Skip to content

Commit

Permalink
feat(dependencytrack): 🚀 init
Browse files Browse the repository at this point in the history
  • Loading branch information
@mriedmann
mriedmann committed May 15, 2024
1 parent 7c3ca1e commit 1d7bf1d
Show file tree
Hide file tree
Showing 24 changed files with 698 additions and 1 deletion.
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
charts/dependency-track/charts/*.tgz
26 changes: 25 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
@@ -1 +1,25 @@
# helm-charts
# Cloudflight Helm-Charts

This repository contains some of our internally and externally used helm-charts. Our favorized way to deploy services on kubernetes is Grafana Tanka and Jsonnet, but for some deployments Helm has some benefits.

## Charts

### Dependency Track

This is mainly to provide and develop a openshift compatible chart for dependency-track.

**Why Helm and not Tanka?**

There is an official Helm-Chart of Dependency-Track (https://github.com/DependencyTrack/helm-charts/tree/main) but it is in an early stage and might not work on our openshift setup. We try to upstream our changes in the long-run but for now we will wait for the official helm-chart to stabilize.

## Disclaimer

This Helm chart is provided under the Apache License 2.0. It is made available by Cloudflight "as is" and without any warranty of any kind, either expressed or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose.

Cloudflight provides this chart as a courtesy to the user community and is not obligated to provide any support, updates, or enhancements. Cloudflight is not responsible for any damages or issues that may arise from the use of this chart.

Please note that by using this chart, you agree that you do so at your own risk and you are solely responsible for any consequences that arise from its use.

## License

This project is licensed under the Apache License 2.0. For more details, see the LICENSE file included with this chart.
23 changes: 23 additions & 0 deletions charts/dependency-track/.helmignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
9 changes: 9 additions & 0 deletions charts/dependency-track/Chart.lock
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
dependencies:
- name: postgresql
repository: oci://registry-1.docker.io/bitnamicharts
version: 13.3.0
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
version: 2.14.1
digest: sha256:8e09800850e3e33b392d39bec3efcdecf8f1c5989bf3d28da1c3a249dfb36ea8
generated: "2024-01-17T18:28:02.9085258+01:00"
35 changes: 35 additions & 0 deletions charts/dependency-track/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
apiVersion: v2
name: dependency-track
description: Install OWASP Dependency-Track on Kubernetes (or RedHat Openshift)

# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application

# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0

# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "4.10.0"

dependencies:
- condition: postgresql.enabled
name: postgresql
repository: oci://registry-1.docker.io/bitnamicharts
version: 13.x.x
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
tags:
- bitnami-common
version: 2.x.x
Empty file added charts/dependency-track/charts/.gitempty
View file
Empty file.
22 changes: 22 additions & 0 deletions charts/dependency-track/templates/NOTES.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range $host := .Values.ingress.hosts }}
{{- range .paths }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
{{- end }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "dependency-track.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "dependency-track.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "dependency-track.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "dependency-track.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
{{- end }}
62 changes: 62 additions & 0 deletions charts/dependency-track/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "dependency-track.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}

{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "dependency-track.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}

{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "dependency-track.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}

{{/*
Common labels
*/}}
{{- define "dependency-track.labels" -}}
helm.sh/chart: {{ include "dependency-track.chart" . }}
{{ include "dependency-track.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}

{{/*
Selector labels
*/}}
{{- define "dependency-track.selectorLabels" -}}
app.kubernetes.io/name: {{ include "dependency-track.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

{{/*
Create the name of the service account to use
*/}}
{{- define "dependency-track.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "dependency-track.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
15 changes: 15 additions & 0 deletions charts/dependency-track/templates/apiserver/configmap-oidc.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "dependency-track.fullname" . }}-apiserver-oidc
labels:
app.kubernetes.io/component: apiserver
{{- include "dependency-track.labels" . | nindent 4 }}
data:
ALPINE_OIDC_ENABLED: "{{ .Values.oidc.enabled }}"
ALPINE_OIDC_CLIENT_ID: "{{ .Values.oidc.client_id }}"
ALPINE_OIDC_ISSUER: "{{ .Values.oidc.issuer }}"
ALPINE_OIDC_USERNAME_CLAIM: "{{ .Values.oidc.username_claim }}"
ALPINE_OIDC_USER_PROVISIONING: "{{ .Values.oidc.user_provisioning }}"
ALPINE_OIDC_TEAMS_CLAIM: "{{ .Values.oidc.teams_claim }}"
ALPINE_OIDC_TEAM_SYNCHRONIZATION: "{{ .Values.oidc.team_synchronization }}"
92 changes: 92 additions & 0 deletions charts/dependency-track/templates/apiserver/deployment.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,92 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "dependency-track.fullname" . }}-apiserver
labels:
app.kubernetes.io/component: apiserver
{{- include "dependency-track.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.apiserver.replicaCount }}
selector:
matchLabels:
app.kubernetes.io/component: apiserver
{{- include "dependency-track.selectorLabels" . | nindent 6 }}
strategy:
type: Recreate
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
app.kubernetes.io/component: apiserver
{{- include "dependency-track.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "dependency-track.serviceAccountName" . }}-apiserver
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- image: "{{ .Values.apiserver.image.repository }}:{{ .Values.apiserver.image.tag | default .Chart.AppVersion }}"
name: "{{ .Chart.Name }}-apiserver"
envFrom:
{{- if .Values.oidc.enabled }}
- configMapRef:
name: {{ include "dependency-track.fullname" . }}-apiserver-oidc
{{- end }}
env:
- name: ALPINE_DATA_DIRECTORY
value: "/data"
{{- if .Values.postgresql.enabled }}
- name: ALPINE_DATABASE_MODE
value: "external"
- name: ALPINE_DATABASE_DRIVER
value: "org.postgresql.Driver"
- name: ALPINE_DATABASE_URL
value: jdbc:postgresql://{{ .Release.Name }}-postgresql/{{ .Values.postgresql.auth.database }}
- name: ALPINE_DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-postgresql
key: password
- name: ALPINE_DATABASE_USERNAME
value: {{ .Values.postgresql.auth.username }}
{{- end }}
{{- with .Values.apiserver.env }}
{{- toYaml . | nindent 8 }}
{{- end }}
ports:
- containerPort: 8080
name: http
volumeMounts:
- name: data
mountPath: /data
- name: tmp
mountPath: /tmp
resources:
limits:
cpu: 2
memory: 6Gi
requests:
cpu: 250m
memory: 6Gi
restartPolicy: Always
volumes:
- name: tmp
emptyDir: {}
- name: data
{{- if .Values.apiserver.persistentVolume.enabled }}
persistentVolumeClaim:
claimName: {{ if .Values.apiserver.persistentVolume.existingClaim }}{{ .Values.apiserver.persistentVolume.existingClaim }}{{- else }}{{ include "common.names.fullname" . }}-apiserver{{- end }}
{{- else }}
emptyDir:
{{- if .Values.apiserver.emptyDir.sizeLimit }}
sizeLimit: {{ .Values.apiserver.emptyDir.sizeLimit }}
{{- else }}
{}
{{- end -}}
{{- end }}
33 changes: 33 additions & 0 deletions charts/dependency-track/templates/apiserver/hpa.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
{{- if .Values.autoscaling.enabled }}
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "dependency-track.fullname" . }}-apiserver
labels:
app.kubernetes.io/component: apiserver
{{- include "dependency-track.labels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "dependency-track.fullname" . }}-apiserver
minReplicas: {{ .Values.autoscaling.minReplicas }}
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
metrics:
{{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}
22 changes: 22 additions & 0 deletions charts/dependency-track/templates/apiserver/pvc.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
{{- if .Values.apiserver.persistentVolume.enabled -}}
{{- if not .Values.apiserver.persistentVolume.existingClaim -}}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
{{- with .Values.apiserver.persistentVolume.annotations }}
annotations: {{ toYaml .| nindent 4 }}
{{- end }}
labels:
app.kubernetes.io/component: apiserver
{{- include "dependency-track.labels" . | nindent 4 }}
name: {{ include "common.names.fullname" . }}-apiserver
spec:
accessModes: {{ .Values.apiserver.persistentVolume.accessModes | toYaml | nindent 2 }}
{{- with .Values.apiserver.persistentVolume.storageClass }}
storageClassName: "{{ . }}"
{{- end }}
resources:
requests:
storage: "{{ .Values.apiserver.persistentVolume.size }}"
{{- end -}}
{{- end -}}
22 changes: 22 additions & 0 deletions charts/dependency-track/templates/apiserver/route.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
{{- if and .Values.ingress.enabled .Values.ingress.openshift -}}
kind: Route
apiVersion: route.openshift.io/v1
metadata:
name: {{ include "dependency-track.fullname" . }}-apiserver
labels:
app.kubernetes.io/component: apiserver
{{- include "dependency-track.labels" . | nindent 4 }}
spec:
host: {{ .Values.ingress.host }}
path: /api
to:
kind: Service
name: {{ include "dependency-track.fullname" . }}-apiserver
weight: 100
port:
targetPort: http
tls:
termination: edge
insecureEdgeTerminationPolicy: Redirect
wildcardPolicy: None
{{ end }}
17 changes: 17 additions & 0 deletions charts/dependency-track/templates/apiserver/service.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: apiserver
{{- include "dependency-track.labels" . | nindent 4 }}
name: {{ include "dependency-track.fullname" . }}-apiserver
spec:
type: {{ .Values.service.type }}
ports:
- name: http
port: 8080
targetPort: http
selector:
app.kubernetes.io/component: apiserver
{{- include "dependency-track.selectorLabels" . | nindent 4 }}

Loading

0 comments on commit 1d7bf1d

Please sign in to comment.