Tips-Of-Mine/soc-fortress
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first sync
Some checks failed
Deployment Verification / deploy-and-test (push) Failing after 29s
Details

Browse Source
This commit is contained in:
Hubert Cornet
2025-03-04 07:59:21 +01:00
parent 9cdcf486b6
commit 506716e703
1450 changed files with 577316 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
iris-web/deploy/eks_manifest/Makefile Normal file
View File

@ -0,0 +1,41 @@
.DEFAULT_GOAL := help
file := $2
IN_DIR = $(PWD)
.PHONY: help
help: ## Print the help message
@awk 'BEGIN {FS = ":.*?## "} /^[0-9a-zA-Z_-]+:.*?## / {printf "\033[36m%s\033[0m : %s\n", $$1, $$2}' $(MAKEFILE_LIST) | \
sort | \
column -s ':' -t
.PHONY: create
create: ## Create the iris app
kubectl apply -k $(IN_DIR)/admin; \
kubectl apply -k $(IN_DIR)/rabbitmq; \
kubectl apply -k $(IN_DIR)/psql; \
kubectl apply -k $(IN_DIR)/app; \
kubectl apply -k $(IN_DIR)/worker
.PHONY: delete
delete: ## Delete the iris app
kubectl delete -k $(IN_DIR)/worker ;\
kubectl delete -k $(IN_DIR)/app ;\
kubectl delete -k $(IN_DIR)/rabbitmq ;\
kubectl delete -k $(IN_DIR)/psql ;\
kubectl delete -k $(IN_DIR)/admin
.PHONY: deploy-specific-kustomization
deploy-specific-kustomization: ## Delpoy specific kustomization (ex- make deploy-specific-kustomization ARGS="path of kustomization.yml dir")
kubectl apply -k $(ARGS)
.PHONY: delete-specific-kustomization
delete-specific-kustomization: ## Delete specific kustomization (ex- make delete-specific-kustomization ARGS="path of kustomization.yml dir")
kubectl delete -k $(ARGS)
.PHONY: deploy-specific-manifest
deploy-specific-manifest: ## deploy specific manifest (ex- make deploy-specific-manifest ARGS="path of manifest dir")
kubectl apply -f $(ARGS)
.PHONY: delete-specific-manifest
delete-specific-manifest: ## delete specific manifest (ex- make delete-specific-manifest ARGS="path of manifest dir")
kubectl apply -f $(ARGS)

80
iris-web/deploy/eks_manifest/README.md Normal file
View File

@ -0,0 +1,80 @@
# The Iris EKS manifest to deploy Iris-web on AWS EKS.
Description:
- This manifest file will help to deploy the application on the AWS EKS.
## Prerequisites;
- Install AWS [CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html#getting-started-install-instructions)
- Setup AWS EKS cluster. (terraform example [here](https://github.com/s3lva-kumar/terraform-aws-eks))
- Install AWS ebs CSI driver add-on on EKS cluster. (terraform example [here](https://github.com/s3lva-kumar/terraform-eks-plugin/tree/master/terraform-amazon-ebs-csi-driver))
- Install AWS alb ingress controler add-on on EKS cluster. (terraform example [here](https://github.com/s3lva-kumar/terraform-eks-plugin/tree/master/terraform-amazon-alb-ingress))
## Build & push Docker Images
- To build the docker images follow the commands 👇
``` bash
# Clone the iris-web repository
$ git clone https://github.com/dfir-iris/iris-web.git
$ cd iris-web
# Build the dockers (Build webApp and db docker images, skip the nginx because we using AWS ALB instead of nginx)
# app & woker:
$ docker build -t webapp:latest -f docker/webApp/Dockerfile .
# DB:
$ docker build -t db:latest -f docker/db/Dockerfile .
```
- Once the docker images built, push those images into AWS ECR
## Deploy:
- Before we deploy the manifeat, we need to update the Docker image on our manifest.
*Note: Same docker image to the app and worker*
- ### update app image:
- Naviaget to the deploy/eks_manifest/app directory.
- open the *deployment.yml* file and update the image here, which we pushed on the ECR.
![App Screenshot](./images/app-image-update.png)
- ### update worker image:
- Naviaget to the deploy/eks_manifest/worker directory.
- open the *deployment.yml* file and update the image here, which we pushed on the ECR.
![App Screenshot](./images/worker-image-update.png)
- ### update db image:
- Naviaget to the deploy/eks_manifest/psql directory.
- open the *deployment.yml* file and update the image here, which we pushed on the ECR.
![App Screenshot](./images/db-image-update.png)
- ### update the SSL and domain name on app ingress YAML file
- Naviaget to the deploy/eks_manifest/app directory.
- open the *ingress.yml* file and update the SSL and host
![App Screenshot](./images/ingress.png)
- *Note:*
- SSL :
Give a ACM certificate ARN.
- HOST :
Give the host name whatever you want. In additionally, once the ingress created it will be provisioned the ALB on AWS with this name "iris-alb". Then, configure the DNS 'CNAME' record with hostname *(which you given on ingress file)* point to the AWS alb 'DNS'
![APP Screenshot](./images/alb-dns.png)
- ### once updated the all the things which is mentioned above, then run the **Makefile**
- Navigate to the *deploy/eks_manifest*, here you can see the 'Makefile'
- To deploy app, run
``` bash
$ make
$ make create
```
- To delete app, run
*caution: it will be delete all things exclude DB*
``` bash
$ make
$ make delete
```
- ### Get Admin username and password
- Once everything created we can get administrator username and password from the app _pod_
``` bash
$ kubectl get pod -n iris-web
# Copy the pod name and give it on the below command (pod name looks like "pod/iris-app-deployment-🎲")
$ kubectl logs <pod_name> -n iris-web
# You can see the credential at the end of the logs
```

14
iris-web/deploy/eks_manifest/admin/claim.yml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
namespace: iris-web
name: iris-psql-claim
labels:
site: iris
spec:
accessModes:
- ReadWriteOnce
storageClassName: iris-sc
resources:
requests:
storage: 30Gi

10
iris-web/deploy/eks_manifest/admin/kustomization.yml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
metadata:
name: admin-kustomize
labels:
site: iris
resources:
- namespace.yml
- storageclass.yml
- claim.yml

6
iris-web/deploy/eks_manifest/admin/namespace.yml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: iris-web
labels:
site: iris

13
iris-web/deploy/eks_manifest/admin/storageclass.yml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: iris-sc
labels:
site: iris
parameters:
fsType: ext4
type: gp2
provisioner: ebs.csi.aws.com
volumeBindingMode: WaitForFirstConsumer
allowVolumeExpansion: true
reclaimPolicy: Retain

7
iris-web/deploy/eks_manifest/app/configmap.yml Normal file
View File

@ -0,0 +1,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
namespace: iris-web
name: app-data
data:
POSTGRES_SERVER: iris-psql-service

86
iris-web/deploy/eks_manifest/app/deployment.yml Normal file
View File

@ -0,0 +1,86 @@
# deployment
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: iris-web
name: iris-app-deployment
labels:
site: iris
app: iris-app
spec:
replicas: 1
selector:
matchLabels:
app: iris-app
template:
metadata:
labels:
app: iris-app
spec:
containers:
- name: iris-app
image: iriswebapp_app:v2.2.2
ports:
- containerPort: 8000
command: ['nohup', './iris-entrypoint.sh', 'iriswebapp']
env:
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: iris-app-secrets
key: POSTGRES_USER
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: iris-app-secrets
key: POSTGRES_PASSWORD
- name: POSTGRES_ADMIN_USER
valueFrom:
secretKeyRef:
name: iris-app-secrets
key: POSTGRES_ADMIN_USER
- name: POSTGRES_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: iris-app-secrets
key: POSTGRES_ADMIN_PASSWORD
- name: POSTGRES_PORT
valueFrom:
secretKeyRef:
name: iris-app-secrets
key: POSTGRES_PORT
- name: DOCKERIZED
valueFrom:
secretKeyRef:
name: iris-app-secrets
key: DOCKERIZED
- name: IRIS_SECRET_KEY
valueFrom:
secretKeyRef:
name: iris-app-secrets
key: IRIS_SECRET_KEY
- name: IRIS_SECURITY_PASSWORD_SALT
valueFrom:
secretKeyRef:
name: iris-app-secrets
key: IRIS_SECURITY_PASSWORD_SALT
- name: POSTGRES_SERVER
valueFrom:
configMapKeyRef:
name: app-data
key: POSTGRES_SERVER
volumeMounts:
- name: iris-pcv
mountPath: /home/iris/downloads
subPath: downloads
- name: iris-pcv
mountPath: /home/iris/user_templates
subPath: user_templates
- name: iris-pcv
mountPath: /home/iris/server_data
subPath: server_data
volumes:
- name: iris-pcv
persistentVolumeClaim:
claimName: iris-psql-claim

29
iris-web/deploy/eks_manifest/app/ingress.yml Normal file
View File

@ -0,0 +1,29 @@
apiVersion: networking.k8s.io/v1 #extensions/v1beta1
kind: Ingress
metadata:
name: "iris-ingress"
namespace: "iris-web"
annotations:
alb.ingress.kubernetes.io/scheme: 'internet-facing'
alb.ingress.kubernetes.io/target-type: 'ip'
alb.ingress.kubernetes.io/group.name: 'iris-alb-group'
alb.ingress.kubernetes.io/load-balancer-name: 'iris-alb'
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
alb.ingress.kubernetes.io/certificate-arn: 'arn:aws:acm:us-east-1:650601597349:certificate/4915ba65-ec07-44c7-8f42-897cfe1574bb'
alb.ingress.kubernetes.io/ssl-policy: 'ELBSecurityPolicy-TLS13-1-2-2021-06'
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
labels:
app: 'iris'
spec:
ingressClassName: 'alb'
rules:
- host: 'test.cmcloudlab1727.info'
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: "iris-app-service"
port:
number: 80

11
iris-web/deploy/eks_manifest/app/kustomization.yml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
metadata:
labels:
site: iris
resources:
- secrets.yml
- configmap.yml
- deployment.yml
- service.yml
- ingress.yml

17
iris-web/deploy/eks_manifest/app/secrets.yml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: v1
kind: Secret
metadata:
name: iris-app-secrets
namespace: iris-web
labels:
site: iris
type: Opaque
data:
POSTGRES_USER: cmFwdG9y
POSTGRES_PASSWORD: YWRtaW4=
POSTGRES_ADMIN_USER: cmFwdG9y
POSTGRES_ADMIN_PASSWORD: YWRtaW4=
POSTGRES_PORT: NTQzMg==
DOCKERIZED: MQ==
IRIS_SECRET_KEY: QVZlcnlTdXBlclNlY3JldEtleS1Tb05vdFRoaXNPbmU=
IRIS_SECURITY_PASSWORD_SALT: QVJhbmRvbVNhbHQtTm90VGhpc09uZUVpdGhlcg==

17
iris-web/deploy/eks_manifest/app/service.yml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: v1
kind: Service
metadata:
namespace: iris-web
name: iris-app-service
labels:
site: iris
annotations:
alb.ingress.kubernetes.io/healthcheck-path: '/login'
spec:
selector:
app: iris-app
ports:
- protocol: TCP
port: 80
targetPort: 8000
type: ClusterIP

BIN
iris-web/deploy/eks_manifest/images/alb-dns.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 23 KiB

BIN
iris-web/deploy/eks_manifest/images/app-image-update.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 64 KiB

BIN
iris-web/deploy/eks_manifest/images/db-image-update.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 62 KiB

BIN
iris-web/deploy/eks_manifest/images/ingress.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 70 KiB

BIN
iris-web/deploy/eks_manifest/images/worker-image-update.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 64 KiB

58
iris-web/deploy/eks_manifest/psql/deployment.yml Normal file
View File

@ -0,0 +1,58 @@
# deployment
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: iris-web
name: iris-psql-db-deployment
labels:
app: iris-psql
site: iris
spec:
replicas: 1
selector:
matchLabels:
app: iris-psql
template:
metadata:
labels:
app: iris-psql
spec:
containers:
- name: iris-psql-db
image: iriswebapp_db:v2.2.2
ports:
- containerPort: 5432
env:
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: iris-psql-secrets
key: POSTGRES_USER
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: iris-psql-secrets
key: POSTGRES_PASSWORD
- name: POSTGRES_ADMIN_USER
valueFrom:
secretKeyRef:
name: iris-psql-secrets
key: POSTGRES_ADMIN_USER
- name: POSTGRES_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: iris-psql-secrets
key: POSTGRES_ADMIN_PASSWORD
- name: POSTGRES_DB
valueFrom:
secretKeyRef:
name: iris-psql-secrets
key: POSTGRES_DB
volumeMounts:
- name: persistent-storage
mountPath: /var/lib/postgresql/data
subPath: psqldata
volumes:
- name: persistent-storage
persistentVolumeClaim:
claimName: iris-psql-claim

9
iris-web/deploy/eks_manifest/psql/kustomization.yml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
metadata:
labels:
site: iris
resources:
- secrets.yml
- deployment.yml
- service.yml

14
iris-web/deploy/eks_manifest/psql/secrets.yml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: v1
kind: Secret
metadata:
name: iris-psql-secrets
namespace: iris-web
labels:
site: iris
type: Opaque
data:
POSTGRES_USER: cG9zdGdyZXM=
POSTGRES_PASSWORD: YWRtaW4=
POSTGRES_ADMIN_USER: cmFwdG9y
POSTGRES_ADMIN_PASSWORD: YWRtaW4=
POSTGRES_DB: aXJpc19kYg==

15
iris-web/deploy/eks_manifest/psql/service.yml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
metadata:
namespace: iris-web
name: iris-psql-service
labels:
site: iris
spec:
selector:
app: iris-psql
ports:
- protocol: TCP
port: 5432
targetPort: 5432
type: ClusterIP

25
iris-web/deploy/eks_manifest/rabbitmq/deployment.yml Normal file
View File

@ -0,0 +1,25 @@
# deployment
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: iris-web
name: iris-rabbitmq-deployment
labels:
app: iris-rabbitmq
site: iris
spec:
replicas: 1
selector:
matchLabels:
app: iris-rabbitmq
template:
metadata:
labels:
app: iris-rabbitmq
spec:
containers:
- name: iris-rabbitmq
image: rabbitmq:3-management-alpine
ports:
- containerPort: 5672

9
iris-web/deploy/eks_manifest/rabbitmq/kustomization.yml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
metadata:
labels:
site: iris
resources:
- deployment.yml
- service.yml

15
iris-web/deploy/eks_manifest/rabbitmq/service.yml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
metadata:
namespace: iris-web
name: iris-rabbitmq-service
labels:
site: iris
spec:
selector:
app: iris-rabbitmq
ports:
- protocol: TCP
port: 5672
targetPort: 5672
type: ClusterIP

9
iris-web/deploy/eks_manifest/worker/configmap.yml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: v1
kind: ConfigMap
metadata:
namespace: iris-web
name: worker-data
data:
POSTGRES_SERVER: iris-psql-service
CELERY_BROKER: amqp://iris-rabbitmq-service
IRIS_WORKER: iris-worker-service

94
iris-web/deploy/eks_manifest/worker/deployment.yml Normal file
View File

@ -0,0 +1,94 @@
# deployment
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: iris-web
name: iris-worker-deployment
labels:
app: iris-worker
site: iris
spec:
replicas: 1
selector:
matchLabels:
app: iris-worker
template:
metadata:
labels:
app: iris-worker
spec:
containers:
- name: iris-worker
image: iriswebapp_app:v2.2.2
command: ['./wait-for-iriswebapp.sh', 'iris-app-service:8000', './iris-entrypoint.sh', 'iris-worker']
env:
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: iris-app-secrets
key: POSTGRES_USER
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: iris-app-secrets
key: POSTGRES_PASSWORD
- name: POSTGRES_ADMIN_USER
valueFrom:
secretKeyRef:
name: iris-app-secrets
key: POSTGRES_ADMIN_USER
- name: POSTGRES_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: iris-app-secrets
key: POSTGRES_ADMIN_PASSWORD
- name: POSTGRES_PORT
valueFrom:
secretKeyRef:
name: iris-app-secrets
key: POSTGRES_PORT
- name: DOCKERIZED
valueFrom:
secretKeyRef:
name: iris-app-secrets
key: DOCKERIZED
- name: IRIS_SECRET_KEY
valueFrom:
secretKeyRef:
name: iris-app-secrets
key: IRIS_SECRET_KEY
- name: IRIS_SECURITY_PASSWORD_SALT
valueFrom:
secretKeyRef:
name: iris-app-secrets
key: IRIS_SECURITY_PASSWORD_SALT
- name: POSTGRES_SERVER
valueFrom:
configMapKeyRef:
name: worker-data
key: POSTGRES_SERVER
- name: CELERY_BROKER
valueFrom:
configMapKeyRef:
name: worker-data
key: CELERY_BROKER
- name: IRIS_WORKER
valueFrom:
configMapKeyRef:
name: worker-data
key: IRIS_WORKER
volumeMounts:
- name: iris-pcv
mountPath: /home/iris/downloads
subPath: downloads
- name: iris-pcv
mountPath: /home/iris/user_templates
subPath: user_templates
- name: iris-pcv
mountPath: /home/iris/server_data
subPath: server_data
volumes:
- name: iris-pcv
persistentVolumeClaim:
claimName: iris-psql-claim

11
iris-web/deploy/eks_manifest/worker/kustomization.yml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
metadata:
labels:
site: iris
resources:
- secrets.yml
- configmap.yml
- deployment.yml
- service.yml

17
iris-web/deploy/eks_manifest/worker/secrets.yml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: v1
kind: Secret
metadata:
name: iris-worker-secrets
namespace: iris-web
labels:
site: iris
type: Opaque
data:
POSTGRES_USER: cmFwdG9y
POSTGRES_PASSWORD: YWRtaW4=
POSTGRES_ADMIN_USER: cmFwdG9y
POSTGRES_ADMIN_PASSWORD: YWRtaW4=
POSTGRES_PORT: NTQzMg==
DOCKERIZED: MQ==
IRIS_SECRET_KEY: QVZlcnlTdXBlclNlY3JldEtleS1Tb05vdFRoaXNPbmU=
IRIS_SECURITY_PASSWORD_SALT: QVJhbmRvbVNhbHQtTm90VGhpc09uZUVpdGhlcg==

14
iris-web/deploy/eks_manifest/worker/service.yml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: v1
kind: Service
metadata:
namespace: iris-web
name: iris-worker-service
labels:
site: iris
spec:
selector:
app: iris-worker
ports:
- protocol: TCP
port: 80
type: ClusterIP