"enabled":false}` | Persistence parameters |
| postgresql.persistence.enabled | bool | `false` | Enable PostgreSQL data persistence using PVC |
| postgresql.replicaCount | int | `1` | Number of PostgreSQL replicas to deploy |
| rabbitmq | object | `{"auth":{"erlangCookie":"ChangeMe","password":"ChangeMe","username":"user"},"clustering":{"enabled":false},"enabled":true,"persistence":{"enabled":false},"replicaCount":1}` | RabbitMQ subchart deployment Ref: https://github.com/bitnami/charts/blob/main/bitnami/rabbitmq/values.yaml |
| rabbitmq.auth | object | `{"erlangCookie":"ChangeMe","password":"ChangeMe","username":"user"}` | RabbitMQ Authentication parameters |
| rabbitmq.auth.password | string | `"ChangeMe"` | RabbitMQ application password Ref: https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq#environment-variables |
| rabbitmq.auth.username | string | `"user"` | RabbitMQ application username Ref: https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq#environment-variables |
| rabbitmq.clustering | object | `{"enabled":false}` | Clustering settings |
| rabbitmq.clustering.enabled | bool | `false` | Enable RabbitMQ clustering |
| rabbitmq.enabled | bool | `true` | Enable or disable RabbitMQ subchart |
| rabbitmq.persistence | object | `{"enabled":false}` | Persistence parameters |
| rabbitmq.persistence.enabled | bool | `false` | Enable RabbitMQ data persistence using PVC |
| rabbitmq.replicaCount | int | `1` | Number of RabbitMQ replicas to deploy |
| readinessProbe | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":1}` | Configure readinessProbe checker Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes |
| readinessProbeCustom | object | `{}` | Custom readinessProbe |
| readyChecker | object | `{"enabled":true,"retries":30,"services":[{"name":"minio","port":9000},{"name":"postgresql","port":5432},{"name":"rabbitmq","port":5672}],"timeout":5}` | Enable or disable ready-checker |
| readyChecker.retries | int | `30` | Number of retries before giving up |
| readyChecker.services | list | `[{"name":"minio","port":9000},{"name":"postgresql","port":5432},{"name":"rabbitmq","port":5672}]` | List services |
| readyChecker.timeout | int | `5` | Timeout for each check |
| replicaCount | int | `1` | Number of replicas |
| resources | object | `{}` | The resources limits and requested |
| secrets | object | `{}` | Secrets values to create credentials and reference by envFromSecrets |
| service | object | `{"port":80,"targetPort":8080,"type":"ClusterIP"}` | Kubernetes service to expose Pod |
| service.port | int | `80` | Kubernetes Service port |
| service.targetPort | int | `8080` | Pod expose port |
| service.type | string | `"ClusterIP"` | Kubernetes Service type. Allowed values: NodePort, LoadBalancer or ClusterIP |
| serviceAccount | object | `{"annotations":{},"automountServiceAccountToken":false,"create":true,"name":""}` | Enable creation of ServiceAccount |
| startupProbe | object | `{"enabled":true,"failureThreshold":30,"initialDelaySeconds":180,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":5}` | Configure startupProbe checker Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes |
| startupProbeCustom | object | `{}` | Custom startupProbe |
| testConnection | bool | `false` | Enable or disable test connection |
| tolerations | list | `[]` | Tolerations for pod assignment |

----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.11.3](https://github.com/norwoodj/helm-docs/releases/v1.11.3)
92 changes: 92 additions & 0 deletions charts/openbas/ci/ci-values.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,92 @@
replicaCount: 1
fullnameOverride: openbas-ci

env:
INJECTOR_CALDERA_API_KEY: 0ce2182d-3e1a-4117-a1d4-8100a7b01d82
INJECTOR_CALDERA_PUBLIC_URL: http://openbas-ci-caldera:8888
INJECTOR_CALDERA_URL: http://openbas-ci-caldera:8888
LOGGING_LEVEL_IO_OPENBAS: info
LOGGING_LEVEL_ROOT: info
MINIO_ACCESS-KEY: ChangeMe
MINIO_ACCESS-SECRET: ChangeMe
MINIO_ENDPOINT: openbas-ci-minio
OPENBAS_ADMIN_EMAIL: [email protected]
OPENBAS_ADMIN_PASSWORD: test
OPENBAS_ADMIN_TOKEN: b1976749-8a53-4f49-bf04-cafa2a3458c1
OPENBAS_BASE-URL: http://openbas-ci:8080
OPENBAS_RABBITMQ_HOSTNAME: openbas-ci-rabbitmq
OPENBAS_RABBITMQ_MANAGEMENT-PORT: 15672
OPENBAS_RABBITMQ_PASS: ChangeMe
OPENBAS_RABBITMQ_PORT: 5672
OPENBAS_RABBITMQ_USER: user
SPRING_DATASOURCE_PASSWORD: ChangeMe
SPRING_DATASOURCE_URL: jdbc:postgresql://openbas-ci-postgresql:5432/openbas
SPRING_DATASOURCE_USERNAME: user

testConnection: false

autoscaling:
enabled: true

caldera:
enabled: true
env:
CALDERA_URL: http://openbas-ci-caldera:8888
config:
users:
red:
red: 0ce2182d-3e1a-4117-a1d4-8100a7b01d82
blue:
blue: 0ce2182d-3e1a-4117-a1d4-8100a7b01d82
api_key_red: 0ce2182d-3e1a-4117-a1d4-8100a7b01d82
api_key_blue: 0ce2182d-3e1a-4117-a1d4-8100a7b01d82
api_key: 0ce2182d-3e1a-4117-a1d4-8100a7b01d82
crypt_salt: 0ce2182d-3e1a-4117-a1d4-8100a7b01d82
encryption_key: 0ce2182d-3e1a-4117-a1d4-8100a7b01d82
app.contact.tcp: 0.0.0.0:7010
app.contact.udp: 0.0.0.0:7011
app.contact.websocket: 0.0.0.0:7012
app.contact.dns.domain: localhost
app.contact.dns.socket: 0.0.0.0:53
app.contact.http: http://openbas-ci-caldera:8888
app.contact.tunnel.ssh.user_password: 0ce2182d-3e1a-4117-a1d4-8100a7b01d82
app.contact.tunnel.ssh.socket: 0.0.0.0:8022
app.contact.tunnel.ssh.user_name: sandcat
objects.planners.default: atomic
requirements:
go:
command: go version
type: installed_program
version: 1.11
python:
attr: version
module: sys
type: python_module
version: 3.8.0
host: 0.0.0.0
port: 8888
ability_refresh: 60
plugins:
- access
- atomic
- compass
- debrief
- fieldmanual
- gameboard
- manx
- response
- sandcat
- stockpile
- training

minio:
fullnameOverride: openbas-ci-minio

postgresql:
fullnameOverride: openbas-ci-postgresql
database: "openbas"

rabbitmq:
fullnameOverride: openbas-ci-rabbitmq
auth:
erlangCookie: b25c953e-2193-4b8e-9f3b-9a3a5ba76d75
12 changes: 12 additions & 0 deletions charts/openbas/collector-examples/collector-atomic-red-team.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
# atomic-red-team
# ref: https://github.com/OpenBAS-Platform/collectors/tree/main/atomic-red-team
- name: atomic-red-team
enabled: true
replicas: 1
image: {}
env:
OPENBAS_URL: http://localhost
OPENBAS_TOKEN: ChangeMe
COLLECTOR_ID: ChangeMe
COLLECTOR_NAME: "Atomic Red Team"
COLLECTOR_LOG_LEVEL: error
15 changes: 15 additions & 0 deletions charts/openbas/collector-examples/collector-microsoft-defender.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
# microsoft-defender
# ref: https://github.com/OpenBAS-Platform/collectors/tree/main/microsoft-defender
- name: microsoft-defender
enabled: true
replicas: 1
image: {}
env:
OPENBAS_URL: http://localhost
OPENBAS_TOKEN: ChangeMe
COLLECTOR_ID: ChangeMe
COLLECTOR_NAME: "Microsoft Defender"
COLLECTOR_LOG_LEVEL: error
MICROSOFT_DEFENDER_TENANT_ID:
MICROSOFT_DEFENDER_CLIENT_ID:
MICROSOFT_DEFENDER_CLIENT_SECRET:
16 changes: 16 additions & 0 deletions charts/openbas/collector-examples/collector-microsoft-entra.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
# microsoft-entra
# ref: https://github.com/OpenBAS-Platform/collectors/tree/main/microsoft-entra
- name: microsoft-entra
enabled: true
replicas: 1
image: {}
env:
OPENBAS_URL: http://localhost
OPENBAS_TOKEN: ChangeMe
COLLECTOR_ID: ChangeMe
COLLECTOR_NAME: "Microsoft Entra"
COLLECTOR_LOG_LEVEL: error
MICROSOFT_ENTRA_TENANT_ID:
MICROSOFT_ENTRA_CLIENT_ID:
MICROSOFT_ENTRA_CLIENT_SECRET:
INCLUDE_EXTERNAL: "false"
18 changes: 18 additions & 0 deletions charts/openbas/collector-examples/collector-microsoft-sentinel.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
# microsoft-sentinel
# ref: https://github.com/OpenBAS-Platform/collectors/tree/main/microsoft-sentinel
- name: microsoft-sentinel
enabled: true
replicas: 1
image: {}
env:
OPENBAS_URL: http://localhost
OPENBAS_TOKEN: ChangeMe
COLLECTOR_ID: ChangeMe
COLLECTOR_NAME: "Microsoft Sentinel"
COLLECTOR_LOG_LEVEL: error
MICROSOFT_SENTINEL_TENANT_ID:
MICROSOFT_SENTINEL_CLIENT_ID:
MICROSOFT_SENTINEL_CLIENT_SECRET:
MICROSOFT_SENTINEL_SUBSCRIPTION_ID:
MICROSOFT_SENTINEL_WORKSPACE_ID:
MICROSOFT_SENTINEL_RESOURCE_GROUP:
12 changes: 12 additions & 0 deletions charts/openbas/collector-examples/collector-mitre-attack.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
# mitre-attack
# ref: https://github.com/OpenBAS-Platform/collectors/tree/main/mitre-attack
- name: mitre-attack
enabled: true
replicas: 1
image: {}
env:
OPENBAS_URL: http://localhost
OPENBAS_TOKEN: ChangeMe
COLLECTOR_ID: ChangeMe
COLLECTOR_NAME: "MITRE ATT&CK"
COLLECTOR_LOG_LEVEL: error
16 changes: 16 additions & 0 deletions charts/openbas/collector-examples/collector-tanium-threat-response.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
# tanium-threat-response
# ref: https://github.com/OpenBAS-Platform/collectors/tree/main/tanium-threat-response
- name: tanium-threat-response
enabled: true
replicas: 1
image: {}
env:
OPENBAS_URL: http://localhost
OPENBAS_TOKEN: ChangeMe
COLLECTOR_ID: ChangeMe
COLLECTOR_NAME: "Tanium Threat Response"
COLLECTOR_LOG_LEVEL: error
TANIUM_URL: https://console.changeme.com
TANIUM_URL_CONSOLE: https://console.changeme.com
TANIUM_SSL_VERIFY: true
TANIUM_TOKEN: ChangeMe
Loading

0 comments on commit bc0d82b

Please sign in to comment.