Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

guac v0.8.0 release #54

Merged
merged 6 commits into from
Jul 30, 2024
Merged

guac v0.8.0 release #54

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
fa17730
bump version to 0.3.1
sunnyyip May 17, 2024
8680898
rebase
sunnyyip Jun 6, 2024
9ff5dde
guac release v0.8.0
sunnyyip Jul 30, 2024
fb2a1d6
Merge branch 'kusaridev:main' into main
sunnyyip Jul 30, 2024
0308468
guac release v0.8.0
sunnyyip Jul 30, 2024
6a3ea1d
make certifier dayBetweenRescan a common variable for all certifiers
sunnyyip Jul 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions charts/guac/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,8 @@ maintainers:
email: [email protected]

type: application
version: 0.4.2
appVersion: "v0.7.2"
version: 0.5.0
appVersion: "v0.8.0"

dependencies:
- name: nats
Expand Down
13 changes: 12 additions & 1 deletion charts/guac/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -132,13 +132,24 @@ This section contains parameters for configuring the different GUAC components.
| `guac.osvCertifier.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` |
| `guac.osvCertifier.replicas` | Number of replicas for OSV Certifier deployment | `1` |
| `guac.osvCertifier.image.command` | Command for the OSV Certifier Collector image. It is not recommended to override this. | `["sh","-c","/opt/guac/guaccollect osv"]` |
| `guac.osvCertifier.env` | Environment variables for OSV Certifier Collector. | `[]` |
| `guac.osvCertifier.env` | Environment variables for OSV Certifier. | `[]` |
| `guac.osvCertifier.nodeSelector` | - sets the node selector for where to run the deployment | `{}` |
| `guac.osvCertifier.tolerations` | | `[]` |
| `guac.osvCertifier.serviceAccount.create` | - whether to create osvCertifier service account | `true` |
| `guac.osvCertifier.serviceAccount.annotations` | - OSV Certifier service account annotations | `{}` |
| `guac.osvCertifier.resources` | - [map] resource requests or limits of the OSV Certifier deployment | `{}` |
| `guac.osvCertifier.dayBetweenRescan` | Day(s) to wait before rescanning for vulnerability. Default 0 means only run once | `0` |
| `guac.cdCertifier.enabled` | String Whether to deploy CD Certifier | `true` |
| `guac.cdCertifier.name` | String Name of the CD Certifier component. | `cd-certifier` |
| `guac.cdCertifier.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` |
| `guac.cdCertifier.replicas` | Number of replicas for CD Certifier deployment | `1` |
| `guac.cdCertifier.image.command` | Command for the CD Certifier Collector image. It is not recommended to override this. | `["sh","-c","/opt/guac/guaccollect cd"]` |
| `guac.cdCertifier.env` | Environment variables for CD Certifier. | `[]` |
| `guac.cdCertifier.nodeSelector` | - sets the node selector for where to run the deployment | `{}` |
| `guac.cdCertifier.tolerations` | | `[]` |
| `guac.cdCertifier.serviceAccount.create` | - whether to create cdCertifier service account | `true` |
| `guac.cdCertifier.serviceAccount.annotations` | - CD Certifier service account annotations | `{}` |
| `guac.cdCertifier.resources` | - [map] resource requests or limits of the cd Certifier deployment | `{}` |
| `guac.ingestor.enabled` | String Whether to deploy Ingestor | `true` |
| `guac.ingestor.name` | String Name of the ingestor component. | `ingestor` |
| `guac.ingestor.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` |
Expand Down
76 changes: 75 additions & 1 deletion charts/guac/schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -253,7 +253,7 @@
},
"env": {
"type": "array",
"description": "Environment variables for OSV Certifier Collector.",
"description": "Environment variables for OSV Certifier.",
"default": [],
"items": {}
},
Expand Down Expand Up @@ -295,6 +295,80 @@
}
}
},
"cdCertifier": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "String Whether to deploy CD Certifier",
"default": true
},
"name": {
"type": "string",
"description": "String Name of the CD Certifier component.",
"default": "cd-certifier"
},
"replicas": {
"type": "number",
"description": "Number of replicas for CD Certifier deployment",
"default": 1
},
"image": {
"type": "object",
"properties": {
"command": {
"type": "array",
"description": "Command for the CD Certifier Collector image. It is not recommended to override this.",
"default": [
"sh",
"-c",
"/opt/guac/guaccollect cd"
],
"items": {
"type": "string"
}
}
}
},
"env": {
"type": "array",
"description": "Environment variables for CD Certifier.",
"default": [],
"items": {}
},
"nodeSelector": {
"type": "object",
"description": "- sets the node selector for where to run the deployment",
"default": {}
},
"tolerations": {
"type": "array",
"description": "",
"default": [],
"items": {}
},
"serviceAccount": {
"type": "object",
"properties": {
"create": {
"type": "boolean",
"description": "- whether to create cdCertifier service account",
"default": true
},
"annotations": {
"type": "object",
"description": "- CD Certifier service account annotations",
"default": {}
}
}
},
"resources": {
"type": "object",
"description": "- [map] resource requests or limits of the cd Certifier deployment",
"default": {}
}
}
},
"ingestor": {
"type": "object",
"properties": {
Expand Down
88 changes: 88 additions & 0 deletions charts/guac/templates/cd-certifier-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
# Copyright Kusari, Inc. and contributors
# Licensed under the MIT license. See LICENSE file in the project root for details.
{{ if .Values.guac.cdCertifier.enabled }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Values.guac.cdCertifier.name }}
{{- if .Values.guac.cdCertifier.annotations }}
annotations:
{{ toYaml .Values.guac.cdCertifier.annotations | indent 4 }}
{{- end }}
labels:
{{- include "guac.labels" . | nindent 4 }}
app.kubernetes.io/name: {{ .Values.guac.cdCertifier.name }}
app.kubernetes.io/component: {{ .Values.guac.cdCertifier.name }}
spec:
replicas: {{ .Values.guac.cdCertifier.replicas }}
selector:
matchLabels:
{{- include "guac.selectorLabels" . | nindent 6 }}
app.kubernetes.io/name: {{ .Values.guac.cdCertifier.name }}
app.kubernetes.io/component: {{ .Values.guac.cdCertifier.name }}
template:
metadata:
labels:
{{- include "guac.selectorLabels" . | nindent 8 }}
app.kubernetes.io/name: {{ .Values.guac.cdCertifier.name }}
app.kubernetes.io/component: {{ .Values.guac.cdCertifier.name }}
spec:
serviceAccountName: {{ .Values.guac.cdCertifier.name }}
containers:
- name: {{ .Values.guac.cdCertifier.name }}
{{- if .Values.guac.guacImage.digest }}
image: "{{ .Values.guac.guacImage.repository }}@{{ .Values.guac.guacImage.digest }}"
{{- else }}
image: "{{ .Values.guac.guacImage.repository }}:{{ .Values.guac.guacImage.tag | default .Chart.AppVersion}}"
{{- end }}
imagePullPolicy: "{{ .Values.guac.guacImage.pullPolicy }}"
command:
{{ toYaml .Values.guac.cdCertifier.image.command | indent 10 }}
workingDir: {{ .Values.guac.guacImage.workingDir }}
{{- if .Values.guac.cdCertifier.ports }}
ports:
{{ toYaml .Values.guac.cdCertifier.image.ports | indent 10 }}
{{- end }}
{{- if .Values.guac.cdCertifier.resources }}
resources: {{- toYaml .Values.guac.cdCertifier.resources | nindent 10 }}
{{- end }}
volumeMounts:
- name: guac-config
mountPath: {{ .Values.guac.guacImage.workingDir }}
readOnly: true

{{- if or .Values.guac.common.env .Values.guac.cdCertifier.env }}
env:
{{- if .Values.guac.common.env }}
{{ toYaml .Values.guac.common.env | indent 10 }}
{{- end }}
{{- if .Values.guac.cdCertifier.env }}
{{ toYaml .Values.guac.cdCertifier.env | indent 10 }}
{{- end }}
{{- end }}

{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | indent 8 }}
{{- end }}
volumes:
- name: guac-config
configMap:
name: guac-cm
{{- if .Values.guac.cdCertifier.nodeSelector }}
nodeSelector:
{{ toYaml .Values.guac.cdCertifier.nodeSelector | indent 8 }}
{{- end }}

{{- if or .Values.guac.common.tolerations .Values.guac.cdCertifier.tolerations }}
tolerations:
{{- if .Values.guac.common.tolerations }}
{{ toYaml .Values.guac.common.tolerations | indent 8 }}
{{- end }}
{{- if .Values.guac.cdCertifier.tolerations }}
{{ toYaml .Values.guac.cdCertifier.tolerations | indent 8 }}
{{- end }}
{{- end }}

{{- end }}
19 changes: 19 additions & 0 deletions charts/guac/templates/cd-certifier-sa.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
# Copyright Kusari, Inc. and contributors
# Licensed under the MIT license. See LICENSE file in the project root for details.
{{ if .Values.guac.cdCertifier.enabled }}
{{ if .Values.guac.cdCertifier.serviceAccount.create }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.guac.cdCertifier.name }}
{{- if .Values.guac.cdCertifier.annotations }}
annotations:
{{ toYaml .Values.guac.cdCertifier.serviceAccount.annotations | indent 4 }}
{{- end }}
labels:
{{- include "guac.labels" . | nindent 4 }}
app.kubernetes.io/name: {{ .Values.guac.cdCertifier.name }}
app.kubernetes.io/component: {{ .Values.guac.cdCertifier.name }}
{{- end }}
{{- end }}
90 changes: 90 additions & 0 deletions charts/guac/tests/cd-certifier_deployment_test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,90 @@
# Copyright Kusari, Inc. and contributors
# Licensed under the MIT license. See LICENSE file in the project root for details.
suite: CD Certifier Deployment tests
templates:
- cd-certifier-deployment.yaml

tests:
- it: deployment should render
asserts:
- isKind:
of: Deployment
- hasDocuments:
count: 1

- it: should run the cdCertifier image
values:
- ./values_digest_and_tag.yaml
asserts:
- equal:
path: spec.template.spec.containers[0].name
value: cd-certifier
- equal:
path: spec.template.spec.containers[0].image
value: ghcr.io/guacsec/guac@sha256:167e823f36e268f66b12a79d4c4b39df23c2f87847817c161b6c6ddbc9ee5c4e

- it: should run the cdCertifier sub command
values:
- ./values_digest_and_tag.yaml
asserts:
- equal:
path: spec.template.spec.containers[0].command[0]
value: "sh"
- equal:
path: spec.template.spec.containers[0].command[1]
value: "-c"
- equal:
path: spec.template.spec.containers[0].command[2]
value: "/opt/guac/guaccollect cd"

- it: should respect spec level parameters
values:
- ./values_digest_and_tag.yaml
asserts:
- equal:
path: spec.replicas
value: 1
- equal:
path: spec.selector.matchLabels["app.kubernetes.io/name"]
value: cd-certifier
- equal:
path: spec.template.metadata.labels["app.kubernetes.io/name"]
value: cd-certifier

- it: should use tag if only tag is specified
values:
- ./values_tag_no_digest.yaml
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: ghcr.io/guacsec/guac:latest

- it: should include tolerations
values:
- ./values_combine.yaml
asserts:
- equal:
path: spec.template.spec.tolerations[0].key
value: "kusari.cloud/common"
- equal:
path: spec.template.spec.tolerations[0].value
value: common
- equal:
path: spec.template.spec.tolerations[0].effect
value: NoSchedule
- equal:
path: spec.template.spec.tolerations[0].operator
value: Equal

- equal:
path: spec.template.spec.tolerations[1].key
value: "kusari.cloud/own"
- equal:
path: spec.template.spec.tolerations[1].value
value: own
- equal:
path: spec.template.spec.tolerations[1].effect
value: NoSchedule
- equal:
path: spec.template.spec.tolerations[1].operator
value: Equal
7 changes: 7 additions & 0 deletions charts/guac/tests/values_combine.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,13 @@ guac:
operator: Equal
value: own

cdCertifier:
tolerations:
- effect: NoSchedule
key: kusari.cloud/own
operator: Equal
value: own

ingestor:
tolerations:
- effect: NoSchedule
Expand Down
3 changes: 3 additions & 0 deletions charts/guac/tests/values_digest_and_tag.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,9 @@ guac:
osvCertifier:
name: osv-certifier

cdCertifier:
name: cd-certifier

graphqlServer:
name: graphql-server

Expand Down
4 changes: 4 additions & 0 deletions charts/guac/tests/values_serviceaccount_all.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,10 @@ guac:
serviceAccount:
create: true

cdCertifier:
serviceAccount:
create: true

ingestor:
serviceAccount:
create: true
Expand Down
4 changes: 4 additions & 0 deletions charts/guac/tests/values_serviceaccount_no.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,10 @@ guac:
serviceAccount:
create: false

cdCertifier:
serviceAccount:
create: false

ingestor:
serviceAccount:
create: false
Expand Down
3 changes: 3 additions & 0 deletions charts/guac/tests/values_tag_no_digest.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,9 @@ guac:
osvCertifier:
name: osv-certifier

cdCertifier:
name: cd-certifier

ingestor:
name: ingestor

Expand Down
Loading
Loading