From 452c1edf1b6aa14e18628470c5130ec7348f2bfc Mon Sep 17 00:00:00 2001 From: Sanskar Bhushan Date: Thu, 9 Jan 2025 11:45:59 +0530 Subject: [PATCH] adding ciso-assistant in helm charts Signed-off-by: Sanskar Bhushan --- argocd-helm-charts/ciso-assistant/Chart.lock | 6 + argocd-helm-charts/ciso-assistant/Chart.yaml | 7 ++ .../charts/ciso-assistant/.helmignore | 23 ++++ .../charts/ciso-assistant/Chart.yaml | 7 ++ .../ciso-assistant/templates/_helpers.tpl | 12 ++ .../ciso-assistant/templates/configmap.yaml | 19 +++ .../ciso-assistant/templates/ingress.yaml | 24 ++++ .../ciso-assistant/templates/secret.yaml | 9 ++ .../ciso-assistant/templates/service.yaml | 21 ++++ .../ciso-assistant/templates/statefulset.yaml | 115 ++++++++++++++++++ .../charts/ciso-assistant/values.schema.json | 11 ++ .../charts/ciso-assistant/values.yaml | 44 +++++++ argocd-helm-charts/ciso-assistant/values.yaml | 1 + 13 files changed, 299 insertions(+) create mode 100644 argocd-helm-charts/ciso-assistant/Chart.lock create mode 100644 argocd-helm-charts/ciso-assistant/Chart.yaml create mode 100644 argocd-helm-charts/ciso-assistant/charts/ciso-assistant/.helmignore create mode 100644 argocd-helm-charts/ciso-assistant/charts/ciso-assistant/Chart.yaml create mode 100644 argocd-helm-charts/ciso-assistant/charts/ciso-assistant/templates/_helpers.tpl create mode 100644 argocd-helm-charts/ciso-assistant/charts/ciso-assistant/templates/configmap.yaml create mode 100644 argocd-helm-charts/ciso-assistant/charts/ciso-assistant/templates/ingress.yaml create mode 100644 argocd-helm-charts/ciso-assistant/charts/ciso-assistant/templates/secret.yaml create mode 100644 argocd-helm-charts/ciso-assistant/charts/ciso-assistant/templates/service.yaml create mode 100644 argocd-helm-charts/ciso-assistant/charts/ciso-assistant/templates/statefulset.yaml create mode 100644 argocd-helm-charts/ciso-assistant/charts/ciso-assistant/values.schema.json create mode 100644 argocd-helm-charts/ciso-assistant/charts/ciso-assistant/values.yaml create mode 100644 argocd-helm-charts/ciso-assistant/values.yaml diff --git a/argocd-helm-charts/ciso-assistant/Chart.lock b/argocd-helm-charts/ciso-assistant/Chart.lock new file mode 100644 index 000000000..29344a8b1 --- /dev/null +++ b/argocd-helm-charts/ciso-assistant/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: ciso-assistant + repository: https://intuitem.github.io/ca-helm-chart/ + version: 0.1.0 +digest: sha256:f653855173603589b6313e2b13dc46ba7af0ffb0b51f5e3e53f3d7408f86e20d +generated: "2025-01-09T11:45:16.151540813+05:30" diff --git a/argocd-helm-charts/ciso-assistant/Chart.yaml b/argocd-helm-charts/ciso-assistant/Chart.yaml new file mode 100644 index 000000000..c11555c21 --- /dev/null +++ b/argocd-helm-charts/ciso-assistant/Chart.yaml @@ -0,0 +1,7 @@ +apiVersion: v2 +name: ciso-assistant +version: 1.0.0 +dependencies: + - name: ciso-assistant + version: 0.1.0 + repository: https://intuitem.github.io/ca-helm-chart/ diff --git a/argocd-helm-charts/ciso-assistant/charts/ciso-assistant/.helmignore b/argocd-helm-charts/ciso-assistant/charts/ciso-assistant/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/argocd-helm-charts/ciso-assistant/charts/ciso-assistant/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/argocd-helm-charts/ciso-assistant/charts/ciso-assistant/Chart.yaml b/argocd-helm-charts/ciso-assistant/charts/ciso-assistant/Chart.yaml new file mode 100644 index 000000000..aad33d877 --- /dev/null +++ b/argocd-helm-charts/ciso-assistant/charts/ciso-assistant/Chart.yaml @@ -0,0 +1,7 @@ +apiVersion: v2 +appVersion: v1.9.7 +description: A Helm chart for CISO Assistant k8s's deployment +icon: https://intuitem.com/ciso-assistant.svg +name: ciso-assistant +type: application +version: 0.1.0 diff --git a/argocd-helm-charts/ciso-assistant/charts/ciso-assistant/templates/_helpers.tpl b/argocd-helm-charts/ciso-assistant/charts/ciso-assistant/templates/_helpers.tpl new file mode 100644 index 000000000..1d7c6d3d0 --- /dev/null +++ b/argocd-helm-charts/ciso-assistant/charts/ciso-assistant/templates/_helpers.tpl @@ -0,0 +1,12 @@ +{{/* Get the application version */}} +{{- define "ciso-assistant.appVersion" -}} +{{- default .Chart.AppVersion .Values.global.appVersion -}} +{{- end -}} +{{/* Common labels */}} +{{- define "common.labels" -}} +helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} +app.kubernetes.io/name: {{ .Chart.Name }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} diff --git a/argocd-helm-charts/ciso-assistant/charts/ciso-assistant/templates/configmap.yaml b/argocd-helm-charts/ciso-assistant/charts/ciso-assistant/templates/configmap.yaml new file mode 100644 index 000000000..64affa952 --- /dev/null +++ b/argocd-helm-charts/ciso-assistant/charts/ciso-assistant/templates/configmap.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: ciso-assistant-config + namespace: {{ .Release.Namespace }} + labels: + {{- include "common.labels" . | nindent 4 }} +data: + DEFAULT_FROM_EMAIL: {{ .Values.email.defaultFrom | quote }} + DJANGO_DEBUG: {{ .Values.email.debug | quote }} + EMAIL_HOST: {{ .Values.email.primary.host | quote }} + EMAIL_HOST_RESCUE: {{ .Values.email.rescue.host | quote }} + EMAIL_HOST_USER: {{ .Values.email.primary.user | quote }} + EMAIL_HOST_USER_RESCUE: {{ .Values.email.rescue.user | quote }} + EMAIL_PORT: {{ .Values.email.primary.port | quote }} + EMAIL_PORT_RESCUE: {{ .Values.email.rescue.port | quote }} + EMAIL_USE_TLS: {{ .Values.email.primary.useTls | quote }} + EMAIL_USE_TLS_RESCUE: {{ .Values.email.rescue.useTls | quote }} + BODY_SIZE_LIMIT: {{ .Values.bodySizeLimit | quote }} diff --git a/argocd-helm-charts/ciso-assistant/charts/ciso-assistant/templates/ingress.yaml b/argocd-helm-charts/ciso-assistant/charts/ciso-assistant/templates/ingress.yaml new file mode 100644 index 000000000..33f1e0e93 --- /dev/null +++ b/argocd-helm-charts/ciso-assistant/charts/ciso-assistant/templates/ingress.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + nginx.ingress.kubernetes.io/backend-protocol: HTTPS + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + name: ciso-assistant-{{ .Values.clientName }} + labels: + client: {{ .Values.clientName }} + {{- include "common.labels" . | nindent 4 }} +spec: + ingressClassName: nginx + rules: + - host: {{ .Values.clientName }}.{{ .Values.clusterDomain }} + http: + paths: + - backend: + service: + name: ciso-assistant-{{ .Values.clientName }} + port: + number: 443 + path: / + pathType: Prefix diff --git a/argocd-helm-charts/ciso-assistant/charts/ciso-assistant/templates/secret.yaml b/argocd-helm-charts/ciso-assistant/charts/ciso-assistant/templates/secret.yaml new file mode 100644 index 000000000..40261a1f7 --- /dev/null +++ b/argocd-helm-charts/ciso-assistant/charts/ciso-assistant/templates/secret.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: smtp-out + namespace: {{ .Release.Namespace }} +type: Opaque +data: + EMAIL_HOST_PASSWORD: {{ .Values.email.primary.password | b64enc }} + EMAIL_HOST_PASSWORD_RESCUE: {{ .Values.email.rescue.password | b64enc }} \ No newline at end of file diff --git a/argocd-helm-charts/ciso-assistant/charts/ciso-assistant/templates/service.yaml b/argocd-helm-charts/ciso-assistant/charts/ciso-assistant/templates/service.yaml new file mode 100644 index 000000000..4a0833500 --- /dev/null +++ b/argocd-helm-charts/ciso-assistant/charts/ciso-assistant/templates/service.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + name: ciso-assistant-{{ .Values.clientName }} + labels: + client: {{ .Values.clientName }} + {{- include "common.labels" . | nindent 4 }} +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 80 + - name: https + port: 443 + protocol: TCP + targetPort: 443 + selector: + app: ciso-assistant + client: {{ .Values.clientName }} + type: ClusterIP diff --git a/argocd-helm-charts/ciso-assistant/charts/ciso-assistant/templates/statefulset.yaml b/argocd-helm-charts/ciso-assistant/charts/ciso-assistant/templates/statefulset.yaml new file mode 100644 index 000000000..75b1867a7 --- /dev/null +++ b/argocd-helm-charts/ciso-assistant/charts/ciso-assistant/templates/statefulset.yaml @@ -0,0 +1,115 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: ciso-assistant-{{ .Values.clientName }} + labels: + app: ciso-assistant + client: {{ .Values.clientName }} + version: {{ include "ciso-assistant.appVersion" . }} + {{- include "common.labels" . | nindent 4 }} +spec: + podManagementPolicy: OrderedReady + replicas: 1 + selector: + matchLabels: + app: ciso-assistant + serviceName: svc-ciso-assistant-{{ .Values.clientName }} + template: + metadata: + labels: + app: ciso-assistant + client: {{ .Values.clientName }} + spec: + containers: + - name: ciso-assistant-backend + env: + - name: CISO_ASSISTANT_SUPERUSER_EMAIL + value: {{ .Values.emailAdmin }} + - name: CISO_ASSISTANT_URL + value: https://{{ .Values.clientName }}.{{ .Values.clusterDomain }} + - name: ALLOWED_HOSTS + value: localhost,127.0.0.1,{{ .Values.clientName }}.{{ .Values.clusterDomain }} + - name: EMAIL_HOST_PASSWORD + valueFrom: + secretKeyRef: + key: EMAIL_HOST_PASSWORD + name: smtp-out + - name: EMAIL_HOST_PASSWORD_RESCUE + valueFrom: + secretKeyRef: + key: EMAIL_HOST_PASSWORD_RESCUE + name: smtp-out + envFrom: + - configMapRef: + name: ciso-assistant-config + image: "{{ .Values.image.backend.repository }}:{{ include "ciso-assistant.appVersion" . }}" + imagePullPolicy: {{ .Values.image.backend.pullPolicy }} + ports: + - containerPort: 8000 + protocol: TCP + volumeMounts: + - mountPath: /code/db + name: db-data + - name: ciso-assistant-frontend + env: + - name: ORIGIN + value: "{{ .Values.frontendOrigin | default (printf "https://%s.%s" .Values.clientName .Values.clusterDomain) }}" + - name: PUBLIC_BACKEND_API_EXPOSED_URL + value: https://{{ .Values.clientName }}.{{ .Values.clusterDomain }}/api + envFrom: + - configMapRef: + name: ciso-assistant-config + image: "{{ .Values.image.frontend.repository }}:{{ include "ciso-assistant.appVersion" . }}" + imagePullPolicy: {{ .Values.image.frontend.pullPolicy }} + ports: + - containerPort: 3000 + protocol: TCP + - name: caddy + command: + - sh + - '-c' + - | + echo {{ .Values.clientName }}.{{ .Values.clusterDomain }} "{" > Caddyfile + echo "reverse_proxy /api/iam/sso/redirect/ localhost:8000" >> Caddyfile + echo "reverse_proxy /api/accounts/saml/0/acs/ localhost:8000" >> Caddyfile + echo "reverse_proxy /api/accounts/saml/0/acs/finish/ localhost:8000" >> Caddyfile + echo "reverse_proxy /* localhost:3000" >> Caddyfile + echo "}" >> Caddyfile + exec caddy run + env: + - name: CISO_ASSISTANT_URL + value: https://{{ .Values.clientName }}.{{ .Values.clusterDomain }} + image: "{{ .Values.image.caddy.repository }}:{{ .Values.image.caddy.tag }}" + imagePullPolicy: {{ .Values.image.caddy.pullPolicy }} + ports: + - containerPort: 80 + protocol: TCP + - containerPort: 443 + protocol: TCP + volumeMounts: + - mountPath: /data + name: db-data + subPath: caddy + enableServiceLinks: false + imagePullSecrets: + - name: registry-secret + restartPolicy: Always + volumes: + - name: db-data + persistentVolumeClaim: + claimName: db-data + volumeClaimTemplates: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + labels: + app: ciso-assistant + client: {{ .Values.clientName }} + name: db-data + spec: + accessModes: + - {{ .Values.persistence.accessMode }} + resources: + requests: + storage: {{ .Values.persistence.size }} + volumeMode: Filesystem diff --git a/argocd-helm-charts/ciso-assistant/charts/ciso-assistant/values.schema.json b/argocd-helm-charts/ciso-assistant/charts/ciso-assistant/values.schema.json new file mode 100644 index 000000000..7ae375ca5 --- /dev/null +++ b/argocd-helm-charts/ciso-assistant/charts/ciso-assistant/values.schema.json @@ -0,0 +1,11 @@ +{ + "properties": { + "global": { + "properties": { + "appVersion": { + "pattern": "^v\\d+\\.\\d+\\.\\d+$" + } + } + } + } +} diff --git a/argocd-helm-charts/ciso-assistant/charts/ciso-assistant/values.yaml b/argocd-helm-charts/ciso-assistant/charts/ciso-assistant/values.yaml new file mode 100644 index 000000000..2c3742f11 --- /dev/null +++ b/argocd-helm-charts/ciso-assistant/charts/ciso-assistant/values.yaml @@ -0,0 +1,44 @@ +clientName: octopus +clusterDomain: foo.bar +emailAdmin: admin@example.net +frontendOrigin: "" # Leave empty to use default ORIGIN, or set custom value +global: + # Override appVersion from Chart.yaml if needed + appVersion: "v1.9.7" # When empty, will use Chart.yaml's appVersion + +email: + defaultFrom: no-reply@ciso-assistant.net + debug: false + primary: + host: primary.cool-mailer.net + user: apikey + password: "primary_password_here" + port: 587 + useTls: true + rescue: + host: smtp.secondary.mailer.cloud + user: username + password: "rescue_password_here" + port: 587 + useTls: true + +bodySizeLimit: "50000000" + +image: + backend: + repository: ghcr.io/intuitem/ciso-assistant-community/backend + # Use .Chart.AppVersion if global.appVersion is not set + tag: "{{ default .Chart.AppVersion .Values.global.appVersion }}" + pullPolicy: Always + frontend: + repository: ghcr.io/intuitem/ciso-assistant-community/frontend + tag: "{{ default .Chart.AppVersion .Values.global.appVersion }}" + pullPolicy: Always + caddy: + repository: caddy + tag: "2.7.6" + pullPolicy: IfNotPresent + +persistence: + size: 5Gi + accessMode: ReadWriteOnce diff --git a/argocd-helm-charts/ciso-assistant/values.yaml b/argocd-helm-charts/ciso-assistant/values.yaml new file mode 100644 index 000000000..ed97d539c --- /dev/null +++ b/argocd-helm-charts/ciso-assistant/values.yaml @@ -0,0 +1 @@ +---