open-appsec helm chart update Mon Feb 12 17:56:07 IST 2024

2025-09-30 03:34:26 +03:00 · 2024-02-12 17:56:07 +02:00
parent 636e667e85
commit 4def79504e
105 changed files with 20582 additions and 44 deletions
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/appsec.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/appsec.yaml
@@ -142,6 +142,8 @@ spec:
              value: {{ .Values.appsec.storage.name }}-svc
            - name: LEARNING_HOST
              value: {{ .Values.appsec.learning.name }}-svc
+            - name: TUNING_HOST
+              value: {{ .Values.appsec.tuning.name }}-svc
        {{- else }}
            - name: PLAYGROUND
              value: "true"
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/clusterrolebinding.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/clusterrolebinding.yaml
@@ -16,4 +16,7 @@ subjects:
  - kind: ServiceAccount
    name: {{ template "ingress-nginx.serviceAccountName" . }}
    namespace: {{ include "ingress-nginx.namespace" . }}
+  - kind: ServiceAccount
+    name: tuning-svc-account
+    namespace: {{ .Release.Namespace | quote }}
 {{- end }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/tuning-deployment.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/tuning-deployment.yaml
@@ -0,0 +1,71 @@
+{{- if and (eq "standalone" .Values.appsec.mode) (eq .Values.appsec.playground false) .Values.appsec.tuning.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Values.appsec.tuning.name }}-deployment
+  labels:
+    app: {{ .Values.appsec.tuning.name }}-lbl
+spec:
+  replicas: {{ .Values.appsec.tuning.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ .Values.appsec.tuning.name }}-lbl
+  template:
+    metadata:
+      labels:
+        app: {{ .Values.appsec.tuning.name }}-lbl
+        group: fog-core
+    spec:
+      securityContext:
+      {{- with .Values.appsec.tuning.securityContext }}
+        fsGroup: {{ .fsGroup }}
+        runAsGroup: {{ .runAsGroup }}
+        runAsUser: {{ .runAsUser }}
+      {{- end }}
+      serviceAccountName: tuning-svc-account
+      containers:
+        - name:  {{ .Values.appsec.tuning.name }}
+          imagePullPolicy: Always
+          {{- with .Values.appsec.tuning.image }}
+          image: {{ .registry }}/{{ .image }}:{{ .tag }}
+          {{- end }}
+          ports:
+            - containerPort: {{ .Values.appsec.tuning.port }}
+          livenessProbe:
+            failureThreshold: {{ .Values.appsec.tuning.failureThreshold }}
+            httpGet:
+              path: /health/live
+              port: {{ .Values.appsec.tuning.port }}
+              scheme: HTTP
+            initialDelaySeconds: {{ .Values.appsec.tuning.initialDelaySeconds }}
+            periodSeconds: {{ .Values.appsec.tuning.periodSeconds }}
+            timeoutSeconds: {{ .Values.appsec.tuning.timeoutSeconds }}
+          readinessProbe:
+            failureThreshold: {{ .Values.appsec.tuning.failureThreshold }}
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.appsec.tuning.port }}
+              scheme: HTTP
+            initialDelaySeconds: {{ .Values.appsec.tuning.initialDelaySeconds }}
+            periodSeconds: {{ .Values.appsec.tuning.periodSeconds }}
+            successThreshold: {{ .Values.appsec.tuning.successThreshold }}
+            timeoutSeconds: {{ .Values.appsec.tuning.timeoutSeconds }}
+          env:
+            - name: K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: MODE
+              value: "stand-alone"
+            - name: DB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "common.names.fullname" .Subcharts.postgresql }}
+                  key: {{ include "postgresql.adminPasswordKey" .Subcharts.postgresql }}
+            - name: QUERY_DB_NAME_FMT
+              value: "postgres://postgres:%s@{{ include "postgresql.primary.fullname" .Subcharts.postgresql }}:5432/i2datatubeschemasecurityeventlogsv03?sslmode=disable"
+            - name: QUERY_DB_ROOT_FMT
+              value: "postgres://postgres:%s@{{ include "postgresql.primary.fullname" .Subcharts.postgresql }}:5432/?sslmode=disable"
+            - name: RP_BASEURL
+              value: http://{{ .Values.appsec.storage.name }}-svc/api
+{{- end }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/tuning-serviceaccount.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/tuning-serviceaccount.yaml
@@ -0,0 +1,7 @@
+{{- if and .Values.appsec.tuning.serviceAccount.create .Values.appsec.tuning.enabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: tuning-svc-account
+  namespace: {{ .Release.Namespace }}
+{{- end }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/tuning-svc.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/tuning-svc.yaml
@@ -0,0 +1,13 @@
+{{- if and (eq "standalone" .Values.appsec.mode) (eq .Values.appsec.playground false) .Values.appsec.tuning.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Values.appsec.tuning.name }}-svc
+spec:
+  ports:
+    - name: "http"
+      port: 80
+      targetPort: {{ .Values.appsec.tuning.port }}
+  selector:
+    app: {{ .Values.appsec.tuning.name }}-lbl
+{{- end }}