Merge branch 'main' into general-version-cleanup

Reviewed-on: #123

charts/hashr/Chart.yaml

@@ -7,7 +7,7 @@ description: |
 # renovate: image=us-docker.pkg.dev/osdfir-registry/hashr/release/hashr
 appVersion: "20240508"
 type: application
-version: 0.2.1
+version: 0.2.2
 maintainers:
 - name: Tommy Skaug
   email: tommy@skaug.me

charts/hashr/ci/pluto-values.yaml

@@ -0,0 +1,73 @@
+# Recommended start size of pvc is 20GB
+existingPVC: ""
+existingSecretName: hashr-secret
+
+initContainers:
+  dbInit:
+    image:
+      repository: ghcr.io/onedr0p/postgres-init
+      tag: "16"
+    existingSecretName: hashr-postgres-init-secret
+
+postgres:
+  hostname: "postgres-rw.databases.svc.cluster.local"
+  database_name: "hashr"
+  port: "5432"
+  secretName: hashr-secret
+
+image:
+  repository: us-docker.pkg.dev/osdfir-registry/hashr/release/hashr
+  pullPolicy: IfNotPresent
+  tag: latest
+  # imagePullSecrets:
+  # - myRegistryKeySecretName
+  imagePullSecrets: []
+
+hashr:
+  importers:
+    zip:
+      enabled: false
+      schedule: "0 3 * * 6"
+      resources:
+        limits:
+          cpu: 500m
+          memory: 1Gi
+        requests:
+          cpu: 50m
+          memory: 128Mi
+    aws:
+      # TODO: Add cronjob file!
+      enabled: false
+      schedule: "0 9 * * 1"
+    gcp:
+      # TODO: Add cronjob file!
+      enabled: false
+      schedule: "0 3 * * 1"
+      gcp_projects: ""
+      hashr_gcp_project: ""
+      hashr_gcs_bucket: ""
+    targz:
+      # TODO: Add cronjob file!
+      enabled: false
+      schedule: "0 3 * * 2"
+    windows:
+      # TODO: Add cronjob file!
+      enabled: false
+      schedule: "0 3 * * 3"
+    wsus:
+      # TODO: Add cronjob file!
+      enabled: false
+      schedule: "0 3 * * 4"
+    rpm:
+      enabled: false
+      schedule: "0 3 * * 5"
+    gcr:
+      # TODO: Add cronjob file!
+      enabled: false
+      schedule: "0 3 * * 7"
+    iso9660:
+      enabled: false
+      schedule: "0 15 * * 1"
+    deb:
+      enabled: false
+      schedule: "0 15 * * 2"

charts/hashr/templates/_helpers.tpl

@@ -43,3 +43,10 @@ Create the upload path.
 {{- define "hashr.uploadPath" -}}
 {{- printf "/data/upload" }}
 {{- end }}
+
+{{/*
+Create the data path.
+*/}}
+{{- define "hashr.dataPath" -}}
+{{- printf "/data/processing" }}
+{{- end }}

charts/hashr/templates/cronjob-zip.yaml

@@ -0,0 +1,79 @@
+{{- if .Values.hashr.importers.zip.enabled -}}
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: {{ .Release.Name }}-hashr-zip
+spec:
+  schedule: {{ .Values.hashr.importers.zip.schedule | quote }}
+  concurrencyPolicy: Forbid
+  successfulJobsHistoryLimit: 2
+  failedJobsHistoryLimit: 1
+  jobTemplate:
+    spec:
+      template:
+        metadata:
+          labels:
+            app.kubernetes.io/instance: {{ .Release.Name }}
+        spec:
+          priorityClassName: {{ .Values.priorityClassName | default "default" }}
+          containers:
+          - name: hashr-zip
+            image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+            imagePullPolicy: IfNotPresent
+            args:
+              - --logtostderr=1
+              - -storage
+              - postgres
+              - -exporters
+              - postgres
+              - -postgres_host
+              - "$(POSTGRES_HOST)"
+              - -postgres_port
+              - "$(POSTGRES_PORT)"
+              - -postgres_user
+              - "$(POSTGRES_USERNAME)"
+              - -postgres_password
+              - "$(POSTGRES_PASSWORD)"
+              - -postgres_db
+              - "$(POSTGRES_DATABASE)"
+              - -importers
+              - zip
+              - -zip_repo_path
+              - {{ (include "hashr.dataPath" .) }}/zip/
+            env:
+            - name: POSTGRES_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.postgres.secretName }}
+                  key: POSTGRES_USERNAME
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.postgres.secretName }}
+                  key: POSTGRES_PASSWORD
+            - name: POSTGRES_HOST
+              value: {{ .Values.postgres.host }}
+            - name: POSTGRES_PORT
+              value: {{ .Values.postgres.port }}
+            - name: POSTGRES_DATABASE
+              value: {{ .Values.postgres.database }}
+            volumeMounts:
+            - name: hashrvolume
+              mountPath: {{ (include "hashr.dataPath" .) | quote }}
+            resources:
+              {{- toYaml .Values.hashr.importers.zip.resources | nindent 14 }}
+            securityContext:
+              allowPrivilegeEscalation: false
+              readOnlyRootFilesystem: true
+              runAsNonRoot: true
+              capabilities:
+                drop: ["ALL"]
+              seccompProfile:
+                type: RuntimeDefault
+          restartPolicy: Never
+          volumes:
+          - name: hashrvolume
+            persistentVolumeClaim:
+              claimName: {{ .Values.existingPVC }}
+              readOnly: false
+{{- end }}

charts/hashr/templates/db-init.yaml

@@ -0,0 +1,42 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ include "hashr.fullname" . }}-db-init
+  labels:
+    {{- include "hashr.labels" . | nindent 4 }}
+spec:
+  template:
+    spec:
+      restartPolicy: Never
+      automountServiceAccountToken: false
+      priorityClassName: "high-priority"
+      securityContext:
+        runAsUser: 1000
+        runAsGroup: 3000
+        fsGroup: 2000
+        runAsNonRoot: true
+        seccompProfile:
+          type: RuntimeDefault
+      containers:
+        - name: general-db-init
+          image: "{{ .Values.initContainers.dbInit.image.repository }}:{{ .Values.initContainers.dbInit.image.tag }}"
+          imagePullPolicy: IfNotPresent
+          env:
+            - name: INIT_POSTGRES_HOST
+              value: {{ .Values.postgres.host }}
+          envFrom:
+            - secretRef:
+                name: {{ .Values.initContainers.dbInit.existingSecretName }}
+          securityContext:
+            runAsUser: 1000
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop: ["ALL"]
+          resources:
+            requests:
+              memory: "512Mi"
+              cpu: "250m"
+            limits:
+              memory: "1Gi"
+              cpu: "500m"
+  backoffLimit: 3

charts/hashr/templates/pod-data-manager.yaml

@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: {{ .Release.Name }}-hashr-data-manager
-spec:
-  containers:
-  - name: hashr-data-manager
-    image: busybox:latest
-    imagePullPolicy: IfNotPresent
-    command: ["sh", "-c", "while true; do sleep 1800; done;"]
-    volumeMounts:
-    - name: hashrvolume
-      mountPath: {{ (include "hashr.dataPath" .) | quote }}
-  restartPolicy: Always
-  volumes:
-  - name: hashrvolume
-    persistentVolumeClaim:
-      claimName: {{ include "hashr.pvc.name"  . }}
-      readOnly: false

charts/hashr/templates/pod.yaml

@@ -0,0 +1,48 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: {{ .Release.Name }}-hashr-data-manager
+  labels:
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  serviceAccountName: {{ include "hashr.fullname" . }}
+  automountServiceAccountToken: false
+  priorityClassName: {{ .Values.priorityClassName | default "default" }}
+  topologySpreadConstraints:
+    - maxSkew: 1
+      topologyKey: kubernetes.io/hostname
+      whenUnsatisfiable: DoNotSchedule
+      labelSelector:
+        matchLabels:
+          app.kubernetes.io/instance: {{ .Release.Name }}
+  containers:
+  - name: hashr-data-manager
+    image: busybox:stable
+    imagePullPolicy: IfNotPresent
+    command: ["sh", "-c", "while true; do sleep 1800; done;"]
+    volumeMounts:
+    - name: hashrvolume
+      mountPath: {{ (include "hashr.dataPath" .) | quote }}
+    resources:
+      limits:
+        cpu: "500m"
+        memory: "512Mi"
+      requests:
+        cpu: "250m"
+        memory: "256Mi"
+    securityContext: 
+      allowPrivilegeEscalation: false
+      readOnlyRootFilesystem: true
+      runAsNonRoot: true
+      capabilities:
+        drop: ["ALL"]
+      seccompProfile:
+        type: RuntimeDefault
+      initialDelaySeconds: 5
+      periodSeconds: 10
+  restartPolicy: Always
+  volumes:
+  - name: hashrvolume
+    persistentVolumeClaim:
+      claimName: {{ .Values.existingPVC }}
+      readOnly: false

charts/hashr/values.yaml

@@ -0,0 +1,73 @@
+# Recommended start size of pvc is 20GB
+existingPVC: ""
+existingSecretName: hashr-secret
+
+initContainers:
+  dbInit:
+    image:
+      repository: ghcr.io/onedr0p/postgres-init
+      tag: "16"
+    existingSecretName: hashr-postgres-init-secret
+
+postgres:
+  hostname: "postgres-rw.databases.svc.cluster.local"
+  database_name: "hashr"
+  port: "5432"
+  secretName: hashr-secret
+
+image:
+  repository: us-docker.pkg.dev/osdfir-registry/hashr/release/hashr
+  pullPolicy: IfNotPresent
+  tag: latest
+  # imagePullSecrets:
+  # - myRegistryKeySecretName
+  imagePullSecrets: []
+
+hashr:
+  importers:
+    zip:
+      enabled: false
+      schedule: "0 3 * * 6"
+      resources:
+        limits:
+          cpu: 500m
+          memory: 1Gi
+        requests:
+          cpu: 50m
+          memory: 128Mi
+    aws:
+      # TODO: Add cronjob file!
+      enabled: false
+      schedule: "0 9 * * 1"
+    gcp:
+      # TODO: Add cronjob file!
+      enabled: false
+      schedule: "0 3 * * 1"
+      gcp_projects: ""
+      hashr_gcp_project: ""
+      hashr_gcs_bucket: ""
+    targz:
+      # TODO: Add cronjob file!
+      enabled: false
+      schedule: "0 3 * * 2"
+    windows:
+      # TODO: Add cronjob file!
+      enabled: false
+      schedule: "0 3 * * 3"
+    wsus:
+      # TODO: Add cronjob file!
+      enabled: false
+      schedule: "0 3 * * 4"
+    rpm:
+      enabled: false
+      schedule: "0 3 * * 5"
+    gcr:
+      # TODO: Add cronjob file!
+      enabled: false
+      schedule: "0 3 * * 7"
+    iso9660:
+      enabled: false
+      schedule: "0 15 * * 1"
+    deb:
+      enabled: false
+      schedule: "0 15 * * 2"