adding ciso-assistant in helm charts

Signed-off-by: Sanskar Bhushan <[email protected]>

argocd-helm-charts/ciso-assistant/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: ciso-assistant
+  repository: https://intuitem.github.io/ca-helm-chart/
+  version: 0.1.0
+digest: sha256:f653855173603589b6313e2b13dc46ba7af0ffb0b51f5e3e53f3d7408f86e20d
+generated: "2025-01-09T11:45:16.151540813+05:30"

argocd-helm-charts/ciso-assistant/Chart.yaml

@@ -0,0 +1,7 @@
+apiVersion: v2
+name: ciso-assistant
+version: 1.0.0
+dependencies:
+  - name: ciso-assistant
+    version: 0.1.0
+    repository: https://intuitem.github.io/ca-helm-chart/

argocd-helm-charts/ciso-assistant/charts/ciso-assistant/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

argocd-helm-charts/ciso-assistant/charts/ciso-assistant/Chart.yaml

@@ -0,0 +1,7 @@
+apiVersion: v2
+appVersion: v1.9.7
+description: A Helm chart for CISO Assistant k8s's deployment
+icon: https://intuitem.com/ciso-assistant.svg
+name: ciso-assistant
+type: application
+version: 0.1.0

argocd-helm-charts/ciso-assistant/charts/ciso-assistant/templates/_helpers.tpl

@@ -0,0 +1,12 @@
+{{/* Get the application version */}}
+{{- define "ciso-assistant.appVersion" -}}
+{{- default .Chart.AppVersion .Values.global.appVersion -}}
+{{- end -}}
+{{/* Common labels */}}
+{{- define "common.labels" -}}
+helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+app.kubernetes.io/name: {{ .Chart.Name }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}

argocd-helm-charts/ciso-assistant/charts/ciso-assistant/templates/configmap.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: ciso-assistant-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+data:
+  DEFAULT_FROM_EMAIL: {{ .Values.email.defaultFrom | quote }}
+  DJANGO_DEBUG: {{ .Values.email.debug | quote }}
+  EMAIL_HOST: {{ .Values.email.primary.host | quote }}
+  EMAIL_HOST_RESCUE: {{ .Values.email.rescue.host | quote }}
+  EMAIL_HOST_USER: {{ .Values.email.primary.user | quote }}
+  EMAIL_HOST_USER_RESCUE: {{ .Values.email.rescue.user | quote }}
+  EMAIL_PORT: {{ .Values.email.primary.port | quote }}
+  EMAIL_PORT_RESCUE: {{ .Values.email.rescue.port | quote }}
+  EMAIL_USE_TLS: {{ .Values.email.primary.useTls | quote }}
+  EMAIL_USE_TLS_RESCUE: {{ .Values.email.rescue.useTls | quote }}
+  BODY_SIZE_LIMIT: {{ .Values.bodySizeLimit | quote }}

argocd-helm-charts/ciso-assistant/charts/ciso-assistant/templates/ingress.yaml

@@ -0,0 +1,24 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    nginx.ingress.kubernetes.io/backend-protocol: HTTPS
+    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+  name: ciso-assistant-{{ .Values.clientName }}
+  labels:
+    client: {{ .Values.clientName }}
+    {{- include "common.labels" . | nindent 4 }}
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: {{ .Values.clientName }}.{{ .Values.clusterDomain }}
+    http:
+      paths:
+      - backend:
+          service:
+            name: ciso-assistant-{{ .Values.clientName }}
+            port:
+              number: 443
+        path: /
+        pathType: Prefix

argocd-helm-charts/ciso-assistant/charts/ciso-assistant/templates/secret.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: smtp-out
+  namespace: {{ .Release.Namespace }}
+type: Opaque
+data:
+  EMAIL_HOST_PASSWORD: {{ .Values.email.primary.password | b64enc }}
+  EMAIL_HOST_PASSWORD_RESCUE: {{ .Values.email.rescue.password | b64enc }}

argocd-helm-charts/ciso-assistant/charts/ciso-assistant/templates/service.yaml

@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: ciso-assistant-{{ .Values.clientName }}
+  labels:
+    client: {{ .Values.clientName }}
+    {{- include "common.labels" . | nindent 4 }}
+spec:
+  ports:
+  - name: http
+    port: 80
+    protocol: TCP
+    targetPort: 80
+  - name: https
+    port: 443
+    protocol: TCP
+    targetPort: 443
+  selector:
+    app: ciso-assistant
+    client: {{ .Values.clientName }}
+  type: ClusterIP

argocd-helm-charts/ciso-assistant/charts/ciso-assistant/templates/statefulset.yaml

@@ -0,0 +1,115 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: ciso-assistant-{{ .Values.clientName }}
+  labels:
+    app: ciso-assistant
+    client: {{ .Values.clientName }}
+    version: {{ include "ciso-assistant.appVersion" . }}
+    {{- include "common.labels" . | nindent 4 }}
+spec:
+  podManagementPolicy: OrderedReady
+  replicas: 1
+  selector:
+    matchLabels:
+      app: ciso-assistant
+  serviceName: svc-ciso-assistant-{{ .Values.clientName }}
+  template:
+    metadata:
+      labels:
+        app: ciso-assistant
+        client: {{ .Values.clientName }}
+    spec:
+      containers:
+      - name: ciso-assistant-backend
+        env:
+        - name: CISO_ASSISTANT_SUPERUSER_EMAIL
+          value: {{ .Values.emailAdmin }}
+        - name: CISO_ASSISTANT_URL
+          value: https://{{ .Values.clientName }}.{{ .Values.clusterDomain }}
+        - name: ALLOWED_HOSTS
+          value: localhost,127.0.0.1,{{ .Values.clientName }}.{{ .Values.clusterDomain }}
+        - name: EMAIL_HOST_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              key: EMAIL_HOST_PASSWORD
+              name: smtp-out
+        - name: EMAIL_HOST_PASSWORD_RESCUE
+          valueFrom:
+            secretKeyRef:
+              key: EMAIL_HOST_PASSWORD_RESCUE
+              name: smtp-out
+        envFrom:
+        - configMapRef:
+            name: ciso-assistant-config
+        image: "{{ .Values.image.backend.repository }}:{{ include "ciso-assistant.appVersion" . }}"
+        imagePullPolicy: {{ .Values.image.backend.pullPolicy }}
+        ports:
+        - containerPort: 8000
+          protocol: TCP
+        volumeMounts:
+        - mountPath: /code/db
+          name: db-data
+      - name: ciso-assistant-frontend
+        env:
+        - name: ORIGIN
+          value: "{{ .Values.frontendOrigin | default (printf "https://%s.%s" .Values.clientName .Values.clusterDomain) }}"
+        - name: PUBLIC_BACKEND_API_EXPOSED_URL
+          value: https://{{ .Values.clientName }}.{{ .Values.clusterDomain }}/api
+        envFrom:
+        - configMapRef:
+            name: ciso-assistant-config
+        image: "{{ .Values.image.frontend.repository }}:{{ include "ciso-assistant.appVersion" . }}"
+        imagePullPolicy: {{ .Values.image.frontend.pullPolicy }}
+        ports:
+        - containerPort: 3000
+          protocol: TCP
+      - name: caddy
+        command:
+        - sh
+        - '-c'
+        - |
+          echo {{ .Values.clientName }}.{{ .Values.clusterDomain }} "{" > Caddyfile
+          echo "reverse_proxy /api/iam/sso/redirect/ localhost:8000" >> Caddyfile
+          echo "reverse_proxy /api/accounts/saml/0/acs/ localhost:8000" >> Caddyfile
+          echo "reverse_proxy /api/accounts/saml/0/acs/finish/ localhost:8000" >> Caddyfile
+          echo "reverse_proxy /* localhost:3000" >> Caddyfile
+          echo "}" >> Caddyfile
+          exec caddy run
+        env:
+        - name: CISO_ASSISTANT_URL
+          value: https://{{ .Values.clientName }}.{{ .Values.clusterDomain }}
+        image: "{{ .Values.image.caddy.repository }}:{{ .Values.image.caddy.tag }}"
+        imagePullPolicy: {{ .Values.image.caddy.pullPolicy }}
+        ports:
+        - containerPort: 80
+          protocol: TCP
+        - containerPort: 443
+          protocol: TCP
+        volumeMounts:
+        - mountPath: /data
+          name: db-data
+          subPath: caddy
+      enableServiceLinks: false
+      imagePullSecrets:
+      - name: registry-secret
+      restartPolicy: Always
+      volumes:
+      - name: db-data
+        persistentVolumeClaim:
+          claimName: db-data
+  volumeClaimTemplates:
+  - apiVersion: v1
+    kind: PersistentVolumeClaim
+    metadata:
+      labels:
+        app: ciso-assistant
+        client: {{ .Values.clientName }}
+      name: db-data
+    spec:
+      accessModes:
+      - {{ .Values.persistence.accessMode }}
+      resources:
+        requests:
+          storage: {{ .Values.persistence.size }}
+      volumeMode: Filesystem

argocd-helm-charts/ciso-assistant/charts/ciso-assistant/values.schema.json

@@ -0,0 +1,11 @@
+{
+  "properties": {
+    "global": {
+      "properties": {
+        "appVersion": {
+          "pattern": "^v\\d+\\.\\d+\\.\\d+$"
+        }
+      }
+    }
+  }
+}

argocd-helm-charts/ciso-assistant/charts/ciso-assistant/values.yaml

@@ -0,0 +1,44 @@
+clientName: octopus
+clusterDomain: foo.bar
+emailAdmin: [email protected]
+frontendOrigin: "" # Leave empty to use default ORIGIN, or set custom value
+global:
+  # Override appVersion from Chart.yaml if needed
+  appVersion: "v1.9.7" # When empty, will use Chart.yaml's appVersion
+
+email:
+  defaultFrom: [email protected]
+  debug: false
+  primary:
+    host: primary.cool-mailer.net
+    user: apikey
+    password: "primary_password_here"
+    port: 587
+    useTls: true
+  rescue:
+    host: smtp.secondary.mailer.cloud
+    user: username
+    password: "rescue_password_here"
+    port: 587
+    useTls: true
+
+bodySizeLimit: "50000000"
+
+image:
+  backend:
+    repository: ghcr.io/intuitem/ciso-assistant-community/backend
+    # Use .Chart.AppVersion if global.appVersion is not set
+    tag: "{{ default .Chart.AppVersion .Values.global.appVersion }}"
+    pullPolicy: Always
+  frontend:
+    repository: ghcr.io/intuitem/ciso-assistant-community/frontend
+    tag: "{{ default .Chart.AppVersion .Values.global.appVersion }}"
+    pullPolicy: Always
+  caddy:
+    repository: caddy
+    tag: "2.7.6"
+    pullPolicy: IfNotPresent
+
+persistence:
+  size: 5Gi
+  accessMode: ReadWriteOnce

argocd-helm-charts/ciso-assistant/values.yaml

@@ -0,0 +1 @@
+---