Deploying WebGoat on local Docker-Kubernetes

With Docker Desktop for Windows and MacOS, you can now easily deploy containerised applications as standalone docker containers, docker stack deployments or when you enable the local Kubernetes, you can also deploy the containerised applications in the Kubernetes container service.

Here are the simple steps that result in a local Kubernetes deployment of WebGoat.

Step 1 – Check the pre-requisites

Make sure Docker Desktop is installed. Then make sure to change the preferences and select to enable the Kubernetes service. On Windows 10 this requires that Hyper-V and Container Services Windows features have been installed.

Check that docker and kubectl command line tools are available.

Step 2 – Pull the all-in-one WebGoat image

The all-in-one WebGoat image contains both WebGoat and WebWolf as well as an NGINX reverse proxy. With this image you do not need to care about the start order of both applications.

docker pull webgoat/goatandwolf:latest

Step 3 – Deploy the container to the Kubernetes cluster

Using Docker Desktop with Kubernetes, you have the correct docker and kubectl client tools and configuration set. So you only need to deploy the application.

kubectl run mygoat --env TZ=Europe/Amsterdam --image=webgoat/goatandwolf:latest

Step 4 – Expose the ports

After the deployment you just need to expose the ports

kubectl expose deployment/mygoat --type="LoadBalancer" --port=8080,9090

Step 5 – Run WebGoat and WebWolf

WebGoat is available at: http://localhost:8080/WebGoat

WebWolf is available at: http://localhost:9090/WebWolf

Step 6 – Configure fake hostsnames

Besides using the URL’s in step 5 you can also create separate fake hostnames for WebGoat and WebWolf. This way the exercises appear more realistic.

#Windows, edit the following file with the below contents

#On MacOS, edit the following file with
/etc/hosts www.webgoat.local www.webwolf.local

Step 7 – Run WebGoat and WebWolf through reverse proxy

First expose the nginx service port on port 80:

kubectl expose deployment/mygoat --name=nginx --type="LoadBalancer" --target-port=8888 --port=80

Then, you can use the following endpoints:

WebGoat is available at: http://www.webgoat.local/WebGoat

WebWolf is available at: http://www.webwolf.local/WebWolf