From a5b1430198430f825df6daef003fcb2992631140 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nathana=C3=ABl=20M=2E?= Date: Sat, 21 Dec 2024 12:45:12 +0100 Subject: [PATCH] New Helm chart first iteration ready --- .gitignore | 1 + charts/ciso-assistant-next/.helmignore | 23 ++ charts/ciso-assistant-next/Chart.yaml | 13 + charts/ciso-assistant-next/README.md | 34 +++ .../templates/_helpers.tpl | 75 ++++++ .../templates/backend/deployment.yaml | 110 ++++++++ .../backend/persistentvolumeclaim.yaml | 22 ++ .../templates/backend/secret.yaml | 17 ++ .../templates/backend/service.yaml | 19 ++ .../templates/frontend/deployment.yaml | 65 +++++ .../templates/frontend/service.yaml | 19 ++ .../templates/ingress/ingress.yaml | 40 +++ .../templates/ingress/tls-secret.yaml | 14 + charts/ciso-assistant-next/values.yaml | 248 ++++++++++++++++++ 14 files changed, 700 insertions(+) create mode 100644 charts/ciso-assistant-next/.helmignore create mode 100644 charts/ciso-assistant-next/Chart.yaml create mode 100644 charts/ciso-assistant-next/README.md create mode 100644 charts/ciso-assistant-next/templates/_helpers.tpl create mode 100644 charts/ciso-assistant-next/templates/backend/deployment.yaml create mode 100644 charts/ciso-assistant-next/templates/backend/persistentvolumeclaim.yaml create mode 100644 charts/ciso-assistant-next/templates/backend/secret.yaml create mode 100644 charts/ciso-assistant-next/templates/backend/service.yaml create mode 100644 charts/ciso-assistant-next/templates/frontend/deployment.yaml create mode 100644 charts/ciso-assistant-next/templates/frontend/service.yaml create mode 100644 charts/ciso-assistant-next/templates/ingress/ingress.yaml create mode 100644 charts/ciso-assistant-next/templates/ingress/tls-secret.yaml create mode 100644 charts/ciso-assistant-next/values.yaml diff --git a/.gitignore b/.gitignore index aceaa0b7e..77f822d28 100644 --- a/.gitignore +++ b/.gitignore @@ -15,3 +15,4 @@ caddy_data/ **/dist/ **/.meta charts/custom-values.yaml +**/charts/*/charts \ No newline at end of file diff --git a/charts/ciso-assistant-next/.helmignore b/charts/ciso-assistant-next/.helmignore new file mode 100644 index 000000000..691fa13d6 --- /dev/null +++ b/charts/ciso-assistant-next/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ \ No newline at end of file diff --git a/charts/ciso-assistant-next/Chart.yaml b/charts/ciso-assistant-next/Chart.yaml new file mode 100644 index 000000000..60f9ae9c6 --- /dev/null +++ b/charts/ciso-assistant-next/Chart.yaml @@ -0,0 +1,13 @@ +apiVersion: v2 +name: ciso-assistant +description: A Helm chart for CISO Assistant k8s's deployment +type: application +version: 0.1.0 +appVersion: "v1.9.3" +icon: https://intuitem.com/ciso-assistant.svg +sources: + - https://github.com/intuitem/ciso-assistant-community +#dependencies: +# - name: postgresql +# version: "16.3.3" +# repository: "oci://registry-1.docker.io/bitnamicharts" diff --git a/charts/ciso-assistant-next/README.md b/charts/ciso-assistant-next/README.md new file mode 100644 index 000000000..a790916b2 --- /dev/null +++ b/charts/ciso-assistant-next/README.md @@ -0,0 +1,34 @@ +## Installation + +### Pulling default values + +``` +helm show values . > ../custom-values.yaml +``` + +### Creating a dedicated namespace + +``` +kubectl create ns ciso-assistant +``` + +### Install + +``` +helm install my-release . -f ../custom-values.yaml -n ciso-assistant +``` + +### Uninstall + +``` +helm uninstall my-release -n ciso-assistant +``` + + +## Upgrading + +When upgrading, make sure to: +1. Backup your persistent volumes +2. Update any custom values +3. Run: helm repo update +4. Run: helm upgrade my-release . --set global.image.tag= diff --git a/charts/ciso-assistant-next/templates/_helpers.tpl b/charts/ciso-assistant-next/templates/_helpers.tpl new file mode 100644 index 000000000..9f3d9917d --- /dev/null +++ b/charts/ciso-assistant-next/templates/_helpers.tpl @@ -0,0 +1,75 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "ciso-assistant.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +*/}} +{{- define "ciso-assistant.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "ciso-assistant.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Define CISO Assistant default tag version. +*/}} +{{- define "ciso-assistant.defaultTag" -}} +{{- default .Chart.AppVersion .Values.global.image.tag -}} +{{- end -}} + +{{/* +Return valid version label +*/}} +{{- define "ciso-assistant.versionLabelValue" -}} +{{ regexReplaceAll "[^-A-Za-z0-9_.]" (include "ciso-assistant.defaultTag" .) "-" | trunc 63 | trimAll "-" | trimAll "_" | trimAll "." | quote }} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "ciso-assistant.labels" -}} +helm.sh/chart: {{ include "ciso-assistant.chart" .context }} +{{ include "ciso-assistant.selectorLabels" (dict "context" .context "component" .component "name" .name) }} +app.kubernetes.io/managed-by: {{ .context.Release.Service }} +app.kubernetes.io/version: {{ include "ciso-assistant.versionLabelValue" .context }} +{{- with .context.Values.global.commonLabels }} +{{ toYaml . }} +{{- end }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "ciso-assistant.selectorLabels" -}} +app.kubernetes.io/name: {{ include "ciso-assistant.name" .context }} +app.kubernetes.io/instance: {{ .context.Release.Name }} +{{- if .component }} +app.kubernetes.io/component: {{ .component }} +{{- end }} +{{- end }} + +{{/* +Define complete url based on scheme and domain +*/}} +{{- define "ciso-assistant.url" -}} +{{- $scheme := ternary "https" "http" .Values.ingress.tls -}} +{{- printf "%s://%s" $scheme .Values.global.domain -}} +{{- end -}} \ No newline at end of file diff --git a/charts/ciso-assistant-next/templates/backend/deployment.yaml b/charts/ciso-assistant-next/templates/backend/deployment.yaml new file mode 100644 index 000000000..b0f67e020 --- /dev/null +++ b/charts/ciso-assistant-next/templates/backend/deployment.yaml @@ -0,0 +1,110 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "ciso-assistant.fullname" . }}-backend + namespace: {{ .Release.Namespace }} + labels: + {{- include "ciso-assistant.labels" (dict "context" . "component" .Values.backend.name "component" .Values.backend.name) | nindent 4 }} +spec: + replicas: {{ .Values.backend.replicas }} + selector: + matchLabels: + {{- include "ciso-assistant.selectorLabels" (dict "context" . "component" .Values.backend.name) | nindent 6 }} + template: + metadata: + annotations: + checksum/secret-backend: {{ include (print $.Template.BasePath "/backend/secret.yaml") . | sha256sum }} + labels: + {{- include "ciso-assistant.labels" (dict "context" . "component" .Values.backend.name "component" .Values.backend.name) | nindent 8 }} + spec: + {{- with .Values.backend.imagePullSecrets | default .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Values.backend.name }} + image: {{ default .Values.global.image.registry .Values.backend.image.registry }}/{{ .Values.backend.image.repository }}:{{ default (include "ciso-assistant.defaultTag" .) .Values.backend.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.backend.image.imagePullPolicy }} + env: + {{- with .Values.backend.env }} + {{- toYaml . | nindent 10 }} + {{- end }} + - name: DJANGO_DEBUG + value: {{ ternary "True" "False" .Values.backend.config.djangoDebug | quote }} + - name: CISO_ASSISTANT_SUPERUSER_EMAIL + value: {{ .Values.backend.config.emailAdmin }} + - name: CISO_ASSISTANT_URL + value: {{ template "ciso-assistant.url" . }} + - name: ALLOWED_HOSTS + value: localhost,127.0.0.1,{{ include "ciso-assistant.fullname" . }}-backend,{{ template "ciso-assistant.url" . }} + - name: DEFAULT_FROM_EMAIL + value: {{ .Values.backend.config.smtp.defaultFrom | quote }} + - name: EMAIL_HOST + value: {{ .Values.backend.config.smtp.primary.host | quote }} + - name: EMAIL_PORT + value: {{ .Values.backend.config.smtp.primary.port | quote }} + - name: EMAIL_USE_TLS + value: {{ .Values.backend.config.smtp.primary.useTls | quote }} + {{- if .Values.backend.config.smtp.primary.username }} + - name: EMAIL_HOST_USER + value: {{ .Values.backend.config.smtp.primary.username | quote }} + {{- end }} + {{- if .Values.backend.config.smtp.primary.password }} + - name: EMAIL_HOST_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "ciso-assistant.fullname" . }}-backend + key: email-primary-password + {{- end }} + - name: EMAIL_HOST_RESCUE + value: {{ .Values.backend.config.smtp.rescue.host | quote }} + - name: EMAIL_PORT_RESCUE + value: {{ .Values.backend.config.smtp.rescue.port | quote }} + - name: EMAIL_USE_TLS_RESCUE + value: {{ .Values.backend.config.smtp.rescue.useTls | quote }} + {{- if .Values.backend.config.smtp.rescue.username }} + - name: EMAIL_HOST_USER_RESCUE + value: {{ .Values.backend.config.smtp.rescue.username | quote }} + {{- end }} + {{- if .Values.backend.config.smtp.rescue.password }} + - name: EMAIL_HOST_PASSWORD_RESCUE + valueFrom: + secretKeyRef: + name: {{ include "ciso-assistant.fullname" . }}-backend + key: email-rescue-password + {{- end }} + {{- if .Values.backend.persistence.enabled }} + volumeMounts: + - name: backend-data + mountPath: /code/db + {{- end }} + ports: + - name: http + containerPort: 8000 + protocol: TCP + {{- if .Values.backend.resources }} + resources: + {{ toYaml .Values.backend.resources | indent 10 }} + {{- end }} + {{- with .Values.backend.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.global.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.backend.persistence.enabled }} + volumes: + - name: backend-data + persistentVolumeClaim: + claimName: {{ include "ciso-assistant.fullname" . }}-backend + {{- end }} diff --git a/charts/ciso-assistant-next/templates/backend/persistentvolumeclaim.yaml b/charts/ciso-assistant-next/templates/backend/persistentvolumeclaim.yaml new file mode 100644 index 000000000..303333cd4 --- /dev/null +++ b/charts/ciso-assistant-next/templates/backend/persistentvolumeclaim.yaml @@ -0,0 +1,22 @@ +{{- if .Values.backend.persistence.enabled }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "ciso-assistant.fullname" . }}-backend + namespace: {{ .Release.Namespace }} + {{- with .Values.backend.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "ciso-assistant.labels" (dict "context" . "component" .Values.backend.name "component" .Values.backend.name) | nindent 4 }} +spec: + accessModes: + - {{ .Values.backend.persistence.accessMode }} + resources: + requests: + storage: {{ .Values.backend.persistence.size }} + {{- if .Values.backend.persistence.storageClass }} + storageClassName: {{ .Values.backend.persistence.storageClass }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/ciso-assistant-next/templates/backend/secret.yaml b/charts/ciso-assistant-next/templates/backend/secret.yaml new file mode 100644 index 000000000..4854669cb --- /dev/null +++ b/charts/ciso-assistant-next/templates/backend/secret.yaml @@ -0,0 +1,17 @@ +{{- if or .Values.backend.config.smtp.primary.password .Values.backend.config.smtp.rescue.password }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "ciso-assistant.fullname" . }}-backend + namespace: {{ .Release.Namespace }} + labels: + {{- include "ciso-assistant.labels" (dict "context" . "component" .Values.backend.name "component" .Values.backend.name) | nindent 4 }} +type: Opaque +data: + {{- if .Values.backend.config.smtp.primary.password }} + email-primary-password: {{ .Values.backend.config.smtp.primary.password | b64enc | quote}} + {{- end }} + {{- if .Values.backend.config.smtp.rescue.password }} + email-rescue-password: {{ .Values.backend.config.smtp.rescue.password | b64enc | quote}} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/ciso-assistant-next/templates/backend/service.yaml b/charts/ciso-assistant-next/templates/backend/service.yaml new file mode 100644 index 000000000..dc7142ea7 --- /dev/null +++ b/charts/ciso-assistant-next/templates/backend/service.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "ciso-assistant.fullname" . }}-backend + namespace: {{ .Release.Namespace }} + {{- with .Values.backend.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "ciso-assistant.labels" (dict "context" . "component" .Values.backend.name "component" .Values.backend.name) | nindent 4 }} +spec: + ports: + - name: {{ .Values.backend.service.portName }} + protocol: TCP + port: {{ .Values.backend.service.port }} + targetPort: http + selector: + {{- include "ciso-assistant.selectorLabels" (dict "context" . "component" .Values.backend.name) | nindent 4 }} \ No newline at end of file diff --git a/charts/ciso-assistant-next/templates/frontend/deployment.yaml b/charts/ciso-assistant-next/templates/frontend/deployment.yaml new file mode 100644 index 000000000..90b9211ef --- /dev/null +++ b/charts/ciso-assistant-next/templates/frontend/deployment.yaml @@ -0,0 +1,65 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "ciso-assistant.fullname" . }}-frontend + namespace: {{ .Release.Namespace }} + labels: + {{- include "ciso-assistant.labels" (dict "context" . "component" .Values.frontend.name "component" .Values.frontend.name) | nindent 4 }} +spec: + replicas: {{ .Values.frontend.replicas }} + selector: + matchLabels: + {{- include "ciso-assistant.selectorLabels" (dict "context" . "component" .Values.frontend.name) | nindent 6 }} + template: + metadata: + labels: + {{- include "ciso-assistant.labels" (dict "context" . "component" .Values.frontend.name "component" .Values.frontend.name) | nindent 8 }} + spec: + {{- with .Values.frontend.imagePullSecrets | default .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Values.frontend.name }} + image: {{ default .Values.global.image.registry .Values.frontend.image.registry }}/{{ .Values.frontend.image.repository }}:{{ default (include "ciso-assistant.defaultTag" .) .Values.frontend.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.frontend.image.imagePullPolicy }} + env: + {{- with .Values.frontend.env }} + {{- toYaml . | nindent 10 }} + {{- end }} + - name: ORIGIN + value: {{ template "ciso-assistant.url" . }} + - name: PROTOCOL_HEADER + value: x-forwarded-proto + - name: HOST_HEADER + value: x-forwarded-host + - name: PUBLIC_BACKEND_API_URL + value: http://{{ include "ciso-assistant.fullname" . }}-backend/api + - name: PUBLIC_BACKEND_API_EXPOSED_URL + value: {{ template "ciso-assistant.url" . }}/api + - name: BODY_SIZE_LIMIT + value: {{ .Values.frontend.config.bodySizeLimit | quote }} + ports: + - name: http + containerPort: 3000 + protocol: TCP + {{- if .Values.frontend.resources }} + resources: + {{ toYaml .Values.frontend.resources | indent 10 }} + {{- end }} + {{- with .Values.frontend.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.global.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/charts/ciso-assistant-next/templates/frontend/service.yaml b/charts/ciso-assistant-next/templates/frontend/service.yaml new file mode 100644 index 000000000..ac1ac729c --- /dev/null +++ b/charts/ciso-assistant-next/templates/frontend/service.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "ciso-assistant.fullname" . }}-frontend + namespace: {{ .Release.Namespace }} + {{- with .Values.frontend.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "ciso-assistant.labels" (dict "context" . "component" .Values.frontend.name "component" .Values.frontend.name) | nindent 4 }} +spec: + ports: + - name: {{ .Values.frontend.service.portName }} + protocol: TCP + port: {{ .Values.frontend.service.port }} + targetPort: http + selector: + {{- include "ciso-assistant.selectorLabels" (dict "context" . "component" .Values.frontend.name) | nindent 4 }} \ No newline at end of file diff --git a/charts/ciso-assistant-next/templates/ingress/ingress.yaml b/charts/ciso-assistant-next/templates/ingress/ingress.yaml new file mode 100644 index 000000000..9be3337fc --- /dev/null +++ b/charts/ciso-assistant-next/templates/ingress/ingress.yaml @@ -0,0 +1,40 @@ +{{- if .Values.ingress.enabled }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "ciso-assistant.fullname" . }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "ciso-assistant.labels" (dict "context" . "component" .Values.frontend.name) | nindent 4 }} +spec: + {{- with .Values.ingress.ingressClassName }} + ingressClassName: {{ . }} + {{- end }} + rules: + - host: {{ .Values.global.domain }} + http: + paths: + - backend: + service: + name: {{ include "ciso-assistant.fullname" . }}-frontend + port: + number: {{ .Values.frontend.service.port }} + path: / + pathType: Prefix + - backend: + service: + name: {{ include "ciso-assistant.fullname" . }}-backend + port: + number: {{ .Values.backend.service.port }} + path: /api/ + pathType: Prefix + {{- if .Values.ingress.tls }} + tls: + - hosts: + - {{ .Values.global.domain }} + secretName: {{ include "ciso-assistant.fullname" . }}-tls + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/ciso-assistant-next/templates/ingress/tls-secret.yaml b/charts/ciso-assistant-next/templates/ingress/tls-secret.yaml new file mode 100644 index 000000000..83b2259e7 --- /dev/null +++ b/charts/ciso-assistant-next/templates/ingress/tls-secret.yaml @@ -0,0 +1,14 @@ +{{- if and .Values.ingress.enabled .Values.ingress.tls }} +{{- if .Values.ingress.certificateSecret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "ciso-assistant.fullname" . }}-tls + labels: + {{- include "ciso-assistant.labels" (dict "context" . "component" .Values.frontend.name) | nindent 4 }} +type: kubernetes.io/tls +data: + tls.crt: {{ .Values.ingress.certificateSecret.certificate | b64enc }} + tls.key: {{ .Values.ingress.certificateSecret.key | b64enc }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/ciso-assistant-next/values.yaml b/charts/ciso-assistant-next/values.yaml new file mode 100644 index 000000000..b3c1861f7 --- /dev/null +++ b/charts/ciso-assistant-next/values.yaml @@ -0,0 +1,248 @@ +## CISO Assistant configuration +## Ref: https://github.com/intuitem/ciso-assistant-community +## + +# -- Provide a name in place of `ciso-assistant` +nameOverride: ciso-assistant +# -- String to fully override `"ciso-assistant.fullname"` +fullnameOverride: "" + +## Globally shared configuration +global: + # -- Default domain used by all components + ## Used for ingresses, certificates, environnement vars, etc. + domain: octopus.foo.bar + + # Default image used by all components + image: + # -- If defined, a registry applied to all CISO Assistant deployments + registry: ghcr.io + # -- Overrides the global CISO Assistant image tag whose default is the chart appVersion + tag: "" + # -- If defined, a imagePullPolicy applied to all CISO Assistant deployments + imagePullPolicy: IfNotPresent + + # -- Secrets with credentials to pull images from a private registry + imagePullSecrets: [] + + # -- Labels to add to all deployed objects + commonLabels: {} + + # -- Kubernetes cluster domain name + clusterDomain: cluster.local + + # -- Toggle and define pod-level security context + securityContext: {} + # fsGroupChangePolicy: Always + # sysctls: [] + # supplementalGroups: [] + # fsGroup: 1001 + + # -- Default node selector for all components + nodeSelector: {} + + # -- Default tolerations for all components + tolerations: [] + +## CISO Assistant backend +backend: + # -- Backend name + name: backend + + # -- The number of backend pods to run + replicas: 1 + + ## Backend specific config + config: + # -- Email admin for initial configuration + emailAdmin: admin@example.net + + # -- SMTP configuration + smtp: + defaultFrom: no-reply@ciso-assistant.net + debug: false + primary: + host: primary.cool-mailer.net + port: 587 + username: apikey + password: "primary_password_here" + useTls: true + rescue: + host: smtp.secondary.mailer.cloud + port: 587 + username: username + password: "rescue_password_here" + useTls: true + + # -- Set the database type (sqlite or pgsql) + databaseType: sqlite + + # -- Enable Django debug mode + djangoDebug: false + + # -- Backend persistence configuration (used for sqlitedb and proofs storage) + persistence: + enabled: true + size: 5Gi + storageClass: "" + accessMode: ReadWriteOnce + + ## Backend image + image: + # -- Registry to use for the backend + # @default -- `""` (defaults to global.image.registry) + registry: "" + # -- Repository to use for the backend + repository: intuitem/ciso-assistant-community/backend + # -- Tag to use for the backend + # @default -- `""` (defaults to global.image.tag) + tag: "" + # -- Image pull policy for the backend + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" + + # -- Secrets with credentials to pull images from a private registry + # @default -- `[]` (defaults to global.imagePullSecrets) + imagePullSecrets: [] + + # -- Resources for the backend + resources: {} + # requests: + # cpu: 100m + # memory: 512Mi + # limits: + # cpu: 256m + # memory: 1024Mi + + # -- Environment variables to pass to backend + env: [] + + # -- Toggle and define container-level security context + containerSecurityContext: + # seLinuxOptions: {} + # runAsUser: 1001 + # runAsGroup: 1001 + # runAsNonRoot: true + # privileged: false + # readOnlyRootFilesystem: true + # allowPrivilegeEscalation: false + # capabilities: + # drop: ["ALL"] + # seccompProfile: + # type: "RuntimeDefault" + + ## Backend service configuration + service: + # -- Backend service annotations + annotations: {} + # -- Backend service labels + labels: {} + # -- Backend service http port + port: 80 + # -- Backend service port name + portName: http + + +## CISO Assistant frontend +frontend: + # -- Frontend name + name: frontend + + # -- The number of frontend pods to run + replicas: 1 + + ## Frontend specific config + config: + # -- Configure body size limit for uploads in bytes (unit suffix like K/M/G can be used) + bodySizeLimit: "50M" + + ## Frontend image + image: + # -- Registry to use for the frontend + # @default -- `""` (defaults to global.image.registry) + registry: "" + # -- Repository to use for the frontend + repository: intuitem/ciso-assistant-community/frontend + # -- Tag to use for the frontend + # @default -- `""` (defaults to global.image.tag) + tag: "" + # -- Image pull policy for the frontend + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" + + # -- Secrets with credentials to pull images from a private registry + # @default -- `[]` (defaults to global.imagePullSecrets) + imagePullSecrets: [] + + # -- Resources for the frontend + resources: {} + # requests: + # cpu: 100m + # memory: 512Mi + # limits: + # cpu: 256m + # memory: 1024Mi + + # -- Environment variables to pass to frontend + env: [] + + # -- Toggle and define container-level security context + containerSecurityContext: + # seLinuxOptions: {} + # runAsUser: 1001 + # runAsGroup: 1001 + # runAsNonRoot: true + # privileged: false + # readOnlyRootFilesystem: true + # allowPrivilegeEscalation: false + # capabilities: + # drop: ["ALL"] + # seccompProfile: + # type: "RuntimeDefault" + + ## Frontend service configuration + service: + # -- Frontend service annotations + annotations: {} + # -- Frontend service labels + labels: {} + # -- Frontend service http port + port: 80 + # -- Frontend service port name + portName: http + +# CISO Assistant ingress configuration +ingress: + # -- Enable an ingress resource for the CISO Assistant + enabled: true + # -- Additional ingress labels + labels: {} + # -- Additional ingress annotations + annotations: {} + # nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + # cert-manager.io/cluster-issuer: letsencrypt + # -- Defines which ingress controller will implement the resource + ingressClassName: "" + # -- CISO Assistant hostname + # @default -- `""` (defaults to global.domain) + hostname: "" + # -- The path to CISO Assistant + path: / + # -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` + pathType: Prefix + + # -- Enable TLS configuration for the hostname defined at `ingress.hostname` + ## TLS certificate will be retrieved from a TLS secret `{{ ciso-assistant.fullname }}-tls` + ## You can create this secret manually via `certificateSecret` option + tls: false + # -- Custom TLS certificate as secret + ## Note: 'key' and 'certificate' are expected in PEM format + certificateSecret: {} + # key: |- + # -----BEGIN RSA PRIVATE KEY----- + # ... + # -----END RSA PRIVATE KEY----- + # certificate: |- + # -----BEGIN CERTIFICATE----- + # ... + # -----END CERTIFICATE-----