From 2030175a2540bed1609ca0790f8e2a0ea762c316 Mon Sep 17 00:00:00 2001 From: sunnyyip Date: Tue, 30 Apr 2024 09:44:41 -0400 Subject: [PATCH] version 0.2.9 (#47) * add traefik ingressroute Signed-off-by: Sunny Yip * lower minio mem request Signed-off-by: Sunny Yip * update ingressroute enable param Signed-off-by: Sunny Yip * add alb-oidc-secret read role Signed-off-by: Sunny Yip * undeploy alb secret read role Signed-off-by: Sunny Yip * clean up ingress yaml Signed-off-by: Sunny Yip * bump version Signed-off-by: Sunny Yip * fix white spaces Signed-off-by: Sunny Yip * fix linting error Signed-off-by: Sunny Yip * remove traefik ingress defaults Signed-off-by: Sunny Yip * add support to create nodeport service for gql server Signed-off-by: Sunny Yip * update README Signed-off-by: Sunny Yip * check in test values file Signed-off-by: Sunny Yip * fix linting test Signed-off-by: Sunny Yip * tidy up test workflow Signed-off-by: Sunny Yip * add service accounts Signed-off-by: Sunny Yip * parameterize resources Signed-off-by: Sunny Yip * support deploying additional objects Signed-off-by: Sunny Yip * remove common env vars Signed-off-by: Sunny Yip * add service account for depsdev collector Signed-off-by: Sunny Yip * add tolerations support Signed-off-by: Sunny Yip * add tolerations support Signed-off-by: Sunny Yip * tidy up resource requests Signed-off-by: Sunny Yip * unset default db-address Signed-off-by: Sunny Yip * properly disable osv-certifier Signed-off-by: Sunny Yip * properly disable osv-certifier Signed-off-by: Sunny Yip * properly disable deployment Signed-off-by: Sunny Yip * support additional volumes Signed-off-by: Sunny Yip * support additional volumes Signed-off-by: Sunny Yip * take list of env vars Signed-off-by: Sunny Yip * take list of env vars Signed-off-by: Sunny Yip * reduce memory requests Signed-off-by: Sunny Yip * update readme and bump version Signed-off-by: Sunny Yip * add guacrest Signed-off-by: Sunny Yip * define minio request memory or else it defaults to 16G Signed-off-by: Sunny Yip * properly disable service account Signed-off-by: Sunny Yip --------- Signed-off-by: Sunny Yip --- charts/guac/Chart.yaml | 4 +- charts/guac/README.md | 230 +++++++------ charts/guac/schema.json | 323 ++++++++++++++++-- charts/guac/templates/additional-objects.yaml | 9 + .../guac/templates/collectsub-deployment.yaml | 29 +- charts/guac/templates/collectsub-sa.yaml | 17 + .../depsdev-collector-deployment.yaml | 28 +- .../guac/templates/depsdev-collector-sa.yaml | 17 + .../templates/graphql-server-deployment.yaml | 33 +- charts/guac/templates/graphql-server-sa.yaml | 17 + .../guac/templates/guacrest-deployment.yaml | 78 +++++ charts/guac/templates/guacrest-sa.yaml | 17 + charts/guac/templates/guacrest-service.yaml | 24 ++ .../guac/templates/ingest-guac-data-job.yaml | 16 +- .../guac/templates/ingestor-deployment.yaml | 27 +- charts/guac/templates/ingestor-sa.yaml | 17 + .../templates/oci-collector-deployment.yaml | 22 +- charts/guac/templates/oci-collector-sa.yaml | 17 + .../templates/osv-certifier-deployment.yaml | 29 +- charts/guac/templates/osv-certifier-sa.yaml | 17 + .../guac/templates/visualizer-deployment.yaml | 25 +- charts/guac/values.yaml | 168 +++++++-- 22 files changed, 936 insertions(+), 228 deletions(-) create mode 100644 charts/guac/templates/additional-objects.yaml create mode 100644 charts/guac/templates/collectsub-sa.yaml create mode 100644 charts/guac/templates/depsdev-collector-sa.yaml create mode 100644 charts/guac/templates/graphql-server-sa.yaml create mode 100644 charts/guac/templates/guacrest-deployment.yaml create mode 100644 charts/guac/templates/guacrest-sa.yaml create mode 100644 charts/guac/templates/guacrest-service.yaml create mode 100644 charts/guac/templates/ingestor-sa.yaml create mode 100644 charts/guac/templates/oci-collector-sa.yaml create mode 100644 charts/guac/templates/osv-certifier-sa.yaml diff --git a/charts/guac/Chart.yaml b/charts/guac/Chart.yaml index 3af7f2b..cec29af 100644 --- a/charts/guac/Chart.yaml +++ b/charts/guac/Chart.yaml @@ -9,8 +9,8 @@ maintainers: email: guac-info@kusari.dev type: application -version: 0.2.8 -appVersion: "v0.5.1" +version: 0.2.9 +appVersion: "v0.5.2" dependencies: - name: nats diff --git a/charts/guac/README.md b/charts/guac/README.md index f1ed24d..b0a1d95 100644 --- a/charts/guac/README.md +++ b/charts/guac/README.md @@ -95,102 +95,138 @@ kubectl port-forward svc/collectsub 2782:2782 This section contains parameters for configuring the different GUAC components. -| Name | Description | Value | -| -------------------------------------------------------------- | -------------------------------------------------------------------------------------------- | ------------------------------------------------------- | -| `guac.guacImage.repository` | Path to the GUAC image | `ghcr.io/guacsec/guac` | -| `guac.guacImage.tag` | Tag if using an image tag. Optional | `undefined` | -| `guac.guacImage.digest` | Sha256 Image Digest. It is strongly recommended to use this for verification. | `""` | -| `guac.guacImage.pullPolicy` | ImagePullPolicy for kubernetes | `IfNotPresent` | -| `guac.guacImage.workingDir` | Working Directory for GUAC | `/guac` | -| `guac.common.env` | Environment variables common apply for all guac services | `""` | -| `guac.ociCollector.enabled` | String Whether to deploy OCI Collector | `true` | -| `guac.ociCollector.name` | String Name of the OCI Collector component. | `oci-collector` | -| `guac.ociCollector.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | -| `guac.ociCollector.replicas` | Number of replicas for oci collector deployment | `1` | -| `guac.ociCollector.image.command` | Command for the OCI Collector image. It is not recommended to override this. | `["sh","-c","/opt/guac/guaccollect image"]` | -| `guac.ociCollector.env` | Environment variables for OCI Collector. | `{}` | -| `guac.ociCollector.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | -| `guac.depsDevCollector.enabled` | String Whether to deploy Deps.Dev Collector | `true` | -| `guac.depsDevCollector.name` | String Name of the Deps.Dev Collector component. | `depsdev-collector` | -| `guac.depsDevCollector.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | -| `guac.depsDevCollector.replicas` | Number of replicas for depsdev collector deployment | `1` | -| `guac.depsDevCollector.image.command` | Command for the Deps.Dev Collector image. It is not recommended to override this. | `["sh","-c","/opt/guac/guaccollect deps_dev"]` | -| `guac.depsDevCollector.env` | Environment variables for Deps.Dev Collector. | `{}` | -| `guac.depsDevCollector.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | -| `guac.osvCertifier.enabled` | String Whether to deploy OSV Certifier | `true` | -| `guac.osvCertifier.name` | String Name of the OSV Certifier component. | `osv-certifier` | -| `guac.osvCertifier.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | -| `guac.osvCertifier.replicas` | Number of replicas for OSV Certifier deployment | `1` | -| `guac.osvCertifier.image.command` | Command for the OSV Certifier Collector image. It is not recommended to override this. | `["sh","-c","/opt/guac/guacone certifier osv --poll"]` | -| `guac.osvCertifier.env` | Environment variables for OSV Certifier Collector. | `{}` | -| `guac.osvCertifier.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | -| `guac.ingestor.enabled` | String Whether to deploy Ingestor | `true` | -| `guac.ingestor.name` | String Name of the ingestor component. | `ingestor` | -| `guac.ingestor.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | -| `guac.ingestor.replicas` | Number of replicas for ingestor deployment | `1` | -| `guac.ingestor.image.command` | Command for the ingestor image. It is not recommended to override this. | `["sh","-c","/opt/guac/guacingest"]` | -| `guac.ingestor.env` | Environment variables for ingestor. | `{}` | -| `guac.ingestor.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | -| `guac.collectSub.enabled` | String Whether to deploy Collector Sub | `true` | -| `guac.collectSub.name` | String Name of the Collector Sub component. | `collectsub` | -| `guac.collectSub.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | -| `guac.collectSub.replicas` | Number of replicas for Collector Sub deployment | `1` | -| `guac.collectSub.image.command` | Command for the Collector Sub image. It is not recommended to override this. | `["sh","-c","/opt/guac/guaccsub"]` | -| `guac.collectSub.env` | Environment variables for Collector Sub. | `{}` | -| `guac.collectSub.image.ports[0].containerPort` | Port the Collector Sub container listens on | `2782` | -| `guac.collectSub.svcPorts[0].protocol` | Protocol used at Collector Sub | `TCP` | -| `guac.collectSub.svcPorts[0].port` | Port the Collector Sub service listens on | `2782` | -| `guac.collectSub.svcPorts[0].targetPort` | Port the Collector Sub container listens on | `2782` | -| `guac.collectSub.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | -| `guac.graphqlServer.enabled` | String Whether to deploy GraphQL Server | `true` | -| `guac.graphqlServer.name` | String Name of the GraphQL Server component. | `graphql-server` | -| `guac.graphqlServer.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | -| `guac.graphqlServer.replicas` | Number of replicas for GraphQL Server deployment | `1` | -| `guac.graphqlServer.image.command` | Command for the GraphQL Server image. It is not recommended to override this. | `["sh","-c","/opt/guac/guacgql"]` | -| `guac.graphqlServer.env` | Environment variables for GraphQL Server. | `{}` | -| `guac.graphqlServer.image.ports[0].containerPort` | Port the GraphQL Server container listens on | `8080` | -| `guac.graphqlServer.svcPorts[0].protocol` | Protocol used at the the GraphQL Server | `TCP` | -| `guac.graphqlServer.svcPorts[0].port` | Port the GraphQL Server service listens on | `8080` | -| `guac.graphqlServer.svcPorts[0].targetPort` | Port the GraphQL Server container listens on | `8080` | -| `guac.graphqlServer.nodePortSvcPorts` | NodePort service port definition | `{}` | -| `guac.graphqlServer.backend` | which backend to use - keyvalue (default) | arango | ent. | `keyvalue` | -| `guac.graphqlServer.debug` | Enable debug mode for graphql server; also enable the UI | `true` | -| `guac.graphqlServer.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | -| `guac.graphqlServer.service.createNodePortService` | - Whether to deploy a NodePort type service | `false` | -| `guac.visualizer.enabled` | String Whether to deploy the visualizer. | `true` | -| `guac.visualizer.name` | String Name of the visualizer. | `visualizer` | -| `guac.visualizer.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | -| `guac.visualizer.replicas` | Number of replicas for visualizer deployment | `1` | -| `guac.visualizer.image.repository` | Path to the Ingestor image | `ghcr.io/guacsec/guac-visualizer` | -| `guac.visualizer.image.tag` | Tag if using an image tag. Optional | `v0.0.3` | -| `guac.visualizer.image.digest` | Sha256 Image Digest. It is strongly recommended to use this for verification. | `""` | -| `guac.visualizer.image.pullPolicy` | ImagePullPolicy for kubernetes | `IfNotPresent` | -| `guac.visualizer.image.ports[0].containerPort` | Port the visualizer container listens on | `3000` | -| `guac.visualizer.svcPorts[0].protocol` | Protocol used at the visualizer | `TCP` | -| `guac.visualizer.svcPorts[0].port` | Port the visualizer service listens on | `3000` | -| `guac.visualizer.svcPorts[0].targetPort` | Port the visualizer container listens on | `3000` | -| `guac.visualizer.env` | Environment variables for the visualizer. | `{}` | -| `guac.visualizer.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | -| `guac.observability.deployServiceMonitor` | Boolean Deploy the service monitor for observability | `false` | -| `guac.sampleData.ingest` | Boolean Whether to ingest sample data after deployment | `false` | -| `guac.sampleData.jobName` | Name of the sample data ingest job | `ingest-guac-data` | -| `guac.sampleData.env` | Environment variables for the sample data ingest job | `{}` | -| `guac.ingress.enabled` | Whether to deploy an Ingress object | `false` | -| `guac.ingress.ingressClassName` | Ingress class name | `undefined` | -| `guac.ingress.webuiHostname` | DNS name for the UI components - e.g. Visualizer, GQL playground | `undefined` | -| `guac.ingress.apiHostname` | DNS name for the GQL API. When specified, GQL API won't be served at webuiHostname | `undefined` | -| `guac.ingress.annotations` | Annotations for the ingress object | `{}` | -| `guac.apiOnlyIngress.enabled` | Whether to deploy an Ingress object to expose API only | `false` | -| `guac.apiOnlyIngress.ingressClassName` | Ingress class name for API only ingress | `undefined` | -| `guac.apiOnlyIngress.apiHostname` | DNS name for the GQL API. | `undefined` | -| `guac.apiOnlyIngress.annotations` | Annotations for the API only ingress object | `{}` | -| `guac.traefikIngressRoute.enabled` | Whether to deploy Traefik IngressRoute object | `false` | -| `guac.backend.ent.db-driver` | database driver to use, one of [postgres | sqlite3 | mysql] or anything supported by sql.DB | `postgres` | -| `guac.backend.ent.db-address` | Full URL of database to connect to | `postgres://guac:guac@host:port/dbName?sslmode=disable` | -| `guac.backend.ent.db-migrate` | Wether to automatically run database migrations on start | `true` | -| `guac.backend.ent.db-debug` | Enable debug logging for database queries | `true` | -| `guac.pubSubAddr` | String gocloud connection string for pubsub configured via https://gocloud.dev/howto/pubsub/ | `undefined` | -| `guac.blobAddr` | gocloud connection string for blob store configured via https://gocloud.dev/howto/blob/ | `undefined` | +| Name | Description | Value | +| -------------------------------------------------------------- | -------------------------------------------------------------------------------------------- | ------------------------------------------------------ | +| `guac.guacImage.repository` | Path to the GUAC image | `ghcr.io/guacsec/guac` | +| `guac.guacImage.tag` | Tag if using an image tag. Optional | `undefined` | +| `guac.guacImage.digest` | Sha256 Image Digest. It is strongly recommended to use this for verification. | `""` | +| `guac.guacImage.pullPolicy` | ImagePullPolicy for kubernetes | `IfNotPresent` | +| `guac.guacImage.workingDir` | Working Directory for GUAC | `/guac` | +| `guac.common.env` | Environment variables common apply for all guac services | `""` | +| `guac.ociCollector.enabled` | String Whether to deploy OCI Collector | `true` | +| `guac.ociCollector.name` | String Name of the OCI Collector component. | `oci-collector` | +| `guac.ociCollector.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | +| `guac.ociCollector.replicas` | Number of replicas for oci collector deployment | `1` | +| `guac.ociCollector.image.command` | Command for the OCI Collector image. It is not recommended to override this. | `["sh","-c","/opt/guac/guaccollect image"]` | +| `guac.ociCollector.env` | Environment variables for OCI Collector. | `[]` | +| `guac.ociCollector.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | +| `guac.ociCollector.tolerations` | | `[]` | +| `guac.ociCollector.serviceAccount.annotations` | - OCI Collector service account annotations | `{}` | +| `guac.ociCollector.resources` | - [map] resource requests or limits of the ociCollector deployment | `{}` | +| `guac.depsDevCollector.enabled` | String Whether to deploy Deps.Dev Collector | `true` | +| `guac.depsDevCollector.name` | String Name of the Deps.Dev Collector component. | `depsdev-collector` | +| `guac.depsDevCollector.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | +| `guac.depsDevCollector.replicas` | Number of replicas for depsdev collector deployment | `1` | +| `guac.depsDevCollector.image.command` | Command for the Deps.Dev Collector image. It is not recommended to override this. | `["sh","-c","/opt/guac/guaccollect deps_dev"]` | +| `guac.depsDevCollector.env` | Environment variables for Deps.Dev Collector. | `[]` | +| `guac.depsDevCollector.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | +| `guac.depsDevCollector.tolerations` | | `[]` | +| `guac.depsDevCollector.serviceAccount.annotations` | | `{}` | +| `guac.depsDevCollector.resources` | - [map] resource requests or limits of the depsDevCollector deployment | `{}` | +| `guac.osvCertifier.enabled` | String Whether to deploy OSV Certifier | `true` | +| `guac.osvCertifier.name` | String Name of the OSV Certifier component. | `osv-certifier` | +| `guac.osvCertifier.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | +| `guac.osvCertifier.replicas` | Number of replicas for OSV Certifier deployment | `1` | +| `guac.osvCertifier.image.command` | Command for the OSV Certifier Collector image. It is not recommended to override this. | `["sh","-c","/opt/guac/guacone certifier osv --poll"]` | +| `guac.osvCertifier.env` | Environment variables for OSV Certifier Collector. | `[]` | +| `guac.osvCertifier.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | +| `guac.osvCertifier.tolerations` | | `[]` | +| `guac.osvCertifier.serviceAccount.annotations` | - OSV Certifier service account annotations | `{}` | +| `guac.osvCertifier.resources` | - [map] resource requests or limits of the OSV Certifier deployment | `{}` | +| `guac.ingestor.enabled` | String Whether to deploy Ingestor | `true` | +| `guac.ingestor.name` | String Name of the ingestor component. | `ingestor` | +| `guac.ingestor.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | +| `guac.ingestor.replicas` | Number of replicas for ingestor deployment | `1` | +| `guac.ingestor.image.command` | Command for the ingestor image. It is not recommended to override this. | `["sh","-c","/opt/guac/guacingest"]` | +| `guac.ingestor.env` | Environment variables for ingestor. | `[]` | +| `guac.ingestor.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | +| `guac.ingestor.serviceAccount.annotations` | - Ingestor service account annotations | `{}` | +| `guac.ingestor.tolerations` | | `[]` | +| `guac.ingestor.resources` | - [map] resource requests or limits of the ingestor deployment | `{}` | +| `guac.collectSub.enabled` | String Whether to deploy CollectSub | `true` | +| `guac.collectSub.name` | String Name of the CollectSub component. | `collectsub` | +| `guac.collectSub.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | +| `guac.collectSub.replicas` | Number of replicas for CollectSub deployment | `1` | +| `guac.collectSub.image.command` | Command for the CollectSub image. It is not recommended to override this. | `["sh","-c","/opt/guac/guaccsub"]` | +| `guac.collectSub.env` | Environment variables for CollectSub. | `[]` | +| `guac.collectSub.image.ports[0].containerPort` | Port the CollectSub container listens on | `2782` | +| `guac.collectSub.svcPorts[0].protocol` | Protocol used at CollectSub | `TCP` | +| `guac.collectSub.svcPorts[0].port` | Port the CollectSub service listens on | `2782` | +| `guac.collectSub.svcPorts[0].targetPort` | Port the CollectSub container listens on | `2782` | +| `guac.collectSub.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | +| `guac.collectSub.tolerations` | | `[]` | +| `guac.collectSub.serviceAccount.annotations` | - CollectSub service account annotations | `{}` | +| `guac.collectSub.resources` | - [map] resource requests or limits of the collectSub deployment | `{}` | +| `guac.graphqlServer.enabled` | String Whether to deploy GraphQL Server | `true` | +| `guac.graphqlServer.name` | String Name of the GraphQL Server component. | `graphql-server` | +| `guac.graphqlServer.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | +| `guac.graphqlServer.replicas` | Number of replicas for GraphQL Server deployment | `1` | +| `guac.graphqlServer.image.command` | Command for the GraphQL Server image. It is not recommended to override this. | `["sh","-c","/opt/guac/guacgql"]` | +| `guac.graphqlServer.env` | Environment variables for GraphQL Server. | `[]` | +| `guac.graphqlServer.image.ports[0].containerPort` | Port the GraphQL Server container listens on | `8080` | +| `guac.graphqlServer.svcPorts[0].protocol` | Protocol used at the the GraphQL Server | `TCP` | +| `guac.graphqlServer.svcPorts[0].port` | Port the GraphQL Server service listens on | `8080` | +| `guac.graphqlServer.svcPorts[0].targetPort` | Port the GraphQL Server container listens on | `8080` | +| `guac.graphqlServer.nodePortSvcPorts` | NodePort service ports definition | `{}` | +| `guac.graphqlServer.backend` | which backend to use - keyvalue (default) | arango | ent. | `keyvalue` | +| `guac.graphqlServer.debug` | Enable debug mode for graphql server; also enable the UI | `true` | +| `guac.graphqlServer.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | +| `guac.graphqlServer.serviceAccount.annotations` | - graphql server service account annotations | `{}` | +| `guac.graphqlServer.service.createNodePortService` | - Whether to deploy a NodePort type service | `false` | +| `guac.graphqlServer.additionalVolumeMounts` | | `[]` | +| `guac.graphqlServer.additionalVolumes` | | `[]` | +| `guac.graphqlServer.tolerations` | | `[]` | +| `guac.graphqlServer.resources` | - [map] resource requests or limits of the graphqlServer deployment | `{}` | +| `guac.restApi.enabled` | String Whether to deploy the restApi | `true` | +| `guac.restApi.name` | String Name of the restApi component. | `rest-api` | +| `guac.restApi.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | +| `guac.restApi.replicas` | Number of replicas for restApi deployment | `1` | +| `guac.restApi.image.command` | Command for the restApi image. It is not recommended to override this. | `["sh","-c","/opt/guac/guacrest"]` | +| `guac.restApi.env` | Environment variables for restApi. | `[]` | +| `guac.restApi.image.ports[0].containerPort` | Port the restApi container listens on | `8081` | +| `guac.restApi.svcPorts[0].protocol` | Protocol used at the the restApi | `TCP` | +| `guac.restApi.svcPorts[0].port` | Port the restApi service listens on | `8081` | +| `guac.restApi.svcPorts[0].targetPort` | Port the restApi container listens on | `8081` | +| `guac.restApi.serviceAccount.annotations` | - graphql server service account annotations | `{}` | +| `guac.restApi.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | +| `guac.restApi.tolerations` | | `[]` | +| `guac.restApi.resources` | - [map] resource requests or limits of the restApi deployment | `{}` | +| `guac.visualizer.enabled` | String Whether to deploy the visualizer. | `true` | +| `guac.visualizer.name` | String Name of the visualizer. | `visualizer` | +| `guac.visualizer.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | +| `guac.visualizer.replicas` | Number of replicas for visualizer deployment | `1` | +| `guac.visualizer.image.repository` | Path to the Ingestor image | `ghcr.io/guacsec/guac-visualizer` | +| `guac.visualizer.image.tag` | Tag if using an image tag. Optional | `v0.0.3` | +| `guac.visualizer.image.digest` | Sha256 Image Digest. It is strongly recommended to use this for verification. | `""` | +| `guac.visualizer.image.pullPolicy` | ImagePullPolicy for kubernetes | `IfNotPresent` | +| `guac.visualizer.image.ports[0].containerPort` | Port the visualizer container listens on | `3000` | +| `guac.visualizer.svcPorts[0].protocol` | Protocol used at the visualizer | `TCP` | +| `guac.visualizer.svcPorts[0].port` | Port the visualizer service listens on | `3000` | +| `guac.visualizer.svcPorts[0].targetPort` | Port the visualizer container listens on | `3000` | +| `guac.visualizer.env` | Environment variables for the visualizer. | `[]` | +| `guac.visualizer.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | +| `guac.visualizer.tolerations` | | `[]` | +| `guac.observability.deployServiceMonitor` | Boolean Deploy the service monitor for observability | `false` | +| `guac.sampleData.ingest` | Boolean Whether to ingest sample data after deployment | `false` | +| `guac.sampleData.jobName` | Name of the sample data ingest job | `ingest-guac-data` | +| `guac.sampleData.env` | Environment variables for the sample data ingest job | `[]` | +| `guac.ingress.enabled` | Whether to deploy an Ingress object | `false` | +| `guac.ingress.ingressClassName` | Ingress class name | `undefined` | +| `guac.ingress.webuiHostname` | DNS name for the UI components - e.g. Visualizer, GQL playground | `undefined` | +| `guac.ingress.apiHostname` | DNS name for the GQL API. When specified, GQL API won't be served at webuiHostname | `undefined` | +| `guac.ingress.annotations` | Annotations for the ingress object | `{}` | +| `guac.apiOnlyIngress.enabled` | Whether to deploy an Ingress object to expose API only | `false` | +| `guac.apiOnlyIngress.ingressClassName` | Ingress class name for API only ingress | `undefined` | +| `guac.apiOnlyIngress.apiHostname` | DNS name for the GQL API. | `undefined` | +| `guac.apiOnlyIngress.annotations` | Annotations for the API only ingress object | `{}` | +| `guac.traefikIngressRoute.enabled` | Whether to deploy Traefik IngressRoute object | `false` | +| `guac.backend.ent.db-driver` | database driver to use, one of [postgres | sqlite3 | mysql] or anything supported by sql.DB | `postgres` | +| `guac.backend.ent.db-address` | Full URL of database to connect to | `undefined` | +| `guac.backend.ent.db-migrate` | Wether to automatically run database migrations on start | `true` | +| `guac.backend.ent.db-debug` | Enable debug logging for database queries | `true` | +| `guac.pubSubAddr` | String gocloud connection string for pubsub configured via https://gocloud.dev/howto/pubsub/ | `undefined` | +| `guac.blobAddr` | gocloud connection string for blob store configured via https://gocloud.dev/howto/blob/ | `undefined` | +| `guac.additionalResources` | | `{}` | ### nats @@ -198,7 +234,7 @@ This is the configuration for nats. This is a subchart. See full documentation | Name | Description | Value | | ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| `nats.enabled` | Whehter to deploy nats | `true` | +| `nats.enabled` | Whether to deploy nats | `true` | | `nats.nats.jetstream.enabled` | Boolean for enabling JetStream. | `true` | | `nats.nats.limits.maxPayload` | Max Payload size for nats | `64MB` | | `nats.nats.statefulSetPodLabels.app.kubernetes.io/part-of` | Label to associate nats with GUAC for monitoring purposes | `{"enabled":true,"nats":{"jetstream":{"enabled":true},"limits":{"maxPayload":"64MB"},"statefulSetPodLabels":{"app.kubernetes.io/part-of":"guac"}},"natsbox":{"enabled":false,"additionalLabels":{"app.kubernetes.io/part-of":"guac"},"podLabels":{"app.kubernetes.io/part-of":"guac"}},"exporter":{"enabled":false,"serviceMonitor":{"enabled":false,"namespace":"monitoring","labels":{"release":"monitoring"}}}}` | diff --git a/charts/guac/schema.json b/charts/guac/schema.json index f97cb62..cc22866 100644 --- a/charts/guac/schema.json +++ b/charts/guac/schema.json @@ -89,14 +89,36 @@ } }, "env": { - "type": "object", + "type": "array", "description": "Environment variables for OCI Collector.", - "default": {} + "default": [], + "items": {} }, "nodeSelector": { "type": "object", "description": "- sets the node selector for where to run the deployment", "default": {} + }, + "tolerations": { + "type": "array", + "description": "", + "default": [], + "items": {} + }, + "serviceAccount": { + "type": "object", + "properties": { + "annotations": { + "type": "object", + "description": "- OCI Collector service account annotations", + "default": {} + } + } + }, + "resources": { + "type": "object", + "description": "- [map] resource requests or limits of the ociCollector deployment", + "default": {} } } }, @@ -136,14 +158,36 @@ } }, "env": { - "type": "object", + "type": "array", "description": "Environment variables for Deps.Dev Collector.", - "default": {} + "default": [], + "items": {} }, "nodeSelector": { "type": "object", "description": "- sets the node selector for where to run the deployment", "default": {} + }, + "tolerations": { + "type": "array", + "description": "", + "default": [], + "items": {} + }, + "serviceAccount": { + "type": "object", + "properties": { + "annotations": { + "type": "object", + "description": "", + "default": {} + } + } + }, + "resources": { + "type": "object", + "description": "- [map] resource requests or limits of the depsDevCollector deployment", + "default": {} } } }, @@ -183,14 +227,36 @@ } }, "env": { - "type": "object", + "type": "array", "description": "Environment variables for OSV Certifier Collector.", - "default": {} + "default": [], + "items": {} }, "nodeSelector": { "type": "object", "description": "- sets the node selector for where to run the deployment", "default": {} + }, + "tolerations": { + "type": "array", + "description": "", + "default": [], + "items": {} + }, + "serviceAccount": { + "type": "object", + "properties": { + "annotations": { + "type": "object", + "description": "- OSV Certifier service account annotations", + "default": {} + } + } + }, + "resources": { + "type": "object", + "description": "- [map] resource requests or limits of the OSV Certifier deployment", + "default": {} } } }, @@ -230,14 +296,36 @@ } }, "env": { - "type": "object", + "type": "array", "description": "Environment variables for ingestor.", - "default": {} + "default": [], + "items": {} }, "nodeSelector": { "type": "object", "description": "- sets the node selector for where to run the deployment", "default": {} + }, + "serviceAccount": { + "type": "object", + "properties": { + "annotations": { + "type": "object", + "description": "- Ingestor service account annotations", + "default": {} + } + } + }, + "tolerations": { + "type": "array", + "description": "", + "default": [], + "items": {} + }, + "resources": { + "type": "object", + "description": "- [map] resource requests or limits of the ingestor deployment", + "default": {} } } }, @@ -246,17 +334,17 @@ "properties": { "enabled": { "type": "boolean", - "description": "String Whether to deploy Collector Sub", + "description": "String Whether to deploy CollectSub", "default": true }, "name": { "type": "string", - "description": "String Name of the Collector Sub component.", + "description": "String Name of the CollectSub component.", "default": "collectsub" }, "replicas": { "type": "number", - "description": "Number of replicas for Collector Sub deployment", + "description": "Number of replicas for CollectSub deployment", "default": 1 }, "image": { @@ -264,7 +352,7 @@ "properties": { "command": { "type": "array", - "description": "Command for the Collector Sub image. It is not recommended to override this.", + "description": "Command for the CollectSub image. It is not recommended to override this.", "default": [ "sh", "-c", @@ -276,13 +364,13 @@ }, "ports": { "type": "array", - "description": "Port the Collector Sub container listens on", + "description": "Port the CollectSub container listens on", "items": { "type": "object", "properties": { "containerPort": { "type": "number", - "description": "Port the Collector Sub container listens on" + "description": "Port the CollectSub container listens on" } } } @@ -290,27 +378,28 @@ } }, "env": { - "type": "object", - "description": "Environment variables for Collector Sub.", - "default": {} + "type": "array", + "description": "Environment variables for CollectSub.", + "default": [], + "items": {} }, "svcPorts": { "type": "array", - "description": "Protocol used at Collector Sub", + "description": "Protocol used at CollectSub", "items": { "type": "object", "properties": { "protocol": { "type": "string", - "description": "Protocol used at Collector Sub" + "description": "Protocol used at CollectSub" }, "port": { "type": "number", - "description": "Port the Collector Sub service listens on" + "description": "Port the CollectSub service listens on" }, "targetPort": { "type": "number", - "description": "Port the Collector Sub container listens on" + "description": "Port the CollectSub container listens on" } } } @@ -319,6 +408,27 @@ "type": "object", "description": "- sets the node selector for where to run the deployment", "default": {} + }, + "tolerations": { + "type": "array", + "description": "", + "default": [], + "items": {} + }, + "serviceAccount": { + "type": "object", + "properties": { + "annotations": { + "type": "object", + "description": "- CollectSub service account annotations", + "default": {} + } + } + }, + "resources": { + "type": "object", + "description": "- [map] resource requests or limits of the collectSub deployment", + "default": {} } } }, @@ -371,9 +481,10 @@ } }, "env": { - "type": "object", + "type": "array", "description": "Environment variables for GraphQL Server.", - "default": {} + "default": [], + "items": {} }, "svcPorts": { "type": "array", @@ -411,15 +522,151 @@ "description": "- sets the node selector for where to run the deployment", "default": {} }, + "serviceAccount": { + "type": "object", + "properties": { + "annotations": { + "type": "object", + "description": "- graphql server service account annotations", + "default": {} + } + } + }, "service": { "type": "object", "properties": { "createNodePortService": { "type": "boolean", - "description": "- Whether to deploy a NodePort type service ", + "description": "- Whether to deploy a NodePort type service", "default": false } } + }, + "additionalVolumeMounts": { + "type": "array", + "description": "", + "default": [], + "items": {} + }, + "additionalVolumes": { + "type": "array", + "description": "", + "default": [], + "items": {} + }, + "tolerations": { + "type": "array", + "description": "", + "default": [], + "items": {} + }, + "resources": { + "type": "object", + "description": "- [map] resource requests or limits of the graphqlServer deployment", + "default": {} + } + } + }, + "restApi": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "String Whether to deploy the restApi", + "default": true + }, + "name": { + "type": "string", + "description": "String Name of the restApi component.", + "default": "rest-api" + }, + "replicas": { + "type": "number", + "description": "Number of replicas for restApi deployment", + "default": 1 + }, + "image": { + "type": "object", + "properties": { + "command": { + "type": "array", + "description": "Command for the restApi image. It is not recommended to override this.", + "default": [ + "sh", + "-c", + "/opt/guac/guacrest" + ], + "items": { + "type": "string" + } + }, + "ports": { + "type": "array", + "description": "Port the restApi container listens on", + "items": { + "type": "object", + "properties": { + "containerPort": { + "type": "number", + "description": "Port the restApi container listens on" + } + } + } + } + } + }, + "env": { + "type": "array", + "description": "Environment variables for restApi.", + "default": [], + "items": {} + }, + "svcPorts": { + "type": "array", + "description": "Protocol used at the the restApi", + "items": { + "type": "object", + "properties": { + "protocol": { + "type": "string", + "description": "Protocol used at the the restApi" + }, + "port": { + "type": "number", + "description": "Port the restApi service listens on" + }, + "targetPort": { + "type": "number", + "description": "Port the restApi container listens on" + } + } + } + }, + "serviceAccount": { + "type": "object", + "properties": { + "annotations": { + "type": "object", + "description": "- graphql server service account annotations", + "default": {} + } + } + }, + "nodeSelector": { + "type": "object", + "description": "- sets the node selector for where to run the deployment", + "default": {} + }, + "tolerations": { + "type": "array", + "description": "", + "default": [], + "items": {} + }, + "resources": { + "type": "object", + "description": "- [map] resource requests or limits of the restApi deployment", + "default": {} } } }, @@ -502,14 +749,21 @@ } }, "env": { - "type": "object", + "type": "array", "description": "Environment variables for the visualizer.", - "default": {} + "default": [], + "items": {} }, "nodeSelector": { "type": "object", "description": "- sets the node selector for where to run the deployment", "default": {} + }, + "tolerations": { + "type": "array", + "description": "", + "default": [], + "items": {} } } }, @@ -537,9 +791,10 @@ "default": "ingest-guac-data" }, "env": { - "type": "object", + "type": "array", "description": "Environment variables for the sample data ingest job", - "default": {} + "default": [], + "items": {} } } }, @@ -584,11 +839,6 @@ "description": "database driver to use, one of [postgres | sqlite3 | mysql] or anything supported by sql.DB", "default": "postgres" }, - "db-address": { - "type": "string", - "description": "Full URL of database to connect to", - "default": "postgres://guac:guac@host:port/dbName?sslmode=disable" - }, "db-migrate": { "type": "boolean", "description": "Wether to automatically run database migrations on start", @@ -602,6 +852,11 @@ } } } + }, + "additionalResources": { + "type": "object", + "description": "", + "default": {} } } }, @@ -610,7 +865,7 @@ "properties": { "enabled": { "type": "boolean", - "description": "Whehter to deploy nats", + "description": "Whether to deploy nats", "default": true }, "nats": { diff --git a/charts/guac/templates/additional-objects.yaml b/charts/guac/templates/additional-objects.yaml new file mode 100644 index 0000000..fae5590 --- /dev/null +++ b/charts/guac/templates/additional-objects.yaml @@ -0,0 +1,9 @@ +{{- if .Values.additionalObjects }} +{{/* +{{- toYaml .Values.guac.additionalResources }} +*/}} +{{- range $.Values.additionalObjects }} +--- +{{ toYaml . }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/guac/templates/collectsub-deployment.yaml b/charts/guac/templates/collectsub-deployment.yaml index d951d10..f84344b 100644 --- a/charts/guac/templates/collectsub-deployment.yaml +++ b/charts/guac/templates/collectsub-deployment.yaml @@ -28,6 +28,7 @@ spec: app.kubernetes.io/name: {{ .Values.guac.collectSub.name }} app.kubernetes.io/component: {{ .Values.guac.collectSub.name }} spec: + serviceAccountName: {{ .Values.guac.collectSub.name }} containers: - name: {{ .Values.guac.collectSub.name }} {{- if .Values.guac.guacImage.digest }} @@ -42,23 +43,26 @@ spec: {{- if .Values.guac.collectSub.ports }} ports: {{ toYaml .Values.guac.collectSub.image.ports | indent 10 }} +{{- end }} +{{- if .Values.guac.collectSub.resources }} + resources: {{- toYaml .Values.guac.collectSub.resources | nindent 10 }} {{- end }} volumeMounts: - name: guac-config mountPath: {{ .Values.guac.guacImage.workingDir }} readOnly: true -{{- if .Values.imagePullSecrets }} + {{- if or .Values.guac.common.env .Values.guac.collectSub.env }} env: - {{- range $key, $value := .Values.guac.common.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.guac.collectSub.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} +{{- if .Values.guac.common.env }} +{{ toYaml .Values.guac.common.env | indent 10 }} +{{- end }} +{{- if .Values.guac.collectSub.env }} +{{ toYaml .Values.guac.collectSub.env | indent 10 }} +{{- end }} {{- end }} + +{{- if .Values.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.imagePullSecrets | indent 8 }} {{- end }} @@ -66,8 +70,13 @@ spec: - name: guac-config configMap: name: guac-cm -{{- end }} {{- if .Values.guac.collectSub.nodeSelector }} nodeSelector: {{ toYaml .Values.guac.collectSub.nodeSelector | indent 8 }} {{- end }} +{{- if .Values.guac.collectSub.tolerations }} + tolerations: +{{ toYaml .Values.guac.collectSub.tolerations | indent 8 }} +{{- end }} + +{{- end }} diff --git a/charts/guac/templates/collectsub-sa.yaml b/charts/guac/templates/collectsub-sa.yaml new file mode 100644 index 0000000..2723199 --- /dev/null +++ b/charts/guac/templates/collectsub-sa.yaml @@ -0,0 +1,17 @@ +# Copyright Kusari, Inc. and contributors +# Licensed under the MIT license. See LICENSE file in the project root for details. +{{ if .Values.guac.collectSub.enabled }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.guac.collectSub.name }} +{{- if .Values.guac.collectSub.annotations }} + annotations: +{{ toYaml .Values.guac.collectSub.serviceAccount.annotations | indent 4 }} +{{- end }} + labels: + {{- include "guac.labels" . | nindent 4 }} + app.kubernetes.io/name: {{ .Values.guac.collectSub.name }} + app.kubernetes.io/component: {{ .Values.guac.collectSub.name }} +{{- end }} diff --git a/charts/guac/templates/depsdev-collector-deployment.yaml b/charts/guac/templates/depsdev-collector-deployment.yaml index 2be9807..5ddfd2b 100644 --- a/charts/guac/templates/depsdev-collector-deployment.yaml +++ b/charts/guac/templates/depsdev-collector-deployment.yaml @@ -28,6 +28,7 @@ spec: app.kubernetes.io/name: {{ .Values.guac.depsDevCollector.name }} app.kubernetes.io/component: {{ .Values.guac.depsDevCollector.name }} spec: + serviceAccountName: {{ .Values.guac.depsDevCollector.name }} containers: - name: {{ .Values.guac.depsDevCollector.name }} {{- if .Values.guac.guacImage.digest }} @@ -43,21 +44,25 @@ spec: ports: {{ toYaml .Values.guac.depsDevCollector.image.ports | indent 10 }} {{- end }} +{{- if .Values.guac.depsDevCollector.resources }} + resources: {{- toYaml .Values.guac.depsDevCollector.resources | nindent 10 }} +{{- end }} + volumeMounts: - name: guac-config mountPath: {{ .Values.guac.guacImage.workingDir }} readOnly: true + {{- if or .Values.guac.common.env .Values.guac.depsDevCollector.env }} env: - {{- range $key, $value := .Values.guac.common.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.guac.depsDevCollector.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} +{{- if .Values.guac.common.env }} +{{ toYaml .Values.guac.common.env | indent 10 }} +{{- end }} +{{- if .Values.guac.depsDevCollector.env }} +{{ toYaml .Values.guac.depsDevCollector.env | indent 10 }} +{{- end }} {{- end }} + {{- if .Values.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.imagePullSecrets | indent 8 }} @@ -66,8 +71,13 @@ spec: - name: guac-config configMap: name: guac-cm -{{- end }} {{- if .Values.guac.depsDevCollector.nodeSelector }} nodeSelector: {{ toYaml .Values.guac.depsDevCollector.nodeSelector | indent 8 }} {{- end }} +{{- if .Values.guac.depsDevCollector.tolerations }} + tolerations: +{{ toYaml .Values.guac.depsDevCollector.tolerations | indent 8 }} +{{- end }} + +{{- end }} diff --git a/charts/guac/templates/depsdev-collector-sa.yaml b/charts/guac/templates/depsdev-collector-sa.yaml new file mode 100644 index 0000000..75b52a1 --- /dev/null +++ b/charts/guac/templates/depsdev-collector-sa.yaml @@ -0,0 +1,17 @@ +# Copyright Kusari, Inc. and contributors +# Licensed under the MIT license. See LICENSE file in the project root for details. +{{ if .Values.guac.depsDevCollector.enabled }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.guac.depsDevCollector.name }} +{{- if .Values.guac.depsDevCollector.annotations }} + annotations: +{{ toYaml .Values.guac.depsDevCollector.serviceAccount.annotations | indent 4 }} +{{- end }} + labels: + {{- include "guac.labels" . | nindent 4 }} + app.kubernetes.io/name: {{ .Values.guac.depsDevCollector.name }} + app.kubernetes.io/component: {{ .Values.guac.depsDevCollector.name }} +{{- end }} diff --git a/charts/guac/templates/graphql-server-deployment.yaml b/charts/guac/templates/graphql-server-deployment.yaml index 228ad91..2865338 100644 --- a/charts/guac/templates/graphql-server-deployment.yaml +++ b/charts/guac/templates/graphql-server-deployment.yaml @@ -28,6 +28,7 @@ spec: app.kubernetes.io/name: {{ .Values.guac.graphqlServer.name }} app.kubernetes.io/component: {{ .Values.guac.graphqlServer.name }} spec: + serviceAccountName: {{ .Values.guac.graphqlServer.name }} containers: - name: {{ .Values.guac.graphqlServer.name }} {{- if .Values.guac.guacImage.digest }} @@ -42,23 +43,29 @@ spec: {{- if .Values.guac.graphqlServer.ports }} ports: {{ toYaml .Values.guac.graphqlServer.image.ports | indent 10 }} +{{- end }} +{{- if .Values.guac.graphqlServer.resources }} + resources: {{- toYaml .Values.guac.graphqlServer.resources | nindent 10 }} {{- end }} volumeMounts: - name: guac-config mountPath: {{ .Values.guac.guacImage.workingDir }} readOnly: true -{{- if .Values.imagePullSecrets }} +{{- if .Values.guac.graphqlServer.additionalVolumeMounts }} +{{ toYaml .Values.guac.graphqlServer.additionalVolumeMounts | indent 10 }} +{{- end }} + {{- if or .Values.guac.common.env .Values.guac.graphqlServer.env }} env: - {{- range $key, $value := .Values.guac.common.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.guac.graphqlServer.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} +{{- if .Values.guac.common.env }} +{{ toYaml .Values.guac.common.env | indent 10 }} +{{- end }} +{{- if .Values.guac.graphqlServer.env }} +{{ toYaml .Values.guac.graphqlServer.env | indent 10 }} {{- end }} +{{- end }} + +{{- if .Values.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.imagePullSecrets | indent 8 }} {{- end }} @@ -66,8 +73,16 @@ spec: - name: guac-config configMap: name: guac-cm +{{- if .Values.guac.graphqlServer.additionalVolumes }} +{{ toYaml .Values.guac.graphqlServer.additionalVolumes | indent 8 }} {{- end }} {{- if .Values.guac.graphqlServer.nodeSelector }} nodeSelector: {{ toYaml .Values.guac.graphqlServer.nodeSelector | indent 8 }} {{- end }} +{{- if .Values.guac.graphqlServer.tolerations }} + tolerations: +{{ toYaml .Values.guac.graphqlServer.tolerations | indent 8 }} +{{- end }} + +{{- end }} diff --git a/charts/guac/templates/graphql-server-sa.yaml b/charts/guac/templates/graphql-server-sa.yaml new file mode 100644 index 0000000..19febbd --- /dev/null +++ b/charts/guac/templates/graphql-server-sa.yaml @@ -0,0 +1,17 @@ +# Copyright Kusari, Inc. and contributors +# Licensed under the MIT license. See LICENSE file in the project root for details. +{{ if .Values.guac.graphqlServer.enabled }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.guac.graphqlServer.name }} +{{- if .Values.guac.graphqlServer.annotations }} + annotations: +{{ toYaml .Values.guac.graphqlServer.serviceAccount.annotations | indent 4 }} +{{- end }} + labels: + {{- include "guac.labels" . | nindent 4 }} + app.kubernetes.io/name: {{ .Values.guac.graphqlServer.name }} + app.kubernetes.io/component: {{ .Values.guac.graphqlServer.name }} +{{- end }} diff --git a/charts/guac/templates/guacrest-deployment.yaml b/charts/guac/templates/guacrest-deployment.yaml new file mode 100644 index 0000000..f3a856a --- /dev/null +++ b/charts/guac/templates/guacrest-deployment.yaml @@ -0,0 +1,78 @@ +# Copyright Kusari, Inc. and contributors +# Licensed under the MIT license. See LICENSE file in the project root for details. +{{ if .Values.guac.restApi.enabled }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Values.guac.restApi.name }} +{{- if .Values.guac.restApi.annotations }} + annotations: +{{ toYaml .Values.guac.restApi.annotations | indent 4 }} +{{- end }} + labels: + {{- include "guac.labels" . | nindent 4 }} + app.kubernetes.io/name: {{ .Values.guac.restApi.name }} + app.kubernetes.io/component: {{ .Values.guac.restApi.name }} +spec: + replicas: {{ .Values.guac.restApi.replicas }} + selector: + matchLabels: + {{- include "guac.selectorLabels" . | nindent 6 }} + app.kubernetes.io/name: {{ .Values.guac.restApi.name }} + app.kubernetes.io/component: {{ .Values.guac.restApi.name }} + template: + metadata: + labels: + {{- include "guac.selectorLabels" . | nindent 8 }} + app.kubernetes.io/name: {{ .Values.guac.restApi.name }} + app.kubernetes.io/component: {{ .Values.guac.restApi.name }} + spec: + containers: + - name: {{ .Values.guac.restApi.name }} + {{- if .Values.guac.guacImage.digest }} + image: "{{ .Values.guac.guacImage.repository }}@{{ .Values.guac.guacImage.digest }}" + {{- else }} + image: "{{ .Values.guac.guacImage.repository }}:{{ .Values.guac.guacImage.tag | default .Chart.AppVersion}}" + {{- end }} + imagePullPolicy: "{{ .Values.guac.guacImage.pullPolicy }}" + command: +{{ toYaml .Values.guac.restApi.image.command | indent 10 }} + workingDir: {{ .Values.guac.guacImage.workingDir }} +{{- if .Values.guac.restApi.ports }} + ports: +{{ toYaml .Values.guac.restApi.image.ports | indent 10 }} +{{- end }} + volumeMounts: + - name: guac-config + mountPath: {{ .Values.guac.guacImage.workingDir }} + readOnly: true + +{{- if or .Values.guac.common.env .Values.guac.graphqlServer.env }} + env: +{{- if .Values.guac.common.env }} +{{ toYaml .Values.guac.common.env | indent 10 }} +{{- end }} +{{- if .Values.guac.graphqlServer.env }} +{{ toYaml .Values.guac.graphqlServer.env | indent 10 }} +{{- end }} +{{- end }} + +{{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 8 }} +{{- end }} + volumes: + - name: guac-config + configMap: + name: guac-cm +{{- if .Values.guac.restApi.nodeSelector }} + nodeSelector: +{{ toYaml .Values.guac.restApi.nodeSelector | indent 8 }} +{{- end }} +{{- if .Values.guac.restApi.tolerations }} + tolerations: +{{ toYaml .Values.guac.restApi.tolerations | indent 8 }} +{{- end }} + +{{- end }} diff --git a/charts/guac/templates/guacrest-sa.yaml b/charts/guac/templates/guacrest-sa.yaml new file mode 100644 index 0000000..3dabb80 --- /dev/null +++ b/charts/guac/templates/guacrest-sa.yaml @@ -0,0 +1,17 @@ +# Copyright Kusari, Inc. and contributors +# Licensed under the MIT license. See LICENSE file in the project root for details. +{{ if .Values.guac.restApi.enabled }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.guac.restApi.name }} +{{- if .Values.guac.restApi.annotations }} + annotations: +{{ toYaml .Values.guac.restApi.serviceAccount.annotations | indent 4 }} +{{- end }} + labels: + {{- include "guac.labels" . | nindent 4 }} + app.kubernetes.io/name: {{ .Values.guac.restApi.name }} + app.kubernetes.io/component: {{ .Values.guac.restApi.name }} +{{- end }} diff --git a/charts/guac/templates/guacrest-service.yaml b/charts/guac/templates/guacrest-service.yaml new file mode 100644 index 0000000..b8b1b96 --- /dev/null +++ b/charts/guac/templates/guacrest-service.yaml @@ -0,0 +1,24 @@ +# Copyright Kusari, Inc. and contributors +# Licensed under the MIT license. See LICENSE file in the project root for details. +{{ if .Values.guac.restApi.enabled }} +{{- if .Values.guac.restApi.svcPorts }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.guac.restApi.name }} + labels: + {{- include "guac.labels" . | nindent 4 }} + app.kubernetes.io/name: {{ .Values.guac.restApi.name }} + app.kubernetes.io/component: {{ .Values.guac.restApi.name }} +spec: + selector: + {{- include "guac.selectorLabels" . | nindent 4 }} + app.kubernetes.io/name: {{ .Values.guac.restApi.name }} + app.kubernetes.io/component: {{ .Values.guac.restApi.name }} + ports: + {{- range .Values.guac.restApi.svcPorts }} + - {{ . | toYaml | indent 6 | trim }} + {{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/guac/templates/ingest-guac-data-job.yaml b/charts/guac/templates/ingest-guac-data-job.yaml index 30f839c..0b10089 100644 --- a/charts/guac/templates/ingest-guac-data-job.yaml +++ b/charts/guac/templates/ingest-guac-data-job.yaml @@ -25,17 +25,17 @@ spec: image: "ubuntu:22.04" command: ['sh', '-c', '/tmp/guac/ingest-guac-data.sh ingest-data'] workingDir: {{ .Values.guac.workingDir }} + {{- if or .Values.guac.common.env .Values.guac.sampleData.env }} env: - {{- range $key, $value := .Values.guac.common.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.guac.sampleData.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} +{{- if .Values.guac.common.env }} +{{ toYaml .Values.guac.common.env | indent 10 }} +{{- end }} +{{- if .Values.guac.sampleData.env }} +{{ toYaml .Values.guac.sampleData.env | indent 10 }} {{- end }} +{{- end }} + volumeMounts: - name: guac-config mountPath: {{ .Values.guac.guacImage.workingDir }} diff --git a/charts/guac/templates/ingestor-deployment.yaml b/charts/guac/templates/ingestor-deployment.yaml index cd8868d..7fd093d 100644 --- a/charts/guac/templates/ingestor-deployment.yaml +++ b/charts/guac/templates/ingestor-deployment.yaml @@ -28,6 +28,7 @@ spec: app.kubernetes.io/name: {{ .Values.guac.ingestor.name }} app.kubernetes.io/component: {{ .Values.guac.ingestor.name }} spec: + serviceAccountName: {{ .Values.guac.ingestor.name }} containers: - name: {{ .Values.guac.ingestor.name }} {{- if .Values.guac.guacImage.digest }} @@ -42,22 +43,25 @@ spec: {{- if .Values.guac.ingestor.ports }} ports: {{ toYaml .Values.guac.ingestor.image.ports | indent 10 }} +{{- end }} +{{- if .Values.guac.ingestor.resources }} + resources: {{- toYaml .Values.guac.ingestor.resources | nindent 10 }} {{- end }} volumeMounts: - name: guac-config mountPath: {{ .Values.guac.guacImage.workingDir }} readOnly: true + {{- if or .Values.guac.common.env .Values.guac.ingestor.env }} env: - {{- range $key, $value := .Values.guac.common.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.guac.ingestor.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} +{{- if .Values.guac.common.env }} +{{ toYaml .Values.guac.common.env | indent 10 }} +{{- end }} +{{- if .Values.guac.ingestor.env }} +{{ toYaml .Values.guac.ingestor.env | indent 10 }} +{{- end }} {{- end }} + {{- if .Values.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.imagePullSecrets | indent 8 }} @@ -66,8 +70,13 @@ spec: - name: guac-config configMap: name: guac-cm -{{- end }} {{- if .Values.guac.ingestor.nodeSelector }} nodeSelector: {{ toYaml .Values.guac.ingestor.nodeSelector | indent 8 }} {{- end }} +{{- if .Values.guac.ingestor.tolerations }} + tolerations: +{{ toYaml .Values.guac.ingestor.tolerations | indent 8 }} +{{- end }} + +{{- end }} diff --git a/charts/guac/templates/ingestor-sa.yaml b/charts/guac/templates/ingestor-sa.yaml new file mode 100644 index 0000000..5895e9b --- /dev/null +++ b/charts/guac/templates/ingestor-sa.yaml @@ -0,0 +1,17 @@ +# Copyright Kusari, Inc. and contributors +# Licensed under the MIT license. See LICENSE file in the project root for details. +{{ if .Values.guac.ingestor.enabled }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.guac.ingestor.name }} +{{- if .Values.guac.ingestor.annotations }} + annotations: +{{ toYaml .Values.guac.ingestor.serviceAccount.annotations | indent 4 }} +{{- end }} + labels: + {{- include "guac.labels" . | nindent 4 }} + app.kubernetes.io/name: {{ .Values.guac.ingestor.name }} + app.kubernetes.io/component: {{ .Values.guac.ingestor.name }} +{{- end }} diff --git a/charts/guac/templates/oci-collector-deployment.yaml b/charts/guac/templates/oci-collector-deployment.yaml index e42651f..1e16868 100644 --- a/charts/guac/templates/oci-collector-deployment.yaml +++ b/charts/guac/templates/oci-collector-deployment.yaml @@ -28,6 +28,7 @@ spec: app.kubernetes.io/name: {{ .Values.guac.ociCollector.name }} app.kubernetes.io/component: {{ .Values.guac.ociCollector.name }} spec: + serviceAccountName: {{ .Values.guac.ociCollector.name }} containers: - name: {{ .Values.guac.ociCollector.name }} {{- if .Values.guac.guacImage.digest }} @@ -42,11 +43,25 @@ spec: {{- if .Values.guac.ociCollector.ports }} ports: {{ toYaml .Values.guac.ociCollector.image.ports | indent 10 }} +{{- end }} +{{- if .Values.guac.ociCollector.resources }} + resources: {{- toYaml .Values.guac.ociCollector.resources | nindent 10 }} {{- end }} volumeMounts: - name: guac-config mountPath: {{ .Values.guac.guacImage.workingDir }} readOnly: true + +{{- if or .Values.guac.common.env .Values.guac.ociCollector.env }} + env: +{{- if .Values.guac.common.env }} +{{ toYaml .Values.guac.common.env | indent 10 }} +{{- end }} +{{- if .Values.guac.ociCollector.env }} +{{ toYaml .Values.guac.ociCollector.env | indent 10 }} +{{- end }} +{{- end }} + {{- if .Values.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.imagePullSecrets | indent 8 }} @@ -55,8 +70,13 @@ spec: - name: guac-config configMap: name: guac-cm -{{- end }} {{- if .Values.guac.ociCollector.nodeSelector }} nodeSelector: {{ toYaml .Values.guac.ociCollector.nodeSelector | indent 8 }} {{- end }} +{{- if .Values.guac.ociCollector.tolerations }} + tolerations: +{{ toYaml .Values.guac.ociCollector.tolerations | indent 8 }} +{{- end }} + +{{- end }} diff --git a/charts/guac/templates/oci-collector-sa.yaml b/charts/guac/templates/oci-collector-sa.yaml new file mode 100644 index 0000000..5782db2 --- /dev/null +++ b/charts/guac/templates/oci-collector-sa.yaml @@ -0,0 +1,17 @@ +# Copyright Kusari, Inc. and contributors +# Licensed under the MIT license. See LICENSE file in the project root for details. +{{ if .Values.guac.ociCollector.enabled }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.guac.ociCollector.name }} +{{- if .Values.guac.ociCollector.annotations }} + annotations: +{{ toYaml .Values.guac.ociCollector.serviceAccount.annotations | indent 4 }} +{{- end }} + labels: + {{- include "guac.labels" . | nindent 4 }} + app.kubernetes.io/name: {{ .Values.guac.ociCollector.name }} + app.kubernetes.io/component: {{ .Values.guac.ociCollector.name }} +{{- end }} diff --git a/charts/guac/templates/osv-certifier-deployment.yaml b/charts/guac/templates/osv-certifier-deployment.yaml index c62e52e..e7d4488 100644 --- a/charts/guac/templates/osv-certifier-deployment.yaml +++ b/charts/guac/templates/osv-certifier-deployment.yaml @@ -28,6 +28,7 @@ spec: app.kubernetes.io/name: {{ .Values.guac.osvCertifier.name }} app.kubernetes.io/component: {{ .Values.guac.osvCertifier.name }} spec: + serviceAccountName: {{ .Values.guac.osvCertifier.name }} containers: - name: {{ .Values.guac.osvCertifier.name }} {{- if .Values.guac.guacImage.digest }} @@ -42,23 +43,26 @@ spec: {{- if .Values.guac.osvCertifier.ports }} ports: {{ toYaml .Values.guac.osvCertifier.image.ports | indent 10 }} +{{- end }} +{{- if .Values.guac.osvCertifier.resources }} + resources: {{- toYaml .Values.guac.osvCertifier.resources | nindent 10 }} {{- end }} volumeMounts: - name: guac-config mountPath: {{ .Values.guac.guacImage.workingDir }} readOnly: true -{{- if .Values.imagePullSecrets }} + {{- if or .Values.guac.common.env .Values.guac.osvCertifier.env }} env: - {{- range $key, $value := .Values.guac.common.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.guac.osvCertifier.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} +{{- if .Values.guac.common.env }} +{{ toYaml .Values.guac.common.env | indent 10 }} +{{- end }} +{{- if .Values.guac.osvCertifier.env }} +{{ toYaml .Values.guac.osvCertifier.env | indent 10 }} +{{- end }} {{- end }} + +{{- if .Values.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.imagePullSecrets | indent 8 }} {{- end }} @@ -66,8 +70,13 @@ spec: - name: guac-config configMap: name: guac-cm -{{- end }} {{- if .Values.guac.osvCertifier.nodeSelector }} nodeSelector: {{ toYaml .Values.guac.osvCertifier.nodeSelector | indent 8 }} {{- end }} +{{- if .Values.guac.osvCertifier.tolerations }} + tolerations: +{{ toYaml .Values.guac.osvCertifier.tolerations | indent 8 }} +{{- end }} + +{{- end }} diff --git a/charts/guac/templates/osv-certifier-sa.yaml b/charts/guac/templates/osv-certifier-sa.yaml new file mode 100644 index 0000000..6e411c6 --- /dev/null +++ b/charts/guac/templates/osv-certifier-sa.yaml @@ -0,0 +1,17 @@ +# Copyright Kusari, Inc. and contributors +# Licensed under the MIT license. See LICENSE file in the project root for details. +{{ if .Values.guac.osvCertifier.enabled }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.guac.osvCertifier.name }} +{{- if .Values.guac.osvCertifier.annotations }} + annotations: +{{ toYaml .Values.guac.osvCertifier.serviceAccount.annotations | indent 4 }} +{{- end }} + labels: + {{- include "guac.labels" . | nindent 4 }} + app.kubernetes.io/name: {{ .Values.guac.osvCertifier.name }} + app.kubernetes.io/component: {{ .Values.guac.osvCertifier.name }} +{{- end }} diff --git a/charts/guac/templates/visualizer-deployment.yaml b/charts/guac/templates/visualizer-deployment.yaml index e2a3431..deb2704 100644 --- a/charts/guac/templates/visualizer-deployment.yaml +++ b/charts/guac/templates/visualizer-deployment.yaml @@ -59,18 +59,18 @@ spec: mountPath: /workspace/guac/guac.yaml subPath: guac.yaml readOnly: true -{{- if .Values.imagePullSecrets }} + {{- if or .Values.guac.common.env .Values.guac.visualizer.env }} env: - {{- range $key, $value := .Values.guac.common.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - {{- range $key, $value := .Values.guac.visualizer.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} +{{- if .Values.guac.common.env }} +{{ toYaml .Values.guac.common.env | indent 10 }} +{{- end }} +{{- if .Values.guac.visualizer.env }} +{{ toYaml .Values.guac.visualizer.env | indent 10 }} {{- end }} +{{- end }} + +{{- if .Values.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.imagePullSecrets | indent 8 }} {{- end }} @@ -81,8 +81,13 @@ spec: - name: visualizer-proxy-config configMap: name: visualizer-proxy-cm -{{- end }} {{- if .Values.guac.visualizer.nodeSelector }} nodeSelector: {{ toYaml .Values.guac.visualizer.nodeSelector | indent 8 }} {{- end }} +{{- if .Values.guac.visualizer.tolerations }} + tolerations: +{{ toYaml .Values.guac.visualizer.tolerations | indent 8 }} +{{- end }} + +{{- end }} diff --git a/charts/guac/values.yaml b/charts/guac/values.yaml index d6f0fc8..b7e3fa8 100644 --- a/charts/guac/values.yaml +++ b/charts/guac/values.yaml @@ -23,6 +23,9 @@ imagePullSecrets: ## @param guac.ociCollector.image.command Command for the OCI Collector image. It is not recommended to override this. ## @param guac.ociCollector.env Environment variables for OCI Collector. ## @param guac.ociCollector.nodeSelector - sets the node selector for where to run the deployment +## @param guac.ociCollector.tolerations +## @param guac.ociCollector.serviceAccount.annotations - OCI Collector service account annotations +## @param guac.ociCollector.resources - [map] resource requests or limits of the ociCollector deployment ## @param guac.depsDevCollector.enabled String Whether to deploy Deps.Dev Collector ## @param guac.depsDevCollector.name String Name of the Deps.Dev Collector component. ## @param guac.depsDevCollector.annotations.reloader.stakater.com/auto [string] Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) @@ -30,6 +33,9 @@ imagePullSecrets: ## @param guac.depsDevCollector.image.command Command for the Deps.Dev Collector image. It is not recommended to override this. ## @param guac.depsDevCollector.env Environment variables for Deps.Dev Collector. ## @param guac.depsDevCollector.nodeSelector - sets the node selector for where to run the deployment +## @param guac.depsDevCollector.tolerations +## @param guac.depsDevCollector.serviceAccount.annotations +## @param guac.depsDevCollector.resources - [map] resource requests or limits of the depsDevCollector deployment ## @param guac.osvCertifier.enabled String Whether to deploy OSV Certifier ## @param guac.osvCertifier.name String Name of the OSV Certifier component. ## @param guac.osvCertifier.annotations.reloader.stakater.com/auto [string] Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) @@ -37,6 +43,9 @@ imagePullSecrets: ## @param guac.osvCertifier.image.command Command for the OSV Certifier Collector image. It is not recommended to override this. ## @param guac.osvCertifier.env Environment variables for OSV Certifier Collector. ## @param guac.osvCertifier.nodeSelector - sets the node selector for where to run the deployment +## @param guac.osvCertifier.tolerations +## @param guac.osvCertifier.serviceAccount.annotations - OSV Certifier service account annotations +## @param guac.osvCertifier.resources - [map] resource requests or limits of the OSV Certifier deployment ## @param guac.ingestor.enabled String Whether to deploy Ingestor ## @param guac.ingestor.name String Name of the ingestor component. ## @param guac.ingestor.annotations.reloader.stakater.com/auto [string] Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) @@ -44,17 +53,23 @@ imagePullSecrets: ## @param guac.ingestor.image.command Command for the ingestor image. It is not recommended to override this. ## @param guac.ingestor.env Environment variables for ingestor. ## @param guac.ingestor.nodeSelector - sets the node selector for where to run the deployment -## @param guac.collectSub.enabled String Whether to deploy Collector Sub -## @param guac.collectSub.name String Name of the Collector Sub component. +## @param guac.ingestor.serviceAccount.annotations - Ingestor service account annotations +## @param guac.ingestor.tolerations +## @param guac.ingestor.resources - [map] resource requests or limits of the ingestor deployment +## @param guac.collectSub.enabled String Whether to deploy CollectSub +## @param guac.collectSub.name String Name of the CollectSub component. ## @param guac.collectSub.annotations.reloader.stakater.com/auto [string] Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) -## @param guac.collectSub.replicas Number of replicas for Collector Sub deployment -## @param guac.collectSub.image.command Command for the Collector Sub image. It is not recommended to override this. -## @param guac.collectSub.env Environment variables for Collector Sub. -## @param guac.collectSub.image.ports[0].containerPort Port the Collector Sub container listens on -## @param guac.collectSub.svcPorts[0].protocol Protocol used at Collector Sub -## @param guac.collectSub.svcPorts[0].port Port the Collector Sub service listens on -## @param guac.collectSub.svcPorts[0].targetPort Port the Collector Sub container listens on +## @param guac.collectSub.replicas Number of replicas for CollectSub deployment +## @param guac.collectSub.image.command Command for the CollectSub image. It is not recommended to override this. +## @param guac.collectSub.env Environment variables for CollectSub. +## @param guac.collectSub.image.ports[0].containerPort Port the CollectSub container listens on +## @param guac.collectSub.svcPorts[0].protocol Protocol used at CollectSub +## @param guac.collectSub.svcPorts[0].port Port the CollectSub service listens on +## @param guac.collectSub.svcPorts[0].targetPort Port the CollectSub container listens on ## @param guac.collectSub.nodeSelector - sets the node selector for where to run the deployment +## @param guac.collectSub.tolerations +## @param guac.collectSub.serviceAccount.annotations - CollectSub service account annotations +## @param guac.collectSub.resources - [map] resource requests or limits of the collectSub deployment ## @param guac.graphqlServer.enabled String Whether to deploy GraphQL Server ## @param guac.graphqlServer.name String Name of the GraphQL Server component. ## @param guac.graphqlServer.annotations.reloader.stakater.com/auto [string] Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) @@ -69,8 +84,26 @@ imagePullSecrets: ## @param guac.graphqlServer.backend which backend to use - keyvalue (default) | arango | ent. ## @param guac.graphqlServer.debug Enable debug mode for graphql server; also enable the UI ## @param guac.graphqlServer.nodeSelector - sets the node selector for where to run the deployment +## @param guac.graphqlServer.serviceAccount.annotations - graphql server service account annotations ## @param guac.graphqlServer.service.createNodePortService - Whether to deploy a NodePort type service - +## @param guac.graphqlServer.additionalVolumeMounts +## @param guac.graphqlServer.additionalVolumes +## @param guac.graphqlServer.tolerations +## @param guac.graphqlServer.resources - [map] resource requests or limits of the graphqlServer deployment +## @param guac.restApi.enabled String Whether to deploy the restApi +## @param guac.restApi.name String Name of the restApi component. +## @param guac.restApi.annotations.reloader.stakater.com/auto [string] Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) +## @param guac.restApi.replicas Number of replicas for restApi deployment +## @param guac.restApi.image.command Command for the restApi image. It is not recommended to override this. +## @param guac.restApi.env Environment variables for restApi. +## @param guac.restApi.image.ports[0].containerPort Port the restApi container listens on +## @param guac.restApi.svcPorts[0].protocol Protocol used at the the restApi +## @param guac.restApi.svcPorts[0].port Port the restApi service listens on +## @param guac.restApi.svcPorts[0].targetPort Port the restApi container listens on +## @param guac.restApi.serviceAccount.annotations - graphql server service account annotations +## @param guac.restApi.nodeSelector - sets the node selector for where to run the deployment +## @param guac.restApi.tolerations +## @param guac.restApi.resources - [map] resource requests or limits of the restApi deployment ## @param guac.visualizer.enabled String Whether to deploy the visualizer. ## @param guac.visualizer.name String Name of the visualizer. ## @param guac.visualizer.annotations.reloader.stakater.com/auto [string] Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) @@ -85,6 +118,7 @@ imagePullSecrets: ## @param guac.visualizer.svcPorts[0].targetPort Port the visualizer container listens on ## @param guac.visualizer.env Environment variables for the visualizer. ## @param guac.visualizer.nodeSelector - sets the node selector for where to run the deployment +## @param guac.visualizer.tolerations ## @param guac.observability.deployServiceMonitor Boolean Deploy the service monitor for observability ## @param guac.sampleData.ingest Boolean Whether to ingest sample data after deployment ## @param guac.sampleData.jobName Name of the sample data ingest job @@ -100,11 +134,12 @@ imagePullSecrets: ## @param guac.apiOnlyIngress.annotations [object] Annotations for the API only ingress object ## @param guac.traefikIngressRoute.enabled Whether to deploy Traefik IngressRoute object ## @param guac.backend.ent.db-driver database driver to use, one of [postgres | sqlite3 | mysql] or anything supported by sql.DB -## @param guac.backend.ent.db-address Full URL of database to connect to +## @param guac.backend.ent.db-address [nullable] Full URL of database to connect to ## @param guac.backend.ent.db-migrate Wether to automatically run database migrations on start ## @param guac.backend.ent.db-debug Enable debug logging for database queries ## @param guac.pubSubAddr [nullable] String gocloud connection string for pubsub configured via https://gocloud.dev/howto/pubsub/ ## @param guac.blobAddr [nullable] gocloud connection string for blob store configured via https://gocloud.dev/howto/blob/ +## @param guac.additionalResources guac: guacImage: @@ -117,12 +152,18 @@ guac: workingDir: /guac common: - # env: {} - # COMMON_ENV_NAME: COMMON_ENV_VALUE + # env: [] env: # default creds (set at minio.users) for accessing minio blobstore. Remove when changing default blobAddr. - AWS_ACCESS_KEY_ID: accessKey - AWS_SECRET_ACCESS_KEY: secretKey + - name: AWS_ACCESS_KEY_ID + value: accessKey + - name: AWS_SECRET_ACCESS_KEY + value: secretKey + # COMMON_ENV_NAME: COMMON_ENV_VALUE + # env: + # # default creds (set at minio.users) for accessing minio blobstore. Remove when changing default blobAddr. + # AWS_ACCESS_KEY_ID: accessKey + # AWS_SECRET_ACCESS_KEY: secretKey ociCollector: enabled: true @@ -132,9 +173,15 @@ guac: replicas: 1 image: command: ['sh', '-c', '/opt/guac/guaccollect image'] - env: {} - # ENV_NAME: ENV_VALUE + env: [] nodeSelector: {} + tolerations: [] + serviceAccount: + annotations: {} + resources: {} + # requests: + # cpu: "0.25" + # memory: "0.5G" depsDevCollector: enabled: true @@ -144,8 +191,15 @@ guac: replicas: 1 image: command: ['sh', '-c', '/opt/guac/guaccollect deps_dev'] - env: {} + env: [] nodeSelector: {} + tolerations: [] + serviceAccount: + annotations: {} + resources: {} + # requests: + # cpu: "0.25" + # memory: "0.5G" osvCertifier: enabled: true @@ -155,8 +209,15 @@ guac: replicas: 1 image: command: ['sh', '-c', '/opt/guac/guacone certifier osv --poll'] - env: {} + env: [] nodeSelector: {} + tolerations: [] + serviceAccount: + annotations: {} + resources: {} + # requests: + # cpu: "0.25" + # memory: "0.5G" ingestor: enabled: true @@ -166,8 +227,15 @@ guac: replicas: 1 image: command: ['sh', '-c', '/opt/guac/guacingest'] - env: {} + env: [] nodeSelector: {} + tolerations: [] + serviceAccount: + annotations: {} + resources: {} + # requests: + # cpu: "0.25" + # memory: "0.5G" collectSub: enabled: true @@ -179,12 +247,19 @@ guac: command: ['sh', '-c', '/opt/guac/guaccsub'] ports: - containerPort: 2782 - env: {} + env: [] svcPorts: - protocol: TCP port: 2782 targetPort: 2782 nodeSelector: {} + tolerations: [] + serviceAccount: + annotations: {} + resources: {} + # requests: + # cpu: "0.2" + # memory: "300M" graphqlServer: enabled: true @@ -196,22 +271,54 @@ guac: command: ['sh', '-c', '/opt/guac/guacgql'] ports: - containerPort: 8080 - env: {} + env: [] svcPorts: - protocol: TCP port: 8080 targetPort: 8080 + additionalVolumeMounts: [] + additionalVolumes: [] + backend: keyvalue + debug: true nodePortSvcPorts: - protocol: TCP port: 8080 targetPort: 8080 nodePort: 30080 - backend: keyvalue - debug: true nodeSelector: {} + tolerations: [] + serviceAccount: + annotations: {} + resources: {} + # requests: + # cpu: "0.2" + # memory: "300M" service: createNodePortService: false + restApi: + enabled: true + name: rest-api + annotations: + reloader.stakater.com/auto: "true" + replicas: 1 + image: + command: ['sh', '-c', '/opt/guac/guacrest'] + ports: + - containerPort: 8081 + env: [] + svcPorts: + - protocol: TCP + port: 8081 + targetPort: 8081 + nodeSelector: {} + tolerations: [] + serviceAccount: + annotations: {} + resources: {} + # requests: + # cpu: "0.25" + # memory: "0.5G" visualizer: enabled: true name: visualizer @@ -227,12 +334,13 @@ guac: pullPolicy: IfNotPresent ports: - containerPort: 3000 - env: {} + env: [] svcPorts: - protocol: TCP port: 3000 targetPort: 3000 nodeSelector: {} + tolerations: [] observability: deployServiceMonitor: false @@ -240,7 +348,7 @@ guac: sampleData: ingest: false jobName: ingest-guac-data - env: {} + env: [] ingress: enabled: false @@ -265,7 +373,7 @@ guac: backend: ent: db-driver: postgres - db-address: postgres://guac:guac@host:port/dbName?sslmode=disable + # db-address: postgres://guac:guac@host:port/dbName?sslmode=disable db-migrate: true db-debug: true @@ -278,11 +386,13 @@ guac: # blobAddr: s3://[bucket_name]?region=[aws_region] # blobAddr: file:///tmp/blobstore?no_tmp_dir=true + additionalResources: {} + ## @section nats ## @descriptionStart This is the configuration for nats. This is a subchart. See full documentation [here](https://docs.nats.io/running-a-nats-service/nats-kubernetes/helm-charts). ## @descriptionEnd -## @param nats.enabled Whehter to deploy nats +## @param nats.enabled Whether to deploy nats ## @param nats.nats.jetstream.enabled Boolean for enabling JetStream. ## @param nats.nats.limits.maxPayload Max Payload size for nats ## @param nats.nats.statefulSetPodLabels.app.kubernetes.io/part-of Label to associate nats with GUAC for monitoring purposes @@ -340,7 +450,7 @@ minio: mode: standalone resources: requests: - memory: 500Mi + memory: 300Mi rootUser: "rootUser" rootPassword: "rootPassword" buckets: