pub/charts
1
0
Fork 0
Code Issues Pull requests Releases Packages 19 Activity Actions

fix: release changes to allow for config from external source

Browse source
This commit is contained in:
Tommy 2024-05-13 22:47:48 +02:00
parent f1892da689
commit 0ce506b5c2
No known key found for this signature in database
7 changed files with 22 additions and 218 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
charts/yeti/Chart.yaml
View file

@ -1,6 +1,6 @@
apiVersion: v2
name: yeti
version: 1.0.2
version: 1.0.3
description: A Helm chart for Yeti Kubernetes deployments.
keywords:
- yeti

6
charts/yeti/templates/_helpers.tpl
View file

@ -9,11 +9,7 @@ Expand the name of the chart.
Create a default fully qualified app name.
*/}}
{{- define "yeti.fullname" -}}
{{- if contains .Chart.Name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name "yeti" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end }}
{{/*

181
charts/yeti/templates/config.yaml
View file

@ -1,181 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "timesketch.fullname" . }}-init-configmap
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "timesketch.labels" . | nindent 4 }}
data:
yeti.conf: |
[system]
##
## Basic system settings
##
# if export_path is not set, then the default value is /tmp
export_path = /opt/yeti/exports
logging = /var/log/yeti_user_activity.log
plugins_path = ./plugins
audit_logfile = /var/log/yeti_audit.log
# Public scheme + hostname + port for Yeti. Use it if you want to specify an
# OIDC callback
# for testing use also a port number, e.g. http://localhost:8000
# webroot =
[auth]
##
## Use these settings to configure Yeti authentication.
##
# oidc, local
module = oidc
# to get a stronger value run:
# openssl rand -hex 32
# SECRET_KEY = SECRET
# ALGORITHM = HS256
# ACCESS_TOKEN_EXPIRE_MINUTES = 30
enabled = True
# OIDC
#
# Google can be used as an OIDC provider:
# See Instructions here: https://developers.google.com/identity/protocols/oauth2
#
# OIDC_CLIENT_ID = LONGRANDOMSTRING.apps.googleusercontent.com
# OIDC_CLIENT_SECRET = BLABLA-BLABLABLA
# OIDC_DISCOVERY_URL = https://accounts.google.com/.well-known/openid-configuration
[tag]
##
## Use these settings to configure Yeti tags.
## If you specify default_tag_expiration = 7776000, then the tag will expire for 90 days.
## Value must be in seconds (7776000 seconds is 90 days).
##
# default_tag_expiration = 7776000
[arangodb]
##
## Use these settings to configure how to connect to your ArangoDB database.
## All settings are optional, with default values being the one in the comment.
## If you do not specify a username and password, there will be no authentication.
##
# host = arangodb
# port = 8529
# username = root
# password =
# database = yeti_dev
[redis]
##
## Use these settings to configure how to connect to your redis server.
## All settings are optional, with default values being the one in the comment.
##
# host = redis
# port = 6379
# database = 0
# tls = ok
[misp]
##
## Use this setting in order to specify a comma-separated list of MISP instances
## that should be taken into account by the MISP feed.
##
# instances = misp_1
[misp_1]
##
## For each instance in the 'misp.instances' setting, you should specify a
## configuration block with this format, in order to specify at least the URL
## and the auth key.
##
# name = MISP_1
# url = MISP_URL
# key = MISP_AUTH_KEY
# galaxy_filter = filtering_galaxy_to_drop
# days = days_history_to_change_by_default_60_days
# verifycert = true_or_false
[proxy]
# Format proxies like socks5://user:pass@host:port
http =
https =
[github]
# Generate token: https://github.com/settings/tokens
# Select repo only
# no token - limit 60 r/h
# w/ token - limit 5k r/h
# token =
[otx]
key = YourOTXKey
days = 1
[abuseIPDB]
key = YourKey
[phishtank]
key=
[vt]
key=
[passivedns]
login=
password=
url=
[circl_passivessl]
username=
password=
[circl_pdns]
username=
password=
[dnsdb]
api_key=
[macaddressio]
api_key=
[malshare]
api_key=
[timesketch]
endpoint =
username =
password =
[censys]
api_key =
secret =
[shodan]
# Set result_limit to -1 for unlimited results, default is 100
api_key =
result_limit =
[dfiq]
# Comma-separated list of additional directories to load DFIQ objects from.
extra_dirs = /dfiq

9
charts/yeti/templates/deployment-api.yaml
View file

@ -48,6 +48,15 @@ spec:
- containerPort: 8000
resources:
{{- toYaml .Values.backend.api.resources | nindent 12 }}
volumeMounts:
- mountPath: /etc/yeti.conf
subPath: yeti.conf
name: yeti-conf
readOnly: true
volumes:
- name: yeti-conf
secret:
secretName: {{ .Values.existingConfigSecret }}
{{- with .Values.backend.api.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}

10
charts/yeti/templates/deployment-tasks.yaml
View file

@ -43,6 +43,16 @@ spec:
{{- end }}
resources:
{{- toYaml .Values.backend.tasks.resources | nindent 12 }}
volumeMounts:
- mountPath: /etc/yeti.conf
subPath: yeti.conf
name: yeti-conf
readOnly: true
volumes:
- name: yeti-conf
secret:
secretName: {{ .Values.existingConfigSecret }}
{{- with .Values.backend.tasks.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}

31
charts/yeti/tests/values.yaml
View file

@ -1,31 +0,0 @@
config:
externalUrl: https://cache.example.com/
persistence:
existingClaim: attic
initContainers:
dbInit:
image:
repository: ghcr.io/onedr0p/postgres-init
tag: "16"
envFrom:
- secretRef:
name: attic-secret
envFromSecret: attic-secret
image:
repository: ghcr.io/zhaofengli/attic
tag: 4dbdbee45728d8ce5788db6461aaaa89d98081f0
postgres:
secretName: attic-secret
resources:
limits:
memory: "3Gi"
cpu: "1000m"
# requests:
# cpu: 100m
# memory: 250Mi

1
charts/yeti/values.yaml
View file

@ -1,4 +1,5 @@
existingSecret: yeti-secret
existingConfigSecret: yeti-conf
frontend:
image: