diff --git a/.gitignore b/.gitignore index dbe9c82..0d2d21f 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,7 @@ -.vscode/ \ No newline at end of file +# IDE +/.vscode/ +/.idea/ + +# DEPENDENCIES +**/charts/*.tgz +**/Chart.lock diff --git a/charts/one-beyond-dependency-track/.helmignore b/charts/one-beyond-dependency-track/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/one-beyond-dependency-track/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/one-beyond-dependency-track/Chart.yaml b/charts/one-beyond-dependency-track/Chart.yaml new file mode 100644 index 0000000..79ab19e --- /dev/null +++ b/charts/one-beyond-dependency-track/Chart.yaml @@ -0,0 +1,29 @@ +apiVersion: v2 +name: one-beyond-dependency-track +description: A Helm chart for deploying dependency track (https://dependencytrack.org/) on Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" + +dependencies: + - name: dependency-track + version: 1.5.5 + repository: https://evryfs.github.io/helm-charts/ diff --git a/charts/one-beyond-dependency-track/templates/ingress.yaml b/charts/one-beyond-dependency-track/templates/ingress.yaml new file mode 100644 index 0000000..bdbd362 --- /dev/null +++ b/charts/one-beyond-dependency-track/templates/ingress.yaml @@ -0,0 +1,30 @@ +{{- if .Values.ingressroute.enabled -}} +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ include "ob-service.fullname" . }} +spec: + secretName: {{ include "ob-service.fullname" . }}-tls + issuerRef: + name: letsencrypt-prod + kind: ClusterIssuer + commonName: {{ .Values.ingressroute.dns }} + dnsNames: + - {{ .Values.ingressroute.dns }} +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: {{ include "ob-service.fullname" . }} +spec: + entryPoints: + - websecure + routes: + - match: Host(`{{ .Values.ingressroute.dns }}`) + kind: Rule + services: + - name: {{ include "ob-service.fullname" . }} + port: {{ .Values.ingressroute.port }} + tls: + secretName: {{ include "ob-service.fullname" . }}-tls +{{- end }} diff --git a/charts/one-beyond-dependency-track/values.yaml b/charts/one-beyond-dependency-track/values.yaml new file mode 100644 index 0000000..76a2ab3 --- /dev/null +++ b/charts/one-beyond-dependency-track/values.yaml @@ -0,0 +1,206 @@ +# Default values for one-beyond-dependency-track. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +ingressroute: + enabled: true + dns: my-domain.certmanager.test + port: 4000 + + +dependency-tracker: + # Default values for dependency-track. + # This is a YAML-formatted file. + # Declare variables to be passed into your templates. + # Since dependency-track 4.0, there are now two separate images. One for frontend, one for the apiserver. + + # -- global configuration + global: + imageRegistry: docker.io + # imagePullSecrets: + # - name: "myRegistryKeySecretName" + + # -- config of the frontend + frontend: + enabled: true + annotations: {} + replicaCount: 2 + image: + repository: dependencytrack/frontend + tag: 4.6.1 + pullPolicy: IfNotPresent + # https://github.com/DependencyTrack/frontend/issues/60 + # configmap: + # config: | + # { + # "API_BASE_URL": "", + # "OIDC_ISSUER": "", + # "OIDC_CLIENT_ID": "", + # "OIDC_SCOPE": "openid profile email", + # "OIDC_FLOW": "" + # } + # --See https://docs.dependencytrack.org/getting-started/configuration/ for frontend ENV variables. + env: + - name: API_BASE_URL + value: "" + # See https://docs.dependencytrack.org/getting-started/configuration/ for frontend ENV variables. + # podSecurityContext: + # fsGroup: 1000 + + securityContext: + allowPrivilegeEscalation: false + # rootfs cannot be R/O because there is some messing around with file generation and whatnot + runAsUser: 101 + + ports: + - name: http + containerPort: 80 + protocol: TCP + + service: + type: ClusterIP + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + annotations: {} + + ingressroute: + enabled: false + + nodeSelector: {} + + tolerations: [] + + affinity: {} + + emptyDir: + sizeLimit: 8Gi + + resources: + # https://docs.dependencytrack.org/getting-started/deploy-docker/ + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 1 + memory: 512Mi + + nameOverride: "" + + fullnameOverride: "" + + initContainers: [] + + serviceAccount: + # Specifies whether a service account should be created + create: true + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: frontend-serviceaccount + # Annotations to add + # Example: + # iam.gke.io/gcp-service-account: a@b.com + annotations: {} + + livenessProbe: + enabled: true + path: "/" + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 2 + successThreshold: 1 + failureThreshold: 3 + + readinessProbe: + enabled: true + path: "/" + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 2 + successThreshold: 1 + failureThreshold: 3 + + + # -- config of the apiserver + apiserver: + enabled: true + annotations: {} + # Max: 1 - DT is not designed for HA + replicaCount: 1 + image: + repository: dependencytrack/apiserver + tag: 4.6.3 + pullPolicy: IfNotPresent + env: [] + persistentVolume: + accessModes: + - ReadWriteOnce + enabled: true + size: 8Gi + annotations: {} + storageClass: "" + podSecurityContext: + fsGroup: 1000 + securityContext: + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 1000 + service: + type: ClusterIP + port: 80 + annotations: {} + nodeSelector: {} + tolerations: [] + affinity: {} + emptyDir: + sizeLimit: 8Gi + resources: + # https://docs.dependencytrack.org/getting-started/deploy-docker/ + requests: + cpu: 2 + memory: 4608Mi + limits: + cpu: 4 + memory: 16Gi + nameOverride: "" + fullnameOverride: "" + initContainers: [] + serviceAccount: + # Specifies whether a service account should be created + create: true + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: apiserver-serviceaccount + # Annotations to add + # Example: + # iam.gke.io/gcp-service-account: a@b.com + annotations: {} + # See https://docs.dependencytrack.org/getting-started/configuration/ for backend configuration options. + livenessProbe: + enabled: true + path: "/api/version" + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 2 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + enabled: true + path: "/" + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 2 + successThreshold: 1 + failureThreshold: 3 + + # -- configuration of ingress + ingress: + enabled: false + + # -- configuration of postgres + postgresql: + enabled: false + +