feat(security-apps): initialization (#111)

Create security-apps app-of-apps chart. * dex * gangway * vault * falco
adfinis · Nov 16, 2020 · a345fca · a345fca
1 parent 1babf7d
commit a345fca
Show file tree

Hide file tree

Showing 13 changed files with 362 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -31,6 +31,7 @@ helm repo add adfinis https://charts.adfinis.com
 | [logging-apps](charts/logging-apps) | Argo CD app-of-apps config for logging applications | ![Version: 0.x](https://img.shields.io/badge/version-0.x-brightgreen) ![App version: 0.x](https://img.shields.io/badge/app%20version-0.x-brightgreen) |
 | [misc-apps](charts/misc-apps) | Argo CD app-of-apps config for miscellaneous small tools | ![Version: 0.x](https://img.shields.io/badge/version-0.x-brightgreen) ![App version: 0.x](https://img.shields.io/badge/app%20version-0.x-brightgreen) |
 | [rmd](charts/rmd) | Chart for Rmd.io application | ![Version: 0.x](https://img.shields.io/badge/version-0.x-brightgreen) ![App version: ed.x](https://img.shields.io/badge/app%20version-ed.x-brightgreen) |
+| [security-apps](charts/security-apps) | Argo CD app-of-apps config for security applications | ![Version: 0.x](https://img.shields.io/badge/version-0.x-brightgreen) ![App version: 0.x](https://img.shields.io/badge/app%20version-0.x-brightgreen) |
 | [sentry-apps](charts/sentry-apps) | Sentry on premise | ![Version: 0.x](https://img.shields.io/badge/version-0.x-brightgreen) ![App version: 5.1.x](https://img.shields.io/badge/app%20version-5.1.x-brightgreen) |
 | [timed](charts/timed) | Chart for Timed application | ![Version: 0.x](https://img.shields.io/badge/version-0.x-brightgreen) ![App version: 1.1.x](https://img.shields.io/badge/app%20version-1.1.x-brightgreen) |
 

diff --git a/charts/security-apps/.helmignore b/charts/security-apps/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/security-apps/Chart.lock b/charts/security-apps/Chart.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: argoconfig
+  repository: https://charts.adfinis.com
+  version: 0.6.3
+digest: sha256:0288146a81727cebb26606a32948691d2758b48c4a6c00ecc6bd5f413a5e4fa2
+generated: "2020-09-08T19:58:21.947318+02:00"
diff --git a/charts/security-apps/Chart.yaml b/charts/security-apps/Chart.yaml
@@ -0,0 +1,18 @@
+apiVersion: v2
+name: security-apps
+description: Argo CD app-of-apps config for security applications
+type: application
+# version and appVersion are in sync in this chart!
+version: 0.0.1
+appVersion: 0.0.1
+home: https://github.com/adfinis-sygroup/helm-charts/tree/master/charts/security-apps
+sources:
+  - https://github.com/adfinis-sygroup/helm-charts
+maintainers:
+  - name: adfinis-sygroup
+    email: support@adfinis.com
+    url: https://adfinis.com
+dependencies:
+  - name: argoconfig
+    version: 0.6.3
+    repository: https://charts.adfinis.com
diff --git a/charts/security-apps/README.md b/charts/security-apps/README.md
@@ -0,0 +1,69 @@
+# security-apps
+
+![Version: 0.0.1](https://img.shields.io/badge/Version-0.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square)
+
+Argo CD app-of-apps config for security applications
+
+**Homepage:** <https://github.com/adfinis-sygroup/helm-charts/tree/master/charts/security-apps>
+
+## Maintainers
+This chart is maintained by [Adfinis](https://adfinis.com/?pk_campaign=github&pk_kwd=helm-charts).
+
+## Source Code
+
+* <https://github.com/adfinis-sygroup/helm-charts>
+
+## Requirements
+
+| Repository | Name | Version |
+|------------|------|---------|
+| https://charts.adfinis.com | argoconfig | 0.6.3 |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| dex | object | - | [dex](https://github.com/dexidp/dex/) ([example](./examples/dex.yaml)) |
+| dex.chart | string | `"dex"` | Chart |
+| dex.destination.namespace | string | `"infra-dex"` | Namespace |
+| dex.enabled | bool | `false` | Enable dex |
+| dex.repoURL | string | [repo](https://charts.helm.sh/stable/) | Repo URL |
+| dex.targetRevision | string | `"2.10.*"` | [dex Helm chart](https://github.com/helm/charts/tree/master/stable/dex/) version |
+| dex.values | object | [upstream values](https://github.com/helm/charts/tree/master/stable/dex/values.yaml) | Helm values |
+| falco | object | - | [falco](https://github.com/falcosecurity/falco/) ([example](./examples/falco.yaml)) |
+| falco.chart | string | `"falco"` | Chart |
+| falco.enabled | bool | `false` | Enable falco |
+| falco.repoURL | string | [repo](https://falcosecurity.github.io/charts) | Repo URL |
+| falco.targetRevision | string | `"1.5.*"` | [falco Helm chart](https://github.com/falcosecurity/charts) version |
+| falco.values | object | [upstream values](https://github.com/falcosecurity/charts/tree/master/values.yaml) | Helm values |
+| gangway | object | - | [gangway](https://github.com/heptiolabs/gangway/) ([example](./examples/gangway.yaml)) |
+| gangway.chart | string | `"gangway"` | Chart |
+| gangway.destination.namespace | string | `"infra-gangway"` | Namespace |
+| gangway.enabled | bool | `false` | Enable gangway |
+| gangway.repoURL | string | [repo](https://charts.helm.sh/stable/) | Repo URL |
+| gangway.targetRevision | string | `"0.4.*"` | [gangway Helm chart](https://github.com/helm/charts/tree/master/stable/gangway/) version |
+| gangway.values | object | [upstream values](https://github.com/helm/charts/tree/master/stable/gangway/values.yaml) | Helm values |
+| vault | object | - | [vault](https://github.com/hashicorp/vault/) ([example](./examples/vault.yaml)) |
+| vault.chart | string | `"vault"` | Chart |
+| vault.destination.namespace | string | `"infra-vault"` | Namespace |
+| vault.enabled | bool | `false` | Enable vault |
+| vault.repoURL | string | [repo](https://helm.releases.hashicorp.com/) | Repo URL |
+| vault.targetRevision | string | `"0.8.*"` | [vault Helm chart](https://github.com/hashicorp/vault-helm) version |
+| vault.values | object | [upstream values](https://github.com/hashicorp/vault-helm/tree/master/values.yaml) | Helm values |
+
+## About this chart
+
+Adfinis fights for a software world that is more open, where the quality is
+better and where software must be accessible to everyone. This chart
+is part of the action behind this commitment. Feel free to
+[contact](https://adfinis.com/kontakt/?pk_campaign=github&pk_kwd=helm-charts)
+us if you have any questions.
+
+## License
+
+This Helm chart is free software: you can redistribute it and/or modify it under the terms
+of the GNU Affero General Public License as published by the Free Software Foundation,
+version 3 of the License.
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.4.0](https://github.com/norwoodj/helm-docs/releases/v1.4.0)
diff --git a/charts/security-apps/ci/default-values.yaml b/charts/security-apps/ci/default-values.yaml
@@ -0,0 +1,15 @@
+dex:
+  enabled: true
+  values: {}
+
+gangway:
+  enabled: true
+  values: {}
+
+vault:
+  enabled: true
+  values: {}
+
+falco:
+  enabled: true
+  values: {}
diff --git a/charts/security-apps/examples/falco.yaml b/charts/security-apps/examples/falco.yaml
@@ -0,0 +1,6 @@
+falco:
+  enabled: true
+  project: infra-falco
+  values:
+    auditLog:
+      enabled: true
diff --git a/charts/security-apps/templates/NOTES.txt b/charts/security-apps/templates/NOTES.txt
@@ -0,0 +1,13 @@
+The following apps are available:
+{{ if .Values.dex.enabled }}
+* dex
+{{ end }}
+{{ if .Values.gangway.enabled }}
+* gangway
+{{ end }}
+{{ if .Values.vault.enabled }}
+* vault
+{{ end }}
+{{ if .Values.falco.enabled }}
+* falco
+{{ end }}
diff --git a/charts/security-apps/templates/dex.yaml b/charts/security-apps/templates/dex.yaml
@@ -0,0 +1,33 @@
+{{ if .Values.dex.enabled }}
+{{ template "argoconfig.application" (list . "security-apps.dex") }}
+{{ end }}
+
+{{- define "security-apps.dex" -}}{{- $app := unset .Values.dex "enabled" -}}{{- $name := default $app.destination.namespace $app.name -}}
+metadata:
+  name: {{ template "common.fullname" . }}-{{ $name }}
+spec:
+  {{- if $app.project }}
+  project: {{ $app.project | quote }}
+  {{- end }}
+  source:
+    repoURL: {{ $app.repoURL | quote }}
+    chart: {{ $app.chart | quote }}
+    targetRevision: {{ $app.targetRevision | quote }}
+    helm:
+      releaseName: {{ $name | quote }}
+      values: |-
+        nameOverride: {{ $name | quote }}
+        {{- $app.values | toYaml | nindent 8 }}
+  {{- if $app.destination }}
+  destination:
+    {{ $app.destination | toYaml | nindent 4 }}
+  {{- end }}
+  {{- if $app.syncPolicy }}
+  syncPolicy:
+    {{ $app.syncPolicy | toYaml | nindent 4 }}
+  {{- end }}
+  {{- if $app.ignoreDifferences }}
+  ignoreDifferences:
+    {{ $app.ignoreDifferences | toYaml | nindent 4 }}
+  {{- end }}
+{{- end -}}
diff --git a/charts/security-apps/templates/falco.yaml b/charts/security-apps/templates/falco.yaml
@@ -0,0 +1,33 @@
+{{ if .Values.falco.enabled }}
+{{ template "argoconfig.application" (list . "security-apps.falco") }}
+{{ end }}
+
+{{- define "security-apps.falco" -}}{{- $app := unset .Values.falco "enabled" -}}{{- $name := default $app.destination.namespace $app.name -}}
+metadata:
+  name: {{ template "common.fullname" . }}-{{ $name }}
+spec:
+  {{- if $app.project }}
+  project: {{ $app.project | quote }}
+  {{- end }}
+  source:
+    repoURL: {{ $app.repoURL | quote }}
+    chart: {{ $app.chart | quote }}
+    targetRevision: {{ $app.targetRevision | quote }}
+    helm:
+      releaseName: {{ $name | quote }}
+      values: |-
+        nameOverride: {{ $name | quote }}
+        {{- $app.values | toYaml | nindent 8 }}
+  {{- if $app.destination }}
+  destination:
+    {{ $app.destination | toYaml | nindent 4 }}
+  {{- end }}
+  {{- if $app.syncPolicy }}
+  syncPolicy:
+    {{ $app.syncPolicy | toYaml | nindent 4 }}
+  {{- end }}
+  {{- if $app.ignoreDifferences }}
+  ignoreDifferences:
+    {{ $app.ignoreDifferences | toYaml | nindent 4 }}
+  {{- end }}
+{{- end -}}
diff --git a/charts/security-apps/templates/gangway.yaml b/charts/security-apps/templates/gangway.yaml
@@ -0,0 +1,33 @@
+{{ if .Values.gangway.enabled }}
+{{ template "argoconfig.application" (list . "security-apps.gangway") }}
+{{ end }}
+
+{{- define "security-apps.gangway" -}}{{- $app := unset .Values.gangway "enabled" -}}{{- $name := default $app.destination.namespace $app.name -}}
+metadata:
+  name: {{ template "common.fullname" . }}-{{ $name }}
+spec:
+  {{- if $app.project }}
+  project: {{ $app.project | quote }}
+  {{- end }}
+  source:
+    repoURL: {{ $app.repoURL | quote }}
+    chart: {{ $app.chart | quote }}
+    targetRevision: {{ $app.targetRevision | quote }}
+    helm:
+      releaseName: {{ $name | quote }}
+      values: |-
+        nameOverride: {{ $name | quote }}
+        {{- $app.values | toYaml | nindent 8 }}
+  {{- if $app.destination }}
+  destination:
+    {{ $app.destination | toYaml | nindent 4 }}
+  {{- end }}
+  {{- if $app.syncPolicy }}
+  syncPolicy:
+    {{ $app.syncPolicy | toYaml | nindent 4 }}
+  {{- end }}
+  {{- if $app.ignoreDifferences }}
+  ignoreDifferences:
+    {{ $app.ignoreDifferences | toYaml | nindent 4 }}
+  {{- end }}
+{{- end -}}
diff --git a/charts/security-apps/templates/vault.yaml b/charts/security-apps/templates/vault.yaml
@@ -0,0 +1,33 @@
+{{ if .Values.vault.enabled }}
+{{ template "argoconfig.application" (list . "security-apps.vault") }}
+{{ end }}
+
+{{- define "security-apps.vault" -}}{{- $app := unset .Values.vault "enabled" -}}{{- $name := default $app.destination.namespace $app.name -}}
+metadata:
+  name: {{ template "common.fullname" . }}-{{ $name }}
+spec:
+  {{- if $app.project }}
+  project: {{ $app.project | quote }}
+  {{- end }}
+  source:
+    repoURL: {{ $app.repoURL | quote }}
+    chart: {{ $app.chart | quote }}
+    targetRevision: {{ $app.targetRevision | quote }}
+    helm:
+      releaseName: {{ $name | quote }}
+      values: |-
+        nameOverride: {{ $name | quote }}
+        {{- $app.values | toYaml | nindent 8 }}
+  {{- if $app.destination }}
+  destination:
+    {{ $app.destination | toYaml | nindent 4 }}
+  {{- end }}
+  {{- if $app.syncPolicy }}
+  syncPolicy:
+    {{ $app.syncPolicy | toYaml | nindent 4 }}
+  {{- end }}
+  {{- if $app.ignoreDifferences }}
+  ignoreDifferences:
+    {{ $app.ignoreDifferences | toYaml | nindent 4 }}
+  {{- end }}
+{{- end -}}
diff --git a/charts/security-apps/values.yaml b/charts/security-apps/values.yaml
@@ -0,0 +1,79 @@
+# dex -- [dex](https://github.com/dexidp/dex/) ([example](./examples/dex.yaml))
+# @default -- -
+dex:
+  # dex.enabled -- Enable dex
+  enabled: false
+  name: dex
+  destination:
+    # dex.destination.namespace -- Namespace
+    namespace: "infra-dex"
+  # dex.repoURL -- Repo URL
+  # @default -- [repo](https://charts.helm.sh/stable/)
+  repoURL: "https://charts.helm.sh/stable/"
+  # dex.chart -- Chart
+  chart: "dex"
+  # dex.targetRevision -- [dex Helm chart](https://github.com/helm/charts/tree/master/stable/dex/) version
+  targetRevision: "2.10.*"
+  # dex.values -- Helm values
+  # @default -- [upstream values](https://github.com/helm/charts/tree/master/stable/dex/values.yaml)
+  values: {}
+
+# gangway -- [gangway](https://github.com/heptiolabs/gangway/) ([example](./examples/gangway.yaml))
+# @default -- -
+gangway:
+  # gangway.enabled -- Enable gangway
+  enabled: false
+  name: gangway
+  destination:
+    # gangway.destination.namespace -- Namespace
+    namespace: "infra-gangway"
+  # gangway.repoURL -- Repo URL
+  # @default -- [repo](https://charts.helm.sh/stable/)
+  repoURL: "https://charts.helm.sh/stable/"
+  # gangway.chart -- Chart
+  chart: "gangway"
+  # gangway.targetRevision -- [gangway Helm chart](https://github.com/helm/charts/tree/master/stable/gangway/) version
+  targetRevision: "0.4.*"
+  # gangway.values -- Helm values
+  # @default -- [upstream values](https://github.com/helm/charts/tree/master/stable/gangway/values.yaml)
+  values: {}
+
+# vault -- [vault](https://github.com/hashicorp/vault/) ([example](./examples/vault.yaml))
+# @default -- -
+vault:
+  # vault.enabled -- Enable vault
+  enabled: false
+  name: vault
+  destination:
+    # vault.destination.namespace -- Namespace
+    namespace: "infra-vault"
+  # vault.repoURL -- Repo URL
+  # @default -- [repo](https://helm.releases.hashicorp.com/)
+  repoURL: "https://helm.releases.hashicorp.com/"
+  # vault.chart -- Chart
+  chart: "vault"
+  # vault.targetRevision -- [vault Helm chart](https://github.com/hashicorp/vault-helm) version
+  targetRevision: "0.8.*"
+  # vault.values -- Helm values
+  # @default -- [upstream values](https://github.com/hashicorp/vault-helm/tree/master/values.yaml)
+  values: {}
+
+# falco -- [falco](https://github.com/falcosecurity/falco/) ([example](./examples/falco.yaml))
+# @default -- -
+falco:
+  # falco.enabled -- Enable falco
+  enabled: false
+  name: falco
+  destination:
+    # vault.destination.namespace -- Namespace
+    namespace: "infra-falco"
+  # falco.repoURL -- Repo URL
+  # @default -- [repo](https://falcosecurity.github.io/charts)
+  repoURL: "https://falcosecurity.github.io/charts"
+  # falco.chart -- Chart
+  chart: "falco"
+  # falco.targetRevision -- [falco Helm chart](https://github.com/falcosecurity/charts) version
+  targetRevision: "1.5.*"
+  # falco.values -- Helm values
+  # @default -- [upstream values](https://github.com/falcosecurity/charts/tree/master/values.yaml)
+  values: {}