-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathattack-sim-deploy.yaml
More file actions
51 lines (51 loc) · 1.24 KB
/
attack-sim-deploy.yaml
File metadata and controls
51 lines (51 loc) · 1.24 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
apiVersion: v1
kind: Pod
metadata:
name: sim-pod
namespace: bilal
labels:
app: attack-sim
annotations:
container.apparmor.security.beta.kubernetes.io/attack-sim: unconfined
spec:
containers:
- name: attack-sim
image: bilals12/attack-sim@sha256:a78f4e467b9b703fbbb13e1c1ac5e1ee59450ed8e811b3e4a9989528bf163938
imagePullPolicy: Always
securityContext:
privileged: true
capabilities:
add: ["NET_ADMIN", "SYS_ADMIN", "SYS_PTRACE", "ALL"]
env:
- name: PAYLOAD_SERVER
value: "payload-server.bilal.svc.cluster.local"
- name: PAYLOAD_PORT
value: "8080"
- name: AWS_CREDENTIAL_PATH
value: "/etc/bsssq-secrets/aws"
- name: MINER_DURATION
value: "60"
ports:
- containerPort: 4444
hostPort: 4444
- containerPort: 7456
hostPort: 7456
volumeMounts:
- name: docker-sock
mountPath: /var/run/docker.sock
- name: host-fs
mountPath: /host
- name: aws-credentials
mountPath: /etc/bsssq-secrets/aws
readOnly: true
volumes:
- name: docker-sock
hostPath:
path: /var/run/docker.sock
- name: host-fs
hostPath:
path: /
- name: aws-credentials
secret:
secretName: aws-credentials
optional: true