Compare commits
17 commits
6d5a47e644
...
586b1fec1f
Author | SHA1 | Date | |
---|---|---|---|
586b1fec1f | |||
f4b6f82d6d | |||
b2812a774c | |||
dd5af0e962 | |||
42e8b4009d | |||
1dfde2eb7a | |||
ede63a12c3 | |||
ea295c539c | |||
7768df54fa | |||
4d02d60eaf | |||
7a7cea0df5 | |||
99a5dddc43 | |||
5d5510e526 | |||
f01c7f89d9 | |||
7357bc725c | |||
19a4679da5 | |||
cf56e6a6e4 |
8 changed files with 323 additions and 20 deletions
|
@ -7,7 +7,7 @@ description: |
|
|||
# renovate: image=us-docker.pkg.dev/osdfir-registry/hashr/release/hashr
|
||||
appVersion: "20240508"
|
||||
type: application
|
||||
version: 0.2.1
|
||||
version: 0.2.2
|
||||
maintainers:
|
||||
- name: Tommy Skaug
|
||||
email: tommy@skaug.me
|
||||
|
|
|
@ -0,0 +1,73 @@
|
|||
# Recommended start size of pvc is 20GB
|
||||
existingPVC: ""
|
||||
existingSecretName: hashr-secret
|
||||
|
||||
initContainers:
|
||||
dbInit:
|
||||
image:
|
||||
repository: ghcr.io/onedr0p/postgres-init
|
||||
tag: "16"
|
||||
existingSecretName: hashr-postgres-init-secret
|
||||
|
||||
postgres:
|
||||
hostname: "postgres-rw.databases.svc.cluster.local"
|
||||
database_name: "hashr"
|
||||
port: "5432"
|
||||
secretName: hashr-secret
|
||||
|
||||
image:
|
||||
repository: us-docker.pkg.dev/osdfir-registry/hashr/release/hashr
|
||||
pullPolicy: IfNotPresent
|
||||
tag: latest
|
||||
# imagePullSecrets:
|
||||
# - myRegistryKeySecretName
|
||||
imagePullSecrets: []
|
||||
|
||||
hashr:
|
||||
importers:
|
||||
zip:
|
||||
enabled: false
|
||||
schedule: "0 3 * * 6"
|
||||
resources:
|
||||
limits:
|
||||
cpu: 500m
|
||||
memory: 1Gi
|
||||
requests:
|
||||
cpu: 50m
|
||||
memory: 128Mi
|
||||
aws:
|
||||
# TODO: Add cronjob file!
|
||||
enabled: false
|
||||
schedule: "0 9 * * 1"
|
||||
gcp:
|
||||
# TODO: Add cronjob file!
|
||||
enabled: false
|
||||
schedule: "0 3 * * 1"
|
||||
gcp_projects: ""
|
||||
hashr_gcp_project: ""
|
||||
hashr_gcs_bucket: ""
|
||||
targz:
|
||||
# TODO: Add cronjob file!
|
||||
enabled: false
|
||||
schedule: "0 3 * * 2"
|
||||
windows:
|
||||
# TODO: Add cronjob file!
|
||||
enabled: false
|
||||
schedule: "0 3 * * 3"
|
||||
wsus:
|
||||
# TODO: Add cronjob file!
|
||||
enabled: false
|
||||
schedule: "0 3 * * 4"
|
||||
rpm:
|
||||
enabled: false
|
||||
schedule: "0 3 * * 5"
|
||||
gcr:
|
||||
# TODO: Add cronjob file!
|
||||
enabled: false
|
||||
schedule: "0 3 * * 7"
|
||||
iso9660:
|
||||
enabled: false
|
||||
schedule: "0 15 * * 1"
|
||||
deb:
|
||||
enabled: false
|
||||
schedule: "0 15 * * 2"
|
|
@ -42,4 +42,11 @@ Create the upload path.
|
|||
*/}}
|
||||
{{- define "hashr.uploadPath" -}}
|
||||
{{- printf "/data/upload" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create the data path.
|
||||
*/}}
|
||||
{{- define "hashr.dataPath" -}}
|
||||
{{- printf "/data/processing" }}
|
||||
{{- end }}
|
79
charts/hashr/templates/cronjob-zip.yaml
Normal file
79
charts/hashr/templates/cronjob-zip.yaml
Normal file
|
@ -0,0 +1,79 @@
|
|||
{{- if .Values.hashr.importers.zip.enabled -}}
|
||||
apiVersion: batch/v1
|
||||
kind: CronJob
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-hashr-zip
|
||||
spec:
|
||||
schedule: {{ .Values.hashr.importers.zip.schedule | quote }}
|
||||
concurrencyPolicy: Forbid
|
||||
successfulJobsHistoryLimit: 2
|
||||
failedJobsHistoryLimit: 1
|
||||
jobTemplate:
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
spec:
|
||||
priorityClassName: {{ .Values.priorityClassName | default "default" }}
|
||||
containers:
|
||||
- name: hashr-zip
|
||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
||||
imagePullPolicy: IfNotPresent
|
||||
args:
|
||||
- --logtostderr=1
|
||||
- -storage
|
||||
- postgres
|
||||
- -exporters
|
||||
- postgres
|
||||
- -postgres_host
|
||||
- "$(POSTGRES_HOST)"
|
||||
- -postgres_port
|
||||
- "$(POSTGRES_PORT)"
|
||||
- -postgres_user
|
||||
- "$(POSTGRES_USERNAME)"
|
||||
- -postgres_password
|
||||
- "$(POSTGRES_PASSWORD)"
|
||||
- -postgres_db
|
||||
- "$(POSTGRES_DATABASE)"
|
||||
- -importers
|
||||
- zip
|
||||
- -zip_repo_path
|
||||
- {{ (include "hashr.dataPath" .) }}/zip/
|
||||
env:
|
||||
- name: POSTGRES_USERNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.postgres.secretName }}
|
||||
key: POSTGRES_USERNAME
|
||||
- name: POSTGRES_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.postgres.secretName }}
|
||||
key: POSTGRES_PASSWORD
|
||||
- name: POSTGRES_HOST
|
||||
value: {{ .Values.postgres.host }}
|
||||
- name: POSTGRES_PORT
|
||||
value: {{ .Values.postgres.port }}
|
||||
- name: POSTGRES_DATABASE
|
||||
value: {{ .Values.postgres.database }}
|
||||
volumeMounts:
|
||||
- name: hashrvolume
|
||||
mountPath: {{ (include "hashr.dataPath" .) | quote }}
|
||||
resources:
|
||||
{{- toYaml .Values.hashr.importers.zip.resources | nindent 14 }}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
restartPolicy: Never
|
||||
volumes:
|
||||
- name: hashrvolume
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ .Values.existingPVC }}
|
||||
readOnly: false
|
||||
{{- end }}
|
42
charts/hashr/templates/db-init.yaml
Normal file
42
charts/hashr/templates/db-init.yaml
Normal file
|
@ -0,0 +1,42 @@
|
|||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: {{ include "hashr.fullname" . }}-db-init
|
||||
labels:
|
||||
{{- include "hashr.labels" . | nindent 4 }}
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
restartPolicy: Never
|
||||
automountServiceAccountToken: false
|
||||
priorityClassName: "high-priority"
|
||||
securityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 3000
|
||||
fsGroup: 2000
|
||||
runAsNonRoot: true
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
containers:
|
||||
- name: general-db-init
|
||||
image: "{{ .Values.initContainers.dbInit.image.repository }}:{{ .Values.initContainers.dbInit.image.tag }}"
|
||||
imagePullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: INIT_POSTGRES_HOST
|
||||
value: {{ .Values.postgres.host }}
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: {{ .Values.initContainers.dbInit.existingSecretName }}
|
||||
securityContext:
|
||||
runAsUser: 1000
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
resources:
|
||||
requests:
|
||||
memory: "512Mi"
|
||||
cpu: "250m"
|
||||
limits:
|
||||
memory: "1Gi"
|
||||
cpu: "500m"
|
||||
backoffLimit: 3
|
|
@ -1,19 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-hashr-data-manager
|
||||
spec:
|
||||
containers:
|
||||
- name: hashr-data-manager
|
||||
image: busybox:latest
|
||||
imagePullPolicy: IfNotPresent
|
||||
command: ["sh", "-c", "while true; do sleep 1800; done;"]
|
||||
volumeMounts:
|
||||
- name: hashrvolume
|
||||
mountPath: {{ (include "hashr.dataPath" .) | quote }}
|
||||
restartPolicy: Always
|
||||
volumes:
|
||||
- name: hashrvolume
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ include "hashr.pvc.name" . }}
|
||||
readOnly: false
|
48
charts/hashr/templates/pod.yaml
Normal file
48
charts/hashr/templates/pod.yaml
Normal file
|
@ -0,0 +1,48 @@
|
|||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-hashr-data-manager
|
||||
labels:
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
spec:
|
||||
serviceAccountName: {{ include "hashr.fullname" . }}
|
||||
automountServiceAccountToken: false
|
||||
priorityClassName: {{ .Values.priorityClassName | default "default" }}
|
||||
topologySpreadConstraints:
|
||||
- maxSkew: 1
|
||||
topologyKey: kubernetes.io/hostname
|
||||
whenUnsatisfiable: DoNotSchedule
|
||||
labelSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
containers:
|
||||
- name: hashr-data-manager
|
||||
image: busybox:stable
|
||||
imagePullPolicy: IfNotPresent
|
||||
command: ["sh", "-c", "while true; do sleep 1800; done;"]
|
||||
volumeMounts:
|
||||
- name: hashrvolume
|
||||
mountPath: {{ (include "hashr.dataPath" .) | quote }}
|
||||
resources:
|
||||
limits:
|
||||
cpu: "500m"
|
||||
memory: "512Mi"
|
||||
requests:
|
||||
cpu: "250m"
|
||||
memory: "256Mi"
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 10
|
||||
restartPolicy: Always
|
||||
volumes:
|
||||
- name: hashrvolume
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ .Values.existingPVC }}
|
||||
readOnly: false
|
73
charts/hashr/values.yaml
Normal file
73
charts/hashr/values.yaml
Normal file
|
@ -0,0 +1,73 @@
|
|||
# Recommended start size of pvc is 20GB
|
||||
existingPVC: ""
|
||||
existingSecretName: hashr-secret
|
||||
|
||||
initContainers:
|
||||
dbInit:
|
||||
image:
|
||||
repository: ghcr.io/onedr0p/postgres-init
|
||||
tag: "16"
|
||||
existingSecretName: hashr-postgres-init-secret
|
||||
|
||||
postgres:
|
||||
hostname: "postgres-rw.databases.svc.cluster.local"
|
||||
database_name: "hashr"
|
||||
port: "5432"
|
||||
secretName: hashr-secret
|
||||
|
||||
image:
|
||||
repository: us-docker.pkg.dev/osdfir-registry/hashr/release/hashr
|
||||
pullPolicy: IfNotPresent
|
||||
tag: latest
|
||||
# imagePullSecrets:
|
||||
# - myRegistryKeySecretName
|
||||
imagePullSecrets: []
|
||||
|
||||
hashr:
|
||||
importers:
|
||||
zip:
|
||||
enabled: false
|
||||
schedule: "0 3 * * 6"
|
||||
resources:
|
||||
limits:
|
||||
cpu: 500m
|
||||
memory: 1Gi
|
||||
requests:
|
||||
cpu: 50m
|
||||
memory: 128Mi
|
||||
aws:
|
||||
# TODO: Add cronjob file!
|
||||
enabled: false
|
||||
schedule: "0 9 * * 1"
|
||||
gcp:
|
||||
# TODO: Add cronjob file!
|
||||
enabled: false
|
||||
schedule: "0 3 * * 1"
|
||||
gcp_projects: ""
|
||||
hashr_gcp_project: ""
|
||||
hashr_gcs_bucket: ""
|
||||
targz:
|
||||
# TODO: Add cronjob file!
|
||||
enabled: false
|
||||
schedule: "0 3 * * 2"
|
||||
windows:
|
||||
# TODO: Add cronjob file!
|
||||
enabled: false
|
||||
schedule: "0 3 * * 3"
|
||||
wsus:
|
||||
# TODO: Add cronjob file!
|
||||
enabled: false
|
||||
schedule: "0 3 * * 4"
|
||||
rpm:
|
||||
enabled: false
|
||||
schedule: "0 3 * * 5"
|
||||
gcr:
|
||||
# TODO: Add cronjob file!
|
||||
enabled: false
|
||||
schedule: "0 3 * * 7"
|
||||
iso9660:
|
||||
enabled: false
|
||||
schedule: "0 15 * * 1"
|
||||
deb:
|
||||
enabled: false
|
||||
schedule: "0 15 * * 2"
|
Loading…
Add table
Reference in a new issue