From 91d813809c592484c1f0a0056342f331bff9c56e Mon Sep 17 00:00:00 2001
From: Stephen O'Dwyer <67125983+angrieralien@users.noreply.github.com>
Date: Fri, 22 Nov 2024 09:15:47 -0500
Subject: [PATCH 1/2] adds helm templates

---
 README.md                            | 23 +++++++++++++++-
 deploy/Chart.yaml                    |  5 ++++
 deploy/templates/cm.yaml             |  8 ++++++
 deploy/templates/deployments.yaml    | 41 ++++++++++++++++++++++++++++
 deploy/templates/service.yaml        | 14 ++++++++++
 deploy/templates/serviceMonitor.yaml | 16 +++++++++++
 deploy/values.yaml                   |  5 ++++
 7 files changed, 111 insertions(+), 1 deletion(-)
 create mode 100644 deploy/Chart.yaml
 create mode 100644 deploy/templates/cm.yaml
 create mode 100644 deploy/templates/deployments.yaml
 create mode 100644 deploy/templates/service.yaml
 create mode 100644 deploy/templates/serviceMonitor.yaml
 create mode 100644 deploy/values.yaml

diff --git a/README.md b/README.md
index 7b4457d..98f4c71 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,23 @@
 # trivy-extractor
-Enriches trivy metric data
+
+Enriches trivy metric data with a namespace team mapping. This allows a Security team to easily identify what vulnerabilities belong to what team.
+
+# Configuration
+
+Simply add a new configmap to the k8s namespace and update the `trivyExtractor.namespacesTeamConfigMapName` value in the `vaules.yaml` file.
+
+
+Example config map:
+
+```
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: namespaces
+data: 
+  namespaces.csv: |
+    TEAM 1,app-1
+    TEAM 2,app-2
+    TEAM 3,app-3
+```
+
diff --git a/deploy/Chart.yaml b/deploy/Chart.yaml
new file mode 100644
index 0000000..efa3c97
--- /dev/null
+++ b/deploy/Chart.yaml
@@ -0,0 +1,5 @@
+apiVersion: v2
+name: k8s-trivy-extractor
+description: A Helm chart to deploy the Trivy Extractor for Kubernetes
+type: application
+version: 0.1.0
\ No newline at end of file
diff --git a/deploy/templates/cm.yaml b/deploy/templates/cm.yaml
new file mode 100644
index 0000000..7d0c5e0
--- /dev/null
+++ b/deploy/templates/cm.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: namespaces
+data: 
+  namespaces.csv: |
+    team-1,app-1
+    team-2,app-2
\ No newline at end of file
diff --git a/deploy/templates/deployments.yaml b/deploy/templates/deployments.yaml
new file mode 100644
index 0000000..53449fa
--- /dev/null
+++ b/deploy/templates/deployments.yaml
@@ -0,0 +1,41 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: trivy-extractor-deployment
+  labels:
+    app: trivy-extractor
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: trivy-extractor
+  template:
+    metadata:
+      labels:
+        app: trivy-extractor
+    spec:
+      containers:
+      - name: trivy-extractor
+        image:  ghcr.io/{{ .Values.trivyExtractor.repository }}/trivy-extractor/trivy-extractor:{{ .Values.trivyExtractor.tag }}
+        imagePullPolicy: Always
+        command: ["/usr/bin/trivy-extractor"]
+        ports:
+        - containerPort: 2112
+        volumeMounts:
+        - name: namespaces
+          mountPath: "/data"
+          readOnly: true
+        resources:
+            requests:
+              memory: "128Mi"
+              cpu: "250m"
+            limits:
+              memory: "256Mi"
+              cpu: "500m"
+      imagePullSecrets:
+      - name: {{ .Values.trivyExtractor.imagePullSecrets }}
+      volumes:
+      - name: namespaces
+        configMap:
+          name: {{ .Values.trivyExtractor.namespacesTeamConfigMapName }}
+   
diff --git a/deploy/templates/service.yaml b/deploy/templates/service.yaml
new file mode 100644
index 0000000..9717e84
--- /dev/null
+++ b/deploy/templates/service.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: trivy-extractor
+  labels:
+    app: trivy-extractor
+spec:
+  selector:
+    app: trivy-extractor
+  ports:
+    - name: web
+      protocol: TCP
+      port: 2112
+      targetPort: 2112
\ No newline at end of file
diff --git a/deploy/templates/serviceMonitor.yaml b/deploy/templates/serviceMonitor.yaml
new file mode 100644
index 0000000..0b79f14
--- /dev/null
+++ b/deploy/templates/serviceMonitor.yaml
@@ -0,0 +1,16 @@
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: trivy-extractor
+spec:
+  selector:
+    matchLabels:
+      app: trivy-extractor
+  endpoints:
+    - interval: 15s
+      port: web
+      scrapeTimeout: 14s
+  namespaceSelector:
+    matchNames:
+      - trivy-operator
\ No newline at end of file
diff --git a/deploy/values.yaml b/deploy/values.yaml
new file mode 100644
index 0000000..8fa5044
--- /dev/null
+++ b/deploy/values.yaml
@@ -0,0 +1,5 @@
+trivyExtractor:
+  tag: v1.0.0
+  repository: metal-toolbox
+  namespacesTeamConfigMapName: namespaces
+  imagePullSecret: trivy-operator-image-pull-secret
\ No newline at end of file

From ec26ea1e277fe35ce89bc41fc5ad52e0f2915f9d Mon Sep 17 00:00:00 2001
From: Stephen O'Dwyer <67125983+angrieralien@users.noreply.github.com>
Date: Fri, 22 Nov 2024 09:18:36 -0500
Subject: [PATCH 2/2] fix typo in readme

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 98f4c71..6f565d4 100644
--- a/README.md
+++ b/README.md
@@ -4,7 +4,7 @@ Enriches trivy metric data with a namespace team mapping. This allows a Security
 
 # Configuration
 
-Simply add a new configmap to the k8s namespace and update the `trivyExtractor.namespacesTeamConfigMapName` value in the `vaules.yaml` file.
+Simply add a new configmap to the k8s namespace and update the `trivyExtractor.namespacesTeamConfigMapName` value in the `values.yaml` file.
 
 
 Example config map: