diff --git a/charts/hashr/Chart.yaml b/charts/hashr/Chart.yaml index 4cee47e..88da4d3 100644 --- a/charts/hashr/Chart.yaml +++ b/charts/hashr/Chart.yaml @@ -7,7 +7,7 @@ description: | # renovate: image=us-docker.pkg.dev/osdfir-registry/hashr/release/hashr appVersion: "20240508" type: application -version: 0.2.1 +version: 0.2.2 maintainers: - name: Tommy Skaug email: tommy@skaug.me diff --git a/charts/hashr/ci/pluto-values.yaml b/charts/hashr/ci/pluto-values.yaml index e69de29..633286b 100644 --- a/charts/hashr/ci/pluto-values.yaml +++ b/charts/hashr/ci/pluto-values.yaml @@ -0,0 +1,73 @@ +# Recommended start size of pvc is 20GB +existingPVC: "" +existingSecretName: hashr-secret + +initContainers: + dbInit: + image: + repository: ghcr.io/onedr0p/postgres-init + tag: "16" + existingSecretName: hashr-postgres-init-secret + +postgres: + hostname: "postgres-rw.databases.svc.cluster.local" + database_name: "hashr" + port: "5432" + secretName: hashr-secret + +image: + repository: us-docker.pkg.dev/osdfir-registry/hashr/release/hashr + pullPolicy: IfNotPresent + tag: latest + # imagePullSecrets: + # - myRegistryKeySecretName + imagePullSecrets: [] + +hashr: + importers: + zip: + enabled: false + schedule: "0 3 * * 6" + resources: + limits: + cpu: 500m + memory: 1Gi + requests: + cpu: 50m + memory: 128Mi + aws: + # TODO: Add cronjob file! + enabled: false + schedule: "0 9 * * 1" + gcp: + # TODO: Add cronjob file! + enabled: false + schedule: "0 3 * * 1" + gcp_projects: "" + hashr_gcp_project: "" + hashr_gcs_bucket: "" + targz: + # TODO: Add cronjob file! + enabled: false + schedule: "0 3 * * 2" + windows: + # TODO: Add cronjob file! + enabled: false + schedule: "0 3 * * 3" + wsus: + # TODO: Add cronjob file! + enabled: false + schedule: "0 3 * * 4" + rpm: + enabled: false + schedule: "0 3 * * 5" + gcr: + # TODO: Add cronjob file! + enabled: false + schedule: "0 3 * * 7" + iso9660: + enabled: false + schedule: "0 15 * * 1" + deb: + enabled: false + schedule: "0 15 * * 2" diff --git a/charts/hashr/templates/_helpers.tpl b/charts/hashr/templates/_helpers.tpl index 26489d7..677f242 100644 --- a/charts/hashr/templates/_helpers.tpl +++ b/charts/hashr/templates/_helpers.tpl @@ -42,4 +42,11 @@ Create the upload path. */}} {{- define "hashr.uploadPath" -}} {{- printf "/data/upload" }} +{{- end }} + +{{/* +Create the data path. +*/}} +{{- define "hashr.dataPath" -}} +{{- printf "/data/processing" }} {{- end }} \ No newline at end of file diff --git a/charts/hashr/templates/cronjob-zip.yaml b/charts/hashr/templates/cronjob-zip.yaml new file mode 100644 index 0000000..f7a5477 --- /dev/null +++ b/charts/hashr/templates/cronjob-zip.yaml @@ -0,0 +1,79 @@ +{{- if .Values.hashr.importers.zip.enabled -}} +apiVersion: batch/v1 +kind: CronJob +metadata: + name: {{ .Release.Name }}-hashr-zip +spec: + schedule: {{ .Values.hashr.importers.zip.schedule | quote }} + concurrencyPolicy: Forbid + successfulJobsHistoryLimit: 2 + failedJobsHistoryLimit: 1 + jobTemplate: + spec: + template: + metadata: + labels: + app.kubernetes.io/instance: {{ .Release.Name }} + spec: + priorityClassName: {{ .Values.priorityClassName | default "default" }} + containers: + - name: hashr-zip + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: IfNotPresent + args: + - --logtostderr=1 + - -storage + - postgres + - -exporters + - postgres + - -postgres_host + - "$(POSTGRES_HOST)" + - -postgres_port + - "$(POSTGRES_PORT)" + - -postgres_user + - "$(POSTGRES_USERNAME)" + - -postgres_password + - "$(POSTGRES_PASSWORD)" + - -postgres_db + - "$(POSTGRES_DATABASE)" + - -importers + - zip + - -zip_repo_path + - {{ (include "hashr.dataPath" .) }}/zip/ + env: + - name: POSTGRES_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.postgres.secretName }} + key: POSTGRES_USERNAME + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.postgres.secretName }} + key: POSTGRES_PASSWORD + - name: POSTGRES_HOST + value: {{ .Values.postgres.host }} + - name: POSTGRES_PORT + value: {{ .Values.postgres.port }} + - name: POSTGRES_DATABASE + value: {{ .Values.postgres.database }} + volumeMounts: + - name: hashrvolume + mountPath: {{ (include "hashr.dataPath" .) | quote }} + resources: + {{- toYaml .Values.hashr.importers.zip.resources | nindent 14 }} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: ["ALL"] + seccompProfile: + type: RuntimeDefault + restartPolicy: Never + volumes: + - name: hashrvolume + persistentVolumeClaim: + claimName: {{ .Values.existingPVC }} + readOnly: false +{{- end }} diff --git a/charts/hashr/templates/db-init.yaml b/charts/hashr/templates/db-init.yaml new file mode 100644 index 0000000..8ebad97 --- /dev/null +++ b/charts/hashr/templates/db-init.yaml @@ -0,0 +1,42 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "hashr.fullname" . }}-db-init + labels: + {{- include "hashr.labels" . | nindent 4 }} +spec: + template: + spec: + restartPolicy: Never + automountServiceAccountToken: false + priorityClassName: "high-priority" + securityContext: + runAsUser: 1000 + runAsGroup: 3000 + fsGroup: 2000 + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + containers: + - name: general-db-init + image: "{{ .Values.initContainers.dbInit.image.repository }}:{{ .Values.initContainers.dbInit.image.tag }}" + imagePullPolicy: IfNotPresent + env: + - name: INIT_POSTGRES_HOST + value: {{ .Values.postgres.host }} + envFrom: + - secretRef: + name: {{ .Values.initContainers.dbInit.existingSecretName }} + securityContext: + runAsUser: 1000 + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + resources: + requests: + memory: "512Mi" + cpu: "250m" + limits: + memory: "1Gi" + cpu: "500m" + backoffLimit: 3 diff --git a/charts/hashr/templates/pod-data-manager.yaml b/charts/hashr/templates/pod-data-manager.yaml deleted file mode 100644 index 0c4d630..0000000 --- a/charts/hashr/templates/pod-data-manager.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: {{ .Release.Name }}-hashr-data-manager -spec: - containers: - - name: hashr-data-manager - image: busybox:latest - imagePullPolicy: IfNotPresent - command: ["sh", "-c", "while true; do sleep 1800; done;"] - volumeMounts: - - name: hashrvolume - mountPath: {{ (include "hashr.dataPath" .) | quote }} - restartPolicy: Always - volumes: - - name: hashrvolume - persistentVolumeClaim: - claimName: {{ include "hashr.pvc.name" . }} - readOnly: false \ No newline at end of file diff --git a/charts/hashr/templates/pod.yaml b/charts/hashr/templates/pod.yaml new file mode 100644 index 0000000..03317e4 --- /dev/null +++ b/charts/hashr/templates/pod.yaml @@ -0,0 +1,48 @@ +apiVersion: v1 +kind: Pod +metadata: + name: {{ .Release.Name }}-hashr-data-manager + labels: + app.kubernetes.io/instance: {{ .Release.Name }} +spec: + serviceAccountName: {{ include "hashr.fullname" . }} + automountServiceAccountToken: false + priorityClassName: {{ .Values.priorityClassName | default "default" }} + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app.kubernetes.io/instance: {{ .Release.Name }} + containers: + - name: hashr-data-manager + image: busybox:stable + imagePullPolicy: IfNotPresent + command: ["sh", "-c", "while true; do sleep 1800; done;"] + volumeMounts: + - name: hashrvolume + mountPath: {{ (include "hashr.dataPath" .) | quote }} + resources: + limits: + cpu: "500m" + memory: "512Mi" + requests: + cpu: "250m" + memory: "256Mi" + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: ["ALL"] + seccompProfile: + type: RuntimeDefault + initialDelaySeconds: 5 + periodSeconds: 10 + restartPolicy: Always + volumes: + - name: hashrvolume + persistentVolumeClaim: + claimName: {{ .Values.existingPVC }} + readOnly: false diff --git a/charts/hashr/values.yaml b/charts/hashr/values.yaml new file mode 100644 index 0000000..633286b --- /dev/null +++ b/charts/hashr/values.yaml @@ -0,0 +1,73 @@ +# Recommended start size of pvc is 20GB +existingPVC: "" +existingSecretName: hashr-secret + +initContainers: + dbInit: + image: + repository: ghcr.io/onedr0p/postgres-init + tag: "16" + existingSecretName: hashr-postgres-init-secret + +postgres: + hostname: "postgres-rw.databases.svc.cluster.local" + database_name: "hashr" + port: "5432" + secretName: hashr-secret + +image: + repository: us-docker.pkg.dev/osdfir-registry/hashr/release/hashr + pullPolicy: IfNotPresent + tag: latest + # imagePullSecrets: + # - myRegistryKeySecretName + imagePullSecrets: [] + +hashr: + importers: + zip: + enabled: false + schedule: "0 3 * * 6" + resources: + limits: + cpu: 500m + memory: 1Gi + requests: + cpu: 50m + memory: 128Mi + aws: + # TODO: Add cronjob file! + enabled: false + schedule: "0 9 * * 1" + gcp: + # TODO: Add cronjob file! + enabled: false + schedule: "0 3 * * 1" + gcp_projects: "" + hashr_gcp_project: "" + hashr_gcs_bucket: "" + targz: + # TODO: Add cronjob file! + enabled: false + schedule: "0 3 * * 2" + windows: + # TODO: Add cronjob file! + enabled: false + schedule: "0 3 * * 3" + wsus: + # TODO: Add cronjob file! + enabled: false + schedule: "0 3 * * 4" + rpm: + enabled: false + schedule: "0 3 * * 5" + gcr: + # TODO: Add cronjob file! + enabled: false + schedule: "0 3 * * 7" + iso9660: + enabled: false + schedule: "0 15 * * 1" + deb: + enabled: false + schedule: "0 15 * * 2"