Skip to content

Commit

Permalink
guac v0.8.0 release (#54)
Browse files Browse the repository at this point in the history 
* bump version to 0.3.1

Signed-off-by: Sunny Yip <sunny@kusari.dev>

* guac release v0.8.0

Signed-off-by: Sunny Yip <sunny@kusari.dev>

* make certifier dayBetweenRescan a common variable for all certifiers

Signed-off-by: Sunny Yip <sunny@kusari.dev>

---------

Signed-off-by: Sunny Yip <sunny@kusari.dev>
  • Loading branch information
@sunnyyip
sunnyyip authored Jul 30, 2024
1 parent 015e9c4 commit a43f0f1
Show file tree
Hide file tree
Showing 13 changed files with 497 additions and 154 deletions.
4 changes: 2 additions & 2 deletions charts/guac/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,8 @@ maintainers:
email: guac-info@kusari.dev

type: application
version: 0.4.2
appVersion: "v0.7.2"
version: 0.5.0
appVersion: "v0.8.0"

dependencies:
- name: nats
Expand Down
297 changes: 154 additions & 143 deletions charts/guac/README.md
View file

Large diffs are not rendered by default.

87 changes: 83 additions & 4 deletions charts/guac/schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,16 @@
"type": "string",
"description": "common tolerations apply to all guac services",
"default": "\"\""
},
"certifier": {
"type": "object",
"properties": {
"dayBetweenRescan": {
"type": "string",
"description": "Day(s) to wait before the certifier rescanning - commonly apply to all certifiers. Default 0 means only run once",
"default": "0"
}
}
}
}
},
Expand Down Expand Up @@ -253,7 +263,7 @@
},
"env": {
"type": "array",
"description": "Environment variables for OSV Certifier Collector.",
"description": "Environment variables for OSV Certifier.",
"default": [],
"items": {}
},
Expand Down Expand Up @@ -287,11 +297,80 @@
"type": "object",
"description": "- [map] resource requests or limits of the OSV Certifier deployment",
"default": {}
}
}
},
"cdCertifier": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "String Whether to deploy CD Certifier",
"default": true
},
"name": {
"type": "string",
"description": "String Name of the CD Certifier component.",
"default": "cd-certifier"
},
"dayBetweenRescan": {
"replicas": {
"type": "number",
"description": "Day(s) to wait before rescanning for vulnerability. Default 0 means only run once",
"default": 0
"description": "Number of replicas for CD Certifier deployment",
"default": 1
},
"image": {
"type": "object",
"properties": {
"command": {
"type": "array",
"description": "Command for the CD Certifier Collector image. It is not recommended to override this.",
"default": [
"sh",
"-c",
"/opt/guac/guaccollect cd"
],
"items": {
"type": "string"
}
}
}
},
"env": {
"type": "array",
"description": "Environment variables for CD Certifier.",
"default": [],
"items": {}
},
"nodeSelector": {
"type": "object",
"description": "- sets the node selector for where to run the deployment",
"default": {}
},
"tolerations": {
"type": "array",
"description": "",
"default": [],
"items": {}
},
"serviceAccount": {
"type": "object",
"properties": {
"create": {
"type": "boolean",
"description": "- whether to create cdCertifier service account",
"default": true
},
"annotations": {
"type": "object",
"description": "- CD Certifier service account annotations",
"default": {}
}
}
},
"resources": {
"type": "object",
"description": "- [map] resource requests or limits of the cd Certifier deployment",
"default": {}
}
}
},
Expand Down
88 changes: 88 additions & 0 deletions charts/guac/templates/cd-certifier-deployment.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
# Copyright Kusari, Inc. and contributors
# Licensed under the MIT license. See LICENSE file in the project root for details.
{{ if .Values.guac.cdCertifier.enabled }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Values.guac.cdCertifier.name }}
{{- if .Values.guac.cdCertifier.annotations }}
annotations:
{{ toYaml .Values.guac.cdCertifier.annotations | indent 4 }}
{{- end }}
labels:
{{- include "guac.labels" . | nindent 4 }}
app.kubernetes.io/name: {{ .Values.guac.cdCertifier.name }}
app.kubernetes.io/component: {{ .Values.guac.cdCertifier.name }}
spec:
replicas: {{ .Values.guac.cdCertifier.replicas }}
selector:
matchLabels:
{{- include "guac.selectorLabels" . | nindent 6 }}
app.kubernetes.io/name: {{ .Values.guac.cdCertifier.name }}
app.kubernetes.io/component: {{ .Values.guac.cdCertifier.name }}
template:
metadata:
labels:
{{- include "guac.selectorLabels" . | nindent 8 }}
app.kubernetes.io/name: {{ .Values.guac.cdCertifier.name }}
app.kubernetes.io/component: {{ .Values.guac.cdCertifier.name }}
spec:
serviceAccountName: {{ .Values.guac.cdCertifier.name }}
containers:
- name: {{ .Values.guac.cdCertifier.name }}
{{- if .Values.guac.guacImage.digest }}
image: "{{ .Values.guac.guacImage.repository }}@{{ .Values.guac.guacImage.digest }}"
{{- else }}
image: "{{ .Values.guac.guacImage.repository }}:{{ .Values.guac.guacImage.tag | default .Chart.AppVersion}}"
{{- end }}
imagePullPolicy: "{{ .Values.guac.guacImage.pullPolicy }}"
command:
{{ toYaml .Values.guac.cdCertifier.image.command | indent 10 }}
workingDir: {{ .Values.guac.guacImage.workingDir }}
{{- if .Values.guac.cdCertifier.ports }}
ports:
{{ toYaml .Values.guac.cdCertifier.image.ports | indent 10 }}
{{- end }}
{{- if .Values.guac.cdCertifier.resources }}
resources: {{- toYaml .Values.guac.cdCertifier.resources | nindent 10 }}
{{- end }}
volumeMounts:
- name: guac-config
mountPath: {{ .Values.guac.guacImage.workingDir }}
readOnly: true

{{- if or .Values.guac.common.env .Values.guac.cdCertifier.env }}
env:
{{- if .Values.guac.common.env }}
{{ toYaml .Values.guac.common.env | indent 10 }}
{{- end }}
{{- if .Values.guac.cdCertifier.env }}
{{ toYaml .Values.guac.cdCertifier.env | indent 10 }}
{{- end }}
{{- end }}

{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | indent 8 }}
{{- end }}
volumes:
- name: guac-config
configMap:
name: guac-cm
{{- if .Values.guac.cdCertifier.nodeSelector }}
nodeSelector:
{{ toYaml .Values.guac.cdCertifier.nodeSelector | indent 8 }}
{{- end }}

{{- if or .Values.guac.common.tolerations .Values.guac.cdCertifier.tolerations }}
tolerations:
{{- if .Values.guac.common.tolerations }}
{{ toYaml .Values.guac.common.tolerations | indent 8 }}
{{- end }}
{{- if .Values.guac.cdCertifier.tolerations }}
{{ toYaml .Values.guac.cdCertifier.tolerations | indent 8 }}
{{- end }}
{{- end }}

{{- end }}
19 changes: 19 additions & 0 deletions charts/guac/templates/cd-certifier-sa.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
# Copyright Kusari, Inc. and contributors
# Licensed under the MIT license. See LICENSE file in the project root for details.
{{ if .Values.guac.cdCertifier.enabled }}
{{ if .Values.guac.cdCertifier.serviceAccount.create }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.guac.cdCertifier.name }}
{{- if .Values.guac.cdCertifier.annotations }}
annotations:
{{ toYaml .Values.guac.cdCertifier.serviceAccount.annotations | indent 4 }}
{{- end }}
labels:
{{- include "guac.labels" . | nindent 4 }}
app.kubernetes.io/name: {{ .Values.guac.cdCertifier.name }}
app.kubernetes.io/component: {{ .Values.guac.cdCertifier.name }}
{{- end }}
{{- end }}
6 changes: 4 additions & 2 deletions charts/guac/templates/guac-cm.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,8 +43,10 @@ data:
service-poll: true
use-csub: true

# OscCertifier behavior
last-scan: {{ .Values.guac.osvCertifier.dayBetweenRescan }}
# Certifier behavior - i.e. OSV and CD
{{- if $.Values.guac.common.certifier.dayBetweenRescan }}
last-scan: {{ .Values.guac.common.certifier.dayBetweenRescan }}
{{- end }}
poll: true
interval: 5m # how often to poll graphql-server to discover new packages

Expand Down
90 changes: 90 additions & 0 deletions charts/guac/tests/cd-certifier_deployment_test.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,90 @@
# Copyright Kusari, Inc. and contributors
# Licensed under the MIT license. See LICENSE file in the project root for details.
suite: CD Certifier Deployment tests
templates:
- cd-certifier-deployment.yaml

tests:
- it: deployment should render
asserts:
- isKind:
of: Deployment
- hasDocuments:
count: 1

- it: should run the cdCertifier image
values:
- ./values_digest_and_tag.yaml
asserts:
- equal:
path: spec.template.spec.containers[0].name
value: cd-certifier
- equal:
path: spec.template.spec.containers[0].image
value: ghcr.io/guacsec/guac@sha256:167e823f36e268f66b12a79d4c4b39df23c2f87847817c161b6c6ddbc9ee5c4e

- it: should run the cdCertifier sub command
values:
- ./values_digest_and_tag.yaml
asserts:
- equal:
path: spec.template.spec.containers[0].command[0]
value: "sh"
- equal:
path: spec.template.spec.containers[0].command[1]
value: "-c"
- equal:
path: spec.template.spec.containers[0].command[2]
value: "/opt/guac/guaccollect cd"

- it: should respect spec level parameters
values:
- ./values_digest_and_tag.yaml
asserts:
- equal:
path: spec.replicas
value: 1
- equal:
path: spec.selector.matchLabels["app.kubernetes.io/name"]
value: cd-certifier
- equal:
path: spec.template.metadata.labels["app.kubernetes.io/name"]
value: cd-certifier

- it: should use tag if only tag is specified
values:
- ./values_tag_no_digest.yaml
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: ghcr.io/guacsec/guac:latest

- it: should include tolerations
values:
- ./values_combine.yaml
asserts:
- equal:
path: spec.template.spec.tolerations[0].key
value: "kusari.cloud/common"
- equal:
path: spec.template.spec.tolerations[0].value
value: common
- equal:
path: spec.template.spec.tolerations[0].effect
value: NoSchedule
- equal:
path: spec.template.spec.tolerations[0].operator
value: Equal

- equal:
path: spec.template.spec.tolerations[1].key
value: "kusari.cloud/own"
- equal:
path: spec.template.spec.tolerations[1].value
value: own
- equal:
path: spec.template.spec.tolerations[1].effect
value: NoSchedule
- equal:
path: spec.template.spec.tolerations[1].operator
value: Equal
7 changes: 7 additions & 0 deletions charts/guac/tests/values_combine.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,13 @@ guac:
operator: Equal
value: own

cdCertifier:
tolerations:
- effect: NoSchedule
key: kusari.cloud/own
operator: Equal
value: own

ingestor:
tolerations:
- effect: NoSchedule
Expand Down
3 changes: 3 additions & 0 deletions charts/guac/tests/values_digest_and_tag.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,9 @@ guac:
osvCertifier:
name: osv-certifier

cdCertifier:
name: cd-certifier

graphqlServer:
name: graphql-server

Expand Down
4 changes: 4 additions & 0 deletions charts/guac/tests/values_serviceaccount_all.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,10 @@ guac:
serviceAccount:
create: true

cdCertifier:
serviceAccount:
create: true

ingestor:
serviceAccount:
create: true
Expand Down
4 changes: 4 additions & 0 deletions charts/guac/tests/values_serviceaccount_no.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,10 @@ guac:
serviceAccount:
create: false

cdCertifier:
serviceAccount:
create: false

ingestor:
serviceAccount:
create: false
Expand Down
3 changes: 3 additions & 0 deletions charts/guac/tests/values_tag_no_digest.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,9 @@ guac:
osvCertifier:
name: osv-certifier

cdCertifier:
name: cd-certifier

ingestor:
name: ingestor

Expand Down
Loading

0 comments on commit a43f0f1

Please sign in to comment.