diff --git a/charts/guac/Chart.yaml b/charts/guac/Chart.yaml index 432cab2..6bd4147 100644 --- a/charts/guac/Chart.yaml +++ b/charts/guac/Chart.yaml @@ -9,8 +9,8 @@ maintainers: email: guac-info@kusari.dev type: application -version: 0.4.1 -appVersion: "v0.7.1" +version: 0.4.2 +appVersion: "v0.7.2" dependencies: - name: nats diff --git a/charts/guac/README.md b/charts/guac/README.md index 3e91482..0495d2e 100644 --- a/charts/guac/README.md +++ b/charts/guac/README.md @@ -95,148 +95,149 @@ kubectl port-forward svc/collectsub 2782:2782 This section contains parameters for configuring the different GUAC components. -| Name | Description | Value | -| -------------------------------------------------------------- | -------------------------------------------------------------------------------------------- | ------------------------------------------------------ | -| `guac.guacImage.repository` | Path to the GUAC image | `ghcr.io/guacsec/guac` | -| `guac.guacImage.tag` | Tag if using an image tag. Optional | `undefined` | -| `guac.guacImage.digest` | Sha256 Image Digest. It is strongly recommended to use this for verification. | `""` | -| `guac.guacImage.pullPolicy` | ImagePullPolicy for kubernetes | `IfNotPresent` | -| `guac.guacImage.workingDir` | Working Directory for GUAC | `/guac` | -| `guac.common.env` | common environment variables apply to all guac services | `""` | -| `guac.common.tolerations` | common tolerations apply to all guac services | `""` | -| `guac.configMap.enabled` | Whether to create the guac-cm configMap | `true` | -| `guac.ociCollector.enabled` | String Whether to deploy OCI Collector | `true` | -| `guac.ociCollector.name` | String Name of the OCI Collector component. | `oci-collector` | -| `guac.ociCollector.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | -| `guac.ociCollector.replicas` | Number of replicas for oci collector deployment | `1` | -| `guac.ociCollector.image.command` | Command for the OCI Collector image. It is not recommended to override this. | `["sh","-c","/opt/guac/guaccollect image"]` | -| `guac.ociCollector.env` | Environment variables for OCI Collector. | `[]` | -| `guac.ociCollector.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | -| `guac.ociCollector.tolerations` | | `[]` | -| `guac.ociCollector.serviceAccount.create` | - whether to create OCI Collector service account | `true` | -| `guac.ociCollector.serviceAccount.annotations` | - OCI Collector service account annotations | `{}` | -| `guac.ociCollector.resources` | - [map] resource requests or limits of the ociCollector deployment | `{}` | -| `guac.depsDevCollector.enabled` | String Whether to deploy Deps.Dev Collector | `true` | -| `guac.depsDevCollector.name` | String Name of the Deps.Dev Collector component. | `depsdev-collector` | -| `guac.depsDevCollector.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | -| `guac.depsDevCollector.replicas` | Number of replicas for depsdev collector deployment | `1` | -| `guac.depsDevCollector.image.command` | Command for the Deps.Dev Collector image. It is not recommended to override this. | `["sh","-c","/opt/guac/guaccollect deps_dev"]` | -| `guac.depsDevCollector.env` | Environment variables for Deps.Dev Collector. | `[]` | -| `guac.depsDevCollector.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | -| `guac.depsDevCollector.tolerations` | | `[]` | -| `guac.depsDevCollector.serviceAccount.create` | - whether to create depsDevCollector service account | `true` | -| `guac.depsDevCollector.serviceAccount.annotations` | | `{}` | -| `guac.depsDevCollector.resources` | - [map] resource requests or limits of the depsDevCollector deployment | `{}` | -| `guac.osvCertifier.enabled` | String Whether to deploy OSV Certifier | `true` | -| `guac.osvCertifier.name` | String Name of the OSV Certifier component. | `osv-certifier` | -| `guac.osvCertifier.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | -| `guac.osvCertifier.replicas` | Number of replicas for OSV Certifier deployment | `1` | -| `guac.osvCertifier.image.command` | Command for the OSV Certifier Collector image. It is not recommended to override this. | `["sh","-c","/opt/guac/guacone certifier osv --poll"]` | -| `guac.osvCertifier.env` | Environment variables for OSV Certifier Collector. | `[]` | -| `guac.osvCertifier.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | -| `guac.osvCertifier.tolerations` | | `[]` | -| `guac.osvCertifier.serviceAccount.create` | - whether to create osvCertifier service account | `true` | -| `guac.osvCertifier.serviceAccount.annotations` | - OSV Certifier service account annotations | `{}` | -| `guac.osvCertifier.resources` | - [map] resource requests or limits of the OSV Certifier deployment | `{}` | -| `guac.ingestor.enabled` | String Whether to deploy Ingestor | `true` | -| `guac.ingestor.name` | String Name of the ingestor component. | `ingestor` | -| `guac.ingestor.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | -| `guac.ingestor.replicas` | Number of replicas for ingestor deployment | `1` | -| `guac.ingestor.image.command` | Command for the ingestor image. It is not recommended to override this. | `["sh","-c","/opt/guac/guacingest"]` | -| `guac.ingestor.env` | Environment variables for ingestor. | `[]` | -| `guac.ingestor.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | -| `guac.ingestor.serviceAccount.create` | - whether to create ingestor service account | `true` | -| `guac.ingestor.serviceAccount.annotations` | - Ingestor service account annotations | `{}` | -| `guac.ingestor.tolerations` | | `[]` | -| `guac.ingestor.resources` | - [map] resource requests or limits of the ingestor deployment | `{}` | -| `guac.collectSub.enabled` | String Whether to deploy CollectSub | `true` | -| `guac.collectSub.name` | String Name of the CollectSub component. | `collectsub` | -| `guac.collectSub.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | -| `guac.collectSub.replicas` | Number of replicas for CollectSub deployment | `1` | -| `guac.collectSub.image.command` | Command for the CollectSub image. It is not recommended to override this. | `["sh","-c","/opt/guac/guaccsub"]` | -| `guac.collectSub.env` | Environment variables for CollectSub. | `[]` | -| `guac.collectSub.image.ports[0].containerPort` | Port the CollectSub container listens on | `2782` | -| `guac.collectSub.svcPorts[0].protocol` | Protocol used at CollectSub | `TCP` | -| `guac.collectSub.svcPorts[0].port` | Port the CollectSub service listens on | `2782` | -| `guac.collectSub.svcPorts[0].targetPort` | Port the CollectSub container listens on | `2782` | -| `guac.collectSub.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | -| `guac.collectSub.tolerations` | | `[]` | -| `guac.collectSub.serviceAccount.create` | - whether to create collectSub service account | `true` | -| `guac.collectSub.serviceAccount.annotations` | - CollectSub service account annotations | `{}` | -| `guac.collectSub.resources` | - [map] resource requests or limits of the collectSub deployment | `{}` | -| `guac.graphqlServer.enabled` | String Whether to deploy GraphQL Server | `true` | -| `guac.graphqlServer.name` | String Name of the GraphQL Server component. | `graphql-server` | -| `guac.graphqlServer.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | -| `guac.graphqlServer.replicas` | Number of replicas for GraphQL Server deployment | `1` | -| `guac.graphqlServer.image.command` | Command for the GraphQL Server image. It is not recommended to override this. | `["sh","-c","/opt/guac/guacgql"]` | -| `guac.graphqlServer.env` | Environment variables for GraphQL Server. | `[]` | -| `guac.graphqlServer.image.ports[0].containerPort` | Port the GraphQL Server container listens on | `8080` | -| `guac.graphqlServer.svcPorts[0].protocol` | Protocol used at the the GraphQL Server | `TCP` | -| `guac.graphqlServer.svcPorts[0].port` | Port the GraphQL Server service listens on | `8080` | -| `guac.graphqlServer.svcPorts[0].targetPort` | Port the GraphQL Server container listens on | `8080` | -| `guac.graphqlServer.nodePortSvcPorts` | NodePort service ports definition | `{}` | -| `guac.graphqlServer.backend` | which backend to use - keyvalue (default) | arango | ent. | `keyvalue` | -| `guac.graphqlServer.debug` | Enable debug mode for graphql server; also enable the UI | `true` | -| `guac.graphqlServer.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | -| `guac.graphqlServer.serviceAccount.create` | - whether to create graphqlServer service account | `true` | -| `guac.graphqlServer.serviceAccount.annotations` | - graphql server service account annotations | `{}` | -| `guac.graphqlServer.service.createNodePortService` | - Whether to deploy a NodePort type service | `false` | -| `guac.graphqlServer.additionalVolumeMounts` | | `[]` | -| `guac.graphqlServer.additionalVolumes` | | `[]` | -| `guac.graphqlServer.tolerations` | | `[]` | -| `guac.graphqlServer.resources` | - [map] resource requests or limits of the graphqlServer deployment | `{}` | -| `guac.restApi.enabled` | String Whether to deploy the restApi | `true` | -| `guac.restApi.name` | String Name of the restApi component. | `rest-api` | -| `guac.restApi.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | -| `guac.restApi.replicas` | Number of replicas for restApi deployment | `1` | -| `guac.restApi.image.command` | Command for the restApi image. It is not recommended to override this. | `["sh","-c","/opt/guac/guacrest"]` | -| `guac.restApi.env` | Environment variables for restApi. | `[]` | -| `guac.restApi.image.ports[0].containerPort` | Port the restApi container listens on | `8081` | -| `guac.restApi.svcPorts[0].protocol` | Protocol used at the the restApi | `TCP` | -| `guac.restApi.svcPorts[0].port` | Port the restApi service listens on | `8081` | -| `guac.restApi.svcPorts[0].targetPort` | Port the restApi container listens on | `8081` | -| `guac.restApi.serviceAccount.create` | - whether to create restApi service account | `true` | -| `guac.restApi.serviceAccount.annotations` | - graphql server service account annotations | `{}` | -| `guac.restApi.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | -| `guac.restApi.tolerations` | | `[]` | -| `guac.restApi.resources` | - [map] resource requests or limits of the restApi deployment | `{}` | -| `guac.visualizer.enabled` | String Whether to deploy the visualizer. | `true` | -| `guac.visualizer.name` | String Name of the visualizer. | `visualizer` | -| `guac.visualizer.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | -| `guac.visualizer.replicas` | Number of replicas for visualizer deployment | `1` | -| `guac.visualizer.image.repository` | Path to the Ingestor image | `ghcr.io/guacsec/guac-visualizer` | -| `guac.visualizer.image.tag` | Tag if using an image tag. Optional | `v0.0.3` | -| `guac.visualizer.image.digest` | Sha256 Image Digest. It is strongly recommended to use this for verification. | `""` | -| `guac.visualizer.image.pullPolicy` | ImagePullPolicy for kubernetes | `IfNotPresent` | -| `guac.visualizer.image.ports[0].containerPort` | Port the visualizer container listens on | `3000` | -| `guac.visualizer.svcPorts[0].protocol` | Protocol used at the visualizer | `TCP` | -| `guac.visualizer.svcPorts[0].port` | Port the visualizer service listens on | `3000` | -| `guac.visualizer.svcPorts[0].targetPort` | Port the visualizer container listens on | `3000` | -| `guac.visualizer.env` | Environment variables for the visualizer. | `[]` | -| `guac.visualizer.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | -| `guac.visualizer.tolerations` | | `[]` | -| `guac.observability.deployServiceMonitor` | Boolean Deploy the service monitor for observability | `false` | -| `guac.sampleData.ingest` | Boolean Whether to ingest sample data after deployment | `false` | -| `guac.sampleData.jobName` | Name of the sample data ingest job | `ingest-guac-data` | -| `guac.sampleData.env` | Environment variables for the sample data ingest job | `[]` | -| `guac.ingress.enabled` | Whether to deploy an Ingress object | `false` | -| `guac.ingress.ingressClassName` | Ingress class name | `undefined` | -| `guac.ingress.webuiHostname` | DNS name for the UI components - e.g. Visualizer, GQL playground | `undefined` | -| `guac.ingress.apiHostname` | DNS name for the GQL API. When specified, GQL API won't be served at webuiHostname | `undefined` | -| `guac.ingress.annotations` | Annotations for the ingress object | `{}` | -| `guac.apiOnlyIngress.enabled` | Whether to deploy an Ingress object to expose API only | `false` | -| `guac.apiOnlyIngress.ingressClassName` | Ingress class name for API only ingress | `undefined` | -| `guac.apiOnlyIngress.apiHostname` | DNS name for the GQL API. | `undefined` | -| `guac.apiOnlyIngress.annotations` | Annotations for the API only ingress object | `{}` | -| `guac.traefikIngressRoute.enabled` | Whether to deploy Traefik IngressRoute object | `false` | -| `guac.backend.ent.db-driver` | database driver to use, one of [postgres | sqlite3 | mysql] or anything supported by sql.DB | `postgres` | -| `guac.backend.ent.db-address` | Full URL of database to connect to | `undefined` | -| `guac.backend.ent.db-migrate` | Wether to automatically run database migrations on start | `true` | -| `guac.backend.ent.db-debug` | Enable debug logging for database queries | `true` | -| `guac.pubSubAddr` | String gocloud connection string for pubsub configured via https://gocloud.dev/howto/pubsub/ | `undefined` | -| `guac.collectorPublishToQueue` | Whether to publish ingestion message to pubsub queue | `true` | -| `guac.blobAddr` | gocloud connection string for blob store configured via https://gocloud.dev/howto/blob/ | `undefined` | -| `guac.additionalResources` | | `{}` | +| Name | Description | Value | +| -------------------------------------------------------------- | -------------------------------------------------------------------------------------------- | ---------------------------------------------- | +| `guac.guacImage.repository` | Path to the GUAC image | `ghcr.io/guacsec/guac` | +| `guac.guacImage.tag` | Tag if using an image tag. Optional | `undefined` | +| `guac.guacImage.digest` | Sha256 Image Digest. It is strongly recommended to use this for verification. | `""` | +| `guac.guacImage.pullPolicy` | ImagePullPolicy for kubernetes | `IfNotPresent` | +| `guac.guacImage.workingDir` | Working Directory for GUAC | `/guac` | +| `guac.common.env` | common environment variables apply to all guac services | `""` | +| `guac.common.tolerations` | common tolerations apply to all guac services | `""` | +| `guac.configMap.enabled` | Whether to create the guac-cm configMap | `true` | +| `guac.ociCollector.enabled` | String Whether to deploy OCI Collector | `true` | +| `guac.ociCollector.name` | String Name of the OCI Collector component. | `oci-collector` | +| `guac.ociCollector.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | +| `guac.ociCollector.replicas` | Number of replicas for oci collector deployment | `1` | +| `guac.ociCollector.image.command` | Command for the OCI Collector image. It is not recommended to override this. | `["sh","-c","/opt/guac/guaccollect image"]` | +| `guac.ociCollector.env` | Environment variables for OCI Collector. | `[]` | +| `guac.ociCollector.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | +| `guac.ociCollector.tolerations` | | `[]` | +| `guac.ociCollector.serviceAccount.create` | - whether to create OCI Collector service account | `true` | +| `guac.ociCollector.serviceAccount.annotations` | - OCI Collector service account annotations | `{}` | +| `guac.ociCollector.resources` | - [map] resource requests or limits of the ociCollector deployment | `{}` | +| `guac.depsDevCollector.enabled` | String Whether to deploy Deps.Dev Collector | `true` | +| `guac.depsDevCollector.name` | String Name of the Deps.Dev Collector component. | `depsdev-collector` | +| `guac.depsDevCollector.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | +| `guac.depsDevCollector.replicas` | Number of replicas for depsdev collector deployment | `1` | +| `guac.depsDevCollector.image.command` | Command for the Deps.Dev Collector image. It is not recommended to override this. | `["sh","-c","/opt/guac/guaccollect deps_dev"]` | +| `guac.depsDevCollector.env` | Environment variables for Deps.Dev Collector. | `[]` | +| `guac.depsDevCollector.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | +| `guac.depsDevCollector.tolerations` | | `[]` | +| `guac.depsDevCollector.serviceAccount.create` | - whether to create depsDevCollector service account | `true` | +| `guac.depsDevCollector.serviceAccount.annotations` | | `{}` | +| `guac.depsDevCollector.resources` | - [map] resource requests or limits of the depsDevCollector deployment | `{}` | +| `guac.osvCertifier.enabled` | String Whether to deploy OSV Certifier | `true` | +| `guac.osvCertifier.name` | String Name of the OSV Certifier component. | `osv-certifier` | +| `guac.osvCertifier.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | +| `guac.osvCertifier.replicas` | Number of replicas for OSV Certifier deployment | `1` | +| `guac.osvCertifier.image.command` | Command for the OSV Certifier Collector image. It is not recommended to override this. | `["sh","-c","/opt/guac/guaccollect osv"]` | +| `guac.osvCertifier.env` | Environment variables for OSV Certifier Collector. | `[]` | +| `guac.osvCertifier.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | +| `guac.osvCertifier.tolerations` | | `[]` | +| `guac.osvCertifier.serviceAccount.create` | - whether to create osvCertifier service account | `true` | +| `guac.osvCertifier.serviceAccount.annotations` | - OSV Certifier service account annotations | `{}` | +| `guac.osvCertifier.resources` | - [map] resource requests or limits of the OSV Certifier deployment | `{}` | +| `guac.osvCertifier.dayBetweenRescan` | Day(s) to wait before rescanning for vulnerability. Default 0 means only run once | `0` | +| `guac.ingestor.enabled` | String Whether to deploy Ingestor | `true` | +| `guac.ingestor.name` | String Name of the ingestor component. | `ingestor` | +| `guac.ingestor.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | +| `guac.ingestor.replicas` | Number of replicas for ingestor deployment | `1` | +| `guac.ingestor.image.command` | Command for the ingestor image. It is not recommended to override this. | `["sh","-c","/opt/guac/guacingest"]` | +| `guac.ingestor.env` | Environment variables for ingestor. | `[]` | +| `guac.ingestor.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | +| `guac.ingestor.serviceAccount.create` | - whether to create ingestor service account | `true` | +| `guac.ingestor.serviceAccount.annotations` | - Ingestor service account annotations | `{}` | +| `guac.ingestor.tolerations` | | `[]` | +| `guac.ingestor.resources` | - [map] resource requests or limits of the ingestor deployment | `{}` | +| `guac.collectSub.enabled` | String Whether to deploy CollectSub | `true` | +| `guac.collectSub.name` | String Name of the CollectSub component. | `collectsub` | +| `guac.collectSub.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | +| `guac.collectSub.replicas` | Number of replicas for CollectSub deployment | `1` | +| `guac.collectSub.image.command` | Command for the CollectSub image. It is not recommended to override this. | `["sh","-c","/opt/guac/guaccsub"]` | +| `guac.collectSub.env` | Environment variables for CollectSub. | `[]` | +| `guac.collectSub.image.ports[0].containerPort` | Port the CollectSub container listens on | `2782` | +| `guac.collectSub.svcPorts[0].protocol` | Protocol used at CollectSub | `TCP` | +| `guac.collectSub.svcPorts[0].port` | Port the CollectSub service listens on | `2782` | +| `guac.collectSub.svcPorts[0].targetPort` | Port the CollectSub container listens on | `2782` | +| `guac.collectSub.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | +| `guac.collectSub.tolerations` | | `[]` | +| `guac.collectSub.serviceAccount.create` | - whether to create collectSub service account | `true` | +| `guac.collectSub.serviceAccount.annotations` | - CollectSub service account annotations | `{}` | +| `guac.collectSub.resources` | - [map] resource requests or limits of the collectSub deployment | `{}` | +| `guac.graphqlServer.enabled` | String Whether to deploy GraphQL Server | `true` | +| `guac.graphqlServer.name` | String Name of the GraphQL Server component. | `graphql-server` | +| `guac.graphqlServer.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | +| `guac.graphqlServer.replicas` | Number of replicas for GraphQL Server deployment | `1` | +| `guac.graphqlServer.image.command` | Command for the GraphQL Server image. It is not recommended to override this. | `["sh","-c","/opt/guac/guacgql"]` | +| `guac.graphqlServer.env` | Environment variables for GraphQL Server. | `[]` | +| `guac.graphqlServer.image.ports[0].containerPort` | Port the GraphQL Server container listens on | `8080` | +| `guac.graphqlServer.svcPorts[0].protocol` | Protocol used at the the GraphQL Server | `TCP` | +| `guac.graphqlServer.svcPorts[0].port` | Port the GraphQL Server service listens on | `8080` | +| `guac.graphqlServer.svcPorts[0].targetPort` | Port the GraphQL Server container listens on | `8080` | +| `guac.graphqlServer.nodePortSvcPorts` | NodePort service ports definition | `{}` | +| `guac.graphqlServer.backend` | which backend to use - keyvalue (default) | arango | ent. | `keyvalue` | +| `guac.graphqlServer.debug` | Enable debug mode for graphql server; also enable the UI | `true` | +| `guac.graphqlServer.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | +| `guac.graphqlServer.serviceAccount.create` | - whether to create graphqlServer service account | `true` | +| `guac.graphqlServer.serviceAccount.annotations` | - graphql server service account annotations | `{}` | +| `guac.graphqlServer.service.createNodePortService` | - Whether to deploy a NodePort type service | `false` | +| `guac.graphqlServer.additionalVolumeMounts` | | `[]` | +| `guac.graphqlServer.additionalVolumes` | | `[]` | +| `guac.graphqlServer.tolerations` | | `[]` | +| `guac.graphqlServer.resources` | - [map] resource requests or limits of the graphqlServer deployment | `{}` | +| `guac.restApi.enabled` | String Whether to deploy the restApi | `true` | +| `guac.restApi.name` | String Name of the restApi component. | `rest-api` | +| `guac.restApi.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | +| `guac.restApi.replicas` | Number of replicas for restApi deployment | `1` | +| `guac.restApi.image.command` | Command for the restApi image. It is not recommended to override this. | `["sh","-c","/opt/guac/guacrest"]` | +| `guac.restApi.env` | Environment variables for restApi. | `[]` | +| `guac.restApi.image.ports[0].containerPort` | Port the restApi container listens on | `8081` | +| `guac.restApi.svcPorts[0].protocol` | Protocol used at the the restApi | `TCP` | +| `guac.restApi.svcPorts[0].port` | Port the restApi service listens on | `8081` | +| `guac.restApi.svcPorts[0].targetPort` | Port the restApi container listens on | `8081` | +| `guac.restApi.serviceAccount.create` | - whether to create restApi service account | `true` | +| `guac.restApi.serviceAccount.annotations` | - graphql server service account annotations | `{}` | +| `guac.restApi.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | +| `guac.restApi.tolerations` | | `[]` | +| `guac.restApi.resources` | - [map] resource requests or limits of the restApi deployment | `{}` | +| `guac.visualizer.enabled` | String Whether to deploy the visualizer. | `true` | +| `guac.visualizer.name` | String Name of the visualizer. | `visualizer` | +| `guac.visualizer.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | +| `guac.visualizer.replicas` | Number of replicas for visualizer deployment | `1` | +| `guac.visualizer.image.repository` | Path to the Ingestor image | `ghcr.io/guacsec/guac-visualizer` | +| `guac.visualizer.image.tag` | Tag if using an image tag. Optional | `v0.0.3` | +| `guac.visualizer.image.digest` | Sha256 Image Digest. It is strongly recommended to use this for verification. | `""` | +| `guac.visualizer.image.pullPolicy` | ImagePullPolicy for kubernetes | `IfNotPresent` | +| `guac.visualizer.image.ports[0].containerPort` | Port the visualizer container listens on | `3000` | +| `guac.visualizer.svcPorts[0].protocol` | Protocol used at the visualizer | `TCP` | +| `guac.visualizer.svcPorts[0].port` | Port the visualizer service listens on | `3000` | +| `guac.visualizer.svcPorts[0].targetPort` | Port the visualizer container listens on | `3000` | +| `guac.visualizer.env` | Environment variables for the visualizer. | `[]` | +| `guac.visualizer.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | +| `guac.visualizer.tolerations` | | `[]` | +| `guac.observability.deployServiceMonitor` | Boolean Deploy the service monitor for observability | `false` | +| `guac.sampleData.ingest` | Boolean Whether to ingest sample data after deployment | `false` | +| `guac.sampleData.jobName` | Name of the sample data ingest job | `ingest-guac-data` | +| `guac.sampleData.env` | Environment variables for the sample data ingest job | `[]` | +| `guac.ingress.enabled` | Whether to deploy an Ingress object | `false` | +| `guac.ingress.ingressClassName` | Ingress class name | `undefined` | +| `guac.ingress.webuiHostname` | DNS name for the UI components - e.g. Visualizer, GQL playground | `undefined` | +| `guac.ingress.apiHostname` | DNS name for the GQL API. When specified, GQL API won't be served at webuiHostname | `undefined` | +| `guac.ingress.annotations` | Annotations for the ingress object | `{}` | +| `guac.apiOnlyIngress.enabled` | Whether to deploy an Ingress object to expose API only | `false` | +| `guac.apiOnlyIngress.ingressClassName` | Ingress class name for API only ingress | `undefined` | +| `guac.apiOnlyIngress.apiHostname` | DNS name for the GQL API. | `undefined` | +| `guac.apiOnlyIngress.annotations` | Annotations for the API only ingress object | `{}` | +| `guac.traefikIngressRoute.enabled` | Whether to deploy Traefik IngressRoute object | `false` | +| `guac.backend.ent.db-driver` | database driver to use, one of [postgres | sqlite3 | mysql] or anything supported by sql.DB | `postgres` | +| `guac.backend.ent.db-address` | Full URL of database to connect to | `undefined` | +| `guac.backend.ent.db-migrate` | Wether to automatically run database migrations on start | `true` | +| `guac.backend.ent.db-debug` | Enable debug logging for database queries | `true` | +| `guac.pubSubAddr` | String gocloud connection string for pubsub configured via https://gocloud.dev/howto/pubsub/ | `undefined` | +| `guac.collectorPublishToQueue` | Whether to publish ingestion message to pubsub queue | `true` | +| `guac.blobAddr` | gocloud connection string for blob store configured via https://gocloud.dev/howto/blob/ | `undefined` | +| `guac.additionalResources` | | `{}` | ### nats diff --git a/charts/guac/schema.json b/charts/guac/schema.json index ce64c76..8b60b61 100644 --- a/charts/guac/schema.json +++ b/charts/guac/schema.json @@ -243,7 +243,7 @@ "default": [ "sh", "-c", - "/opt/guac/guacone certifier osv --poll" + "/opt/guac/guaccollect osv" ], "items": { "type": "string" @@ -287,6 +287,11 @@ "type": "object", "description": "- [map] resource requests or limits of the OSV Certifier deployment", "default": {} + }, + "dayBetweenRescan": { + "type": "number", + "description": "Day(s) to wait before rescanning for vulnerability. Default 0 means only run once", + "default": 0 } } }, diff --git a/charts/guac/templates/guac-cm.yaml b/charts/guac/templates/guac-cm.yaml index 9bc95b7..a9f54e4 100644 --- a/charts/guac/templates/guac-cm.yaml +++ b/charts/guac/templates/guac-cm.yaml @@ -44,12 +44,9 @@ data: use-csub: true # OscCertifier behavior - daysSinceLastScan: 1 # days since the last vulnerability scan was run. 0 means only run once - - - # certifier polling + last-scan: {{ .Values.guac.osvCertifier.dayBetweenRescan }} poll: true - interval: 5m + interval: 5m # how often to poll graphql-server to discover new packages {{ if eq $.Values.guac.graphqlServer.backend "ent" }} # Ent config diff --git a/charts/guac/values.yaml b/charts/guac/values.yaml index 331e614..f1c7795 100644 --- a/charts/guac/values.yaml +++ b/charts/guac/values.yaml @@ -51,6 +51,7 @@ imagePullSecrets: ## @param guac.osvCertifier.serviceAccount.create - whether to create osvCertifier service account ## @param guac.osvCertifier.serviceAccount.annotations - OSV Certifier service account annotations ## @param guac.osvCertifier.resources - [map] resource requests or limits of the OSV Certifier deployment +## @param guac.osvCertifier.dayBetweenRescan Day(s) to wait before rescanning for vulnerability. Default 0 means only run once ## @param guac.ingestor.enabled String Whether to deploy Ingestor ## @param guac.ingestor.name String Name of the ingestor component. ## @param guac.ingestor.annotations.reloader.stakater.com/auto [string] Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) @@ -230,6 +231,7 @@ guac: # requests: # cpu: "0.25" # memory: "0.5G" + dayBetweenRescan: 0 ingestor: enabled: true