Skip to content

Instantly share code, notes, and snippets.

@bebosudo

bebosudo/gophish-and-gobridge.yaml

Created June 16, 2025 10:11
Show Gist options
  • Save bebosudo/9b9260f31c079f97e9d416ecac9827cb to your computer and use it in GitHub Desktop.
Save bebosudo/9b9260f31c079f97e9d416ecac9827cb to your computer and use it in GitHub Desktop.
Download ZIP
Public gophish and gobridge yaml manifests, installed with `kubectl -n nonsuspiciousnamespace apply -f gophish-and-gobridge.yaml`
Raw
gophish-and-gobridge.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: gophish
labels:
app: gophish
spec:
replicas: 1
strategy:
type: Recreate # needed because ebs volumes can't be mounted in multiple pods
selector:
matchLabels:
app: gophish
template:
metadata:
labels:
app: gophish
spec:
initContainers:
- name: fix-pvc-ebs-ownership
image: alpine:3
# Give `app` user (id 1000) permissions a mounted volume
# https://github.com/grafana/grafana-docker/blob/master/Dockerfile
command:
- chown
- -R
- 1000:1000
- /opt/gophish/gophish-db/
volumeMounts:
- name: sqlite-pvc
mountPath: /opt/gophish/gophish-db/
containers:
- name: gophish
image: gophish/gophish:0.12.1
env:
- name: GOPHISH_INITIAL_ADMIN_PASSWORD
value: "admin123"
volumeMounts:
- name: gophish-config
mountPath: /opt/gophish/config.json
subPath: config.json
- name: sqlite-pvc
mountPath: /opt/gophish/gophish-db/
volumes:
- name: gophish-config
configMap:
name: gophish
- name: sqlite-pvc
persistentVolumeClaim:
claimName: gophish-sqlite
---
apiVersion: v1
kind: ConfigMap
metadata:
name: gophish
data:
config.json: |
{
"admin_server": {
"listen_url": "0.0.0.0:3333",
"use_tls": false,
"cert_path": "gophish_admin.crt",
"key_path": "gophish_admin.key",
"trusted_origins": ["gophish-admin.youringress.example.com"]
},
"phish_server": {
"listen_url": "0.0.0.0:80",
"use_tls": false,
"cert_path": "example.crt",
"key_path": "example.key",
"trusted_origins": ["www.aphishingdomain.example.com"]
},
"db_name": "sqlite3",
"db_path": "gophish-db/gophish.db",
"migrations_prefix": "db/db_",
"contact_address": "",
"logging": {
"filename": "",
"level": ""
}
}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gophish-sqlite
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: gp2
---
apiVersion: v1
kind: Service
metadata:
name: gophish
spec:
type: NodePort
selector:
app: gophish
ports:
- port: 80
targetPort: 80
protocol: TCP
name: phsh
- port: 3333
targetPort: 3333
protocol: TCP
name: admin
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: gobridge
labels:
app: gobridge
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: gobridge
template:
metadata:
labels:
app: gobridge
spec:
containers:
- name: gobridge
image: bebosudo/gobridge:0.1
env:
- name: SMTP_INTERFACE
value: "0.0.0.0" # otherwise it will bind to ipv6 somehow
envFrom:
- secretRef:
name: gobridge-secret
# command:
# - /bin/sh
# - -c
# - |
# sleep 1d
# securityContext:
# runAsUser: 0
# runAsGroup: 0
# ---
# # k -n namespacehere create secret generic gobridge-secret && k -n namespacehere edit secret gobridge-secret
# # make sure to double encode the secret, e.g. echo -n "{secret: here}" | base64 -w0 | base64 -w0
# apiVersion: v1
# kind: Secret
# metadata:
# name: gobridge-secret
# type: Opaque
# stringData:
# GOOGLE_SECRET_BASE64_ENCODED: "this was created manually on the cluster"
---
apiVersion: v1
kind: Service
metadata:
name: gobridge
spec:
type: ClusterIP
selector:
app: gobridge
ports:
- port: 2500
targetPort: 2500
protocol: TCP
name: gobridge
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: gophish
spec:
ingressClassName: alb
rules:
- host: www.aphishingdomain.example.com
http:
paths:
- backend:
service:
name: gophish
port:
number: 80
path: /*
pathType: ImplementationSpecific
- host: gophish-admin.youringress.example.com
http:
paths:
- backend:
service:
name: gophish
port:
number: 3333
path: /*
pathType: ImplementationSpecific
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment