feat: update charts

Privado-Inc · Apr 12, 2024 · df51cac · df51cac
1 parent 5655ab7
commit df51cac
Show file tree

Hide file tree

Showing 6 changed files with 96 additions and 54 deletions.
diff --git a/code-analysis/Chart.yaml b/code-analysis/Chart.yaml
@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.6
+version: 0.2.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

diff --git a/code-analysis/templates/andromeda.yaml b/code-analysis/templates/andromeda.yaml
@@ -158,7 +158,7 @@ spec:
         app: {{ .Values.andromeda.podAppLabel }}
       annotations:
         checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum | quote }}
-        checksum/enterprise.conf: {{ include (print $.Template.BasePath "/config.andromeda-enterpise-conf.yaml") . | sha256sum | quote }}
+        checksum/enterprise.conf: {{ include (print $.Template.BasePath "/secrets.andromeda-enterpise-conf.yaml") . | sha256sum | quote }}
         checksum/nginx.conf: {{ include (print $.Template.BasePath "/config.andromeda-nginx-conf.yaml") . | sha256sum | quote }}
     spec:
       imagePullSecrets:
@@ -259,8 +259,8 @@ spec:
         persistentVolumeClaim:
           claimName: {{ .Values.andromeda.volumes.scanResultsVolume.claimName }}
       - name: enterprise-conf
-        configMap:
-          name: andromeda-enterprise-conf
+        secret:
+          secretName: andromeda-enterprise-conf
       - name: nginx-conf
         configMap:
           name: andromeda-nginx-conf
diff --git a/code-analysis/templates/config.andromeda-enterpise-conf.yaml b/code-analysis/templates/config.andromeda-enterpise-conf.yaml
diff --git a/code-analysis/templates/config.yaml b/code-analysis/templates/config.yaml
@@ -14,8 +14,24 @@ data:
   K8S_M2CACHE_PVC_NAME: {{ .Values.janus.volumes.m2Volume.claimName }}
   K8S_GRADLECACHE_PVC_NAME: {{ .Values.janus.volumes.gradleVolume.claimName }}
   K8S_IMAGE_PULL_SECRET: {{ .Values.base.imagePullSecret }}
-  K8S_WEBSITE_SCAN_MIN_CPU: {{ .Values.websitescan.resources.requests.cpu }}
+
   K8S_WEBSITE_SCAN_MIN_RAM: {{ .Values.websitescan.resources.requests.memory }}
+  K8S_WEBSITE_SCAN_MIN_CPU: {{ .Values.websitescan.resources.requests.cpu }}
+  {{- if .Values.websitescan.resources.limits.memory }}
+  K8S_WEBSITE_SCAN_MAX_RAM: {{ .Values.websitescan.resources.limits.memory | quote }}
+  {{- end }}
+  {{- if .Values.websitescan.resources.limits.cpu }}
+  K8S_WEBSITE_SCAN_MAX_CPU: {{ .Values.websitescan.resources.limits.cpu | quote }}
+  {{- end }}
+
+  SCANNER_MINIMUM_RAM: {{ .Values.janus.resources.requests.memory | quote }}
+  SCANNER_MINIMUM_CPU: {{ .Values.janus.resources.requests.cpu | quote }}
+  {{- if .Values.janus.resources.limits.memory }}
+  SCANNER_MAXIMUM_RAM: {{ .Values.janus.resources.limits.memory | quote }}
+  {{- end }}
+  {{- if .Values.janus.resources.limits.cpu }}
+  SCANNER_MAXIMUM_CPU: {{ .Values.janus.resources.limits.cpu | quote }}
+  {{- end }}
 
   {{- if .Values.andromeda.node.hostname }}
   K8S_NODE_HOST_NAME: {{ .Values.andromeda.node.hostname }}
@@ -41,4 +57,4 @@ data:
   {{- if $val }}
   {{ $key }}: {{ $val | quote }}
   {{- end }}
-  {{- end }}
+  {{- end }}
diff --git a/code-analysis/templates/secrets.andromeda-enterpise-conf.yaml b/code-analysis/templates/secrets.andromeda-enterpise-conf.yaml
@@ -0,0 +1,24 @@
+{{- $data := "" }}
+{{- $data = printf "%s%s=%s\n" $data "_SERVER_NAME_" (.Values.base.host | quote) }}
+{{- $data = printf "%s%s=%s\n" $data "CONFIG_UI_HOST" (tpl "{{ .Values.base.protocol }}://{{ .Values.base.host }}/" . | quote) }}
+{{- $data = printf "%s%s=%s\n" $data "CONFIG_BACKEND_HOST" (tpl "{{ .Values.base.protocol }}://{{ .Values.base.host }}/" . | quote) }}
+{{- $data = printf "%s%s=%s\n" $data "CONFIG_PARTY_SCANNER_IMAGE_URI" (tpl "{{ tpl .Values.websitescan.image.name . }}:{{ .Values.websitescan.image.tag }}" . | quote) }}
+{{- range $key, $value := .Values.andromeda.enterpriseConf.values }}
+{{- $data = printf "%s%s=%s\n" $data $key ($value | quote) }}
+{{- end }}
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: andromeda-enterprise-conf
+  labels: 
+    {{- range $key, $val := .Values.andromeda.enterpriseConf.secretLabels }}
+    {{ $key }}: {{ $val | quote }}
+    {{- end }}
+  annotations: 
+    {{- range $key, $val := .Values.andromeda.enterpriseConf.secretAnnotations }}
+    {{ $key }}: {{ $val | quote }}
+    {{- end }}
+type: Opaque
+data:
+  enterprise.conf: {{ $data | b64enc }}
diff --git a/code-analysis/values.yaml b/code-analysis/values.yaml
@@ -148,8 +148,6 @@ config:
     # which works as env variables for andromeda
     DEPLOYMENT_GROUP_NAME: "enterprise-env"
     SCANNER_KIND: k8s
-    SCANNER_MINIMUM_RAM: 3Gi
-    SCANNER_MINIMUM_CPU: 3
   # values added here will be populated only if value is defined
   optionalData:
     SCANNER_OSS_IMAGE_URL:
@@ -213,50 +211,61 @@ andromeda:
       storage: 15Gi
       mountPath: "/home/ubuntu/install/scan_results"
   enterpriseConf:
-    PRIVADO_LICENSE_USER_HASH: ""
-    PRIVADO_LICENSE_PRIVATE_KEY: ""
+    secretLabels:    # key: value
+    secretAnnotations:    # key: value
+    values:
+      PRIVADO_LICENSE_USER_HASH: ""
+      PRIVADO_LICENSE_PRIVATE_KEY: ""
 
-    CONFIG_HUERISTICS_PSW: ""
-    CONFIG_USERS_PSW: ""
-    CONFIG_SCANMANAGER_PSW: ""
-    CONFIG_CODE_ENGINE_MASTER_PSW: ""
-    CONFIG_ASSESSMENTS_PSW: ""
+      CONFIG_HUERISTICS_PSW: ""
+      CONFIG_USERS_PSW: ""
+      CONFIG_SCANMANAGER_PSW: ""
+      CONFIG_CODE_ENGINE_MASTER_PSW: ""
+      CONFIG_ASSESSMENTS_PSW: ""
 
-    CUSTOMER_GITLAB_HOST: "CUSTOMER_GITLAB_HOST"
-    CUSTOMER_GITLAB_APP_ID: "CUSTOMER_GITLAB_APP_ID"
-    CUSTOMER_GITLAB_APP_SECRET: "CUSTOMER_GITLAB_APP_SECRET"
+      CUSTOMER_GITLAB_HOST: "CUSTOMER_GITLAB_HOST"
+      CUSTOMER_GITLAB_APP_ID: "CUSTOMER_GITLAB_APP_ID"
+      CUSTOMER_GITLAB_APP_SECRET: "CUSTOMER_GITLAB_APP_SECRET"
 
-    CUSTOMER_GH_APP_ID: ''
-    CUSTOMER_GH_APP_KEY: ""
-    CUSTOMER_GH_WEBHOOK_SECRET: ''
+      CUSTOMER_GH_APP_ID: ''
+      CUSTOMER_GH_APP_KEY: ""
+      CUSTOMER_GH_WEBHOOK_SECRET: ''
 
-    CUSTOMER_BITBUCKET_CLOUD_APP_KEY: 'CUSTOMER_BITBUCKET_CLOUD_APP_KEY'
-    CUSTOMER_BITBUCKET_CLOUD_APP_SECRET: 'CUSTOMER_BITBUCKET_CLOUD_APP_SECRET'
+      CUSTOMER_BITBUCKET_CLOUD_APP_KEY: 'CUSTOMER_BITBUCKET_CLOUD_APP_KEY'
+      CUSTOMER_BITBUCKET_CLOUD_APP_SECRET: 'CUSTOMER_BITBUCKET_CLOUD_APP_SECRET'
 
-    SSO_ENABLED_FOR_CUSTOMER: "__OKTA_ENABLED__"
-    CUSTOMER_SSO_DOMAIN: "__CUSTOMER_SSO_DOMAIN__"
-    CUSTOMER_SSO_CLIENT_ID: "__CUSTOMER_SSO_CLIENT_ID__"
-    CUSTOMER_SSO_SUPER_ADMIN_EMAIL: "__CUSTOMER_OKTA_SUPER_ADMIN__"
-    CUSTOMER_SSO_TYPE: "__CUSTOMER_SSO_TYPE__"
+      SSO_ENABLED_FOR_CUSTOMER: "__OKTA_ENABLED__"
+      CUSTOMER_SSO_DOMAIN: "__CUSTOMER_SSO_DOMAIN__"
+      CUSTOMER_SSO_CLIENT_ID: "__CUSTOMER_SSO_CLIENT_ID__"
+      CUSTOMER_SSO_SUPER_ADMIN_EMAIL: "__CUSTOMER_OKTA_SUPER_ADMIN__"
+      CUSTOMER_SSO_TYPE: "__CUSTOMER_SSO_TYPE__"
 
-    HAS_NO_INTERNET_CONNECTION: "false"
-    CUSTOMER_EMAIL_HOST: "__EMAIL_HOST__"
-    CUSTOMER_EMAIL_PORT: "__EMAIL_PORT__"  # (587 for TLS, 465 for SSL, or 25 for non-encrypted)
-    CUSTOMER_EMAIL_USE_TLS: "__EMAIL_USE_TLS__"  # Set to 1 if your SMTP server uses TLS, 0 if not
-    CUSTOMER_EMAIL_USE_SSL: "__EMAIL_USE_SSL__"  # Set to 1 if your SMTP server uses SSL, 0 if not
-    CUSTOMER_EMAIL_HOST_USER: "__EMAIL_HOST_USER__"  # Your SMTP username
-    CUSTOMER_EMAIL_HOST_PASSWORD: "__EMAIL_HOST_PASSWORD__"
-    CUSTOMER_EMAIL_FROM: "__EMAIL_EMAIL_FROM__"
-    CUSTOMER_SUPPORT_EMAIL: "__EMAIL_EMAIL_SUPPORT__"
-    CUSTOMER_EMAIL_SSL_CERTFILE: "__EMAIL_SSL_CERT__"
-    CUSTOMER_EMAIL_SSL_KEYFILE: "__EMAIL_SSL_KEY__"
+      HAS_NO_INTERNET_CONNECTION: "false"
+      CUSTOMER_EMAIL_HOST: "__EMAIL_HOST__"
+      CUSTOMER_EMAIL_PORT: "__EMAIL_PORT__"  # (587 for TLS, 465 for SSL, or 25 for non-encrypted)
+      CUSTOMER_EMAIL_USE_TLS: "__EMAIL_USE_TLS__"  # Set to 1 if your SMTP server uses TLS, 0 if not
+      CUSTOMER_EMAIL_USE_SSL: "__EMAIL_USE_SSL__"  # Set to 1 if your SMTP server uses SSL, 0 if not
+      CUSTOMER_EMAIL_HOST_USER: "__EMAIL_HOST_USER__"  # Your SMTP username
+      CUSTOMER_EMAIL_HOST_PASSWORD: "__EMAIL_HOST_PASSWORD__"
+      CUSTOMER_EMAIL_FROM: "__EMAIL_EMAIL_FROM__"
+      CUSTOMER_SUPPORT_EMAIL: "__EMAIL_EMAIL_SUPPORT__"
+      CUSTOMER_EMAIL_SSL_CERTFILE: "__EMAIL_SSL_CERT__"
+      CUSTOMER_EMAIL_SSL_KEYFILE: "__EMAIL_SSL_KEY__"
 
-    CONFIG_AI_SERVICE_AVAILABLE: "false"
-    CONFIG_AI_SERVICE_PATH: ""
+      CONFIG_AI_SERVICE_AVAILABLE: "false"
+      CONFIG_AI_SERVICE_PATH: ""
 
 
 # Values related to janus.yaml 
+# for each provisioned code-scanner
 janus:
+  resources:
+    requests:
+      cpu: "3.0"
+      memory: "3Gi"
+    limits:
+      cpu:
+      memory:
   volumes:
     storageClass: ""    # NEEDS-CUSTOMER-INPUT  # should support RWX
     accessModes: [ "ReadWriteMany" ]    # NEEDS-CUSTOMER-INPUT # depends on andromeda.node.hostname
@@ -326,7 +335,13 @@ mastervendor:
 
 
 websitescan:
+  image:
+    name: "638117407428.dkr.ecr.{{ if .Values.base.isProduction }}{{ .Values.base.prodRegion }}{{ else }}{{ .Values.base.testRegion }}{{ end }}.amazonaws.com/party-scanner"
+    tag: latest
   resources:
     requests:
       cpu: 200m
       memory: 200Mi
+    limits:
+      cpu:
+      memory: