share guac image config and use newly released guac image (#34)

Signed-off-by: Sunny Yip <sunny@kusari.dev>
kusaridev · Jul 26, 2023 · bd1e0de · bd1e0de
1 parent 9f53560
commit bd1e0de
Show file tree

Hide file tree

Showing 33 changed files with 370 additions and 360 deletions.
diff --git a/charts/guac/Chart.yaml b/charts/guac/Chart.yaml
@@ -5,12 +5,12 @@ description: A Helm chart for deploying GUAC to Kubernetes
 
 maintainers:
   - name: kusaridev
-    url: https://github.com/kusaridev/guac-helm-charts
+    url: https://github.com/kusaridev/helm-charts
     email: guac-info@kusari.dev
 
 type: application
-version: 0.1.5
-appVersion: "v0.1.0"
+version: 0.2.0
+appVersion: "v0.1.1"
 
 dependencies:
 - name: nats

diff --git a/charts/guac/ci/guac-values.yaml b/charts/guac/ci/guac-values.yaml
@@ -0,0 +1,4 @@
+# Ingest sample data to ensure the test instance is fully functional
+guac:
+  sampleData:
+    ingest: true
diff --git a/charts/guac/templates/collectsub-deployment.yaml b/charts/guac/templates/collectsub-deployment.yaml
@@ -1,5 +1,6 @@
 # Copyright Kusari, Inc. and contributors
 # Licensed under the MIT license. See LICENSE file in the project root for details.
+{{ if .Values.guac.collectSub.enabled }}
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -29,22 +30,22 @@ spec:
     spec:
       containers:
       - name: {{ .Values.guac.collectSub.name }}
-        {{- if .Values.guac.collectSub.image.digest }}
-        image: "{{ .Values.guac.collectSub.image.repository }}@{{ .Values.guac.collectSub.image.digest }}"
+        {{- if .Values.guac.guacImage.digest }}
+        image: "{{ .Values.guac.guacImage.repository }}@{{ .Values.guac.guacImage.digest }}"
         {{- else }}
-        image: "{{ .Values.guac.collectSub.image.repository }}:{{ .Values.guac.collectSub.image.tag | default .Chart.AppVersion}}"
+        image: "{{ .Values.guac.guacImage.repository }}:{{ .Values.guac.guacImage.tag | default .Chart.AppVersion}}"
         {{- end }}
-        imagePullPolicy: "{{ .Values.guac.collectSub.image.pullPolicy }}"
+        imagePullPolicy: "{{ .Values.guac.guacImage.pullPolicy }}"
         command:
 {{ toYaml .Values.guac.collectSub.image.command | indent 10 }}
-        workingDir: {{ .Values.guac.workingDir }}
-{{- if .Values.guac.collectSub.image.ports }}
+        workingDir: {{ .Values.guac.guacImage.workingDir }}
+{{- if .Values.guac.collectSub.ports }}
         ports:
 {{ toYaml .Values.guac.collectSub.image.ports | indent 10 }}
 {{- end }}
         volumeMounts:
           - name: guac-config
-            mountPath: {{ .Values.guac.workingDir }}
+            mountPath: {{ .Values.guac.guacImage.workingDir }}
             readOnly: true
 {{- if .Values.imagePullSecrets }}
       imagePullSecrets:
@@ -53,4 +54,5 @@ spec:
       volumes:
         - name: guac-config
           configMap:
-            name: guac-cm
+            name: guac-cm
+{{- end }}
diff --git a/charts/guac/templates/collectsub-service.yaml b/charts/guac/templates/collectsub-service.yaml
@@ -1,6 +1,7 @@
 # Copyright Kusari, Inc. and contributors
 # Licensed under the MIT license. See LICENSE file in the project root for details.
-{{- if .Values.guac.collectSub.ports }}
+{{ if .Values.guac.collectSub.enabled }}
+{{- if .Values.guac.collectSub.svcPorts }}
 ---
 apiVersion: v1
 kind: Service
@@ -15,7 +16,8 @@ spec:
     app.kubernetes.io/name: {{ .Values.guac.collectSub.name }}
     app.kubernetes.io/component: {{ .Values.guac.collectSub.name }}
   ports:
-  {{- range .Values.guac.collectSub.ports }}
+  {{- range .Values.guac.collectSub.svcPorts }}
     - {{ . | toYaml | indent 6 | trim }}
   {{- end }}
+{{- end }}
 {{- end }}
diff --git a/charts/guac/templates/depsdev-collector-deployment.yaml b/charts/guac/templates/depsdev-collector-deployment.yaml
@@ -1,5 +1,6 @@
 # Copyright Kusari, Inc. and contributors
 # Licensed under the MIT license. See LICENSE file in the project root for details.
+{{ if .Values.guac.depsDevCollector.enabled }}
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -29,22 +30,22 @@ spec:
     spec:
       containers:
       - name: {{ .Values.guac.depsDevCollector.name }}
-        {{- if .Values.guac.depsDevCollector.image.digest }}
-        image: "{{ .Values.guac.depsDevCollector.image.repository }}@{{ .Values.guac.depsDevCollector.image.digest }}"
+        {{- if .Values.guac.guacImage.digest }}
+        image: "{{ .Values.guac.guacImage.repository }}@{{ .Values.guac.guacImage.digest }}"
         {{- else }}
-        image: "{{ .Values.guac.depsDevCollector.image.repository }}:{{ .Values.guac.depsDevCollector.image.tag | default .Chart.AppVersion}}"
+        image: "{{ .Values.guac.guacImage.repository }}:{{ .Values.guac.guacImage.tag | default .Chart.AppVersion}}"
         {{- end }}
-        imagePullPolicy: "{{ .Values.guac.depsDevCollector.image.pullPolicy }}"
+        imagePullPolicy: "{{ .Values.guac.guacImage.pullPolicy }}"
         command:
 {{ toYaml .Values.guac.depsDevCollector.image.command | indent 10 }}
-        workingDir: {{ .Values.guac.workingDir }}
-{{- if .Values.guac.depsDevCollector.image.ports }}
+        workingDir: {{ .Values.guac.guacImage.workingDir }}
+{{- if .Values.guac.depsDevCollector.ports }}
         ports:
 {{ toYaml .Values.guac.depsDevCollector.image.ports | indent 10 }}
 {{- end }}
         volumeMounts:
           - name: guac-config
-            mountPath: {{ .Values.guac.workingDir }}
+            mountPath: {{ .Values.guac.guacImage.workingDir }}
             readOnly: true
 {{- if .Values.imagePullSecrets }}
       imagePullSecrets:
@@ -53,4 +54,5 @@ spec:
       volumes:
         - name: guac-config
           configMap:
-            name: guac-cm
+            name: guac-cm
+{{- end }}
diff --git a/charts/guac/templates/graphql-server-deployment.yaml b/charts/guac/templates/graphql-server-deployment.yaml
@@ -1,5 +1,6 @@
 # Copyright Kusari, Inc. and contributors
 # Licensed under the MIT license. See LICENSE file in the project root for details.
+{{ if .Values.guac.graphqlServer.enabled }}
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -17,34 +18,34 @@ spec:
   replicas:  {{ .Values.guac.graphqlServer.replicas }}
   selector:
     matchLabels:
+      {{- include "guac.selectorLabels" . | nindent 6 }}
       app.kubernetes.io/name: {{ .Values.guac.graphqlServer.name }}
       app.kubernetes.io/component: {{ .Values.guac.graphqlServer.name }}
-      {{- include "guac.selectorLabels" . | nindent 6 }}
   template:
     metadata:
       labels:
+        {{- include "guac.selectorLabels" . | nindent 8 }}
         app.kubernetes.io/name: {{ .Values.guac.graphqlServer.name }}
         app.kubernetes.io/component: {{ .Values.guac.graphqlServer.name }}
-        {{- include "guac.selectorLabels" . | nindent 8 }}
     spec:
       containers:
       - name: {{ .Values.guac.graphqlServer.name }}
-        {{- if .Values.guac.graphqlServer.image.digest }}
-        image: "{{ .Values.guac.graphqlServer.image.repository }}@{{ .Values.guac.graphqlServer.image.digest }}"
+        {{- if .Values.guac.guacImage.digest }}
+        image: "{{ .Values.guac.guacImage.repository }}@{{ .Values.guac.guacImage.digest }}"
         {{- else }}
-        image: "{{ .Values.guac.graphqlServer.image.repository }}:{{ .Values.guac.graphqlServer.image.tag | default .Chart.AppVersion}}"
+        image: "{{ .Values.guac.guacImage.repository }}:{{ .Values.guac.guacImage.tag | default .Chart.AppVersion}}"
         {{- end }}
-        imagePullPolicy: "{{ .Values.guac.graphqlServer.image.pullPolicy }}"
+        imagePullPolicy: "{{ .Values.guac.guacImage.pullPolicy }}"
         command:
 {{ toYaml .Values.guac.graphqlServer.image.command | indent 10 }}
-        workingDir: {{ .Values.guac.workingDir }}
-{{- if .Values.guac.graphqlServer.image.ports }}
+        workingDir: {{ .Values.guac.guacImage.workingDir }}
+{{- if .Values.guac.graphqlServer.ports }}
         ports:
 {{ toYaml .Values.guac.graphqlServer.image.ports | indent 10 }}
 {{- end }}
         volumeMounts:
           - name: guac-config
-            mountPath: {{ .Values.guac.workingDir }}
+            mountPath: {{ .Values.guac.guacImage.workingDir }}
             readOnly: true
 {{- if .Values.imagePullSecrets }}
       imagePullSecrets:
@@ -53,4 +54,5 @@ spec:
       volumes:
         - name: guac-config
           configMap:
-            name: guac-cm
+            name: guac-cm
+{{- end }}
diff --git a/charts/guac/templates/graphql-server-service.yaml b/charts/guac/templates/graphql-server-service.yaml
@@ -1,6 +1,7 @@
 # Copyright Kusari, Inc. and contributors
 # Licensed under the MIT license. See LICENSE file in the project root for details.
-{{- if .Values.guac.graphqlServer.ports }}
+{{ if .Values.guac.graphqlServer.enabled }}
+{{- if .Values.guac.graphqlServer.svcPorts }}
 ---
 apiVersion: v1
 kind: Service
@@ -16,7 +17,8 @@ spec:
     app.kubernetes.io/name: {{ .Values.guac.graphqlServer.name }}
     app.kubernetes.io/component: {{ .Values.guac.graphqlServer.name }}
   ports:
-  {{- range .Values.guac.graphqlServer.ports }}
+  {{- range .Values.guac.graphqlServer.svcPorts }}
     - {{ . | toYaml | indent 6 | trim }}
   {{- end }}
+{{- end }}
 {{- end }}
diff --git a/charts/guac/templates/guac-cm.yaml b/charts/guac/templates/guac-cm.yaml
@@ -12,13 +12,13 @@ data:
     nats-addr: nats://{{ .Release.Name }}-nats.{{ .Release.Namespace }}.svc.cluster.local:4222
 
     # CSub setup
-{{- with (index .Values.guac.collectSub.ports 0) }}
+{{- with (index .Values.guac.collectSub.svcPorts 0) }}
     csub-addr: {{ $.Values.guac.collectSub.name }}.{{ $.Release.Namespace }}.svc.cluster.local:{{ .targetPort }}
     csub-listen-port: {{ .targetPort }}
 {{- end }}
 
     # GQL setup
-{{- with (index .Values.guac.graphqlServer.ports 0) }}
+{{- with (index .Values.guac.graphqlServer.svcPorts 0) }}
     gql-backend: {{ $.Values.guac.graphqlServer.backend }}
     gql-listen-port: {{ .targetPort }}
     gql-debug: {{ $.Values.guac.graphqlServer.debug }}

diff --git a/charts/guac/templates/ingest-guac-data-job.yaml b/charts/guac/templates/ingest-guac-data-job.yaml
@@ -22,18 +22,12 @@ spec:
     spec:
       containers:
       - name: data-ingestor
-        # Use same image as oci-collector for now
-        {{- if .Values.guac.ociCollector.image.digest }}
-        image: "{{ .Values.guac.ociCollector.image.repository }}@{{ .Values.guac.ociCollector.image.digest }}"
-        {{- else }}
-        image: "{{ .Values.guac.ociCollector.image.repository }}:{{ .Values.guac.ociCollector.image.tag | default .Chart.AppVersion}}"
-        {{- end }}
-        imagePullPolicy: "{{ .Values.guac.ociCollector.image.pullPolicy }}"
+        image: "ubuntu:22.04"
         command: ['sh', '-c', '/tmp/guac/ingest-guac-data.sh ingest-data']
         workingDir: {{ .Values.guac.workingDir }}
         volumeMounts:
           - name: guac-config
-            mountPath: {{ .Values.guac.workingDir }}
+            mountPath: {{ .Values.guac.guacImage.workingDir }}
             readOnly: true
           - name: ingest-guac-data
             mountPath: /tmp/guac
@@ -42,10 +36,10 @@ spec:
       - name: data-preper
         image: "ubuntu:22.04"
         command: ['sh', '-c', '/tmp/guac/ingest-guac-data.sh prep-data']
-        workingDir: {{ .Values.guac.workingDir }}
+        workingDir: {{ .Values.guac.guacImage.workingDir }}
         volumeMounts:
           - name: guac-config
-            mountPath: {{ .Values.guac.workingDir }}
+            mountPath: {{ .Values.guac.guacImage.workingDir }}
             readOnly: true
           - name: ingest-guac-data
             mountPath: /tmp/guac
@@ -98,19 +92,23 @@ data:
         ;;
 
     ingest-data)  echo "Ingesting sample data"
-        export GUACSEC_HOME="/workspace"
-        export GUAC_BIN="/cnb/process"
+        export GUACSEC_HOME="/guac"
+
+        apt-get update && apt-get install -y curl
+        curl -L https://github.com/guacsec/guac/releases/latest/download/guacone-linux-amd64 -o /tmp/guacone
+        chmod +x /tmp/guacone
 
         while [ ! -f ${INDICATOR_FILE} ]
         do
             sleep 3
         done
 
         cd ${GUACSEC_HOME}
-        for d in guac-data/some-sboms
+        for d in guac-data/docs
+        # guac-data/some-sboms
         # guac-data/top-dh-sboms guac-data/docs
         do 
-            ${GUAC_BIN}/guacone files ${SHARED_DATA}/${d}
+            time /tmp/guacone collect files ${SHARED_DATA}/${d}
         done
 
         rm ${INDICATOR_FILE}

diff --git a/charts/guac/templates/ingestor-deployment.yaml b/charts/guac/templates/ingestor-deployment.yaml
@@ -1,5 +1,6 @@
 # Copyright Kusari, Inc. and contributors
 # Licensed under the MIT license. See LICENSE file in the project root for details.
+{{ if .Values.guac.ingestor.enabled }}
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -29,22 +30,22 @@ spec:
     spec:
       containers:
       - name: {{ .Values.guac.ingestor.name }}
-        {{- if .Values.guac.ingestor.image.digest }}
-        image: "{{ .Values.guac.ingestor.image.repository }}@{{ .Values.guac.ingestor.image.digest }}"
+        {{- if .Values.guac.guacImage.digest }}
+        image: "{{ .Values.guac.guacImage.repository }}@{{ .Values.guac.guacImage.digest }}"
         {{- else }}
-        image: "{{ .Values.guac.ingestor.image.repository }}:{{ .Values.guac.ingestor.image.tag | default .Chart.AppVersion}}"
+        image: "{{ .Values.guac.guacImage.repository }}:{{ .Values.guac.guacImage.tag | default .Chart.AppVersion}}"
         {{- end }}
-        imagePullPolicy: "{{ .Values.guac.ingestor.image.pullPolicy }}"
+        imagePullPolicy: "{{ .Values.guac.guacImage.pullPolicy }}"
         command:
 {{ toYaml .Values.guac.ingestor.image.command | indent 10 }}
-        workingDir: {{ .Values.guac.workingDir }}
-{{- if .Values.guac.ingestor.image.ports }}
+        workingDir: {{ .Values.guac.guacImage.workingDir }}
+{{- if .Values.guac.ingestor.ports }}
         ports:
 {{ toYaml .Values.guac.ingestor.image.ports | indent 10 }}
 {{- end }}
         volumeMounts:
           - name: guac-config
-            mountPath: {{ .Values.guac.workingDir }}
+            mountPath: {{ .Values.guac.guacImage.workingDir }}
             readOnly: true
 {{- if .Values.imagePullSecrets }}
       imagePullSecrets:
@@ -53,4 +54,5 @@ spec:
       volumes:
         - name: guac-config
           configMap:
-            name: guac-cm
+            name: guac-cm
+{{- end }}
diff --git a/charts/guac/templates/oci-collector-deployment.yaml b/charts/guac/templates/oci-collector-deployment.yaml
@@ -1,5 +1,6 @@
 # Copyright Kusari, Inc. and contributors
 # Licensed under the MIT license. See LICENSE file in the project root for details.
+{{ if .Values.guac.ociCollector.enabled }}
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -29,22 +30,22 @@ spec:
     spec:
       containers:
       - name: {{ .Values.guac.ociCollector.name }}
-        {{- if .Values.guac.ociCollector.image.digest }}
-        image: "{{ .Values.guac.ociCollector.image.repository }}@{{ .Values.guac.ociCollector.image.digest }}"
+        {{- if .Values.guac.guacImage.digest }}
+        image: "{{ .Values.guac.guacImage.repository }}@{{ .Values.guac.guacImage.digest }}"
         {{- else }}
-        image: "{{ .Values.guac.ociCollector.image.repository }}:{{ .Values.guac.ociCollector.image.tag | default .Chart.AppVersion}}"
+        image: "{{ .Values.guac.guacImage.repository }}:{{ .Values.guac.guacImage.tag | default .Chart.AppVersion}}"
         {{- end }}
-        imagePullPolicy: "{{ .Values.guac.ociCollector.image.pullPolicy }}"
+        imagePullPolicy: "{{ .Values.guac.guacImage.pullPolicy }}"
         command:
 {{ toYaml .Values.guac.ociCollector.image.command | indent 10 }}
-        workingDir: {{ .Values.guac.workingDir }}
-{{- if .Values.guac.ociCollector.image.ports }}
+        workingDir: {{ .Values.guac.guacImage.workingDir }}
+{{- if .Values.guac.ociCollector.ports }}
         ports:
 {{ toYaml .Values.guac.ociCollector.image.ports | indent 10 }}
 {{- end }}
         volumeMounts:
           - name: guac-config
-            mountPath: {{ .Values.guac.workingDir }}
+            mountPath: {{ .Values.guac.guacImage.workingDir }}
             readOnly: true
 {{- if .Values.imagePullSecrets }}
       imagePullSecrets:
@@ -53,4 +54,5 @@ spec:
       volumes:
         - name: guac-config
           configMap:
-            name: guac-cm
+            name: guac-cm
+{{- end }}