Adding initial OpenStack support

wiz-broker/templates/_helpers.tpl

@@ -111,3 +111,15 @@ publicregistryfedrampwizio.azurecr.us/wiz-app/wiz-broker-fips:{{ .Values.image.t
 {{ coalesce .Values.global.image.registry .Values.image.registry }}/{{ coalesce .Values.global.image.repository .Values.image.repository }}:{{ coalesce .Values.global.image.tag .Values.image.tag | default .Chart.AppVersion }}
 {{- end -}}
 {{- end -}}
+
+{{/*{{- define "wiz-broker.proxyImage" -}}*/}}
+{{/*{{- if .Values.global.isFedRamp -}}*/}}
+{{/*publicregistryfedrampwizio.azurecr.us/wiz-app/wiz-broker-proxy-fips:{{ .Values.image.tag | default .Chart.AppVersion }}*/}}
+{{/*{{- else -}}*/}}
+{{/*{{ coalesce .Values.global.image.registry .Values.image.registry }}/{{ coalesce .Values.global.image.proxyRepository .Values.image.proxyRepository }}:{{ coalesce .Values.global.image.proxyTag .Values.image.proxyTag | default .Chart.AppVersion }}*/}}
+{{/*{{- end -}}*/}}
+{{/*{{- end -}}*/}}
+
+{{- define "wiz-broker.proxyImage" -}}
+vimagick/tinyproxy
+{{- end -}}

wiz-broker/templates/wiz-broker-deployment.yaml

@@ -165,6 +165,28 @@ spec:
           {{- end }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
+
+        {{ if .Values.openstack.enabled }}
+        - name: broker-proxy
+          securityContext:
+            {{- if hasKey .Values.global "lowPrivilegeSecurityPolicy" }}
+            {{- toYaml .Values.global.lowPrivilegeSecurityPolicy | nindent 12 }}
+            {{- else }}
+            {{- toYaml .Values.global.securityContext | nindent 12 }}
+            {{- end }}
+          image: {{ include "wiz-broker.proxyImage" . }}
+          imagePullPolicy: {{ coalesce .Values.global.image.pullPolicy .Values.image.pullPolicy }}
+{{/*          volumeMounts:*/}}
+{{/*            - name: connector-data*/}}
+{{/*              mountPath: {{ $mountPath }}*/}}
+{{/*              readOnly: true*/}}
+          {{- with .Values.global.customVolumeMounts }}
+            {{- toYaml . | nindent 10 }}
+          {{- end }}
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+        {{ end }}
+
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

wiz-broker/values.yaml

@@ -10,9 +10,11 @@ commonLabels: {} # Labels applied on all the resources (not used for selection)
 image:
   registry: wiziopublic.azurecr.io/wiz-app
   repository: wiz-broker
+  proxyRepository: wiz-broker-proxy
   pullPolicy: Always
   # Overrides the image tag whose default is the chart appVersion.
   tag: ""
+  proxyTag: "1.0"
 
 targetIp: ""
 targetPort: 443
@@ -108,6 +110,10 @@ managed:
   # Relevant only for wiz-managed brokers
   outpostId: ""
 
+openstack:
+  enabled: false
+  #targetPorts: []
+
 global:
   # Set the log level. Can be one of "debug", "info", "warn", or "error".
   # Warning: Do not set to `debug` in production environments, or sensitive data may be written to the logs.
@@ -116,9 +122,11 @@ global:
   image:
     registry: wiziopublic.azurecr.io/wiz-app
     repository: wiz-broker
+    proxyRepository: wiz-broker-proxy
     pullPolicy: Always  # Always pull the image on every deployment
     # Overrides the image tag whose default is the chart appVersion.
     tag: ""
+    proxyTag: "1.0"
   imagePullSecrets: [] # Secrets for container image registry keys as described in https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod
 
   commonLabels: {} # Labels applied on all the resources (not used for selection)