From ce8fb166b71d6c32d151f036de32513bcea33a64 Mon Sep 17 00:00:00 2001 From: Eswar Rajan <89014588+seswarrajan@users.noreply.github.com> Date: Thu, 17 Nov 2022 10:58:12 +0530 Subject: [PATCH] Update publisher config in helm chart + remove unwanted helm config (#593) --- .../configmapfiles/discovery-engine/conf.yaml | 11 +- deployments/helm/.helmignore | 23 --- deployments/helm/Chart.yaml | 23 --- deployments/helm/configmapfiles/conf.yaml | 62 ------ deployments/helm/templates/_helpers.tpl | 62 ------ deployments/helm/templates/deployment.yaml | 38 ---- deployments/helm/templates/dev-config.yaml | 19 -- deployments/helm/templates/hpa.yaml | 33 ---- deployments/helm/templates/kafka-secret.yaml | 93 --------- deployments/helm/templates/secret.yaml | 7 - deployments/helm/templates/service.yaml | 13 -- .../helm/templates/serviceaccount.yaml | 17 -- deployments/helm/values-dev.yaml | 178 ------------------ deployments/helm/values-prod.yaml | 173 ----------------- deployments/helm/values-snapshot.yaml | 178 ------------------ deployments/helm/values-verify.yaml | 164 ---------------- deployments/helm/values.yaml | 103 ---------- 17 files changed, 8 insertions(+), 1189 deletions(-) delete mode 100644 deployments/helm/.helmignore delete mode 100644 deployments/helm/Chart.yaml delete mode 100644 deployments/helm/configmapfiles/conf.yaml delete mode 100644 deployments/helm/templates/_helpers.tpl delete mode 100644 deployments/helm/templates/deployment.yaml delete mode 100644 deployments/helm/templates/dev-config.yaml delete mode 100644 deployments/helm/templates/hpa.yaml delete mode 100644 deployments/helm/templates/kafka-secret.yaml delete mode 100644 deployments/helm/templates/secret.yaml delete mode 100644 deployments/helm/templates/service.yaml delete mode 100644 deployments/helm/templates/serviceaccount.yaml delete mode 100644 deployments/helm/values-dev.yaml delete mode 100644 deployments/helm/values-prod.yaml delete mode 100644 deployments/helm/values-snapshot.yaml delete mode 100644 deployments/helm/values-verify.yaml delete mode 100644 deployments/helm/values.yaml diff --git a/deployments/discovery-engine-chart/configmapfiles/discovery-engine/conf.yaml b/deployments/discovery-engine-chart/configmapfiles/discovery-engine/conf.yaml index deec251f..6498a87a 100644 --- a/deployments/discovery-engine-chart/configmapfiles/discovery-engine/conf.yaml +++ b/deployments/discovery-engine-chart/configmapfiles/discovery-engine/conf.yaml @@ -2,10 +2,10 @@ application: name: knoxautopolicy network: operation-mode: 1 # 1: cronjob | 2: one-time-job - operation-trigger: 5 + operation-trigger: 100 cron-job-time-interval: "0h0m10s" # format: XhYmZs network-log-limit: 10000 - network-log-from: "kubearmor" # db|hubble|feed-consumer|kubearmor + network-log-from: "hubble" # db|hubble|feed-consumer|kubearmor network-policy-to: "db" # db, file network-policy-dir: "./" namespace-filter: @@ -33,7 +33,12 @@ observability: cron-job-time-interval: "0h0m10s" # format: XhYmZs dbname: ./accuknox-obs.db system-observability: true - network-observability: true + network-observability: false + write-logs-to-db: true + +publisher: + enable: true + cron-job-time-interval: "0h1m00s" # format: XhYmZs database: driver: sqlite3 diff --git a/deployments/helm/.helmignore b/deployments/helm/.helmignore deleted file mode 100644 index 0e8a0eb3..00000000 --- a/deployments/helm/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/deployments/helm/Chart.yaml b/deployments/helm/Chart.yaml deleted file mode 100644 index 8d1807c3..00000000 --- a/deployments/helm/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v2 -name: knox-auto-policy-chart -description: A Helm chart for Kubernetes - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -appVersion: 1.16.0 diff --git a/deployments/helm/configmapfiles/conf.yaml b/deployments/helm/configmapfiles/conf.yaml deleted file mode 100644 index 4705ad10..00000000 --- a/deployments/helm/configmapfiles/conf.yaml +++ /dev/null @@ -1,62 +0,0 @@ -application: - name: knoxautopolicy - network: - operation-mode: 1 # 1: cronjob | 2: one-time-job - cron-job-time-interval: "0h0m10s" # format: XhYmZs - operation-trigger: 1000 - network-log-from: "hubble" # db|hubble - network-log-file: "./flow.json" # file path - network-policy-to: "db" # db, file - network-policy-dir: "./" - network-policy-types: 3 - network-policy-rule-types: 511 - system: - operation-mode: 1 # 1: cronjob | 2: one-time-job - cron-job-time-interval: "0h0m10s" # format: XhYmZs - system-log-from: "kubearmor" # db|kubearmor - system-log-file: "./log.json" # file path - system-policy-to: "db" # db, file - system-policy-dir: "./" - deprecate-old-mode: true - cluster: - cluster-info-from: "k8sclient" # k8sclient|accuknox - -database: - driver: mysql - host: mysql.{{ .Release.Namespace }}.svc.cluster.local - port: 3306 - user: root - password: password - dbname: knoxautopolicy - table-configuration: auto_policy_config - table-network-log: network_log - table-network-policy: network_policy - table-system-log: system_log - table-system-policy: system_policy - -feed-consumer: - kafka: - broker-address-family: v4 - session-timeout-ms: 6000 - auto-offset-reset: "earliest" - bootstrap-servers: "dev-kafka-kafka-bootstrap.accuknox-dev-kafka.svc.cluster.local:9092" - group-id: policy.cilium - topics: - - cilium-alerts - - kubearmor-alerts - ssl: - enabled: false - events: - buffer: 50 - -logging: - level: "INFO" - -# kubectl -n kube-system port-forward service/hubble-relay --address 0.0.0.0 --address :: 4245:80 -cilium-hubble: - url: hubble-relay.{{ .Values.cilium_ns }}.svc.cluster.local - port: 80 - -kubearmor: - url: kubearmor.{{ .Values.kubearmor_ns }}.svc.cluster.local - port: 32767 diff --git a/deployments/helm/templates/_helpers.tpl b/deployments/helm/templates/_helpers.tpl deleted file mode 100644 index ba04c300..00000000 --- a/deployments/helm/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "helm.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "helm.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "helm.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "helm.labels" -}} -helm.sh/chart: {{ include "helm.chart" . }} -{{ include "helm.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "helm.selectorLabels" -}} -app.kubernetes.io/name: {{ include "helm.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "helm.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "helm.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/deployments/helm/templates/deployment.yaml b/deployments/helm/templates/deployment.yaml deleted file mode 100644 index c4d66623..00000000 --- a/deployments/helm/templates/deployment.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Values.labels.app }} - labels: -{{ toYaml .Values.labels | indent 4 }} -spec: - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} - {{- end }} - - selector: - matchLabels: - app: {{ .Values.labels.app }} - template: - metadata: - labels: - app: {{ .Values.labels.app }} - annotations: - checksum.helm.kubernetes.io/configmap: {{ include (print $.Chart.Name "/templates/dev-config.yaml") . | sha256sum }} - checksum.helm.kubernetes.io/secret: {{ include (print $.Chart.Name "/templates/kafka-secret.yaml") . | sha256sum }} - checksum.helm.kubernetes.io/secret: {{ include (print $.Chart.Name "/templates/secret.yaml") . | sha256sum }} - spec: - imagePullSecrets: - - name: agent-creds - containers: - - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - name: knoxautopolicy - ports: - - containerPort: 9089 - protocol: TCP - volumeMounts: -{{ toYaml .Values.volumeMounts | indent 10 }} - resources: -{{ toYaml .Values.resources | indent 10 }} - volumes: -{{ toYaml .Values.volumes | indent 8 }} - diff --git a/deployments/helm/templates/dev-config.yaml b/deployments/helm/templates/dev-config.yaml deleted file mode 100644 index 9c22cf57..00000000 --- a/deployments/helm/templates/dev-config.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.configmapAutoPolicyDiscovery.enabled -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Values.labels.app }}-config -data: - conf.yaml: {{ tpl (.Files.Get .Values.configmapAutoPolicyDiscovery.conf) . | quote }} -{{- end }} - ---- -{{- if not .Values.configmapAutoPolicyDiscovery.enabled -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Values.labels.app }}-config -data: - conf.yaml: |- -{{ toYaml .Values.config | indent 4 }} -{{- end }} \ No newline at end of file diff --git a/deployments/helm/templates/hpa.yaml b/deployments/helm/templates/hpa.yaml deleted file mode 100644 index 57250aff..00000000 --- a/deployments/helm/templates/hpa.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta2 -kind: HorizontalPodAutoscaler -metadata: - name: {{ .Values.labels.app }} - labels: -{{ toYaml .Values.labels | indent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ .Values.labels.app }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/deployments/helm/templates/kafka-secret.yaml b/deployments/helm/templates/kafka-secret.yaml deleted file mode 100644 index a9f37aab..00000000 --- a/deployments/helm/templates/kafka-secret.yaml +++ /dev/null @@ -1,93 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: knoxautopolicy-kafka-ssl -type: Opaque -data: - ca.pem: |- - QmFnIEF0dHJpYnV0ZXMKICAgIGZyaWVuZGx5TmFtZTogY2EuY3J0CiAgICAyLjE2Ljg0MC4xLjEx - Mzg5NC43NDY4NzUuMS4xOiA8VW5zdXBwb3J0ZWQgdGFnIDY+CnN1YmplY3Q9TyA9IGlvLnN0cmlt - emksIENOID0gY2x1c3Rlci1jYSB2MAoKaXNzdWVyPU8gPSBpby5zdHJpbXppLCBDTiA9IGNsdXN0 - ZXItY2EgdjAKCi0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQpNSUlGTFRDQ0F4V2dBd0lCQWdJ - VVhueWRvZlVvZGNLMFp3OWl3SkZvNzd4RFZUMHdEUVlKS29aSWh2Y05BUUVOCkJRQXdMVEVUTUJF - R0ExVUVDZ3dLYVc4dWMzUnlhVzE2YVRFV01CUUdBMVVFQXd3TlkyeDFjM1JsY2kxallTQjIKTURB - ZUZ3MHlNakF5TWpJd09USTVNREphRncweU16QXlNakl3T1RJNU1ESmFNQzB4RXpBUkJnTlZCQW9N - Q21sdgpMbk4wY21sdGVta3hGakFVQmdOVkJBTU1EV05zZFhOMFpYSXRZMkVnZGpBd2dnSWlNQTBH - Q1NxR1NJYjNEUUVCCkFRVUFBNElDRHdBd2dnSUtBb0lDQVFDakNjQzVwRDg0S2hTQ00ybkszTzhC - bXRmYVV1LzRpYzhnTGphbjJFMkoKYXF2ckQwdStjaThNN3lURnlFbEk5SGs1dFhzZXJ5Q1N5SGl0 - Nk9NWnJPQ0cwamZVQk5Wc3N3V1BqWVB1VzlLMQpTa0hoamVjektJN1ZjelpWNGhDWkNsdUpMY0Zq - eWZva1FsSXl0UWE2UjhRcFVQVTZZOHZtRk13QStHVXNGUkZxCktvdWVRYnFPaFRBY3E2UitlQmJP - KzBEQmVkT2FVODY1MVIySWZOd1YyWXdscGcrSlVIa1JmRjl2cjZMbDFVVmoKZHVTNUdGOGtpLzBR - anpWWW1WNFZWMGlsZk5JNWRrQVZSelJvZEhoY0RxMEFlNmR4WEl5SFJWWHBzM3gxSUN4RgplWHlJ - NUJvNm53OTRzc0FNTDZlNUZqMkwwalZCanJkeTJLeEduNUlsbVJTUmI3blF0T09rVzZTVFNydjhS - VEp2ClRWWlhPQWJKOEE1cGVlMjRnQkViZDZnSjNLai8zOFRuZlVncEpzNFJCeWhVTHZJMXBiMUpl - Zmc5ek1odllVWjcKTXZGWXZDVTRlZ0VQUXN5QTlFZ1NQb2tZSlJHbkNEUWtJaE5Ia09SZGloQUZB - V0xsSEpHZVAxVjhwdzkyU0NWMApmM0gzUVN3Qm9ieGI3ZTVQWStIazBCaXNJNXMyYm13MmVNK0dZ - T0lvQkZsU3Fob1dnS3JLNDA2cmRobmpGL245CkdhWnFhS3hjbVRsSzhXZ1NUK1NPNkM0QkRYRWx6 - SG15aDJ3clQ4WGJVSW43eWlVa1JJZjFYbjJtTDRyamQ4aDcKQVhLdUVzdVQ5MWg3SG9UNzZCTUt6 - UVZxUDRjV3dFRGZPUVV1UDVHOW80cEFiTlJsblhxaGNPbG5BLzN0VlFwWApBd0lEQVFBQm8wVXdR - ekFkQmdOVkhRNEVGZ1FVcERpcG10SjFUK1ZUbTNGYktYbm1CL3g0S0hnd0VnWURWUjBUCkFRSC9C - QWd3QmdFQi93SUJBREFPQmdOVkhROEJBZjhFQkFNQ0FRWXdEUVlKS29aSWh2Y05BUUVOQlFBRGdn - SUIKQUp3REZ6clAzOUVWT0FUQkJDNk1aVkZ5VjNKeEEzYmdpY1NoM2VTT25paXRwcGhoTmFBMVZp - bWw5NzFhbURYMQo1STZVa0ZzYnI3L29VR3E1M0k4NUh3cHZRYXkzcVVEc1QyemxUNTlyallLZDhz - UjY4Nm96VWVIZmpUZlRLYjRlClVuRUZramN2Ukh3b2s5K3l3ODZPMUNNRTVYWm1IQzV5dGltNEx1 - eFI1dmJ3NnpRcWhIRGg5dWRmRjF6OEM5MzQKVkNWMFovcmE3S1dBZ2g0NzViMGIvYlhaWnN5dW5Q - bC9rQWRTQVBpWVJ6R1VrYnY4aFM5MWFrbVAzTGVZTHNrVgoyUEVUNEpFSHFSdVZzNSttNVZsOU5M - bU00VTdyV3ZQVDU1aHFyd0lIQ0gwRXNSbUNhU01vUlRrRjVDUWtmNis1CmZ0VExFUkRGb2hWSTJ3 - RGxOUFZyV2pUQTBtazZTNUZaSHBGY0lVT1RCV0ovZzJBSi9lQkdZUCt0bGM5aUk1aUIKWUtwM3Yy - cFVGVUVnNHFBMEJsSUlHOFZMS1hwaEJhdDh6MGF2RkgrbDBrSkNyWTJyMlNDSkt5VTRFcUc3MzhV - UAo0eEJWTFY4NGQzTlduQitMZkhGV1hDNDdVTnRoSlZUcnk4eDR0WWMyWEZCQXRNM1pOODUyQWJs - dVBuNy9OcFV4ClBQOGEvQ3FvMngvSmRGQk5XM3QwN1ZOK1RkUjdmd1JiYzlDWEtWUzQ5STBWSSt6 - Z2Mwb3RvWHplV3pJY1JIWE8KS0UrQjFFVzVuYkliUUJ2c1RsSkptNVBQNG1NMnlEdDJKWU1UR3JV - UFkrTk5BOVFzRGc4QjJYYVovT3NCY0h2SgplbktUWndQUDBHczR3VmNWTTFpYnppNFN5R2NGOUtR - NzdlZmR1ZEFzRGd3YgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - user.p12: |- - MIIK4gIBAzCCCqgGCSqGSIb3DQEHAaCCCpkEggqVMIIKkTCCBQcGCSqGSIb3DQEHBqCCBPgwggT0 - AgEAMIIE7QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQI7FGeHXJINOcCAggAgIIEwKZ1PnsQ - wtC2jWrfmwbFQfZe0BmIQK+PmIw6jE46YVECTxzh9bnKpqD9KefTQN0bON2jTMa1o+r+DBV+cjrF - TwcLbyqB/ImTm8qY5X/hoPQS1RknC57HTy7O5ypG/ZoRj4f3I8OKGJknIvmc5K2unobCpMENfjIu - hHWA4nfBN6ZBD9uKIUOy4Mowz5oJ/tCx3OAhgMGOO217r9gxIzmZFC8lUhJzNeAm3LIjC0NCxu/y - n2aNTCk2hQ9FdY5tHBnd2DUlUp52O1DfZ339TYu0T04ggdBDLUy/gw7qY6R24oVPDTH4IpsdZoD6 - 7uJdaDGYV8n7EDYTOhBJ6SrkfBTv5eOaoPmB5WHE295VVI5rnx9UwtSJcw2/MDKIh2UMNS/LRqL0 - X2iGQPNwAqI2tqTAlYphnW87GBqYhH+3oOvI9VdMLOfgkd8hYdnzqlFMwWdm/VHX9+xXYlOMYDWF - PtFkz7m0TxlX8ubymjEWRxaRa5ee+4YTg8y5orGwGhtSisME5CBGyJJb8fBiZRjlr1ejK420UXdt - iw2Dzg7sdKmPJ3TKvR0pr85XVcyH9KrMCu6wNCtpB5HNgmSEFlP0PavRP13D0F+k6hPpRi1rinN2 - detorNDzO2HsQ4UrtjWIBHVxHWRsoMkc7leufJEJuLN/zKar7wDg0pwKX1Xa8pvo+GzZXQZoVomU - eMtAfMUtjxqeK/3U4s7yWgydA4bYLpOZ5RaPnf6dCt6rRg+XnPkpvCzYfMsGyj+rJBeEGNjDMc2L - ermVA8CULl16gPFQCito0ARmny51oMFWi/uISXZTkIC1hGY0DwIA9yzeqBScS7Oay+Zoryq+q8AS - PjUptslnqtGS3x25tqqkC37m0CGuVB8LKbsRBwFSFmc2NkhwztloWyHbLd3/eOXYRrOUdJP6NY4I - msF4Pbheyc9zESXiW+HaBMHIfyX8aW6KuaiQhKa2Q+cIvYXO09ks0+nMlqijpNiYrtU8GaiuU+5P - 2hWrNjXxiul9/gq3zeN5vxRqxEtBOsql25wX5MmQRx+glPGqfX2V+W/gTIT3ic50ij3332h1nsA2 - Nc9xKqkUZ90mvL0quSHCYrpuTYcXfHHffJ/lDEboAWwpQ8UNnmjjNIE/7LD1lpXZzJjjrvVVzFvq - ajDhL3CDgcPLHcXqGx5ElDTt6srdwjWVLyIoUv1SzTG7A/etOD6+lvABE27y8xr0iaQx9JwTzgpq - CbU9UlP/SbU+GKtXLy7FU+WByMrKE7ELpBfrv/CWu4TTAKgApphj/ESn+z1QwVb3KRSLaULpSkmZ - U2ygwhNc/kNx3se5OIk9o/dFshxAsTuw7EFHosoDDugHiZerSrz2PWJ+jMt+PwLvLv7CDjoDGxmG - Am6tIpxYnngp/KVSEriCUghN8C3auLxLQ8PqMeDda/rVeIIfkOtik+kBcOoWf6vcvY6C4fV+DY7H - hDDhpX+OoylvzN6003YbYyw153vOAxXH+cGO0lt+8/1VRj7kDDckeEvV9SxSYpEGF5uwy5jHvB/B - 4InGqo8q1bmpPgsSkYMOzUCRtK5S1Ax4+meg2krXGN8cIDTebDgyAjQmbyrdFLwBuMomuGi0WIgR - sQr4iK0slc4FAfzQsVEwggWCBgkqhkiG9w0BBwGgggVzBIIFbzCCBWswggVnBgsqhkiG9w0BDAoB - AqCCBO4wggTqMBwGCiqGSIb3DQEMAQMwDgQIuxvKoyJGqzUCAggABIIEyCTDNSGFIYh7ghwYmrT6 - o482P68zrpfPYaH7MQSf/F3kQbV7Ke61mgfXwxP82oTpVDSYqbotIjvfiabP8YGKIcUuBBk3wL/d - FIljH3AsLZz4dYfxExRIJn/xAGDrAryWoXfhNucbdkT9XM13cJ0OGGDUcoibthHJAHNyc5tlWqpg - nMhnWbul8lb2dGmdtpD+USyVVnfdTaJWe8LsiMGtaR9pgRWJ9XO7B9h617AGddoq49ZogjPMOKTj - FMR/6MUSxw+DgKUyS8RNPda39go8ZqsxyBbiERAhls3WU4xwLx54lkOrGgShjlwMw5bysCnxPPuU - zJ9RHsaaAn27zb+2A8A9MY4ChrOU4hccyIV4y+oTN7BT9Q1JK3JVl5hP+4AEr3WyOoKysRC2T/0b - /nMC+Qvyjl5G4Vs2XA0uKZgfXpuJmSDm8Y2MDLHjc3+DZXTSpio1ghtLcBYlbqT/g6F8xD99Idf2 - hO4M6FSjt+mOPV7bZuQT7Me1lKkrMZSbxfcXeiHTWxb3FZtNd+FQiJ9uvsXgvhW/K2jPkTW4LE7T - UH7jh8ACZyUupXo+Aik+7gRLOH6kjNKzI/uv9dsM7jGOHzufzRH/2c1dV4qy3DY4DTfFPaiWt6of - Lsth1OE1ulm56y4bM8HUNe6Tbx0ZR3Gqze+Fc2sZjEa1TD67nVgQnqN9pnMoEyJ1ylmaBy6Yaqij - Hcouldg76g4rvz2Evh5h+M36ajskB64Vc40L0FgGjuMInym5JF7HjQPjWFK9qHxwN0rOMV4wdVy/ - RBTRyGrMgD8H3WJ/kOGG5QN9vRKdqjwiIhPjJbrc/tP2/amLBmFe5pNbxoheDBVlD60VII3PdEdm - 3DUPla+7NLizhxqAZmvNhUsnO2iQmLqlnbYKIvIQzOBCfgxrH3NWRTB6MyI1slvDaTWDnDzrwK0N - RRreVrZmxGWwdUATMU7jB9dnt3Oy4wv+x4GVVPmgOuwR0u9w8MSzZzADK/LAJYGDrzHPh1TcAP7m - L/W9uHSUwu3UNmemFcPF12Pvkma8VqqbPeMLUELOFJFIdEytnEtls8enrZMSQHTB0HytUur27VxI - 99BVbwAL9+Ys5PiFIdd3ZLHKjTBnQfnUiRU+UsFhoSk/6ND8+qo8Pq3t4LccsmC7cEXeNmfvbFT8 - BrNy44v+JWlEXsoVDKh/oj0EwBs2k1bYwizJKQvI/2pEfaJeRYTGa4porHpw08tFGcYLE4nALnL/ - BURNYqwDMusM4punn8MO2PGHbXPRIp5YduQ1zCNeRaP5jI1tXWvBtww7k6VVd+iA7m46RgzViBQg - zQhq4fO7XZhLcgYXx+7g2HzDo7mSN3xnL+E8eemw3fbNjwcKn792Ap60uLddIYSAu4jVlX0CaV+Z - advyvwmdUqmJjQRIBEtcOS9yylU3x2CrOjmsRDGUd1yz090fZgIFV0tDoEKKJ8cnmj84+2BgJJi+ - YZLqfLxIuNlCXy8llm119cWgI6mJVJwVnR2pKEwcdsS4M9OWmxxZ7bnGQBTwKzP9z6I2c10zDIzQ - uOmO1I9Vw1CT/6F3n17evrbCnzQmtrmE6QeVad3oLTUFg7QlZNOvmVN0s/2XSIZRTWk+1g2KZw9i - tCFE9AbPMjngIZ0eTTFmMCMGCSqGSIb3DQEJFTEWBBRuXus+UxitubJc/q5Z4yjneReY2jA/Bgkq - hkiG9w0BCRQxMh4wAG4AbwBkAGUALQBlAHYAZQBuAHQALQBmAGUAZQBkAGUAcgAtAGMAbwBtAG0A - bwBuMDEwITAJBgUrDgMCGgUABBTtX3c3yvWF58KxQKc9CXCvMvP9ugQIEDybHDd8dx8CAggA diff --git a/deployments/helm/templates/secret.yaml b/deployments/helm/templates/secret.yaml deleted file mode 100644 index f1f8af19..00000000 --- a/deployments/helm/templates/secret.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -data: - .dockerconfigjson: eyJhdXRocyI6eyJhZ2VudHMuYWNjdWtub3guY29tIjp7InVzZXJuYW1lIjoiYWNjdWtub3gtdXNlciIsInBhc3N3b3JkIjoiNVU6dTh+d3UtYiIsImF1dGgiOiJZV05qZFd0dWIzZ3RkWE5sY2pvMVZUcDFPSDUzZFMxaSJ9fX0= -kind: Secret -metadata: - name: agent-creds -type: kubernetes.io/dockerconfigjson \ No newline at end of file diff --git a/deployments/helm/templates/service.yaml b/deployments/helm/templates/service.yaml deleted file mode 100644 index 87cc4b6d..00000000 --- a/deployments/helm/templates/service.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.labels.app }} - labels: -{{ toYaml .Values.labels | indent 4 }} -spec: - ports: - - port: {{ .Values.service.port }} - targetPort: {{ .Values.service.targetPort }} # Port in microservice - protocol: {{ .Values.service.protocol }} - selector: - app: {{ .Values.labels.app }} diff --git a/deployments/helm/templates/serviceaccount.yaml b/deployments/helm/templates/serviceaccount.yaml deleted file mode 100644 index 9307c4f1..00000000 --- a/deployments/helm/templates/serviceaccount.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: knoxautopolicy ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: knoxautopolicy -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: -- kind: ServiceAccount - name: knoxautopolicy - namespace: {{ .Values.namespace.name }} \ No newline at end of file diff --git a/deployments/helm/values-dev.yaml b/deployments/helm/values-dev.yaml deleted file mode 100644 index a41e0c21..00000000 --- a/deployments/helm/values-dev.yaml +++ /dev/null @@ -1,178 +0,0 @@ -# Default values for helm. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -image: - repository: agents.accuknox.com/repository/docker-dev/knoxautopolicy - pullPolicy: Always - # Overrides the image tag whose default is the chart appVersion. - tag: "" - -labels: - app: knoxautopolicy - env: dev - -namespace: accuknox-dev-knoxautopolicy - -#serviceaccountnamespace -namespace: - name: explorer - -volumeMounts: - - mountPath: /conf - name: config-volume - readOnly: true - - mountPath: /kafka-ssl - name: knoxautopolicy-kafka-ssl-volume - readOnly: true -volumes: - - name: config-volume - configMap: - name: knoxautopolicy-config - - name: knoxautopolicy-kafka-ssl-volume - secret: - secretName: knoxautopolicy-kafka-ssl - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -podAnnotations: {} - -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -service: - type: ClusterIP - port: 9089 - -ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: [] - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: - requests: - cpu: 800m - memory: 2Gi - limits: - cpu: 800m - memory: 2Gi - -autoscaling: - enabled: false - minReplicas: 2 - maxReplicas: 5 - targetCPUUtilizationPercentage: 75 - targetMemoryUtilizationPercentage: 75 - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -configmapAutoPolicyDiscovery: - enabled: false - conf: "configmapfiles/autopolicydiscovery/conf.yaml" - -# conf.yaml -config: - application: - name: knoxautopolicy - network: - operation-mode: 1 # 1: cronjob | 2: one-time-job - cron-job-time-interval: "0h0m30s" # format: XhYmZs - operation-trigger: 10000 - network-log-limit: 10000 - network-log-from: "kafka" # db|hubble - network-log-file: "./flow.json" # file path - network-policy-to: "db" # db, file - network-policy-dir: "./" - network-policy-types: 3 - network-policy-rule-types: 511 - skip-cert-verification: true - system: - operation-mode: 1 # 1: cronjob | 2: one-time-job - cron-job-time-interval: "0h0m30s" # format: XhYmZs - operation-trigger: 1000 - system-log-limit: 10000 - system-log-from: "kafka" # db|kubearmor - system-log-file: "./log.json" # file path - system-policy-to: "db" # db, file - system-policy-dir: "./" - deprecate-old-mode: true - cluster: - cluster-info-from: "accuknox" # k8sclient|accuknox - cluster-mgmt-url: "https://api-dev.accuknox.com" - - database: - driver: mysql - host: accuknox-dev-mysql-haproxy.accuknox-dev-mysql-db.svc.cluster.local - port: 3306 - user: accuknox_user - password: EAy5Kq4uhc5Gkws - dbname: accuknox - table-network-log: network_log - table-network-policy: network_policy - table-system-log: system_log - table-system-alert: system_alert - table-system-policy: system_policy - - feed-consumer: - kafka: - number-of-consumers: 3 - broker-address-family: v4 - session-timeout-ms: 6000 - auto-offset-reset: "latest" # earliest | latest - bootstrap-servers: "dev-kafka-kafka-bootstrap.accuknox-dev-kafka.svc.cluster.local:9092" - #bootstrap-servers: "dev-kafka-kafka-external-bootstrap.accuknox-dev-kafka.svc.cluster.local:9095" - group-id: knoxautopolicy - topics: - - cilium-alerts - - kubearmor-alerts - security: - protocol: SSL - ssl: - enabled: false - ca: - location: /kafka-ssl/ca.pem - keystore: - location: /kafka-ssl/user.p12 - pword: DHmHwNYy22At - events: - buffer: 50 - - logging: - level: "INFO" - - cilium-hubble: - url: 10.4.41.240 - port: 80 diff --git a/deployments/helm/values-prod.yaml b/deployments/helm/values-prod.yaml deleted file mode 100644 index 94bb3282..00000000 --- a/deployments/helm/values-prod.yaml +++ /dev/null @@ -1,173 +0,0 @@ -# Default values for helm. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -image: - repository: gcr.io/mimetic-kit-294408/production/knoxautopolicy - pullPolicy: Always - # Overrides the image tag whose default is the chart appVersion. - tag: "" - -labels: - app: knoxautopolicy - env: prod - -namespace: accuknox-knoxautopolicy - -#serviceaccountnamespace -namespace: - name: explorer - -volumeMounts: - - mountPath: /conf - name: config-volume - readOnly: true - - mountPath: /kafka-ssl - name: knoxautopolicy-kafka-ssl-volume - readOnly: true -volumes: - - name: config-volume - configMap: - name: knoxautopolicy-config - - name: knoxautopolicy-kafka-ssl-volume - secret: - secretName: knoxautopolicy-kafka-ssl - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -podAnnotations: {} - -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -service: - type: ClusterIP - port: 9089 - -ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: [] - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: - requests: - cpu: 800m - memory: 2Gi - limits: - cpu: 800m - memory: 2Gi - -autoscaling: - enabled: true - minReplicas: 2 - maxReplicas: 5 - targetCPUUtilizationPercentage: 75 - targetMemoryUtilizationPercentage: 75 - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -# conf.yaml -config: - application: - name: knoxautopolicy - network: - operation-mode: 1 # 1: cronjob | 2: one-time-job - cron-job-time-interval: "0h0m30s" # format: XhYmZs - operation-trigger: 10000 - network-log-limit: 10000 - network-log-from: "kafka" # db|hubble - network-log-file: "./flow.json" # file path - network-policy-to: "db" # db, file - network-policy-dir: "./" - network-policy-types: 3 - network-policy-rule-types: 511 - skip-cert-verification: true - system: - operation-mode: 1 # 1: cronjob | 2: one-time-job - cron-job-time-interval: "0h0m30s" # format: XhYmZs - operation-trigger: 1000 - system-log-limit: 10000 - system-log-from: "kafka" # db|kubearmor - system-log-file: "./log.json" # file path - system-policy-to: "db" # db, file - system-policy-dir: "./" - deprecate-old-mode: true - cluster: - cluster-info-from: "accuknox" # k8sclient|accuknox - cluster-mgmt-url: "https://api.accuknox.com" - - database: - driver: mysql - host: accuknox-mysql-haproxy.accuknox-mysql.svc.cluster.local - port: 3306 - user: accuknox_user - password: EAy5Kq4uhc5Gkws - dbname: accuknox - table-network-log: network_log - table-network-policy: network_policy - table-system-log: system_log - table-system-alert: system_alert - table-system-policy: system_policy - - feed-consumer: - kafka: - number-of-consumers: 3 - broker-address-family: v4 - session-timeout-ms: 6000 - auto-offset-reset: "latest" # earliest | latest - bootstrap-servers: "accuknox-kafka-bootstrap.accuknox-kafka.svc.cluster.local:9092" - group-id: knoxautopolicy - topics: - - cilium-alerts - - kubearmor-alerts - security: - protocol: SSL - ssl: - enabled: false - ca: - location: /kafka-ssl/ca.pem - keystore: - location: /kafka-ssl/user.p12 - pword: DHmHwNYy22At - events: - buffer: 50 - - logging: - level: "INFO" - - cilium-hubble: - url: 10.4.41.240 - port: 80 diff --git a/deployments/helm/values-snapshot.yaml b/deployments/helm/values-snapshot.yaml deleted file mode 100644 index dfcd9f35..00000000 --- a/deployments/helm/values-snapshot.yaml +++ /dev/null @@ -1,178 +0,0 @@ -# Default values for helm. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -image: - repository: gcr.io/mimetic-kit-294408/snapshot/knoxautopolicy - pullPolicy: Always - # Overrides the image tag whose default is the chart appVersion. - tag: "" - -labels: - app: knoxautopolicy - env: dev - -namespace: accuknox-dev-knoxautopolicy - -#serviceaccountnamespace -namespace: - name: explorer - -volumeMounts: - - mountPath: /conf - name: config-volume - readOnly: true - - mountPath: /kafka-ssl - name: knoxautopolicy-kafka-ssl-volume - readOnly: true -volumes: - - name: config-volume - configMap: - name: knoxautopolicy-config - - name: knoxautopolicy-kafka-ssl-volume - secret: - secretName: knoxautopolicy-kafka-ssl - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -podAnnotations: {} - -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -service: - type: ClusterIP - port: 9089 - -ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: [] - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: - requests: - cpu: 800m - memory: 2Gi - limits: - cpu: 800m - memory: 2Gi - -autoscaling: - enabled: false - minReplicas: 2 - maxReplicas: 5 - targetCPUUtilizationPercentage: 75 - targetMemoryUtilizationPercentage: 75 - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -configmapAutoPolicyDiscovery: - enabled: false - conf: "configmapfiles/autopolicydiscovery/conf.yaml" - -# conf.yaml -config: - application: - name: knoxautopolicy - network: - operation-mode: 1 # 1: cronjob | 2: one-time-job - cron-job-time-interval: "0h0m30s" # format: XhYmZs - operation-trigger: 10000 - network-log-limit: 10000 - network-log-from: "kafka" # db|hubble - network-log-file: "./flow.json" # file path - network-policy-to: "db" # db, file - network-policy-dir: "./" - network-policy-types: 3 - network-policy-rule-types: 511 - skip-cert-verification: true - system: - operation-mode: 1 # 1: cronjob | 2: one-time-job - cron-job-time-interval: "0h0m30s" # format: XhYmZs - operation-trigger: 1000 - system-log-limit: 10000 - system-log-from: "kafka" # db|kubearmor - system-log-file: "./log.json" # file path - system-policy-to: "db" # db, file - system-policy-dir: "./" - deprecate-old-mode: true - cluster: - cluster-info-from: "accuknox" # k8sclient|accuknox - cluster-mgmt-url: "https://api-dev.accuknox.com" - - database: - driver: mysql - host: accuknox-dev-mysql-haproxy.accuknox-dev-mysql-db.svc.cluster.local - port: 3306 - user: accuknox_user - password: EAy5Kq4uhc5Gkws - dbname: accuknox - table-network-log: network_log - table-network-policy: network_policy - table-system-log: system_log - table-system-alert: system_alert - table-system-policy: system_policy - - feed-consumer: - kafka: - number-of-consumers: 3 - broker-address-family: v4 - session-timeout-ms: 6000 - auto-offset-reset: "latest" # earliest | latest - bootstrap-servers: "dev-kafka-kafka-bootstrap.accuknox-dev-kafka.svc.cluster.local:9092" - #bootstrap-servers: "dev-kafka-kafka-external-bootstrap.accuknox-dev-kafka.svc.cluster.local:9095" - group-id: knoxautopolicy - topics: - - cilium-alerts - - kubearmor-alerts - security: - protocol: SSL - ssl: - enabled: false - ca: - location: /kafka-ssl/ca.pem - keystore: - location: /kafka-ssl/user.p12 - pword: DHmHwNYy22At - events: - buffer: 50 - - logging: - level: "INFO" - - cilium-hubble: - url: 10.4.41.240 - port: 80 diff --git a/deployments/helm/values-verify.yaml b/deployments/helm/values-verify.yaml deleted file mode 100644 index cbe2e7c7..00000000 --- a/deployments/helm/values-verify.yaml +++ /dev/null @@ -1,164 +0,0 @@ -# Default values for helm. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -image: - repository: agents.accuknox.com/repository/docker-verify/knoxautopolicy - pullPolicy: Always - # Overrides the image tag whose default is the chart appVersion. - tag: "" - -labels: - app: knoxautopolicy - env: verify - -namespace: accuknox-verify-knoxautopolicy - -volumeMounts: - - mountPath: /conf - name: config-volume - readOnly: true -volumes: - - name: config-volume - configMap: - name: knoxautopolicy-config - - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -podAnnotations: {} - -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -service: - type: ClusterIP - port: 9089 - -ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: [] - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - - -resources: - requests: - cpu: 800m - memory: 2Gi - limits: - cpu: 800m - memory: 2Gi - -autoscaling: - enabled: true - minReplicas: 2 - maxReplicas: 5 - targetCPUUtilizationPercentage: 75 - targetMemoryUtilizationPercentage: 75 - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -# conf.yaml -config: - application: - name: knoxautopolicy - network: - operation-mode: 1 # 1: cronjob | 2: one-time-job - cron-job-time-interval: "0h0m30s" # format: XhYmZs - operation-trigger: 100000 - network-log-limit: 100000 - network-log-from: "kafka" # db|hubble - network-log-file: "./flow.json" # file path - network-policy-to: "db|file" # db, file - network-policy-dir: "./" - network-policy-types: 3 - network-policy-rule-types: 511 - skip-cert-verification: true - system: - operation-mode: 1 # 1: cronjob | 2: one-time-job - cron-job-time-interval: "0h0m30s" # format: XhYmZs - operation-trigger: 1000 - system-log-limit: 100000 - system-log-from: "kafka" # db|kubearmor - system-log-file: "./log.json" # file path - system-policy-to: "db|file" # db, file - system-policy-dir: "./" - cluster: - cluster-info-from: "accuknox" # k8sclient|accuknox - cluster-mgmt-url: "https://api-dev.accuknox.com" - - database: - driver: mysql - host: accuknox-verify-mysql-haproxy.accuknox-verify-mysql-db.svc.cluster.local - port: 3306 - user: accuknox_user - password: EAy5Kq4uhc5Gkws - dbname: accuknox - table-network-log: network_log - table-network-policy: network_policy - table-system-log: system_log - table-system-alert: system_alert - table-system-policy: system_policy - - feed-consumer: - kafka: - number-of-consumers: 3 - broker-address-family: v4 - session-timeout-ms: 6000 - auto-offset-reset: "earliest" - bootstrap-servers: "accuknox-verify-kafka-kafka-bootstrap.accuknox-verify-kafka.svc.cluster.local:9092" - group-id: knoxautopolicy - topics: - - cilium-alerts - - kubearmor-alerts - security: - protocol: SSL - ssl: - enabled: false - ca: - location: /kafka-ssl/ca.pem - keystore: - location: /kafka-ssl/user.p12 - pword: DHmHwNYy22At - events: - buffer: 50 - - logging: - level: "INFO" - - cilium-hubble: - url: 10.4.41.240 - port: 80 diff --git a/deployments/helm/values.yaml b/deployments/helm/values.yaml deleted file mode 100644 index d70db3d8..00000000 --- a/deployments/helm/values.yaml +++ /dev/null @@ -1,103 +0,0 @@ -# Default values for helm. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -image: - repository: accuknox/knoxautopolicy - pullPolicy: Always - # Overrides the image tag whose default is the chart appVersion. - tag: "dev" - -labels: - app: knoxautopolicy - env: dev - -namespace: accuknox-knoxautopolicy - -volumeMounts: - - mountPath: /conf - name: config-volume - readOnly: true - - mountPath: /kafka-ssl - name: knoxautopolicy-kafka-ssl-volume - readOnly: true -volumes: - - name: config-volume - configMap: - name: knoxautopolicy-config - - name: knoxautopolicy-kafka-ssl-volume - secret: - secretName: knoxautopolicy-kafka-ssl - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -podAnnotations: {} - -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -service: - type: ClusterIP - port: 9089 - -ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: [] - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: - requests: - cpu: 200m - memory: 250Mi - limits: - cpu: 400m - memory: 450Mi - -autoscaling: - enabled: true - minReplicas: 2 - maxReplicas: 5 - targetCPUUtilizationPercentage: 75 - targetMemoryUtilizationPercentage: 75 - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -configmapAutoPolicyDiscovery: - enabled: true - conf: "configmapfiles/conf.yaml" - -cilium_ns: kube-system -kubearmor_ns: kube-system \ No newline at end of file