{"id":28713448,"url":"https://github.com/tarique-b-devops/misp-kubernetes","last_synced_at":"2025-06-15T00:10:24.153Z","repository":{"id":298076500,"uuid":"998296439","full_name":"Tarique-B-DevOps/MISP-Kubernetes","owner":"Tarique-B-DevOps","description":"⚡ Quickly deploy MISP on Kubernetes","archived":false,"fork":false,"pushed_at":"2025-06-09T08:50:34.000Z","size":25,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-06-09T09:35:58.364Z","etag":null,"topics":["cybersecurity","intelligence","kubernetes-deployment","misp","misp-docker","misp-kubernetes","security","threat-hunting"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Tarique-B-DevOps.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-06-08T09:58:51.000Z","updated_at":"2025-06-09T08:50:38.000Z","dependencies_parsed_at":"2025-06-09T09:46:18.643Z","dependency_job_id":null,"html_url":"https://github.com/Tarique-B-DevOps/MISP-Kubernetes","commit_stats":null,"previous_names":["tarique-b-devops/misp-kubernetes"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Tarique-B-DevOps/MISP-Kubernetes","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Tarique-B-DevOps%2FMISP-Kubernetes","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Tarique-B-DevOps%2FMISP-Kubernetes/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Tarique-B-DevOps%2FMISP-Kubernetes/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Tarique-B-DevOps%2FMISP-Kubernetes/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Tarique-B-DevOps","download_url":"https://codeload.github.com/Tarique-B-DevOps/MISP-Kubernetes/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Tarique-B-DevOps%2FMISP-Kubernetes/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":259901390,"owners_count":22929227,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cybersecurity","intelligence","kubernetes-deployment","misp","misp-docker","misp-kubernetes","security","threat-hunting"],"created_at":"2025-06-15T00:10:23.480Z","updated_at":"2025-06-15T00:10:24.128Z","avatar_url":"https://github.com/Tarique-B-DevOps.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# MISP Kubernetes Deployment\n\n- This repository provides Kubernetes manifests to deploy [MISP (Malware Information Sharing Platform)](https://www.misp-project.org/) in a cloud-native environment   \n- Enables external access via a LoadBalancer service  \n- Modular deployments for mail, Redis, MySQL, core app, and MISP modules  \n- Uses ConfigMaps and Secrets for flexible and secure configuration  \n- Quick to set up for testing, demos, and development use cases on managed Kubernetes cluster\n\n\u003e **NOTE:** Based on official Docker images and configurations from the [MISP Docker](https://github.com/MISP/misp-docker/tree/master)\n\n## 🚀 Quick Deployment Guide\n\n## ⚙️ Method 1:\n\n### 1. Create Namespace and Set Context\n\nRun the following command to create the `misp-dev` namespace and set your kubectl context to use it:\n\n```sh\nkubectl create namespace misp-dev \u0026\u0026 \\\nkubectl config set-context --current --namespace=misp-dev\n```\n\n### 2. Create Kubernetes Secrets\n\n- Set your required secret environment variables (replace placeholders with actual values):\n\n```sh\nexport REDIS_PASSWORD=\"REPLACE_ME_REDIS_PASSWORD\" \\\n       MYSQL_PASSWORD=\"REPLACE_ME_MYSQL_PASSWORD\" \\\n       MYSQL_ROOT_PASSWORD=\"REPLACE_ME_MYSQL_ROOT_PASSWORD\" \\\n       ADMIN_PASSWORD=\"REPLACE_ME_ADMIN_PASSWORD\"\n```       \n\n- Create the Kubernetes secret:\n\n```sh\nkubectl create secret generic misp-secrets \\\n  --from-literal=REDIS_PASSWORD=\"${REDIS_PASSWORD}\" \\\n  --from-literal=MYSQL_PASSWORD=\"${MYSQL_PASSWORD}\" \\\n  --from-literal=MYSQL_ROOT_PASSWORD=\"${MYSQL_ROOT_PASSWORD}\" \\\n  --from-literal=ADMIN_PASSWORD=\"${ADMIN_PASSWORD}\"\n```\n\n\n### 3. Deploy MISP Core LoadBalancer Service\n\n- This exposes the MISP web UI to the outside world. Run:\n\n```sh\nkubectl create -f misp-core-svc.yml\n```\n\n- **Wait** until the **External IP** is provisioned. to check run:\n\n```sh\nkubectl get svc misp-core --watch\n```\n\n- Once the `EXTERNAL-IP` appears, copy it for the next step.\n\n## 4: Update the ConfigMap with the External IP\n\n- Open `misp-configs.yml` and locate the `BASE_URL` setting. Replace its value with your external IP and save, e.g.:\n\n```sh\nBASE_URL=https://\u003cEXTERNAL_IP\u003e\n```\n---\n\n- Create ConfigMap\n\nEdit `misp-configs.yml` to customize as needed. Then run:\n\n```sh\nkubectl create -f misp-configs.yml\n```\n\n\n### 5. Create Persistent Volume Claims (PVCs)\n\n- PVCs provide persistent storage so MISP data isn’t lost when pods restart or move.\n\n```sh\nkubectl create -f misp-pvcs.yml\n```\n\n\n### 6. Deploy MISP Components\n\n- This includes all core modules: mail, redis, MySQL database, modules, and core app:\n- It creates following resources for each:\n    - Service\n    - Deployment\n\nrun:\n\n```sh\nkubectl create -f misp-mail.yml \u0026\u0026 \\\n      sleep 30 \u0026\u0026 \\\n      kubectl create -f misp-redis.yml \u0026\u0026 \\\n      sleep 60 \u0026\u0026 \\\n      kubectl create -f misp-db.yml \u0026\u0026 \\\n      sleep 60 \u0026\u0026 \\\n      kubectl create -f misp-modules.yml \u0026\u0026 \\\n      sleep 60 \u0026\u0026 \\\n      kubectl create -f misp-core.yml\n```               \n\n### 7. Access MISP\n\nAfter all pods are `Running` and `Ready`:\n\n![Image](https://github.com/user-attachments/assets/b8a871d5-0539-4c0a-ad3a-0c071bf47368)\n\n```sh\nhttps://\u003cEXTERNAL_IP\u003e\n```\n\nLogin using the email set in the `ADMIN_EMAIL` value of the config map and the password from the `ADMIN_PASSWORD` in your secret.\n\nIf all went well, you should land on the MISP **homepage**.\n\n![Image](https://github.com/user-attachments/assets/54b9d453-9849-4c91-ace1-d19b986b4a25)\n\n\n## 🧹 Cleanup\n\nTo remove all resources created:\n\n```sh\nkubectl delete -f misp-mail.yml \\\n               -f misp-redis.yml \\\n               -f misp-db.yml \\\n               -f misp-modules.yml \\\n               -f misp-core.yml \\\n               -f misp-core-svc.yml \\\n               -f misp-pvcs.yml \\\n               -f misp-configs.yml \u0026\u0026 \\\nkubectl delete secret misp-secrets \u0026\u0026 \\\nkubectl delete ns misp-dev\n```\n\n\n## ⚙️ Method 2: Automated Deployment (One-Click Setup)\n\nThis method allows deploying the entire MISP stack using a single script quick setups.\n\n### What the Script Does\n\n\n- Creates the `misp-dev` namespace and sets kubectl context\n- Prompts for secrets (or reads from environment) and creates Kubernetes Secret\n- Waits for LoadBalancer external IP and patches `BASE_URL` in config\n- Intelligently creates or deletes Kubernetes resources as needed\n- Applies all manifests (service, PVCs, deployments) in order\n- Waits between critical components to avoid race conditions when creating new deployments.\n\n### 🏁 Supported Flags\n\n--rollout   → Only re-applies config and restarts deployments  \n--delete    → Fully deletes all MISP resources including namespace  \n\n### 🔧 Steps\n\n1. Make the script executable:\n\n```sh\nchmod +x deploy.sh\n```\n\n2. Run the script:\n\n```sh\n./deploy.sh\n```\n\n3. When prompted, enter the required secret values:\n\n- `REDIS_PASSWORD`\n- `MYSQL_PASSWORD`\n- `MYSQL_ROOT_PASSWORD`\n- `ADMIN_PASSWORD`\n\nThen wait for the script execution to complete.\n\n\u003e 🔐 For non-interactive use, copy and run the `export` command from the\n\u003e [Create Kubernetes Secrets](#2-create-kubernetes-secrets) section before running the script.\n\n```sh\n./deploy.sh\n\n[1/6] Creating namespace and setting context...\nnamespace/misp-dev created\n→ Switching kubectl context to misp-dev\nContext \"gke_staging-457318_us-central1-a_staging\" modified.\n[2/6] Creating Kubernetes secrets...\nEnter REDIS_PASSWORD: \nEnter MYSQL_PASSWORD: \nEnter MYSQL_ROOT_PASSWORD: \nEnter ADMIN_PASSWORD: \nsecret/misp-secrets created\n[3/6] Deploying MISP core LoadBalancer service...\n→ Applying misp-core-svc.yml\nservice/misp-core created\n⏳ Waiting for external IP...\n🌐 External IP acquired: \u003cEXTERNAL_IP_HERE\u003e\n[4/6] Updating BASE_URL in configs and creating ConfigMap...\n→ Updating BASE_URL from 'https://' to '\u003cEXTERNAL_IP_HERE\u003e'\n→ Applying config map\nconfigmap/misp-configs created\n[5/6] Creating persistent volume claims...\n→ Applying misp-pvcs.yml\npersistentvolumeclaim/mysql-data created\npersistentvolumeclaim/misp-configs created\npersistentvolumeclaim/misp-logs created\npersistentvolumeclaim/misp-files created\npersistentvolumeclaim/misp-ssl created\npersistentvolumeclaim/misp-gnupg created\npersistentvolumeclaim/misp-action-mod created\npersistentvolumeclaim/misp-expansion created\npersistentvolumeclaim/misp-export-mod created\npersistentvolumeclaim/misp-import-mod created\n[6/6] Deploying MISP Components...\n→ Applying misp-mail.yml\nservice/mail created\ndeployment.apps/mail created\n⏱️  Resources created, sleeping 30s\n→ Applying misp-redis.yml\nservice/redis created\ndeployment.apps/redis created\n⏱️  Resources created, sleeping 30s\n→ Applying misp-db.yml\nservice/db created\ndeployment.apps/db created\n⏱️  Resources created, sleeping 60s\n→ Applying misp-modules.yml\nservice/misp-modules created\ndeployment.apps/misp-modules created\n⏱️  Resources created, sleeping 60s\n→ Applying misp-core.yml\ndeployment.apps/misp-core created\n⏱️  Resources created, sleeping 300s\n✅ MISP deployed\n🔗 Access it at: https://\u003cEXTERNAL_IP_HERE\u003e\n```\n\n4. To cleanup all the kubernetes resources created, run:\n\n```sh\n./deploy.sh --delete\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftarique-b-devops%2Fmisp-kubernetes","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftarique-b-devops%2Fmisp-kubernetes","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftarique-b-devops%2Fmisp-kubernetes/lists"}