From 8d75014ee9a9deb84c6b35c3c183f43cb6b81cc4 Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Mon, 9 Oct 2023 10:09:42 +0200 Subject: [PATCH 1/2] Prep release 1.7.0 --- .../secret-challenge-vault-deployment.yml.tpl | 2 +- helm/wrongsecrets-ctf-party/Chart.yaml | 4 ++-- helm/wrongsecrets-ctf-party/README.md | 10 +++++----- helm/wrongsecrets-ctf-party/values.yaml | 6 +++--- wrongsecrets-balancer/config/config.json | 2 +- wrongsecrets-balancer/src/kubernetes.js | 16 ++++++++-------- 6 files changed, 20 insertions(+), 20 deletions(-) diff --git a/azure/k8s/secret-challenge-vault-deployment.yml.tpl b/azure/k8s/secret-challenge-vault-deployment.yml.tpl index e1000d5a5..d7c4bf020 100644 --- a/azure/k8s/secret-challenge-vault-deployment.yml.tpl +++ b/azure/k8s/secret-challenge-vault-deployment.yml.tpl @@ -41,7 +41,7 @@ spec: volumeAttributes: secretProviderClass: "azure-wrongsecrets-vault" containers: - - image: jeroenwillemsen/wrongsecrets:1.6.10-k8s-vault + - image: jeroenwillemsen/wrongsecrets:1.7.0-k8s-vault imagePullPolicy: IfNotPresent name: secret-challenge securityContext: diff --git a/helm/wrongsecrets-ctf-party/Chart.yaml b/helm/wrongsecrets-ctf-party/Chart.yaml index 8fe12b2be..50a0a1913 100644 --- a/helm/wrongsecrets-ctf-party/Chart.yaml +++ b/helm/wrongsecrets-ctf-party/Chart.yaml @@ -28,10 +28,10 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 1.6.10 +version: 1.7.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: 1.6.10 +appVersion: 1.7.0 dependencies: [] diff --git a/helm/wrongsecrets-ctf-party/README.md b/helm/wrongsecrets-ctf-party/README.md index ab397a9b7..e81927f08 100644 --- a/helm/wrongsecrets-ctf-party/README.md +++ b/helm/wrongsecrets-ctf-party/README.md @@ -40,7 +40,7 @@ To uninstall the chart: helm delete my-wrongsecrets-ctf-party # wrongsecrets-ctf-party -![Version: 1.6.10](https://img.shields.io/badge/Version-1.6.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.6.10](https://img.shields.io/badge/AppVersion-1.6.10-informational?style=flat-square) +![Version: 1.7.0](https://img.shields.io/badge/Version-1.7.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.7.0](https://img.shields.io/badge/AppVersion-1.7.0-informational?style=flat-square) Run Multi User "Capture the Flags" or Security Trainings with OWASP Wrongsecrets @@ -114,7 +114,7 @@ Run Multi User "Capture the Flags" or Security Trainings with OWASP Wrongsecrets | balancer.service.loadBalancerSourceRanges | string | `nil` | list of IP CIDRs allowed access to lb (if supported) | | balancer.service.type | string | `"ClusterIP"` | Kubernetes service type | | balancer.skipOwnerReference | bool | `false` | If set to true this skips setting ownerReferences on the teams wrongsecrets Deployment and Services. This lets MultiJuicer run in older kubernetes cluster which don't support the reference type or the app/v1 deployment type | -| balancer.tag | string | `"1.6.10cloud"` | | +| balancer.tag | string | `"1.7.0cloud"` | | | balancer.tolerations | list | `[]` | Optional Configure kubernetes toleration for the created wrongsecrets instances (see: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) | | balancer.volumeMounts[0] | object | `{"mountPath":"/home/app/config/","name":"config-volume"}` | If true, creates a volumeMount for the created pods. This is required for the podSecurityPolicy to work | | balancer.volumes[0] | object | `{"configMap":{"name":"wrongsecrets-balancer-config"},"name":"config-volume"}` | If true, creates a volume for the created pods. This is required for the podSecurityPolicy to work | @@ -159,7 +159,7 @@ Run Multi User "Capture the Flags" or Security Trainings with OWASP Wrongsecrets | virtualdesktop.securityContext.readOnlyRootFilesystem | bool | `true` | | | virtualdesktop.securityContext.runAsNonRoot | bool | `true` | | | virtualdesktop.securityContext.seccompProfile.type | string | `"RuntimeDefault"` | | -| virtualdesktop.tag | string | `"1.6.10"` | | +| virtualdesktop.tag | string | `"1.7.0C"` | | | virtualdesktop.tolerations | list | `[]` | | | wrongsecrets.affinity | object | `{}` | Optional Configure kubernetes scheduling affinity for the created Wrongsecrets instances (see: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) | | wrongsecrets.config | string | See values.yaml for full details | Specify a custom Wrongsecrets config.yaml. See the Wrongsecrets Docs for any needed ENVs: https://github.com/OWASP/wrongsecrets | @@ -172,7 +172,7 @@ Run Multi User "Capture the Flags" or Security Trainings with OWASP Wrongsecrets | wrongsecrets.resources | object | `{"requests":{"cpu":"256Mi","memory":"300Mi"}}` | Optional resources definitions to set for each Wrongsecrets instance | | wrongsecrets.runtimeClassName | string | `nil` | Optional Can be used to configure the runtime class for the Wrongsecrets instances pods to add an additional layer of isolation to reduce the impact of potential container escapes. (see: https://kubernetes.io/docs/concepts/containers/runtime-class/) | | wrongsecrets.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Optional securityContext definitions to set for each Wrongsecrets instance | -| wrongsecrets.tag | string | `"1.6.10-no-vault"` | | +| wrongsecrets.tag | string | `"1.7.0-no-vault"` | | | wrongsecrets.tolerations | list | `[]` | Optional Configure kubernetes toleration for the created Wrongsecrets instances (see: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) | | wrongsecrets.volumes | list | `[]` | Optional Volumes to set for each Wrongsecrets instance (see: https://kubernetes.io/docs/concepts/storage/volumes/) | | wrongsecretsCleanup.affinity | object | `{}` | Optional Configure kubernetes scheduling affinity for the wrongsecretsCleanup Job(see: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) | @@ -199,4 +199,4 @@ Run Multi User "Capture the Flags" or Security Trainings with OWASP Wrongsecrets | wrongsecretsCleanup.tolerations | list | `[]` | Optional Configure kubernetes toleration for the wrongsecretsCleanup Job (see: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2) diff --git a/helm/wrongsecrets-ctf-party/values.yaml b/helm/wrongsecrets-ctf-party/values.yaml index 16fb8afb5..320cfcfdf 100644 --- a/helm/wrongsecrets-ctf-party/values.yaml +++ b/helm/wrongsecrets-ctf-party/values.yaml @@ -40,7 +40,7 @@ balancer: # -- Set this to a fixed random alpa-numeric string (recommended length 24 chars). If not set this get randomly generated with every helm upgrade, each rotation invalidates all active cookies / sessions requirering users to login again. cookieParserSecret: null repository: jeroenwillemsen/wrongsecrets-balancer - tag: 1.6.10cloud + tag: 1.7.0cloud # -- Number of replicas of the wrongsecrets-balancer deployment. Changing this in a commit? PLEASE UPDATE THE GITHUB WORKLFOWS THEN!(NUMBER OF "TRUE") replicas: 2 # -- Port to expose on the balancer pods which the container listens on @@ -164,7 +164,7 @@ wrongsecrets: maxInstances: 500 # -- Wrongsecrets Image to use image: jeroenwillemsen/wrongsecrets - tag: 1.6.10-no-vault + tag: 1.7.0-no-vault # -- Change the key when hosting a CTF event. This key gets used to generate the challenge flags. See: https://github.com/OWASP/wrongsecrets#ctf ctfKey: "zLp@.-6fMW6L-7R3b!9uR_K!NfkkTr" # -- Specify a custom Wrongsecrets config.yaml. See the Wrongsecrets Docs for any needed ENVs: https://github.com/OWASP/wrongsecrets @@ -226,7 +226,7 @@ virtualdesktop: maxInstances: 500 # -- Wrongsecrets Image to use image: jeroenwillemsen/wrongsecrets-desktop-k8s - tag: 1.6.10 + tag: 1.7.0C repository: commjoenie/wrongSecrets resources: request: diff --git a/wrongsecrets-balancer/config/config.json b/wrongsecrets-balancer/config/config.json index 41c8430e0..1092e31d4 100644 --- a/wrongsecrets-balancer/config/config.json +++ b/wrongsecrets-balancer/config/config.json @@ -41,7 +41,7 @@ }, "virtualdesktop": { "image": "jeroenwillemsen/wrongsecrets-desktop-k8s", - "tag": "1.5.9", + "tag": "1.7.0C", "imagePullPolicy": "IfNotPresent", "nodeEnv": "wrongsecrets-ctf-party", "resources:": { diff --git a/wrongsecrets-balancer/src/kubernetes.js b/wrongsecrets-balancer/src/kubernetes.js index c3b953d60..d5048b027 100644 --- a/wrongsecrets-balancer/src/kubernetes.js +++ b/wrongsecrets-balancer/src/kubernetes.js @@ -277,7 +277,7 @@ const createK8sDeploymentForTeam = async ({ team, passcodeHash }) => { path: '/actuator/health/readiness', port: 8080, }, - initialDelaySeconds: 90, + initialDelaySeconds: 70, timeoutSeconds: 30, periodSeconds: 10, failureThreshold: 10, @@ -287,7 +287,7 @@ const createK8sDeploymentForTeam = async ({ team, passcodeHash }) => { path: '/actuator/health/liveness', port: 8080, }, - initialDelaySeconds: 90, + initialDelaySeconds: 50, timeoutSeconds: 30, periodSeconds: 30, }, @@ -558,7 +558,7 @@ const createAWSDeploymentForTeam = async ({ team, passcodeHash }) => { path: '/actuator/health/readiness', port: 8080, }, - initialDelaySeconds: 120, + initialDelaySeconds: 90, timeoutSeconds: 30, periodSeconds: 10, failureThreshold: 10, @@ -568,7 +568,7 @@ const createAWSDeploymentForTeam = async ({ team, passcodeHash }) => { path: '/actuator/health/liveness', port: 8080, }, - initialDelaySeconds: 90, + initialDelaySeconds: 70, timeoutSeconds: 30, periodSeconds: 30, }, @@ -850,7 +850,7 @@ const createAzureDeploymentForTeam = async ({ team, passcodeHash }) => { path: '/actuator/health/readiness', port: 8080, }, - initialDelaySeconds: 120, + initialDelaySeconds: 90, timeoutSeconds: 30, periodSeconds: 10, failureThreshold: 10, @@ -860,7 +860,7 @@ const createAzureDeploymentForTeam = async ({ team, passcodeHash }) => { path: '/actuator/health/liveness', port: 8080, }, - initialDelaySeconds: 90, + initialDelaySeconds: 70, timeoutSeconds: 30, periodSeconds: 30, }, @@ -1204,7 +1204,7 @@ const createGCPDeploymentForTeam = async ({ team, passcodeHash }) => { path: '/actuator/health/readiness', port: 8080, }, - initialDelaySeconds: 120, + initialDelaySeconds: 90, timeoutSeconds: 30, periodSeconds: 10, failureThreshold: 10, @@ -1214,7 +1214,7 @@ const createGCPDeploymentForTeam = async ({ team, passcodeHash }) => { path: '/actuator/health/liveness', port: 8080, }, - initialDelaySeconds: 90, + initialDelaySeconds: 70, timeoutSeconds: 30, periodSeconds: 30, }, From 3f64d7a67fe782aaead137bc139aae3bdb3becbe Mon Sep 17 00:00:00 2001 From: "pre-commit-ci-lite[bot]" <117423508+pre-commit-ci-lite[bot]@users.noreply.github.com> Date: Mon, 9 Oct 2023 08:11:03 +0000 Subject: [PATCH 2/2] [pre-commit.ci lite] apply automatic fixes --- helm/wrongsecrets-ctf-party/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/wrongsecrets-ctf-party/README.md b/helm/wrongsecrets-ctf-party/README.md index e81927f08..7d9004f6f 100644 --- a/helm/wrongsecrets-ctf-party/README.md +++ b/helm/wrongsecrets-ctf-party/README.md @@ -199,4 +199,4 @@ Run Multi User "Capture the Flags" or Security Trainings with OWASP Wrongsecrets | wrongsecretsCleanup.tolerations | list | `[]` | Optional Configure kubernetes toleration for the wrongsecretsCleanup Job (see: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)