mirror of
https://github.com/BigBodyCobain/Shadowbroker.git
synced 2026-05-27 09:32:28 +02:00
Shadowbroker
dd7706f17f
Brings the GitLab side to full parity with GitHub so users who prefer
gitlab.com get the same source, the same images, and the same install
paths. Today, GitLab users can clone the source but the Helm chart and
docker-compose paths only worked against GHCR.
What's new:
.gitlab-ci.yml
Multi-arch (amd64 + arm64) Docker builds on every push to main,
pushed to the project's GitLab Container Registry as:
registry.gitlab.com/bigbodycobain/shadowbroker/backend:latest
registry.gitlab.com/bigbodycobain/shadowbroker/frontend:latest
Plus a :$CI_COMMIT_SHORT_SHA tag for traceability. Uses
$CI_JOB_TOKEN — no credentials need to be configured.
Also adds a 'mirror-to-github' job that pushes main back to GitHub
via fast-forward-only `git push`. Skipped silently if the
GITHUB_MIRROR_TOKEN CI/CD variable isn't set. Setup instructions
are in the file header.
docker-compose.gitlab.yml
Override file that swaps the backend/frontend image: lines to the
GitLab registry. Used as:
docker compose -f docker-compose.yml -f docker-compose.gitlab.yml up -d
Verified with `docker compose config` — merges cleanly and emits
registry.gitlab.com/... image references.
helm/chart/values-gitlab.yaml
Helm values override that points the chart at the GitLab registry.
Used alongside the default values.yaml:
helm install ... -f helm/chart/values.yaml -f helm/chart/values-gitlab.yaml
README.md
Documents both install paths (GitHub default, GitLab override) for
both docker compose and Helm. Notes that both registries publish
identical images (same source, same CI matrix).
No credentials needed for the GitLab→GitLab side. The optional reverse
mirror requires a GitHub PAT (public_repo scope) added as the GitLab
CI/CD variable GITHUB_MIRROR_TOKEN — instructions in the .gitlab-ci.yml
header.
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
ShadowBroker Helm Chart
A Helm chart for deploying ShadowBroker services (backend and frontend).
Prerequisites
- Helm >= 3.0
- Kubernetes cluster with access to the
bjw-s-labsHelm repository - Your OWN ingress controller, Gateway API, etc
ingress-nginx has been deprecated and as of writing this we do not feel comfortable hard-coding in an ingress implementation!
Consider using ingress controllers like Traefik and Cert-Manager for automatic SSL/TLS termination and dynamic route management.
Installation
Add the Helm repository
helm repo add bjw-s-labs https://bjw-s-labs.github.io/helm-charts/
helm repo update
Install the chart
helm install shadowbroker ./chart --create-namespace
Or use the repository:
helm install shadowbroker bjw-s-labs/app-template \
--namespace shadowbroker \
-f values.yaml
Configuration
Backend Service
The backend deployment runs with the following settings by default:
| Parameter | Description | Default |
|---|---|---|
controllers.backend.type |
Controller type | deployment |
controllers.backend.strategy |
Update strategy | RollingUpdate |
controllers.backend.rollingUpdate.unavailable |
Max unavailable during update | 1 |
controllers.backend.containers.main.runAsUser |
Security context user | 1001 |
controllers.backend.containers.main.runAsGroup |
Security context group | 1001 |
controllers.backend.containers.main.image.repository |
Container image | registry.gitlab.com/bigbodycobain/shadowbroker/backend (or ghcr.io/bigbodycobain/shadowbroker-backend) |
controllers.backend.containers.main.image.tag |
Container tag | latest |
controllers.backend.service.type |
Service type | ClusterIP |
controllers.backend.service.ports.http.port |
HTTP port | 8000 |
Backend Environment Variables
The following environment variables are configured via secrets:
AIS_API_KEY- API key for AIS serviceOPENSKY_CLIENT_ID- OpenSky client IDOPENSKY_CLIENT_SECRET- OpenSky client secret
These can be injected using a Secret resource or Kubernetes ConfigMap.
Frontend Service
The frontend deployment configuration:
| Parameter | Description | Default |
|---|---|---|
controllers.frontend.type |
Controller type | deployment |
controllers.frontend.strategy |
Update strategy | RollingUpdate |
controllers.frontend.rollingUpdate.unavailable |
Max unavailable during update | 1 |
controllers.frontend.containers.main.runAsUser |
Security context user | 1001 |
controllers.frontend.containers.main.runAsGroup |
Security context group | 1001 |
controllers.frontend.containers.main.image.repository |
Container image | registry.gitlab.com/bigbodycobain/shadowbroker/frontend (or ghcr.io/bigbodycobain/shadowbroker-frontend) |
controllers.frontend.containers.main.image.tag |
Container tag | latest |
Frontend Environment Variables
BACKEND_URL- Backend API URL (defaults to Kubernetes service discovery)
Service Configuration
| Parameter | Description | Default |
|---|---|---|
service.backend.type |
Service type | ClusterIP |
service.backend.ports.http.port |
Backend HTTP port | 8000 |
service.frontend.type |
Service type | ClusterIP |
service.frontend.ports.http.port |
Frontend HTTP port | 3000 |
Uninstall
helm uninstall shadowbroker -n shadowbroker
Development
For development with local images, modify the image paths and tags:
controllers:
backend:
containers:
main:
image:
repository: localhost/my-backend-image
tag: dev-latest
frontend:
containers:
main:
image:
repository: localhost/my-frontend-image
tag: dev-latest
Values Schema
This chart uses the app-template Helm chart as a base. Refer to the app-template documentation for additional customization options.