feat: add injectors

* Add examples * Update docs closes #1
devops-ia · Aug 17, 2024 · f743f27 · f743f27
1 parent f4c6fdd
commit f743f27
Show file tree

Hide file tree

Showing 6 changed files with 239 additions and 5 deletions.
diff --git a/charts/openbas/README.md b/charts/openbas/README.md
@@ -58,7 +58,7 @@ _See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command doc
 ## OpenBAS
 
 * [Environment configuration](https://docs.openbas.io/latest/deployment/configuration/#platform)
-* [Connectors](https://github.com/OpenBAS-Platform/collectors/tree/main). Review `docker-compose.yaml` with the properly config
+* [Collectors](https://github.com/OpenBAS-Platform/collectors/tree/main). Review `docker-compose.yaml` with the properly config
 * Check collectors samples on `collector-examples` folder
 
 ## Basic installation and examples
@@ -95,7 +95,7 @@ helm show values openbas/openbas
 | caldera.service.targetPort | int | `8888` | Pod expose port |
 | caldera.service.type | string | `"ClusterIP"` | Kubernetes Service type. Allowed values: NodePort, LoadBalancer or ClusterIP |
 | caldera.tolerations | list | `[]` | Tolerations for pod assignment |
-| collectorGlobalEnv | string | `nil` | Connector Global environment |
+| collectorGlobalEnv | string | `nil` | Collector Global environment |
 | collectors | list | `[]` | Collectors Ref: https://github.com/OpenBAS-Platform/collectors |
 | env | object | `{"INJECTOR_CALDERA_API_KEY":"ChangeMe","INJECTOR_CALDERA_PUBLIC_URL":"http://release-name-caldera:8888","INJECTOR_CALDERA_URL":"http://release-name-caldera:8888","MINIO_ENDPOINT":"release-name-minio:9000","OPENBAS_ADMIN_EMAIL":"[email protected]","OPENBAS_ADMIN_PASSWORD":"ChangeMe","OPENBAS_ADMIN_TOKEN":"ChangeMe","OPENBAS_AUTH-LOCAL-ENABLE":true,"OPENBAS_BASE-URL":"http://localhost:8080","OPENBAS_RABBITMQ_HOSTNAME":"release-name-rabbitmq","OPENBAS_RABBITMQ_MANAGEMENT-PORT":15672,"OPENBAS_RABBITMQ_PASS":"ChangeMe","OPENBAS_RABBITMQ_PORT":5672,"OPENBAS_RABBITMQ_USER":"user","SERVER_ADDRESS":"0.0.0.0","SERVER_PORT":8080,"SPRING_DATASOURCE_PASSWORD":"ChangeMe","SPRING_DATASOURCE_URL":"jdbc:postgresql://release-name-postgresql:5432/openbas","SPRING_DATASOURCE_USERNAME":"user"}` | Environment variables to configure application Ref: https://docs.openbas.io/latest/deployment/configuration/#platform |
 | envFromSecrets | object | `{}` | Secrets from variables |
@@ -104,6 +104,8 @@ helm show values openbas/openbas
 | image | object | `{"pullPolicy":"IfNotPresent","repository":"openbas/platform","tag":""}` | Image registry |
 | imagePullSecrets | list | `[]` | Global Docker registry secret names as an array |
 | ingress | object | `{"annotations":{},"className":"","enabled":false,"hosts":[{"host":"chart-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]}` | Ingress configuration to expose app |
+| injectorGlobalEnv | string | `nil` | Injector Global environment |
+| injectors | list | `[]` | Injectors Ref: https://github.com/OpenBAS-Platform/injectors |
 | livenessProbe | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":180,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":5}` | Configure liveness checker Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes |
 | livenessProbeCustom | object | `{}` | Custom livenessProbe |
 | minio | object | `{"auth":{"rootPassword":"ChangeMe","rootUser":"ChangeMe"},"enabled":true,"mode":"standalone","persistence":{"enabled":false}}` | MinIO subchart deployment Ref: https://github.com/bitnami/charts/blob/main/bitnami/minio/values.yaml  |

diff --git a/charts/openbas/README.md.gotmpl b/charts/openbas/README.md.gotmpl
@@ -48,7 +48,7 @@ _See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command doc
 ## OpenBAS
 
 * [Environment configuration](https://docs.openbas.io/latest/deployment/configuration/#platform)
-* [Connectors](https://github.com/OpenBAS-Platform/collectors/tree/main). Review `docker-compose.yaml` with the properly config
+* [Collectors](https://github.com/OpenBAS-Platform/collectors/tree/main). Review `docker-compose.yaml` with the properly config
 * Check collectors samples on `collector-examples` folder
 
 ## Basic installation and examples

diff --git a/charts/openbas/docs/examples.md b/charts/openbas/docs/examples.md
@@ -98,7 +98,7 @@ Output:
           - 'RETRY=0; until [ $RETRY -eq 30 ]; do nc -zv openbas-ci-rabbitmq 5672 && break; echo "[$RETRY/30] waiting service openbas-ci-rabbitmq:5672 is ready"; sleep 5; RETRY=$(($RETRY + 1)); done'
 ```
 
-## Connector: sample complete
+## Collector: sample complete
 
 ```yaml
 collectors:
@@ -160,3 +160,63 @@ Or you can use affinity to run the collector in different node if you increase r
                   - microsoft-entra
           topologyKey: kubernetes.io/hostname
 ```
+
+## Injector: sample complete
+
+```yaml
+injectors:
+# https://github.com/OpenBAS-Platform/injectors/tree/main/http-query
+- name: http-query
+  enabled: true
+  replicas: 1
+  image:
+    repository: openbas/injector-http-query
+  env:
+    OPENBAS_URL: "XXXX"
+    OPENBAS_TOKEN: "XXXX"
+    INJECTOR_ID: ChangeMe
+    INJECTOR_NAME: "HTTP query"
+    INJECTOR_LOG_LEVEL: error
+  envFromSecrets:
+    MICROSOFT_ENTRA_CLIENT_SECRET:
+      name:  my-secret-credentials
+      key: MICROSOFT_ENTRA_CLIENT_SECRET
+  resources:
+    requests:
+      memory: 128Mi
+      cpu: 100m
+    limits:
+      memory: 128Mi
+```
+
+You can config which node to run the injector using nodeSelector and tolerations.
+
+```yaml
+injector:
+- name: http-query
+  ...
+  nodeSelector:
+    project: "openbas"
+  tolerations:
+    - key: "project"
+      operator: "Equal"
+      value: "openbas"
+      effect: "NoSchedule"
+```
+
+Or you can use affinity to run the injector in different node if you increase replicas.
+
+```yaml
+- name: http-query
+  ...
+  affinity:
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchExpressions:
+              - key: openbas.injector
+                operator: In
+                values:
+                  - http-query
+          topologyKey: kubernetes.io/hostname
+```
diff --git a/charts/openbas/injector-examples/injector-http-query.yaml b/charts/openbas/injector-examples/injector-http-query.yaml
@@ -0,0 +1,12 @@
+# http-query
+# ref: https://github.com/OpenBAS-Platform/injectors/blob/main/http-query
+- name: http-query
+  enabled: true
+  replicas: 1
+  image: {}
+  env:
+    OPENBAS_URL: http://localhost
+    OPENBAS_TOKEN: ChangeMe
+    INJECTOR_ID: ChangeMe
+    INJECTOR_NAME: "HTTP query"
+    INJECTOR_LOG_LEVEL: error
diff --git a/charts/openbas/templates/injector/deployment.yaml b/charts/openbas/templates/injector/deployment.yaml
@@ -0,0 +1,110 @@
+{{- range .Values.injectors }}
+{{- $injectorName := .name }}
+
+{{- if .enabled }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ $injectorName }}-injector-{{ include "openbas.fullname" $ }}
+  labels:
+    openbas.injector: {{ $injectorName }}
+    {{- include "openbas.labels" $ | nindent 4 }}
+spec:
+  {{- if not .autoscaling }}
+  replicas: {{ .replicas }}
+  {{- end }}
+  selector:
+    matchLabels:
+      openbas.injector: {{ $injectorName }}
+      {{- include "openbas.selectorLabels" $ | nindent 6 }}
+  template:
+    metadata:
+      {{- with .podAnnotations }}
+      annotations:
+        {{- toYaml $ | nindent 8 }}
+      {{- end }}
+      labels:
+        openbas.injector: {{ $injectorName }}
+        {{- include "openbas.selectorLabels" $ | nindent 8 }}
+    spec:
+      {{- if .imagePullSecrets }}
+      {{- with .imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- else if $.Values.global.imagePullSecrets }}
+      {{- with $.Values.global.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- end }}
+      securityContext:
+        {{- toYaml .podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ $injectorName }}-injector
+          securityContext:
+            {{- toYaml .securityContext | nindent 12 }}
+          {{- if .image.repository }}
+          image: "{{ .image.repository }}:{{ .image.tag | default $.Chart.AppVersion }}"
+          {{- else if $.Values.global.imageRegistry }}
+          image: "{{ printf "%s/openbas/injector-%s" $.Values.global.imageRegistry .name }}:{{ .image.tag | default $.Chart.AppVersion }}"
+          {{- else }}
+          image: "{{ printf "openbas/injector-%s" .name }}:{{ .image.tag | default $.Chart.AppVersion }}"
+          {{- end }}
+          imagePullPolicy: {{ .image.pullPolicy | default "IfNotPresent" }}
+          env:
+          # Variables from secrets have precedence
+          {{- $envList := dict -}}
+
+          {{- if .envFromSecrets }}
+          {{- range $key, $value := .envFromSecrets }}
+          - name: {{ $key | upper }}
+            valueFrom:
+              secretKeyRef:
+                name: {{ $value.name }}
+                key: {{ $value.key | default $key }}
+          {{- $_ := set $envList $key true }}
+          {{- end }}
+          {{- end }}
+
+          # Special handling for OPENBAS_URL which is constructed from other values
+          {{- if not (hasKey .env "OPENBAS_URL") }}
+          - name: OPENBAS_URL
+            value: "http://{{ include "openbas.fullname" $ }}-server:{{ $.Values.service.port }}"
+          {{- end }}
+
+          # Special handling for OPENBAS_TOKEN which is constructed from other values
+          {{- if and (not (hasKey .env "OPENBAS_TOKEN")) ($.Values.env.OPENBAS_ADMIN_TOKEN) }}
+          - name: OPENBAS_TOKEN
+            value: "{{ $.Values.env.OPENBAS_ADMIN_TOKEN }}"
+          {{- end }}
+
+          # Add Variables in plain text if they were not already added from secrets
+          {{- if .env }}
+          {{- range $key, $value := .env }}
+          {{- if not (hasKey $envList $key) }}
+          - name: {{ $key | upper }}
+            value: {{ $value | quote }}
+          {{- $_ := set $envList $key true }}
+          {{- end }}
+          {{- end }}
+          {{- end }}
+
+          resources:
+            {{- toYaml .resources | nindent 12 }}
+      {{- with .nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+
+{{- end }}
+{{- end }}
diff --git a/charts/openbas/values.yaml b/charts/openbas/values.yaml
@@ -225,7 +225,7 @@ tolerations: []
 # -- Affinity for pod assignment
 affinity: {}
 
-# -- Connector Global environment
+# -- Collector Global environment
 collectorGlobalEnv:
   # Plain vars
   # foo: bar
@@ -275,6 +275,56 @@ collectors: []
 #   # -- Affinity for pod assignment
 #   affinity: {}
 
+# -- Injector Global environment
+injectorGlobalEnv:
+  # Plain vars
+  # foo: bar
+  # my_env: my_value
+
+# -- Injectors
+# Ref: https://github.com/OpenBAS-Platform/injectors
+injectors: []
+# - name: connector-name
+#   enabled: true
+#   replicas: 1
+#   # -- Image registry
+#   image: {}
+#     repository:
+#     pullPolicy:
+#     tag:
+#   # -- Environment variables to configure application
+#   env: {}
+#   # Plain vars
+#   # foo: bar
+#   # my_env: my_value
+#   # -- Pod annotations
+#   podAnnotations: {}
+#   # -- Secrets from variables
+#   envFromSecrets: {}
+#     # Cipher vars
+#     # my_env:
+#     #  name: release-name-credentials
+#     #  key: secret_key
+#   # -- The resources limits and requested
+#   resources: {}
+#     limits:
+#       memory: 256Mi
+#       cpu: "250m"
+#     requests:
+#       memory: 56Mi
+#       cpu: "50m"
+#   # -- Node labels for pod assignment
+#   nodeSelector: {}
+#     project: "openbas"
+#   # -- Tolerations for pod assignment
+#   tolerations: []
+#     - key: "project"
+#       operator: "Equal"
+#       value: "openbas"
+#       effect: "NoSchedule"
+#   # -- Affinity for pod assignment
+#   affinity: {}
+
 # -- OpenBAS caldera-server deployment configuration
 caldera:
   enabled: true