From fa17730b5ab9fdb64e8d90b3fbc1c50e400560ff Mon Sep 17 00:00:00 2001 From: Sunny Yip Date: Fri, 17 May 2024 12:53:41 -0400 Subject: [PATCH 1/5] bump version to 0.3.1 Signed-off-by: Sunny Yip --- charts/guac/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/guac/Chart.yaml b/charts/guac/Chart.yaml index e34ba00..91e07cd 100644 --- a/charts/guac/Chart.yaml +++ b/charts/guac/Chart.yaml @@ -9,7 +9,7 @@ maintainers: email: guac-info@kusari.dev type: application -version: 0.3.0 +version: 0.3.1 appVersion: "v0.6.0" dependencies: From 561b47da8ed141225c24c686a58ef34344402fb8 Mon Sep 17 00:00:00 2001 From: Sunny Yip Date: Wed, 31 Jul 2024 12:18:05 -0400 Subject: [PATCH 2/5] add certifier/collect latency and batch size Signed-off-by: Sunny Yip --- charts/guac/README.md | 311 +++++++++--------- charts/guac/schema.json | 17 + charts/guac/templates/guac-cm.yaml | 7 + ..._backend_test.yaml => configmap_test.yaml} | 15 + .../guac/tests/values_common_certifier.yaml | 8 + charts/guac/values.yaml | 6 + 6 files changed, 210 insertions(+), 154 deletions(-) rename charts/guac/tests/{graphql_ent_backend_test.yaml => configmap_test.yaml} (67%) create mode 100644 charts/guac/tests/values_common_certifier.yaml diff --git a/charts/guac/README.md b/charts/guac/README.md index 684a300..a546c77 100644 --- a/charts/guac/README.md +++ b/charts/guac/README.md @@ -95,160 +95,163 @@ kubectl port-forward svc/collectsub 2782:2782 This section contains parameters for configuring the different GUAC components. -| Name | Description | Value | -| -------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | ---------------------------------------------- | -| `guac.guacImage.repository` | Path to the GUAC image | `ghcr.io/guacsec/guac` | -| `guac.guacImage.tag` | Tag if using an image tag. Optional | `undefined` | -| `guac.guacImage.digest` | Sha256 Image Digest. It is strongly recommended to use this for verification. | `""` | -| `guac.guacImage.pullPolicy` | ImagePullPolicy for kubernetes | `IfNotPresent` | -| `guac.guacImage.workingDir` | Working Directory for GUAC | `/guac` | -| `guac.common.env` | common environment variables apply to all guac services | `""` | -| `guac.common.tolerations` | common tolerations apply to all guac services | `""` | -| `guac.common.certifier.dayBetweenRescan` | Day(s) to wait before the certifier rescanning - commonly apply to all certifiers. Default 0 means only run once | `0` | -| `guac.configMap.enabled` | Whether to create the guac-cm configMap | `true` | -| `guac.ociCollector.enabled` | String Whether to deploy OCI Collector | `true` | -| `guac.ociCollector.name` | String Name of the OCI Collector component. | `oci-collector` | -| `guac.ociCollector.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | -| `guac.ociCollector.replicas` | Number of replicas for oci collector deployment | `1` | -| `guac.ociCollector.image.command` | Command for the OCI Collector image. It is not recommended to override this. | `["sh","-c","/opt/guac/guaccollect image"]` | -| `guac.ociCollector.env` | Environment variables for OCI Collector. | `[]` | -| `guac.ociCollector.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | -| `guac.ociCollector.tolerations` | | `[]` | -| `guac.ociCollector.serviceAccount.create` | - whether to create OCI Collector service account | `true` | -| `guac.ociCollector.serviceAccount.annotations` | - OCI Collector service account annotations | `{}` | -| `guac.ociCollector.resources` | - [map] resource requests or limits of the ociCollector deployment | `{}` | -| `guac.depsDevCollector.enabled` | String Whether to deploy Deps.Dev Collector | `true` | -| `guac.depsDevCollector.name` | String Name of the Deps.Dev Collector component. | `depsdev-collector` | -| `guac.depsDevCollector.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | -| `guac.depsDevCollector.replicas` | Number of replicas for depsdev collector deployment | `1` | -| `guac.depsDevCollector.image.command` | Command for the Deps.Dev Collector image. It is not recommended to override this. | `["sh","-c","/opt/guac/guaccollect deps_dev"]` | -| `guac.depsDevCollector.env` | Environment variables for Deps.Dev Collector. | `[]` | -| `guac.depsDevCollector.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | -| `guac.depsDevCollector.tolerations` | | `[]` | -| `guac.depsDevCollector.serviceAccount.create` | - whether to create depsDevCollector service account | `true` | -| `guac.depsDevCollector.serviceAccount.annotations` | | `{}` | -| `guac.depsDevCollector.resources` | - [map] resource requests or limits of the depsDevCollector deployment | `{}` | -| `guac.osvCertifier.enabled` | String Whether to deploy OSV Certifier | `true` | -| `guac.osvCertifier.name` | String Name of the OSV Certifier component. | `osv-certifier` | -| `guac.osvCertifier.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | -| `guac.osvCertifier.replicas` | Number of replicas for OSV Certifier deployment | `1` | -| `guac.osvCertifier.image.command` | Command for the OSV Certifier Collector image. It is not recommended to override this. | `["sh","-c","/opt/guac/guaccollect osv"]` | -| `guac.osvCertifier.env` | Environment variables for OSV Certifier. | `[]` | -| `guac.osvCertifier.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | -| `guac.osvCertifier.tolerations` | | `[]` | -| `guac.osvCertifier.serviceAccount.create` | - whether to create osvCertifier service account | `true` | -| `guac.osvCertifier.serviceAccount.annotations` | - OSV Certifier service account annotations | `{}` | -| `guac.osvCertifier.resources` | - [map] resource requests or limits of the OSV Certifier deployment | `{}` | -| `guac.cdCertifier.enabled` | String Whether to deploy CD Certifier | `true` | -| `guac.cdCertifier.name` | String Name of the CD Certifier component. | `cd-certifier` | -| `guac.cdCertifier.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | -| `guac.cdCertifier.replicas` | Number of replicas for CD Certifier deployment | `1` | -| `guac.cdCertifier.image.command` | Command for the CD Certifier Collector image. It is not recommended to override this. | `["sh","-c","/opt/guac/guaccollect cd"]` | -| `guac.cdCertifier.env` | Environment variables for CD Certifier. | `[]` | -| `guac.cdCertifier.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | -| `guac.cdCertifier.tolerations` | | `[]` | -| `guac.cdCertifier.serviceAccount.create` | - whether to create cdCertifier service account | `true` | -| `guac.cdCertifier.serviceAccount.annotations` | - CD Certifier service account annotations | `{}` | -| `guac.cdCertifier.resources` | - [map] resource requests or limits of the cd Certifier deployment | `{}` | -| `guac.ingestor.enabled` | String Whether to deploy Ingestor | `true` | -| `guac.ingestor.name` | String Name of the ingestor component. | `ingestor` | -| `guac.ingestor.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | -| `guac.ingestor.replicas` | Number of replicas for ingestor deployment | `1` | -| `guac.ingestor.image.command` | Command for the ingestor image. It is not recommended to override this. | `["sh","-c","/opt/guac/guacingest"]` | -| `guac.ingestor.env` | Environment variables for ingestor. | `[]` | -| `guac.ingestor.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | -| `guac.ingestor.serviceAccount.create` | - whether to create ingestor service account | `true` | -| `guac.ingestor.serviceAccount.annotations` | - Ingestor service account annotations | `{}` | -| `guac.ingestor.tolerations` | | `[]` | -| `guac.ingestor.resources` | - [map] resource requests or limits of the ingestor deployment | `{}` | -| `guac.collectSub.enabled` | String Whether to deploy CollectSub | `true` | -| `guac.collectSub.name` | String Name of the CollectSub component. | `collectsub` | -| `guac.collectSub.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | -| `guac.collectSub.replicas` | Number of replicas for CollectSub deployment | `1` | -| `guac.collectSub.image.command` | Command for the CollectSub image. It is not recommended to override this. | `["sh","-c","/opt/guac/guaccsub"]` | -| `guac.collectSub.env` | Environment variables for CollectSub. | `[]` | -| `guac.collectSub.image.ports[0].containerPort` | Port the CollectSub container listens on | `2782` | -| `guac.collectSub.svcPorts[0].protocol` | Protocol used at CollectSub | `TCP` | -| `guac.collectSub.svcPorts[0].port` | Port the CollectSub service listens on | `2782` | -| `guac.collectSub.svcPorts[0].targetPort` | Port the CollectSub container listens on | `2782` | -| `guac.collectSub.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | -| `guac.collectSub.tolerations` | | `[]` | -| `guac.collectSub.serviceAccount.create` | - whether to create collectSub service account | `true` | -| `guac.collectSub.serviceAccount.annotations` | - CollectSub service account annotations | `{}` | -| `guac.collectSub.resources` | - [map] resource requests or limits of the collectSub deployment | `{}` | -| `guac.graphqlServer.enabled` | String Whether to deploy GraphQL Server | `true` | -| `guac.graphqlServer.name` | String Name of the GraphQL Server component. | `graphql-server` | -| `guac.graphqlServer.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | -| `guac.graphqlServer.replicas` | Number of replicas for GraphQL Server deployment | `1` | -| `guac.graphqlServer.image.command` | Command for the GraphQL Server image. It is not recommended to override this. | `["sh","-c","/opt/guac/guacgql"]` | -| `guac.graphqlServer.env` | Environment variables for GraphQL Server. | `[]` | -| `guac.graphqlServer.image.ports[0].containerPort` | Port the GraphQL Server container listens on | `8080` | -| `guac.graphqlServer.svcPorts[0].protocol` | Protocol used at the the GraphQL Server | `TCP` | -| `guac.graphqlServer.svcPorts[0].port` | Port the GraphQL Server service listens on | `8080` | -| `guac.graphqlServer.svcPorts[0].targetPort` | Port the GraphQL Server container listens on | `8080` | -| `guac.graphqlServer.nodePortSvcPorts` | NodePort service ports definition | `{}` | -| `guac.graphqlServer.backend` | which backend to use - keyvalue (default) | arango | ent. | `keyvalue` | -| `guac.graphqlServer.debug` | Enable debug mode for graphql server; also enable the UI | `true` | -| `guac.graphqlServer.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | -| `guac.graphqlServer.serviceAccount.create` | - whether to create graphqlServer service account | `true` | -| `guac.graphqlServer.serviceAccount.annotations` | - graphql server service account annotations | `{}` | -| `guac.graphqlServer.service.createNodePortService` | - Whether to deploy a NodePort type service | `false` | -| `guac.graphqlServer.additionalVolumeMounts` | | `[]` | -| `guac.graphqlServer.additionalVolumes` | | `[]` | -| `guac.graphqlServer.tolerations` | | `[]` | -| `guac.graphqlServer.resources` | - [map] resource requests or limits of the graphqlServer deployment | `{}` | -| `guac.restApi.enabled` | String Whether to deploy the restApi | `true` | -| `guac.restApi.name` | String Name of the restApi component. | `rest-api` | -| `guac.restApi.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | -| `guac.restApi.replicas` | Number of replicas for restApi deployment | `1` | -| `guac.restApi.image.command` | Command for the restApi image. It is not recommended to override this. | `["sh","-c","/opt/guac/guacrest"]` | -| `guac.restApi.env` | Environment variables for restApi. | `[]` | -| `guac.restApi.image.ports[0].containerPort` | Port the restApi container listens on | `8081` | -| `guac.restApi.svcPorts[0].protocol` | Protocol used at the the restApi | `TCP` | -| `guac.restApi.svcPorts[0].port` | Port the restApi service listens on | `8081` | -| `guac.restApi.svcPorts[0].targetPort` | Port the restApi container listens on | `8081` | -| `guac.restApi.serviceAccount.create` | - whether to create restApi service account | `true` | -| `guac.restApi.serviceAccount.annotations` | - graphql server service account annotations | `{}` | -| `guac.restApi.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | -| `guac.restApi.tolerations` | | `[]` | -| `guac.restApi.resources` | - [map] resource requests or limits of the restApi deployment | `{}` | -| `guac.visualizer.enabled` | String Whether to deploy the visualizer. | `true` | -| `guac.visualizer.name` | String Name of the visualizer. | `visualizer` | -| `guac.visualizer.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | -| `guac.visualizer.replicas` | Number of replicas for visualizer deployment | `1` | -| `guac.visualizer.image.repository` | Path to the Ingestor image | `ghcr.io/guacsec/guac-visualizer` | -| `guac.visualizer.image.tag` | Tag if using an image tag. Optional | `v0.0.3` | -| `guac.visualizer.image.digest` | Sha256 Image Digest. It is strongly recommended to use this for verification. | `""` | -| `guac.visualizer.image.pullPolicy` | ImagePullPolicy for kubernetes | `IfNotPresent` | -| `guac.visualizer.image.ports[0].containerPort` | Port the visualizer container listens on | `3000` | -| `guac.visualizer.svcPorts[0].protocol` | Protocol used at the visualizer | `TCP` | -| `guac.visualizer.svcPorts[0].port` | Port the visualizer service listens on | `3000` | -| `guac.visualizer.svcPorts[0].targetPort` | Port the visualizer container listens on | `3000` | -| `guac.visualizer.env` | Environment variables for the visualizer. | `[]` | -| `guac.visualizer.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | -| `guac.visualizer.tolerations` | | `[]` | -| `guac.observability.deployServiceMonitor` | Boolean Deploy the service monitor for observability | `false` | -| `guac.sampleData.ingest` | Boolean Whether to ingest sample data after deployment | `false` | -| `guac.sampleData.jobName` | Name of the sample data ingest job | `ingest-guac-data` | -| `guac.sampleData.env` | Environment variables for the sample data ingest job | `[]` | -| `guac.ingress.enabled` | Whether to deploy an Ingress object | `false` | -| `guac.ingress.ingressClassName` | Ingress class name | `undefined` | -| `guac.ingress.webuiHostname` | DNS name for the UI components - e.g. Visualizer, GQL playground | `undefined` | -| `guac.ingress.apiHostname` | DNS name for the GQL API. When specified, GQL API won't be served at webuiHostname | `undefined` | -| `guac.ingress.annotations` | Annotations for the ingress object | `{}` | -| `guac.apiOnlyIngress.enabled` | Whether to deploy an Ingress object to expose API only | `false` | -| `guac.apiOnlyIngress.ingressClassName` | Ingress class name for API only ingress | `undefined` | -| `guac.apiOnlyIngress.apiHostname` | DNS name for the GQL API. | `undefined` | -| `guac.apiOnlyIngress.annotations` | Annotations for the API only ingress object | `{}` | -| `guac.traefikIngressRoute.enabled` | Whether to deploy Traefik IngressRoute object | `false` | -| `guac.backend.ent.db-driver` | database driver to use, one of [postgres | sqlite3 | mysql] or anything supported by sql.DB | `postgres` | -| `guac.backend.ent.db-address` | Full URL of database to connect to | `undefined` | -| `guac.backend.ent.db-migrate` | Wether to automatically run database migrations on start | `true` | -| `guac.backend.ent.db-debug` | Enable debug logging for database queries | `true` | -| `guac.pubSubAddr` | String gocloud connection string for pubsub configured via https://gocloud.dev/howto/pubsub/ | `undefined` | -| `guac.collectorPublishToQueue` | Whether to publish ingestion message to pubsub queue | `true` | -| `guac.blobAddr` | gocloud connection string for blob store configured via https://gocloud.dev/howto/blob/ | `undefined` | -| `guac.additionalResources` | | `{}` | +| Name | Description | Value | +| -------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------- | +| `guac.guacImage.repository` | Path to the GUAC image | `ghcr.io/guacsec/guac` | +| `guac.guacImage.tag` | Tag if using an image tag. Optional | `undefined` | +| `guac.guacImage.digest` | Sha256 Image Digest. It is strongly recommended to use this for verification. | `""` | +| `guac.guacImage.pullPolicy` | ImagePullPolicy for kubernetes | `IfNotPresent` | +| `guac.guacImage.workingDir` | Working Directory for GUAC | `/guac` | +| `guac.common.env` | common environment variables apply to all guac services | `""` | +| `guac.common.tolerations` | common tolerations apply to all guac services | `""` | +| `guac.common.certifier.dayBetweenRescan` | Day(s) to wait before the certifier rescanning - commonly apply to all certifiers. Default 0 means only run once | `0` | +| `guac.common.certifier.batchSize` | sets the batch size for pagination query for the certifier - commonly apply to all certifiers. Default 60000 | `60000` | +| `guac.common.certifier.latency` | sets artificial latency on the certifier - commonly apply to all certifiers. Defaults to empty string (not enabled) but can set m, h, s...etc. | `nil` | +| `guac.configMap.enabled` | Whether to create the guac-cm configMap | `true` | +| `guac.ociCollector.enabled` | String Whether to deploy OCI Collector | `true` | +| `guac.ociCollector.name` | String Name of the OCI Collector component. | `oci-collector` | +| `guac.ociCollector.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | +| `guac.ociCollector.replicas` | Number of replicas for oci collector deployment | `1` | +| `guac.ociCollector.image.command` | Command for the OCI Collector image. It is not recommended to override this. | `["sh","-c","/opt/guac/guaccollect image"]` | +| `guac.ociCollector.env` | Environment variables for OCI Collector. | `[]` | +| `guac.ociCollector.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | +| `guac.ociCollector.tolerations` | | `[]` | +| `guac.ociCollector.serviceAccount.create` | - whether to create OCI Collector service account | `true` | +| `guac.ociCollector.serviceAccount.annotations` | - OCI Collector service account annotations | `{}` | +| `guac.ociCollector.resources` | - [map] resource requests or limits of the ociCollector deployment | `{}` | +| `guac.depsDevCollector.enabled` | String Whether to deploy Deps.Dev Collector | `true` | +| `guac.depsDevCollector.name` | String Name of the Deps.Dev Collector component. | `depsdev-collector` | +| `guac.depsDevCollector.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | +| `guac.depsDevCollector.replicas` | Number of replicas for depsdev collector deployment | `1` | +| `guac.depsDevCollector.image.command` | Command for the Deps.Dev Collector image. It is not recommended to override this. | `["sh","-c","/opt/guac/guaccollect deps_dev"]` | +| `guac.depsDevCollector.env` | Environment variables for Deps.Dev Collector. | `[]` | +| `guac.depsDevCollector.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | +| `guac.depsDevCollector.tolerations` | | `[]` | +| `guac.depsDevCollector.serviceAccount.create` | - whether to create depsDevCollector service account | `true` | +| `guac.depsDevCollector.serviceAccount.annotations` | | `{}` | +| `guac.depsDevCollector.resources` | - [map] resource requests or limits of the depsDevCollector deployment | `{}` | +| `guac.depsDevCollector.depsDevLatency` | - sets artificial latency on the deps.dev collector. Defaults to empty string (not enabled) but can set m, h, s...etc. | `nil` | +| `guac.osvCertifier.enabled` | String Whether to deploy OSV Certifier | `true` | +| `guac.osvCertifier.name` | String Name of the OSV Certifier component. | `osv-certifier` | +| `guac.osvCertifier.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | +| `guac.osvCertifier.replicas` | Number of replicas for OSV Certifier deployment | `1` | +| `guac.osvCertifier.image.command` | Command for the OSV Certifier Collector image. It is not recommended to override this. | `["sh","-c","/opt/guac/guaccollect osv"]` | +| `guac.osvCertifier.env` | Environment variables for OSV Certifier. | `[]` | +| `guac.osvCertifier.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | +| `guac.osvCertifier.tolerations` | | `[]` | +| `guac.osvCertifier.serviceAccount.create` | - whether to create osvCertifier service account | `true` | +| `guac.osvCertifier.serviceAccount.annotations` | - OSV Certifier service account annotations | `{}` | +| `guac.osvCertifier.resources` | - [map] resource requests or limits of the OSV Certifier deployment | `{}` | +| `guac.cdCertifier.enabled` | String Whether to deploy CD Certifier | `true` | +| `guac.cdCertifier.name` | String Name of the CD Certifier component. | `cd-certifier` | +| `guac.cdCertifier.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | +| `guac.cdCertifier.replicas` | Number of replicas for CD Certifier deployment | `1` | +| `guac.cdCertifier.image.command` | Command for the CD Certifier Collector image. It is not recommended to override this. | `["sh","-c","/opt/guac/guaccollect cd"]` | +| `guac.cdCertifier.env` | Environment variables for CD Certifier. | `[]` | +| `guac.cdCertifier.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | +| `guac.cdCertifier.tolerations` | | `[]` | +| `guac.cdCertifier.serviceAccount.create` | - whether to create cdCertifier service account | `true` | +| `guac.cdCertifier.serviceAccount.annotations` | - CD Certifier service account annotations | `{}` | +| `guac.cdCertifier.resources` | - [map] resource requests or limits of the cd Certifier deployment | `{}` | +| `guac.ingestor.enabled` | String Whether to deploy Ingestor | `true` | +| `guac.ingestor.name` | String Name of the ingestor component. | `ingestor` | +| `guac.ingestor.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | +| `guac.ingestor.replicas` | Number of replicas for ingestor deployment | `1` | +| `guac.ingestor.image.command` | Command for the ingestor image. It is not recommended to override this. | `["sh","-c","/opt/guac/guacingest"]` | +| `guac.ingestor.env` | Environment variables for ingestor. | `[]` | +| `guac.ingestor.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | +| `guac.ingestor.serviceAccount.create` | - whether to create ingestor service account | `true` | +| `guac.ingestor.serviceAccount.annotations` | - Ingestor service account annotations | `{}` | +| `guac.ingestor.tolerations` | | `[]` | +| `guac.ingestor.resources` | - [map] resource requests or limits of the ingestor deployment | `{}` | +| `guac.collectSub.enabled` | String Whether to deploy CollectSub | `true` | +| `guac.collectSub.name` | String Name of the CollectSub component. | `collectsub` | +| `guac.collectSub.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | +| `guac.collectSub.replicas` | Number of replicas for CollectSub deployment | `1` | +| `guac.collectSub.image.command` | Command for the CollectSub image. It is not recommended to override this. | `["sh","-c","/opt/guac/guaccsub"]` | +| `guac.collectSub.env` | Environment variables for CollectSub. | `[]` | +| `guac.collectSub.image.ports[0].containerPort` | Port the CollectSub container listens on | `2782` | +| `guac.collectSub.svcPorts[0].protocol` | Protocol used at CollectSub | `TCP` | +| `guac.collectSub.svcPorts[0].port` | Port the CollectSub service listens on | `2782` | +| `guac.collectSub.svcPorts[0].targetPort` | Port the CollectSub container listens on | `2782` | +| `guac.collectSub.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | +| `guac.collectSub.tolerations` | | `[]` | +| `guac.collectSub.serviceAccount.create` | - whether to create collectSub service account | `true` | +| `guac.collectSub.serviceAccount.annotations` | - CollectSub service account annotations | `{}` | +| `guac.collectSub.resources` | - [map] resource requests or limits of the collectSub deployment | `{}` | +| `guac.graphqlServer.enabled` | String Whether to deploy GraphQL Server | `true` | +| `guac.graphqlServer.name` | String Name of the GraphQL Server component. | `graphql-server` | +| `guac.graphqlServer.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | +| `guac.graphqlServer.replicas` | Number of replicas for GraphQL Server deployment | `1` | +| `guac.graphqlServer.image.command` | Command for the GraphQL Server image. It is not recommended to override this. | `["sh","-c","/opt/guac/guacgql"]` | +| `guac.graphqlServer.env` | Environment variables for GraphQL Server. | `[]` | +| `guac.graphqlServer.image.ports[0].containerPort` | Port the GraphQL Server container listens on | `8080` | +| `guac.graphqlServer.svcPorts[0].protocol` | Protocol used at the the GraphQL Server | `TCP` | +| `guac.graphqlServer.svcPorts[0].port` | Port the GraphQL Server service listens on | `8080` | +| `guac.graphqlServer.svcPorts[0].targetPort` | Port the GraphQL Server container listens on | `8080` | +| `guac.graphqlServer.nodePortSvcPorts` | NodePort service ports definition | `{}` | +| `guac.graphqlServer.backend` | which backend to use - keyvalue (default) | arango | ent. | `keyvalue` | +| `guac.graphqlServer.debug` | Enable debug mode for graphql server; also enable the UI | `true` | +| `guac.graphqlServer.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | +| `guac.graphqlServer.serviceAccount.create` | - whether to create graphqlServer service account | `true` | +| `guac.graphqlServer.serviceAccount.annotations` | - graphql server service account annotations | `{}` | +| `guac.graphqlServer.service.createNodePortService` | - Whether to deploy a NodePort type service | `false` | +| `guac.graphqlServer.additionalVolumeMounts` | | `[]` | +| `guac.graphqlServer.additionalVolumes` | | `[]` | +| `guac.graphqlServer.tolerations` | | `[]` | +| `guac.graphqlServer.resources` | - [map] resource requests or limits of the graphqlServer deployment | `{}` | +| `guac.restApi.enabled` | String Whether to deploy the restApi | `true` | +| `guac.restApi.name` | String Name of the restApi component. | `rest-api` | +| `guac.restApi.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | +| `guac.restApi.replicas` | Number of replicas for restApi deployment | `1` | +| `guac.restApi.image.command` | Command for the restApi image. It is not recommended to override this. | `["sh","-c","/opt/guac/guacrest"]` | +| `guac.restApi.env` | Environment variables for restApi. | `[]` | +| `guac.restApi.image.ports[0].containerPort` | Port the restApi container listens on | `8081` | +| `guac.restApi.svcPorts[0].protocol` | Protocol used at the the restApi | `TCP` | +| `guac.restApi.svcPorts[0].port` | Port the restApi service listens on | `8081` | +| `guac.restApi.svcPorts[0].targetPort` | Port the restApi container listens on | `8081` | +| `guac.restApi.serviceAccount.create` | - whether to create restApi service account | `true` | +| `guac.restApi.serviceAccount.annotations` | - graphql server service account annotations | `{}` | +| `guac.restApi.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | +| `guac.restApi.tolerations` | | `[]` | +| `guac.restApi.resources` | - [map] resource requests or limits of the restApi deployment | `{}` | +| `guac.visualizer.enabled` | String Whether to deploy the visualizer. | `true` | +| `guac.visualizer.name` | String Name of the visualizer. | `visualizer` | +| `guac.visualizer.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | +| `guac.visualizer.replicas` | Number of replicas for visualizer deployment | `1` | +| `guac.visualizer.image.repository` | Path to the Ingestor image | `ghcr.io/guacsec/guac-visualizer` | +| `guac.visualizer.image.tag` | Tag if using an image tag. Optional | `v0.0.3` | +| `guac.visualizer.image.digest` | Sha256 Image Digest. It is strongly recommended to use this for verification. | `""` | +| `guac.visualizer.image.pullPolicy` | ImagePullPolicy for kubernetes | `IfNotPresent` | +| `guac.visualizer.image.ports[0].containerPort` | Port the visualizer container listens on | `3000` | +| `guac.visualizer.svcPorts[0].protocol` | Protocol used at the visualizer | `TCP` | +| `guac.visualizer.svcPorts[0].port` | Port the visualizer service listens on | `3000` | +| `guac.visualizer.svcPorts[0].targetPort` | Port the visualizer container listens on | `3000` | +| `guac.visualizer.env` | Environment variables for the visualizer. | `[]` | +| `guac.visualizer.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | +| `guac.visualizer.tolerations` | | `[]` | +| `guac.observability.deployServiceMonitor` | Boolean Deploy the service monitor for observability | `false` | +| `guac.sampleData.ingest` | Boolean Whether to ingest sample data after deployment | `false` | +| `guac.sampleData.jobName` | Name of the sample data ingest job | `ingest-guac-data` | +| `guac.sampleData.env` | Environment variables for the sample data ingest job | `[]` | +| `guac.ingress.enabled` | Whether to deploy an Ingress object | `false` | +| `guac.ingress.ingressClassName` | Ingress class name | `undefined` | +| `guac.ingress.webuiHostname` | DNS name for the UI components - e.g. Visualizer, GQL playground | `undefined` | +| `guac.ingress.apiHostname` | DNS name for the GQL API. When specified, GQL API won't be served at webuiHostname | `undefined` | +| `guac.ingress.annotations` | Annotations for the ingress object | `{}` | +| `guac.apiOnlyIngress.enabled` | Whether to deploy an Ingress object to expose API only | `false` | +| `guac.apiOnlyIngress.ingressClassName` | Ingress class name for API only ingress | `undefined` | +| `guac.apiOnlyIngress.apiHostname` | DNS name for the GQL API. | `undefined` | +| `guac.apiOnlyIngress.annotations` | Annotations for the API only ingress object | `{}` | +| `guac.traefikIngressRoute.enabled` | Whether to deploy Traefik IngressRoute object | `false` | +| `guac.backend.ent.db-driver` | database driver to use, one of [postgres | sqlite3 | mysql] or anything supported by sql.DB | `postgres` | +| `guac.backend.ent.db-address` | Full URL of database to connect to | `undefined` | +| `guac.backend.ent.db-migrate` | Wether to automatically run database migrations on start | `true` | +| `guac.backend.ent.db-debug` | Enable debug logging for database queries | `true` | +| `guac.pubSubAddr` | String gocloud connection string for pubsub configured via https://gocloud.dev/howto/pubsub/ | `undefined` | +| `guac.collectorPublishToQueue` | Whether to publish ingestion message to pubsub queue | `true` | +| `guac.blobAddr` | gocloud connection string for blob store configured via https://gocloud.dev/howto/blob/ | `undefined` | +| `guac.additionalResources` | | `{}` | ### nats diff --git a/charts/guac/schema.json b/charts/guac/schema.json index d9f2051..1d01efc 100644 --- a/charts/guac/schema.json +++ b/charts/guac/schema.json @@ -63,6 +63,17 @@ "type": "string", "description": "Day(s) to wait before the certifier rescanning - commonly apply to all certifiers. Default 0 means only run once", "default": "0" + }, + "batchSize": { + "type": "string", + "description": "sets the batch size for pagination query for the certifier - commonly apply to all certifiers. Default 60000", + "default": "60000" + }, + "latency": { + "type": "object", + "description": "sets artificial latency on the certifier - commonly apply to all certifiers. Defaults to empty string (not enabled) but can set m, h, s...etc.", + "default": null, + "nullable": true } } } @@ -223,6 +234,12 @@ "type": "object", "description": "- [map] resource requests or limits of the depsDevCollector deployment", "default": {} + }, + "depsDevLatency": { + "type": "object", + "description": "- sets artificial latency on the deps.dev collector. Defaults to empty string (not enabled) but can set m, h, s...etc.", + "default": null, + "nullable": true } } }, diff --git a/charts/guac/templates/guac-cm.yaml b/charts/guac/templates/guac-cm.yaml index b7525b6..8dae545 100644 --- a/charts/guac/templates/guac-cm.yaml +++ b/charts/guac/templates/guac-cm.yaml @@ -47,6 +47,13 @@ data: {{- if $.Values.guac.common.certifier.dayBetweenRescan }} last-scan: {{ .Values.guac.common.certifier.dayBetweenRescan }} {{- end }} +{{- if $.Values.guac.common.certifier.batchSize }} + certifier-batch-size: {{ .Values.guac.common.certifier.batchSize }} +{{- end }} +{{- if $.Values.guac.common.certifier.latency }} + certifier-latency: {{ .Values.guac.common.certifier.latency }} +{{- end }} + poll: true interval: 5m # how often to poll graphql-server to discover new packages diff --git a/charts/guac/tests/graphql_ent_backend_test.yaml b/charts/guac/tests/configmap_test.yaml similarity index 67% rename from charts/guac/tests/graphql_ent_backend_test.yaml rename to charts/guac/tests/configmap_test.yaml index 05d4f19..e566519 100644 --- a/charts/guac/tests/graphql_ent_backend_test.yaml +++ b/charts/guac/tests/configmap_test.yaml @@ -8,6 +8,7 @@ tests: - it: configmap should render values: - ./values_ent_backend.yaml + - ./values_common_certifier.yaml asserts: - isKind: of: ConfigMap @@ -26,3 +27,17 @@ tests: # - equal: # path: data["guac.yaml"]["db-migrate"] # value: true + + # - it: should override defaults + # values: + # - ./values_common_certifier.yaml + # asserts: + # - equal: + # path: data.guac\.yaml.last-scan + # value: "5" + # - equal: + # path: data.guac/.yaml.certifier-batch-size + # value: "50000" + # - equal: + # path: data.guac/.yaml.certifier-latency + # value: 5s diff --git a/charts/guac/tests/values_common_certifier.yaml b/charts/guac/tests/values_common_certifier.yaml new file mode 100644 index 0000000..512f9bd --- /dev/null +++ b/charts/guac/tests/values_common_certifier.yaml @@ -0,0 +1,8 @@ +# Copyright Kusari, Inc. and contributors +# Licensed under the MIT license. See LICENSE file in the project root for details. +guac: + common: + certifier: + dayBetweenRescan: "5" + batchSize: "50000" + latency: "5s" \ No newline at end of file diff --git a/charts/guac/values.yaml b/charts/guac/values.yaml index ae7bc69..0b03f0b 100644 --- a/charts/guac/values.yaml +++ b/charts/guac/values.yaml @@ -18,6 +18,8 @@ imagePullSecrets: ## @param guac.common.env [string] common environment variables apply to all guac services ## @param guac.common.tolerations [string] common tolerations apply to all guac services ## @param guac.common.certifier.dayBetweenRescan Day(s) to wait before the certifier rescanning - commonly apply to all certifiers. Default 0 means only run once +## @param guac.common.certifier.batchSize sets the batch size for pagination query for the certifier - commonly apply to all certifiers. Default 60000 +## @param guac.common.certifier.latency [nullable] sets artificial latency on the certifier - commonly apply to all certifiers. Defaults to empty string (not enabled) but can set m, h, s...etc. ## @param guac.configMap.enabled Whether to create the guac-cm configMap ## @param guac.ociCollector.enabled String Whether to deploy OCI Collector ## @param guac.ociCollector.name String Name of the OCI Collector component. @@ -41,6 +43,7 @@ imagePullSecrets: ## @param guac.depsDevCollector.serviceAccount.create - whether to create depsDevCollector service account ## @param guac.depsDevCollector.serviceAccount.annotations ## @param guac.depsDevCollector.resources - [map] resource requests or limits of the depsDevCollector deployment +## @param guac.depsDevCollector.depsDevLatency [nullable] - sets artificial latency on the deps.dev collector. Defaults to empty string (not enabled) but can set m, h, s...etc. ## @param guac.osvCertifier.enabled String Whether to deploy OSV Certifier ## @param guac.osvCertifier.name String Name of the OSV Certifier component. ## @param guac.osvCertifier.annotations.reloader.stakater.com/auto [string] Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) @@ -185,6 +188,8 @@ guac: certifier: dayBetweenRescan: "0" + batchSize: "60000" + latency: configMap: enabled: true @@ -226,6 +231,7 @@ guac: # requests: # cpu: "0.25" # memory: "0.5G" + depsDevLatency: osvCertifier: enabled: true From 767fb9c0d9e290a576f3835d50484711942cde47 Mon Sep 17 00:00:00 2001 From: Sunny Yip Date: Fri, 17 May 2024 12:53:41 -0400 Subject: [PATCH 3/5] bump version to 0.3.1 Signed-off-by: Sunny Yip --- charts/guac/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/guac/Chart.yaml b/charts/guac/Chart.yaml index a8d5f6b..a6bab40 100644 --- a/charts/guac/Chart.yaml +++ b/charts/guac/Chart.yaml @@ -9,7 +9,7 @@ maintainers: email: guac-info@kusari.dev type: application -version: 0.5.0 +version: 0.5.1 appVersion: "v0.8.0" dependencies: From 3065108525903eace698ebbb53af79f755b02518 Mon Sep 17 00:00:00 2001 From: Sunny Yip Date: Wed, 31 Jul 2024 12:18:05 -0400 Subject: [PATCH 4/5] add certifier/collect latency and batch size Signed-off-by: Sunny Yip --- charts/guac/README.md | 311 +++++++++--------- charts/guac/schema.json | 17 + charts/guac/templates/guac-cm.yaml | 7 + ..._backend_test.yaml => configmap_test.yaml} | 15 + .../guac/tests/values_common_certifier.yaml | 8 + charts/guac/values.yaml | 6 + 6 files changed, 210 insertions(+), 154 deletions(-) rename charts/guac/tests/{graphql_ent_backend_test.yaml => configmap_test.yaml} (67%) create mode 100644 charts/guac/tests/values_common_certifier.yaml diff --git a/charts/guac/README.md b/charts/guac/README.md index 684a300..a546c77 100644 --- a/charts/guac/README.md +++ b/charts/guac/README.md @@ -95,160 +95,163 @@ kubectl port-forward svc/collectsub 2782:2782 This section contains parameters for configuring the different GUAC components. -| Name | Description | Value | -| -------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | ---------------------------------------------- | -| `guac.guacImage.repository` | Path to the GUAC image | `ghcr.io/guacsec/guac` | -| `guac.guacImage.tag` | Tag if using an image tag. Optional | `undefined` | -| `guac.guacImage.digest` | Sha256 Image Digest. It is strongly recommended to use this for verification. | `""` | -| `guac.guacImage.pullPolicy` | ImagePullPolicy for kubernetes | `IfNotPresent` | -| `guac.guacImage.workingDir` | Working Directory for GUAC | `/guac` | -| `guac.common.env` | common environment variables apply to all guac services | `""` | -| `guac.common.tolerations` | common tolerations apply to all guac services | `""` | -| `guac.common.certifier.dayBetweenRescan` | Day(s) to wait before the certifier rescanning - commonly apply to all certifiers. Default 0 means only run once | `0` | -| `guac.configMap.enabled` | Whether to create the guac-cm configMap | `true` | -| `guac.ociCollector.enabled` | String Whether to deploy OCI Collector | `true` | -| `guac.ociCollector.name` | String Name of the OCI Collector component. | `oci-collector` | -| `guac.ociCollector.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | -| `guac.ociCollector.replicas` | Number of replicas for oci collector deployment | `1` | -| `guac.ociCollector.image.command` | Command for the OCI Collector image. It is not recommended to override this. | `["sh","-c","/opt/guac/guaccollect image"]` | -| `guac.ociCollector.env` | Environment variables for OCI Collector. | `[]` | -| `guac.ociCollector.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | -| `guac.ociCollector.tolerations` | | `[]` | -| `guac.ociCollector.serviceAccount.create` | - whether to create OCI Collector service account | `true` | -| `guac.ociCollector.serviceAccount.annotations` | - OCI Collector service account annotations | `{}` | -| `guac.ociCollector.resources` | - [map] resource requests or limits of the ociCollector deployment | `{}` | -| `guac.depsDevCollector.enabled` | String Whether to deploy Deps.Dev Collector | `true` | -| `guac.depsDevCollector.name` | String Name of the Deps.Dev Collector component. | `depsdev-collector` | -| `guac.depsDevCollector.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | -| `guac.depsDevCollector.replicas` | Number of replicas for depsdev collector deployment | `1` | -| `guac.depsDevCollector.image.command` | Command for the Deps.Dev Collector image. It is not recommended to override this. | `["sh","-c","/opt/guac/guaccollect deps_dev"]` | -| `guac.depsDevCollector.env` | Environment variables for Deps.Dev Collector. | `[]` | -| `guac.depsDevCollector.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | -| `guac.depsDevCollector.tolerations` | | `[]` | -| `guac.depsDevCollector.serviceAccount.create` | - whether to create depsDevCollector service account | `true` | -| `guac.depsDevCollector.serviceAccount.annotations` | | `{}` | -| `guac.depsDevCollector.resources` | - [map] resource requests or limits of the depsDevCollector deployment | `{}` | -| `guac.osvCertifier.enabled` | String Whether to deploy OSV Certifier | `true` | -| `guac.osvCertifier.name` | String Name of the OSV Certifier component. | `osv-certifier` | -| `guac.osvCertifier.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | -| `guac.osvCertifier.replicas` | Number of replicas for OSV Certifier deployment | `1` | -| `guac.osvCertifier.image.command` | Command for the OSV Certifier Collector image. It is not recommended to override this. | `["sh","-c","/opt/guac/guaccollect osv"]` | -| `guac.osvCertifier.env` | Environment variables for OSV Certifier. | `[]` | -| `guac.osvCertifier.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | -| `guac.osvCertifier.tolerations` | | `[]` | -| `guac.osvCertifier.serviceAccount.create` | - whether to create osvCertifier service account | `true` | -| `guac.osvCertifier.serviceAccount.annotations` | - OSV Certifier service account annotations | `{}` | -| `guac.osvCertifier.resources` | - [map] resource requests or limits of the OSV Certifier deployment | `{}` | -| `guac.cdCertifier.enabled` | String Whether to deploy CD Certifier | `true` | -| `guac.cdCertifier.name` | String Name of the CD Certifier component. | `cd-certifier` | -| `guac.cdCertifier.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | -| `guac.cdCertifier.replicas` | Number of replicas for CD Certifier deployment | `1` | -| `guac.cdCertifier.image.command` | Command for the CD Certifier Collector image. It is not recommended to override this. | `["sh","-c","/opt/guac/guaccollect cd"]` | -| `guac.cdCertifier.env` | Environment variables for CD Certifier. | `[]` | -| `guac.cdCertifier.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | -| `guac.cdCertifier.tolerations` | | `[]` | -| `guac.cdCertifier.serviceAccount.create` | - whether to create cdCertifier service account | `true` | -| `guac.cdCertifier.serviceAccount.annotations` | - CD Certifier service account annotations | `{}` | -| `guac.cdCertifier.resources` | - [map] resource requests or limits of the cd Certifier deployment | `{}` | -| `guac.ingestor.enabled` | String Whether to deploy Ingestor | `true` | -| `guac.ingestor.name` | String Name of the ingestor component. | `ingestor` | -| `guac.ingestor.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | -| `guac.ingestor.replicas` | Number of replicas for ingestor deployment | `1` | -| `guac.ingestor.image.command` | Command for the ingestor image. It is not recommended to override this. | `["sh","-c","/opt/guac/guacingest"]` | -| `guac.ingestor.env` | Environment variables for ingestor. | `[]` | -| `guac.ingestor.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | -| `guac.ingestor.serviceAccount.create` | - whether to create ingestor service account | `true` | -| `guac.ingestor.serviceAccount.annotations` | - Ingestor service account annotations | `{}` | -| `guac.ingestor.tolerations` | | `[]` | -| `guac.ingestor.resources` | - [map] resource requests or limits of the ingestor deployment | `{}` | -| `guac.collectSub.enabled` | String Whether to deploy CollectSub | `true` | -| `guac.collectSub.name` | String Name of the CollectSub component. | `collectsub` | -| `guac.collectSub.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | -| `guac.collectSub.replicas` | Number of replicas for CollectSub deployment | `1` | -| `guac.collectSub.image.command` | Command for the CollectSub image. It is not recommended to override this. | `["sh","-c","/opt/guac/guaccsub"]` | -| `guac.collectSub.env` | Environment variables for CollectSub. | `[]` | -| `guac.collectSub.image.ports[0].containerPort` | Port the CollectSub container listens on | `2782` | -| `guac.collectSub.svcPorts[0].protocol` | Protocol used at CollectSub | `TCP` | -| `guac.collectSub.svcPorts[0].port` | Port the CollectSub service listens on | `2782` | -| `guac.collectSub.svcPorts[0].targetPort` | Port the CollectSub container listens on | `2782` | -| `guac.collectSub.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | -| `guac.collectSub.tolerations` | | `[]` | -| `guac.collectSub.serviceAccount.create` | - whether to create collectSub service account | `true` | -| `guac.collectSub.serviceAccount.annotations` | - CollectSub service account annotations | `{}` | -| `guac.collectSub.resources` | - [map] resource requests or limits of the collectSub deployment | `{}` | -| `guac.graphqlServer.enabled` | String Whether to deploy GraphQL Server | `true` | -| `guac.graphqlServer.name` | String Name of the GraphQL Server component. | `graphql-server` | -| `guac.graphqlServer.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | -| `guac.graphqlServer.replicas` | Number of replicas for GraphQL Server deployment | `1` | -| `guac.graphqlServer.image.command` | Command for the GraphQL Server image. It is not recommended to override this. | `["sh","-c","/opt/guac/guacgql"]` | -| `guac.graphqlServer.env` | Environment variables for GraphQL Server. | `[]` | -| `guac.graphqlServer.image.ports[0].containerPort` | Port the GraphQL Server container listens on | `8080` | -| `guac.graphqlServer.svcPorts[0].protocol` | Protocol used at the the GraphQL Server | `TCP` | -| `guac.graphqlServer.svcPorts[0].port` | Port the GraphQL Server service listens on | `8080` | -| `guac.graphqlServer.svcPorts[0].targetPort` | Port the GraphQL Server container listens on | `8080` | -| `guac.graphqlServer.nodePortSvcPorts` | NodePort service ports definition | `{}` | -| `guac.graphqlServer.backend` | which backend to use - keyvalue (default) | arango | ent. | `keyvalue` | -| `guac.graphqlServer.debug` | Enable debug mode for graphql server; also enable the UI | `true` | -| `guac.graphqlServer.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | -| `guac.graphqlServer.serviceAccount.create` | - whether to create graphqlServer service account | `true` | -| `guac.graphqlServer.serviceAccount.annotations` | - graphql server service account annotations | `{}` | -| `guac.graphqlServer.service.createNodePortService` | - Whether to deploy a NodePort type service | `false` | -| `guac.graphqlServer.additionalVolumeMounts` | | `[]` | -| `guac.graphqlServer.additionalVolumes` | | `[]` | -| `guac.graphqlServer.tolerations` | | `[]` | -| `guac.graphqlServer.resources` | - [map] resource requests or limits of the graphqlServer deployment | `{}` | -| `guac.restApi.enabled` | String Whether to deploy the restApi | `true` | -| `guac.restApi.name` | String Name of the restApi component. | `rest-api` | -| `guac.restApi.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | -| `guac.restApi.replicas` | Number of replicas for restApi deployment | `1` | -| `guac.restApi.image.command` | Command for the restApi image. It is not recommended to override this. | `["sh","-c","/opt/guac/guacrest"]` | -| `guac.restApi.env` | Environment variables for restApi. | `[]` | -| `guac.restApi.image.ports[0].containerPort` | Port the restApi container listens on | `8081` | -| `guac.restApi.svcPorts[0].protocol` | Protocol used at the the restApi | `TCP` | -| `guac.restApi.svcPorts[0].port` | Port the restApi service listens on | `8081` | -| `guac.restApi.svcPorts[0].targetPort` | Port the restApi container listens on | `8081` | -| `guac.restApi.serviceAccount.create` | - whether to create restApi service account | `true` | -| `guac.restApi.serviceAccount.annotations` | - graphql server service account annotations | `{}` | -| `guac.restApi.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | -| `guac.restApi.tolerations` | | `[]` | -| `guac.restApi.resources` | - [map] resource requests or limits of the restApi deployment | `{}` | -| `guac.visualizer.enabled` | String Whether to deploy the visualizer. | `true` | -| `guac.visualizer.name` | String Name of the visualizer. | `visualizer` | -| `guac.visualizer.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | -| `guac.visualizer.replicas` | Number of replicas for visualizer deployment | `1` | -| `guac.visualizer.image.repository` | Path to the Ingestor image | `ghcr.io/guacsec/guac-visualizer` | -| `guac.visualizer.image.tag` | Tag if using an image tag. Optional | `v0.0.3` | -| `guac.visualizer.image.digest` | Sha256 Image Digest. It is strongly recommended to use this for verification. | `""` | -| `guac.visualizer.image.pullPolicy` | ImagePullPolicy for kubernetes | `IfNotPresent` | -| `guac.visualizer.image.ports[0].containerPort` | Port the visualizer container listens on | `3000` | -| `guac.visualizer.svcPorts[0].protocol` | Protocol used at the visualizer | `TCP` | -| `guac.visualizer.svcPorts[0].port` | Port the visualizer service listens on | `3000` | -| `guac.visualizer.svcPorts[0].targetPort` | Port the visualizer container listens on | `3000` | -| `guac.visualizer.env` | Environment variables for the visualizer. | `[]` | -| `guac.visualizer.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | -| `guac.visualizer.tolerations` | | `[]` | -| `guac.observability.deployServiceMonitor` | Boolean Deploy the service monitor for observability | `false` | -| `guac.sampleData.ingest` | Boolean Whether to ingest sample data after deployment | `false` | -| `guac.sampleData.jobName` | Name of the sample data ingest job | `ingest-guac-data` | -| `guac.sampleData.env` | Environment variables for the sample data ingest job | `[]` | -| `guac.ingress.enabled` | Whether to deploy an Ingress object | `false` | -| `guac.ingress.ingressClassName` | Ingress class name | `undefined` | -| `guac.ingress.webuiHostname` | DNS name for the UI components - e.g. Visualizer, GQL playground | `undefined` | -| `guac.ingress.apiHostname` | DNS name for the GQL API. When specified, GQL API won't be served at webuiHostname | `undefined` | -| `guac.ingress.annotations` | Annotations for the ingress object | `{}` | -| `guac.apiOnlyIngress.enabled` | Whether to deploy an Ingress object to expose API only | `false` | -| `guac.apiOnlyIngress.ingressClassName` | Ingress class name for API only ingress | `undefined` | -| `guac.apiOnlyIngress.apiHostname` | DNS name for the GQL API. | `undefined` | -| `guac.apiOnlyIngress.annotations` | Annotations for the API only ingress object | `{}` | -| `guac.traefikIngressRoute.enabled` | Whether to deploy Traefik IngressRoute object | `false` | -| `guac.backend.ent.db-driver` | database driver to use, one of [postgres | sqlite3 | mysql] or anything supported by sql.DB | `postgres` | -| `guac.backend.ent.db-address` | Full URL of database to connect to | `undefined` | -| `guac.backend.ent.db-migrate` | Wether to automatically run database migrations on start | `true` | -| `guac.backend.ent.db-debug` | Enable debug logging for database queries | `true` | -| `guac.pubSubAddr` | String gocloud connection string for pubsub configured via https://gocloud.dev/howto/pubsub/ | `undefined` | -| `guac.collectorPublishToQueue` | Whether to publish ingestion message to pubsub queue | `true` | -| `guac.blobAddr` | gocloud connection string for blob store configured via https://gocloud.dev/howto/blob/ | `undefined` | -| `guac.additionalResources` | | `{}` | +| Name | Description | Value | +| -------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------- | +| `guac.guacImage.repository` | Path to the GUAC image | `ghcr.io/guacsec/guac` | +| `guac.guacImage.tag` | Tag if using an image tag. Optional | `undefined` | +| `guac.guacImage.digest` | Sha256 Image Digest. It is strongly recommended to use this for verification. | `""` | +| `guac.guacImage.pullPolicy` | ImagePullPolicy for kubernetes | `IfNotPresent` | +| `guac.guacImage.workingDir` | Working Directory for GUAC | `/guac` | +| `guac.common.env` | common environment variables apply to all guac services | `""` | +| `guac.common.tolerations` | common tolerations apply to all guac services | `""` | +| `guac.common.certifier.dayBetweenRescan` | Day(s) to wait before the certifier rescanning - commonly apply to all certifiers. Default 0 means only run once | `0` | +| `guac.common.certifier.batchSize` | sets the batch size for pagination query for the certifier - commonly apply to all certifiers. Default 60000 | `60000` | +| `guac.common.certifier.latency` | sets artificial latency on the certifier - commonly apply to all certifiers. Defaults to empty string (not enabled) but can set m, h, s...etc. | `nil` | +| `guac.configMap.enabled` | Whether to create the guac-cm configMap | `true` | +| `guac.ociCollector.enabled` | String Whether to deploy OCI Collector | `true` | +| `guac.ociCollector.name` | String Name of the OCI Collector component. | `oci-collector` | +| `guac.ociCollector.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | +| `guac.ociCollector.replicas` | Number of replicas for oci collector deployment | `1` | +| `guac.ociCollector.image.command` | Command for the OCI Collector image. It is not recommended to override this. | `["sh","-c","/opt/guac/guaccollect image"]` | +| `guac.ociCollector.env` | Environment variables for OCI Collector. | `[]` | +| `guac.ociCollector.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | +| `guac.ociCollector.tolerations` | | `[]` | +| `guac.ociCollector.serviceAccount.create` | - whether to create OCI Collector service account | `true` | +| `guac.ociCollector.serviceAccount.annotations` | - OCI Collector service account annotations | `{}` | +| `guac.ociCollector.resources` | - [map] resource requests or limits of the ociCollector deployment | `{}` | +| `guac.depsDevCollector.enabled` | String Whether to deploy Deps.Dev Collector | `true` | +| `guac.depsDevCollector.name` | String Name of the Deps.Dev Collector component. | `depsdev-collector` | +| `guac.depsDevCollector.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | +| `guac.depsDevCollector.replicas` | Number of replicas for depsdev collector deployment | `1` | +| `guac.depsDevCollector.image.command` | Command for the Deps.Dev Collector image. It is not recommended to override this. | `["sh","-c","/opt/guac/guaccollect deps_dev"]` | +| `guac.depsDevCollector.env` | Environment variables for Deps.Dev Collector. | `[]` | +| `guac.depsDevCollector.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | +| `guac.depsDevCollector.tolerations` | | `[]` | +| `guac.depsDevCollector.serviceAccount.create` | - whether to create depsDevCollector service account | `true` | +| `guac.depsDevCollector.serviceAccount.annotations` | | `{}` | +| `guac.depsDevCollector.resources` | - [map] resource requests or limits of the depsDevCollector deployment | `{}` | +| `guac.depsDevCollector.depsDevLatency` | - sets artificial latency on the deps.dev collector. Defaults to empty string (not enabled) but can set m, h, s...etc. | `nil` | +| `guac.osvCertifier.enabled` | String Whether to deploy OSV Certifier | `true` | +| `guac.osvCertifier.name` | String Name of the OSV Certifier component. | `osv-certifier` | +| `guac.osvCertifier.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | +| `guac.osvCertifier.replicas` | Number of replicas for OSV Certifier deployment | `1` | +| `guac.osvCertifier.image.command` | Command for the OSV Certifier Collector image. It is not recommended to override this. | `["sh","-c","/opt/guac/guaccollect osv"]` | +| `guac.osvCertifier.env` | Environment variables for OSV Certifier. | `[]` | +| `guac.osvCertifier.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | +| `guac.osvCertifier.tolerations` | | `[]` | +| `guac.osvCertifier.serviceAccount.create` | - whether to create osvCertifier service account | `true` | +| `guac.osvCertifier.serviceAccount.annotations` | - OSV Certifier service account annotations | `{}` | +| `guac.osvCertifier.resources` | - [map] resource requests or limits of the OSV Certifier deployment | `{}` | +| `guac.cdCertifier.enabled` | String Whether to deploy CD Certifier | `true` | +| `guac.cdCertifier.name` | String Name of the CD Certifier component. | `cd-certifier` | +| `guac.cdCertifier.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | +| `guac.cdCertifier.replicas` | Number of replicas for CD Certifier deployment | `1` | +| `guac.cdCertifier.image.command` | Command for the CD Certifier Collector image. It is not recommended to override this. | `["sh","-c","/opt/guac/guaccollect cd"]` | +| `guac.cdCertifier.env` | Environment variables for CD Certifier. | `[]` | +| `guac.cdCertifier.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | +| `guac.cdCertifier.tolerations` | | `[]` | +| `guac.cdCertifier.serviceAccount.create` | - whether to create cdCertifier service account | `true` | +| `guac.cdCertifier.serviceAccount.annotations` | - CD Certifier service account annotations | `{}` | +| `guac.cdCertifier.resources` | - [map] resource requests or limits of the cd Certifier deployment | `{}` | +| `guac.ingestor.enabled` | String Whether to deploy Ingestor | `true` | +| `guac.ingestor.name` | String Name of the ingestor component. | `ingestor` | +| `guac.ingestor.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | +| `guac.ingestor.replicas` | Number of replicas for ingestor deployment | `1` | +| `guac.ingestor.image.command` | Command for the ingestor image. It is not recommended to override this. | `["sh","-c","/opt/guac/guacingest"]` | +| `guac.ingestor.env` | Environment variables for ingestor. | `[]` | +| `guac.ingestor.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | +| `guac.ingestor.serviceAccount.create` | - whether to create ingestor service account | `true` | +| `guac.ingestor.serviceAccount.annotations` | - Ingestor service account annotations | `{}` | +| `guac.ingestor.tolerations` | | `[]` | +| `guac.ingestor.resources` | - [map] resource requests or limits of the ingestor deployment | `{}` | +| `guac.collectSub.enabled` | String Whether to deploy CollectSub | `true` | +| `guac.collectSub.name` | String Name of the CollectSub component. | `collectsub` | +| `guac.collectSub.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | +| `guac.collectSub.replicas` | Number of replicas for CollectSub deployment | `1` | +| `guac.collectSub.image.command` | Command for the CollectSub image. It is not recommended to override this. | `["sh","-c","/opt/guac/guaccsub"]` | +| `guac.collectSub.env` | Environment variables for CollectSub. | `[]` | +| `guac.collectSub.image.ports[0].containerPort` | Port the CollectSub container listens on | `2782` | +| `guac.collectSub.svcPorts[0].protocol` | Protocol used at CollectSub | `TCP` | +| `guac.collectSub.svcPorts[0].port` | Port the CollectSub service listens on | `2782` | +| `guac.collectSub.svcPorts[0].targetPort` | Port the CollectSub container listens on | `2782` | +| `guac.collectSub.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | +| `guac.collectSub.tolerations` | | `[]` | +| `guac.collectSub.serviceAccount.create` | - whether to create collectSub service account | `true` | +| `guac.collectSub.serviceAccount.annotations` | - CollectSub service account annotations | `{}` | +| `guac.collectSub.resources` | - [map] resource requests or limits of the collectSub deployment | `{}` | +| `guac.graphqlServer.enabled` | String Whether to deploy GraphQL Server | `true` | +| `guac.graphqlServer.name` | String Name of the GraphQL Server component. | `graphql-server` | +| `guac.graphqlServer.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | +| `guac.graphqlServer.replicas` | Number of replicas for GraphQL Server deployment | `1` | +| `guac.graphqlServer.image.command` | Command for the GraphQL Server image. It is not recommended to override this. | `["sh","-c","/opt/guac/guacgql"]` | +| `guac.graphqlServer.env` | Environment variables for GraphQL Server. | `[]` | +| `guac.graphqlServer.image.ports[0].containerPort` | Port the GraphQL Server container listens on | `8080` | +| `guac.graphqlServer.svcPorts[0].protocol` | Protocol used at the the GraphQL Server | `TCP` | +| `guac.graphqlServer.svcPorts[0].port` | Port the GraphQL Server service listens on | `8080` | +| `guac.graphqlServer.svcPorts[0].targetPort` | Port the GraphQL Server container listens on | `8080` | +| `guac.graphqlServer.nodePortSvcPorts` | NodePort service ports definition | `{}` | +| `guac.graphqlServer.backend` | which backend to use - keyvalue (default) | arango | ent. | `keyvalue` | +| `guac.graphqlServer.debug` | Enable debug mode for graphql server; also enable the UI | `true` | +| `guac.graphqlServer.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | +| `guac.graphqlServer.serviceAccount.create` | - whether to create graphqlServer service account | `true` | +| `guac.graphqlServer.serviceAccount.annotations` | - graphql server service account annotations | `{}` | +| `guac.graphqlServer.service.createNodePortService` | - Whether to deploy a NodePort type service | `false` | +| `guac.graphqlServer.additionalVolumeMounts` | | `[]` | +| `guac.graphqlServer.additionalVolumes` | | `[]` | +| `guac.graphqlServer.tolerations` | | `[]` | +| `guac.graphqlServer.resources` | - [map] resource requests or limits of the graphqlServer deployment | `{}` | +| `guac.restApi.enabled` | String Whether to deploy the restApi | `true` | +| `guac.restApi.name` | String Name of the restApi component. | `rest-api` | +| `guac.restApi.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | +| `guac.restApi.replicas` | Number of replicas for restApi deployment | `1` | +| `guac.restApi.image.command` | Command for the restApi image. It is not recommended to override this. | `["sh","-c","/opt/guac/guacrest"]` | +| `guac.restApi.env` | Environment variables for restApi. | `[]` | +| `guac.restApi.image.ports[0].containerPort` | Port the restApi container listens on | `8081` | +| `guac.restApi.svcPorts[0].protocol` | Protocol used at the the restApi | `TCP` | +| `guac.restApi.svcPorts[0].port` | Port the restApi service listens on | `8081` | +| `guac.restApi.svcPorts[0].targetPort` | Port the restApi container listens on | `8081` | +| `guac.restApi.serviceAccount.create` | - whether to create restApi service account | `true` | +| `guac.restApi.serviceAccount.annotations` | - graphql server service account annotations | `{}` | +| `guac.restApi.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | +| `guac.restApi.tolerations` | | `[]` | +| `guac.restApi.resources` | - [map] resource requests or limits of the restApi deployment | `{}` | +| `guac.visualizer.enabled` | String Whether to deploy the visualizer. | `true` | +| `guac.visualizer.name` | String Name of the visualizer. | `visualizer` | +| `guac.visualizer.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | +| `guac.visualizer.replicas` | Number of replicas for visualizer deployment | `1` | +| `guac.visualizer.image.repository` | Path to the Ingestor image | `ghcr.io/guacsec/guac-visualizer` | +| `guac.visualizer.image.tag` | Tag if using an image tag. Optional | `v0.0.3` | +| `guac.visualizer.image.digest` | Sha256 Image Digest. It is strongly recommended to use this for verification. | `""` | +| `guac.visualizer.image.pullPolicy` | ImagePullPolicy for kubernetes | `IfNotPresent` | +| `guac.visualizer.image.ports[0].containerPort` | Port the visualizer container listens on | `3000` | +| `guac.visualizer.svcPorts[0].protocol` | Protocol used at the visualizer | `TCP` | +| `guac.visualizer.svcPorts[0].port` | Port the visualizer service listens on | `3000` | +| `guac.visualizer.svcPorts[0].targetPort` | Port the visualizer container listens on | `3000` | +| `guac.visualizer.env` | Environment variables for the visualizer. | `[]` | +| `guac.visualizer.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | +| `guac.visualizer.tolerations` | | `[]` | +| `guac.observability.deployServiceMonitor` | Boolean Deploy the service monitor for observability | `false` | +| `guac.sampleData.ingest` | Boolean Whether to ingest sample data after deployment | `false` | +| `guac.sampleData.jobName` | Name of the sample data ingest job | `ingest-guac-data` | +| `guac.sampleData.env` | Environment variables for the sample data ingest job | `[]` | +| `guac.ingress.enabled` | Whether to deploy an Ingress object | `false` | +| `guac.ingress.ingressClassName` | Ingress class name | `undefined` | +| `guac.ingress.webuiHostname` | DNS name for the UI components - e.g. Visualizer, GQL playground | `undefined` | +| `guac.ingress.apiHostname` | DNS name for the GQL API. When specified, GQL API won't be served at webuiHostname | `undefined` | +| `guac.ingress.annotations` | Annotations for the ingress object | `{}` | +| `guac.apiOnlyIngress.enabled` | Whether to deploy an Ingress object to expose API only | `false` | +| `guac.apiOnlyIngress.ingressClassName` | Ingress class name for API only ingress | `undefined` | +| `guac.apiOnlyIngress.apiHostname` | DNS name for the GQL API. | `undefined` | +| `guac.apiOnlyIngress.annotations` | Annotations for the API only ingress object | `{}` | +| `guac.traefikIngressRoute.enabled` | Whether to deploy Traefik IngressRoute object | `false` | +| `guac.backend.ent.db-driver` | database driver to use, one of [postgres | sqlite3 | mysql] or anything supported by sql.DB | `postgres` | +| `guac.backend.ent.db-address` | Full URL of database to connect to | `undefined` | +| `guac.backend.ent.db-migrate` | Wether to automatically run database migrations on start | `true` | +| `guac.backend.ent.db-debug` | Enable debug logging for database queries | `true` | +| `guac.pubSubAddr` | String gocloud connection string for pubsub configured via https://gocloud.dev/howto/pubsub/ | `undefined` | +| `guac.collectorPublishToQueue` | Whether to publish ingestion message to pubsub queue | `true` | +| `guac.blobAddr` | gocloud connection string for blob store configured via https://gocloud.dev/howto/blob/ | `undefined` | +| `guac.additionalResources` | | `{}` | ### nats diff --git a/charts/guac/schema.json b/charts/guac/schema.json index d9f2051..1d01efc 100644 --- a/charts/guac/schema.json +++ b/charts/guac/schema.json @@ -63,6 +63,17 @@ "type": "string", "description": "Day(s) to wait before the certifier rescanning - commonly apply to all certifiers. Default 0 means only run once", "default": "0" + }, + "batchSize": { + "type": "string", + "description": "sets the batch size for pagination query for the certifier - commonly apply to all certifiers. Default 60000", + "default": "60000" + }, + "latency": { + "type": "object", + "description": "sets artificial latency on the certifier - commonly apply to all certifiers. Defaults to empty string (not enabled) but can set m, h, s...etc.", + "default": null, + "nullable": true } } } @@ -223,6 +234,12 @@ "type": "object", "description": "- [map] resource requests or limits of the depsDevCollector deployment", "default": {} + }, + "depsDevLatency": { + "type": "object", + "description": "- sets artificial latency on the deps.dev collector. Defaults to empty string (not enabled) but can set m, h, s...etc.", + "default": null, + "nullable": true } } }, diff --git a/charts/guac/templates/guac-cm.yaml b/charts/guac/templates/guac-cm.yaml index b7525b6..8dae545 100644 --- a/charts/guac/templates/guac-cm.yaml +++ b/charts/guac/templates/guac-cm.yaml @@ -47,6 +47,13 @@ data: {{- if $.Values.guac.common.certifier.dayBetweenRescan }} last-scan: {{ .Values.guac.common.certifier.dayBetweenRescan }} {{- end }} +{{- if $.Values.guac.common.certifier.batchSize }} + certifier-batch-size: {{ .Values.guac.common.certifier.batchSize }} +{{- end }} +{{- if $.Values.guac.common.certifier.latency }} + certifier-latency: {{ .Values.guac.common.certifier.latency }} +{{- end }} + poll: true interval: 5m # how often to poll graphql-server to discover new packages diff --git a/charts/guac/tests/graphql_ent_backend_test.yaml b/charts/guac/tests/configmap_test.yaml similarity index 67% rename from charts/guac/tests/graphql_ent_backend_test.yaml rename to charts/guac/tests/configmap_test.yaml index 05d4f19..e566519 100644 --- a/charts/guac/tests/graphql_ent_backend_test.yaml +++ b/charts/guac/tests/configmap_test.yaml @@ -8,6 +8,7 @@ tests: - it: configmap should render values: - ./values_ent_backend.yaml + - ./values_common_certifier.yaml asserts: - isKind: of: ConfigMap @@ -26,3 +27,17 @@ tests: # - equal: # path: data["guac.yaml"]["db-migrate"] # value: true + + # - it: should override defaults + # values: + # - ./values_common_certifier.yaml + # asserts: + # - equal: + # path: data.guac\.yaml.last-scan + # value: "5" + # - equal: + # path: data.guac/.yaml.certifier-batch-size + # value: "50000" + # - equal: + # path: data.guac/.yaml.certifier-latency + # value: 5s diff --git a/charts/guac/tests/values_common_certifier.yaml b/charts/guac/tests/values_common_certifier.yaml new file mode 100644 index 0000000..512f9bd --- /dev/null +++ b/charts/guac/tests/values_common_certifier.yaml @@ -0,0 +1,8 @@ +# Copyright Kusari, Inc. and contributors +# Licensed under the MIT license. See LICENSE file in the project root for details. +guac: + common: + certifier: + dayBetweenRescan: "5" + batchSize: "50000" + latency: "5s" \ No newline at end of file diff --git a/charts/guac/values.yaml b/charts/guac/values.yaml index ae7bc69..0b03f0b 100644 --- a/charts/guac/values.yaml +++ b/charts/guac/values.yaml @@ -18,6 +18,8 @@ imagePullSecrets: ## @param guac.common.env [string] common environment variables apply to all guac services ## @param guac.common.tolerations [string] common tolerations apply to all guac services ## @param guac.common.certifier.dayBetweenRescan Day(s) to wait before the certifier rescanning - commonly apply to all certifiers. Default 0 means only run once +## @param guac.common.certifier.batchSize sets the batch size for pagination query for the certifier - commonly apply to all certifiers. Default 60000 +## @param guac.common.certifier.latency [nullable] sets artificial latency on the certifier - commonly apply to all certifiers. Defaults to empty string (not enabled) but can set m, h, s...etc. ## @param guac.configMap.enabled Whether to create the guac-cm configMap ## @param guac.ociCollector.enabled String Whether to deploy OCI Collector ## @param guac.ociCollector.name String Name of the OCI Collector component. @@ -41,6 +43,7 @@ imagePullSecrets: ## @param guac.depsDevCollector.serviceAccount.create - whether to create depsDevCollector service account ## @param guac.depsDevCollector.serviceAccount.annotations ## @param guac.depsDevCollector.resources - [map] resource requests or limits of the depsDevCollector deployment +## @param guac.depsDevCollector.depsDevLatency [nullable] - sets artificial latency on the deps.dev collector. Defaults to empty string (not enabled) but can set m, h, s...etc. ## @param guac.osvCertifier.enabled String Whether to deploy OSV Certifier ## @param guac.osvCertifier.name String Name of the OSV Certifier component. ## @param guac.osvCertifier.annotations.reloader.stakater.com/auto [string] Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) @@ -185,6 +188,8 @@ guac: certifier: dayBetweenRescan: "0" + batchSize: "60000" + latency: configMap: enabled: true @@ -226,6 +231,7 @@ guac: # requests: # cpu: "0.25" # memory: "0.5G" + depsDevLatency: osvCertifier: enabled: true From c09fe4d00b7740cc43447c54a3faf089bf463369 Mon Sep 17 00:00:00 2001 From: Sunny Yip Date: Wed, 31 Jul 2024 13:40:50 -0400 Subject: [PATCH 5/5] fix lints Signed-off-by: Sunny Yip --- charts/guac/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/guac/values.yaml b/charts/guac/values.yaml index 0b03f0b..b47e6a3 100644 --- a/charts/guac/values.yaml +++ b/charts/guac/values.yaml @@ -231,7 +231,7 @@ guac: # requests: # cpu: "0.25" # memory: "0.5G" - depsDevLatency: + depsDevLatency: osvCertifier: enabled: true