klodd/12-klodd.yaml

apiVersion: v1
kind: Namespace
metadata:
  name: klodd

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: klodd
  namespace: klodd

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: klodd
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: klodd
subjects:
  - kind: ServiceAccount
    name: klodd
    namespace: klodd

---
kind: ConfigMap
apiVersion: v1
metadata:
  name: klodd-conf
  namespace: klodd
data:
  # Klodd uses secret here, but I really can't be bothered to base64 encode it each time, it also doesn't provide much security in our single challenge cluster
  config.yaml: |
    challengeDomain: instancer.idek.team
    kubeConfig: cluster
    publicUrl: https://instancer.idek.team
    rctfUrl: https://ctf.idek.team
    traefik:
      httpEntrypoint: websecure
      tcpEntrypoint: tcp
      tcpPort: 1337
    ingress:
      namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: default
      podSelector:
        matchLabels:
          app: traefik
    secretKey: "HAHA"
    recaptcha:
      siteKey: 6LetTCcqAAAAACDQtu2uJfPzqiWp0dAKuZGPVSOs
      secretKey: 6LetTCcqAAAAAJPmWGToJSiqF6U-e9s809E2dCjj

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: klodd
  namespace: klodd
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: klodd
  template:
    metadata:
      labels:
        app.kubernetes.io/name: klodd
    spec:
      serviceAccountName: klodd
      volumes:
        - name: config
          configMap:
            name: klodd-conf
      containers:
        - name: klodd
          image: ghcr.io/tjcsec/klodd:master
          volumeMounts:
            - name: config
              mountPath: /app/config/
              readOnly: true
          ports:
            - name: public
              containerPort: 5000

---
apiVersion: v1
kind: Service
metadata:
  name: klodd
  namespace: klodd
spec:
  type: ClusterIP
  selector:
    app.kubernetes.io/name: klodd
  ports:
    - name: public
      port: 5000

---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: klodd
  namespace: klodd
  annotations:
    kubernetes.io/ingress.class: traefik
spec:
  rules:
    - host: instancer.idek.team
      http:
        paths:
          - backend:
              service:
                name: klodd
                port:
                  number: 5000
            path: /
            pathType: ImplementationSpecific