Port enhancement from dependency-track chart to hyades

Includes changes from: * #13 * #22 * #23 * #33 * #34 * #42 * #52 * #55 * #57 * #83 * #87 Co-authored-by: Pawel Mrowka <[email protected]> Co-authored-by: Edvin Norling <[email protected]> Co-authored-by: Jaz Ark <[email protected]> Co-authored-by: Arnaud Hatzenbuhler <[email protected]> Co-authored-by: Stefan Hynek <[email protected]> Co-authored-by: Theodor van Nahl <[email protected]> Co-authored-by: Sergiy Kulanov <[email protected]> Signed-off-by: nscuro <[email protected]>
DependencyTrack · Jun 12, 2024 · 81e3fc5 · 81e3fc5
1 parent 60039ae
commit 81e3fc5
Show file tree

Hide file tree

Showing 17 changed files with 366 additions and 116 deletions.
diff --git a/charts/hyades/templates/_helpers.tpl b/charts/hyades/templates/_helpers.tpl
@@ -35,7 +35,6 @@ Common labels
 */}}
 {{- define "hyades.commonLabels" -}}
 helm.sh/chart: {{ include "hyades.chart" . }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 app.kubernetes.io/part-of: {{ include "hyades.name" . }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
@@ -54,6 +53,7 @@ API server labels
 {{- define "hyades.apiServerLabels" -}}
 {{ include "hyades.commonLabels" . }}
 {{ include "hyades.apiServerSelectorLabels" . }}
+app.kubernetes.io/version: {{ (.Values.apiServer.image.tag | default .Chart.AppVersion) | quote }}
 {{- end -}}
 
 {{/*
@@ -93,6 +93,7 @@ Frontend labels
 {{- define "hyades.frontendLabels" -}}
 {{ include "hyades.commonLabels" . }}
 {{ include "hyades.frontendSelectorLabels" . }}
+app.kubernetes.io/version: {{ (.Values.frontend.image.tag | default .Chart.AppVersion) | quote }}
 {{- end -}}
 
 {{/*
@@ -132,6 +133,7 @@ Mirror service labels
 {{- define "hyades.mirrorServiceLabels" -}}
 {{ include "hyades.commonLabels" . }}
 {{ include "hyades.mirrorServiceSelectorLabels" . }}
+app.kubernetes.io/version: {{ (.Values.mirrorService.image.tag | default .Chart.AppVersion) | quote }}
 {{- end -}}
 
 {{/*
@@ -171,6 +173,7 @@ Notification publisher labels
 {{- define "hyades.notificationPublisherLabels" -}}
 {{ include "hyades.commonLabels" . }}
 {{ include "hyades.notificationPublisherSelectorLabels" . }}
+app.kubernetes.io/version: {{ (.Values.notificationPublisher.image.tag | default .Chart.AppVersion) | quote }}
 {{- end -}}
 
 {{/*
@@ -210,6 +213,7 @@ Repository metadata analyzer labels
 {{- define "hyades.repoMetaAnalyzerLabels" -}}
 {{ include "hyades.commonLabels" . }}
 {{ include "hyades.repoMetaAnalyzerSelectorLabels" . }}
+app.kubernetes.io/version: {{ (.Values.repoMetaAnalyzer.image.tag | default .Chart.AppVersion) | quote }}
 {{- end -}}
 
 {{/*
@@ -249,6 +253,7 @@ Vulnerability analyzer labels
 {{- define "hyades.vulnAnalyzerLabels" -}}
 {{ include "hyades.commonLabels" . }}
 {{ include "hyades.vulnAnalyzerSelectorLabels" . }}
+app.kubernetes.io/version: {{ (.Values.vulnAnalyzer.image.tag | default .Chart.AppVersion) | quote }}
 {{- end -}}
 
 {{/*
@@ -290,3 +295,14 @@ Vulnerability analyzer image
 {{- printf "%s-secret-key" (include "hyades.fullname" .) -}}
 {{- end -}}
 {{- end -}}
+
+{{/*
+Create the name of the service account
+*/}}
+{{- define "hyades.serviceAccountName" -}}
+{{- if .Values.common.serviceAccount.create }}
+{{- default (include "hyades.fullname" .) .Values.common.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.common.serviceAccount.name }}
+{{- end }}
+{{- end }}
diff --git a/charts/hyades/templates/api-server/deployment.yaml b/charts/hyades/templates/api-server/deployment.yaml
@@ -23,6 +23,11 @@ spec:
       {{- with .Values.common.image.pullSecrets }}
       imagePullSecrets: {{- toYaml . | nindent 6 }}
       {{- end }}
+      initContainers:
+      {{- with .Values.apiServer.initContainers }}
+      {{- toYaml . | nindent 6 }}
+      {{- end }}
+      serviceAccountName: {{ include "hyades.serviceAccountName" . }}
       terminationGracePeriodSeconds: {{ .Values.apiServer.terminationGracePeriodSeconds }}
       containers:
       - name: {{ include "hyades.apiServerName" . }}
@@ -73,9 +78,8 @@ spec:
         - name: KAFKA_TOPIC_PREFIX
           value: {{ . | quote }}
         {{- end }}
-        {{- range $k, $v := .Values.apiServer.extraEnv }}
-        - name: {{ $k }}
-          value: {{ $v | quote }}
+        {{- with .Values.apiServer.extraEnv }}
+        {{- toYaml . | nindent 8 }}
         {{- end }}
         {{- with .Values.apiServer.extraEnvFrom }}
         envFrom: {{ toYaml . | nindent 8 }}
@@ -95,6 +99,9 @@ spec:
           mountPath: /var/run/secrets/secret.key
           readOnly: true
         {{- end }}
+        {{- with .Values.apiServer.additionalVolumeMounts }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
         livenessProbe:
           httpGet:
             scheme: HTTP
@@ -115,6 +122,15 @@ spec:
           periodSeconds: {{ .Values.apiServer.probes.readiness.periodSeconds }}
           successThreshold: {{ .Values.apiServer.probes.readiness.successThreshold }}
           timeoutSeconds: {{ .Values.apiServer.probes.readiness.timeoutSeconds }}
+      {{- with .Values.apiServer.extraContainers }}
+      {{- toYaml . | nindent 6 }}
+      {{- end }}
+      {{- with .Values.apiServer.tolerations }}
+      tolerations: {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.apiServer.nodeSelector }}
+      nodeSelector: {{- toYaml . | nindent 8 }}
+      {{- end }}
       volumes:
       - name: data
         emptyDir: {}
@@ -125,4 +141,7 @@ spec:
         secret:
           secretName: {{ . }}
       {{- end }}
+      {{- with .Values.apiServer.additionalVolumes }}
+      {{- toYaml . | nindent 6 }}
+      {{- end }}
 {{- end }}
diff --git a/charts/hyades/templates/api-server/ingress.yaml b/charts/hyades/templates/api-server/ingress.yaml
diff --git a/charts/hyades/templates/api-server/service.yaml b/charts/hyades/templates/api-server/service.yaml
@@ -6,6 +6,9 @@ metadata:
   name: {{ include "hyades.apiServerFullname" . }}
   namespace: {{ .Release.Namespace }}
   labels: {{- include "hyades.apiServerLabels" . | nindent 4 }}
+  {{- with .Values.apiServer.service.annotations }}
+  annotations: {{- toYaml . | nindent 4 }}
+  {{- end }}
 spec:
   type: {{ .Values.apiServer.service.type | quote }}
   ports:

diff --git a/charts/hyades/templates/frontend/deployment.yaml b/charts/hyades/templates/frontend/deployment.yaml
@@ -20,6 +20,11 @@ spec:
       {{- with .Values.common.image.pullSecrets }}
       imagePullSecrets: {{- toYaml . | nindent 6 }}
       {{- end }}
+      initContainers:
+      {{- if .Values.frontend.initContainers }}
+      {{- toYaml .Values.frontend.initContainers | nindent 6 }}
+      {{- end }}
+      serviceAccountName: {{ include "hyades.serviceAccountName" . }}
       containers:
       - name: {{ include "hyades.frontendName" . }}
         image: {{ include "hyades.frontendImage" . }}
@@ -39,14 +44,12 @@ spec:
         {{- with .Values.frontend.args }}
         args: {{ toYaml . | nindent 8 }}
         {{- end }}
-        resources:
-          {{- toYaml .Values.frontend.resources | nindent 10 }}
+        resources: {{- toYaml .Values.frontend.resources | nindent 10 }}
         env:
         - name: API_BASE_URL
           value: {{ .Values.frontend.apiBaseUrl | quote }}
-        {{- range $k, $v := .Values.frontend.extraEnv }}
-        - name: {{ $k }}
-          value: {{ $v | quote }}
+        {{- with .Values.frontend.extraEnv }}
+        {{- toYaml . | nindent 8 }}
         {{- end }}
         {{- with .Values.frontend.extraEnvFrom }}
         envFrom: {{ toYaml . | nindent 8 }}
@@ -55,6 +58,12 @@ spec:
         - name: web
           containerPort: 8080
           protocol: TCP
+        volumeMounts:
+        - name: tmp
+          mountPath: /tmp
+        {{- with .Values.frontend.additionalVolumeMounts }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
         livenessProbe:
           httpGet:
             scheme: HTTP
@@ -75,4 +84,21 @@ spec:
           periodSeconds: {{ .Values.frontend.probes.readiness.periodSeconds }}
           successThreshold: {{ .Values.frontend.probes.readiness.successThreshold }}
           timeoutSeconds: {{ .Values.frontend.probes.readiness.timeoutSeconds }}
+      {{- with .Values.frontend.extraContainers }}
+      {{- toYaml . | nindent 6 }}
+      {{- end }}
+      {{- with .Values.frontend.tolerations }}
+      tolerations:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.frontend.nodeSelector }}
+      nodeSelector:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      volumes:
+      - name: tmp
+        emptyDir: {}
+      {{- with .Values.frontend.additionalVolumes }}
+      {{- toYaml . | nindent 6 }}
+      {{- end }}
   {{- end }}
diff --git a/charts/hyades/templates/frontend/ingress.yaml b/charts/hyades/templates/frontend/ingress.yaml
diff --git a/charts/hyades/templates/frontend/service.yaml b/charts/hyades/templates/frontend/service.yaml
@@ -6,6 +6,9 @@ metadata:
   name: {{ include "hyades.frontendFullname" . }}
   namespace: {{ .Release.Namespace }}
   labels: {{- include "hyades.frontendLabels" . | nindent 4 }}
+  {{- with .Values.frontend.service.annotations }}
+  annotations: {{- toYaml . | nindent 4 }}
+  {{- end }}
 spec:
   type: {{ .Values.frontend.service.type | quote }}
   ports:

diff --git a/charts/hyades/templates/ingress.yaml b/charts/hyades/templates/ingress.yaml
@@ -0,0 +1,46 @@
+{{- if and .Values.ingress.enabled (or .Values.apiServer.enabled .Values.frontend.enabled) -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ include "hyades.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  {{- with .Values.ingress.annotations }}
+  annotations: {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if .Values.ingress.ingressClassName | empty | not }}
+  ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
+  {{- end }}
+  {{- if .Values.ingress.tls }}
+  tls:
+  {{- range .Values.ingress.tls }}
+  - hosts:
+    {{- range .hosts }}
+    - {{ . | quote }}
+    {{- end }}
+    secretName: {{ .secretName }}
+  {{- end }}
+  {{- end }}
+  rules:
+  - host: {{ .Values.ingress.hostname | quote }}
+    http:
+      paths:
+      {{- if .Values.apiServer.enabled }}
+      - path: /api
+        pathType: Prefix
+        backend:
+          service:
+            name: {{ include "hyades.apiServerFullname" . }}
+            port:
+              name: web
+      {{- end }}
+      {{- if .Values.frontend.enabled }}
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: {{ include "hyades.frontendFullname" . }}
+            port:
+              name: web
+      {{- end }}
+{{- end }}
diff --git a/charts/hyades/templates/mirror-service/deployment.yaml b/charts/hyades/templates/mirror-service/deployment.yaml
@@ -23,6 +23,11 @@ spec:
       {{- with .Values.common.image.pullSecrets }}
       imagePullSecrets: {{- toYaml . | nindent 6 }}
       {{- end }}
+      initContainers:
+      {{- if .Values.mirrorService.initContainers }}
+      {{- toYaml .Values.mirrorService.initContainers | nindent 6 }}
+      {{- end }}
+      serviceAccountName: {{ include "hyades.serviceAccountName" . }}
       containers:
       - name: {{ include "hyades.mirrorServiceName" . }}
         image: {{ include "hyades.mirrorServiceImage" . }}
@@ -42,18 +47,36 @@ spec:
         {{- with .Values.mirrorService.args }}
         args: {{ toYaml . | nindent 8 }}
         {{- end }}
-        resources:
-          {{- toYaml .Values.mirrorService.resources | nindent 10 }}
+        resources: {{- toYaml .Values.mirrorService.resources | nindent 10 }}
         env:
+        {{- if (include "hyades.secretKeySecretName" .) }}
+        - name: ALPINE_SECRET_KEY_PATH
+          value: "/var/run/secrets/secret.key"
+        {{- end }}
+        - name: ALPINE_DATABASE_MODE
+          value: "external"
+        - name: ALPINE_DATABASE_DRIVER
+          value: "org.postgresql.Driver"
+        {{- with .Values.common.database.jdbcUrl }}
+        - name: ALPINE_DATABASE_URL
+          value: {{ tpl . $ | quote }}
+        {{- end}}
+        {{- with .Values.common.database.username }}
+        - name: ALPINE_DATABASE_USERNAME
+          value: {{ . | quote }}
+        {{- end }}
+        {{- with .Values.common.database.password }}
+        - name: ALPINE_DATABASE_PASSWORD
+          value: {{ . | quote }}
+        {{- end }}
         - name: KAFKA_BOOTSTRAP_SERVERS
           value: {{ tpl .Values.common.kafka.bootstrapServers $ | quote }}
         {{- with .Values.common.kafka.topicPrefix }}
         - name: KAFKA_TOPIC_PREFIX
           value: {{ . | quote }}
         {{- end }}
-        {{- range $k, $v := .Values.mirrorService.extraEnv }}
-        - name: {{ $k }}
-          value: {{ $v | quote }}
+        {{- with .Values.mirrorService.extraEnv }}
+        {{- toYaml . | nindent 8 }}
         {{- end }}
         {{- with .Values.mirrorService.extraEnvFrom }}
         envFrom: {{ toYaml . | nindent 8 }}
@@ -71,6 +94,9 @@ spec:
           mountPath: /var/run/secrets/secret.key
           readOnly: true
         {{- end }}
+        {{- with .Values.mirrorService.additionalVolumeMounts }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
         livenessProbe:
           httpGet:
             scheme: HTTP
@@ -94,9 +120,12 @@ spec:
       volumes:
       - name: tmp
         emptyDir: {}
-            {{- with (include "hyades.secretKeySecretName" .) }}
+      {{- with (include "hyades.secretKeySecretName" .) }}
       - name: secret-key
         secret:
           secretName: {{ . }}
-            {{- end }}
+      {{- end }}
+      {{- with .Values.mirrorService.additionalVolumes }}
+      {{- toYaml . | nindent 6 }}
+      {{- end }}
   {{- end }}