From f661a0a96fe4f9331507493502443e5897a7d774 Mon Sep 17 00:00:00 2001
From: Bradley Reynolds <bradley.reynolds@darbia.dev>
Date: Sat, 2 Mar 2024 10:28:40 -0600
Subject: [PATCH] Add deployment for Dragonfly reporter (#40)

Signed-off-by: GitHub <noreply@github.com>
---
 .../manifests/dragonfly/reporter/README.md    | 11 +++++++
 .../dragonfly/reporter/deployment.yaml        | 31 +++++++++++++++++++
 .../manifests/dragonfly/reporter/service.yaml | 12 +++++++
 3 files changed, 54 insertions(+)
 create mode 100644 kubernetes/manifests/dragonfly/reporter/README.md
 create mode 100644 kubernetes/manifests/dragonfly/reporter/deployment.yaml
 create mode 100644 kubernetes/manifests/dragonfly/reporter/service.yaml

diff --git a/kubernetes/manifests/dragonfly/reporter/README.md b/kubernetes/manifests/dragonfly/reporter/README.md
new file mode 100644
index 0000000..123a984
--- /dev/null
+++ b/kubernetes/manifests/dragonfly/reporter/README.md
@@ -0,0 +1,11 @@
+# Dragonfly Reporter
+
+Infra configuration for the [Dragonfly Reporter](https://github.com/vipyrsec/dragonfly-reporter).
+
+## Secrets
+This deployment expects a number of secrets and environment variables to exist in a secret called `dragonfly-reporter-secrets`.
+
+
+| Environment             | Description                                 |
+|-------------------------|---------------------------------------------|
+| OBSERVATION_API_TOKEN   | The auth token for PyPI's Obeservations API |
diff --git a/kubernetes/manifests/dragonfly/reporter/deployment.yaml b/kubernetes/manifests/dragonfly/reporter/deployment.yaml
new file mode 100644
index 0000000..8001a18
--- /dev/null
+++ b/kubernetes/manifests/dragonfly/reporter/deployment.yaml
@@ -0,0 +1,31 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: dragonfly
+  name: reporter
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: reporter
+  template:
+    metadata:
+      labels:
+        app: reporter
+    spec:
+      containers:
+        - name: reporter
+          image: ghcr.io/vipyrsec/dragonfly-reporter:edge
+          imagePullPolicy: Always
+          envFrom:
+            - secretRef:
+                name: dragonfly-reporter-env
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            runAsNonRoot: true
+            runAsUser: 10000
+            runAsGroup: 10000
+            readOnlyRootFilesystem: true
diff --git a/kubernetes/manifests/dragonfly/reporter/service.yaml b/kubernetes/manifests/dragonfly/reporter/service.yaml
new file mode 100644
index 0000000..a593178
--- /dev/null
+++ b/kubernetes/manifests/dragonfly/reporter/service.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: dragonfly
+  name: reporter
+spec:
+  selector:
+    app: reporter
+  ports:
+    - protocol: TCP
+      port: 8000
+      targetPort: 8000