A vulnerable Node.js web application based on the TimeOff Management app utilizing Bluefyre's kubernetes native runtime application security.
This repo sets up the docker image for the TimeOff Application, the create scripts for mySQL in Kubernetes along with volumes.
Refer to this blog post for prerequisites for minikube, xhyve, OSX. You can certainly run this without minikube as well.
If you're running minikube on OSX, make sure to run the following to set the right context for your docker images
minikube config set vm-driver xhyve
minikube start --memory=4096
eval $(minikube docker-env)
- Create the local volumes for stateful mysql in k8
cd k8
kubectl create -f local-volumes.yaml
kubectl get pv
- Set up mySQL secret for password Remember to replace YOUR_PASSWORD with a string that you'd choose
kubectl create secret generic mysql-pass --from-literal=password=YOUR_PASSWORD
- Set up the mySQL service
kubectl create -f mysql-deployment.yaml
- Signup at Bluefyre to obtain a free agent API key. Refer docs here for how to do this. Once you've obtained this
kubectl create secret generic bluefyre-agent-id --from-literal=agentid=BLUEFYRE_AGENT_ID
-
Also once you've signed up at Bluefyre to download the Node.js microagent. Place the
bluefyre-agent-node-1.2.0.tgzin the same folder as the Dockerfile -
Now lets set up the app build
cd ../
docker build -t timeoffapp:v1 .
- Lets set up a job to create the database
cd k8
kubectl create -f timeoffapp-init-deployment.yaml
Verify that the job ran successfully
kubectl get jobs
kubectl logs REPLACE_YOUR_POD_ID_HERE -f
- Now lets set up the app
kubectl create -f timeoffapp-deployment.yaml
- Now in your browser, navigate to the service
minikube service timeoffapp --url
- View realtime vulnerabilities in your Bluefyre portal