add cyberchef

README.md

@@ -38,6 +38,7 @@ Bare-Metal Home Lab for Kubernetes and Technical Playground.
 | Category     | Name                                                                                                | Remarks                                                                          |
 |--------------|-----------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------|
 | Application  | [AdGuard Home](https://github.com/AdguardTeam/AdGuardHome)                                          | Ad and tracker-blocking DNS server                                               |
+| Application  | [CyberChef](helm-charts/cyberchef)                                                                  | [The Cyber Swiss Army Knife by GCHQ](https://github.com/gchq/CyberChef)          |
 | Application  | [Home Assistant](https://www.home-assistant.io/)                                                    | Home Automation                                                                  |
 | Application  | [Jellyfin](https://jellyfin.org/)                                                                   | Home Media System                                                                |
 | Application  | [Repave](helm-charts/repave)                                                                        | Daily restart of workloads within the cluster                                    |

argocd/manifest.jsonnet

@@ -17,6 +17,7 @@ local _ignoreDifferences = {
 
 local application = [
   { wave: '10', name: 'adguard-home', namespace: 'adguard-home', syncOptions: ['RespectIgnoreDifferences=true'], ignoreDifferences: _ignoreDifferences.application.adguardHome },
+  { wave: '10', name: 'cyberchef', namespace: 'cyberchef' },
   { wave: '10', name: 'home-assistant-volume', namespace: 'home-assistant' },
   { wave: '10', name: 'jellyfin-volume', namespace: 'jellyfin' },
   { wave: '10', name: 'jung2bot', namespace: 'jung2bot', path: 'helm-charts/jung2bot' },

helm-charts/cyberchef/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

helm-charts/cyberchef/Chart.yaml

@@ -0,0 +1,5 @@
+apiVersion: v2
+name: cyberchef
+description: A Helm chart for Kubernetes
+type: application
+version: 0.1.0

helm-charts/cyberchef/templates/deployment.yaml

@@ -0,0 +1,33 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Values.name }}
+  namespace: {{ .Values.namespace }}
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ .Values.name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ .Values.name }}
+    spec:
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000
+      containers:
+        - name: cyberchef
+          image: {{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}
+          securityContext:
+            allowPrivilegeEscalation: false
+          ports:
+            - name: main
+              containerPort: 8000
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              port: 8000
+              path: /
+              scheme: HTTP
+          resources:
+            {{- toYaml .Values.deployment.resources | nindent 12 }}

helm-charts/cyberchef/templates/service.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Values.name }}
+  namespace: {{ .Values.namespace }}
+spec:
+  type: ClusterIP
+  ports:
+    - name: main
+      port: {{ .Values.virtualService.service.port }}
+      protocol: TCP
+      targetPort: 8000
+  selector:
+    app.kubernetes.io/name: {{ .Values.name }}

helm-charts/cyberchef/templates/virtual-service.yaml

@@ -0,0 +1,19 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: {{ .Values.name }}
+  namespace: {{ .Values.namespace }}
+spec:
+  hosts:
+    - "cyberchef.internal.siutsin.com"
+  gateways:
+    - istio-ingress-internal/gateway
+  http:
+    - match:
+        - uri:
+            prefix: /
+      route:
+        - destination:
+            port:
+              number: {{ .Values.virtualService.service.port }}
+            host: {{ .Values.name }}.{{ .Values.namespace }}.svc.cluster.local

helm-charts/cyberchef/values.yaml

@@ -0,0 +1,18 @@
+name: cyberchef
+namespace: cyberchef
+
+deployment:
+  image:
+    repository: mpepping/cyberchef
+    tag: v10.14.0@sha256:5ba21489a888c5f5485bba8ea6450f774c1ace835991d4a2695a45669dccd10c
+  resources:
+    requests:
+      cpu: 10m
+      memory: 50Mi
+    limits:
+      memory: 50Mi
+
+virtualService:
+  service:
+    port: 10219
+    loadBalancerIP: 192.168.1.51

helm-charts/namespaces/values.yaml

@@ -3,6 +3,7 @@ namespaces:
   - namespace: argocd
   - namespace: cert-manager
   - namespace: cloudflare-tunnel
+  - namespace: cyberchef
   - namespace: descheduler
   - namespace: external-secrets
   - namespace: home-assistant

infrastructure/cloud/cloudflare/dns/terragrunt.hcl

@@ -50,6 +50,11 @@ inputs = {
       value = local.internal_ip
     },
 
+    cyberchef_internal = {
+      name  = "cyberchef.internal"
+      value = local.internal_ip
+    },
+
     home_assistant_internal = {
       name  = "home-assistant.internal"
       value = local.internal_ip