From 03b5583855dfa0d33c9940d669443c679633d0a1 Mon Sep 17 00:00:00 2001 From: Dimitris Tassopoulos Date: Thu, 15 Aug 2024 15:08:03 +0200 Subject: [PATCH 1/4] feat: Added keppel helm chart --- .../keppel/chart/keppel-scanner/.helmignore | 23 +++++++ .../keppel/chart/keppel-scanner/Chart.yaml | 27 ++++++++ scanner/keppel/chart/keppel-scanner/README.md | 22 +++++++ .../chart/keppel-scanner/templates/NOTES.txt | 1 + .../keppel-scanner/templates/_helpers.tpl | 62 +++++++++++++++++++ .../templates/config/_scanner_config.yaml.tpl | 2 + .../keppel-scanner/templates/configmap.yaml | 10 +++ .../keppel-scanner/templates/cronjob.yaml | 38 ++++++++++++ .../keppel-scanner/templates/secrets.yaml | 10 +++ .../templates/serviceaccount.yaml | 16 +++++ .../keppel/chart/keppel-scanner/values.yaml | 29 +++++++++ 11 files changed, 240 insertions(+) create mode 100644 scanner/keppel/chart/keppel-scanner/.helmignore create mode 100644 scanner/keppel/chart/keppel-scanner/Chart.yaml create mode 100644 scanner/keppel/chart/keppel-scanner/README.md create mode 100644 scanner/keppel/chart/keppel-scanner/templates/NOTES.txt create mode 100644 scanner/keppel/chart/keppel-scanner/templates/_helpers.tpl create mode 100644 scanner/keppel/chart/keppel-scanner/templates/config/_scanner_config.yaml.tpl create mode 100644 scanner/keppel/chart/keppel-scanner/templates/configmap.yaml create mode 100644 scanner/keppel/chart/keppel-scanner/templates/cronjob.yaml create mode 100644 scanner/keppel/chart/keppel-scanner/templates/secrets.yaml create mode 100644 scanner/keppel/chart/keppel-scanner/templates/serviceaccount.yaml create mode 100644 scanner/keppel/chart/keppel-scanner/values.yaml diff --git a/scanner/keppel/chart/keppel-scanner/.helmignore b/scanner/keppel/chart/keppel-scanner/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/scanner/keppel/chart/keppel-scanner/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/scanner/keppel/chart/keppel-scanner/Chart.yaml b/scanner/keppel/chart/keppel-scanner/Chart.yaml new file mode 100644 index 00000000..d3dfa548 --- /dev/null +++ b/scanner/keppel/chart/keppel-scanner/Chart.yaml @@ -0,0 +1,27 @@ +# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Greenhouse contributors +# SPDX-License-Identifier: Apache-2.0 + +apiVersion: v2 +name: keppel-scanner +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/scanner/keppel/chart/keppel-scanner/README.md b/scanner/keppel/chart/keppel-scanner/README.md new file mode 100644 index 00000000..af13224c --- /dev/null +++ b/scanner/keppel/chart/keppel-scanner/README.md @@ -0,0 +1,22 @@ +Keppel Scanner for Heureka +============================== + +This scanner is used to perform scans for the heureka project. + +## Usage +```bash +$ keppel-scanner --help +``` + +## Helm Chart +Usage: +```bash +helm upgrade --install --namespace heureka keppel-scanner heureka/scanner/keppel/chart/keppel-scanner/ +``` + +#### Values +In the `values.yaml` file, you can configure the following values: +- `scanner.api_token`: The token used to authenticate the scanner. +- `scanner.heureka_url`: The URL of the Heureka API. +- `scanner.config_mount_path`: The path of the scanner config file inside the pod (e.g. "/etc/heureka/scanner/keppel/config") +- `scanner.schedule`: The cronjob schedule string (e.g. "0 * * * *") that defines when the scanner should run. \ No newline at end of file diff --git a/scanner/keppel/chart/keppel-scanner/templates/NOTES.txt b/scanner/keppel/chart/keppel-scanner/templates/NOTES.txt new file mode 100644 index 00000000..11c98895 --- /dev/null +++ b/scanner/keppel/chart/keppel-scanner/templates/NOTES.txt @@ -0,0 +1 @@ +1. The Heureka Scanner {{ .Release.Name }} is being deployed. Be aware that this is a CronJob only deployment. diff --git a/scanner/keppel/chart/keppel-scanner/templates/_helpers.tpl b/scanner/keppel/chart/keppel-scanner/templates/_helpers.tpl new file mode 100644 index 00000000..7a240c9d --- /dev/null +++ b/scanner/keppel/chart/keppel-scanner/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "keppel-scanner.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "keppel-scanner.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "keppel-scanner.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "keppel-scanner.labels" -}} +helm.sh/chart: {{ include "keppel-scanner.chart" . }} +{{ include "keppel-scanner.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "keppel-scanner.selectorLabels" -}} +app.kubernetes.io/name: {{ include "keppel-scanner.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "keppel-scanner.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "keppel-scanner.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/scanner/keppel/chart/keppel-scanner/templates/config/_scanner_config.yaml.tpl b/scanner/keppel/chart/keppel-scanner/templates/config/_scanner_config.yaml.tpl new file mode 100644 index 00000000..54049517 --- /dev/null +++ b/scanner/keppel/chart/keppel-scanner/templates/config/_scanner_config.yaml.tpl @@ -0,0 +1,2 @@ +config: + some_key: some_value \ No newline at end of file diff --git a/scanner/keppel/chart/keppel-scanner/templates/configmap.yaml b/scanner/keppel/chart/keppel-scanner/templates/configmap.yaml new file mode 100644 index 00000000..27f9d2f9 --- /dev/null +++ b/scanner/keppel/chart/keppel-scanner/templates/configmap.yaml @@ -0,0 +1,10 @@ +# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Greenhouse contributors +# SPDX-License-Identifier: Apache-2.0 + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-configmap +data: + config.yaml: | +{{ include (print .Template.BasePath "/config/_scanner_config.yaml.tpl") . | indent 4 }} diff --git a/scanner/keppel/chart/keppel-scanner/templates/cronjob.yaml b/scanner/keppel/chart/keppel-scanner/templates/cronjob.yaml new file mode 100644 index 00000000..dbd2a00f --- /dev/null +++ b/scanner/keppel/chart/keppel-scanner/templates/cronjob.yaml @@ -0,0 +1,38 @@ +# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Greenhouse contributors +# SPDX-License-Identifier: Apache-2.0 + +apiVersion: batch/v1 +kind: CronJob +metadata: + name: {{ .Release.Name }}-cronjob +spec: + schedule: "{{ .Values.scanner.schedule }}" + jobTemplate: + spec: + template: + spec: + volumes: + - name: config-volume + configMap: + name: {{ .Release.Name }}-configmap + containers: + - name: {{ .Release.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + volumeMounts: + - name: config-volume + mountPath: "{{ .Values.scanner.config_mount_path }}" + readOnly: true + env: + - name: HEUREKA_API_TOKEN + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-secret + key: api_token + - name: HEUREKA_URL + value: {{ .Values.scanner.heureka_url }} + args: + - /bin/sh + - -c + - date; echo Hello from the Kubernetes cluster + restartPolicy: OnFailure \ No newline at end of file diff --git a/scanner/keppel/chart/keppel-scanner/templates/secrets.yaml b/scanner/keppel/chart/keppel-scanner/templates/secrets.yaml new file mode 100644 index 00000000..683efe59 --- /dev/null +++ b/scanner/keppel/chart/keppel-scanner/templates/secrets.yaml @@ -0,0 +1,10 @@ +# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Greenhouse contributors +# SPDX-License-Identifier: Apache-2.0 + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-secret +type: Opaque +data: + api_token: {{ .Values.scanner.api_token | b64enc }} \ No newline at end of file diff --git a/scanner/keppel/chart/keppel-scanner/templates/serviceaccount.yaml b/scanner/keppel/chart/keppel-scanner/templates/serviceaccount.yaml new file mode 100644 index 00000000..ce57a7c7 --- /dev/null +++ b/scanner/keppel/chart/keppel-scanner/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Greenhouse contributors +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "keppel-scanner.serviceAccountName" . }} + labels: + {{- include "keppel-scanner.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/scanner/keppel/chart/keppel-scanner/values.yaml b/scanner/keppel/chart/keppel-scanner/values.yaml new file mode 100644 index 00000000..53095b6c --- /dev/null +++ b/scanner/keppel/chart/keppel-scanner/values.yaml @@ -0,0 +1,29 @@ +# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Greenhouse contributors +# SPDX-License-Identifier: Apache-2.0 + +# Default values for keppel-scanner. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +scanner: + api_token: "my_token" + heureka_url: "api.heureka.greenhouse-qa.eu-nl-1.cloud.sap" + config_mount_path: "/etc/heureka/config/keppel-scanner" + schedule: "0 * * * *" + +image: + repository: ghcr.io/cloudoperators/heureka-scanner-keppel + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: "main" + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" From 0ca3912b26d4f5b4f17e2f51296c90a93a08df48 Mon Sep 17 00:00:00 2001 From: Dimitris Tassopoulos Date: Thu, 15 Aug 2024 15:08:24 +0200 Subject: [PATCH 2/4] feat: Added nvd helm chart --- scanner/nvd/chart/nvd-scanner/.helmignore | 23 +++++++ scanner/nvd/chart/nvd-scanner/Chart.yaml | 27 ++++++++ scanner/nvd/chart/nvd-scanner/README.md | 22 +++++++ .../nvd/chart/nvd-scanner/templates/NOTES.txt | 1 + .../chart/nvd-scanner/templates/_helpers.tpl | 62 +++++++++++++++++++ .../templates/config/_scanner_config.yaml.tpl | 2 + .../nvd-scanner/templates/configmap.yaml | 10 +++ .../chart/nvd-scanner/templates/cronjob.yaml | 38 ++++++++++++ .../chart/nvd-scanner/templates/secrets.yaml | 10 +++ .../nvd-scanner/templates/serviceaccount.yaml | 16 +++++ scanner/nvd/chart/nvd-scanner/values.yaml | 29 +++++++++ 11 files changed, 240 insertions(+) create mode 100644 scanner/nvd/chart/nvd-scanner/.helmignore create mode 100644 scanner/nvd/chart/nvd-scanner/Chart.yaml create mode 100644 scanner/nvd/chart/nvd-scanner/README.md create mode 100644 scanner/nvd/chart/nvd-scanner/templates/NOTES.txt create mode 100644 scanner/nvd/chart/nvd-scanner/templates/_helpers.tpl create mode 100644 scanner/nvd/chart/nvd-scanner/templates/config/_scanner_config.yaml.tpl create mode 100644 scanner/nvd/chart/nvd-scanner/templates/configmap.yaml create mode 100644 scanner/nvd/chart/nvd-scanner/templates/cronjob.yaml create mode 100644 scanner/nvd/chart/nvd-scanner/templates/secrets.yaml create mode 100644 scanner/nvd/chart/nvd-scanner/templates/serviceaccount.yaml create mode 100644 scanner/nvd/chart/nvd-scanner/values.yaml diff --git a/scanner/nvd/chart/nvd-scanner/.helmignore b/scanner/nvd/chart/nvd-scanner/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/scanner/nvd/chart/nvd-scanner/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/scanner/nvd/chart/nvd-scanner/Chart.yaml b/scanner/nvd/chart/nvd-scanner/Chart.yaml new file mode 100644 index 00000000..3d4ec6cb --- /dev/null +++ b/scanner/nvd/chart/nvd-scanner/Chart.yaml @@ -0,0 +1,27 @@ +# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Greenhouse contributors +# SPDX-License-Identifier: Apache-2.0 + +apiVersion: v2 +name: nvd-scanner +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/scanner/nvd/chart/nvd-scanner/README.md b/scanner/nvd/chart/nvd-scanner/README.md new file mode 100644 index 00000000..5de7194b --- /dev/null +++ b/scanner/nvd/chart/nvd-scanner/README.md @@ -0,0 +1,22 @@ +NVD Scanner for Heureka +============================== + +This scanner is used to perform scans for the heureka project. + +## Usage +```bash +$ nvd-scanner --help +``` + +## Helm Chart +Usage: +```bash +helm upgrade --install --namespace heureka nvd-scanner heureka/scanner/nvd/chart/nvd-scanner/ +``` + +#### Values +In the `values.yaml` file, you can configure the following values: +- `scanner.api_token`: The token used to authenticate the scanner. +- `scanner.heureka_url`: The URL of the Heureka API. +- `scanner.config_mount_path`: The path of the scanner config file inside the pod (e.g. "/etc/heureka/scanner/nvd/config") +- `scanner.schedule`: The cronjob schedule string (e.g. "0 * * * *") that defines when the scanner should run. \ No newline at end of file diff --git a/scanner/nvd/chart/nvd-scanner/templates/NOTES.txt b/scanner/nvd/chart/nvd-scanner/templates/NOTES.txt new file mode 100644 index 00000000..11c98895 --- /dev/null +++ b/scanner/nvd/chart/nvd-scanner/templates/NOTES.txt @@ -0,0 +1 @@ +1. The Heureka Scanner {{ .Release.Name }} is being deployed. Be aware that this is a CronJob only deployment. diff --git a/scanner/nvd/chart/nvd-scanner/templates/_helpers.tpl b/scanner/nvd/chart/nvd-scanner/templates/_helpers.tpl new file mode 100644 index 00000000..cda7bd62 --- /dev/null +++ b/scanner/nvd/chart/nvd-scanner/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "nvd-scanner.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "nvd-scanner.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "nvd-scanner.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "nvd-scanner.labels" -}} +helm.sh/chart: {{ include "nvd-scanner.chart" . }} +{{ include "nvd-scanner.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "nvd-scanner.selectorLabels" -}} +app.kubernetes.io/name: {{ include "nvd-scanner.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "nvd-scanner.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "nvd-scanner.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/scanner/nvd/chart/nvd-scanner/templates/config/_scanner_config.yaml.tpl b/scanner/nvd/chart/nvd-scanner/templates/config/_scanner_config.yaml.tpl new file mode 100644 index 00000000..54049517 --- /dev/null +++ b/scanner/nvd/chart/nvd-scanner/templates/config/_scanner_config.yaml.tpl @@ -0,0 +1,2 @@ +config: + some_key: some_value \ No newline at end of file diff --git a/scanner/nvd/chart/nvd-scanner/templates/configmap.yaml b/scanner/nvd/chart/nvd-scanner/templates/configmap.yaml new file mode 100644 index 00000000..27f9d2f9 --- /dev/null +++ b/scanner/nvd/chart/nvd-scanner/templates/configmap.yaml @@ -0,0 +1,10 @@ +# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Greenhouse contributors +# SPDX-License-Identifier: Apache-2.0 + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-configmap +data: + config.yaml: | +{{ include (print .Template.BasePath "/config/_scanner_config.yaml.tpl") . | indent 4 }} diff --git a/scanner/nvd/chart/nvd-scanner/templates/cronjob.yaml b/scanner/nvd/chart/nvd-scanner/templates/cronjob.yaml new file mode 100644 index 00000000..dbd2a00f --- /dev/null +++ b/scanner/nvd/chart/nvd-scanner/templates/cronjob.yaml @@ -0,0 +1,38 @@ +# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Greenhouse contributors +# SPDX-License-Identifier: Apache-2.0 + +apiVersion: batch/v1 +kind: CronJob +metadata: + name: {{ .Release.Name }}-cronjob +spec: + schedule: "{{ .Values.scanner.schedule }}" + jobTemplate: + spec: + template: + spec: + volumes: + - name: config-volume + configMap: + name: {{ .Release.Name }}-configmap + containers: + - name: {{ .Release.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + volumeMounts: + - name: config-volume + mountPath: "{{ .Values.scanner.config_mount_path }}" + readOnly: true + env: + - name: HEUREKA_API_TOKEN + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-secret + key: api_token + - name: HEUREKA_URL + value: {{ .Values.scanner.heureka_url }} + args: + - /bin/sh + - -c + - date; echo Hello from the Kubernetes cluster + restartPolicy: OnFailure \ No newline at end of file diff --git a/scanner/nvd/chart/nvd-scanner/templates/secrets.yaml b/scanner/nvd/chart/nvd-scanner/templates/secrets.yaml new file mode 100644 index 00000000..683efe59 --- /dev/null +++ b/scanner/nvd/chart/nvd-scanner/templates/secrets.yaml @@ -0,0 +1,10 @@ +# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Greenhouse contributors +# SPDX-License-Identifier: Apache-2.0 + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-secret +type: Opaque +data: + api_token: {{ .Values.scanner.api_token | b64enc }} \ No newline at end of file diff --git a/scanner/nvd/chart/nvd-scanner/templates/serviceaccount.yaml b/scanner/nvd/chart/nvd-scanner/templates/serviceaccount.yaml new file mode 100644 index 00000000..03d449d9 --- /dev/null +++ b/scanner/nvd/chart/nvd-scanner/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Greenhouse contributors +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "nvd-scanner.serviceAccountName" . }} + labels: + {{- include "nvd-scanner.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/scanner/nvd/chart/nvd-scanner/values.yaml b/scanner/nvd/chart/nvd-scanner/values.yaml new file mode 100644 index 00000000..e09e027e --- /dev/null +++ b/scanner/nvd/chart/nvd-scanner/values.yaml @@ -0,0 +1,29 @@ +# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Greenhouse contributors +# SPDX-License-Identifier: Apache-2.0 + +# Default values for nvd-scanner. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +scanner: + api_token: "my_token" + heureka_url: "api.heureka.greenhouse-qa.eu-nl-1.cloud.sap" + config_mount_path: "/etc/heureka/config/nvd-scanner" + schedule: "0 * * * *" + +image: + repository: ghcr.io/cloudoperators/heureka-scanner-nvd + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: "main" + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" From 19556661880d6fb66559f1185c5c8795e87c8a3c Mon Sep 17 00:00:00 2001 From: Dimitris Tassopoulos Date: Thu, 15 Aug 2024 15:10:42 +0200 Subject: [PATCH 3/4] fix: Updated the heureka url in the values.yaml --- scanner/k8s-assets/chart/k8s-assets-scanner/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scanner/k8s-assets/chart/k8s-assets-scanner/values.yaml b/scanner/k8s-assets/chart/k8s-assets-scanner/values.yaml index 0927656f..21f9f923 100644 --- a/scanner/k8s-assets/chart/k8s-assets-scanner/values.yaml +++ b/scanner/k8s-assets/chart/k8s-assets-scanner/values.yaml @@ -7,15 +7,15 @@ scanner: api_token: "my_token" - heureka_url: "heureka.greehouse.com" - config_mount_path: "/etc/heureka/scanner/config" + heureka_url: "api.heureka.greenhouse-qa.eu-nl-1.cloud.sap" + config_mount_path: "/etc/heureka/config/k8s-assets-scanner" schedule: "0 * * * *" image: repository: ghcr.io/cloudoperators/heureka-scanner-k8s-assets pullPolicy: Always # Overrides the image tag whose default is the chart appVersion. - tag: "" + tag: "main" serviceAccount: # Specifies whether a service account should be created From 55d815d837bc6c6d31dc98491f816e20c2561ac3 Mon Sep 17 00:00:00 2001 From: Dimitris Tassopoulos Date: Thu, 15 Aug 2024 15:11:14 +0200 Subject: [PATCH 4/4] feat: Added the scanners helm build and publish --- .github/workflows/helm-release.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/helm-release.yaml b/.github/workflows/helm-release.yaml index 5d49fe5f..5a84a7c5 100644 --- a/.github/workflows/helm-release.yaml +++ b/.github/workflows/helm-release.yaml @@ -9,6 +9,8 @@ on: - .github/workflows/helm-release.yaml - charts/heureka - scanner/k8s-assets/chart/k8s-assets-scanner + - scanner/keppel/chart/keppel-scanner + - scanner/nvd/chart/nvd-scanner permissions: @@ -30,6 +32,10 @@ jobs: chartName: heureka - chartDir: scanner/k8s-assets/chart/k8s-assets-scanner chartName: k8s-assets-scanner + - chartDir: scanner/keppel/chart/keppel-scanner + chartName: keppel-scanner + - chartDir: scanner/nvd/chart/nvd-scanner + chartName: nvd-scanner steps: