From 0585db52cdcfd2ec4f58484777706b406b1ec40c Mon Sep 17 00:00:00 2001 From: Jens Reimann Date: Wed, 13 Mar 2024 13:38:34 +0100 Subject: [PATCH] chore: migrate the workaround to the helm chart In cases where it is not possible to execute any commands when validating helm charts, this workaround can now be triggered through the helm chart itself. --- .github/workflows/ci.yaml | 28 +---------- .../workarounds/010-helm-wait-issue.yaml | 48 +++++++++++++++++++ .../charts/trustification/values.schema.json | 2 +- .../charts/trustification/values.schema.yaml | 22 +++++++++ deploy/k8s/charts/trustification/values.yaml | 2 + 5 files changed, 74 insertions(+), 28 deletions(-) create mode 100644 deploy/k8s/charts/trustification/templates/workarounds/010-helm-wait-issue.yaml diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index a15254228..f8eaf0a71 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -314,32 +314,6 @@ jobs: echo "APP_DOMAIN=$APP_DOMAIN" >> $GITHUB_ENV echo "NAMESPACE=trustification" >> $GITHUB_ENV - # Workaround for [helm#10733](https://github.com/helm/helm/issues/10733): - - name: Create workaround PV - run: | - kubectl create -f - << __EOF__ - apiVersion: v1 - kind: PersistentVolume - metadata: - name: pv-workaround - spec: - accessModes: - - ReadWriteOnce - capacity: - storage: 20Gi - claimRef: - apiVersion: v1 - kind: PersistentVolumeClaim - name: v11y-walker - namespace: trustification - persistentVolumeReclaimPolicy: Delete - storageClassName: standard - volumeMode: Filesystem - hostPath: - type: DirectoryOrCreate - path: /var/local-path-provisioner/pv-workaround - __EOF__ - - name: Create namespace run: | kubectl create ns $NAMESPACE @@ -365,7 +339,7 @@ jobs: - name: Install chart-testing run: | ct install \ - --helm-extra-set-args "--values deploy/k8s/values-minikube.yaml --set-string appDomain=$APP_DOMAIN --set-string image.version=ci --set-string image.registry=localhost" \ + --helm-extra-set-args "--values deploy/k8s/values-minikube.yaml --set-string appDomain=$APP_DOMAIN --set-string image.version=ci --set-string image.registry=localhost --set workarounds.initCronJobPvcs=true" \ --helm-extra-args "--timeout 10m --debug" \ --namespace $NAMESPACE --charts deploy/k8s/charts/trustification \ --target-branch ${{ github.event.repository.default_branch }} diff --git a/deploy/k8s/charts/trustification/templates/workarounds/010-helm-wait-issue.yaml b/deploy/k8s/charts/trustification/templates/workarounds/010-helm-wait-issue.yaml new file mode 100644 index 000000000..8ca91826d --- /dev/null +++ b/deploy/k8s/charts/trustification/templates/workarounds/010-helm-wait-issue.yaml @@ -0,0 +1,48 @@ +{{- if .Values.modules.v11yWalker.enabled }} +{{- if .Values.workarounds.initCronJobPvcs }} + +{{/* +For more details "why" this is necessary, see the description of the field .workarounds.initCronJobPvcs. + +In order to trigger the creation of a volume, and getting the PVC out of the `WaitForFirstConsumer` state, we +simply create a pod. + +**NOTE:** This pod will claim the PVC and thus might prevent the CronJob from working correctly. Do not use this in +production! +*/}} + +{{- $mod := dict "root" . "name" "init-pvc-v11y-walker" "component" "v11y" -}} +{{- $ref := dict "root" . "name" "v11y-walker" "component" "v11y" -}} + +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "trustification.common.name" $mod }} + labels: + {{- include "trustification.common.labels" $mod | nindent 12 }} + +spec: + backoffLimit: 1000 + completions: 1 + parallelism: 1 + ttlSecondsAfterFinished: 600 + + template: + metadata: + labels: + {{- include "trustification.common.selectorLabels" $mod | nindent 12 }} + spec: + restartPolicy: OnFailure + volumes: + - name: init + persistentVolumeClaim: + claimName: {{ include "trustification.common.name" $ref }} + containers: + - image: registry.access.redhat.com/ubi9/ubi-minimal:latest + name: init + command: ["/bin/true"] + volumeMounts: + - mountPath: /mnt + name: init +{{- end }} +{{- end }} diff --git a/deploy/k8s/charts/trustification/values.schema.json b/deploy/k8s/charts/trustification/values.schema.json index fc32dc91d..fb384bc76 100644 --- a/deploy/k8s/charts/trustification/values.schema.json +++ b/deploy/k8s/charts/trustification/values.schema.json @@ -1 +1 @@ -{"$schema": "http://json-schema.org/draft-07/schema#", "title": "Trustification Helm chart values", "type": "object", "additionalProperties": false, "required": ["appDomain", "tracing"], "properties": {"global": {"type": "object"}, "appDomain": {"type": "string", "description": "The base part of the URLs being generated by the chart.\n\nWhen using OpenShift, this should be the application domain, when can be evaluated by running the following\ncommand: `oc -n openshift-ingress-operator get ingresscontrollers.operator.openshift.io default -o jsonpath='{.status.domain}'`.\n"}, "partOf": {"type": "string", "default": "trustification", "description": "The \"part of\" label when creating resources. This can help grouping together deployments.\n"}, "eventBus": {"$ref": "#/definitions/EventBusConfig"}, "storage": {"$ref": "#/definitions/GlobalStorageConfig"}, "bombastic": {"$ref": "#/definitions/GlobalBombastic"}, "vexination": {"$ref": "#/definitions/GlobalVexination"}, "v11y": {"$ref": "#/definitions/GlobalV11y"}, "image": {"$ref": "#/definitions/ImageConfig"}, "authenticator": {"$ref": "#/definitions/AuthenticatorConfig"}, "index": {"$ref": "#/definitions/IndexConfig"}, "openshift": {"type": "object", "additionalProperties": false, "description": "Additional configuration settings in the context of OpenShift.\n", "properties": {"enabled": {"type": "boolean", "description": "Controls of OpenShift specific features are enabled. By default, the chart evaluate automatically if\nthe target cluster is OpenShift and will set the flag accordingly.\n"}, "useServiceCa": {"type": "boolean", "default": true, "description": "Control the usage of the OpenShift service CA.\n"}}}, "oidc": {"$ref": "#/definitions/Oidc"}, "replicas": {"type": "integer", "minimum": 0, "description": "The default number of replicas for scalable deployments.\n"}, "ingress": {"type": "object", "additionalProperties": false, "properties": {"className": {"type": "string"}}}, "serviceMonitor": {"type": "object", "description": "Configure the service monitor for scraping metrics.\n\nEnabling the serviceMonitor feature will create a `ServiceMonitor` (which must be installed upfront) to\nscrape metrics. Metrics should also be enabled in addition, otherwise the service monitor will not find\nany relevant services.\n", "allOf": [{"$ref": "#/definitions/Feature"}]}, "infrastructure": {"type": "object", "additionalProperties": false, "properties": {"port": {"type": "integer", "description": "Port on which infrastructure services are exposed.\n"}}}, "metrics": {"type": "object", "additionalProperties": false, "properties": {"enabled": {"type": "boolean", "description": "Enable support for application metrics.\n"}}}, "tracing": {"type": "object", "additionalProperties": false, "properties": {"enabled": {"type": "boolean", "description": "Enable support for distributed tracing.\n"}}}, "rust": {"$ref": "#/definitions/RustApplicationConfig"}, "guac": {"type": "object", "additionalProperties": false, "properties": {"image": {"$ref": "#/definitions/ImageConfig"}, "database": {"$ref": "#/definitions/PostgresConfig"}, "migrateDatabase": {"$ref": "#/definitions/GuacMigrateDatabaseConfig"}, "initDatabase": {"$ref": "#/definitions/PostgresConfig"}}}, "modules": {"type": "object", "additionalProperties": false, "properties": {"documentation": {"description": "Configuration options for the documentation.\n", "allOf": [{"$ref": "#/definitions/Feature"}, {"$ref": "#/definitions/Image"}, {"$ref": "#/definitions/Ingress"}, {"$ref": "#/definitions/Application"}, {"$ref": "#/definitions/Scalable"}]}, "bombasticApi": {"description": "Configuration options for the Bombastic API.\n", "allOf": [{"$ref": "#/definitions/Feature"}, {"$ref": "#/definitions/Image"}, {"$ref": "#/definitions/Ingress"}, {"$ref": "#/definitions/Application"}, {"$ref": "#/definitions/Scalable"}, {"$ref": "#/definitions/RustApplication"}, {"$ref": "#/definitions/Authenticator"}, {"$ref": "#/definitions/Infrastructure"}, {"$ref": "#/definitions/Metrics"}, {"$ref": "#/definitions/Tracing"}, {"$ref": "#/definitions/HttpApplication"}, {"type": "object", "properties": {"disableSwaggerOidc": {"type": "boolean"}, "uploadLimit": {"description": "Maximum size of an upload request\n", "$ref": "#/definitions/ByteSize"}}}]}, "bombasticCollector": {"description": "Configuration options for the Bombastic collector.\n", "allOf": [{"$ref": "#/definitions/Feature"}, {"$ref": "#/definitions/Image"}, {"$ref": "#/definitions/Application"}]}, "bombasticIndexer": {"description": "Configuration options for the Bombastic indexer.\n", "allOf": [{"$ref": "#/definitions/Feature"}, {"$ref": "#/definitions/Image"}, {"$ref": "#/definitions/Application"}, {"$ref": "#/definitions/RustApplication"}, {"$ref": "#/definitions/Infrastructure"}, {"$ref": "#/definitions/Metrics"}, {"$ref": "#/definitions/Tracing"}, {"$ref": "#/definitions/Index"}, {"$ref": "#/definitions/EventBus"}, {"$ref": "#/definitions/Storage"}, {"type": "object", "properties": {"alwaysReindex": {"type": "boolean"}, "topics": {"$ref": "#/definitions/StorageTopics"}}}]}, "spogApi": {"description": "Configuration options for the SPoG API backend.\n", "allOf": [{"$ref": "#/definitions/Feature"}, {"$ref": "#/definitions/Image"}, {"$ref": "#/definitions/Ingress"}, {"$ref": "#/definitions/Application"}, {"$ref": "#/definitions/Scalable"}, {"$ref": "#/definitions/RustApplication"}, {"$ref": "#/definitions/Authenticator"}, {"$ref": "#/definitions/Infrastructure"}, {"$ref": "#/definitions/Metrics"}, {"$ref": "#/definitions/Tracing"}, {"$ref": "#/definitions/HttpApplication"}, {"type": "object", "properties": {"crdaUrl": {"type": "string", "format": "uri"}, "snykToken": {"$ref": "#/definitions/ValueOrRef"}, "segmentWriteKey": {"$ref": "#/definitions/ValueOrRef"}, "disableSwaggerOidc": {"type": "boolean"}}}, {"type": "object", "properties": {"uiConfiguration": {"$ref": "#/definitions/SpogUiConfiguration"}}}]}, "spogUi": {"description": "Configuration options for the SPoG frontend.\n", "allOf": [{"$ref": "#/definitions/Feature"}, {"$ref": "#/definitions/Image"}, {"$ref": "#/definitions/Ingress"}, {"$ref": "#/definitions/Application"}, {"$ref": "#/definitions/Scalable"}, {"type": "object", "properties": {"initialBackendJson": {"oneOf": [{"type": "string"}, {"$ref": "https://raw.githubusercontent.com/trustification/trustification/main/spog/ui/crates/backend/schema/config.json"}]}, "segmentWriteKey": {"$ref": "#/definitions/ValueOrRef"}, "brandingConfigMap": {"type": "string"}}}]}, "vexinationApi": {"description": "Configuration options for the Vexination API.\n", "allOf": [{"$ref": "#/definitions/Feature"}, {"$ref": "#/definitions/Image"}, {"$ref": "#/definitions/Ingress"}, {"$ref": "#/definitions/Application"}, {"$ref": "#/definitions/Scalable"}, {"$ref": "#/definitions/RustApplication"}, {"$ref": "#/definitions/Authenticator"}, {"$ref": "#/definitions/Infrastructure"}, {"$ref": "#/definitions/Metrics"}, {"$ref": "#/definitions/Tracing"}, {"$ref": "#/definitions/HttpApplication"}, {"type": "object", "properties": {"disableSwaggerOidc": {"type": "boolean"}, "uploadLimit": {"description": "Maximum size of an upload request\n", "$ref": "#/definitions/ByteSize"}}}]}, "vexinationIndexer": {"description": "Configuration options for the Vexination indexer.\n", "allOf": [{"$ref": "#/definitions/Feature"}, {"$ref": "#/definitions/Image"}, {"$ref": "#/definitions/Application"}, {"$ref": "#/definitions/Scalable"}, {"$ref": "#/definitions/RustApplication"}, {"$ref": "#/definitions/Infrastructure"}, {"$ref": "#/definitions/Metrics"}, {"$ref": "#/definitions/Tracing"}, {"$ref": "#/definitions/Index"}, {"$ref": "#/definitions/EventBus"}, {"$ref": "#/definitions/Storage"}, {"type": "object", "properties": {"alwaysReindex": {"type": "boolean"}, "topics": {"$ref": "#/definitions/StorageTopics"}}}]}, "vexinationCollector": {"description": "Configuration options for the Vexination collector.\n", "allOf": [{"$ref": "#/definitions/Feature"}, {"$ref": "#/definitions/Image"}, {"$ref": "#/definitions/Application"}]}, "v11yApi": {"description": "Configuration options for the V11Y API.\n", "allOf": [{"$ref": "#/definitions/Feature"}, {"$ref": "#/definitions/Image"}, {"$ref": "#/definitions/Ingress"}, {"$ref": "#/definitions/Application"}, {"$ref": "#/definitions/Scalable"}, {"$ref": "#/definitions/RustApplication"}, {"$ref": "#/definitions/Authenticator"}, {"$ref": "#/definitions/Infrastructure"}, {"$ref": "#/definitions/Metrics"}, {"$ref": "#/definitions/Tracing"}, {"$ref": "#/definitions/HttpApplication"}, {"type": "object", "properties": {"disableSwaggerOidc": {"type": "boolean"}, "uploadLimit": {"description": "Maximum size of an upload request\n", "$ref": "#/definitions/ByteSize"}}}]}, "v11yIndexer": {"description": "Configuration options for the V11Y indexer.\n", "allOf": [{"$ref": "#/definitions/Feature"}, {"$ref": "#/definitions/Image"}, {"$ref": "#/definitions/Application"}, {"$ref": "#/definitions/Scalable"}, {"$ref": "#/definitions/RustApplication"}, {"$ref": "#/definitions/Infrastructure"}, {"$ref": "#/definitions/Metrics"}, {"$ref": "#/definitions/Tracing"}, {"$ref": "#/definitions/Index"}, {"$ref": "#/definitions/EventBus"}, {"$ref": "#/definitions/Storage"}, {"type": "object", "properties": {"alwaysReindex": {"type": "boolean"}, "topics": {"$ref": "#/definitions/StorageTopics"}}}]}, "v11yWalker": {"description": "Configuration options for the V11Y walker.\n", "allOf": [{"$ref": "#/definitions/Feature"}, {"$ref": "#/definitions/Image"}, {"$ref": "#/definitions/Application"}, {"$ref": "#/definitions/RustApplication"}, {"$ref": "#/definitions/Infrastructure"}, {"$ref": "#/definitions/Metrics"}, {"$ref": "#/definitions/Tracing"}, {"$ref": "#/definitions/Storage"}, {"$ref": "#/definitions/Scheduled"}, {"type": "object", "properties": {"storageSize": {"type": "string", "description": "Size of the PVC storing the CVE project data checked out from git\n"}, "onlyPrefixes": {"type": "array", "description": "A list of prefixed will be imported only. Any other files will be ignored.\n", "items": {"type": "string"}}}}]}, "guacGraphql": {"description": "Configuration options for the GUAC GraphQL API.\n", "allOf": [{"$ref": "#/definitions/Feature"}, {"$ref": "#/definitions/Image"}, {"$ref": "#/definitions/Infrastructure"}, {"$ref": "#/definitions/Metrics"}, {"$ref": "#/definitions/Application"}, {"$ref": "#/definitions/Scalable"}]}, "guacCollectsub": {"description": "Configuration options for the GUAC collector.\n", "allOf": [{"$ref": "#/definitions/Feature"}, {"$ref": "#/definitions/Image"}, {"$ref": "#/definitions/Application"}]}, "guacInitDb": {"description": "Configuration options for the GUAC database initialization.\n", "allOf": [{"$ref": "#/definitions/Feature"}, {"$ref": "#/definitions/Image"}, {"$ref": "#/definitions/Application"}]}, "initDataset": {"description": "Configuration options for the initial dataset boostrap.\n", "allOf": [{"$ref": "#/definitions/Feature"}, {"$ref": "#/definitions/Image"}, {"$ref": "#/definitions/Application"}]}, "bombasticWalker": {"description": "Configuration options for the Bombastic walker.\n", "allOf": [{"$ref": "#/definitions/Feature"}, {"$ref": "#/definitions/Image"}, {"$ref": "#/definitions/Infrastructure"}, {"$ref": "#/definitions/Application"}, {"$ref": "#/definitions/RustApplication"}, {"type": "object", "required": ["sources"], "properties": {"stateStorageSize": {"type": "string"}, "sources": {"type": "object", "additionalProperties": false, "patternProperties": {"^[a-z0-9A-Z_\\-.]*[a-z0-9A-Z]$": {"$ref": "#/definitions/BombasticWalkerSource"}}}}}]}, "vexinationWalker": {"description": "Configuration options for the Vexination walker.\n", "allOf": [{"$ref": "#/definitions/Feature"}, {"$ref": "#/definitions/Image"}, {"$ref": "#/definitions/Infrastructure"}, {"$ref": "#/definitions/Application"}, {"$ref": "#/definitions/RustApplication"}, {"type": "object", "required": ["sources"], "properties": {"stateStorageSize": {"type": "string"}, "sources": {"type": "object", "patternProperties": {"^[a-z0-9A-Z_\\-.]*[a-z0-9A-Z]$": {"$ref": "#/definitions/VexinationWalkerSource"}}}}}]}, "integrationTests": {"description": "Integration tests which can be run as part of the Helm chart.\n", "allOf": [{"$ref": "#/definitions/Feature"}, {"$ref": "#/definitions/Image"}, {"$ref": "#/definitions/Application"}, {"$ref": "#/definitions/RustApplication"}]}}}, "kafka": {"$ref": "#/definitions/Feature"}, "minio": {"$ref": "#/definitions/Feature"}, "keycloak": {"$ref": "#/definitions/Feature"}, "postgresql": {"$ref": "#/definitions/Feature"}}, "definitions": {"Scalable": {"description": "Configuration options for a scalable deployment.\n", "allOf": [{"type": "object", "properties": {"replicas": {"type": "integer", "minimum": 0}}}]}, "Application": {"type": "object", "description": "Basic application settings\n", "properties": {"serviceAccountName": {"type": "string"}, "resources": {"type": "object"}, "affinity": {"type": "object"}}}, "RustApplication": {"type": "object", "properties": {"rust": {"$ref": "#/definitions/RustApplicationConfig"}}}, "RustApplicationConfig": {"type": "object", "properties": {"logFilter": {"type": "string", "description": "Filter for the `env_logger` logging backend. Will be used as the value for the `RUST_LOG` variable.\n"}, "backtrace": {"type": "boolean", "description": "Allow enabling backtraces in Rust based application, by setting the value of `RUST_BACKTRACE` to `1`.\n"}}}, "Infrastructure": {"type": "object", "properties": {"infrastructure": {"$ref": "#/definitions/InfrastructureConfig"}}}, "InfrastructureConfig": {"type": "object", "properties": {"port": {"$ref": "#/definitions/ValueOrRef"}}}, "Metrics": {"type": "object", "properties": {"tracing": {"$ref": "#/definitions/MetricsConfig"}}}, "MetricsConfig": {"type": "object", "additionalProperties": false, "properties": {"enabled": {"type": "boolean"}}}, "Tracing": {"type": "object", "required": ["tracing"], "properties": {"tracing": {"$ref": "#/definitions/TracingConfig"}}}, "TracingConfig": {"type": "object", "additionalProperties": false, "properties": {"enabled": {"type": "boolean"}}}, "Image": {"type": "object", "properties": {"image": {"$ref": "#/definitions/ImageConfig"}}}, "ImageConfig": {"description": "Configuration for the source of the container image. This can either be the full name of the image, or a\ncombination or registry, name, and version.\n", "oneOf": [{"type": "object", "additionalProperties": false, "required": ["fullName"], "properties": {"fullName": {"type": "string"}, "pullPolicy": {"$ref": "#/definitions/ImagePullPolicy"}}}, {"type": "object", "additionalProperties": false, "properties": {"name": {"type": "string"}, "registry": {"type": "string"}, "pullPolicy": {"$ref": "#/definitions/ImagePullPolicy"}, "version": {"type": "string"}}}]}, "ImagePullPolicy": {"type": "string", "enum": ["IfNotPresent", "Always", "Never"]}, "Ingress": {"type": "object", "required": ["ingress"], "properties": {"ingress": {"$ref": "#/definitions/IngressConfig"}}}, "IngressConfig": {"type": "object", "additionalProperties": false, "properties": {"className": {"type": "string"}, "additionalAnnotations": {"type": "object", "additionalProperties": {"type": "string"}, "description": "Additional annotations which will be used as annotations on `Ingress` resources.\n"}}}, "Feature": {"type": "object", "properties": {"enabled": {"type": "boolean", "description": "A flag to enable/disable the whole feature. This can be used on individual modules to completely disable\ntheir deployment.\n"}}}, "Authenticator": {"type": "object", "properties": {"authenticator": {"$ref": "#/definitions/AuthenticatorConfig"}}}, "AuthenticatorConfig": {"description": "The configuration file of the authentication process for all non-GUAC processes.\n\nThis can either be a full configuration file in either structured or string form. Or it can be a reference\nto a config map, which is expected to contain a suitable configuration file.\n\nBy default, a suitable file will be created for the configured OIDC issuer solution used. The default OIDC issuer\nis Keycloak. This can be overridden using the `type` property.\n", "oneOf": [{"type": "string"}, {"$ref": "#/definitions/ConfigMapRef"}, {"type": "object", "additionalProperties": false, "required": ["content"], "properties": {"content": {"$ref": "https://raw.githubusercontent.com/trustification/trustification/main/auth/schema/auth.json"}}}, {"type": "object", "additionalProperties": false, "required": ["type"], "properties": {"type": {"type": "string", "enum": ["keycloak"]}}}, {"type": "object", "additionalProperties": false, "required": ["type", "cognitoDomainUrl"], "properties": {"type": {"type": "string", "enum": ["cognito"]}, "cognitoDomainUrl": {"type": "string", "format": "url"}}}]}, "Oidc": {"type": "object", "additionalProperties": false, "properties": {"issuerUrl": {"type": "string", "format": "uri", "description": "The URL to the issuer.\n"}, "insecure": {"type": "boolean", "description": "Use insecure TLS when communicating with the issuer (DANGER!)\n", "default": false}, "clients": {"properties": {"frontend": {"description": "OIDC client configuration for the frontend/SPoG.\n", "$ref": "#/definitions/OidcPublicClient"}, "walker": {"description": "OIDC client configuration for the backend.\n", "$ref": "#/definitions/OidcSecretClient"}, "testing-user": {"description": "OIDC client for testing user operations during the Integration Test\n", "$ref": "#/definitions/OidcSecretClient"}, "testing-manager": {"description": "OIDC client for testing manager operations during the Integration Test\n", "$ref": "#/definitions/OidcSecretClient"}}}}}, "OidcClient": {"type": "object", "properties": {"clientId": {"type": "string"}, "issuerUrl": {"type": "string", "format": "uri"}, "insecure": {"type": "boolean", "description": "Use insecure TLS when communicating with the issuer (DANGER!)", "default": false}}}, "OidcPublicClient": {"allOf": [{"$ref": "#/definitions/OidcClient"}, {"type": "object", "properties": {"scopes": {"type": "string"}}}]}, "OidcSecretClient": {"allOf": [{"$ref": "#/definitions/OidcClient"}, {"type": "object", "required": ["clientSecret"], "properties": {"clientSecret": {"$ref": "#/definitions/ValueOrRef"}}}]}, "ValueOrRef": {"description": "Accepts either a direct value, or a reference to the source of the value.\n", "oneOf": [{"type": "null"}, {"type": "string"}, {"$ref": "#/definitions/ValueRef"}]}, "ValueRef": {"oneOf": [{"type": "object", "additionalProperties": false, "required": ["valueFrom"], "properties": {"valueFrom": {"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.0/_definitions.json#/definitions/io.k8s.api.core.v1.EnvVarSource"}}}, {"type": "object", "additionalProperties": false, "required": ["value"], "properties": {"value": {"type": "string"}}}]}, "SpogUiConfiguration": {"description": "The configuration of the SPoG UI.\n\nEither in the structured or string form. Or, by providing a reference to an existing `ConfigMap`, containing a\nsuitable configuration file.\n", "oneOf": [{"type": "string", "description": "The configuration provided as a string (must still be YAML)"}, {"$ref": "#/definitions/ConfigMapRef"}, {"type": "object", "additionalProperties": false, "required": ["content"], "description": "The actual configuration", "properties": {"content": {"$ref": "https://raw.githubusercontent.com/trustification/trustification/main/spog/model/schema/config.json"}}}]}, "ConfigMapRef": {"type": "object", "additionalProperties": false, "description": "A reference to a `ConfigMap`.\n", "required": ["configMapRef"], "properties": {"configMapRef": {"type": "object", "additionalProperties": false, "required": ["name"], "properties": {"name": {"type": "string", "description": "The name of the config map"}, "key": {"type": "string", "description": "The name of the key inside the config map"}}}}}, "Index": {"type": "object", "properties": {"index": {"$ref": "#/definitions/IndexConfig"}}}, "IndexConfig": {"type": "object", "additionalProperties": false, "description": "Configuration of index specific options.\n", "properties": {"mode": {"$ref": "#/definitions/IndexMode"}, "writerMemoryBytes": {"type": "string"}, "syncInterval": {"$ref": "#/definitions/SyncInterval"}}}, "IndexMode": {"type": "string", "enum": ["file"]}, "Storage": {"type": "object", "properties": {"storage": {"$ref": "#/definitions/StorageConfig"}}}, "GlobalStorageConfig": {"type": "object", "additionalProperties": false, "required": ["accessKey", "secretKey"], "properties": {"accessKey": {"description": "The access key/username to the storage resource\n", "$ref": "#/definitions/ValueOrRef"}, "secretKey": {"description": "The secret key/password to the storage resource\n", "$ref": "#/definitions/ValueOrRef"}, "region": true, "endpoint": true}, "oneOf": [{"type": "object", "required": ["region"], "properties": {"region": {"type": "string"}}}, {"type": "object", "required": ["endpoint"], "properties": {"endpoint": {"type": "string", "format": "uri"}}}]}, "StorageConfig": {"oneOf": [{"type": "object", "additionalProperties": false, "required": ["bucket"], "properties": {"bucket": {"type": "string"}}}, {"type": "object", "additionalProperties": false, "required": ["accessKey", "secretKey", "bucket"], "properties": {"accessKey": {"$ref": "#/definitions/ValueOrRef"}, "secretKey": {"$ref": "#/definitions/ValueOrRef"}, "bucket": {"type": "string"}, "region": true, "endpoint": true}, "oneOf": [{"type": "object", "required": ["region"], "properties": {"region": {"type": "string"}}}, {"type": "object", "required": ["endpoint"], "properties": {"endpoint": {"type": "string", "format": "uri"}}}]}]}, "StorageTopics": {"type": "object", "additionalProperties": false, "required": ["stored", "indexed", "failed"], "properties": {"stored": {"type": "string"}, "indexed": {"type": "string"}, "failed": {"type": "string"}}}, "EventBus": {"type": "object", "properties": {"eventBus": {"$ref": "#/definitions/EventBus"}}}, "EventBusConfig": {"oneOf": [{"$ref": "#/definitions/EventBusConfigKafka"}, {"$ref": "#/definitions/EventBusConfigSqs"}]}, "EventBusConfigKafka": {"type": "object", "additionalProperties": false, "required": ["type", "bootstrapServers", "config"], "properties": {"type": {"type": "string", "enum": ["kafka"]}, "bootstrapServers": {"type": "string"}, "config": {"$ref": "#/definitions/KafkaConfig"}}}, "EventBusConfigSqs": {"type": "object", "additionalProperties": false, "required": ["type", "accessKey", "secretKey", "region"], "properties": {"type": {"type": "string", "enum": ["sqs"]}, "accessKey": {"$ref": "#/definitions/ValueOrRef"}, "secretKey": {"$ref": "#/definitions/ValueOrRef"}, "region": {"type": "string"}}}, "SyncInterval": {"type": "string", "description": "The interval between syncing the indexes. This must be in the \"humantime\" format, for\nexample: `2m` (two minutes), `30s` (30 seconds). \n"}, "GlobalIndexConfig": {"type": "object", "properties": {"bucket": {"type": "string"}, "topics": {"$ref": "#/definitions/StorageTopics"}, "syncInterval": {"$ref": "#/definitions/SyncInterval"}}}, "GlobalBombastic": {"$ref": "#/definitions/GlobalIndexConfig"}, "GlobalVexination": {"$ref": "#/definitions/GlobalIndexConfig"}, "GlobalV11y": {"$ref": "#/definitions/GlobalIndexConfig"}, "KafkaConfig": {"type": "object", "required": ["securityProtocol"], "properties": {"securityProtocol": {"$ref": "#/definitions/KafkaSecurityProtocol"}}, "oneOf": [{"$ref": "#/definitions/KafkaConfigPlaintext"}, {"$ref": "#/definitions/KafkaConfigSaslPlaintext"}]}, "KafkaConfigPlaintext": {"type": "object", "additionalProperties": false, "properties": {"securityProtocol": {"type": "string", "enum": ["PLAINTEXT"]}}}, "KafkaConfigSaslPlaintext": {"additionalProperties": false, "$ref": "#/definitions/KafkaSaslConfig"}, "KafkaSaslConfig": {"type": "object", "required": ["username", "password", "mechanism"], "properties": {"securityProtocol": {"type": "string", "enum": ["SASL_PLAINTEXT"]}, "username": {"$ref": "#/definitions/ValueOrRef"}, "password": {"$ref": "#/definitions/ValueOrRef"}, "mechanism": {"$ref": "#/definitions/KafkaSaslMechanismOrRef"}}}, "KafkaSaslMechanismOrRef": {"oneOf": [{"$ref": "#/definitions/KafkaSaslMechanism"}, {"$ref": "#/definitions/ValueRef"}]}, "KafkaSaslMechanism": {"type": "string", "enum": ["PLAIN", "SCRAM-SHA-256", "SCRAM-SHA-512"]}, "KafkaSecurityProtocol": {"type": "string", "enum": ["PLAINTEXT", "SASL_PLAINTEXT"]}, "Postgres": {"type": "object", "properties": {"database": {"$ref": "#/definitions/PostgresConfig"}}}, "PostgresConfig": {"type": "object", "additionalProperties": false, "required": ["host", "name", "username", "password"], "properties": {"host": {"$ref": "#/definitions/ValueOrRef"}, "port": {"$ref": "#/definitions/ValueOrRef"}, "name": {"$ref": "#/definitions/ValueOrRef"}, "username": {"$ref": "#/definitions/ValueOrRef"}, "password": {"$ref": "#/definitions/ValueOrRef"}, "sslMode": {"$ref": "#/definitions/PostgresSslMode"}}}, "PostgresSslMode": {"type": "string", "enum": ["disable", "require"]}, "GuacMigrateDatabaseConfig": {"type": "object", "additionalProperties": false, "required": ["username", "password"], "properties": {"username": {"$ref": "#/definitions/ValueOrRef"}, "password": {"$ref": "#/definitions/ValueOrRef"}}}, "BombasticWalkerSource": {"type": "object", "additionalProperties": false, "description": "A sourec for the Bombasic walker.\n", "required": ["url"], "properties": {"url": {"type": "string", "format": "uri"}, "fixLicenses": {"type": "boolean"}, "acceptV3Signatures": {"type": "boolean"}, "signingKeyUrl": {"type": "string", "format": "uri"}, "job": {"type": "object", "description": "Overrides for the Job", "allOf": [{"$ref": "#/definitions/Application"}, {"$ref": "#/definitions/Scheduled"}]}}}, "VexinationWalkerSource": {"type": "object", "additionalProperties": false, "description": "A source for the Vexination walker. This must be a CSAF \"trusted provider\" compatible location.\n", "required": ["url"], "properties": {"url": {"type": "string", "format": "uri"}, "acceptV3Signatures": {"type": "boolean"}, "ignoreDistributions": {"type": "array", "items": {"type": "string", "format": "uri"}}, "job": {"type": "object", "description": "Overrides for the Job", "allOf": [{"$ref": "#/definitions/Application"}, {"$ref": "#/definitions/Scheduled"}]}}}, "Scheduled": {"type": "object", "description": "Configuration options for a scheduled job.\n", "properties": {"schedule": {"type": "string", "description": "A Kubernetes `CronJob` schedule expression.\n"}, "suspend": {"type": "boolean", "description": "Allows to suspend, but keep, a `CronJob`.\n"}}}, "ByteSize": {"oneOf": [{"type": "integer"}, {"type": "string", "description": "Size in bytes, allowing to use a unit such as KiB or MB.", "pattern": "^[0-9]+([KMG]i?B)?$"}]}, "HttpApplication": {"type": "object", "properties": {"requestLimit": {"$ref": "#/definitions/ByteSize"}, "jsonLimit": {"$ref": "#/definitions/ByteSize"}}}}} +{"$schema": "http://json-schema.org/draft-07/schema#", "title": "Trustification Helm chart values", "type": "object", "additionalProperties": false, "required": ["appDomain", "tracing"], "properties": {"global": {"type": "object"}, "appDomain": {"type": "string", "description": "The base part of the URLs being generated by the chart.\n\nWhen using OpenShift, this should be the application domain, when can be evaluated by running the following\ncommand: `oc -n openshift-ingress-operator get ingresscontrollers.operator.openshift.io default -o jsonpath='{.status.domain}'`.\n"}, "partOf": {"type": "string", "default": "trustification", "description": "The \"part of\" label when creating resources. This can help grouping together deployments.\n"}, "eventBus": {"$ref": "#/definitions/EventBusConfig"}, "storage": {"$ref": "#/definitions/GlobalStorageConfig"}, "bombastic": {"$ref": "#/definitions/GlobalBombastic"}, "vexination": {"$ref": "#/definitions/GlobalVexination"}, "v11y": {"$ref": "#/definitions/GlobalV11y"}, "image": {"$ref": "#/definitions/ImageConfig"}, "authenticator": {"$ref": "#/definitions/AuthenticatorConfig"}, "index": {"$ref": "#/definitions/IndexConfig"}, "workarounds": {"$ref": "#/definitions/WorkaroundConfig"}, "openshift": {"type": "object", "additionalProperties": false, "description": "Additional configuration settings in the context of OpenShift.\n", "properties": {"enabled": {"type": "boolean", "description": "Controls of OpenShift specific features are enabled. By default, the chart evaluate automatically if\nthe target cluster is OpenShift and will set the flag accordingly.\n"}, "useServiceCa": {"type": "boolean", "default": true, "description": "Control the usage of the OpenShift service CA.\n"}}}, "oidc": {"$ref": "#/definitions/Oidc"}, "replicas": {"type": "integer", "minimum": 0, "description": "The default number of replicas for scalable deployments.\n"}, "ingress": {"type": "object", "additionalProperties": false, "properties": {"className": {"type": "string"}}}, "serviceMonitor": {"type": "object", "description": "Configure the service monitor for scraping metrics.\n\nEnabling the serviceMonitor feature will create a `ServiceMonitor` (which must be installed upfront) to\nscrape metrics. Metrics should also be enabled in addition, otherwise the service monitor will not find\nany relevant services.\n", "allOf": [{"$ref": "#/definitions/Feature"}]}, "infrastructure": {"type": "object", "additionalProperties": false, "properties": {"port": {"type": "integer", "description": "Port on which infrastructure services are exposed.\n"}}}, "metrics": {"type": "object", "additionalProperties": false, "properties": {"enabled": {"type": "boolean", "description": "Enable support for application metrics.\n"}}}, "tracing": {"type": "object", "additionalProperties": false, "properties": {"enabled": {"type": "boolean", "description": "Enable support for distributed tracing.\n"}}}, "rust": {"$ref": "#/definitions/RustApplicationConfig"}, "guac": {"type": "object", "additionalProperties": false, "properties": {"image": {"$ref": "#/definitions/ImageConfig"}, "database": {"$ref": "#/definitions/PostgresConfig"}, "migrateDatabase": {"$ref": "#/definitions/GuacMigrateDatabaseConfig"}, "initDatabase": {"$ref": "#/definitions/PostgresConfig"}}}, "modules": {"type": "object", "additionalProperties": false, "properties": {"documentation": {"description": "Configuration options for the documentation.\n", "allOf": [{"$ref": "#/definitions/Feature"}, {"$ref": "#/definitions/Image"}, {"$ref": "#/definitions/Ingress"}, {"$ref": "#/definitions/Application"}, {"$ref": "#/definitions/Scalable"}]}, "bombasticApi": {"description": "Configuration options for the Bombastic API.\n", "allOf": [{"$ref": "#/definitions/Feature"}, {"$ref": "#/definitions/Image"}, {"$ref": "#/definitions/Ingress"}, {"$ref": "#/definitions/Application"}, {"$ref": "#/definitions/Scalable"}, {"$ref": "#/definitions/RustApplication"}, {"$ref": "#/definitions/Authenticator"}, {"$ref": "#/definitions/Infrastructure"}, {"$ref": "#/definitions/Metrics"}, {"$ref": "#/definitions/Tracing"}, {"$ref": "#/definitions/HttpApplication"}, {"type": "object", "properties": {"disableSwaggerOidc": {"type": "boolean"}, "uploadLimit": {"description": "Maximum size of an upload request\n", "$ref": "#/definitions/ByteSize"}}}]}, "bombasticCollector": {"description": "Configuration options for the Bombastic collector.\n", "allOf": [{"$ref": "#/definitions/Feature"}, {"$ref": "#/definitions/Image"}, {"$ref": "#/definitions/Application"}]}, "bombasticIndexer": {"description": "Configuration options for the Bombastic indexer.\n", "allOf": [{"$ref": "#/definitions/Feature"}, {"$ref": "#/definitions/Image"}, {"$ref": "#/definitions/Application"}, {"$ref": "#/definitions/RustApplication"}, {"$ref": "#/definitions/Infrastructure"}, {"$ref": "#/definitions/Metrics"}, {"$ref": "#/definitions/Tracing"}, {"$ref": "#/definitions/Index"}, {"$ref": "#/definitions/EventBus"}, {"$ref": "#/definitions/Storage"}, {"type": "object", "properties": {"alwaysReindex": {"type": "boolean"}, "topics": {"$ref": "#/definitions/StorageTopics"}}}]}, "spogApi": {"description": "Configuration options for the SPoG API backend.\n", "allOf": [{"$ref": "#/definitions/Feature"}, {"$ref": "#/definitions/Image"}, {"$ref": "#/definitions/Ingress"}, {"$ref": "#/definitions/Application"}, {"$ref": "#/definitions/Scalable"}, {"$ref": "#/definitions/RustApplication"}, {"$ref": "#/definitions/Authenticator"}, {"$ref": "#/definitions/Infrastructure"}, {"$ref": "#/definitions/Metrics"}, {"$ref": "#/definitions/Tracing"}, {"$ref": "#/definitions/HttpApplication"}, {"type": "object", "properties": {"crdaUrl": {"type": "string", "format": "uri"}, "snykToken": {"$ref": "#/definitions/ValueOrRef"}, "segmentWriteKey": {"$ref": "#/definitions/ValueOrRef"}, "disableSwaggerOidc": {"type": "boolean"}}}, {"type": "object", "properties": {"uiConfiguration": {"$ref": "#/definitions/SpogUiConfiguration"}}}]}, "spogUi": {"description": "Configuration options for the SPoG frontend.\n", "allOf": [{"$ref": "#/definitions/Feature"}, {"$ref": "#/definitions/Image"}, {"$ref": "#/definitions/Ingress"}, {"$ref": "#/definitions/Application"}, {"$ref": "#/definitions/Scalable"}, {"type": "object", "properties": {"initialBackendJson": {"oneOf": [{"type": "string"}, {"$ref": "https://raw.githubusercontent.com/trustification/trustification/main/spog/ui/crates/backend/schema/config.json"}]}, "segmentWriteKey": {"$ref": "#/definitions/ValueOrRef"}, "brandingConfigMap": {"type": "string"}}}]}, "vexinationApi": {"description": "Configuration options for the Vexination API.\n", "allOf": [{"$ref": "#/definitions/Feature"}, {"$ref": "#/definitions/Image"}, {"$ref": "#/definitions/Ingress"}, {"$ref": "#/definitions/Application"}, {"$ref": "#/definitions/Scalable"}, {"$ref": "#/definitions/RustApplication"}, {"$ref": "#/definitions/Authenticator"}, {"$ref": "#/definitions/Infrastructure"}, {"$ref": "#/definitions/Metrics"}, {"$ref": "#/definitions/Tracing"}, {"$ref": "#/definitions/HttpApplication"}, {"type": "object", "properties": {"disableSwaggerOidc": {"type": "boolean"}, "uploadLimit": {"description": "Maximum size of an upload request\n", "$ref": "#/definitions/ByteSize"}}}]}, "vexinationIndexer": {"description": "Configuration options for the Vexination indexer.\n", "allOf": [{"$ref": "#/definitions/Feature"}, {"$ref": "#/definitions/Image"}, {"$ref": "#/definitions/Application"}, {"$ref": "#/definitions/Scalable"}, {"$ref": "#/definitions/RustApplication"}, {"$ref": "#/definitions/Infrastructure"}, {"$ref": "#/definitions/Metrics"}, {"$ref": "#/definitions/Tracing"}, {"$ref": "#/definitions/Index"}, {"$ref": "#/definitions/EventBus"}, {"$ref": "#/definitions/Storage"}, {"type": "object", "properties": {"alwaysReindex": {"type": "boolean"}, "topics": {"$ref": "#/definitions/StorageTopics"}}}]}, "vexinationCollector": {"description": "Configuration options for the Vexination collector.\n", "allOf": [{"$ref": "#/definitions/Feature"}, {"$ref": "#/definitions/Image"}, {"$ref": "#/definitions/Application"}]}, "v11yApi": {"description": "Configuration options for the V11Y API.\n", "allOf": [{"$ref": "#/definitions/Feature"}, {"$ref": "#/definitions/Image"}, {"$ref": "#/definitions/Ingress"}, {"$ref": "#/definitions/Application"}, {"$ref": "#/definitions/Scalable"}, {"$ref": "#/definitions/RustApplication"}, {"$ref": "#/definitions/Authenticator"}, {"$ref": "#/definitions/Infrastructure"}, {"$ref": "#/definitions/Metrics"}, {"$ref": "#/definitions/Tracing"}, {"$ref": "#/definitions/HttpApplication"}, {"type": "object", "properties": {"disableSwaggerOidc": {"type": "boolean"}, "uploadLimit": {"description": "Maximum size of an upload request\n", "$ref": "#/definitions/ByteSize"}}}]}, "v11yIndexer": {"description": "Configuration options for the V11Y indexer.\n", "allOf": [{"$ref": "#/definitions/Feature"}, {"$ref": "#/definitions/Image"}, {"$ref": "#/definitions/Application"}, {"$ref": "#/definitions/Scalable"}, {"$ref": "#/definitions/RustApplication"}, {"$ref": "#/definitions/Infrastructure"}, {"$ref": "#/definitions/Metrics"}, {"$ref": "#/definitions/Tracing"}, {"$ref": "#/definitions/Index"}, {"$ref": "#/definitions/EventBus"}, {"$ref": "#/definitions/Storage"}, {"type": "object", "properties": {"alwaysReindex": {"type": "boolean"}, "topics": {"$ref": "#/definitions/StorageTopics"}}}]}, "v11yWalker": {"description": "Configuration options for the V11Y walker.\n", "allOf": [{"$ref": "#/definitions/Feature"}, {"$ref": "#/definitions/Image"}, {"$ref": "#/definitions/Application"}, {"$ref": "#/definitions/RustApplication"}, {"$ref": "#/definitions/Infrastructure"}, {"$ref": "#/definitions/Metrics"}, {"$ref": "#/definitions/Tracing"}, {"$ref": "#/definitions/Storage"}, {"$ref": "#/definitions/Scheduled"}, {"type": "object", "properties": {"storageSize": {"type": "string", "description": "Size of the PVC storing the CVE project data checked out from git\n"}, "onlyPrefixes": {"type": "array", "description": "A list of prefixed will be imported only. Any other files will be ignored.\n", "items": {"type": "string"}}}}]}, "guacGraphql": {"description": "Configuration options for the GUAC GraphQL API.\n", "allOf": [{"$ref": "#/definitions/Feature"}, {"$ref": "#/definitions/Image"}, {"$ref": "#/definitions/Infrastructure"}, {"$ref": "#/definitions/Metrics"}, {"$ref": "#/definitions/Application"}, {"$ref": "#/definitions/Scalable"}]}, "guacCollectsub": {"description": "Configuration options for the GUAC collector.\n", "allOf": [{"$ref": "#/definitions/Feature"}, {"$ref": "#/definitions/Image"}, {"$ref": "#/definitions/Application"}]}, "guacInitDb": {"description": "Configuration options for the GUAC database initialization.\n", "allOf": [{"$ref": "#/definitions/Feature"}, {"$ref": "#/definitions/Image"}, {"$ref": "#/definitions/Application"}]}, "initDataset": {"description": "Configuration options for the initial dataset boostrap.\n", "allOf": [{"$ref": "#/definitions/Feature"}, {"$ref": "#/definitions/Image"}, {"$ref": "#/definitions/Application"}]}, "bombasticWalker": {"description": "Configuration options for the Bombastic walker.\n", "allOf": [{"$ref": "#/definitions/Feature"}, {"$ref": "#/definitions/Image"}, {"$ref": "#/definitions/Infrastructure"}, {"$ref": "#/definitions/Application"}, {"$ref": "#/definitions/RustApplication"}, {"type": "object", "required": ["sources"], "properties": {"stateStorageSize": {"type": "string"}, "sources": {"type": "object", "additionalProperties": false, "patternProperties": {"^[a-z0-9A-Z_\\-.]*[a-z0-9A-Z]$": {"$ref": "#/definitions/BombasticWalkerSource"}}}}}]}, "vexinationWalker": {"description": "Configuration options for the Vexination walker.\n", "allOf": [{"$ref": "#/definitions/Feature"}, {"$ref": "#/definitions/Image"}, {"$ref": "#/definitions/Infrastructure"}, {"$ref": "#/definitions/Application"}, {"$ref": "#/definitions/RustApplication"}, {"type": "object", "required": ["sources"], "properties": {"stateStorageSize": {"type": "string"}, "sources": {"type": "object", "patternProperties": {"^[a-z0-9A-Z_\\-.]*[a-z0-9A-Z]$": {"$ref": "#/definitions/VexinationWalkerSource"}}}}}]}, "integrationTests": {"description": "Integration tests which can be run as part of the Helm chart.\n", "allOf": [{"$ref": "#/definitions/Feature"}, {"$ref": "#/definitions/Image"}, {"$ref": "#/definitions/Application"}, {"$ref": "#/definitions/RustApplication"}]}}}, "kafka": {"$ref": "#/definitions/Feature"}, "minio": {"$ref": "#/definitions/Feature"}, "keycloak": {"$ref": "#/definitions/Feature"}, "postgresql": {"$ref": "#/definitions/Feature"}}, "definitions": {"Scalable": {"description": "Configuration options for a scalable deployment.\n", "allOf": [{"type": "object", "properties": {"replicas": {"type": "integer", "minimum": 0}}}]}, "Application": {"type": "object", "description": "Basic application settings\n", "properties": {"serviceAccountName": {"type": "string"}, "resources": {"type": "object"}, "affinity": {"type": "object"}}}, "RustApplication": {"type": "object", "properties": {"rust": {"$ref": "#/definitions/RustApplicationConfig"}}}, "RustApplicationConfig": {"type": "object", "properties": {"logFilter": {"type": "string", "description": "Filter for the `env_logger` logging backend. Will be used as the value for the `RUST_LOG` variable.\n"}, "backtrace": {"type": "boolean", "description": "Allow enabling backtraces in Rust based application, by setting the value of `RUST_BACKTRACE` to `1`.\n"}}}, "Infrastructure": {"type": "object", "properties": {"infrastructure": {"$ref": "#/definitions/InfrastructureConfig"}}}, "InfrastructureConfig": {"type": "object", "properties": {"port": {"$ref": "#/definitions/ValueOrRef"}}}, "Metrics": {"type": "object", "properties": {"tracing": {"$ref": "#/definitions/MetricsConfig"}}}, "MetricsConfig": {"type": "object", "additionalProperties": false, "properties": {"enabled": {"type": "boolean"}}}, "Tracing": {"type": "object", "required": ["tracing"], "properties": {"tracing": {"$ref": "#/definitions/TracingConfig"}}}, "TracingConfig": {"type": "object", "additionalProperties": false, "properties": {"enabled": {"type": "boolean"}}}, "Image": {"type": "object", "properties": {"image": {"$ref": "#/definitions/ImageConfig"}}}, "ImageConfig": {"description": "Configuration for the source of the container image. This can either be the full name of the image, or a\ncombination or registry, name, and version.\n", "oneOf": [{"type": "object", "additionalProperties": false, "required": ["fullName"], "properties": {"fullName": {"type": "string"}, "pullPolicy": {"$ref": "#/definitions/ImagePullPolicy"}}}, {"type": "object", "additionalProperties": false, "properties": {"name": {"type": "string"}, "registry": {"type": "string"}, "pullPolicy": {"$ref": "#/definitions/ImagePullPolicy"}, "version": {"type": "string"}}}]}, "ImagePullPolicy": {"type": "string", "enum": ["IfNotPresent", "Always", "Never"]}, "Ingress": {"type": "object", "required": ["ingress"], "properties": {"ingress": {"$ref": "#/definitions/IngressConfig"}}}, "IngressConfig": {"type": "object", "additionalProperties": false, "properties": {"className": {"type": "string"}, "additionalAnnotations": {"type": "object", "additionalProperties": {"type": "string"}, "description": "Additional annotations which will be used as annotations on `Ingress` resources.\n"}}}, "Feature": {"type": "object", "properties": {"enabled": {"type": "boolean", "description": "A flag to enable/disable the whole feature. This can be used on individual modules to completely disable\ntheir deployment.\n"}}}, "Authenticator": {"type": "object", "properties": {"authenticator": {"$ref": "#/definitions/AuthenticatorConfig"}}}, "AuthenticatorConfig": {"description": "The configuration file of the authentication process for all non-GUAC processes.\n\nThis can either be a full configuration file in either structured or string form. Or it can be a reference\nto a config map, which is expected to contain a suitable configuration file.\n\nBy default, a suitable file will be created for the configured OIDC issuer solution used. The default OIDC issuer\nis Keycloak. This can be overridden using the `type` property.\n", "oneOf": [{"type": "string"}, {"$ref": "#/definitions/ConfigMapRef"}, {"type": "object", "additionalProperties": false, "required": ["content"], "properties": {"content": {"$ref": "https://raw.githubusercontent.com/trustification/trustification/main/auth/schema/auth.json"}}}, {"type": "object", "additionalProperties": false, "required": ["type"], "properties": {"type": {"type": "string", "enum": ["keycloak"]}}}, {"type": "object", "additionalProperties": false, "required": ["type", "cognitoDomainUrl"], "properties": {"type": {"type": "string", "enum": ["cognito"]}, "cognitoDomainUrl": {"type": "string", "format": "url"}}}]}, "Oidc": {"type": "object", "additionalProperties": false, "properties": {"issuerUrl": {"type": "string", "format": "uri", "description": "The URL to the issuer.\n"}, "insecure": {"type": "boolean", "description": "Use insecure TLS when communicating with the issuer (DANGER!)\n", "default": false}, "clients": {"properties": {"frontend": {"description": "OIDC client configuration for the frontend/SPoG.\n", "$ref": "#/definitions/OidcPublicClient"}, "walker": {"description": "OIDC client configuration for the backend.\n", "$ref": "#/definitions/OidcSecretClient"}, "testing-user": {"description": "OIDC client for testing user operations during the Integration Test\n", "$ref": "#/definitions/OidcSecretClient"}, "testing-manager": {"description": "OIDC client for testing manager operations during the Integration Test\n", "$ref": "#/definitions/OidcSecretClient"}}}}}, "OidcClient": {"type": "object", "properties": {"clientId": {"type": "string"}, "issuerUrl": {"type": "string", "format": "uri"}, "insecure": {"type": "boolean", "description": "Use insecure TLS when communicating with the issuer (DANGER!)", "default": false}}}, "OidcPublicClient": {"allOf": [{"$ref": "#/definitions/OidcClient"}, {"type": "object", "properties": {"scopes": {"type": "string"}}}]}, "OidcSecretClient": {"allOf": [{"$ref": "#/definitions/OidcClient"}, {"type": "object", "required": ["clientSecret"], "properties": {"clientSecret": {"$ref": "#/definitions/ValueOrRef"}}}]}, "ValueOrRef": {"description": "Accepts either a direct value, or a reference to the source of the value.\n", "oneOf": [{"type": "null"}, {"type": "string"}, {"$ref": "#/definitions/ValueRef"}]}, "ValueRef": {"oneOf": [{"type": "object", "additionalProperties": false, "required": ["valueFrom"], "properties": {"valueFrom": {"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.0/_definitions.json#/definitions/io.k8s.api.core.v1.EnvVarSource"}}}, {"type": "object", "additionalProperties": false, "required": ["value"], "properties": {"value": {"type": "string"}}}]}, "SpogUiConfiguration": {"description": "The configuration of the SPoG UI.\n\nEither in the structured or string form. Or, by providing a reference to an existing `ConfigMap`, containing a\nsuitable configuration file.\n", "oneOf": [{"type": "string", "description": "The configuration provided as a string (must still be YAML)"}, {"$ref": "#/definitions/ConfigMapRef"}, {"type": "object", "additionalProperties": false, "required": ["content"], "description": "The actual configuration", "properties": {"content": {"$ref": "https://raw.githubusercontent.com/trustification/trustification/main/spog/model/schema/config.json"}}}]}, "ConfigMapRef": {"type": "object", "additionalProperties": false, "description": "A reference to a `ConfigMap`.\n", "required": ["configMapRef"], "properties": {"configMapRef": {"type": "object", "additionalProperties": false, "required": ["name"], "properties": {"name": {"type": "string", "description": "The name of the config map"}, "key": {"type": "string", "description": "The name of the key inside the config map"}}}}}, "Index": {"type": "object", "properties": {"index": {"$ref": "#/definitions/IndexConfig"}}}, "IndexConfig": {"type": "object", "additionalProperties": false, "description": "Configuration of index specific options.\n", "properties": {"mode": {"$ref": "#/definitions/IndexMode"}, "writerMemoryBytes": {"type": "string"}, "syncInterval": {"$ref": "#/definitions/SyncInterval"}}}, "IndexMode": {"type": "string", "enum": ["file"]}, "Storage": {"type": "object", "properties": {"storage": {"$ref": "#/definitions/StorageConfig"}}}, "GlobalStorageConfig": {"type": "object", "additionalProperties": false, "required": ["accessKey", "secretKey"], "properties": {"accessKey": {"description": "The access key/username to the storage resource\n", "$ref": "#/definitions/ValueOrRef"}, "secretKey": {"description": "The secret key/password to the storage resource\n", "$ref": "#/definitions/ValueOrRef"}, "region": true, "endpoint": true}, "oneOf": [{"type": "object", "required": ["region"], "properties": {"region": {"type": "string"}}}, {"type": "object", "required": ["endpoint"], "properties": {"endpoint": {"type": "string", "format": "uri"}}}]}, "StorageConfig": {"oneOf": [{"type": "object", "additionalProperties": false, "required": ["bucket"], "properties": {"bucket": {"type": "string"}}}, {"type": "object", "additionalProperties": false, "required": ["accessKey", "secretKey", "bucket"], "properties": {"accessKey": {"$ref": "#/definitions/ValueOrRef"}, "secretKey": {"$ref": "#/definitions/ValueOrRef"}, "bucket": {"type": "string"}, "region": true, "endpoint": true}, "oneOf": [{"type": "object", "required": ["region"], "properties": {"region": {"type": "string"}}}, {"type": "object", "required": ["endpoint"], "properties": {"endpoint": {"type": "string", "format": "uri"}}}]}]}, "StorageTopics": {"type": "object", "additionalProperties": false, "required": ["stored", "indexed", "failed"], "properties": {"stored": {"type": "string"}, "indexed": {"type": "string"}, "failed": {"type": "string"}}}, "EventBus": {"type": "object", "properties": {"eventBus": {"$ref": "#/definitions/EventBus"}}}, "EventBusConfig": {"oneOf": [{"$ref": "#/definitions/EventBusConfigKafka"}, {"$ref": "#/definitions/EventBusConfigSqs"}]}, "EventBusConfigKafka": {"type": "object", "additionalProperties": false, "required": ["type", "bootstrapServers", "config"], "properties": {"type": {"type": "string", "enum": ["kafka"]}, "bootstrapServers": {"type": "string"}, "config": {"$ref": "#/definitions/KafkaConfig"}}}, "EventBusConfigSqs": {"type": "object", "additionalProperties": false, "required": ["type", "accessKey", "secretKey", "region"], "properties": {"type": {"type": "string", "enum": ["sqs"]}, "accessKey": {"$ref": "#/definitions/ValueOrRef"}, "secretKey": {"$ref": "#/definitions/ValueOrRef"}, "region": {"type": "string"}}}, "SyncInterval": {"type": "string", "description": "The interval between syncing the indexes. This must be in the \"humantime\" format, for\nexample: `2m` (two minutes), `30s` (30 seconds). \n"}, "GlobalIndexConfig": {"type": "object", "properties": {"bucket": {"type": "string"}, "topics": {"$ref": "#/definitions/StorageTopics"}, "syncInterval": {"$ref": "#/definitions/SyncInterval"}}}, "GlobalBombastic": {"$ref": "#/definitions/GlobalIndexConfig"}, "GlobalVexination": {"$ref": "#/definitions/GlobalIndexConfig"}, "GlobalV11y": {"$ref": "#/definitions/GlobalIndexConfig"}, "KafkaConfig": {"type": "object", "required": ["securityProtocol"], "properties": {"securityProtocol": {"$ref": "#/definitions/KafkaSecurityProtocol"}}, "oneOf": [{"$ref": "#/definitions/KafkaConfigPlaintext"}, {"$ref": "#/definitions/KafkaConfigSaslPlaintext"}]}, "KafkaConfigPlaintext": {"type": "object", "additionalProperties": false, "properties": {"securityProtocol": {"type": "string", "enum": ["PLAINTEXT"]}}}, "KafkaConfigSaslPlaintext": {"additionalProperties": false, "$ref": "#/definitions/KafkaSaslConfig"}, "KafkaSaslConfig": {"type": "object", "required": ["username", "password", "mechanism"], "properties": {"securityProtocol": {"type": "string", "enum": ["SASL_PLAINTEXT"]}, "username": {"$ref": "#/definitions/ValueOrRef"}, "password": {"$ref": "#/definitions/ValueOrRef"}, "mechanism": {"$ref": "#/definitions/KafkaSaslMechanismOrRef"}}}, "KafkaSaslMechanismOrRef": {"oneOf": [{"$ref": "#/definitions/KafkaSaslMechanism"}, {"$ref": "#/definitions/ValueRef"}]}, "KafkaSaslMechanism": {"type": "string", "enum": ["PLAIN", "SCRAM-SHA-256", "SCRAM-SHA-512"]}, "KafkaSecurityProtocol": {"type": "string", "enum": ["PLAINTEXT", "SASL_PLAINTEXT"]}, "Postgres": {"type": "object", "properties": {"database": {"$ref": "#/definitions/PostgresConfig"}}}, "PostgresConfig": {"type": "object", "additionalProperties": false, "required": ["host", "name", "username", "password"], "properties": {"host": {"$ref": "#/definitions/ValueOrRef"}, "port": {"$ref": "#/definitions/ValueOrRef"}, "name": {"$ref": "#/definitions/ValueOrRef"}, "username": {"$ref": "#/definitions/ValueOrRef"}, "password": {"$ref": "#/definitions/ValueOrRef"}, "sslMode": {"$ref": "#/definitions/PostgresSslMode"}}}, "PostgresSslMode": {"type": "string", "enum": ["disable", "require"]}, "GuacMigrateDatabaseConfig": {"type": "object", "additionalProperties": false, "required": ["username", "password"], "properties": {"username": {"$ref": "#/definitions/ValueOrRef"}, "password": {"$ref": "#/definitions/ValueOrRef"}}}, "BombasticWalkerSource": {"type": "object", "additionalProperties": false, "description": "A sourec for the Bombasic walker.\n", "required": ["url"], "properties": {"url": {"type": "string", "format": "uri"}, "fixLicenses": {"type": "boolean"}, "acceptV3Signatures": {"type": "boolean"}, "signingKeyUrl": {"type": "string", "format": "uri"}, "job": {"type": "object", "description": "Overrides for the Job", "allOf": [{"$ref": "#/definitions/Application"}, {"$ref": "#/definitions/Scheduled"}]}}}, "VexinationWalkerSource": {"type": "object", "additionalProperties": false, "description": "A source for the Vexination walker. This must be a CSAF \"trusted provider\" compatible location.\n", "required": ["url"], "properties": {"url": {"type": "string", "format": "uri"}, "acceptV3Signatures": {"type": "boolean"}, "ignoreDistributions": {"type": "array", "items": {"type": "string", "format": "uri"}}, "job": {"type": "object", "description": "Overrides for the Job", "allOf": [{"$ref": "#/definitions/Application"}, {"$ref": "#/definitions/Scheduled"}]}}}, "Scheduled": {"type": "object", "description": "Configuration options for a scheduled job.\n", "properties": {"schedule": {"type": "string", "description": "A Kubernetes `CronJob` schedule expression.\n"}, "suspend": {"type": "boolean", "description": "Allows to suspend, but keep, a `CronJob`.\n"}}}, "ByteSize": {"oneOf": [{"type": "integer"}, {"type": "string", "description": "Size in bytes, allowing to use a unit such as KiB or MB.", "pattern": "^[0-9]+([KMG]i?B)?$"}]}, "HttpApplication": {"type": "object", "properties": {"requestLimit": {"$ref": "#/definitions/ByteSize"}, "jsonLimit": {"$ref": "#/definitions/ByteSize"}}}, "WorkaroundConfig": {"type": "object", "properties": {"initCronJobPvcs": {"type": "boolean", "default": false, "description": "When using `--wait` with `helm`, then `helm` will wait for all resources to be created, including all PVCs.\n\nHowever, some storage controllers will lazy-bind PVCs, which in the case of `CronJob` with PVCs will make\nHelm wait forever.\n\nAlso see: https://github.com/helm/helm/issues/10733\n\n**NOTE:** This workaround can be used to create a persistent volume during the deployment. Which might be\ngood enough for use cases where it is required to use `--wait`. But it might not be what you want in\nproduction.\n"}}}}} diff --git a/deploy/k8s/charts/trustification/values.schema.yaml b/deploy/k8s/charts/trustification/values.schema.yaml index 1db9170a7..b0118bd8b 100644 --- a/deploy/k8s/charts/trustification/values.schema.yaml +++ b/deploy/k8s/charts/trustification/values.schema.yaml @@ -48,6 +48,9 @@ properties: index: $ref: "#/definitions/IndexConfig" + workarounds: + $ref: "#/definitions/WorkaroundConfig" + openshift: type: object additionalProperties: false @@ -1200,3 +1203,22 @@ definitions: $ref: "#/definitions/ByteSize" jsonLimit: $ref: "#/definitions/ByteSize" + + WorkaroundConfig: + type: object + properties: + initCronJobPvcs: + type: boolean + default: false + description: | + When using `--wait` with `helm`, then `helm` will wait for all resources to be created, including all PVCs. + + However, some storage controllers will lazy-bind PVCs, which in the case of `CronJob` with PVCs will make + Helm wait forever. + + Also see: https://github.com/helm/helm/issues/10733 + + **NOTE:** This workaround can be used to create a persistent volume during the deployment. Which might be + good enough for use cases where it is required to use `--wait`. But it might not be what you want in + production. + diff --git a/deploy/k8s/charts/trustification/values.yaml b/deploy/k8s/charts/trustification/values.yaml index f50681566..e88a323ed 100644 --- a/deploy/k8s/charts/trustification/values.yaml +++ b/deploy/k8s/charts/trustification/values.yaml @@ -208,3 +208,5 @@ modules: enabled: false image: {} rust: {} + +workarounds: {}