init

2026-02-08 02:16:23 +01:00 · 2025-12-12 11:10:01 +01:00
commit 277fc459d5
64 changed files with 8625 additions and 0 deletions
--- a/config/samples/example-ingress.yaml
+++ b/config/samples/example-ingress.yaml
@@ -0,0 +1,75 @@
+# Example Ingress resource that would trigger NucleiScan creation
+# When this Ingress is created, the nuclei-operator will automatically
+# create a corresponding NucleiScan resource to scan the exposed endpoints.
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: example-app-ingress
+  namespace: default
+  labels:
+    app.kubernetes.io/name: example-app
+    app.kubernetes.io/managed-by: kustomize
+  annotations:
+    # Optional: Add annotations to customize scan behavior
+    # nuclei.homelab.mortenolsen.pro/scan-enabled: "true"
+    # nuclei.homelab.mortenolsen.pro/severity: "high,critical"
+    kubernetes.io/ingress.class: nginx
+spec:
+  # TLS configuration - endpoints will be scanned with HTTPS
+  tls:
+    - hosts:
+        - example.example.com
+        - api.example.com
+      secretName: example-tls-secret
+  rules:
+    # Main application endpoint
+    - host: example.example.com
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: example-app
+                port:
+                  number: 80
+          - path: /api
+            pathType: Prefix
+            backend:
+              service:
+                name: example-api
+                port:
+                  number: 8080
+    # API endpoint
+    - host: api.example.com
+      http:
+        paths:
+          - path: /v1
+            pathType: Prefix
+            backend:
+              service:
+                name: api-service
+                port:
+                  number: 8080
+---
+# Example Ingress without TLS (HTTP only)
+# This will be scanned with HTTP scheme
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: internal-app-ingress
+  namespace: default
+  labels:
+    app.kubernetes.io/name: internal-app
+spec:
+  rules:
+    - host: internal.example.local
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: internal-app
+                port:
+                  number: 80
--- a/config/samples/kustomization.yaml
+++ b/config/samples/kustomization.yaml
@@ -0,0 +1,5 @@
+## Append samples of your project ##
+resources:
+- nuclei_v1alpha1_nucleiscan.yaml
+- example-ingress.yaml
+# +kubebuilder:scaffold:manifestskustomizesamples
--- a/config/samples/nuclei_v1alpha1_nucleiscan.yaml
+++ b/config/samples/nuclei_v1alpha1_nucleiscan.yaml
@@ -0,0 +1,94 @@
+# Example NucleiScan resource
+# This demonstrates a complete NucleiScan configuration
+apiVersion: nuclei.homelab.mortenolsen.pro/v1alpha1
+kind: NucleiScan
+metadata:
+  labels:
+    app.kubernetes.io/name: nuclei-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: nucleiscan-sample
+  namespace: default
+spec:
+  # Reference to the source resource that triggered this scan
+  # This is typically set automatically by the Ingress/VirtualService controllers
+  sourceRef:
+    apiVersion: networking.k8s.io/v1
+    kind: Ingress
+    name: example-ingress
+    namespace: default
+    uid: "placeholder-uid"
+  
+  # Target URLs to scan
+  # These are extracted from the source Ingress/VirtualService
+  targets:
+    - https://example.com
+    - https://example.com/api
+    - https://example.com/admin
+  
+  # Severity levels to include in the scan
+  # Options: info, low, medium, high, critical
+  severity:
+    - medium
+    - high
+    - critical
+  
+  # Optional: Specific Nuclei templates to use
+  # If not specified, all templates matching the severity will be used
+  templates:
+    - cves/
+    - vulnerabilities/
+    - exposures/
+  
+  # Optional: Schedule for periodic rescanning (cron format)
+  # Examples:
+  #   "0 2 * * *"     - Daily at 2 AM
+  #   "0 */6 * * *"   - Every 6 hours
+  #   "@every 24h"    - Every 24 hours (simplified format)
+  schedule: "@every 24h"
+  
+  # Optional: Suspend scheduled scans
+  # Set to true to pause scheduled scans without deleting the resource
+  suspend: false
+---
+# Example NucleiScan for a specific security audit
+apiVersion: nuclei.homelab.mortenolsen.pro/v1alpha1
+kind: NucleiScan
+metadata:
+  labels:
+    app.kubernetes.io/name: nuclei-operator
+    app.kubernetes.io/managed-by: kustomize
+    security-audit: "true"
+  name: security-audit-scan
+  namespace: default
+spec:
+  sourceRef:
+    apiVersion: networking.k8s.io/v1
+    kind: Ingress
+    name: production-ingress
+    namespace: production
+    uid: "audit-placeholder-uid"
+  
+  targets:
+    - https://api.example.com
+    - https://www.example.com
+  
+  # Full severity scan for security audit
+  severity:
+    - info
+    - low
+    - medium
+    - high
+    - critical
+  
+  # Comprehensive template coverage
+  templates:
+    - cves/
+    - vulnerabilities/
+    - exposures/
+    - misconfiguration/
+    - default-logins/
+  
+  # Weekly security audit
+  schedule: "0 3 * * 0"
+  
+  suspend: false