diff --git a/charts/incubator/ctfd/.helmignore b/charts/incubator/ctfd/.helmignore new file mode 100644 index 00000000000..77ca5567b26 --- /dev/null +++ b/charts/incubator/ctfd/.helmignore @@ -0,0 +1,30 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# OWNERS file for Kubernetes +OWNERS +# helm-docs templates +*.gotmpl +# docs folder +/docs +# icon +icon.png diff --git a/charts/incubator/ctfd/CHANGELOG.md b/charts/incubator/ctfd/CHANGELOG.md new file mode 100644 index 00000000000..825c32f0d03 --- /dev/null +++ b/charts/incubator/ctfd/CHANGELOG.md @@ -0,0 +1 @@ +# Changelog diff --git a/charts/incubator/ctfd/Chart.yaml b/charts/incubator/ctfd/Chart.yaml new file mode 100644 index 00000000000..649c2d7cd47 --- /dev/null +++ b/charts/incubator/ctfd/Chart.yaml @@ -0,0 +1,36 @@ +apiVersion: v2 +appVersion: "3.5.3" +dependencies: + - name: common + repository: https://library-charts.truecharts.org + version: 14.0.1 + - condition: mariadb.enabled + name: mariadb + repository: https://deps.truecharts.org/ + version: 7.0.70 + - condition: redis.enabled + name: redis + repository: https://deps.truecharts.org + version: 6.0.66 +deprecated: false +description: CTFd is a Capture The Flag framework focusing on ease of use and customizability. +home: https://truecharts.org/charts/incubator/ctfd +icon: https://truecharts.org/img/hotlink-ok/chart-icons/ctfd.png +keywords: + - ctfd + - learning +kubeVersion: ">=1.16.0-0" +maintainers: + - email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +name: ctfd +sources: + - https://github.com/truecharts/charts/tree/master/charts/incubator/ctfd + - https://github.com/CTFd/CTFd +type: application +version: 0.0.1 +annotations: + truecharts.org/catagories: | + - learning + truecharts.org/SCALE-support: "true" diff --git a/charts/incubator/ctfd/README.md b/charts/incubator/ctfd/README.md new file mode 100644 index 00000000000..7e59600739c --- /dev/null +++ b/charts/incubator/ctfd/README.md @@ -0,0 +1 @@ +# README diff --git a/charts/incubator/ctfd/icon.png b/charts/incubator/ctfd/icon.png new file mode 100644 index 00000000000..d666cd2c1be Binary files /dev/null and b/charts/incubator/ctfd/icon.png differ diff --git a/charts/incubator/ctfd/questions.yaml b/charts/incubator/ctfd/questions.yaml new file mode 100644 index 00000000000..3d65e60f749 --- /dev/null +++ b/charts/incubator/ctfd/questions.yaml @@ -0,0 +1,186 @@ +# Include{groups} +portals: + open: +# Include{portalLink} +questions: +# Include{global} +# Include{workload} +# Include{workloadDeployment} + +# Include{replicas1} +# Include{podSpec} +# Include{containerMain} + + - variable: env + label: Image Environment + schema: + additional_attrs: true + type: dict + attrs: + - variable: SAFE_MODE + label: Safe Mode + description: CTFd will not load any plugins which may alleviate issues preventing CTFd from starting. + schema: + type: boolean + default: false + - variable: REVERSE_PROXY + label: Reverse Proxy + description: Specifies whether CTFd is behind a reverse proxy or not. + schema: + type: boolean + default: false + - variable: MAIL_USEAUTH + label: Show Optional Mail Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: MAILFROM_ADDR + label: Mail From Address + description: The email address that emails are sent from. + schema: + type: string + default: "" + - variable: MAIL_SERVER + label: Mail Server + description: The mail server that emails are sent from. + schema: + type: string + default: "" + - variable: MAIL_PORT + label: Mail Port + description: The mail port that emails are sent from. + schema: + type: int + default: 587 + - variable: MAIL_USERNAME + label: Mail UserName + description: The username used to authenticate to the SMTP server. + schema: + type: string + default: "" + - variable: MAIL_PASSWORD + label: Mail Password + description: The password used to authenticate to the SMTP server. + schema: + type: string + private: true + default: "" + - variable: MAIL_TLS + label: Mail TLS + description: Whether to connect to the SMTP server over TLS. + schema: + type: boolean + default: true + - variable: MAIL_SSL + label: Mail SSL + description: Whether to connect to the SMTP server over SSL. + schema: + type: boolean + default: false + - variable: oauth + label: Show Optional Oauth Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: OAUTH_CLIENT_ID + label: Oauth Client Id + schema: + type: string + default: "" + - variable: OAUTH_CLIENT_SECRET + label: Oauth Client Secret + schema: + type: string + private: true + default: "" + +# Include{containerBasic} +# Include{containerAdvanced} + +# Include{containerConfig} +# Include{podOptions} +# Include{serviceRoot} +# Include{serviceMain} +# Include{serviceSelectorLoadBalancer} +# Include{serviceSelectorExtras} + - variable: main + label: "Main Service Port Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Port" + description: "This port exposes the container port on the service" + schema: + type: int + default: 10613 + required: true +# Include{serviceExpertRoot} +# Include{serviceExpert} +# Include{serviceList} +# Include{persistenceRoot} + - variable: uploads + label: "App Uploads Storage" + description: "Stores the Application Uploads." + schema: + additional_attrs: true + type: dict + attrs: +# Include{persistenceBasic} + - variable: logs + label: "App Logs Storage" + description: "Stores the Application Logs." + schema: + additional_attrs: true + type: dict + attrs: +# Include{persistenceBasic} +# Include{persistenceList} +# Include{ingressRoot} + - variable: main + label: "Main Ingress" + schema: + additional_attrs: true + type: dict + attrs: +# Include{ingressDefault} +# Include{ingressTLS} +# Include{ingressTraefik} +# Include{ingressAdvanced} +# Include{ingressList} +# Include{securityContextRoot} + + - variable: runAsUser + label: "runAsUser" + description: "The UserID of the user running the application" + schema: + type: int + default: 568 + - variable: runAsGroup + label: "runAsGroup" + description: "The groupID of the user running the application" + schema: + type: int + default: 568 +# Include{securityContextContainer} +# Include{securityContextAdvanced} +# Include{securityContextPod} + - variable: fsGroup + label: "fsGroup" + description: "The group that should own ALL storage." + schema: + type: int + default: 568 + +# Include{resources} +# Include{advanced} +# Include{addons} +# Include{codeserver} +# Include{netshoot} +# Include{vpn} +# Include{documentation} diff --git a/charts/incubator/ctfd/templates/NOTES.txt b/charts/incubator/ctfd/templates/NOTES.txt new file mode 100644 index 00000000000..efcb74cb772 --- /dev/null +++ b/charts/incubator/ctfd/templates/NOTES.txt @@ -0,0 +1 @@ +{{- include "tc.v1.common.lib.chart.notes" $ -}} diff --git a/charts/incubator/ctfd/templates/_secrets.tpl b/charts/incubator/ctfd/templates/_secrets.tpl new file mode 100644 index 00000000000..b82fa9aeea8 --- /dev/null +++ b/charts/incubator/ctfd/templates/_secrets.tpl @@ -0,0 +1,13 @@ +{{/* Define the secrets */}} +{{- define "ctfd.secrets" -}} + +{{- $secretName := (printf "%s-ctfd-secrets" (include "tc.v1.common.lib.chart.names.fullname" $)) -}} + +{{- $secret_key := randAlphaNum 32 -}} +{{- with (lookup "v1" "Secret" .Release.Namespace $secretName) -}} + {{- $secret_key = index .data "SECRET_KEY" | b64dec -}} +{{- end }} +enabled: true +data: + SECRET_KEY: {{ $secret_key }} +{{- end -}} diff --git a/charts/incubator/ctfd/templates/common.yaml b/charts/incubator/ctfd/templates/common.yaml new file mode 100644 index 00000000000..f3853cac402 --- /dev/null +++ b/charts/incubator/ctfd/templates/common.yaml @@ -0,0 +1,11 @@ +{{/* Make sure all variables are set properly */}} +{{- include "tc.v1.common.loader.init" . }} + +{{/* Render secrets for ctfd */}} +{{- $secrets := include "ctfd.secrets" . | fromYaml -}} +{{- if $secrets -}} + {{- $_ := set .Values.secret "ctfd-secrets" $secrets -}} +{{- end -}} + +{{/* Render the templates */}} +{{ include "tc.v1.common.loader.apply" . }} diff --git a/charts/incubator/ctfd/values.yaml b/charts/incubator/ctfd/values.yaml new file mode 100644 index 00000000000..bf7729f9b76 --- /dev/null +++ b/charts/incubator/ctfd/values.yaml @@ -0,0 +1,81 @@ +image: + repository: tccr.io/truecharts/ctfd + pullPolicy: IfNotPresent + tag: v3.5.3@sha256:f2de4da7263eb368c7999eacb3faa2663cb74ae63b37f77ba4a69a991196c886 + +service: + main: + ports: + main: + protocol: http + targetPort: 8000 + port: 10613 + +workload: + main: + podSpec: + containers: + main: + env: + # filesystem | s3 + UPLOAD_PROVIDER: filesystem + # set storage locations. + UPLOAD_FOLDER: "{{ .Values.persistence.uploads.mountPath }}" + LOG_FOLDER: "{{ .Values.persistence.logs.mountPath }}" + SECRET_KEY: + secretKeyRef: + name: ctfd-secrets + key: SECRET_KEY + DATABASE_PORT: 3306 + DATABASE_NAME: "{{ .Values.mariadb.mariadbDatabase }}" + DATABASE_USER: "{{ .Values.mariadb.mariadbUsername }}" + DATABASE_HOST: + secretKeyRef: + expandObjectName: false + name: '{{ printf "%s-%s" .Release.Name "mariadbcreds" }}' + key: plainhost + DATABASE_PASSWORD: + secretKeyRef: + expandObjectName: false + name: '{{ printf "%s-%s" .Release.Name "mariadbcreds" }}' + key: mariadb-password + REDIS_URL: + secretKeyRef: + expandObjectName: false + name: '{{ printf "%s-%s" .Release.Name "rediscreds" }}' + key: url + MAIL_USEAUTH: false + MAILFROM_ADDR: "" + MAIL_SERVER: "" + MAIL_PORT: 587 + MAIL_USERNAME: "" + MAIL_PASSWORD: "" + MAIL_TLS: false + MAIL_SSL: false + # CTFd will not load any plugins which may alleviate issues preventing CTFd from starting, default is false. + SAFE_MODE: true + REVERSE_PROXY: false + # majorleaguecyber + OAUTH_CLIENT_ID: "" + OAUTH_CLIENT_SECRET: "" + +mariadb: + enabled: true + mariadbUsername: ctfd + mariadbDatabase: ctfd + +redis: + enabled: true + redisUsername: default + +persistence: + uploads: + enabled: true + mountPath: "/uploads" + logs: + enabled: true + mountPath: "/logs" + +portal: + open: + enabled: true