values.yaml

# Default values for helm.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

# redis password
password: redis_password
redis_service_name: redis-service

# proxy console manage username/password
proxy_username: root
proxy_password: proxy_password

# console db
console_db_host: mysql-service
console_db_root_password: console_db_root_password
console_db_persistence_enabled: false     # true: use console_db_persistence_data_dir as hostpath
console_db_persistence_data_dir: /root/data
# console api
console_api_service_name: console-api-service
console_api_service_port: 80

poc_api_endpoint: console-api-service

# kafka
kafka_broker_service: ""
crawler_topic: crawler
crawler_group_id: crawler

# xray
xray_proxy_service: xray-proxy-service  # https/http proxy (attention: it should be better not to modify this name)
xray_proxy_port: 58088
xray_proxy_nodeport: 30088  # nodeport for xray_proxy_service, should be in range 30000-32767 on default k8s cluster

xray_webhook_service: xray-webhook-service
xray_webhook_port: 58089

# xray reverse
reverse_http_enable: false
reverse_dns_enable: false
reverse_client_enable: false

reverse_http_base_url: ""    # eg "leveryd.xxx.com"
reverse_listen_ip: "192.168.0.110"
reverse_dns_domain: ""   # eg "xxx.com"

# sensitive info
weixin_webhook_url: https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=07d4613c-45ef-46e2-9379-a7b2aade3132

# install
console: true
crawler: true
xray: true

# argo workflows server and controller config
argo-workflows:
  fullnameOverride: argo-workflows-app  # app name, attention: it should be better not to modify this name
  singleNamespace: true
  controller:
    serviceAccount:
      create: false
  workflow:
    rbac:
      create: false
  server:
    serviceAccount:
      create: false
    extraArgs:
      - "--auth-mode=client"
      - "--auth-mode=server"
    baseHref: /argo/
  crds:
    install: true
server:
  name: argo-server

console_domain: console.com   # ingress domain

# nuclei
# visit https://app.interactsh.com/ to get your unique domain
interactsh_server: "oast.fun"

# security
user_can_deploy_workflowtemplate: true  # if u set false, it will be more secure, because user can only run certain task

# elasticsearch
elasticsearch:
  esConfig:
    elasticsearch.yml: |
      http:
        cors.allow-origin: "*"
        cors.enabled : true
        cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE
        cors.allow-headers: X-Requested-With,X-Auth-Token,Content-Type,Content-Length
  replicas: 1   # single node
  extraVolumes:
    - name: init-script
      configMap:
        name: init-script
        items:
          - key: init.py
            path: init.py
  extraContainers:
    - name: init-es-pipeline
      image: python:3.8
      command:
        - python
      args:
        - '-u'
        - /tmp/init.py
      env:
        - name: PYTHONUNBUFFERED
          value: '1'
      volumeMounts:
        - name: init-script
          mountPath: /tmp/init.py
          subPath: init.py
  rbac:
    create: true

kibana:
  elasticsearchHosts: "http://elasticsearch-master:9200"
  kibanaConfig:
     kibana.yml: |
      server.basePath="/kibana"
      server.host="0.0.0.0"
      server.rewriteBasePath=true

# passive asset
fofa_key: ""
fofa_email: ""