From bd1e0deeb79412f73fee77cd5aaf7acf90584750 Mon Sep 17 00:00:00 2001 From: sunnyyip Date: Wed, 26 Jul 2023 11:54:02 -0400 Subject: [PATCH] share guac image config and use newly released guac image (#34) Signed-off-by: Sunny Yip --- charts/guac/Chart.yaml | 6 +- charts/guac/ci/guac-values.yaml | 4 + .../guac/templates/collectsub-deployment.yaml | 18 +-- charts/guac/templates/collectsub-service.yaml | 6 +- .../depsdev-collector-deployment.yaml | 18 +-- .../templates/graphql-server-deployment.yaml | 22 +-- .../templates/graphql-server-service.yaml | 6 +- charts/guac/templates/guac-cm.yaml | 4 +- .../guac/templates/ingest-guac-data-job.yaml | 26 ++-- .../guac/templates/ingestor-deployment.yaml | 18 +-- .../templates/oci-collector-deployment.yaml | 18 +-- .../templates/osv-certifier-deployment.yaml | 18 +-- .../guac/templates/visualizer-deployment.yaml | 20 ++- charts/guac/templates/visualizer-service.yaml | 4 +- .../tests/collectsub_deployment_test.yaml | 14 +- .../guac/tests/collectsub_service_test.yaml | 2 +- .../collectsub_values_digest_and_tag.yaml | 21 --- .../collectsub_values_tag_no_digest.yaml | 21 --- .../depsdev-collector_deployment_test.yaml | 60 ++++++++ .../guac/tests/graphql_deployment_test.yaml | 14 +- charts/guac/tests/graphql_service_test.yaml | 2 +- .../tests/graphql_values_digest_and_tag.yaml | 23 ---- .../tests/graphql_values_tag_no_digest.yaml | 23 ---- .../guac/tests/ingestor_deployment_test.yaml | 14 +- .../tests/ingestor_values_digest_and_tag.yaml | 21 --- .../tests/ingestor_values_tag_no_digest.yaml | 21 --- .../tests/oci_collector_deployment_test.yaml | 14 +- .../oci_collector_values_digest_and_tag.yaml | 21 --- .../oci_collector_values_tag_no_digest.yaml | 21 --- .../tests/osv-certifier_deployment_test.yaml | 60 ++++++++ charts/guac/tests/values_digest_and_tag.yaml | 30 ++++ charts/guac/tests/values_tag_no_digest.yaml | 30 ++++ charts/guac/values.yaml | 130 +++++++----------- 33 files changed, 370 insertions(+), 360 deletions(-) create mode 100644 charts/guac/ci/guac-values.yaml delete mode 100644 charts/guac/tests/collectsub_values_digest_and_tag.yaml delete mode 100644 charts/guac/tests/collectsub_values_tag_no_digest.yaml create mode 100644 charts/guac/tests/depsdev-collector_deployment_test.yaml delete mode 100644 charts/guac/tests/graphql_values_digest_and_tag.yaml delete mode 100644 charts/guac/tests/graphql_values_tag_no_digest.yaml delete mode 100644 charts/guac/tests/ingestor_values_digest_and_tag.yaml delete mode 100644 charts/guac/tests/ingestor_values_tag_no_digest.yaml delete mode 100644 charts/guac/tests/oci_collector_values_digest_and_tag.yaml delete mode 100644 charts/guac/tests/oci_collector_values_tag_no_digest.yaml create mode 100644 charts/guac/tests/osv-certifier_deployment_test.yaml create mode 100644 charts/guac/tests/values_digest_and_tag.yaml create mode 100644 charts/guac/tests/values_tag_no_digest.yaml diff --git a/charts/guac/Chart.yaml b/charts/guac/Chart.yaml index cb773f2..7ae098a 100644 --- a/charts/guac/Chart.yaml +++ b/charts/guac/Chart.yaml @@ -5,12 +5,12 @@ description: A Helm chart for deploying GUAC to Kubernetes maintainers: - name: kusaridev - url: https://github.com/kusaridev/guac-helm-charts + url: https://github.com/kusaridev/helm-charts email: guac-info@kusari.dev type: application -version: 0.1.5 -appVersion: "v0.1.0" +version: 0.2.0 +appVersion: "v0.1.1" dependencies: - name: nats diff --git a/charts/guac/ci/guac-values.yaml b/charts/guac/ci/guac-values.yaml new file mode 100644 index 0000000..83c573a --- /dev/null +++ b/charts/guac/ci/guac-values.yaml @@ -0,0 +1,4 @@ +# Ingest sample data to ensure the test instance is fully functional +guac: + sampleData: + ingest: true diff --git a/charts/guac/templates/collectsub-deployment.yaml b/charts/guac/templates/collectsub-deployment.yaml index c6974e0..4d844f8 100644 --- a/charts/guac/templates/collectsub-deployment.yaml +++ b/charts/guac/templates/collectsub-deployment.yaml @@ -1,5 +1,6 @@ # Copyright Kusari, Inc. and contributors # Licensed under the MIT license. See LICENSE file in the project root for details. +{{ if .Values.guac.collectSub.enabled }} --- apiVersion: apps/v1 kind: Deployment @@ -29,22 +30,22 @@ spec: spec: containers: - name: {{ .Values.guac.collectSub.name }} - {{- if .Values.guac.collectSub.image.digest }} - image: "{{ .Values.guac.collectSub.image.repository }}@{{ .Values.guac.collectSub.image.digest }}" + {{- if .Values.guac.guacImage.digest }} + image: "{{ .Values.guac.guacImage.repository }}@{{ .Values.guac.guacImage.digest }}" {{- else }} - image: "{{ .Values.guac.collectSub.image.repository }}:{{ .Values.guac.collectSub.image.tag | default .Chart.AppVersion}}" + image: "{{ .Values.guac.guacImage.repository }}:{{ .Values.guac.guacImage.tag | default .Chart.AppVersion}}" {{- end }} - imagePullPolicy: "{{ .Values.guac.collectSub.image.pullPolicy }}" + imagePullPolicy: "{{ .Values.guac.guacImage.pullPolicy }}" command: {{ toYaml .Values.guac.collectSub.image.command | indent 10 }} - workingDir: {{ .Values.guac.workingDir }} -{{- if .Values.guac.collectSub.image.ports }} + workingDir: {{ .Values.guac.guacImage.workingDir }} +{{- if .Values.guac.collectSub.ports }} ports: {{ toYaml .Values.guac.collectSub.image.ports | indent 10 }} {{- end }} volumeMounts: - name: guac-config - mountPath: {{ .Values.guac.workingDir }} + mountPath: {{ .Values.guac.guacImage.workingDir }} readOnly: true {{- if .Values.imagePullSecrets }} imagePullSecrets: @@ -53,4 +54,5 @@ spec: volumes: - name: guac-config configMap: - name: guac-cm \ No newline at end of file + name: guac-cm +{{- end }} \ No newline at end of file diff --git a/charts/guac/templates/collectsub-service.yaml b/charts/guac/templates/collectsub-service.yaml index 4888733..5d65944 100644 --- a/charts/guac/templates/collectsub-service.yaml +++ b/charts/guac/templates/collectsub-service.yaml @@ -1,6 +1,7 @@ # Copyright Kusari, Inc. and contributors # Licensed under the MIT license. See LICENSE file in the project root for details. -{{- if .Values.guac.collectSub.ports }} +{{ if .Values.guac.collectSub.enabled }} +{{- if .Values.guac.collectSub.svcPorts }} --- apiVersion: v1 kind: Service @@ -15,7 +16,8 @@ spec: app.kubernetes.io/name: {{ .Values.guac.collectSub.name }} app.kubernetes.io/component: {{ .Values.guac.collectSub.name }} ports: - {{- range .Values.guac.collectSub.ports }} + {{- range .Values.guac.collectSub.svcPorts }} - {{ . | toYaml | indent 6 | trim }} {{- end }} +{{- end }} {{- end }} \ No newline at end of file diff --git a/charts/guac/templates/depsdev-collector-deployment.yaml b/charts/guac/templates/depsdev-collector-deployment.yaml index 95f099f..51798b8 100644 --- a/charts/guac/templates/depsdev-collector-deployment.yaml +++ b/charts/guac/templates/depsdev-collector-deployment.yaml @@ -1,5 +1,6 @@ # Copyright Kusari, Inc. and contributors # Licensed under the MIT license. See LICENSE file in the project root for details. +{{ if .Values.guac.depsDevCollector.enabled }} --- apiVersion: apps/v1 kind: Deployment @@ -29,22 +30,22 @@ spec: spec: containers: - name: {{ .Values.guac.depsDevCollector.name }} - {{- if .Values.guac.depsDevCollector.image.digest }} - image: "{{ .Values.guac.depsDevCollector.image.repository }}@{{ .Values.guac.depsDevCollector.image.digest }}" + {{- if .Values.guac.guacImage.digest }} + image: "{{ .Values.guac.guacImage.repository }}@{{ .Values.guac.guacImage.digest }}" {{- else }} - image: "{{ .Values.guac.depsDevCollector.image.repository }}:{{ .Values.guac.depsDevCollector.image.tag | default .Chart.AppVersion}}" + image: "{{ .Values.guac.guacImage.repository }}:{{ .Values.guac.guacImage.tag | default .Chart.AppVersion}}" {{- end }} - imagePullPolicy: "{{ .Values.guac.depsDevCollector.image.pullPolicy }}" + imagePullPolicy: "{{ .Values.guac.guacImage.pullPolicy }}" command: {{ toYaml .Values.guac.depsDevCollector.image.command | indent 10 }} - workingDir: {{ .Values.guac.workingDir }} -{{- if .Values.guac.depsDevCollector.image.ports }} + workingDir: {{ .Values.guac.guacImage.workingDir }} +{{- if .Values.guac.depsDevCollector.ports }} ports: {{ toYaml .Values.guac.depsDevCollector.image.ports | indent 10 }} {{- end }} volumeMounts: - name: guac-config - mountPath: {{ .Values.guac.workingDir }} + mountPath: {{ .Values.guac.guacImage.workingDir }} readOnly: true {{- if .Values.imagePullSecrets }} imagePullSecrets: @@ -53,4 +54,5 @@ spec: volumes: - name: guac-config configMap: - name: guac-cm \ No newline at end of file + name: guac-cm +{{- end }} \ No newline at end of file diff --git a/charts/guac/templates/graphql-server-deployment.yaml b/charts/guac/templates/graphql-server-deployment.yaml index 1bf24c9..57885b9 100644 --- a/charts/guac/templates/graphql-server-deployment.yaml +++ b/charts/guac/templates/graphql-server-deployment.yaml @@ -1,5 +1,6 @@ # Copyright Kusari, Inc. and contributors # Licensed under the MIT license. See LICENSE file in the project root for details. +{{ if .Values.guac.graphqlServer.enabled }} --- apiVersion: apps/v1 kind: Deployment @@ -17,34 +18,34 @@ spec: replicas: {{ .Values.guac.graphqlServer.replicas }} selector: matchLabels: + {{- include "guac.selectorLabels" . | nindent 6 }} app.kubernetes.io/name: {{ .Values.guac.graphqlServer.name }} app.kubernetes.io/component: {{ .Values.guac.graphqlServer.name }} - {{- include "guac.selectorLabels" . | nindent 6 }} template: metadata: labels: + {{- include "guac.selectorLabels" . | nindent 8 }} app.kubernetes.io/name: {{ .Values.guac.graphqlServer.name }} app.kubernetes.io/component: {{ .Values.guac.graphqlServer.name }} - {{- include "guac.selectorLabels" . | nindent 8 }} spec: containers: - name: {{ .Values.guac.graphqlServer.name }} - {{- if .Values.guac.graphqlServer.image.digest }} - image: "{{ .Values.guac.graphqlServer.image.repository }}@{{ .Values.guac.graphqlServer.image.digest }}" + {{- if .Values.guac.guacImage.digest }} + image: "{{ .Values.guac.guacImage.repository }}@{{ .Values.guac.guacImage.digest }}" {{- else }} - image: "{{ .Values.guac.graphqlServer.image.repository }}:{{ .Values.guac.graphqlServer.image.tag | default .Chart.AppVersion}}" + image: "{{ .Values.guac.guacImage.repository }}:{{ .Values.guac.guacImage.tag | default .Chart.AppVersion}}" {{- end }} - imagePullPolicy: "{{ .Values.guac.graphqlServer.image.pullPolicy }}" + imagePullPolicy: "{{ .Values.guac.guacImage.pullPolicy }}" command: {{ toYaml .Values.guac.graphqlServer.image.command | indent 10 }} - workingDir: {{ .Values.guac.workingDir }} -{{- if .Values.guac.graphqlServer.image.ports }} + workingDir: {{ .Values.guac.guacImage.workingDir }} +{{- if .Values.guac.graphqlServer.ports }} ports: {{ toYaml .Values.guac.graphqlServer.image.ports | indent 10 }} {{- end }} volumeMounts: - name: guac-config - mountPath: {{ .Values.guac.workingDir }} + mountPath: {{ .Values.guac.guacImage.workingDir }} readOnly: true {{- if .Values.imagePullSecrets }} imagePullSecrets: @@ -53,4 +54,5 @@ spec: volumes: - name: guac-config configMap: - name: guac-cm \ No newline at end of file + name: guac-cm +{{- end }} \ No newline at end of file diff --git a/charts/guac/templates/graphql-server-service.yaml b/charts/guac/templates/graphql-server-service.yaml index dbd0999..b5b6dca 100644 --- a/charts/guac/templates/graphql-server-service.yaml +++ b/charts/guac/templates/graphql-server-service.yaml @@ -1,6 +1,7 @@ # Copyright Kusari, Inc. and contributors # Licensed under the MIT license. See LICENSE file in the project root for details. -{{- if .Values.guac.graphqlServer.ports }} +{{ if .Values.guac.graphqlServer.enabled }} +{{- if .Values.guac.graphqlServer.svcPorts }} --- apiVersion: v1 kind: Service @@ -16,7 +17,8 @@ spec: app.kubernetes.io/name: {{ .Values.guac.graphqlServer.name }} app.kubernetes.io/component: {{ .Values.guac.graphqlServer.name }} ports: - {{- range .Values.guac.graphqlServer.ports }} + {{- range .Values.guac.graphqlServer.svcPorts }} - {{ . | toYaml | indent 6 | trim }} {{- end }} +{{- end }} {{- end }} \ No newline at end of file diff --git a/charts/guac/templates/guac-cm.yaml b/charts/guac/templates/guac-cm.yaml index 2bc1e6b..233ded9 100644 --- a/charts/guac/templates/guac-cm.yaml +++ b/charts/guac/templates/guac-cm.yaml @@ -12,13 +12,13 @@ data: nats-addr: nats://{{ .Release.Name }}-nats.{{ .Release.Namespace }}.svc.cluster.local:4222 # CSub setup -{{- with (index .Values.guac.collectSub.ports 0) }} +{{- with (index .Values.guac.collectSub.svcPorts 0) }} csub-addr: {{ $.Values.guac.collectSub.name }}.{{ $.Release.Namespace }}.svc.cluster.local:{{ .targetPort }} csub-listen-port: {{ .targetPort }} {{- end }} # GQL setup -{{- with (index .Values.guac.graphqlServer.ports 0) }} +{{- with (index .Values.guac.graphqlServer.svcPorts 0) }} gql-backend: {{ $.Values.guac.graphqlServer.backend }} gql-listen-port: {{ .targetPort }} gql-debug: {{ $.Values.guac.graphqlServer.debug }} diff --git a/charts/guac/templates/ingest-guac-data-job.yaml b/charts/guac/templates/ingest-guac-data-job.yaml index 258402c..ca0a9d8 100644 --- a/charts/guac/templates/ingest-guac-data-job.yaml +++ b/charts/guac/templates/ingest-guac-data-job.yaml @@ -22,18 +22,12 @@ spec: spec: containers: - name: data-ingestor - # Use same image as oci-collector for now - {{- if .Values.guac.ociCollector.image.digest }} - image: "{{ .Values.guac.ociCollector.image.repository }}@{{ .Values.guac.ociCollector.image.digest }}" - {{- else }} - image: "{{ .Values.guac.ociCollector.image.repository }}:{{ .Values.guac.ociCollector.image.tag | default .Chart.AppVersion}}" - {{- end }} - imagePullPolicy: "{{ .Values.guac.ociCollector.image.pullPolicy }}" + image: "ubuntu:22.04" command: ['sh', '-c', '/tmp/guac/ingest-guac-data.sh ingest-data'] workingDir: {{ .Values.guac.workingDir }} volumeMounts: - name: guac-config - mountPath: {{ .Values.guac.workingDir }} + mountPath: {{ .Values.guac.guacImage.workingDir }} readOnly: true - name: ingest-guac-data mountPath: /tmp/guac @@ -42,10 +36,10 @@ spec: - name: data-preper image: "ubuntu:22.04" command: ['sh', '-c', '/tmp/guac/ingest-guac-data.sh prep-data'] - workingDir: {{ .Values.guac.workingDir }} + workingDir: {{ .Values.guac.guacImage.workingDir }} volumeMounts: - name: guac-config - mountPath: {{ .Values.guac.workingDir }} + mountPath: {{ .Values.guac.guacImage.workingDir }} readOnly: true - name: ingest-guac-data mountPath: /tmp/guac @@ -98,8 +92,11 @@ data: ;; ingest-data) echo "Ingesting sample data" - export GUACSEC_HOME="/workspace" - export GUAC_BIN="/cnb/process" + export GUACSEC_HOME="/guac" + + apt-get update && apt-get install -y curl + curl -L https://github.com/guacsec/guac/releases/latest/download/guacone-linux-amd64 -o /tmp/guacone + chmod +x /tmp/guacone while [ ! -f ${INDICATOR_FILE} ] do @@ -107,10 +104,11 @@ data: done cd ${GUACSEC_HOME} - for d in guac-data/some-sboms + for d in guac-data/docs + # guac-data/some-sboms # guac-data/top-dh-sboms guac-data/docs do - ${GUAC_BIN}/guacone files ${SHARED_DATA}/${d} + time /tmp/guacone collect files ${SHARED_DATA}/${d} done rm ${INDICATOR_FILE} diff --git a/charts/guac/templates/ingestor-deployment.yaml b/charts/guac/templates/ingestor-deployment.yaml index c296f47..c4913d2 100644 --- a/charts/guac/templates/ingestor-deployment.yaml +++ b/charts/guac/templates/ingestor-deployment.yaml @@ -1,5 +1,6 @@ # Copyright Kusari, Inc. and contributors # Licensed under the MIT license. See LICENSE file in the project root for details. +{{ if .Values.guac.ingestor.enabled }} --- apiVersion: apps/v1 kind: Deployment @@ -29,22 +30,22 @@ spec: spec: containers: - name: {{ .Values.guac.ingestor.name }} - {{- if .Values.guac.ingestor.image.digest }} - image: "{{ .Values.guac.ingestor.image.repository }}@{{ .Values.guac.ingestor.image.digest }}" + {{- if .Values.guac.guacImage.digest }} + image: "{{ .Values.guac.guacImage.repository }}@{{ .Values.guac.guacImage.digest }}" {{- else }} - image: "{{ .Values.guac.ingestor.image.repository }}:{{ .Values.guac.ingestor.image.tag | default .Chart.AppVersion}}" + image: "{{ .Values.guac.guacImage.repository }}:{{ .Values.guac.guacImage.tag | default .Chart.AppVersion}}" {{- end }} - imagePullPolicy: "{{ .Values.guac.ingestor.image.pullPolicy }}" + imagePullPolicy: "{{ .Values.guac.guacImage.pullPolicy }}" command: {{ toYaml .Values.guac.ingestor.image.command | indent 10 }} - workingDir: {{ .Values.guac.workingDir }} -{{- if .Values.guac.ingestor.image.ports }} + workingDir: {{ .Values.guac.guacImage.workingDir }} +{{- if .Values.guac.ingestor.ports }} ports: {{ toYaml .Values.guac.ingestor.image.ports | indent 10 }} {{- end }} volumeMounts: - name: guac-config - mountPath: {{ .Values.guac.workingDir }} + mountPath: {{ .Values.guac.guacImage.workingDir }} readOnly: true {{- if .Values.imagePullSecrets }} imagePullSecrets: @@ -53,4 +54,5 @@ spec: volumes: - name: guac-config configMap: - name: guac-cm \ No newline at end of file + name: guac-cm +{{- end }} \ No newline at end of file diff --git a/charts/guac/templates/oci-collector-deployment.yaml b/charts/guac/templates/oci-collector-deployment.yaml index bf2122a..5a5d9bf 100644 --- a/charts/guac/templates/oci-collector-deployment.yaml +++ b/charts/guac/templates/oci-collector-deployment.yaml @@ -1,5 +1,6 @@ # Copyright Kusari, Inc. and contributors # Licensed under the MIT license. See LICENSE file in the project root for details. +{{ if .Values.guac.ociCollector.enabled }} --- apiVersion: apps/v1 kind: Deployment @@ -29,22 +30,22 @@ spec: spec: containers: - name: {{ .Values.guac.ociCollector.name }} - {{- if .Values.guac.ociCollector.image.digest }} - image: "{{ .Values.guac.ociCollector.image.repository }}@{{ .Values.guac.ociCollector.image.digest }}" + {{- if .Values.guac.guacImage.digest }} + image: "{{ .Values.guac.guacImage.repository }}@{{ .Values.guac.guacImage.digest }}" {{- else }} - image: "{{ .Values.guac.ociCollector.image.repository }}:{{ .Values.guac.ociCollector.image.tag | default .Chart.AppVersion}}" + image: "{{ .Values.guac.guacImage.repository }}:{{ .Values.guac.guacImage.tag | default .Chart.AppVersion}}" {{- end }} - imagePullPolicy: "{{ .Values.guac.ociCollector.image.pullPolicy }}" + imagePullPolicy: "{{ .Values.guac.guacImage.pullPolicy }}" command: {{ toYaml .Values.guac.ociCollector.image.command | indent 10 }} - workingDir: {{ .Values.guac.workingDir }} -{{- if .Values.guac.ociCollector.image.ports }} + workingDir: {{ .Values.guac.guacImage.workingDir }} +{{- if .Values.guac.ociCollector.ports }} ports: {{ toYaml .Values.guac.ociCollector.image.ports | indent 10 }} {{- end }} volumeMounts: - name: guac-config - mountPath: {{ .Values.guac.workingDir }} + mountPath: {{ .Values.guac.guacImage.workingDir }} readOnly: true {{- if .Values.imagePullSecrets }} imagePullSecrets: @@ -53,4 +54,5 @@ spec: volumes: - name: guac-config configMap: - name: guac-cm \ No newline at end of file + name: guac-cm +{{- end }} \ No newline at end of file diff --git a/charts/guac/templates/osv-certifier-deployment.yaml b/charts/guac/templates/osv-certifier-deployment.yaml index ea86e25..8577886 100644 --- a/charts/guac/templates/osv-certifier-deployment.yaml +++ b/charts/guac/templates/osv-certifier-deployment.yaml @@ -1,5 +1,6 @@ # Copyright Kusari, Inc. and contributors # Licensed under the MIT license. See LICENSE file in the project root for details. +{{ if .Values.guac.osvCertifier.enabled }} --- apiVersion: apps/v1 kind: Deployment @@ -29,22 +30,22 @@ spec: spec: containers: - name: {{ .Values.guac.osvCertifier.name }} - {{- if .Values.guac.osvCertifier.image.digest }} - image: "{{ .Values.guac.osvCertifier.image.repository }}@{{ .Values.guac.osvCertifier.image.digest }}" + {{- if .Values.guac.guacImage.digest }} + image: "{{ .Values.guac.guacImage.repository }}@{{ .Values.guac.guacImage.digest }}" {{- else }} - image: "{{ .Values.guac.osvCertifier.image.repository }}:{{ .Values.guac.osvCertifier.image.tag | default .Chart.AppVersion}}" + image: "{{ .Values.guac.guacImage.repository }}:{{ .Values.guac.guacImage.tag | default .Chart.AppVersion}}" {{- end }} - imagePullPolicy: "{{ .Values.guac.osvCertifier.image.pullPolicy }}" + imagePullPolicy: "{{ .Values.guac.guacImage.pullPolicy }}" command: {{ toYaml .Values.guac.osvCertifier.image.command | indent 10 }} - workingDir: {{ .Values.guac.workingDir }} -{{- if .Values.guac.osvCertifier.image.ports }} + workingDir: {{ .Values.guac.guacImage.workingDir }} +{{- if .Values.guac.osvCertifier.ports }} ports: {{ toYaml .Values.guac.osvCertifier.image.ports | indent 10 }} {{- end }} volumeMounts: - name: guac-config - mountPath: {{ .Values.guac.workingDir }} + mountPath: {{ .Values.guac.guacImage.workingDir }} readOnly: true {{- if .Values.imagePullSecrets }} imagePullSecrets: @@ -53,4 +54,5 @@ spec: volumes: - name: guac-config configMap: - name: guac-cm \ No newline at end of file + name: guac-cm +{{- end }} \ No newline at end of file diff --git a/charts/guac/templates/visualizer-deployment.yaml b/charts/guac/templates/visualizer-deployment.yaml index c31027e..41d131b 100644 --- a/charts/guac/templates/visualizer-deployment.yaml +++ b/charts/guac/templates/visualizer-deployment.yaml @@ -44,8 +44,26 @@ spec: ports: {{ toYaml .Values.guac.visualizer.image.ports | indent 10 }} {{- end }} + env: + - name: GUAC_GQL_ADDR +{{- with (index .Values.guac.graphqlServer.ports 0) }} + value: http://{{ $.Values.guac.graphqlServer.name }}.{{ $.Release.Namespace }}.svc.cluster.local:{{ .targetPort }}/query +{{- end }} + - name: GUAC_CONFIG_PATH + value: /workspace/guac/guac.yaml + # workingDir: /workspace + # workingDir: /cnb/process {{ .Values.guac.workingDir }} + volumeMounts: + - name: guac-config + # mountPath: {{ .Values.guac.workingDir }} + mountPath: /workspace/guac + readOnly: true {{- if .Values.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.imagePullSecrets | indent 8 }} {{- end }} -{{- end }} + volumes: + - name: guac-config + configMap: + name: guac-cm +{{- end }} \ No newline at end of file diff --git a/charts/guac/templates/visualizer-service.yaml b/charts/guac/templates/visualizer-service.yaml index d15d2f1..6dbdfda 100644 --- a/charts/guac/templates/visualizer-service.yaml +++ b/charts/guac/templates/visualizer-service.yaml @@ -1,7 +1,7 @@ # Copyright Kusari, Inc. and contributors # Licensed under the MIT license. See LICENSE file in the project root for details. {{ if .Values.guac.visualizer.enabled }} -{{- if .Values.guac.visualizer.ports }} +{{- if .Values.guac.visualizer.svcPorts }} --- apiVersion: v1 kind: Service @@ -16,7 +16,7 @@ spec: app.kubernetes.io/name: {{ .Values.guac.visualizer.name }} app.kubernetes.io/component: {{ .Values.guac.visualizer.name }} ports: - {{- range .Values.guac.visualizer.ports }} + {{- range .Values.guac.visualizer.svcPorts }} - {{ . | toYaml | indent 6 | trim }} {{- end }} {{- end }} diff --git a/charts/guac/tests/collectsub_deployment_test.yaml b/charts/guac/tests/collectsub_deployment_test.yaml index 08ead2e..42afd2e 100644 --- a/charts/guac/tests/collectsub_deployment_test.yaml +++ b/charts/guac/tests/collectsub_deployment_test.yaml @@ -14,18 +14,18 @@ tests: - it: should run the collector image values: - - ./collectsub_values_digest_and_tag.yaml + - ./values_digest_and_tag.yaml asserts: - equal: path: spec.template.spec.containers[0].name value: collectsub - equal: path: spec.template.spec.containers[0].image - value: ghcr.io/kusaridev/local-organic-guac@sha256:4ceb73778530d652755777c6e81de6994f7f94e103ee4a3ff55b797e813ac646 + value: ghcr.io/guacsec/guac@sha256:167e823f36e268f66b12a79d4c4b39df23c2f87847817c161b6c6ddbc9ee5c4e - it: should run the collector sub command values: - - ./collectsub_values_digest_and_tag.yaml + - ./values_digest_and_tag.yaml asserts: - equal: path: spec.template.spec.containers[0].command[0] @@ -35,11 +35,11 @@ tests: value: "-c" - equal: path: spec.template.spec.containers[0].command[2] - value: "/cnb/process/guaccsub" + value: "/opt/guac/guaccsub" - it: should respect spec level parameters values: - - ./collectsub_values_digest_and_tag.yaml + - ./values_digest_and_tag.yaml asserts: - equal: path: spec.replicas @@ -53,8 +53,8 @@ tests: - it: should use tag if only tag is specified values: - - ./collectsub_values_tag_no_digest.yaml + - ./values_tag_no_digest.yaml asserts: - equal: path: spec.template.spec.containers[0].image - value: ghcr.io/kusaridev/tagged-guac-image:latest \ No newline at end of file + value: ghcr.io/guacsec/guac:latest \ No newline at end of file diff --git a/charts/guac/tests/collectsub_service_test.yaml b/charts/guac/tests/collectsub_service_test.yaml index cf00b5f..2f958da 100644 --- a/charts/guac/tests/collectsub_service_test.yaml +++ b/charts/guac/tests/collectsub_service_test.yaml @@ -14,7 +14,7 @@ tests: - it: should respect spec level parameters values: - - ./collectsub_values_digest_and_tag.yaml + - ./values_digest_and_tag.yaml asserts: - equal: path: metadata.name diff --git a/charts/guac/tests/collectsub_values_digest_and_tag.yaml b/charts/guac/tests/collectsub_values_digest_and_tag.yaml deleted file mode 100644 index b7c5583..0000000 --- a/charts/guac/tests/collectsub_values_digest_and_tag.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright Kusari, Inc. and contributors -# Licensed under the MIT license. See LICENSE file in the project root for details. -imagePullSecrets: - - name: imagepullsecret - -guac: - workingDir: /guac - - collectSub: - name: collectsub - annotations: - reloader.stakater.com/auto: "true" - replicas: 1 - image: - tag: "this_should_not_be_used" - repository: ghcr.io/kusaridev/local-organic-guac - digest: "sha256:4ceb73778530d652755777c6e81de6994f7f94e103ee4a3ff55b797e813ac646" - ports: - - protocol: TCP - port: 2782 - targetPort: 2782 \ No newline at end of file diff --git a/charts/guac/tests/collectsub_values_tag_no_digest.yaml b/charts/guac/tests/collectsub_values_tag_no_digest.yaml deleted file mode 100644 index 6672382..0000000 --- a/charts/guac/tests/collectsub_values_tag_no_digest.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright Kusari, Inc. and contributors -# Licensed under the MIT license. See LICENSE file in the project root for details. -imagePullSecrets: - - name: imagepullsecret - -guac: - workingDir: /guac - - collectSub: - name: collectsub - annotations: - reloader.stakater.com/auto: "true" - replicas: 1 - image: - repository: ghcr.io/kusaridev/tagged-guac-image - tag: "latest" - digest: - ports: - - protocol: TCP - port: 2782 - targetPort: 2782 \ No newline at end of file diff --git a/charts/guac/tests/depsdev-collector_deployment_test.yaml b/charts/guac/tests/depsdev-collector_deployment_test.yaml new file mode 100644 index 0000000..c048b8b --- /dev/null +++ b/charts/guac/tests/depsdev-collector_deployment_test.yaml @@ -0,0 +1,60 @@ +# Copyright Kusari, Inc. and contributors +# Licensed under the MIT license. See LICENSE file in the project root for details. +suite: DepsDev Collector Deployment tests +templates: + - depsdev-collector-deployment.yaml + +tests: + - it: deployment should render + asserts: + - isKind: + of: Deployment + - hasDocuments: + count: 1 + + - it: should run the depsDevCollector image + values: + - ./values_digest_and_tag.yaml + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: depsdev-collector + - equal: + path: spec.template.spec.containers[0].image + value: ghcr.io/guacsec/guac@sha256:167e823f36e268f66b12a79d4c4b39df23c2f87847817c161b6c6ddbc9ee5c4e + + - it: should run the depsDevCollector sub command + values: + - ./values_digest_and_tag.yaml + asserts: + - equal: + path: spec.template.spec.containers[0].command[0] + value: "sh" + - equal: + path: spec.template.spec.containers[0].command[1] + value: "-c" + - equal: + path: spec.template.spec.containers[0].command[2] + value: "/opt/guac/guaccollect deps_dev" + + - it: should respect spec level parameters + values: + - ./values_digest_and_tag.yaml + asserts: + - equal: + path: spec.replicas + value: 1 + - equal: + path: spec.selector.matchLabels.app\.kubernetes\.io/name + value: depsdev-collector + - equal: + path: spec.template.metadata.labels.app\.kubernetes\.io/name + value: depsdev-collector + + - it: should use tag if only tag is specified + values: + - ./values_tag_no_digest.yaml + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: ghcr.io/guacsec/guac:latest \ No newline at end of file diff --git a/charts/guac/tests/graphql_deployment_test.yaml b/charts/guac/tests/graphql_deployment_test.yaml index 9e2a454..6116199 100644 --- a/charts/guac/tests/graphql_deployment_test.yaml +++ b/charts/guac/tests/graphql_deployment_test.yaml @@ -14,18 +14,18 @@ tests: - it: should run the gql image values: - - ./graphql_values_digest_and_tag.yaml + - ./values_digest_and_tag.yaml asserts: - equal: path: spec.template.spec.containers[0].name value: graphql-server - equal: path: spec.template.spec.containers[0].image - value: ghcr.io/kusaridev/local-organic-guac@sha256:4ceb73778530d652755777c6e81de6994f7f94e103ee4a3ff55b797e813ac646 + value: ghcr.io/guacsec/guac@sha256:167e823f36e268f66b12a79d4c4b39df23c2f87847817c161b6c6ddbc9ee5c4e - it: should run the gql-server command values: - - ./graphql_values_digest_and_tag.yaml + - ./values_digest_and_tag.yaml asserts: - equal: path: spec.template.spec.containers[0].command[0] @@ -35,11 +35,11 @@ tests: value: "-c" - equal: path: spec.template.spec.containers[0].command[2] - value: "/cnb/process/guacgql" + value: "/opt/guac/guacgql" - it: should respect spec level parameters values: - - ./graphql_values_digest_and_tag.yaml + - ./values_digest_and_tag.yaml asserts: - equal: path: spec.replicas @@ -53,8 +53,8 @@ tests: - it: should use tag if only tag is specified values: - - ./graphql_values_tag_no_digest.yaml + - ./values_tag_no_digest.yaml asserts: - equal: path: spec.template.spec.containers[0].image - value: ghcr.io/kusaridev/tagged-guac-image:latest \ No newline at end of file + value: ghcr.io/guacsec/guac:latest \ No newline at end of file diff --git a/charts/guac/tests/graphql_service_test.yaml b/charts/guac/tests/graphql_service_test.yaml index 8c96727..00a452e 100644 --- a/charts/guac/tests/graphql_service_test.yaml +++ b/charts/guac/tests/graphql_service_test.yaml @@ -14,7 +14,7 @@ tests: - it: should respect spec level parameters values: - - ./graphql_values_digest_and_tag.yaml + - ./values_digest_and_tag.yaml asserts: - equal: path: metadata.name diff --git a/charts/guac/tests/graphql_values_digest_and_tag.yaml b/charts/guac/tests/graphql_values_digest_and_tag.yaml deleted file mode 100644 index dab69b0..0000000 --- a/charts/guac/tests/graphql_values_digest_and_tag.yaml +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright Kusari, Inc. and contributors -# Licensed under the MIT license. See LICENSE file in the project root for details. -imagePullSecrets: - - name: imagepullsecret - -guac: - workingDir: /guac - - graphqlServer: - name: graphql-server - annotations: - reloader.stakater.com/auto: "true" - replicas: 1 - image: - repository: ghcr.io/kusaridev/local-organic-guac - tag: "" - digest: "sha256:4ceb73778530d652755777c6e81de6994f7f94e103ee4a3ff55b797e813ac646" - pullPolicy: IfNotPresent - command: ['sh', '-c', '/cnb/process/guacgql'] - ports: - - protocol: TCP - port: 8080 - targetPort: 8080 \ No newline at end of file diff --git a/charts/guac/tests/graphql_values_tag_no_digest.yaml b/charts/guac/tests/graphql_values_tag_no_digest.yaml deleted file mode 100644 index 22c8ef5..0000000 --- a/charts/guac/tests/graphql_values_tag_no_digest.yaml +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright Kusari, Inc. and contributors -# Licensed under the MIT license. See LICENSE file in the project root for details. -imagePullSecrets: - - name: imagepullsecret - -guac: - workingDir: /guac - - graphqlServer: - name: graphql-server - annotations: - reloader.stakater.com/auto: "true" - replicas: 1 - image: - repository: ghcr.io/kusaridev/tagged-guac-image - tag: "latest" - digest: - pullPolicy: IfNotPresent - command: ['sh', '-c', '/cnb/process/guacgql'] - ports: - - protocol: TCP - port: 8080 - targetPort: 8080 \ No newline at end of file diff --git a/charts/guac/tests/ingestor_deployment_test.yaml b/charts/guac/tests/ingestor_deployment_test.yaml index e6a06ea..161ff2d 100644 --- a/charts/guac/tests/ingestor_deployment_test.yaml +++ b/charts/guac/tests/ingestor_deployment_test.yaml @@ -14,18 +14,18 @@ tests: - it: should run the ingestor image values: - - ./ingestor_values_digest_and_tag.yaml + - ./values_digest_and_tag.yaml asserts: - equal: path: spec.template.spec.containers[0].name value: ingestor - equal: path: spec.template.spec.containers[0].image - value: ghcr.io/kusaridev/local-organic-guac@sha256:4ceb73778530d652755777c6e81de6994f7f94e103ee4a3ff55b797e813ac646 + value: ghcr.io/guacsec/guac@sha256:167e823f36e268f66b12a79d4c4b39df23c2f87847817c161b6c6ddbc9ee5c4e - it: should run the collector sub command values: - - ./ingestor_values_digest_and_tag.yaml + - ./values_digest_and_tag.yaml asserts: - equal: path: spec.template.spec.containers[0].command[0] @@ -35,11 +35,11 @@ tests: value: "-c" - equal: path: spec.template.spec.containers[0].command[2] - value: "/cnb/process/guacingest" + value: "/opt/guac/guacingest" - it: should respect spec level parameters values: - - ./ingestor_values_digest_and_tag.yaml + - ./values_digest_and_tag.yaml asserts: - equal: path: spec.replicas @@ -53,8 +53,8 @@ tests: - it: should use tag if only tag is specified values: - - ./ingestor_values_tag_no_digest.yaml + - ./values_tag_no_digest.yaml asserts: - equal: path: spec.template.spec.containers[0].image - value: ghcr.io/kusaridev/tagged-guac-image:latest \ No newline at end of file + value: ghcr.io/guacsec/guac:latest \ No newline at end of file diff --git a/charts/guac/tests/ingestor_values_digest_and_tag.yaml b/charts/guac/tests/ingestor_values_digest_and_tag.yaml deleted file mode 100644 index 285c7d1..0000000 --- a/charts/guac/tests/ingestor_values_digest_and_tag.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright Kusari, Inc. and contributors -# Licensed under the MIT license. See LICENSE file in the project root for details. -imagePullSecrets: - - name: imagepullsecret - -guac: - workingDir: /guac - - ingestor: - name: ingestor - annotations: - reloader.stakater.com/auto: "true" - replicas: 1 - image: - repository: ghcr.io/kusaridev/local-organic-guac - # if not set appVersion field from Chart.yaml is used - tag: "" - # When digest is set to a non-empty value, images will be pulled by digest (regardless of tag value). - digest: "sha256:4ceb73778530d652755777c6e81de6994f7f94e103ee4a3ff55b797e813ac646" - pullPolicy: IfNotPresent - command: ['sh', '-c', '/cnb/process/guacingest'] \ No newline at end of file diff --git a/charts/guac/tests/ingestor_values_tag_no_digest.yaml b/charts/guac/tests/ingestor_values_tag_no_digest.yaml deleted file mode 100644 index bf5f253..0000000 --- a/charts/guac/tests/ingestor_values_tag_no_digest.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright Kusari, Inc. and contributors -# Licensed under the MIT license. See LICENSE file in the project root for details. -imagePullSecrets: - - name: imagepullsecret - -guac: - workingDir: /guac - - ingestor: - name: ingestor - annotations: - reloader.stakater.com/auto: "true" - replicas: 1 - image: - repository: ghcr.io/kusaridev/tagged-guac-image - # if not set appVersion field from Chart.yaml is used - tag: "latest" - # When digest is set to a non-empty value, images will be pulled by digest (regardless of tag value). - digest: - pullPolicy: IfNotPresent - command: ['sh', '-c', '/cnb/process/guacingest'] \ No newline at end of file diff --git a/charts/guac/tests/oci_collector_deployment_test.yaml b/charts/guac/tests/oci_collector_deployment_test.yaml index f1c46c8..32fd2bf 100644 --- a/charts/guac/tests/oci_collector_deployment_test.yaml +++ b/charts/guac/tests/oci_collector_deployment_test.yaml @@ -14,18 +14,18 @@ tests: - it: should run the oci collector image values: - - ./oci_collector_values_digest_and_tag.yaml + - ./values_digest_and_tag.yaml asserts: - equal: path: spec.template.spec.containers[0].name value: oci-collector - equal: path: spec.template.spec.containers[0].image - value: ghcr.io/kusaridev/local-organic-guac@sha256:4ceb73778530d652755777c6e81de6994f7f94e103ee4a3ff55b797e813ac646 + value: ghcr.io/guacsec/guac@sha256:167e823f36e268f66b12a79d4c4b39df23c2f87847817c161b6c6ddbc9ee5c4e - it: should run the collector sub command values: - - ./oci_collector_values_digest_and_tag.yaml + - ./values_digest_and_tag.yaml asserts: - equal: path: spec.template.spec.containers[0].command[0] @@ -35,11 +35,11 @@ tests: value: "-c" - equal: path: spec.template.spec.containers[0].command[2] - value: "/cnb/process/guaccollect image --use-csub" + value: "/opt/guac/guaccollect image" - it: should respect spec level parameters values: - - ./oci_collector_values_digest_and_tag.yaml + - ./values_digest_and_tag.yaml asserts: - equal: path: spec.replicas @@ -53,8 +53,8 @@ tests: - it: should use tag if only tag is specified values: - - ./oci_collector_values_tag_no_digest.yaml + - ./values_tag_no_digest.yaml asserts: - equal: path: spec.template.spec.containers[0].image - value: ghcr.io/kusaridev/tagged-guac-image:latest \ No newline at end of file + value: ghcr.io/guacsec/guac:latest \ No newline at end of file diff --git a/charts/guac/tests/oci_collector_values_digest_and_tag.yaml b/charts/guac/tests/oci_collector_values_digest_and_tag.yaml deleted file mode 100644 index 062390c..0000000 --- a/charts/guac/tests/oci_collector_values_digest_and_tag.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright Kusari, Inc. and contributors -# Licensed under the MIT license. See LICENSE file in the project root for details. -imagePullSecrets: - - name: imagepullsecret - -guac: - workingDir: /guac - - ociCollector: - name: oci-collector - annotations: - reloader.stakater.com/auto: "true" - replicas: 1 - image: - repository: ghcr.io/kusaridev/local-organic-guac - # if not set appVersion field from Chart.yaml is used - tag: "" - # When digest is set to a non-empty value, images will be pulled by digest (regardless of tag value). - digest: "sha256:4ceb73778530d652755777c6e81de6994f7f94e103ee4a3ff55b797e813ac646" - pullPolicy: IfNotPresent - command: ['sh', '-c', '/cnb/process/guaccollect image --use-csub'] \ No newline at end of file diff --git a/charts/guac/tests/oci_collector_values_tag_no_digest.yaml b/charts/guac/tests/oci_collector_values_tag_no_digest.yaml deleted file mode 100644 index 2646a06..0000000 --- a/charts/guac/tests/oci_collector_values_tag_no_digest.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright Kusari, Inc. and contributors -# Licensed under the MIT license. See LICENSE file in the project root for details. -imagePullSecrets: - - name: imagepullsecret - -guac: - workingDir: /guac - - ociCollector: - name: oci-collector - annotations: - reloader.stakater.com/auto: "true" - replicas: 1 - image: - repository: ghcr.io/kusaridev/tagged-guac-image - # if not set appVersion field from Chart.yaml is used - tag: "latest" - # When digest is set to a non-empty value, images will be pulled by digest (regardless of tag value). - digest: - pullPolicy: IfNotPresent - command: ['sh', '-c', '/cnb/process/guaccollect image --use-csub'] \ No newline at end of file diff --git a/charts/guac/tests/osv-certifier_deployment_test.yaml b/charts/guac/tests/osv-certifier_deployment_test.yaml new file mode 100644 index 0000000..6823b2c --- /dev/null +++ b/charts/guac/tests/osv-certifier_deployment_test.yaml @@ -0,0 +1,60 @@ +# Copyright Kusari, Inc. and contributors +# Licensed under the MIT license. See LICENSE file in the project root for details. +suite: OSV Certifier Deployment tests +templates: + - osv-certifier-deployment.yaml + +tests: + - it: deployment should render + asserts: + - isKind: + of: Deployment + - hasDocuments: + count: 1 + + - it: should run the osvCertifier image + values: + - ./values_digest_and_tag.yaml + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: osv-certifier + - equal: + path: spec.template.spec.containers[0].image + value: ghcr.io/guacsec/guac@sha256:167e823f36e268f66b12a79d4c4b39df23c2f87847817c161b6c6ddbc9ee5c4e + + - it: should run the osvCertifier sub command + values: + - ./values_digest_and_tag.yaml + asserts: + - equal: + path: spec.template.spec.containers[0].command[0] + value: "sh" + - equal: + path: spec.template.spec.containers[0].command[1] + value: "-c" + - equal: + path: spec.template.spec.containers[0].command[2] + value: "/opt/guac/guacone certifier osv --poll" + + - it: should respect spec level parameters + values: + - ./values_digest_and_tag.yaml + asserts: + - equal: + path: spec.replicas + value: 1 + - equal: + path: spec.selector.matchLabels.app\.kubernetes\.io/name + value: osv-certifier + - equal: + path: spec.template.metadata.labels.app\.kubernetes\.io/name + value: osv-certifier + + - it: should use tag if only tag is specified + values: + - ./values_tag_no_digest.yaml + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: ghcr.io/guacsec/guac:latest \ No newline at end of file diff --git a/charts/guac/tests/values_digest_and_tag.yaml b/charts/guac/tests/values_digest_and_tag.yaml new file mode 100644 index 0000000..e433589 --- /dev/null +++ b/charts/guac/tests/values_digest_and_tag.yaml @@ -0,0 +1,30 @@ +# Copyright Kusari, Inc. and contributors +# Licensed under the MIT license. See LICENSE file in the project root for details. +imagePullSecrets: + - name: imagepullsecret + +guac: + guacImage: + repository: ghcr.io/guacsec/guac + tag: "latest" + digest: "sha256:167e823f36e268f66b12a79d4c4b39df23c2f87847817c161b6c6ddbc9ee5c4e" + workingDir: /guac + + + ociCollector: + name: oci-collector + + depsDevCollector: + name: depsdev-collector + + collectSub: + name: collectsub + + osvCertifier: + name: osv-certifier + + graphqlServer: + name: graphql-server + + ingestor: + name: ingestor \ No newline at end of file diff --git a/charts/guac/tests/values_tag_no_digest.yaml b/charts/guac/tests/values_tag_no_digest.yaml new file mode 100644 index 0000000..d64f583 --- /dev/null +++ b/charts/guac/tests/values_tag_no_digest.yaml @@ -0,0 +1,30 @@ +# Copyright Kusari, Inc. and contributors +# Licensed under the MIT license. See LICENSE file in the project root for details. +imagePullSecrets: + - name: imagepullsecret + +guac: + + guacImage: + repository: ghcr.io/guacsec/guac + tag: "latest" + digest: "" + workingDir: /guac + + ociCollector: + name: oci-collector + + depsDevCollector: + name: depsdev-collector + + osvCertifier: + name: osv-certifier + + ingestor: + name: ingestor + + collectSub: + name: collectsub + + graphqlServer: + name: graphql-server \ No newline at end of file diff --git a/charts/guac/values.yaml b/charts/guac/values.yaml index d300f1f..3da5539 100644 --- a/charts/guac/values.yaml +++ b/charts/guac/values.yaml @@ -2,7 +2,6 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. - ## @section Global parameters ## @param imagePullSecrets[0].name Docker registry secret name for pulling images imagePullSecrets: @@ -11,61 +10,43 @@ imagePullSecrets: ## @section Guac ## @descriptionStart This section contains parameters for configuring the different GUAC components. ## @descriptionEnd -## @param guac.workingDir Working Directory for GUAC +## @param guac.guacImage.repository Path to the GUAC image +## @param guac.guacImage.tag [nullable] Tag if using an image tag. Optional +## @param guac.guacImage.digest [string] Sha256 Image Digest. It is strongly recommended to use this for verification. +## @param guac.guacImage.pullPolicy ImagePullPolicy for kubernetes +## @param guac.guacImage.workingDir Working Directory for GUAC ## @param guac.ociCollector.name String Name of the OCI Collector component. ## @param guac.ociCollector.annotations.reloader.stakater.com/auto [string] Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) ## @param guac.ociCollector.replicas Number of replicas for oci collector deployment -## @param guac.ociCollector.image.repository Path to the OCI Collector image -## @param guac.ociCollector.image.tag [nullable] Tag if using an image tag. Optional -## @param guac.ociCollector.image.digest [string] Sha256 Image Digest. It is strongly recommended to use this for verification. -## @param guac.ociCollector.image.pullPolicy ImagePullPolicy for kubernetes ## @param guac.ociCollector.image.command Command for the OCI Collector image. It is not recommended to override this. ## @param guac.depsDevCollector.name String Name of the Deps.Dev Collector component. ## @param guac.depsDevCollector.annotations.reloader.stakater.com/auto [string] Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) ## @param guac.depsDevCollector.replicas Number of replicas for depsdev collector deployment -## @param guac.depsDevCollector.image.repository Path to the Deps.Dev Collector image -## @param guac.depsDevCollector.image.tag [nullable] Tag if using an image tag. Optional -## @param guac.depsDevCollector.image.digest [string] Sha256 Image Digest. It is strongly recommended to use this for verification. -## @param guac.depsDevCollector.image.pullPolicy ImagePullPolicy for kubernetes ## @param guac.depsDevCollector.image.command Command for the Deps.Dev Collector image. It is not recommended to override this. ## @param guac.osvCertifier.name String Name of the OSV Certifier component. ## @param guac.osvCertifier.annotations.reloader.stakater.com/auto [string] Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) ## @param guac.osvCertifier.replicas Number of replicas for OSV Certifier deployment -## @param guac.osvCertifier.image.repository Path to the OSV Certifier Collector image -## @param guac.osvCertifier.image.tag [nullable] Tag if using an image tag. Optional -## @param guac.osvCertifier.image.digest [string] Sha256 Image Digest. It is strongly recommended to use this for verification. -## @param guac.osvCertifier.image.pullPolicy ImagePullPolicy for kubernetes ## @param guac.osvCertifier.image.command Command for the OSV Certifier Collector image. It is not recommended to override this. ## @param guac.ingestor.name String Name of the ingestor component. ## @param guac.ingestor.annotations.reloader.stakater.com/auto [string] Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) ## @param guac.ingestor.replicas Number of replicas for ingestor deployment -## @param guac.ingestor.image.repository Path to the Ingestor image -## @param guac.ingestor.image.tag [nullable] Tag if using an image tag. Optional -## @param guac.ingestor.image.digest [string] Sha256 Image Digest. It is strongly recommended to use this for verification. -## @param guac.ingestor.image.pullPolicy ImagePullPolicy for kubernetes ## @param guac.ingestor.image.command Command for the ingestor image. It is not recommended to override this. ## @param guac.collectSub.name String Name of the Collector Sub component. ## @param guac.collectSub.annotations.reloader.stakater.com/auto [string] Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) ## @param guac.collectSub.replicas Number of replicas for Collector Sub deployment -## @param guac.collectSub.image.repository Path to the Collector Sub image -## @param guac.collectSub.image.tag [nullable] Tag if using an image tag. Optional -## @param guac.collectSub.image.digest [string] Sha256 Image Digest. It is strongly recommended to use this for verification. -## @param guac.collectSub.image.pullPolicy ImagePullPolicy for kubernetes ## @param guac.collectSub.image.command Command for the Collector Sub image. It is not recommended to override this. -## @param guac.collectSub.ports[0].protocol Protocol used at Collector Sub -## @param guac.collectSub.ports[0].port Port the Collector Sub service listens on -## @param guac.collectSub.ports[0].targetPort Port the Collector Sub container listens on +## @param guac.collectSub.image.ports[0].containerPort Port the Collector Sub container listens on +## @param guac.collectSub.svcPorts[0].protocol Protocol used at Collector Sub +## @param guac.collectSub.svcPorts[0].port Port the Collector Sub service listens on +## @param guac.collectSub.svcPorts[0].targetPort Port the Collector Sub container listens on ## @param guac.graphqlServer.name String Name of the GraphQL Server component. ## @param guac.graphqlServer.annotations.reloader.stakater.com/auto [string] Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) ## @param guac.graphqlServer.replicas Number of replicas for GraphQL Server deployment -## @param guac.graphqlServer.image.repository Path to the GraphQL Server image -## @param guac.graphqlServer.image.tag [nullable] Tag if using an image tag. Optional -## @param guac.graphqlServer.image.digest [string] Sha256 Image Digest. It is strongly recommended to use this for verification. -## @param guac.graphqlServer.image.pullPolicy ImagePullPolicy for kubernetes ## @param guac.graphqlServer.image.command Command for the GraphQL Server image. It is not recommended to override this. -## @param guac.graphqlServer.ports[0].protocol Protocol used at the the GraphQL Server -## @param guac.graphqlServer.ports[0].port Port the GraphQL Server service listens on -## @param guac.graphqlServer.ports[0].targetPort Port the GraphQL Server container listens on +## @param guac.graphqlServer.image.ports[0].containerPort Port the GraphQL Server container listens on +## @param guac.graphqlServer.svcPorts[0].protocol Protocol used at the the GraphQL Server +## @param guac.graphqlServer.svcPorts[0].port Port the GraphQL Server service listens on +## @param guac.graphqlServer.svcPorts[0].targetPort Port the GraphQL Server container listens on ## @param guac.graphqlServer.backend which backend to use - only support inmem at the moment. ## @param guac.graphqlServer.debug Enable debug mode for graphql server; also enable the UI ## @param guac.visualizer.enabled String Whether to deploy the visualizer. @@ -76,103 +57,86 @@ imagePullSecrets: ## @param guac.visualizer.image.tag [nullable] Tag if using an image tag. Optional ## @param guac.visualizer.image.digest [string] Sha256 Image Digest. It is strongly recommended to use this for verification. ## @param guac.visualizer.image.pullPolicy ImagePullPolicy for kubernetes -## @param guac.visualizer.ports[0].protocol Protocol used at the visualizer -## @param guac.visualizer.ports[0].port Port the visualizer service listens on -## @param guac.visualizer.ports[0].targetPort Port the visualizer container listens on +## @param guac.visualizer.image.ports[0].containerPort Port the visualizer container listens on +## @param guac.visualizer.svcPorts[0].protocol Protocol used at the visualizer +## @param guac.visualizer.svcPorts[0].port Port the visualizer service listens on +## @param guac.visualizer.svcPorts[0].targetPort Port the visualizer container listens on ## @param guac.observability.deployServiceMonitor Boolean Deploy the service monitor for observability -## @param guac.sampleData.ingest Boolean - set to true to ingest sample data after deployment +## @param guac.sampleData.ingest Boolean - whether to ingest sample data after deployment ## @param guac.sampleData.jobName Name of the sample data ingest job guac: - workingDir: /workspace + + guacImage: + repository: ghcr.io/guacsec/guac + # if not set appVersion field from Chart.yaml is used + tag: v0.1.1 + # When digest is set to a non-empty value, images will be pulled by digest (regardless of tag value). + digest: "" + pullPolicy: IfNotPresent + workingDir: /guac ociCollector: + enabled: true name: oci-collector annotations: reloader.stakater.com/auto: "true" replicas: 1 image: - repository: ghcr.io/guacsec/guac - # if not set appVersion field from Chart.yaml is used - tag: "" - # When digest is set to a non-empty value, images will be pulled by digest (regardless of tag value). - digest: "" - pullPolicy: IfNotPresent - command: ['sh', '-c', '/cnb/process/guaccollect image'] + command: ['sh', '-c', '/opt/guac/guaccollect image'] depsDevCollector: + enabled: true name: depsdev-collector annotations: reloader.stakater.com/auto: "true" replicas: 1 image: - repository: ghcr.io/guacsec/guac - # if not set appVersion field from Chart.yaml is used - tag: "" - # When digest is set to a non-empty value, images will be pulled by digest (regardless of tag value). - digest: "" - pullPolicy: IfNotPresent - command: ['sh', '-c', '/cnb/process/guaccollect deps_dev'] + command: ['sh', '-c', '/opt/guac/guaccollect deps_dev'] osvCertifier: + enabled: true name: osv-certifier annotations: reloader.stakater.com/auto: "true" replicas: 1 image: - repository: ghcr.io/guacsec/guac - # if not set appVersion field from Chart.yaml is used - tag: "" - # When digest is set to a non-empty value, images will be pulled by digest (regardless of tag value). - digest: "" - pullPolicy: IfNotPresent - command: ['sh', '-c', '/cnb/process/guacone certifier osv --poll'] + command: ['sh', '-c', '/opt/guac/guacone certifier osv --poll'] ingestor: + enabled: true name: ingestor annotations: reloader.stakater.com/auto: "true" replicas: 1 image: - repository: ghcr.io/guacsec/guac - # if not set appVersion field from Chart.yaml is used - tag: "" - # When digest is set to a non-empty value, images will be pulled by digest (regardless of tag value). - digest: "" - pullPolicy: IfNotPresent - command: ['sh', '-c', '/cnb/process/guacingest'] + command: ['sh', '-c', '/opt/guac/guacingest'] collectSub: + enabled: true name: collectsub annotations: reloader.stakater.com/auto: "true" replicas: 1 image: - repository: ghcr.io/guacsec/guac - # if not set appVersion field from Chart.yaml is used - tag: "" - # When digest is set to a non-empty value, images will be pulled by digest (regardless of tag value). - digest: "" - pullPolicy: IfNotPresent - command: ['sh', '-c', '/cnb/process/guaccsub'] - ports: + command: ['sh', '-c', '/opt/guac/guaccsub'] + ports: + - containerPort: 2782 + svcPorts: - protocol: TCP port: 2782 targetPort: 2782 graphqlServer: + enabled: true name: graphql-server annotations: reloader.stakater.com/auto: "true" replicas: 1 image: - repository: ghcr.io/guacsec/guac - # if not set appVersion field from Chart.yaml is used - tag: "" - # When digest is set to a non-empty value, images will be pulled by digest (regardless of tag value). - digest: "" - pullPolicy: IfNotPresent - command: ['sh', '-c', '/cnb/process/guacgql'] - ports: + command: ['sh', '-c', '/opt/guac/guacgql'] + ports: + - containerPort: 8080 + svcPorts: - protocol: TCP port: 8080 targetPort: 8080 @@ -192,7 +156,9 @@ guac: # When digest is set to a non-empty value, images will be pulled by digest (regardless of tag value). digest: "sha256:b0f5e881f1255f6d585e2b0eb65faf0acf6dd1f7006bf32b562496cc1cdb7664" # cluster-local pullPolicy: IfNotPresent - ports: + ports: + - containerPort: 3000 + svcPorts: - protocol: TCP port: 3000 targetPort: 3000