Merge pull request #65 from anurag-rajawat/follow-up-56-part-2

feat(deployments): Update helm charts
5GSEC · Feb 20, 2024 · e4dee8e · e4dee8e
2 parents cb1af34 + 2f21798
commit e4dee8e
Show file tree

Hide file tree

Showing 12 changed files with 220 additions and 68 deletions.
diff --git a/deployments/nimbus-kubearmor/Chart.yaml b/deployments/nimbus-kubearmor/Chart.yaml
@@ -15,10 +15,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.1
+version: 0.1.2
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.1.1"
+appVersion: "0.1.2"
diff --git a/...imbus-kubearmor/templates/deployment.yaml → ...nimbus-kubearmor/templates/daemonset.yaml b/...imbus-kubearmor/templates/deployment.yaml → ...nimbus-kubearmor/templates/daemonset.yaml
@@ -1,12 +1,11 @@
 apiVersion: apps/v1
-kind: Deployment
+kind: DaemonSet
 metadata:
   name: {{ include "nimbus-kubearmor.fullname" . }}
   labels:
     {{- include "nimbus-kubearmor.labels" . | nindent 4 }}
   namespace: {{ .Release.Namespace }}
 spec:
-  replicas: {{ .Values.replicaCount }}
   selector:
     matchLabels:
       {{- include "nimbus-kubearmor.selectorLabels" . | nindent 6 }}

diff --git a/deployments/nimbus-kubearmor/templates/role.yaml b/deployments/nimbus-kubearmor/templates/role.yaml
@@ -12,6 +12,15 @@ rules:
       - get
       - list
       - watch
+  - apiGroups:
+      - intent.security.nimbus.com
+    resources:
+      - nimbuspolicies/status
+      - clusternimbuspolicies/status
+    verbs:
+      - get
+      - patch
+      - update
   - apiGroups:
       - security.kubearmor.com
     resources:

diff --git a/deployments/nimbus-kubearmor/values.yaml b/deployments/nimbus-kubearmor/values.yaml
@@ -1,7 +1,5 @@
 # Default values for nimbus-kubearmor.
 
-replicaCount: 1
-
 image:
   repository: 5gsec/nimbus-kubearmor
   pullPolicy: Always

diff --git a/deployments/nimbus-netpol/Chart.yaml b/deployments/nimbus-netpol/Chart.yaml
@@ -15,10 +15,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.1
+version: 0.1.2
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.1.1"
+appVersion: "0.1.2"
diff --git a/...s/nimbus-netpol/templates/deployment.yaml → ...ts/nimbus-netpol/templates/daemonset.yaml b/...s/nimbus-netpol/templates/deployment.yaml → ...ts/nimbus-netpol/templates/daemonset.yaml
@@ -1,12 +1,11 @@
 apiVersion: apps/v1
-kind: Deployment
+kind: DaemonSet
 metadata:
   name: {{ include "nimbus-netpol.fullname" . }}
   labels:
     {{- include "nimbus-netpol.labels" . | nindent 4 }}
   namespace: {{ .Release.Namespace }}
 spec:
-  replicas: {{ .Values.replicaCount }}
   selector:
     matchLabels:
       {{- include "nimbus-netpol.selectorLabels" . | nindent 6 }}

diff --git a/deployments/nimbus-netpol/templates/role.yaml b/deployments/nimbus-netpol/templates/role.yaml
@@ -12,6 +12,15 @@ rules:
       - get
       - list
       - watch
+  - apiGroups:
+      - intent.security.nimbus.com
+    resources:
+      - nimbuspolicies/status
+      - clusternimbuspolicies/status
+    verbs:
+      - get
+      - patch
+      - update
   - apiGroups:
       - networking.k8s.io
     resources:

diff --git a/deployments/nimbus-netpol/values.yaml b/deployments/nimbus-netpol/values.yaml
@@ -1,7 +1,5 @@
 # Default values for nimbus-netpol.
 
-replicaCount: 1
-
 image:
   repository: 5gsec/nimbus-netpol
   pullPolicy: Always

diff --git a/deployments/nimbus/Chart.yaml b/deployments/nimbus/Chart.yaml
@@ -15,10 +15,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
+version: 0.1.1
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.1.0"
+appVersion: "0.1.1"
diff --git a/deployments/nimbus/templates/crds.yaml b/deployments/nimbus/templates/crds.yaml
@@ -1,6 +1,8 @@
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.13.0
   name: clusternimbuspolicies.intent.security.nimbus.com
 spec:
   group: intent.security.nimbus.com
@@ -17,6 +19,12 @@ spec:
         - jsonPath: .status.status
           name: Status
           type: string
+        - jsonPath: .metadata.creationTimestamp
+          name: Age
+          type: date
+        - jsonPath: .status.numberOfAdapterPolicies
+          name: Policies
+          type: integer
       name: v1
       schema:
         openAPIV3Schema:
@@ -51,8 +59,6 @@ spec:
                         properties:
                           action:
                             type: string
-                          mode:
-                            type: string
                           params:
                             additionalProperties:
                               items:
@@ -61,7 +67,6 @@ spec:
                             type: object
                         required:
                           - action
-                          - mode
                         type: object
                       type:
                         type: string
@@ -102,9 +107,20 @@ spec:
             status:
               description: ClusterNimbusPolicyStatus defines the observed state of ClusterNimbusPolicy
               properties:
+                adapterPolicies:
+                  items:
+                    type: string
+                  type: array
+                lastUpdated:
+                  format: date-time
+                  type: string
+                numberOfAdapterPolicies:
+                  format: int32
+                  type: integer
                 status:
                   type: string
               required:
+                - numberOfAdapterPolicies
                 - status
               type: object
           type: object
@@ -116,6 +132,8 @@ spec:
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.13.0
   name: clustersecurityintentbindings.intent.security.nimbus.com
 spec:
   group: intent.security.nimbus.com
@@ -132,6 +150,15 @@ spec:
         - jsonPath: .status.status
           name: Status
           type: string
+        - jsonPath: .metadata.creationTimestamp
+          name: Age
+          type: date
+        - jsonPath: .status.numberOfBoundIntents
+          name: Intents
+          type: integer
+        - jsonPath: .status.clusterNimbusPolicy
+          name: ClusterNimbusPolicy
+          type: string
       name: v1
       schema:
         openAPIV3Schema:
@@ -198,9 +225,23 @@ spec:
               description: ClusterSecurityIntentBindingStatus defines the observed state
                 of ClusterSecurityIntentBinding
               properties:
+                boundIntents:
+                  items:
+                    type: string
+                  type: array
+                clusterNimbusPolicy:
+                  type: string
+                lastUpdated:
+                  format: date-time
+                  type: string
+                numberOfBoundIntents:
+                  format: int32
+                  type: integer
                 status:
                   type: string
               required:
+                - clusterNimbusPolicy
+                - numberOfBoundIntents
                 - status
               type: object
           type: object
@@ -212,6 +253,8 @@ spec:
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.13.0
   name: nimbuspolicies.intent.security.nimbus.com
 spec:
   group: intent.security.nimbus.com
@@ -228,6 +271,12 @@ spec:
         - jsonPath: .status.status
           name: Status
           type: string
+        - jsonPath: .metadata.creationTimestamp
+          name: Age
+          type: date
+        - jsonPath: .status.numberOfAdapterPolicies
+          name: Policies
+          type: integer
       name: v1
       schema:
         openAPIV3Schema:
@@ -263,8 +312,6 @@ spec:
                         properties:
                           action:
                             type: string
-                          mode:
-                            type: string
                           params:
                             additionalProperties:
                               items:
@@ -273,7 +320,6 @@ spec:
                             type: object
                         required:
                           - action
-                          - mode
                         type: object
                       type:
                         type: string
@@ -302,9 +348,20 @@ spec:
             status:
               description: NimbusPolicyStatus defines the observed state of NimbusPolicy
               properties:
+                adapterPolicies:
+                  items:
+                    type: string
+                  type: array
+                lastUpdated:
+                  format: date-time
+                  type: string
+                numberOfAdapterPolicies:
+                  format: int32
+                  type: integer
                 status:
                   type: string
               required:
+                - numberOfAdapterPolicies
                 - status
               type: object
           type: object
@@ -316,6 +373,8 @@ spec:
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.13.0
   name: securityintentbindings.intent.security.nimbus.com
 spec:
   group: intent.security.nimbus.com
@@ -332,6 +391,15 @@ spec:
         - jsonPath: .status.status
           name: Status
           type: string
+        - jsonPath: .metadata.creationTimestamp
+          name: Age
+          type: date
+        - jsonPath: .status.numberOfBoundIntents
+          name: Intents
+          type: integer
+        - jsonPath: .status.nimbusPolicy
+          name: NimbusPolicy
+          type: string
       name: v1
       schema:
         openAPIV3Schema:
@@ -418,9 +486,23 @@ spec:
               description: SecurityIntentBindingStatus defines the observed state of
                 SecurityIntentBinding
               properties:
+                boundIntents:
+                  items:
+                    type: string
+                  type: array
+                lastUpdated:
+                  format: date-time
+                  type: string
+                nimbusPolicy:
+                  type: string
+                numberOfBoundIntents:
+                  format: int32
+                  type: integer
                 status:
                   type: string
               required:
+                - nimbusPolicy
+                - numberOfBoundIntents
                 - status
               type: object
           type: object
@@ -432,6 +514,8 @@ spec:
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.13.0
   name: securityintents.intent.security.nimbus.com
 spec:
   group: intent.security.nimbus.com
@@ -448,6 +532,17 @@ spec:
         - jsonPath: .status.status
           name: Status
           type: string
+        - jsonPath: .metadata.creationTimestamp
+          name: Age
+          type: date
+        - jsonPath: .spec.intent.id
+          name: ID
+          priority: 1
+          type: string
+        - jsonPath: .spec.intent.action
+          name: Action
+          priority: 1
+          type: string
       name: v1
       schema:
         openAPIV3Schema:
@@ -483,11 +578,6 @@ spec:
                         engines to generate corresponding security policies.
                       pattern: ^[a-zA-Z0-9]*$
                       type: string
-                    mode:
-                      default: best-effort
-                      description: Mode defines the enforcement behavior of the intent.
-                        Defaults to best-effort.
-                      type: string
                     params:
                       additionalProperties:
                         items:
@@ -518,13 +608,19 @@ spec:
             status:
               description: SecurityIntentStatus defines the observed state of SecurityIntent
               properties:
+                action:
+                  type: string
+                id:
+                  type: string
                 status:
                   type: string
               required:
+                - action
+                - id
                 - status
               type: object
           type: object
       served: true
       storage: true
       subresources:
-        status: {}
+        status: {}