From 82771f325b9a9e30bd9129b9703ef78301b7a104 Mon Sep 17 00:00:00 2001 From: foobar Date: Fri, 26 Apr 2024 19:23:01 +0100 Subject: [PATCH] fixes 114,150: create a single Helm package for dracon-dev and relevant make targets This commit unifies the installation of dracon-dev and its dependencies via one single helm package. It installs all necessary dependencies for development such as Elasticsearch, Kibana, Postgres, Mongo and Tekton. Dependencies that need to be installed on a namespace different than the dracon components such as Tekton, Nginx, ElasticOperator and ArangoDB are installed via Make targets. This commit also refactors Make targets introducing `deploy-dracon-dev` which builds and loads dracon container images and installs the helm chart. Last this commit runs the necessary dracon migrations job as a helm post-install hook --- .gitignore | 1 + Makefile | 72 +++++++----------- deploy/arangodb/Chart.yaml | 8 -- .../arangodb/charts/kube-arangodb-1.2.19.tgz | Bin 6913 -> 0 bytes deploy/arangodb/temp.yaml | 0 deploy/arangodb/templates/ingress.yaml | 23 ------ deploy/arangodb/templates/server.yaml | 17 ----- deploy/arangodb/values.yaml | 3 - deploy/dracon/.helmignore | 23 ++++++ deploy/dracon/Chart.lock | 9 +++ deploy/dracon/Chart.yaml | 15 ++++ deploy/dracon/serviceaccount.yaml | 4 - .../{kibana => dracon}/templates/_helpers.tpl | 20 ++--- .../dracon/templates/arango-deployment.yaml | 15 ++++ deploy/dracon/templates/arango-ingress.yaml | 26 +++++++ .../templates/es-deployment.yaml} | 10 ++- .../templates/kb-deployment.yaml} | 14 ++-- deploy/dracon/templates/kb-ingress.yaml | 25 ++++++ deploy/dracon/templates/migrations-job.yaml | 33 ++++++++ .../migrations-role.yaml} | 2 +- .../migrations-rolebinding.yaml} | 6 +- deploy/dracon/templates/serviceaccount.yaml | 4 + deploy/dracon/values.dev.yaml | 50 ++++++++++++ deploy/elasticsearch/Chart.yaml | 6 -- deploy/elasticsearch/templates/_helpers.tpl | 62 --------------- deploy/enrichment-db/values.yaml | 9 --- deploy/kibana/Chart.yaml | 24 ------ deploy/kibana/kibana.yaml | 41 ---------- deploy/kibana/templates/ingress.yaml | 25 ------ deploy/kibana/values.yaml | 5 -- 30 files changed, 256 insertions(+), 296 deletions(-) delete mode 100644 deploy/arangodb/Chart.yaml delete mode 100644 deploy/arangodb/charts/kube-arangodb-1.2.19.tgz delete mode 100644 deploy/arangodb/temp.yaml delete mode 100644 deploy/arangodb/templates/ingress.yaml delete mode 100644 deploy/arangodb/templates/server.yaml delete mode 100644 deploy/arangodb/values.yaml create mode 100644 deploy/dracon/.helmignore create mode 100644 deploy/dracon/Chart.lock create mode 100644 deploy/dracon/Chart.yaml delete mode 100644 deploy/dracon/serviceaccount.yaml rename deploy/{kibana => dracon}/templates/_helpers.tpl (76%) create mode 100644 deploy/dracon/templates/arango-deployment.yaml create mode 100644 deploy/dracon/templates/arango-ingress.yaml rename deploy/{elasticsearch/templates/deployment.yaml => dracon/templates/es-deployment.yaml} (70%) rename deploy/{kibana/templates/deployment.yaml => dracon/templates/kb-deployment.yaml} (73%) create mode 100644 deploy/dracon/templates/kb-ingress.yaml create mode 100644 deploy/dracon/templates/migrations-job.yaml rename deploy/dracon/{role.yaml => templates/migrations-role.yaml} (78%) rename deploy/dracon/{rolebinding.yaml => templates/migrations-rolebinding.yaml} (50%) create mode 100644 deploy/dracon/templates/serviceaccount.yaml create mode 100644 deploy/dracon/values.dev.yaml delete mode 100644 deploy/elasticsearch/Chart.yaml delete mode 100644 deploy/elasticsearch/templates/_helpers.tpl delete mode 100644 deploy/enrichment-db/values.yaml delete mode 100644 deploy/kibana/Chart.yaml delete mode 100644 deploy/kibana/kibana.yaml delete mode 100644 deploy/kibana/templates/ingress.yaml delete mode 100644 deploy/kibana/values.yaml diff --git a/.gitignore b/.gitignore index 06da856ef..78f12d4b7 100644 --- a/.gitignore +++ b/.gitignore @@ -6,3 +6,4 @@ bin .custom_image tests/output .vscode/ +deploy/dracon/charts \ No newline at end of file diff --git a/Makefile b/Makefile index ecb48f37b..b45f439f7 100644 --- a/Makefile +++ b/Makefile @@ -153,18 +153,8 @@ print-%: ######################################## ########## DEPLOYMENT TARGETS ########## ######################################## -.PHONY: deploy-arangodb-crds deploy-arangodb dev-deploy deploy-elasticsearch deploy-mongodb deploy-pg deploy-tektoncd-pipeline tektoncd-pipeline-helm tektoncd-dashboard-helm - -deploy-arangodb-crds: - @helm upgrade arangodb-crds https://github.com/arangodb/kube-arangodb/releases/download/$(ARANGODB_VERSION)/kube-arangodb-crd-$(ARANGODB_VERSION).tgz \ - --install - -deploy-arangodb: deploy-arangodb-crds - @helm upgrade arangodb-instance deploy/arangodb/ \ - --install \ - --namespace $(ARANGODB_NS) \ - --create-namespace \ - --values=deploy/arangodb/values.yaml +.PHONY: deploy-nginx deploy-arangodb-crds deploy-arangodb-operator add-es-helm-repo deploy-elasticoperator \ + tektoncd-dashboard-helm deploy-tektoncd-dashboard add-bitnami-repo deploy-dracon-dev dev-deploy dev-teardown deploy-nginx: @helm upgrade nginx-ingress https://github.com/kubernetes/ingress-nginx/releases/download/helm-chart-$(NGINX_INGRESS_VERSION)/ingress-nginx-$(NGINX_INGRESS_VERSION).tgz \ @@ -173,6 +163,13 @@ deploy-nginx: --create-namespace \ --set "controller.admissionWebhooks.enabled=false" +deploy-arangodb-crds: + @helm upgrade arangodb-crds https://github.com/arangodb/kube-arangodb/releases/download/$(ARANGODB_VERSION)/kube-arangodb-crd-$(ARANGODB_VERSION).tgz \ + --install + +deploy-arangodb-operator: + @helm install --generate-name https://github.com/arangodb/kube-arangodb/releases/download/1.2.40/kube-arangodb-1.2.40.tgz + add-es-helm-repo: @helm repo add elastic https://helm.elastic.co @helm repo update @@ -184,37 +181,6 @@ deploy-elasticoperator: add-es-helm-repo --create-namespace \ --version=$(ES_OPERATOR_VERSION) -deploy-elasticsearch: deploy-elasticoperator - @helm upgrade dracon-es deploy/elasticsearch/ \ - --install \ - --set version=$(ES_VERSION) \ - --namespace $(DRACON_NS) \ - --create-namespace - -deploy-kibana: deploy-elasticsearch - @helm upgrade dracon-kb deploy/kibana/ \ - --install \ - --set version=$(ES_VERSION) \ - --set es_name=dracon-es-elasticsearch \ - --namespace $(DRACON_NS) \ - --version $(ES_VERSION) - -deploy-mongodb: - @helm upgrade consumer-mongodb https://charts.bitnami.com/bitnami/mongodb-$(MONGODB_VERSION).tgz \ - --install \ - --namespace $(DRACON_NS) \ - --create-namespace \ - --set "auth.usernames[0]=consumer-mongodb" \ - --set "auth.passwords[0]=consumer-mongodb" \ - --set "auth.databases[0]=consumer-mongodb" - -deploy-pg: - @helm upgrade pg https://charts.bitnami.com/bitnami/postgresql-$(PG_VERSION).tgz \ - --install \ - --namespace $(DRACON_NS) \ - --create-namespace \ - --values=deploy/enrichment-db/values.yaml - deploy/tektoncd/pipeline/release-v$(TEKTON_VERSION).yaml: @wget "https://storage.googleapis.com/tekton-releases/pipeline/previous/v$(TEKTON_VERSION)/release.yaml" -O $@ @@ -239,4 +205,22 @@ deploy-tektoncd-dashboard: tektoncd-dashboard-helm --values ./deploy/tektoncd/dashboard/values.yaml \ --namespace $(TEKTON_NS) -dev-deploy: deploy-nginx deploy-arangodb deploy-kibana deploy-mongodb deploy-pg deploy-tektoncd-pipeline deploy-tektoncd-dashboard +add-bitnami-repo: + @helm repo add bitnami https://charts.bitnami.com/bitnami + +deploy-dracon-dev: deploy-elasticoperator deploy-arangodb-crds add-bitnami-repo + @echo "fetching dependencies if needed" + @helm dependency build ./deploy/dracon/ + @echo "deploying dracon in dev mode" + @helm upgrade dracon ./deploy/dracon/ \ + --install \ + --values ./deploy/dracon/values.dev.yaml \ + --create-namespace \ + --namespace $(DRACON_NS) \ + --set "enrichmentDB.migrations.image=kind-registry:5000/ocurity/dracon/draconctl:$(DRACON_VERSION)" + --wait + +dev-deploy: deploy-nginx deploy-tektoncd-pipeline deploy-tektoncd-dashboard deploy-dracon-dev + +dev-teardown: + @kind delete clusters dracon-demo diff --git a/deploy/arangodb/Chart.yaml b/deploy/arangodb/Chart.yaml deleted file mode 100644 index 2008b1486..000000000 --- a/deploy/arangodb/Chart.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v2 -description: ArangoDB Dev Instance for TektonCD -name: arangodb-instance -version: 0.1.0 -dependencies: - - name: kube-arangodb - chart: kube-arangodb - version: 1.2.19 diff --git a/deploy/arangodb/charts/kube-arangodb-1.2.19.tgz b/deploy/arangodb/charts/kube-arangodb-1.2.19.tgz deleted file mode 100644 index 0033dce02612a31fb3612e93391ab123d7aa51c3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6913 zcmV+c8~)@UiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKD3a^p7AZhrGBaFj|V*&4}`tdCip%Bj-W-o!gIw#)MDo>bn{ z7$RE|Vv=A0&>pRK?)@!*AVpH7NPUbXPuPDflOWIl8c%lv4dB5aLme~hPN_9MIh$c7 z8guN}-|Uc@&1SRT?W(`cW;6Y_+3NMaX?0Fp{dTY4J3alT**fjFI^Uq?E}6(9p9{>s zX>MIsx^gdsu;={?7$?*npwmXT(KIaJCL^9ukA_Mz&flQ7{ur1G0yw(%fMG$I;bI2{ zC?P?HAhr!G%JTdF*KYK`Hy*?PTa9+3^>^dYwXP_nK4_viShDyS?{BJ!9~v4?LB;-EBIVUnu@epAj)XqppBYBKVH^?vQ`rzy_$*Y&HX? zJe!#KjQXw^ptgMEdlnWj5)2EN&f_(_mCcDo&=|H&pU!5O@>mPG)PfP%V9NfK)mCi` zE*{%(c6j*IakoXzrS^nkW&{OpP&@LTP)%g~4f~6?BsWf)SHneDWw0vPmPU z4S&=jeAjHW8vTF^^)4gvz{Uc&kYx*M%OMd|Qi>ZJV{;HSq!ra1J_&HSN*Az1T_PwW z?ljgo*o-$7)(v~;p|2>3{{kFOHNwf&_1(p&AwG#6lu=~=bvkMLuiI($EBxOF{Yrf_ z!;gT7%LTS=u;Qj(Wd4OVA0jT&#vFQnMvcH>(B>Zc{Mj(>D8i-*Jo-374vyy3M<#ZW z&tYH~QuIt=qk3H$lH9{4pqk9|7Hq&A8duTd&!1~(3L+e`i!2S}J!OC_5SZ9pWj+Qp zp}uP&>Y|wt9v_^XOo^EJrU$jQ-;{wp=3 zYogw%`bnITKbeqEs8(Nm3$CSpuVjj83@Ktur@PAME{;aK<1aM13mFU(W^))MtAEGq zVY=-(KBLZ9G7@KZ0l9??Pkh_XYtDMQzmvRf!mP4}mzp=ySGRA5XNXZ73I$<|&0Lm$ zAg*cqRzc@9enhn(o3I{#@9wG|+C*M>FlFjfH-oPhg^~$^KeIG!&4LN`ZIRgoL8VGJ zLaAP~Ib^r?x}{}QW*sq#|2{MrAAs`ozjW0iOgYhVRF?y(J|?b3+-dn)qQd!~PAjSZ z+ozrWX{G=7LC?<;6B_>tCjR8mYiJi&j}H0Tr2_pRaYHAIl$V;#LAA(!w`xDeK3hs2 zPBb*6bOqptJrYe8tJ1MAW|WctDCfKJ@R~OWJ$Y;y55%>i37%VO!<#@14F?3au)u-; z9n48TKci5TSL0#>eg0gR+ywJMcno$l!K3CY8V`{-BpE5pJ}`4+woxuKu$=~U%4CFPQ2{ci(os#r^RgV1|=%b)CI#fuU(qU(G_6DkG&)7VQv;^>RCeZmALJ zkC-Y+{5G$@{Cfv}--ZZrL*VBF^ji&k zWHAx0JFWJ+5#|{#x}e``rq2a+!bi$=A!?dEO8y9JtddSa)Lx;QO}P5|goQb){r=(+ z_qeDW{%>aYhg3BG*Kc>1@V{N*|6ZsR{(k`=-_n9l19%xztpfTzSorIi_Qz?`tC)x# z$@4nR@CO|mWkoqI$lD9?<^sI2@NOcwWren!$R-4K-F}Ko>k3)jKvK0BY~y~ef&b<8 z|K?F)1^WMV+5c;HnpOPgUg(hezf$~1r}%R{ylijIqZXIGnGVHMzrnRUN?eie(FM_M z`gN&t;1M!2{M$O2@E{T~o2|@zq?Bdn6$?R;HPRt`e7)?)+M~_L{|`DYUtKwb#qwuaUQKVxkZG4TYN)SeBSEDlkN-Th&{q^u9{vZL zH+B;NR2=`)PvL*3*{tG!_CkkQ{|%(;cp`uTeyWLrml6Y{`|Eg?3|{P-^d|Vf?o4oT z{7)MH+o!$C{@)9|Wc;sy|CnZos~Dh{NM-SVn+TvH{O@#^@xNWI|LujgT>skw$afO~ z6a(;TDey=v{EcFOUWQ43=;69^S_l6(jQ}Z%|7>@g>G+R+75}jxIxPNIz<-3mU&Vmz zH3meAap@?EAh}0vVv?Y#vz~{c6{*+D4_3xtWN^EeNRz*Y;yn_|)Bh&3w%ql-pyKtP z^!k6R)2-Hj_CkA||I0Xq?s(RKOlDP9!b@2IlAU$ruHws3US;urn=@gH{J+!F^!#75 z*{SeHbkD}q9BFPi_Wa0Wsjth?anNJqveIqU312$ ztHrYX_YOE?VCB;b%pc09Uet)i&gN~z{wbZ6b_*L>UTI$H(CIAs(I0diM3ojLw5f@0 zeXKBV=pU(%Ub5yr4$9O23!&OR2C&fo>!tVqb*lRx_C$w?|5!-Z@%VoWo+@kLrMQ8y zKC8UJjc8N+U&kLT#Q%1B{qMBhukQcY3%zvwuYmur>jti|?iWd@S_5;b75wmIQ*!~X zc%-)PKtai0Vc_99_^*$M-nsqXS;GHLuT#Z;?}fIE|JV}9cM}7s<+6$eIVSUdqaeVr zC)YOS<04SfO#eFYdt2HR|95HsxB5%xzqdQ>3jg;(hsXa4_>U3zHwgmFiF&Jm_K0a6 z{NFSVtkC}Ncb4$~w7UOmFLZeP--Z33n82wt!OM05j&Mr<>s4Xv;{O+j|2^%r)A--& zwX68Az0l$DzXJXv1^!$YV5?mquQCF$qWvn#c&SBN{b1#GmDHhUfhaE)BCyHBs&8AJ zoN%xOyEzF8*^gD9 zf`&;MP@d1Y?qB^yK8vQhF*OzenurQr3K;dGCBv_74R0GNVgJRWN;e7yEb{+*OXolJ zJJtEG`=LX}f854|>lkAJ;s0J}XY;>X1NpAk0+#^1njSt9 z3xCUX!6P;4U#2qH3ja$k1{UCdyVYFU|9RT1;y?C6$A$kD@V@}y&$aN2PaG(fY1qD_5jw8a8g_bWU zZaGQ(UKmN|i-@N+O{E;?ri^Wrcby=1T`IK27hWy9cr=hT67*N>*sDMNFCwl5u0XF- zQ)-n>R@Nrt9+-pNezIWfM}ZlknjfH6(AH9-m)^-j(%I;@XVRt4=qWB37BHQ!?Drr* zW2BR&x?bg?Mn7eX9(S-XXYW#Cusc!Mxo-M7>BLuY3# zzHO@)w)`5P7xA+V__cZ&V@lHMvF%a|MtaPo`H8<<$xtGbVvZD7i5a%5ji=Uh%T3f8 z&pa)>lCfdVJK2AK`h=Fec9H_-zQt>4w#cMdXRFd z6bM~>@)&R)^lw(WAngOp2Pi3*n3=QOFAxe_XMir<70Dh|x2?ROR~AGBn94%RlKD8J z>b~CpqCb5qU`1CWh1hh~yy~gjal5S}GQDu_}%3?+pOIL{&oA-FtOb zLcHwkD-chVJq*wU+Z>i&-&~&Oy}GSf=1wwq94B(NCG}qa3UiDmrU-N{(R5l45ppf57ayB5OnC#_Hhlssa{#D!XENDJLzPXV_qo=>bVYluFb`H%1Kh_v z@D5Sw{jVQyuFpSS4c}jkZiZ(Uxmd4s!9N(y)%F2R2-sG%8eN$328-Ds@}e5i97uVt z56^HpUN3JB!fCK7)9|R3%RtEJ?Zvy{-NpIG%lE^dFFt;FbGe$~0jlMy8HrYEG9%Bt z%P#Z%#og`Y+34c`-(26`UEFR{z5{|0lV5yNGk$DsR?dfa!#BfGfq1RvA+YIG(S-_f z6<{uS9NrGEe!l+a^_!2QVF~FE*emY|*8ia6+GGn zwaryi9g9q&d5(5FL%Zpy=XI)XlSgoY^BYFTkXQMc5Z=#_D^`*`1)(Q1z_wU5Yv8RC z;MOqO|=TG>6kZtruyx8BEyR|3>{LlY={5lV#A8? z|FoON|4zHQ|8GC^)!=^x{Kps)zRyjcM~$<`O6%kQ`lrAa?*D8p;eV^z|GyvFa{te+ zfP6QbKQjQl+WT`P7XC(?K3|wgf9S!y0d0o=>+K0C+W*&bK zKVsnDPA0lRs})Nbid9U8GJ z+9l=be?4&P`k39VHh~uTf6es$AFY1By8mfE6xY*{Hcna8alO2mU0qHYCspw-6!A7{ zcnc-GnF`)$J5m&%JqnbVOq+hTa>qzk28);~6$AQJ9CTJuCKcfS_M899_*b8kr{~JGp z=O}{r!Yz)~)b0z3+6z1E$k+A`Jx;$AZG``8dWA*)U#pqE|GnMqb}Rhf2OS6gSHS-g z*7Q=RlNKFW8b8@IetxN55iEaz>DO^@L`L3PW>;29r!j5J`5LVjW?gm#(WWN0^+!3S z{IwM0Uxdo*e`aku8C>N5^;_xl-<$nbrT_Or8!PxMSdQs-1;w`-XU-!i&Q$an2-L{J zuS&O<*6ra;E<)45oy%=crO6h}8Fb%JrFtiOWE8WjRQnSy-sU8FN4SU*dbZE7o!Prl z8a|^;9Uhq47+u$2@l@fQxKrQ8EGt))NNq@oOiM%Su+$-K;hgbf3)|id$4XYS+}6@L z3%Z2m=jIF?oZiz-J#dFNm;X8)Wxkda%)CBaKSto+B-np>Zdz0eu;=8Q~d0=1j1UcKFHx3yz`{s#T*jDLBB&ZteN zF1$iN19PxDH;i}01eb$_eAfbo#0=2T!{!W-e)9^2K-X?G(GM~~O~0!B_Rbt*0}?aB(S+E5;FAfSK*U8Rbv&C$BtuU`%v2#di-z&5&VY^uCN9Frq~09SNjw$8 z!Z2n+c!QIZr>Ca|Rvb1co1WM~3LeUPz1?UU#s}91&ZAoe(0DH4RSxm74amk%h%$ty z48THyN*3 zU*7$4{oxM%dw6?0yt=!*7@_N1bas7petCC!eKkVY|3Jg5U(wsktMgX~h?oIG5S&FX z86>jVz-kyHfJEUF8Zg5>Fv*0N$j0u}m&$ueAAz~VogxpILxMBy5q2%ZCJqTBDVM6# zFpP!t%&0A26J8`ehZgvX5|qUM+l%4(`-_HS?X-;5_}^-_I=vMBpSC;I{Qq9)TXg9P zMlIh|)APpL$e3IVSAMg}Z={F1%K64^~8^#?)V?YX@1w~Jk zJp{@k%>0#Jh(O^=1X?UbaO475Tz)u)ka@5g=sjhCte}F(#IAfjp}wnbjk`|_n7YZV zd!+1s#oldny6mmiB8GA4A`2$iw?$ZpY8Di`oIvs1M$(QBnsN-tWPpWa=K`CvCgeB+E7_r8YjT+=IF&!>8SOY2b#(0}A4yFTeP!38g} z+~_V#eWZN6#LLMQ6*mmH9Iv?r=*@)p(pTUjw9JFj`s@8QY(G; zh7nx1NnP|bBjy767dWchU7EzPe1jWI<@eE@pmLxExTIgAdNBADJS$TeETp5(f|W*u zO%phm-z?6+OMVwU*J%-T?fFt=V*4%b4dZSus}!_ZRG~0UycSyAE^n5aC$=)RI7Lilsx+0n+X{bix4b$`Q4dd+QL(pnLFNevMnoDHdD$daXhcek+ z@70fT`AP*zR^%-eDR8M|1BP$I|IyjarNrjz6RD6u3XA&%nXloc;!3b~!jcH?b z>sateJ)Yn#U@gYk71g)x1*%5(H~Ik_Pt1Q*!*&@v^KKZEqn1j4z~&lHeGUv=o-3?a z+&8A|b>_PY;*w*z*=%MEjK$5dYA8e&08*=YNi7h&dOR^Ama4?!4v7$LKqHDy4>LQn8 zTC?I=xj&BGpcR%DT;w-E&!3a^X{*TDBdt~ZX0@Vf9eVs#R8d709g6-p00960T${=k H05Aan?N{SF diff --git a/deploy/arangodb/temp.yaml b/deploy/arangodb/temp.yaml deleted file mode 100644 index e69de29bb..000000000 diff --git a/deploy/arangodb/templates/ingress.yaml b/deploy/arangodb/templates/ingress.yaml deleted file mode 100644 index 5c25ffb6d..000000000 --- a/deploy/arangodb/templates/ingress.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: arangodb - annotations: - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - nginx.ingress.kubernetes.io/ssl-passthrough: "false" - labels: - app.kubernetes.io/name: {{ .Chart.Name | trunc 63 | trimSuffix "-" }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} -spec: - defaultBackend: - service: - name: dracon - port: - name: server - rules: - - host: arangodb.dracon.localhost diff --git a/deploy/arangodb/templates/server.yaml b/deploy/arangodb/templates/server.yaml deleted file mode 100644 index 24cc4ebf8..000000000 --- a/deploy/arangodb/templates/server.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: "database.arangodb.com/v1" -kind: "ArangoDeployment" -metadata: - name: "dracon" - labels: - app.kubernetes.io/name: {{ .Chart.Name | trunc 63 | trimSuffix "-" }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} -spec: - mode: Single - externalAccess: - type: None - auth: - jwtSecretName: None # Disable auth - image: docker.io/arangodb/arangodb:3.7.10 diff --git a/deploy/arangodb/values.yaml b/deploy/arangodb/values.yaml deleted file mode 100644 index d8c8887de..000000000 --- a/deploy/arangodb/values.yaml +++ /dev/null @@ -1,3 +0,0 @@ -kube-arangodb: - operator: - enableCRDManagement: false diff --git a/deploy/dracon/.helmignore b/deploy/dracon/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/deploy/dracon/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/deploy/dracon/Chart.lock b/deploy/dracon/Chart.lock new file mode 100644 index 000000000..e342a25b2 --- /dev/null +++ b/deploy/dracon/Chart.lock @@ -0,0 +1,9 @@ +dependencies: +- name: postgresql + repository: https://charts.bitnami.com/bitnami + version: 15.2.5 +- name: mongodb + repository: https://charts.bitnami.com/bitnami + version: 15.1.5 +digest: sha256:f5b463f7862318ed8de9439769a72f14320f271c72c80ec7a2a1f1b209959d7a +generated: "2024-05-02T22:03:05.901032098+03:00" diff --git a/deploy/dracon/Chart.yaml b/deploy/dracon/Chart.yaml new file mode 100644 index 000000000..8da2761c2 --- /dev/null +++ b/deploy/dracon/Chart.yaml @@ -0,0 +1,15 @@ +apiVersion: v2 +name: dracon +description: A Helm chart for Kubernetes +type: application +version: 0.1.0 +appVersion: 0.1.0 +dependencies: + - name: postgresql + version: 15.2.5 + repository: https://charts.bitnami.com/bitnami + condition: postgres.enabled + - name: mongodb + version: 15.1.5 + repository: https://charts.bitnami.com/bitnami + condition: mongodb.enabled diff --git a/deploy/dracon/serviceaccount.yaml b/deploy/dracon/serviceaccount.yaml deleted file mode 100644 index af7d5f0bc..000000000 --- a/deploy/dracon/serviceaccount.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: dracon-migrations diff --git a/deploy/kibana/templates/_helpers.tpl b/deploy/dracon/templates/_helpers.tpl similarity index 76% rename from deploy/kibana/templates/_helpers.tpl rename to deploy/dracon/templates/_helpers.tpl index d0c90b377..76decb144 100644 --- a/deploy/kibana/templates/_helpers.tpl +++ b/deploy/dracon/templates/_helpers.tpl @@ -1,7 +1,7 @@ {{/* Expand the name of the chart. */}} -{{- define "kibana.name" -}} +{{- define "dracon.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} {{- end }} @@ -10,7 +10,7 @@ Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} -{{- define "kibana.fullname" -}} +{{- define "dracon.fullname" -}} {{- if .Values.fullnameOverride }} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} {{- else }} @@ -26,16 +26,16 @@ If release name contains chart name it will be used as a full name. {{/* Create chart name and version as used by the chart label. */}} -{{- define "kibana.chart" -}} +{{- define "dracon.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} {{/* Common labels */}} -{{- define "kibana.labels" -}} -helm.sh/chart: {{ include "kibana.chart" . }} -{{ include "kibana.selectorLabels" . }} +{{- define "dracon.labels" -}} +helm.sh/chart: {{ include "dracon.chart" . }} +{{ include "dracon.selectorLabels" . }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} @@ -45,17 +45,17 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{/* Selector labels */}} -{{- define "kibana.selectorLabels" -}} -app.kubernetes.io/name: {{ include "kibana.name" . }} +{{- define "dracon.selectorLabels" -}} +app.kubernetes.io/name: {{ include "dracon.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} {{/* Create the name of the service account to use */}} -{{- define "kibana.serviceAccountName" -}} +{{- define "dracon.serviceAccountName" -}} {{- if .Values.serviceAccount.create }} -{{- default (include "kibana.fullname" .) .Values.serviceAccount.name }} +{{- default (include "dracon.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} {{- end }} diff --git a/deploy/dracon/templates/arango-deployment.yaml b/deploy/dracon/templates/arango-deployment.yaml new file mode 100644 index 000000000..cfd3fe3be --- /dev/null +++ b/deploy/dracon/templates/arango-deployment.yaml @@ -0,0 +1,15 @@ +{{ if .Values.arangodb.enabled }} +apiVersion: database.arangodb.com/v1 +kind: ArangoDeployment +metadata: + name: {{ include "dracon.fullname" . }} + labels: + {{- include "dracon.labels" . | nindent 4 }} +spec: + mode: Single + externalAccess: + type: None + auth: + jwtSecretName: None # Disable auth + image: docker.io/arangodb/arangodb:{{ .Values.arangodb.version }} +{{ end }} diff --git a/deploy/dracon/templates/arango-ingress.yaml b/deploy/dracon/templates/arango-ingress.yaml new file mode 100644 index 000000000..592e4c4ba --- /dev/null +++ b/deploy/dracon/templates/arango-ingress.yaml @@ -0,0 +1,26 @@ +{{ if .Values.arangodb.enabled }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "dracon.fullname" . }}-arangodb + annotations: + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + nginx.ingress.kubernetes.io/ssl-passthrough: "false" + labels: + {{- include "dracon.labels" . | nindent 4 }} +spec: + ingressClassName: {{ .Values.arangodb.ingress.className }} + defaultBackend: + service: + name: {{ include "dracon.fullname" . }} + port: + name: server + rules: + - host: {{ .Values.arangodb.ingress.host }} + {{- if .Values.arangodb.ingress.tlsEnabled }} + tls: + - hosts: + - {{ .Values.arangodb.ingress.host }} + secretName: cert-kibana + {{- end }} +{{ end }} diff --git a/deploy/elasticsearch/templates/deployment.yaml b/deploy/dracon/templates/es-deployment.yaml similarity index 70% rename from deploy/elasticsearch/templates/deployment.yaml rename to deploy/dracon/templates/es-deployment.yaml index 2386dd9b9..ce62db516 100644 --- a/deploy/elasticsearch/templates/deployment.yaml +++ b/deploy/dracon/templates/es-deployment.yaml @@ -1,14 +1,15 @@ +{{ if .Values.elasticsearch.enabled }} apiVersion: elasticsearch.k8s.elastic.co/v1 kind: Elasticsearch metadata: - name: {{ include "elasticsearch.fullname" . }} + name: {{ include "dracon.fullname" . }} annotations: "helm.sh/hook": post-install,post-upgrade labels: - {{- include "elasticsearch.labels" . | nindent 4 }} + {{- include "dracon.labels" . | nindent 4 }} spec: - version: {{ .Values.version }} - image: docker.elastic.co/elasticsearch/elasticsearch:{{ .Values.version }} + version: {{ .Values.elasticsearch.version }} + image: docker.elastic.co/elasticsearch/elasticsearch:{{ .Values.elasticsearch.version }} http: tls: selfSignedCertificate: @@ -23,3 +24,4 @@ spec: username: anonymous roles: superuser authz_exception: false +{{ end }} diff --git a/deploy/kibana/templates/deployment.yaml b/deploy/dracon/templates/kb-deployment.yaml similarity index 73% rename from deploy/kibana/templates/deployment.yaml rename to deploy/dracon/templates/kb-deployment.yaml index b045029ea..1ff1b03d0 100644 --- a/deploy/kibana/templates/deployment.yaml +++ b/deploy/dracon/templates/kb-deployment.yaml @@ -1,19 +1,18 @@ +{{ if .Values.kibana.enabled }} apiVersion: kibana.k8s.elastic.co/v1 kind: Kibana metadata: - name: {{ include "kibana.fullname" . }} + name: {{ include "dracon.fullname" . }} annotations: "helm.sh/hook": post-install,post-upgrade labels: - {{- include "kibana.labels" . | nindent 4 }} + {{- include "dracon.labels" . | nindent 4 }} spec: - version: {{ .Values.version }} - image: docker.elastic.co/kibana/kibana:{{ .Values.version }} + version: {{ .Values.kibana.version }} + image: docker.elastic.co/kibana/kibana:{{ .Values.kibana.version }} count: 1 elasticsearchRef: - name: {{ .Values.es_name }} - # config: - # xpack.security.enabled: false + name: {{ include "dracon.fullname" . }} http: tls: selfSignedCertificate: @@ -41,3 +40,4 @@ spec: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 +{{ end }} diff --git a/deploy/dracon/templates/kb-ingress.yaml b/deploy/dracon/templates/kb-ingress.yaml new file mode 100644 index 000000000..8d2307d99 --- /dev/null +++ b/deploy/dracon/templates/kb-ingress.yaml @@ -0,0 +1,25 @@ +{{ if .Values.kibana.enabled }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "dracon.fullname" . }}-kb + labels: + {{- include "dracon.labels" . | nindent 4 }} + annotations: + nginx.ingress.kubernetes.io/backend-protocol: "http" +spec: + ingressClassName: {{ .Values.kibana.ingress.className }} + defaultBackend: + service: + name: {{ include "dracon.fullname" . }}-kb-http + port: + name: http + rules: + - host: {{ .Values.kibana.ingress.host }} + {{- if .Values.kibana.ingress.tlsEnabled }} + tls: + - hosts: + - {{ .Values.kibana.ingress.host }} + secretName: cert-kibana + {{- end }} +{{ end }} \ No newline at end of file diff --git a/deploy/dracon/templates/migrations-job.yaml b/deploy/dracon/templates/migrations-job.yaml new file mode 100644 index 000000000..f78b84826 --- /dev/null +++ b/deploy/dracon/templates/migrations-job.yaml @@ -0,0 +1,33 @@ +{{ if .Values.enrichmentDB.migrations.enabled }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "dracon.fullname" . }}-migrations + labels: + {{- include "dracon.labels" . | nindent 4 }} + annotations: + # This is what defines this resource as a hook. Without this line, the + # job is considered part of the release. + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + name: dracon-migrations + labels: + {{- include "dracon.labels" . | nindent 8 }} + spec: + restartPolicy: Never + containers: + - name: dracon-migrations + image: {{ .Values.enrichmentDB.migrations.image | default (print .Values.global.image.registry "/ocurity/dracon/draconctl:" .Chart.AppVersion) }} + command: + - draconctl + - migrations + - apply + - --url + - {{.Values.enrichmentDB.connectionStr | quote}} + - /etc/dracon/migrations/enrichment + serviceAccountName: {{ include "dracon.fullname" . }}-migrations +{{ end }} \ No newline at end of file diff --git a/deploy/dracon/role.yaml b/deploy/dracon/templates/migrations-role.yaml similarity index 78% rename from deploy/dracon/role.yaml rename to deploy/dracon/templates/migrations-role.yaml index 28023c0fe..65abc4b41 100644 --- a/deploy/dracon/role.yaml +++ b/deploy/dracon/templates/migrations-role.yaml @@ -1,7 +1,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: dracon-migrations + name: {{ include "dracon.fullname" . }}-migrations rules: - apiGroups: - coordination.k8s.io diff --git a/deploy/dracon/rolebinding.yaml b/deploy/dracon/templates/migrations-rolebinding.yaml similarity index 50% rename from deploy/dracon/rolebinding.yaml rename to deploy/dracon/templates/migrations-rolebinding.yaml index bf0b71bad..18b8d3130 100644 --- a/deploy/dracon/rolebinding.yaml +++ b/deploy/dracon/templates/migrations-rolebinding.yaml @@ -1,11 +1,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: dracon-migrations + name: {{ include "dracon.fullname" . }}-migrations roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: dracon-migrations + name: {{ include "dracon.fullname" . }}-migrations subjects: - kind: ServiceAccount - name: dracon-migrations + name: {{ include "dracon.fullname" . }}-migrations diff --git a/deploy/dracon/templates/serviceaccount.yaml b/deploy/dracon/templates/serviceaccount.yaml new file mode 100644 index 000000000..d725dbfb7 --- /dev/null +++ b/deploy/dracon/templates/serviceaccount.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "dracon.fullname" . }}-migrations diff --git a/deploy/dracon/values.dev.yaml b/deploy/dracon/values.dev.yaml new file mode 100644 index 000000000..23e30bbc4 --- /dev/null +++ b/deploy/dracon/values.dev.yaml @@ -0,0 +1,50 @@ + +elasticsearch: + enabled: true + version: 8.3.2 + +kibana: + enabled: true + version: 8.3.2 + ingress: + className: nginx + host: kibana.dracon.localhost + tlsEnabled: false + +mongodb: + enabled: true + # auth: + # enabled: true + # usernames: ["consumer-mongodb"] + # passwords: ["consumer-mongodb"] + # databases: ["consumer-mongodb"] + # rootUser: "consumer-mongodb" + # rootPassword: "consumer-mongodb" + +arangodb: + enabled: true + version: 3.7.10 + ingress: + className: nginx + host: arangodb.dracon.localhost + +postgresql: + enabled: true + auth: + username: dracon + password: dracon + database: dracon + postgresPassword: dracon + fullnameOverride: dracon-enrichment-db + +tekton: + enabled: true + +enrichmentDB: + migrations: + enabled: true + connectionStr: postgresql://dracon:dracon@dracon-enrichment-db.dracon.svc.cluster.local?sslmode=disable + +global: + image: + registry: kind-registry:5000 diff --git a/deploy/elasticsearch/Chart.yaml b/deploy/elasticsearch/Chart.yaml deleted file mode 100644 index 714ac9839..000000000 --- a/deploy/elasticsearch/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v2 -name: elasticsearch -description: Helm chart for deploying an ES instance using the ES operator -type: application -version: 0.1.0 -appVersion: "8.3.2" diff --git a/deploy/elasticsearch/templates/_helpers.tpl b/deploy/elasticsearch/templates/_helpers.tpl deleted file mode 100644 index 4e8285749..000000000 --- a/deploy/elasticsearch/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "elasticsearch.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "elasticsearch.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "elasticsearch.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "elasticsearch.labels" -}} -helm.sh/chart: {{ include "elasticsearch.chart" . }} -{{ include "elasticsearch.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "elasticsearch.selectorLabels" -}} -app.kubernetes.io/name: {{ include "elasticsearch.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "elasticsearch.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "elasticsearch.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/deploy/enrichment-db/values.yaml b/deploy/enrichment-db/values.yaml deleted file mode 100644 index 9a1dbd098..000000000 --- a/deploy/enrichment-db/values.yaml +++ /dev/null @@ -1,9 +0,0 @@ -global: - postgresql: - auth: - postgresPassword: dracon -auth: - username: dracon - password: dracon - database: dracon -fullnameOverride: dracon-enrichment-db diff --git a/deploy/kibana/Chart.yaml b/deploy/kibana/Chart.yaml deleted file mode 100644 index eaa571817..000000000 --- a/deploy/kibana/Chart.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v2 -name: kibana -description: A Helm chart for Kubernetes - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -# It is recommended to use it with quotes. -appVersion: "1.16.0" diff --git a/deploy/kibana/kibana.yaml b/deploy/kibana/kibana.yaml deleted file mode 100644 index aad6462d7..000000000 --- a/deploy/kibana/kibana.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: kibana.k8s.elastic.co/v1 -kind: Kibana -metadata: - name: dracon - annotations: - "helm.sh/hook": post-install,post-upgrade -spec: - version: 8.3.2 - image: docker.elastic.co/kibana/kibana:8.3.2 - count: 1 - elasticsearchRef: - name: dracon - # config: - # xpack.security.enabled: false - http: - tls: - selfSignedCertificate: - disabled: true - podTemplate: - metadata: - labels: - team: "sys" - annotations: - app.gitlab.com/env: ci - app.gitlab.com/app: sys-logging-elk - spec: - containers: - - name: kibana - resources: - limits: - memory: 4Gi - readinessProbe: - failureThreshold: 3 - httpGet: - path: / - port: 5601 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 diff --git a/deploy/kibana/templates/ingress.yaml b/deploy/kibana/templates/ingress.yaml deleted file mode 100644 index 3bde5fa56..000000000 --- a/deploy/kibana/templates/ingress.yaml +++ /dev/null @@ -1,25 +0,0 @@ ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ include "kibana.fullname" . }} - labels: - {{- include "kibana.labels" . | nindent 4 }} - namespace: dracon - annotations: - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/backend-protocol: "http" -spec: - defaultBackend: - service: - name: dracon-kb-http - port: - name: http - rules: - - host: {{ .Values.ingress.host }} - {{- if .Values.ingress.tlsEnabled }} - tls: - - hosts: - - {{ .Values.ingress.host }} - secretName: cert-kibana - {{- end }} \ No newline at end of file diff --git a/deploy/kibana/values.yaml b/deploy/kibana/values.yaml deleted file mode 100644 index aa7410def..000000000 --- a/deploy/kibana/values.yaml +++ /dev/null @@ -1,5 +0,0 @@ -ingress: - annotations: {} - className: "nginx" - host: "kibana.dracon.localhost" - tlsEnabled: false