Running CTFs and Security Trainings with OWASP Juice Shop is usually quite tricky, Juice Shop just isn’t intended to be used by multiple users at a time. Instructing everybody how to start Juice Shop on their own machine works ok, but takes away too much valuable time.
MultiJuicer gives you the ability to run separate Juice Shop instances for every participant on a central kubernetes cluster, to run events without the need for local Juice Shop instances.
> Note: This project was called JuicyCTF until recently. This was changed to avoid confusions with the juice-shop-ctf project.
What it does:
Installation
MultiJuicer runs on kubernetes, to install it you’ll need helm.
helm repo add multi-juicer https://iteratec.github.io/multi-juicer/
# for helm <= 2
helm install multi-juicer/multi-juicer --name multi-juicer
# for helm >= 3
helm install multi-juicer multi-juicer/multi-juicer
Installation Guides for specific Cloud Providers
Generally MultiJuicer runs on pretty much any kubernetes cluster, but to make it easier for anybody who is new to kubernetes we got some guides on how to setup a kubernetes cluster with MultiJuicer installed for some specific Cloud providers.
Customizing the Setup
You got some options on how to setup the stack, with some option to customize the JuiceShop instances to your own liking. You can find the default config values under: helm/multi-juicer/values.yaml
Download & Save the file and tell helm to use your config file over the default by running:
helm install -f values.yaml multi-juicer ./multi-juicer/helm/multi-juicer/
Deinstallation
helm delete multi-juicer
FAQ
How much compute resources will the cluster require?
To be on the safe side calculate with:
How many users can MultiJuicer handle?
There is no real fixed limit. (Even thought you can configure one ) The custom LoadBalancer, through which all traffic for the individual Instances flows, can be replicated as much as you’d like. You can also attach a Horizontal Pod Autoscaler to automatically scale the LoadBalancer.
When scaling up, also keep an eye on the redis instance. Make sure it is still able to handle the load.
Why a custom LoadBalancer?
There are some special requirements which we didn’t find to be easily solved with any pre build load balancer:
Why a separate kubernetes deployment for every team?
There are some pretty good reasons for this:
kubectl
.github.com/bkimminich/juice-shop
github.com/bkimminich/juice-shop-ctf
github.com/iteratec/multi-juicer
github.com/iteratec/multi-juicer#customizing-the-setup
github.com/iteratec/multi-juicer/blob/master/guides/aws/aws.md
github.com/iteratec/multi-juicer/blob/master/guides/azure/azure.md
github.com/iteratec/multi-juicer/blob/master/guides/digital-ocean/digital-ocean.md
github.com/iteratec/multi-juicer/blob/master/guides/openshift/openshift.md
github.com/iteratec/multi-juicer/blob/master/helm/multi-juicer/values.yaml