diff --git a/kind-init.sh b/kind-init.sh new file mode 120000 index 0000000000..a451f7834d --- /dev/null +++ b/kind-init.sh @@ -0,0 +1 @@ +todolist-goof/k8s/kind-init.sh \ No newline at end of file diff --git a/log4shell-goof/log4shell-server/Dockerfile b/log4shell-goof/log4shell-server/Dockerfile index d47ecfd219..474f847c35 100644 --- a/log4shell-goof/log4shell-server/Dockerfile +++ b/log4shell-goof/log4shell-server/Dockerfile @@ -1,5 +1,6 @@ FROM maven:3-jdk-8-slim as build -COPY . . +COPY pom.xml pom.xml +COPY src src RUN --mount=target=$HOME/.m2,type=cache mvn clean compile assembly:single FROM openjdk:8 as ldap diff --git a/log4shell-goof/log4shell-server/k8s/imagebuild.sh b/log4shell-goof/log4shell-server/k8s/imagebuild.sh index b277df3255..5fe689d04d 100755 --- a/log4shell-goof/log4shell-server/k8s/imagebuild.sh +++ b/log4shell-goof/log4shell-server/k8s/imagebuild.sh @@ -1,4 +1,5 @@ #!/usr/bin/env bash +MYDIR=$(dirname $0) if [[ "$1" == "" ]]; then read -e -i "${DOCKER_ACCOUNT}" -p "Please enter your DockerHub user/account name: " input name="${input:-$DOCKER_ACCOUNT}" diff --git a/todolist-goof/.dockerignore b/todolist-goof/.dockerignore new file mode 100644 index 0000000000..992d59996f --- /dev/null +++ b/todolist-goof/.dockerignore @@ -0,0 +1,3 @@ +exploits +k8s +**/target diff --git a/todolist-goof/Dockerfile b/todolist-goof/Dockerfile index 399722f197..3d4c4fdfda 100644 --- a/todolist-goof/Dockerfile +++ b/todolist-goof/Dockerfile @@ -1,14 +1,19 @@ FROM maven:3-jdk-8-slim as build RUN mkdir /usr/src/goof -COPY . /usr/src/goof WORKDIR /usr/src/goof + +COPY pom.xml pom.xml +COPY src src +COPY todolist-core todolist-core +COPY todolist-web-common todolist-web-common +COPY todolist-web-struts todolist-web-struts RUN --mount=target=$HOME/.m2,type=cache mvn install FROM tomcat:8.5.21 RUN mkdir /tmp/extracted_files -COPY --chown=tomcat:tomcat web.xml /usr/local/tomcat/conf/web.xml +COPY web.xml /usr/local/tomcat/conf/web.xml COPY --from=build /usr/src/goof/todolist-web-struts/target/todolist /usr/local/tomcat/webapps/todolist COPY --from=build /usr/local/openjdk-8/bin/native2ascii /docker-java-home/jre/bin/native2ascii COPY --from=build /usr/local/openjdk-8/lib/tools.jar /docker-java-home/jre/lib/tools.jar diff --git a/todolist-goof/k8s/kind-config.yaml b/todolist-goof/k8s/kind-config.yaml new file mode 100644 index 0000000000..13e76dda0d --- /dev/null +++ b/todolist-goof/k8s/kind-config.yaml @@ -0,0 +1,4 @@ +kind: Cluster +apiVersion: kind.x-k8s.io/v1alpha4 +networking: + disableDefaultCNI: true diff --git a/todolist-goof/k8s/kind-init.sh b/todolist-goof/k8s/kind-init.sh new file mode 100755 index 0000000000..4735431ee3 --- /dev/null +++ b/todolist-goof/k8s/kind-init.sh @@ -0,0 +1,5 @@ +#!/bin/bash +MYDIR="$(dirname "$(readlink "$0")")" +kind create cluster --config $MYDIR/kind-config.yaml +kubectl apply -f $MYDIR/calico.yaml +$MYDIR/lb.sh diff --git a/todolist-goof/k8s/lb.sh b/todolist-goof/k8s/lb.sh new file mode 100755 index 0000000000..f2eb84053b --- /dev/null +++ b/todolist-goof/k8s/lb.sh @@ -0,0 +1,13 @@ +#!/bin/bash +MYDIR=$(dirname $0) +export KIND_SUBNET=$(docker network inspect kind -f '{{(index .IPAM.Config 0).Subnet}}' | cut -f 1,2 -d '.') +kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/master/manifests/namespace.yaml +kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)" +kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/master/manifests/metallb.yaml +kubectl wait --namespace=metallb-system \ + --for=condition=ready pod \ + --selector=app=metallb \ + --timeout=90s +cat $MYDIR/metallb-config.yaml | envsubst | kubectl apply -f - + + diff --git a/todolist-goof/k8s/metallb-config.yaml b/todolist-goof/k8s/metallb-config.yaml new file mode 100644 index 0000000000..f25ec049e6 --- /dev/null +++ b/todolist-goof/k8s/metallb-config.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: metallb-system + name: config +data: + config: | + address-pools: + - name: default + protocol: layer2 + addresses: + - ${KIND_SUBNET}.255.200-${KIND_SUBNET}.255.250