CTFd-Helm/README.md.gotmpl at main · ScribblerCoder/CTFd-Helm · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
# CTFd Helm Chart
{{ template "chart.badgesSection" . }}
[![Lint and Server-side Dryrun Chart](https://github.com/ScribblerCoder/CTFd-Helm/actions/workflows/helm-lint-test.yaml/badge.svg)](https://github.com/ScribblerCoder/CTFd-Helm/actions/workflows/helm-lint-test.yaml)

This is a Helm chart for deploying CTFd on Kubernetes. It deploys the official [CTFd Docker image](ghcr.io/ctfd/ctfd). HA and Autoscaling + MariaDB + Redis + S3 Storage. Also supports using external MariaDB/Redis/S3.

## Add the helm repo
```bash
helm repo add ctfd https://scribblercoder.github.io/CTFd-Helm
```
## Install
```bash
helm install ctfd ctfd/ctfd
# OR
helm install ctfd ctfd/ctfd -f values.yaml
```

## Install from source

Build helm dependencies (MariaDB/Redis/Minio) before installing the chart.

```bash
helm dependency update
```

Set the values in `values.yaml` to your desired configuration. Then install

```bash
helm install release-name . -f values.yaml --create-namespace --namespace ctfd
```

## Uninstall
```bash
helm uninstall release-name --namespace ctfd
```

## Info

- CTFd `SECRET_KEY` is automatically generated during installation/upgrade. You can find it in the secret `release-name-ctfd-secret-key`. This secret is injected as environment variable in all CTFd pods.
- Redis in this chart uses single master with multiple workers.
- This chart deploys Minio S3 bucket as an uploadprovider. You can use AWS S3 or any other external S3 compatible storage as an upload provider. Just set `minio.enabled` to `false` and configure the external S3 provider in `ctfd.uploadprovider.s3`.
- This chart intentionally refrains from supporting `filesystem` uploadprovider. This needs `ReadWriteMany` PVCs which are expensive in cloud providers and not recommended for production use. S3 is fast and cheap.

## Values examples

### Deploy Bitnami MariaDB/Redis and Minio
```yaml
ctfd:
  image:
    tag: "latest"
  autoscaling:
    enabled: true
    minReplicas: 2
    maxReplicas: 10
mariadb-galera:
  enabled: true
  persistence:
    enabled: true
    size: 2Gi
redis:
  enabled: true
minio:
  enabled: true
  persistence:
    size: 10Gi
```

### Configure your own external DB/Redis/S3
```yaml
ctfd:
  image:
    tag: "latest"
  autoscaling:
    enabled: true
    minReplicas: 2
    maxReplicas: 10
  uploadprovider:
    s3:
      bucket: ""
      endpoint_url: ""
      secret_access_key: ""
      access_key_id: ""
mariadb-galera:
  enabled: false
  external:
    port: 3306
    host: ""
    username: ""
    password: ""
    database: ""
redis:
  enabled: false
  external:
    port: 6379
    host: ""
    username: ""
    password: ""
minio:
  enabled: false
```

### Disable CTFd autoscaling
```yaml
ctfd:
  image:
    tag: "latest"
  replicas: 2
  autoscaling:
    enabled: false
```

## Features

- [x] HA and horizontal autoscaling with CPU and memory metrics
- [x] Configurable CPU/memory requests and limits
- [x] Deploys bitnami Redis, bitnami MariaDB-Galera and ~~SeaweedFS S3~~ (REPLACED WITH MINIO) as Helm dependencies
- [X] Option to use AWS S3 or any other external S3 compatible storage as an upload provider
- [x] Option to use external Redis and MariaDB (e.g., AWS RDS, ElastiCache)
- [x] Customizable CTFd configuration
- [x] Adjustable configurations for Redis and MariaDB-Galera
- [x] Integration with external storage as upload provider (AWS S3 or Minio or any S3 compatible storage)
- [x] Liveness and Readiness checks
- [x] Affinity/Toleration/nodeSelector rules
- [x] Automatically rolls out config updates to CTFd pods (Using checksum annotation)
- [ ] Deploys self-hosted mail server for CTFd email notifications as a helm dependency
- [ ] Automated backups (CTFd export. This could be done with batch/v1 CronJob)
- [ ] Deploys postgres db as a helm dependency (ctfd.io doesn't actively support it so this is a low priority)
- [ ] Support for custom CTFd themes/plugin (using initContainers? this is WIP)

## To Do

- [ ] Performance testing to verify autoscaling capabilities + e2e testing for verification
- [x] Fine tune cpu/mem requests and limits
- [ ] Chaos testing to verify HA capabilities
- [x] Add Pod Disruption budget and rolling strategy
- [ ] Security testing to verify deployment security
- [x] Helm linting and testing with GitHub Actions
- [ ] Publish Helm chart to Artifact Hub or to Github Pages
- [x] Custom NOTES.txt (post-installation message)
- [ ] Support custom metrics for autoscaling
- [x] README.md with badges and detailed information
- [x] Add Chart Values table to README.md
- [ ] Support custom CTFd themes/plugin

{{ template "chart.maintainersSection" . }}

{{ template "chart.sourcesSection" . }}

{{ template "chart.requirementsSection" . }}

{{ template "chart.valuesSection" . }}

Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)