OSV collector and colectorist -api enabled

Signed-off-by: desmax74 <[email protected]>

deploy/k8s/chart/templates/collector/osv/030-Deployment.yaml

@@ -8,7 +8,7 @@ metadata:
     app.kubernetes.io/component: collector
     app.kubernetes.io/part-of: trustification
 spec:
-  replicas: 1
+  replicas: {{ .Values.collector.osv.replicas | default 1 }}
   strategy:
     type: Recreate
   selector:

deploy/openshift/parameters.yaml

@@ -99,6 +99,8 @@ parameters:
   required: true
 - name: COLLECTORIST_API_REPLICAS
   required: true
+- name: COLLECTOR_OSV_REPLICAS
+  required: true
 - name: EXHORT_API_REPLICAS
   required: true
 - name: SPOG_API_REPLICAS

deploy/openshift/template.yaml

@@ -74,6 +74,20 @@ objects:
       resources:
         requests:
           storage: 1Mi
+  - kind: PersistentVolumeClaim
+    apiVersion: v1
+    metadata:
+      name: collectorist-storage
+      labels:
+        app.kubernetes.io/name: collectorist-api
+        app.kubernetes.io/component: api
+        app.kubernetes.io/part-of: trustification
+    spec:
+      accessModes:
+        - ReadWriteOnce
+      resources:
+        requests:
+          storage: 1Gi
   - kind: PersistentVolumeClaim
     apiVersion: v1
     metadata:
@@ -137,6 +151,48 @@ objects:
         app.kubernetes.io/component: api
         app.kubernetes.io/part-of: trustification
       type: ClusterIP
+  - apiVersion: v1
+    kind: Service
+    metadata:
+      labels:
+        app.kubernetes.io/name: collector-osv
+        app.kubernetes.io/component: collector
+        app.kubernetes.io/part-of: trustification
+      annotations:
+        service.beta.openshift.io/serving-cert-secret-name: collector-osv-tls
+      name: collector-osv
+    spec:
+      ports:
+        - name: endpoint
+          port: 443
+          protocol: TCP
+          targetPort: 8080
+      selector:
+        app.kubernetes.io/name: collector-osv
+        app.kubernetes.io/component: collector
+        app.kubernetes.io/part-of: trustification
+      type: ClusterIP
+  - apiVersion: v1
+    kind: Service
+    metadata:
+      labels:
+        app.kubernetes.io/name: collectorist-api
+        app.kubernetes.io/component: api
+        app.kubernetes.io/part-of: trustification
+      annotations:
+        service.beta.openshift.io/serving-cert-secret-name: collectorist-api-tls
+      name: collectorist-api
+    spec:
+      ports:
+        - name: endpoint
+          port: 443
+          protocol: TCP
+          targetPort: 8080
+      selector:
+        app.kubernetes.io/name: collectorist-api
+        app.kubernetes.io/component: api
+        app.kubernetes.io/part-of: trustification
+      type: ClusterIP
   - apiVersion: v1
     kind: Service
     metadata:
@@ -530,6 +586,225 @@ objects:
                 httpGet:
                   path: /health/startup
                   port: 9010
+  - apiVersion: apps/v1
+    kind: Deployment
+    metadata:
+      name: collector-osv
+      labels:
+        app.kubernetes.io/name: collector-osv
+        app.kubernetes.io/component: collector
+        app.kubernetes.io/part-of: trustification
+    spec:
+      replicas: ${{COLLECTOR_OSV_REPLICAS}}
+      strategy:
+        type: Recreate
+      selector:
+        matchLabels:
+          app.kubernetes.io/name: collector-osv
+          app.kubernetes.io/component: collector
+          app.kubernetes.io/part-of: trustification
+      template:
+        metadata:
+          labels:
+            app.kubernetes.io/name: collector-osv
+            app.kubernetes.io/component: collector
+            app.kubernetes.io/part-of: trustification
+            metrics: 'true'
+          annotations:
+            config/checksum: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
+        spec:
+          volumes:
+            - name: data
+              emptyDir: {}
+            - name: config
+              configMap:
+                name: ${CONFIG_NAME}
+            - name: tls
+              secret:
+                secretName: collector-osv-tls
+          containers:
+            - image: ${BACKEND_IMAGE}:${IMAGE_TAG}
+              imagePullPolicy: Always
+              name: service
+              command:
+                - /trust
+              args:
+                - collector
+                - osv
+                - -p
+                - '8080'
+                - --auth-configuration
+                - /etc/config/auth.yaml
+                - --v11y-url
+                - https://v11y-api.$(NAMESPACE).svc
+                - --guac-url
+                - http://guac-graphql.$(NAMESPACE).svc:8080/query
+              env:
+                - name: RUST_LOG
+                  value: ${LOG_LEVEL}
+                - name: NAMESPACE
+                  valueFrom:
+                    fieldRef:
+                      fieldPath: metadata.namespace
+                - name: HTTP_SERVER_BIND_ADDR
+                  value: '::'
+                - name: HTTP_SERVER_TLS_ENABLED
+                  value: 'true'
+                - name: HTTP_SERVER_TLS_KEY_FILE
+                  value: /etc/tls/tls.key
+                - name: HTTP_SERVER_TLS_CERTIFICATE_FILE
+                  value: /etc/tls/tls.crt
+                - name: INFRASTRUCTURE_ENABLED
+                  value: 'true'
+                - name: INFRASTRUCTURE_BIND
+                  value: '[::]:9010'
+                - name: SWAGGER_UI_OIDC_ISSUER_URL
+                  value: ${ISSUER_URL}
+                - name: OIDC_PROVIDER_CLIENT_ID
+                  value: trusted-content-api
+                - name: OIDC_PROVIDER_CLIENT_SECRET
+                  valueFrom:
+                    secretKeyRef:
+                      key: ${OIDC_PROVIDER_CLIENT_SECRET_KEY}
+                      name: ${OIDC_PROVIDER_CLIENT_SECRET_NAME}
+                - name: OIDC_PROVIDER_ISSUER_URL
+                  value: ${ISSUER_URL}
+              volumeMounts:
+                - name: data
+                  mountPath: /data
+                - mountPath: /etc/config
+                  name: config
+                - mountPath: /etc/tls
+                  name: tls
+              ports:
+                - containerPort: 8080
+                  protocol: TCP
+                - containerPort: 9010
+                  protocol: TCP
+                  name: infra
+              resources: ${{COLLECTOR_OSV_RESOURCES}}
+              livenessProbe:
+                httpGet:
+                  path: /health/live
+                  port: 9010
+                initialDelaySeconds: 2
+              readinessProbe:
+                httpGet:
+                  path: /health/ready
+                  port: 9010
+                initialDelaySeconds: 2
+              startupProbe:
+                httpGet:
+                  path: /health/startup
+                  port: 9010
+  - apiVersion: apps/v1
+    kind: Deployment
+    metadata:
+      name: collectorist-api
+      labels:
+        app.kubernetes.io/name: collectorist-api
+        app.kubernetes.io/component: api
+        app.kubernetes.io/part-of: trustification
+    spec:
+      replicas: ${{COLLECTORIST_API_REPLICAS}}
+      strategy:
+        type: Recreate
+      selector:
+        matchLabels:
+          app.kubernetes.io/name: collectorist-api
+          app.kubernetes.io/component: api
+          app.kubernetes.io/part-of: trustification
+      template:
+        metadata:
+          labels:
+            app.kubernetes.io/name: collectorist-api
+            app.kubernetes.io/component: api
+            app.kubernetes.io/part-of: trustification
+            metrics: 'true'
+          annotations:
+            config/checksum: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
+        spec:
+          volumes:
+            - name: data
+              persistentVolumeClaim:
+                claimName: collectorist-storage
+            - name: config
+              configMap:
+                name: ${CONFIG_NAME}
+            - name: tls
+              secret:
+                secretName: collectorist-api-tls
+          containers:
+            - image: ${BACKEND_IMAGE}:${IMAGE_TAG}
+              imagePullPolicy: Always
+              name: service
+              command:
+                - /trust
+              args:
+                - collectorist
+                - api
+                - -p
+                - '8080'
+                - --csub-url
+                - http://guac-collectsub:2782
+                - --auth-configuration
+                - /etc/config/auth.yaml
+                - --storage-base
+                - /data
+                - --collector-config
+                - /etc/config/collectorist.yaml
+              env:
+                - name: RUST_LOG
+                  value: ${LOG_LEVEL}
+                - name: HTTP_SERVER_BIND_ADDR
+                  value: '::'
+                - name: HTTP_SERVER_TLS_ENABLED
+                  value: 'true'
+                - name: HTTP_SERVER_TLS_KEY_FILE
+                  value: /etc/tls/tls.key
+                - name: HTTP_SERVER_TLS_CERTIFICATE_FILE
+                  value: /etc/tls/tls.crt
+                - name: INFRASTRUCTURE_ENABLED
+                  value: 'true'
+                - name: INFRASTRUCTURE_BIND
+                  value: '[::]:9010'
+                - name: OIDC_PROVIDER_CLIENT_ID
+                  value: trusted-content-api
+                - name: OIDC_PROVIDER_CLIENT_SECRET
+                  valueFrom:
+                    secretKeyRef:
+                      key: ${OIDC_PROVIDER_CLIENT_SECRET_KEY}
+                      name: ${OIDC_PROVIDER_CLIENT_SECRET_NAME}
+                - name: OIDC_PROVIDER_ISSUER_URL
+                  value: ${ISSUER_URL}
+              volumeMounts:
+                - name: data
+                  mountPath: /data
+                - mountPath: /etc/config
+                  name: config
+                - mountPath: /etc/tls
+                  name: tls
+              ports:
+                - containerPort: 8080
+                  protocol: TCP
+                - containerPort: 9010
+                  protocol: TCP
+                  name: infra
+              resources: ${{COLLECTORIST_RESOURCES}}
+              livenessProbe:
+                httpGet:
+                  path: /health/live
+                  port: 9010
+                initialDelaySeconds: 2
+              readinessProbe:
+                httpGet:
+                  path: /health/ready
+                  port: 9010
+                initialDelaySeconds: 2
+              startupProbe:
+                httpGet:
+                  path: /health/startup
+                  port: 9010
   - apiVersion: apps/v1
     kind: Deployment
     metadata:
@@ -2174,6 +2449,8 @@ parameters:
   required: true
 - name: COLLECTORIST_API_REPLICAS
   required: true
+- name: COLLECTOR_OSV_REPLICAS
+  required: true
 - name: EXHORT_API_REPLICAS
   required: true
 - name: SPOG_API_REPLICAS

deploy/openshift/values.yaml

@@ -98,7 +98,7 @@ v11y:
     schedule: ${V11Y_WALKER_SCHEDULE}
     resources: ${{V11Y_WALKER_RESOURCES}}
 collectorist:
-  enabled: false
+  enabled: true
   api:
     replicas: ${{COLLECTORIST_API_REPLICAS}}
     resources: ${{COLLECTORIST_RESOURCES}}
@@ -116,7 +116,8 @@ collector:
     resources: ${{COLLECTOR_SNYK_RESOURCES}}
     logLevel: ${LOG_LEVEL}
   osv:
-    enabled: false
+    enabled: true
+    replicas: ${{COLLECTOR_OSV_REPLICAS}}
     resources: ${{COLLECTOR_OSV_RESOURCES}}
     logLevel: ${LOG_LEVEL}
 vexination: