Skip to content

Commit

Permalink
[MRG] Merge pull request #327 from BrianMer/develop
Browse files Browse the repository at this point in the history 
Fixing bug in source/app/post_init.py + improved the K8S deployment.
  • Loading branch information
@whikernel
whikernel authored Jan 15, 2024
2 parents 1c1bc20 + a109ef1 commit 0616eb6
Show file tree
Hide file tree
Showing 9 changed files with 169 additions and 104 deletions.
Empty file added certificates/ldap/.gitkeep
View file
Empty file.
1 change: 1 addition & 0 deletions deploy/kubernetes/charts/certificates
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
../../../certificates/
84 changes: 80 additions & 4 deletions deploy/kubernetes/charts/templates/iris_app.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,42 @@
apiVersion: v1
kind: Secret
metadata:
name: iris-root-ca-cert-secret-app
labels:
app: {{ .Values.irisworker.app }}
type: Opaque
data:
{{ (.Files.Glob "certificates/rootCA/irisRootCACert.pem").AsSecrets | indent 2 }}
---
apiVersion: v1
kind: Secret
metadata:
name: iris-ldap-certs-secret-app
labels:
app: {{ .Values.irisworker.app }}
type: Opaque
data:
{{ (.Files.Glob "certificates/ldap/*").AsSecrets | indent 2 }}
---
apiVersion: v1
kind: Secret
metadata:
name: iris-certs-dir-rootca-secrets-app
labels:
app: {{ .Values.irisworker.app }}
type: Opaque
data:
{{ (.Files.Glob "certificates/rootCA/*").AsSecrets | indent 2 }}
---
apiVersion: v1
kind: Secret
metadata:
name: iris-certs-dir-webcerts-secrets-app
labels:
app: {{ .Values.irisworker.app }}
type: Opaque
data:
{{ (.Files.Glob "certificates/web_certificates/*").AsSecrets | indent 2 }}
---
apiVersion: apps/v1
kind: Deployment
Expand Down Expand Up @@ -47,7 +86,21 @@ spec:

- name: IRIS_SECURITY_PASSWORD_SALT
value: {{ .Values.irisapp.IRIS_SECURITY_PASSWORD_SALT | quote }}


- name: DB_RETRY_COUNT
value: {{ .Values.irisapp.DB_RETRY_COUNT | quote }}

- name: DB_RETRY_DELAY
value: {{ .Values.irisapp.DB_RETRY_DELAY | quote }}

- name: INTERFACE_HTTPS_PORT
value: {{ .Values.irisapp.INTERFACE_HTTPS_PORT | quote }}

- name: IRIS_ADM_USERNAME
value: {{ .Values.irisapp.IRIS_ADM_USERNAME | quote }}

- name: IRIS_ADM_PASSWORD
value: {{ .Values.irisapp.IRIS_ADM_PASSWORD | quote }}

ports:
- containerPort: 8000
Expand All @@ -59,16 +112,39 @@ spec:
name: user-templates
- mountPath: /home/iris/server_data
name: server-data
- mountPath: /etc/irisRootCACert.pem
name: iris-root-ca-cert
subPath: irisRootCACert.pem
readOnly: true
- mountPath: /home/iris/certificates/rootCA
name: iris-certs-dir-rootca
readOnly: true
- mountPath: /home/iris/certificates/web_certificates
name: iris-certs-dir-webcerts
readOnly: true
- mountPath: /iriswebapp/certificates/ldap/
name: iris-ldap-certs
readOnly: true
volumes:
- name: iris-downloads
emptyDir: {}
- name: user-templates
emptyDir: {}
- name: server-data
emptyDir: {}

- name: iris-root-ca-cert
secret:
secretName: iris-root-ca-cert-secret-app
- name: iris-ldap-certs
secret:
secretName: iris-ldap-certs-secret-app
- name: iris-certs-dir-rootca
secret:
secretName: iris-certs-dir-rootca-secrets-app
- name: iris-certs-dir-webcerts
secret:
secretName: iris-certs-dir-webcerts-secrets-app
---

apiVersion: v1
kind: Service
metadata:
Expand All @@ -82,4 +158,4 @@ spec:
targetPort: {{ .Values.irisapp.service.targetPort }}
selector:
app: {{ .Values.irisapp.app }}
---
---
73 changes: 67 additions & 6 deletions deploy/kubernetes/charts/templates/iris_worker.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,42 @@
apiVersion: v1
kind: Secret
metadata:
name: iris-root-ca-cert-secret-worker
labels:
app: {{ .Values.irisworker.app }}
type: Opaque
data:
{{ (.Files.Glob "certificates/rootCA/irisRootCACert.pem").AsSecrets | indent 2 }}
---
apiVersion: v1
kind: Secret
metadata:
name: iris-ldap-certs-secret-worker
labels:
app: {{ .Values.irisworker.app }}
type: Opaque
data:
{{ (.Files.Glob "certificates/ldap/*").AsSecrets | indent 2 }}
---
apiVersion: v1
kind: Secret
metadata:
name: iris-certs-dir-rootca-secrets-worker
labels:
app: {{ .Values.irisworker.app }}
type: Opaque
data:
{{ (.Files.Glob "certificates/rootCA/*").AsSecrets | indent 2 }}
---
apiVersion: v1
kind: Secret
metadata:
name: iris-certs-dir-webcerts-secrets-worker
labels:
app: {{ .Values.irisworker.app }}
type: Opaque
data:
{{ (.Files.Glob "certificates/web_certificates/*").AsSecrets | indent 2 }}
---
apiVersion: apps/v1
kind: Deployment
Expand All @@ -17,7 +56,7 @@ spec:
- name: {{ .Values.irisworker.name }}
image: "{{ .Values.irisworker.image}}:{{ .Values.irisworker.tag }}"
imagePullPolicy: "{{ .Values.irisworker.imagePullPolicy }}"
command: ['./wait-for-iriswebapp.sh', 'iriswebapp-app.test.svc.cluster.local:8000', './iris-entrypoint.sh', 'iris-worker']
command: ['./wait-for-iriswebapp.sh', "{{ .Values.irisapp.name }}:{{ .Values.irisapp.service.port }}", './iris-entrypoint.sh', 'iris-worker']

env:

Expand Down Expand Up @@ -49,21 +88,43 @@ spec:
value: {{ .Values.irisworker.IRIS_SECURITY_PASSWORD_SALT | quote }}


ports:
- containerPort: 80

volumeMounts:
- mountPath: /home/iris/downloads
name: iris-downloads
name: iris-downloads
- mountPath: /home/iris/user_templates
name: user-templates
- mountPath: /home/iris/server_data
name: server-data
- mountPath: /etc/irisRootCACert.pem
name: iris-root-ca-cert
subPath: irisRootCACert.pem
readOnly: true
- mountPath: /home/iris/certificates/rootCA
name: iris-certs-dir-rootca
readOnly: true
- mountPath: /home/iris/certificates/web_certificates
name: iris-certs-dir-webcerts
readOnly: true
- mountPath: /iriswebapp/certificates/ldap/
name: iris-ldap-certs
readOnly: true
volumes:
- name: iris-downloads
emptyDir: {}
- name: user-templates
emptyDir: {}
- name: server-data
emptyDir: {}
---
- name: iris-root-ca-cert
secret:
secretName: iris-root-ca-cert-secret-worker
- name: iris-certs-dir-rootca
secret:
secretName: iris-certs-dir-rootca-secrets-worker
- name: iris-ldap-certs
secret:
secretName: iris-ldap-certs-secret-worker
- name: iris-certs-dir-webcerts
secret:
secretName: iris-certs-dir-webcerts-secrets-worker
---
1 change: 1 addition & 0 deletions deploy/kubernetes/charts/templates/nginx_ingress.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ metadata:
annotations:
{{- toYaml .Values.ingress.annotations | nindent 4 }}
spec:
ingressClassName: {{ .Values.ingress.className }}
rules:
{{- range $host := .Values.ingress.hosts }}
- host: {{ $host.host }}
Expand Down
23 changes: 14 additions & 9 deletions deploy/kubernetes/charts/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,12 +82,11 @@ irisapp:
## @param irisapp.service Iris Frontend Service
##
service:
port: 80
targetPort: 8000
port: 8000

## @param irisapp.type Iris Frontend Service type
##
type: ClusterIP
type: NodePort

## @param Iris Frontend Environments
##
Expand All @@ -100,6 +99,12 @@ irisapp:
DOCKERIZED: 1
IRIS_SECRET_KEY: AVerySuperSecretKey-SoNotThisOne
IRIS_SECURITY_PASSWORD_SALT: ARandomSalt-NotThisOneEither
IRIS_ADM_USERNAME: administrator
# Must be 12 characters minimum and contains a capital letter and a number.
IRIS_ADM_PASSWORD: Hello12345!
DB_RETRY_COUNT: 5
DB_RETRY_DELAY: 5
INTERFACE_HTTPS_PORT: 443

## @section Iris Backend Configuration
##
Expand Down Expand Up @@ -144,16 +149,16 @@ ingress:
annotations:
# Add any annotations specific to your Ingress controller
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/rewrite-target: /$1
nginx.ingress.kubernetes.io/ssl-redirect: "true"
hosts:
- host: <host_name>
paths:
- path: /
pathType: Prefix
- path: /(.*)
pathType: ImplementationSpecific
serviceName: iriswebapp-app
servicePort: 80
servicePort: 8000
tls:
- secretName: iris-ingress-tls-secret
hosts:
- <host_name>
- <host_name>
4 changes: 2 additions & 2 deletions docker/webApp/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ RUN apt update
RUN apt install -y p7zip-full pgp rsync postgresql-client

RUN mkdir /iriswebapp/
RUN mkdir -p /home/iris/certificates
RUN mkdir -p /home/iris/certificates/{rootCA,web_certificates}
RUN mkdir -p /home/iris/user_templates
RUN mkdir -p /home/iris/server_data
RUN mkdir -p /home/iris/server_data/backup
Expand All @@ -71,4 +71,4 @@ RUN chmod +x /iriswebapp/dependencies/evtxdump_binaries/linux/x64/evtx_dump

RUN chmod +x iris-entrypoint.sh
RUN chmod +x wait-for-iriswebapp.sh
#ENTRYPOINT [ "./iris-entrypoint.sh" ]
#ENTRYPOINT [ "./iris-entrypoint.sh" ]
77 changes: 0 additions & 77 deletions docker/webApp/Dockerfile.k8s
View file

This file was deleted.

10 changes: 4 additions & 6 deletions source/app/post_init.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -121,20 +121,18 @@ def run_post_init(development=False):
log.info(f'IRIS {app.config.get("IRIS_VERSION")}')
log.info("Running post initiation steps")

conn = None

if os.getenv("IRIS_WORKER") is None:
# Attempt to connect to the database with retries
log.info("Attempting to connect to the database...")
for i in range(retry_count):
log.info("Connecting to database, attempt " + str(i + 1) + "/" + str(retry_count))
conn = connect_to_database(db_host, db_port)
if conn is not None:
log.info("Connecting to database, attempt " + str(i+1) + "/" + str(retry_count))
conn = connect_to_database(db_host,db_port)
if conn:
break
log.info("Retrying in " + str(retry_delay) + "seconds...")
time.sleep(retry_delay)
# If the connection is still not established, exit the script
if conn is None:
if not conn:
log.info("Failed to connect to database after " + str(retry_count) + " attempts.")
exit(1)

Expand Down

0 comments on commit 0616eb6

Please sign in to comment.