This repository installs K8s on AKS with Terraform, deploys OWASP Juiceshop and secures it with Nginx ingress & Check Point Appsec
-
Clone the repository
-
Create a set_env_var.sh file and add the below content with your ARM credentials:
export ARM_CLIENT_ID="<Azure Client ID>"
export ARM_CLIENT_SECRET="<Azure Client Secret>"
export ARM_SUBSCRIPTION_ID="<Azure Subscription ID>"
export ARM_TENANT_ID="<Azure Tenant ID>"
export ARM_ACCESS_KEY="<Azure Storage Account Secret>"
- From a command line, set your environment variables to access Azure
source ./set_env_var.sh
- Deploy K8s
cd aks terraform init terraform apply
- Get the K8s configuration from the Terraform state and store it in a file that kubectl can read & set an environment variable so that kubectl picks up the correct config
terraform output -raw kube_config > ./kubeconfig export KUBECONFIG=./kubeconfig
- Verify the health of the cluster
kubectl get nodes
- Create namespace
kubectl create namespace juiceshop kubectl config set-context --current --namespace=juiceshop
- Deploy Juiceshop
kubectl apply -f ../juiceshop/juice-shop.yaml
- Deploy Appsec
helm repo add cpAppSec https://raw.githubusercontent.com/CheckPointSW/Infinity-Next/main/deployments helm search repo -l helm install cpappsec cpAppSec/cpappsec --set agentToken="{your nanoToken}" --set platform="AKS"
- Configure Ingress & Secret to access Juiceshop from outside the cluster
kubectl apply -f ../juiceshop/juice-shop-secret.yaml kubectl apply -f ../juiceshop/juice-shop-ingress.yaml
Get the Load Balancer external IP
kubectl get svc
Get the Host domain from the ingress configuration
kubectl get ingress
Browse to the Host domain to access Juiceshop
Destroy the Terraform deployment
terraform destroy
Optional: cleanup services
kubectl delete namespace juiceshop helm uninstall cpappsec kubectl delete -f juice-shop.yaml --namespace appsec-kube