New Helm chart first iteration ready

.gitignore

@@ -15,3 +15,4 @@ caddy_data/
 **/dist/
 **/.meta
 charts/custom-values.yaml
+**/charts/*/charts

charts/ciso-assistant-next/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/ciso-assistant-next/Chart.yaml

@@ -0,0 +1,13 @@
+apiVersion: v2
+name: ciso-assistant
+description: A Helm chart for CISO Assistant k8s's deployment
+type: application
+version: 0.1.0
+appVersion: "v1.9.3"
+icon: https://intuitem.com/ciso-assistant.svg
+sources:
+  - https://github.com/intuitem/ciso-assistant-community
+#dependencies:
+#  - name: postgresql
+#    version: "16.3.3"
+#    repository: "oci://registry-1.docker.io/bitnamicharts"

charts/ciso-assistant-next/README.md

@@ -0,0 +1,34 @@
+## Installation 
+
+### Pulling default values
+
+```
+helm show values . > ../custom-values.yaml
+```
+
+### Creating a dedicated namespace
+
+```
+kubectl create ns ciso-assistant
+```
+
+### Install
+
+```
+helm install my-release . -f ../custom-values.yaml -n ciso-assistant
+```
+
+### Uninstall
+
+```
+helm uninstall my-release -n ciso-assistant
+```
+
+
+## Upgrading
+
+When upgrading, make sure to:
+1. Backup your persistent volumes
+2. Update any custom values
+3. Run: helm repo update 
+4. Run: helm upgrade my-release . --set global.image.tag=<new_version>

charts/ciso-assistant-next/templates/_helpers.tpl

@@ -0,0 +1,75 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "ciso-assistant.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+*/}}
+{{- define "ciso-assistant.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "ciso-assistant.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/* 
+Define CISO Assistant default tag version.
+*/}}
+{{- define "ciso-assistant.defaultTag" -}}
+{{- default .Chart.AppVersion .Values.global.image.tag -}}
+{{- end -}}
+
+{{/*
+Return valid version label
+*/}}
+{{- define "ciso-assistant.versionLabelValue" -}}
+{{ regexReplaceAll "[^-A-Za-z0-9_.]" (include "ciso-assistant.defaultTag" .) "-" | trunc 63 | trimAll "-" | trimAll "_" | trimAll "." | quote }}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "ciso-assistant.labels" -}}
+helm.sh/chart: {{ include "ciso-assistant.chart" .context }}
+{{ include "ciso-assistant.selectorLabels" (dict "context" .context "component" .component "name" .name) }}
+app.kubernetes.io/managed-by: {{ .context.Release.Service }}
+app.kubernetes.io/version: {{ include "ciso-assistant.versionLabelValue" .context }}
+{{- with .context.Values.global.commonLabels }}
+{{ toYaml . }}
+{{- end }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "ciso-assistant.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "ciso-assistant.name" .context }}
+app.kubernetes.io/instance: {{ .context.Release.Name }}
+{{- if .component }}
+app.kubernetes.io/component: {{ .component }}
+{{- end }}
+{{- end }}
+
+{{/*
+Define complete url based on scheme and domain
+*/}}
+{{- define "ciso-assistant.url" -}}
+{{- $scheme := ternary "https" "http" .Values.ingress.tls -}}
+{{- printf "%s://%s" $scheme .Values.global.domain -}}
+{{- end -}}

charts/ciso-assistant-next/templates/backend/deployment.yaml

@@ -0,0 +1,110 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "ciso-assistant.fullname" . }}-backend
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "ciso-assistant.labels" (dict "context" . "component" .Values.backend.name "component" .Values.backend.name) | nindent 4 }}
+spec:
+  replicas: {{ .Values.backend.replicas }}
+  selector:
+    matchLabels:
+      {{- include "ciso-assistant.selectorLabels" (dict "context" . "component" .Values.backend.name) | nindent 6 }}
+  template:
+    metadata:
+      annotations:
+        checksum/secret-backend: {{ include (print $.Template.BasePath "/backend/secret.yaml") . | sha256sum }}
+      labels:
+        {{- include "ciso-assistant.labels" (dict "context" . "component" .Values.backend.name "component" .Values.backend.name) | nindent 8 }}
+    spec:
+      {{- with .Values.backend.imagePullSecrets | default .Values.global.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.global.securityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+      - name: {{ .Values.backend.name }}
+        image: {{ default .Values.global.image.registry .Values.backend.image.registry }}/{{ .Values.backend.image.repository }}:{{ default (include "ciso-assistant.defaultTag" .) .Values.backend.image.tag }}
+        imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.backend.image.imagePullPolicy }}
+        env:
+          {{- with .Values.backend.env }}
+            {{- toYaml . | nindent 10 }}
+          {{- end }}
+          - name: DJANGO_DEBUG
+            value: {{ ternary "True" "False" .Values.backend.config.djangoDebug | quote }}
+          - name: CISO_ASSISTANT_SUPERUSER_EMAIL
+            value: {{ .Values.backend.config.emailAdmin }}
+          - name: CISO_ASSISTANT_URL
+            value: {{ template "ciso-assistant.url" . }}
+          - name: ALLOWED_HOSTS
+            value: localhost,127.0.0.1,{{ include "ciso-assistant.fullname" . }}-backend,{{ template "ciso-assistant.url" . }}
+          - name: DEFAULT_FROM_EMAIL
+            value: {{ .Values.backend.config.smtp.defaultFrom | quote }}
+          - name: EMAIL_HOST
+            value: {{ .Values.backend.config.smtp.primary.host | quote }}
+          - name: EMAIL_PORT
+            value: {{ .Values.backend.config.smtp.primary.port | quote }}
+          - name: EMAIL_USE_TLS
+            value: {{ .Values.backend.config.smtp.primary.useTls | quote }}
+          {{- if .Values.backend.config.smtp.primary.username }}
+          - name: EMAIL_HOST_USER
+            value: {{ .Values.backend.config.smtp.primary.username | quote }}
+          {{- end }}
+          {{- if .Values.backend.config.smtp.primary.password }}
+          - name: EMAIL_HOST_PASSWORD
+            valueFrom:
+            secretKeyRef:
+                name: {{ include "ciso-assistant.fullname" . }}-backend
+                key: email-primary-password
+          {{- end }}
+          - name: EMAIL_HOST_RESCUE
+            value: {{ .Values.backend.config.smtp.rescue.host | quote }}
+          - name: EMAIL_PORT_RESCUE
+            value: {{ .Values.backend.config.smtp.rescue.port | quote }}
+          - name: EMAIL_USE_TLS_RESCUE
+            value: {{ .Values.backend.config.smtp.rescue.useTls | quote }}
+          {{- if .Values.backend.config.smtp.rescue.username }}
+          - name: EMAIL_HOST_USER_RESCUE
+            value: {{ .Values.backend.config.smtp.rescue.username | quote }}
+          {{- end }}
+          {{- if .Values.backend.config.smtp.rescue.password }}
+          - name: EMAIL_HOST_PASSWORD_RESCUE
+            valueFrom:
+            secretKeyRef:
+                name: {{ include "ciso-assistant.fullname" . }}-backend
+                key: email-rescue-password
+          {{- end }}
+        {{- if .Values.backend.persistence.enabled }}
+        volumeMounts:
+        - name: backend-data
+          mountPath: /code/db
+        {{- end }}
+        ports:
+        - name: http
+          containerPort: 8000
+          protocol: TCP
+        {{- if .Values.backend.resources }}
+        resources:
+          {{ toYaml .Values.backend.resources | indent 10 }}
+        {{- end }}
+        {{- with .Values.backend.containerSecurityContext }}
+        securityContext:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+      {{- with .Values.global.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.global.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- if .Values.backend.persistence.enabled }}
+      volumes:
+      - name: backend-data
+        persistentVolumeClaim:
+          claimName: {{ include "ciso-assistant.fullname" . }}-backend
+      {{- end }}

charts/ciso-assistant-next/templates/backend/persistentvolumeclaim.yaml

@@ -0,0 +1,22 @@
+{{- if .Values.backend.persistence.enabled }}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: {{ include "ciso-assistant.fullname" . }}-backend
+  namespace: {{ .Release.Namespace }}
+  {{- with .Values.backend.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "ciso-assistant.labels" (dict "context" . "component" .Values.backend.name "component" .Values.backend.name) | nindent 4 }}
+spec:
+  accessModes: 
+    - {{ .Values.backend.persistence.accessMode }}
+  resources:
+    requests:
+      storage: {{ .Values.backend.persistence.size }}
+  {{- if .Values.backend.persistence.storageClass }}
+  storageClassName: {{ .Values.backend.persistence.storageClass }}
+  {{- end }}
+{{- end }}

charts/ciso-assistant-next/templates/backend/secret.yaml

@@ -0,0 +1,17 @@
+{{- if or .Values.backend.config.smtp.primary.password .Values.backend.config.smtp.rescue.password }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "ciso-assistant.fullname" . }}-backend
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "ciso-assistant.labels" (dict "context" . "component" .Values.backend.name "component" .Values.backend.name) | nindent 4 }}
+type: Opaque
+data:
+  {{- if .Values.backend.config.smtp.primary.password }}
+  email-primary-password: {{ .Values.backend.config.smtp.primary.password | b64enc | quote}}
+  {{- end }}
+  {{- if .Values.backend.config.smtp.rescue.password }}
+  email-rescue-password: {{ .Values.backend.config.smtp.rescue.password | b64enc | quote}}
+  {{- end }}
+{{- end }}

charts/ciso-assistant-next/templates/backend/service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "ciso-assistant.fullname" . }}-backend
+  namespace: {{ .Release.Namespace }}
+  {{- with .Values.backend.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "ciso-assistant.labels" (dict "context" . "component" .Values.backend.name "component" .Values.backend.name) | nindent 4 }}
+spec:
+  ports:
+  - name: {{ .Values.backend.service.portName }}
+    protocol: TCP
+    port: {{ .Values.backend.service.port }}
+    targetPort: http
+  selector:
+    {{- include "ciso-assistant.selectorLabels" (dict "context" . "component" .Values.backend.name) | nindent 4 }}

charts/ciso-assistant-next/templates/frontend/deployment.yaml

@@ -0,0 +1,65 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "ciso-assistant.fullname" . }}-frontend
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "ciso-assistant.labels" (dict "context" . "component" .Values.frontend.name "component" .Values.frontend.name) | nindent 4 }}
+spec:
+  replicas: {{ .Values.frontend.replicas }}
+  selector:
+    matchLabels:
+      {{- include "ciso-assistant.selectorLabels" (dict "context" . "component" .Values.frontend.name) | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "ciso-assistant.labels" (dict "context" . "component" .Values.frontend.name "component" .Values.frontend.name) | nindent 8 }}
+    spec:
+      {{- with .Values.frontend.imagePullSecrets | default .Values.global.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.global.securityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+      - name: {{ .Values.frontend.name }}
+        image: {{ default .Values.global.image.registry .Values.frontend.image.registry }}/{{ .Values.frontend.image.repository }}:{{ default (include "ciso-assistant.defaultTag" .) .Values.frontend.image.tag }}
+        imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.frontend.image.imagePullPolicy }}
+        env:
+          {{- with .Values.frontend.env }}
+            {{- toYaml . | nindent 10 }}
+          {{- end }}
+          - name: ORIGIN
+            value: {{ template "ciso-assistant.url" . }}
+          - name: PROTOCOL_HEADER
+            value: x-forwarded-proto
+          - name: HOST_HEADER
+            value: x-forwarded-host
+          - name: PUBLIC_BACKEND_API_URL
+            value: http://{{ include "ciso-assistant.fullname" . }}-backend/api
+          - name: PUBLIC_BACKEND_API_EXPOSED_URL
+            value: {{ template "ciso-assistant.url" . }}/api
+          - name: BODY_SIZE_LIMIT
+            value: {{ .Values.frontend.config.bodySizeLimit | quote }}
+        ports:
+        - name: http
+          containerPort: 3000
+          protocol: TCP
+        {{- if .Values.frontend.resources }}
+        resources:
+          {{ toYaml .Values.frontend.resources | indent 10 }}
+        {{- end }}
+        {{- with .Values.frontend.containerSecurityContext }}
+        securityContext:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+      {{- with .Values.global.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.global.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}