chore(hashr): rework values, add zip cronjob, other fixes

This commit is contained in:
Tommy 2024-11-14 21:31:22 +01:00
parent dd5af0e962
commit b2812a774c
Signed by: tommy
SSH key fingerprint: SHA256:1LWgQT3QPHIT29plS8jjXc3S1FcE/4oGvsx3Efxs6Uc
5 changed files with 250 additions and 10 deletions

View file

@ -0,0 +1,73 @@
# Recommended start size of pvc is 20GB
existingPVC: ""
existingSecretName: hashr-secret
initContainers:
dbInit:
image:
repository: ghcr.io/onedr0p/postgres-init
tag: "16"
existingSecretName: hashr-postgres-init-secret
postgres:
hostname: "postgres-rw.databases.svc.cluster.local"
database_name: "hashr"
port: "5432"
secretName: hashr-secret
image:
repository: us-docker.pkg.dev/osdfir-registry/hashr/release/hashr
pullPolicy: IfNotPresent
tag: latest
# imagePullSecrets:
# - myRegistryKeySecretName
imagePullSecrets: []
hashr:
importers:
zip:
enabled: false
schedule: "0 3 * * 6"
resources:
limits:
cpu: 500m
memory: 1Gi
requests:
cpu: 50m
memory: 128Mi
aws:
# TODO: Add cronjob file!
enabled: false
schedule: "0 9 * * 1"
gcp:
# TODO: Add cronjob file!
enabled: false
schedule: "0 3 * * 1"
gcp_projects: ""
hashr_gcp_project: ""
hashr_gcs_bucket: ""
targz:
# TODO: Add cronjob file!
enabled: false
schedule: "0 3 * * 2"
windows:
# TODO: Add cronjob file!
enabled: false
schedule: "0 3 * * 3"
wsus:
# TODO: Add cronjob file!
enabled: false
schedule: "0 3 * * 4"
rpm:
enabled: false
schedule: "0 3 * * 5"
gcr:
# TODO: Add cronjob file!
enabled: false
schedule: "0 3 * * 7"
iso9660:
enabled: false
schedule: "0 15 * * 1"
deb:
enabled: false
schedule: "0 15 * * 2"

View file

@ -0,0 +1,79 @@
{{- if .Values.hashr.importers.zip.enabled -}}
apiVersion: batch/v1
kind: CronJob
metadata:
name: {{ .Release.Name }}-hashr-zip
spec:
schedule: {{ .Values.hashr.importers.zip.schedule | quote }}
concurrencyPolicy: Forbid
successfulJobsHistoryLimit: 2
failedJobsHistoryLimit: 1
jobTemplate:
spec:
template:
metadata:
labels:
app.kubernetes.io/instance: {{ .Release.Name }}
spec:
priorityClassName: {{ .Values.priorityClassName | default "default" }}
containers:
- name: hashr-zip
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: IfNotPresent
args:
- --logtostderr=1
- -storage
- postgres
- -exporters
- postgres
- -postgres_host
- "$(POSTGRES_HOST)"
- -postgres_port
- "$(POSTGRES_PORT)"
- -postgres_user
- "$(POSTGRES_USERNAME)"
- -postgres_password
- "$(POSTGRES_PASSWORD)"
- -postgres_db
- "$(POSTGRES_DATABASE)"
- -importers
- zip
- -zip_repo_path
- {{ (include "hashr.dataPath" .) }}/zip/
env:
- name: POSTGRES_USERNAME
valueFrom:
secretKeyRef:
name: {{ .Values.postgres.secretName }}
key: POSTGRES_USERNAME
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.postgres.secretName }}
key: POSTGRES_PASSWORD
- name: POSTGRES_HOST
value: {{ .Values.postgres.host }}
- name: POSTGRES_PORT
value: {{ .Values.postgres.port }}
- name: POSTGRES_DATABASE
value: {{ .Values.postgres.database }}
volumeMounts:
- name: hashrvolume
mountPath: {{ (include "hashr.dataPath" .) | quote }}
resources:
{{- toYaml .Values.hashr.importers.zip.resources | nindent 14 }}
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: true
capabilities:
drop: ["ALL"]
seccompProfile:
type: RuntimeDefault
restartPolicy: Never
volumes:
- name: hashrvolume
persistentVolumeClaim:
claimName: {{ .Values.existingPVC }}
readOnly: false
{{- end }}

View file

@ -0,0 +1,42 @@
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "hashr.fullname" . }}-db-init
labels:
{{- include "hashr.labels" . | nindent 4 }}
spec:
template:
spec:
restartPolicy: Never
automountServiceAccountToken: false
priorityClassName: "high-priority"
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containers:
- name: general-db-init
image: "{{ .Values.initContainers.dbInit.image.repository }}:{{ .Values.initContainers.dbInit.image.tag }}"
imagePullPolicy: IfNotPresent
env:
- name: INIT_POSTGRES_HOST
value: {{ .Values.postgres.host }}
envFrom:
- secretRef:
name: {{ .Values.initContainers.dbInit.existingSecretName }}
securityContext:
runAsUser: 1000
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
resources:
requests:
memory: "512Mi"
cpu: "250m"
limits:
memory: "1Gi"
cpu: "500m"
backoffLimit: 3

View file

@ -2,20 +2,47 @@ apiVersion: v1
kind: Pod
metadata:
name: {{ .Release.Name }}-hashr-data-manager
labels:
app.kubernetes.io/instance: {{ .Release.Name }}
spec:
serviceAccountName: {{ include "hashr.fullname" . }}
automountServiceAccountToken: false
priorityClassName: {{ .Values.priorityClassName | default "default" }}
topologySpreadConstraints:
- maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
app.kubernetes.io/instance: {{ .Release.Name }}
containers:
- name: hashr-data-manager
image: busybox:latest
image: busybox:stable
imagePullPolicy: IfNotPresent
command: ["sh", "-c", "while true; do sleep 1800; done;"]
volumeMounts:
- name: hashrvolume
mountPath: {{ (include "hashr.dataPath" .) | quote }}
resources:
limits:
cpu: "500m"
memory: "512Mi"
requests:
cpu: "250m"
memory: "256Mi"
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: true
capabilities:
drop: ["ALL"]
seccompProfile:
type: RuntimeDefault
initialDelaySeconds: 5
periodSeconds: 10
restartPolicy: Always
volumes:
- name: hashrvolume
persistentVolumeClaim:
claimName: {{ .Values.global.existingPVC }}
claimName: {{ .Values.existingPVC }}
readOnly: false

View file

@ -1,6 +1,19 @@
global:
# Recommended start size of pvc is 20GB
existingPVC: ""
# Recommended start size of pvc is 20GB
existingPVC: ""
existingSecretName: hashr-secret
initContainers:
dbInit:
image:
repository: ghcr.io/onedr0p/postgres-init
tag: "16"
existingSecretName: hashr-postgres-init-secret
postgres:
hostname: "postgres-rw.databases.svc.cluster.local"
database_name: "hashr"
port: "5432"
secretName: hashr-secret
image:
repository: us-docker.pkg.dev/osdfir-registry/hashr/release/hashr
@ -12,6 +25,16 @@ image:
hashr:
importers:
zip:
enabled: false
schedule: "0 3 * * 6"
resources:
limits:
cpu: 500m
memory: 1Gi
requests:
cpu: 50m
memory: 128Mi
aws:
# TODO: Add cronjob file!
enabled: false
@ -38,10 +61,6 @@ hashr:
rpm:
enabled: false
schedule: "0 3 * * 5"
zip:
# TODO: Add cronjob file!
enabled: false
schedule: "0 3 * * 6"
gcr:
# TODO: Add cronjob file!
enabled: false