Add deployment for Dragonfly reporter (#40)

Signed-off-by: GitHub <[email protected]>

kubernetes/manifests/dragonfly/reporter/README.md

@@ -0,0 +1,11 @@
+# Dragonfly Reporter
+
+Infra configuration for the [Dragonfly Reporter](https://github.com/vipyrsec/dragonfly-reporter).
+
+## Secrets
+This deployment expects a number of secrets and environment variables to exist in a secret called `dragonfly-reporter-secrets`.
+
+
+| Environment             | Description                                 |
+|-------------------------|---------------------------------------------|
+| OBSERVATION_API_TOKEN   | The auth token for PyPI's Obeservations API |

kubernetes/manifests/dragonfly/reporter/deployment.yaml

@@ -0,0 +1,31 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: dragonfly
+  name: reporter
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: reporter
+  template:
+    metadata:
+      labels:
+        app: reporter
+    spec:
+      containers:
+        - name: reporter
+          image: ghcr.io/vipyrsec/dragonfly-reporter:edge
+          imagePullPolicy: Always
+          envFrom:
+            - secretRef:
+                name: dragonfly-reporter-env
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            runAsNonRoot: true
+            runAsUser: 10000
+            runAsGroup: 10000
+            readOnlyRootFilesystem: true

kubernetes/manifests/dragonfly/reporter/service.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: dragonfly
+  name: reporter
+spec:
+  selector:
+    app: reporter
+  ports:
+    - protocol: TCP
+      port: 8000
+      targetPort: 8000