From 5e5877e6c38eb8937711ed0a73d44171370b09e9 Mon Sep 17 00:00:00 2001 From: unglaublicherdude Date: Wed, 21 Feb 2024 15:02:33 +0100 Subject: [PATCH 1/7] add extra env vars --- .gitignore | 3 ++- charts/vaas/Chart.lock | 12 ++++++++++++ charts/vaas/templates/gateway/_helpers.tpl | 7 +++++++ charts/vaas/templates/gateway/statefulset.yaml | 14 +++++++++++++- 4 files changed, 34 insertions(+), 2 deletions(-) create mode 100644 charts/vaas/Chart.lock diff --git a/.gitignore b/.gitignore index 65999cf..596e88d 100644 --- a/.gitignore +++ b/.gitignore @@ -3,4 +3,5 @@ *.log *-locale.yaml *.tgz -.fleet/ \ No newline at end of file +.fleet/ +values-local.yaml \ No newline at end of file diff --git a/charts/vaas/Chart.lock b/charts/vaas/Chart.lock new file mode 100644 index 0000000..9f545c5 --- /dev/null +++ b/charts/vaas/Chart.lock @@ -0,0 +1,12 @@ +dependencies: +- name: redis + repository: https://charts.bitnami.com/bitnami + version: 18.13.0 +- name: gdscan + repository: https://gdatasoftwareag.github.io/gdscan/ + version: 1.6.0 +- name: mini-identity-provider + repository: oci://ghcr.io/gdatasoftwareag + version: 0.1.17 +digest: sha256:c82d0b1c806656eace4e0fad4b2e73f5b3a2f5ba497b12788e77b3a3f4488030 +generated: "2024-02-21T14:56:55.183577055+01:00" diff --git a/charts/vaas/templates/gateway/_helpers.tpl b/charts/vaas/templates/gateway/_helpers.tpl index 87cd34d..d300635 100644 --- a/charts/vaas/templates/gateway/_helpers.tpl +++ b/charts/vaas/templates/gateway/_helpers.tpl @@ -88,4 +88,11 @@ Create environment variables to configure gateway container. - name: VerdictAsAService__Credentials__ClientSecret {{ toYaml .Values.gateway.options.credentials.clientsecret }} {{- end }} +{{- end }} + +{{- define "gateway.extractEnvVars" -}} +{{- range $key, $value := .Values.gateway.extraEnvVars }} +- name: {{ $key }} + value: {{ $value | quote }} +{{- end }} {{- end }} \ No newline at end of file diff --git a/charts/vaas/templates/gateway/statefulset.yaml b/charts/vaas/templates/gateway/statefulset.yaml index 52e64c7..d617666 100644 --- a/charts/vaas/templates/gateway/statefulset.yaml +++ b/charts/vaas/templates/gateway/statefulset.yaml @@ -37,7 +37,19 @@ spec: - mountPath: /tmp name: gateway-tmp env: - {{- include "gateway.env" . | nindent 12 }} + - name: Authentication__Schemes__Bearer__Authority + value: {{.Values.gateway.authentication.authority}} + - name: Authentication__Schemes__Bearer__RequireHttpsMetadata + value: "false" + - name: Upload__Endpoint + value: {{.Values.gateway.uploadUrl}} + - name: JwtSettings__Secret + value: {{ randAlphaNum 64 }} + - name: GDScanConfiguration__Url + value: "http://gdscan:8080/scan/body" + - name: RedisConfiguration__Configuration + value: "redis-master" + {{- include "gateway.extractEnvVars" . | nindent 12 }} ports: - name: http containerPort: {{ .Values.gateway.service.http.port }} From 45ccd0e5fc8a84eb538388a2d4a310e0ffc87ff3 Mon Sep 17 00:00:00 2001 From: PT-ATA No One Date: Wed, 21 Feb 2024 15:26:41 +0100 Subject: [PATCH 2/7] render yaml as extra env vars instead of own function --- .gitignore | 3 +- charts/vaas/templates/gateway/_helpers.tpl | 37 ------------------- .../vaas/templates/gateway/statefulset.yaml | 14 ++++++- charts/vaas/values.yaml | 2 + 4 files changed, 17 insertions(+), 39 deletions(-) diff --git a/.gitignore b/.gitignore index 596e88d..8250dd6 100644 --- a/.gitignore +++ b/.gitignore @@ -4,4 +4,5 @@ *-locale.yaml *.tgz .fleet/ -values-local.yaml \ No newline at end of file +values-local.yaml +.output/ \ No newline at end of file diff --git a/charts/vaas/templates/gateway/_helpers.tpl b/charts/vaas/templates/gateway/_helpers.tpl index d300635..18e0222 100644 --- a/charts/vaas/templates/gateway/_helpers.tpl +++ b/charts/vaas/templates/gateway/_helpers.tpl @@ -59,40 +59,3 @@ Selector labels app.kubernetes.io/name: {{ include "gateway.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} - -{{/* -Create environment variables to configure gateway container. -*/}} -{{- define "gateway.env" }} -- name: Authentication__Schemes__Bearer__Authority - value: {{.Values.gateway.authentication.authority}} -- name: Authentication__Schemes__Bearer__RequireHttpsMetadata - value: "false" -- name: Upload__Endpoint - value: {{.Values.gateway.uploadUrl}} -- name: JwtSettings__Secret - value: {{ randAlphaNum 64 }} -- name: GDScanConfiguration__Url - value: "http://gdscan:8080/scan/body" -- name: RedisConfiguration__Configuration - value: "redis-master" -{{- if .Values.gateway.cloudhashlookup.enabled }} -- name: VerdictAsAService__Url - value: {{ .Values.gateway.options.url | quote }} -- name: VerdictAsAService__TokenUrl - value: {{ .Values.gateway.options.tokenurl | quote }} -- name: VerdictAsAService__Credentials__GrantType - value: {{ .Values.gateway.options.credentials.granttype | quote }} -- name: VerdictAsAService__Credentials__ClientId - value: {{ .Values.gateway.options.credentials.clientid | quote }} -- name: VerdictAsAService__Credentials__ClientSecret - {{ toYaml .Values.gateway.options.credentials.clientsecret }} -{{- end }} -{{- end }} - -{{- define "gateway.extractEnvVars" -}} -{{- range $key, $value := .Values.gateway.extraEnvVars }} -- name: {{ $key }} - value: {{ $value | quote }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/vaas/templates/gateway/statefulset.yaml b/charts/vaas/templates/gateway/statefulset.yaml index d617666..364befa 100644 --- a/charts/vaas/templates/gateway/statefulset.yaml +++ b/charts/vaas/templates/gateway/statefulset.yaml @@ -49,7 +49,19 @@ spec: value: "http://gdscan:8080/scan/body" - name: RedisConfiguration__Configuration value: "redis-master" - {{- include "gateway.extractEnvVars" . | nindent 12 }} + {{- if .Values.gateway.cloudhashlookup.enabled }} + - name: VerdictAsAService__Url + value: {{ .Values.gateway.options.url | quote }} + - name: VerdictAsAService__TokenUrl + value: {{ .Values.gateway.options.tokenurl | quote }} + - name: VerdictAsAService__Credentials__GrantType + value: {{ .Values.gateway.options.credentials.granttype | quote }} + - name: VerdictAsAService__Credentials__ClientId + value: {{ .Values.gateway.options.credentials.clientid | quote }} + - name: VerdictAsAService__Credentials__ClientSecret + {{ toYaml .Values.gateway.options.credentials.clientsecret }} + {{- end }} + {{- toYaml .Values.gateway.extraEnvVars | nindent 12 }} ports: - name: http containerPort: {{ .Values.gateway.service.http.port }} diff --git a/charts/vaas/values.yaml b/charts/vaas/values.yaml index 6c032fc..51b1ec2 100644 --- a/charts/vaas/values.yaml +++ b/charts/vaas/values.yaml @@ -134,6 +134,8 @@ gateway: tolerations: [] affinity: {} + extraEnvVars: [] + # This block is only for G DATA's internal usage. hashlookup: enabled: false From 7913f4d455271d1f4e532b706a8528d180ea0481 Mon Sep 17 00:00:00 2001 From: PT-ATA No One Date: Wed, 21 Feb 2024 15:35:29 +0100 Subject: [PATCH 3/7] increase verson --- charts/vaas/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/vaas/Chart.yaml b/charts/vaas/Chart.yaml index 65694fa..920ed19 100644 --- a/charts/vaas/Chart.yaml +++ b/charts/vaas/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: vaas -version: 1.0.3 +version: 1.0.4 description: Deployment of a Verdict-as-a-Service on-premise instance maintainers: - name: G DATA CyberDefense AG @@ -8,7 +8,7 @@ maintainers: type: application dependencies: - name: redis - version: 18.13.0 + version: 18.15.0 condition: redis.enabled repository: https://charts.bitnami.com/bitnami - name: gdscan From d7a89a2451bd493c65b928f36bd87b057959ffc5 Mon Sep 17 00:00:00 2001 From: PT-ATA No One Date: Wed, 21 Feb 2024 15:41:08 +0100 Subject: [PATCH 4/7] don't push chart.lock file --- .gitignore | 3 ++- charts/vaas/Chart.lock | 12 ------------ 2 files changed, 2 insertions(+), 13 deletions(-) delete mode 100644 charts/vaas/Chart.lock diff --git a/.gitignore b/.gitignore index 8250dd6..2981848 100644 --- a/.gitignore +++ b/.gitignore @@ -5,4 +5,5 @@ *.tgz .fleet/ values-local.yaml -.output/ \ No newline at end of file +.output/ +Chart.lock \ No newline at end of file diff --git a/charts/vaas/Chart.lock b/charts/vaas/Chart.lock deleted file mode 100644 index 9f545c5..0000000 --- a/charts/vaas/Chart.lock +++ /dev/null @@ -1,12 +0,0 @@ -dependencies: -- name: redis - repository: https://charts.bitnami.com/bitnami - version: 18.13.0 -- name: gdscan - repository: https://gdatasoftwareag.github.io/gdscan/ - version: 1.6.0 -- name: mini-identity-provider - repository: oci://ghcr.io/gdatasoftwareag - version: 0.1.17 -digest: sha256:c82d0b1c806656eace4e0fad4b2e73f5b3a2f5ba497b12788e77b3a3f4488030 -generated: "2024-02-21T14:56:55.183577055+01:00" From 157402ebc950f69e4067051e9170d9c7ed926eed Mon Sep 17 00:00:00 2001 From: PT-ATA No One Date: Wed, 21 Feb 2024 15:41:19 +0100 Subject: [PATCH 5/7] increase version number in ci file --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index d2c2718..929f482 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -49,7 +49,7 @@ jobs: with: name: vaas repository: gdatasoftwareag/charts - tag: 1.0.3 + tag: 1.0.4 path: charts/vaas registry: ghcr.io registry_username: ${{ secrets.REGISTRY_USERNAME }} From 0f798c46daf08b3367120a85d79f5ab2b61beb18 Mon Sep 17 00:00:00 2001 From: PT-ATA No One Date: Wed, 21 Feb 2024 15:43:06 +0100 Subject: [PATCH 6/7] fix redis version --- charts/vaas/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/vaas/Chart.yaml b/charts/vaas/Chart.yaml index 920ed19..c4f10fe 100644 --- a/charts/vaas/Chart.yaml +++ b/charts/vaas/Chart.yaml @@ -8,7 +8,7 @@ maintainers: type: application dependencies: - name: redis - version: 18.15.0 + version: 18.14.0 condition: redis.enabled repository: https://charts.bitnami.com/bitnami - name: gdscan From b45311bee3f4057bb7994f3a2196fe8a7c1122cc Mon Sep 17 00:00:00 2001 From: PT-ATA No One Date: Wed, 21 Feb 2024 16:09:05 +0100 Subject: [PATCH 7/7] fix extraenvvars --- charts/vaas/templates/gateway/statefulset.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/charts/vaas/templates/gateway/statefulset.yaml b/charts/vaas/templates/gateway/statefulset.yaml index 364befa..24d545e 100644 --- a/charts/vaas/templates/gateway/statefulset.yaml +++ b/charts/vaas/templates/gateway/statefulset.yaml @@ -36,7 +36,10 @@ spec: volumeMounts: - mountPath: /tmp name: gateway-tmp - env: + env: + {{- if .Values.gateway.extraEnvVars }} + {{- toYaml .Values.gateway.extraEnvVars | nindent 12 }} + {{- end }} - name: Authentication__Schemes__Bearer__Authority value: {{.Values.gateway.authentication.authority}} - name: Authentication__Schemes__Bearer__RequireHttpsMetadata @@ -61,7 +64,6 @@ spec: - name: VerdictAsAService__Credentials__ClientSecret {{ toYaml .Values.gateway.options.credentials.clientsecret }} {{- end }} - {{- toYaml .Values.gateway.extraEnvVars | nindent 12 }} ports: - name: http containerPort: {{ .Values.gateway.service.http.port }}