AllardDCS/kubernetes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial commit

Browse Source
This commit is contained in:
allard
2025-11-23 18:58:51 +01:00
commit 376a944abc
1553 changed files with 314731 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
dev/defectdojo/catalog-info.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: backstage.io/v1alpha1
kind: Component
metadata:
name: dev-defectdojo
title: Defectdojo (dev)
annotations:
backstage.io/kubernetes-label-selector: "app=defectdojo"
links:
- url: https://github.com/AllardKrings/kubernetes/dev/defectdojo
docs:
- url: ./README.md
spec:
type: service
lifecycle: production
owner: allarddcs
subcomponentOf: component:default/DEV-cluster

42
dev/defectdojo/helm/README.md Executable file
View File

@@ -0,0 +1,42 @@
#Installatie
https://epam.github.io/edp-install/operator-guide/install-defectdojo/
kubectl create namespace defectdojo
helm repo add defectdojo 'https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/helm-charts'
helm repo update
Create PostgreSQL admin secret:
kubectl -n defectdojo create secret generic defectdojo-postgresql-specific \
--from-literal=postgresql-password=defectdojodefect \
--from-literal=postgresql-postgres-password=defectdojodefect
Create Rabbitmq admin secret:
kubectl -n defectdojo create secret generic defectdojo-rabbitmq-specific \
--from-literal=rabbitmq-password=defectdojo \
--from-literal=rabbitmq-erlang-cookie=defectdojodefectdojodefectdojojo
Create DefectDojo admin secret:
kubectl -n defectdojo create secret generic defectdojo \
--from-literal=DD_ADMIN_PASSWORD=defectdojodefectdojojo \
--from-literal=DD_SECRET_KEY=defectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefecdojojo \
--from-literal=DD_CREDENTIAL_AES_256_KEY=defectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefecdojojo \
--from-literal=METRICS_HTTP_AUTH_PASSWORD=defectdojodefectdojodefectdojojo
Install DefectDojo v.2.22.4 using defectdojo/defectdojo Helm chart v.1.6.69:
helm upgrade --install \
defectdojo \
--version 1.6.69 \
defectdojo/defectdojo \
--namespace defectdojo \
--values values.yaml

1060
dev/defectdojo/helm/defectdojo-helm.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

5
dev/defectdojo/helm/defectdojo-secret.sh Executable file
View File

@@ -0,0 +1,5 @@
microk8s kubectl -n defectdojo create secret generic defectdojo \
--from-literal=DD_ADMIN_PASSWORD=defectdojodefectdojojo \
--from-literal=DD_SECRET_KEY=defectdodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojo \
--from-literal=DD_CREDENTIAL_AES_256_KEY=defectdodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojo \
--from-literal=METRICS_HTTP_AUTH_PASSWORD=defectdojodefectdojodefectdojojo -n defectdojo

14
dev/defectdojo/helm/ingressroute-http.yaml Executable file
View File

@@ -0,0 +1,14 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: defectdojo-http
namespace: defectdojo
spec:
entryPoints:
- web
routes:
- match: Host(`defectdojo-dev.allarddcs.nl`)
kind: Rule
services:
- name: defectdojo-django
port: 80

16
dev/defectdojo/helm/ingressroute-tls.yaml Executable file
View File

@@ -0,0 +1,16 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: defectdojo-tls
namespace: defectdojo
spec:
entryPoints:
- websecure
routes:
- match: Host(`defectdojo-dev.allarddcs.nl`)
kind: Rule
services:
- name: defectdojo-django
port: 80
tls:
certResolver: letsencrypt

68
dev/defectdojo/helm/persistent-volumes.yaml Executable file
View File

@@ -0,0 +1,68 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: defectdojo-postgres-pv
spec:
storageClassName: ""
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
mountOptions:
- hard
- nfsvers=4.1
nfs:
server: 192.168.2.110
path: /mnt/nfs_share/defectdojo/postgres
readOnly: false
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: data-defectdojo-postgresql-0
namespace: defectdojo
spec:
storageClassName: ""
volumeName: defectdojo-postgres-pv
accessModes:
- ReadWriteMany
volumeMode: Filesystem
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: defectdojo-rabbitmq-pv
spec:
storageClassName: ""
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
mountOptions:
- hard
- nfsvers=4.1
nfs:
server: 192.168.2.110
path: /mnt/nfs_share/defectdojo/rabbitmq
readOnly: false
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: data-defectdojo-rabbitmq-0
namespace: defectdojo
spec:
storageClassName: ""
volumeName: defectdojo-rabbitmq-pv
accessModes:
- ReadWriteMany
volumeMode: Filesystem
resources:
requests:
storage: 1Gi

3
dev/defectdojo/helm/postgres-secret.sh Executable file
View File

@@ -0,0 +1,3 @@
microk8s kubectl -n defectdojo create secret generic defectdojo-postgresql-specific \
--from-literal=postgresql-password=defectdojo \
--from-literal=postgresql-postgres-password=defectdojo -n defectdojo

3
dev/defectdojo/helm/rabbitmq-secret.sh Executable file
View File

@@ -0,0 +1,3 @@
microk8s kubectl -n defectdojo create secret generic defectdojo-rabbitmq-specific \
--from-literal=rabbitmq-password=mqrabbitmq \
--from-literal=rabbitmq-erlang-cookie=rabbitmqrabbitmqrabbitmqrabbitmq -n defectdojo

552
dev/defectdojo/helm/values-complete.yaml Executable file
View File

@@ -0,0 +1,552 @@
---
# Global settings
# create defectdojo specific secret
createSecret: false
# create rabbitmq secret in defectdojo chart, outside of rabbitmq chart
createRabbitMqSecret: false
# create redis secret in defectdojo chart, outside of redis chart
createRedisSecret: false
# create mysql secret in defectdojo chart, outside of mysql chart
createMysqlSecret: false
# create postgresql secret in defectdojo chart, outside of postgresql chart
createPostgresqlSecret: false
# create postgresql-ha secret in defectdojo chart, outside of postgresql-ha chart
createPostgresqlHaSecret: false
# create postgresql-ha-pgpool secret in defectdojo chart, outside of postgresql-ha chart
createPostgresqlHaPgpoolSecret: false
# Track configuration (trackConfig): will automatically respin application pods in case of config changes detection
# can be:
# - disabled, default
# - enabled, enables tracking configuration changes based on SHA256
# trackConfig: disabled
# Enables application network policy
# For more info follow https://kubernetes.io/docs/concepts/services-networking/network-policies/
networkPolicy:
enabled: false
# if additional labels need to be allowed (e.g. prometheus scraper)
ingressExtend: []
# ingressExtend:
# - podSelector:
# matchLabels:
# app.kubernetes.io/instance: defectdojo-prometheus
egress: []
# egress:
# - to:
# - ipBlock:
# cidr: 10.0.0.0/24
# ports:
# - protocol: TCP
# port: 443
# Configuration value to select database type
# Option to use "postgresql" or "mysql" database type, by default "mysql" is chosen
# Set the "enable" field to true of the database type you select (if you want to use internal database) and false of the one you don't select
database: postgresql
# Primary hostname of instance
host: defectdojo.default.minikube.local
# The full URL to your defectdojo instance, depends on the domain where DD is deployed, it also affects links in Jira
# site_url: 'https://<yourdomain>'
# optional list of alternative hostnames to use that gets appended to
# DD_ALLOWED_HOSTS. This is necessary when your local hostname does not match
# the global hostname.
# alternativeHosts:
# - defectdojo.example.com
imagePullPolicy: Always
# Where to pull the defectDojo images from. Defaults to "defectdojo/*" repositories on hub.docker.com
repositoryPrefix: defectdojo
# When using a private registry, name of the secret that holds the registry secret (eg deploy token from gitlab-ci project)
# Create secrets as: kubectl create secret docker-registry defectdojoregistrykey --docker-username=registry_username --docker-password=registry_password --docker-server='https://index.docker.io/v1/'
# imagePullSecrets: defectdojoregistrykey
tag: latest
# Additional labels to add to the pods:
# podLabels:
# key: value
podLabels: {}
# Allow overriding of revisionHistoryLimit across all deployments.
# revisionHistoryLimit: 10
securityContext:
enabled: true
djangoSecurityContext:
# django dockerfile sets USER=1001
runAsUser: 1001
nginxSecurityContext:
# nginx dockerfile sets USER=1001
runAsUser: 1001
tests:
unitTests:
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
admin:
user: admin
password:
firstName: Administrator
lastName: User
mail: admin@defectdojo.local
secretKey:
credentialAes256Key:
metricsHttpAuthPassword:
monitoring:
enabled: false
# Add the nginx prometheus exporter sidecar
prometheus:
enabled: false
image: nginx/nginx-prometheus-exporter:0.11.0
imagePullPolicy: IfNotPresent
annotations: {}
# Components
celery:
broker: rabbitmq
# To use an external celery broker, set the hostname here
brokerHost: ""
logLevel: INFO
beat:
annotations: {}
affinity: {}
nodeSelector: {}
replicas: 1
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 2000m
memory: 256Mi
tolerations: []
worker:
annotations: {}
affinity: {}
logLevel: INFO
nodeSelector: {}
replicas: 1
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 2000m
memory: 512Mi
tolerations: []
app_settings:
pool_type: solo
# Performance improved celery worker config when needing to deal with a lot of findings (e.g deduplication ops)
# Comment out the "solo" line, and uncomment the following lines.
# pool_type: prefork
# autoscale_min: 2
# autoscale_max: 8
# concurrency: 8
# prefetch_multiplier: 128
# A list of extra volumes to mount. This
# is useful for bringing in extra data that can be referenced by other configurations
# at a well known path, such as local_settings. The
# value of this should be a list of objects.
#
# Example:
#
# ```yaml
# extraVolumes:
# - type: configMap
# name: local_settings
# path: /app/dojo/settings/local_settings.py
# subPath: local_settings.py
# - type: hostPath
# name: host_directory
# path: /tmp
# hostPath: /tmp
# ```
#
# Each object supports the following keys:
#
# - `type` - Type of the volume, must be one of "configMap", "secret", "hostPath". Case sensitive.
# Even is supported we are highly recommending to avoid hostPath for security reasons (usually blocked by PSP)
# - `name` - Name of the configMap or secret to be mounted. This also controls
# the path that it is mounted to. The volume will be mounted to `/consul/userconfig/<name>`.
# - `path` - defines where file should be exposed
# - `subPath` - extracts only particular file from secret or configMap
# - `pathType` - only for hostPath, can be one of the "DirectoryOrCreate", "Directory" (default), "FileOrCreate",
# "File", "Socket", "CharDevice", "BlockDevice"
# - `hostPath` - only for hostPath, file or directory from local host
# @type: array<map>
extraVolumes: []
django:
annotations: {}
service:
annotations: {}
affinity: {}
ingress:
enabled: true
ingressClassName: ""
activateTLS: true
secretName: defectdojo-tls
annotations: {}
# Restricts the type of ingress controller that can interact with our chart (nginx, traefik, ...)
# kubernetes.io/ingress.class: nginx
# Depending on the size and complexity of your scans, you might want to increase the default ingress timeouts if you see repeated 504 Gateway Timeouts
# nginx.ingress.kubernetes.io/proxy-read-timeout: "1800"
# nginx.ingress.kubernetes.io/proxy-send-timeout: "1800"
nginx:
tls:
enabled: false
generateCertificate: false
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 2000m
memory: 256Mi
nodeSelector: {}
replicas: 1
tolerations: []
uwsgi:
livenessProbe:
# Enable liveness checks on uwsgi container. Those values are use on nginx readiness checks as well.
enabled: true
failureThreshold: 6
initialDelaySeconds: 120
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 2000m
memory: 512Mi
app_settings:
processes: 2
threads: 2
enable_debug: false # this also requires DD_DEBUG to be set to True
certificates:
# includes additional CA certificate as volume, it refrences REQUESTS_CA_BUNDLE env varible
# to create configMap `kubectl create cm defectdojo-ca-certs --from-file=ca.crt`
# NOTE: it reflects REQUESTS_CA_BUNDLE for celery workers, beats as well
enabled: false
configName: defectdojo-ca-certs
certMountPath: /certs/
certFileName: ca.crt
# A list of extra volumes to mount. This
# is useful for bringing in extra data that can be referenced by other configurations
# at a well known path, such as local_settings. The
# value of this should be a list of objects.
#
# Example:
#
# ```yaml
# extraVolumes:
# - type: configMap
# name: local_settings
# path: /app/dojo/settings/local_settings.py
# container: uwsgi
# subPath: local_settings.py
# - type: hostPath
# name: host_directory
# path: /app/dojo/settings/
# hostPath: /var/run
# container: uwsgi
# ```
#
# Each object supports the following keys:
#
# - `type` - Type of the volume, must be one of "configMap", "secret", "hostPath". Case sensitive.
# Even is supported we are highly recommending to avoid hostPath for security reasons (usually blocked by PSP)
# - `name` - Name of the configMap or secret to be mounted. This also controls
# the path that it is mounted to. The volume will be mounted to `/consul/userconfig/<name>`.
# - `path` - defines where file should be exposed
# - `container` - defines where volume needs to be mounted, must be uwsgi or nginx
# - `subPath` - extracts only particular file from secret or configMap
# - `pathType` - only for hostPath, can be one of the "DirectoryOrCreate", "Directory" (default), "FileOrCreate",
# "File", "Socket", "CharDevice", "BlockDevice"
# - `hostPath` - only for hostPath, file or directory from local host
# @type: array<map>
extraVolumes: []
# This feature needs more preparation before can be enabled, please visit KUBERNETES.md#media-persistent-volume
mediaPersistentVolume:
enabled: true
fsGroup: 1001
# any name
name: media
# could be emptyDir (not for production) or pvc
type: emptyDir
# in case if pvc specified, should point to the already existing pvc
persistentVolumeClaim:
# set to true to create a new pvc and if django.mediaPersistentVolume.type is set to pvc
create: false
name:
size: 5Gi
accessModes:
- ReadWriteMany # check KUBERNETES.md doc first for option to choose
storageClassName:
initializer:
run: true
jobAnnotations: {
helm.sh/hook: "post-install,post-upgrade"
}
annotations: {}
keepSeconds: 60
affinity: {}
nodeSelector: {}
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 2000m
memory: 512Mi
# A list of extra volumes to mount. This
# is useful for bringing in extra data that can be referenced by other configurations
# at a well known path, such as local_settings. The
# value of this should be a list of objects.
#
# Example:
#
# ```yaml
# extraVolumes:
# - type: configMap
# name: local_settings
# path: /app/dojo/settings/local_settings.py
# subPath: local_settings.py
# - type: hostPath
# name: host_directory
# path: /tmp
# hostPath: /tmp
# ```
#
# Each object supports the following keys:
#
# - `type` - Type of the volume, must be one of "configMap", "secret", "hostPath". Case sensitive.
# Even is supported we are highly recommending to avoid hostPath for security reasons (usually blocked by PSP)
# - `name` - Name of the configMap or secret to be mounted. This also controls
# the path that it is mounted to. The volume will be mounted to `/consul/userconfig/<name>`.
# - `path` - defines where file should be exposed
# - `subPath` - extracts only particular file from secret or configMap
# - `pathType` - only for hostPath, can be one of the "DirectoryOrCreate", "Directory" (default), "FileOrCreate",
# "File", "Socket", "CharDevice", "BlockDevice"
# - `hostPath` - only for hostPath, file or directory from local host
# @type: array<map>
extraVolumes: []
mysql:
enabled: false
auth:
username: defectdojo
password: ""
rootPassword: ""
database: defectdojo
existingSecret: defectdojo-mysql-specific
secretKey: mysql-password
primary:
service:
ports:
mysql: 3306
# To use an external mySQL instance, set enabled to false and uncomment
# the line below / add external address:
# mysqlServer: "127.0.0.1"
postgresql:
# enabled: true
enabled: false
image:
tag: 11.16.0-debian-11-r9
auth:
username: defectdojo
password: ""
database: defectdojo
existingSecret: defectdojo-postgresql-specific
secretKeys:
adminPasswordKey: postgresql-postgres-password
userPasswordKey: postgresql-password
replicationPasswordKey: postgresql-replication-password
architecture: standalone
primary:
name: primary
persistence:
enabled: true
service:
ports:
postgresql: 5432
podSecurityContext:
# Default is true for K8s. Enabled needs to false for OpenShift restricted SCC and true for anyuid SCC
enabled: true
# fsGroup specification below is not applied if enabled=false. enabled=false is the required setting for OpenShift "restricted SCC" to work successfully.
fsGroup: 1001
containerSecurityContext:
# Default is true for K8s. Enabled needs to false for OpenShift restricted SCC and true for anyuid SCC
enabled: true
# runAsUser specification below is not applied if enabled=false. enabled=false is the required setting for OpenShift "restricted SCC" to work successfully.
runAsUser: 1001
affinity: {}
nodeSelector: {}
volumePermissions:
enabled: false
# if using restricted SCC set runAsUser: "auto" and if running under anyuid SCC - runAsUser needs to match the line above
containerSecurityContext:
runAsUser: 1001
shmVolume:
chmod:
enabled: false
# To use an external PostgreSQL instance, set enabled to false and uncomment
# the line below:
# postgresServer: "127.0.0.1"
postgresqlha:
enabled: false
global:
pgpool:
existingSecret: defectdojo-postgresql-ha-pgpool
serviceAccount:
create: true
postgresql:
replicaCount: 3
username: defectdojo
password: ""
repmgrPassword: ""
database: defectdojo
existingSecret: defectdojo-postgresql-ha-specific
securityContext:
enabled: true
fsGroup: 1001
containerSecurityContext:
enabled: true
runAsUser: 1001
pgpool:
replicaCount: 3
adminPassword: ""
securityContext:
enabled: true
fsGroup: 1001
volumePermissions:
enabled: true
securityContext:
runAsUser: 1001
persistence:
enabled: true
service:
ports:
postgresql: 5432
# Google CloudSQL support in GKE via gce-proxy
cloudsql:
# To use CloudSQL in GKE set 'enable: true'
enabled: false
# By default, the proxy has verbose logging. Set this to false to make it less verbose
verbose: true
image:
# set repo and image tag of gce-proxy
repository: gcr.io/cloudsql-docker/gce-proxy
tag: 1.33.14
pullPolicy: IfNotPresent
# set CloudSQL instance: 'project:zone:instancename'
instance: ""
# use IAM database authentication
enable_iam_login: false
# whether to use a private IP to connect to the database
use_private_ip: false
# Settings to make running the chart on GKE simpler
gke:
# Set to true to configure the Ingress to use the GKE provided ingress controller
useGKEIngress: false
# Set to true to have GKE automatically provision a TLS certificate for the host specified
# Requires useGKEIngress to be set to true
# When using this option, be sure to set django.ingress.activateTLS to false
useManagedCertificate: false
# Workload Identity allows the K8s service account to assume the IAM access of a GCP service account to interact with other GCP services
workloadIdentityEmail: ""
rabbitmq:
enabled: true
replicaCount: 1
auth:
password: ""
erlangCookie: ""
existingPasswordSecret: defectdojo-rabbitmq-specific
secretPasswordKey: ""
existingErlangSecret: defectdojo-rabbitmq-specific
memoryHighWatermark:
enabled: true
type: relative
value: 0.5
affinity: {}
nodeSelector: {}
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
podSecurityContext:
enabled: true
fsGroup: 1001
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsNonRoot: true
# For more advance options check the bitnami chart documentation: https://github.com/bitnami/charts/tree/master/bitnami/redis
redis:
enabled: false
scheme: "redis"
transportEncryption:
enabled: false
params: ''
auth:
existingSecret: defectdojo-redis-specific
existingSecretPasswordKey: redis-password
password: ""
architecture: standalone
# To use an external Redis instance, set enabled to false and uncomment
# the line below:
# redisServer: myrediscluster
# To use a different port for Redis (default: 6379) add a port number and uncomment the lines below:
# master:
# service:
# ports:
# redis: xxxx
# To add extra variables not predefined by helm config it is possible to define in extraConfigs block, e.g. below:
# NOTE Do not store any kind of sensitive information inside of it
# extraConfigs:
# DD_SOCIAL_AUTH_AUTH0_OAUTH2_ENABLED: 'true'
# DD_SOCIAL_AUTH_AUTH0_KEY: 'dev'
# DD_SOCIAL_AUTH_AUTH0_DOMAIN: 'xxxxx'
# Extra secrets can be created inside of extraSecrets block:
# NOTE This is just an exmaple, do not store sensitive data in plain text form, better inject it during the deployment/upgrade by --set extraSecrets.secret=someSecret
# extraSecrets:
# DD_SOCIAL_AUTH_AUTH0_SECRET: 'xxx'
extraConfigs: {}
# To add (or override) extra variables which need to be pulled from another configMap, you can
# use extraEnv. For example:
# extraEnv:
# - name: DD_DATABASE_HOST
# valueFrom:
# configMapKeyRef:
# name: my-other-postgres-configmap
# key: cluster_endpoint

36
dev/defectdojo/helm/values.yaml Executable file
View File

@@ -0,0 +1,36 @@
tag: 2.22.4
fullnameOverride: defectdojo
host: defectdojo.alldcs.nl
site_url: https://defectdojo.alldcs.nl
alternativeHosts:
- defectdojo-django.defectdojo
celery:
beat:
nodeSelector:
kubernetes.io/arch: amd64
worker:
nodeSelector:
kubernetes.io/arch: amd64
initializer:
# should be false after initial installation was performed
run: true
nodeSelector:
kubernetes.io/arch: amd64
django:
ingress:
enabled: true # change to 'false' for OpenShift
activateTLS: false
uwsgi:
livenessProbe:
# Enable liveness checks on uwsgi container. Those values are use on nginx readiness checks as well.
# default value is 120, so in our case 20 is just fine
initialDelaySeconds: 20
nodeSelector:
kubernetes.io/arch: amd64
rabbitmq:
nodeSelector:
kubernetes.io/arch: amd64
postgresql:
primary:
nodeSelector:
kubernetes.io/arch: amd64

0
dev/defectdojo/installeren_met_yaml Normal file
View File

16
dev/defectdojo/yaml/README.md Normal file
View File

@@ -0,0 +1,16 @@
user : admin
password: Defectdojo01@
======
migratie
- inloggen in de uwsgi container en dan:
- python manage.py migrate
toevoegen environment:
https://defectdojo-dev.allarddcs.nl/admin/dojo/development_environment/

1
dev/defectdojo/yaml/admin-password.txt Normal file
View File

@@ -0,0 +1 @@
Hh7ViTz1cVj8PV4faGVO9A

1075
dev/defectdojo/yaml/defectdojo-helm.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

473
dev/defectdojo/yaml/defectdojo-with-initializer.yaml Normal file
View File

@@ -0,0 +1,473 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
namespace: defectdojo
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: nginx
strategy:
type: Recreate
template:
metadata:
labels:
io.kompose.service: nginx
spec:
containers:
- env:
- name: NGINX_METRICS_ENABLED
value: "false"
- name: DD_UWSGI_HOST
value: "uwsgi.defectdojo"
- name: HTTP_AUTH_PASSWORD
value: "Defectdojo01@"
image: allardkrings/defectdojo-nginx:1.0
imagePullPolicy: IfNotPresent
name: nginx
ports:
- containerPort: 8080
- containerPort: 8443
resources: {}
volumeMounts:
- mountPath: /usr/share/nginx/html/media
name: defectdojo-media
restartPolicy: Always
volumes:
- name: defectdojo-media
persistentVolumeClaim:
claimName: defectdojo-media-pvc
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: defectdojo-media-pvc
namespace: defectdojo
spec:
storageClassName: ""
volumeName: defectdojo-media-pv
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
resources:
requests:
storage: 2Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: defectdojo-media-pv
spec:
storageClassName: ""
capacity:
storage: 2Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
mountOptions:
- hard
- nfsvers=4.1
nfs:
server: 192.168.2.110
path: /mnt/nfs_share/defectdojo/media
readOnly: false
---
apiVersion: v1
kind: Service
metadata:
labels:
io.kompose.service: nginx
name: nginx
namespace: defectdojo
spec:
ports:
- name: "8080"
port: 8080
targetPort: 8080
- name: "8443"
port: 8443
targetPort: 8443
selector:
io.kompose.service: nginx
status:
loadBalancer: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
io.kompose.service: uwsgi
name: uwsgi
namespace: defectdojo
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: uwsgi
strategy:
type: Recreate
template:
metadata:
labels:
io.kompose.service: uwsgi
spec:
containers:
- command:
- /wait-for-it.sh
- postgres16.postgres:5432
- -t
- "30"
- --
- /entrypoint-uwsgi.sh
env:
- name: DD_ALLOWED_HOSTS
value: '*'
- name: DD_CELERY_BROKER_URL
value: redis://redis.defectdojo:6379/0
- name: DD_CREDENTIAL_AES_256_KEY
value: '&91a*agLqesc*0DJ+2*bAbsUZfR*4nLw'
- name: DD_DATABASE_URL
value: postgresql://defectdojo:defectdojo@postgres16.postgres:5432/defectdojo
- name: DD_DEBUG
value: "False"
- name: DD_DJANGO_METRICS_ENABLED
value: "False"
- name: DD_SECRET_KEY
value: hhZCp@D28z!n@NED*yB!ROMt+WzsY*iq
image: allardkrings/defectdojo-django:1.0
imagePullPolicy: IfNotPresent
name: uwsgi
resources: {}
volumeMounts:
- mountPath: /app/docker/extra_settings
name: uwsgi-claim0
- mountPath: /app/media
name: defectdojo-media
restartPolicy: Always
volumes:
- name: uwsgi-claim0
persistentVolumeClaim:
claimName: uwsgi-claim0
- name: defectdojo-media
persistentVolumeClaim:
claimName: defectdojo-media-pvc
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
io.kompose.service: uwsgi-claim0
name: uwsgi-claim0
namespace: defectdojo
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi
status: {}
---
apiVersion: v1
kind: Service
metadata:
labels:
io.kompose.service: uwsgi
name: uwsgi
namespace: defectdojo
spec:
ports:
- name: "3031"
port: 3031
targetPort: 3031
selector:
io.kompose.service: uwsgi
status:
loadBalancer: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
io.kompose.service: initializer
name: initializer
namespace: defectdojo
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: initializer
strategy:
type: Recreate
template:
metadata:
labels:
io.kompose.service: initializer
spec:
containers:
- command:
- /wait-for-it.sh
- postgres16.postgres:5432
- --
- /entrypoint-initializer.sh
env:
- name: DD_ADMIN_FIRST_NAME
value: Admin
- name: DD_ADMIN_LAST_NAME
value: User
- name: DD_ADMIN_MAIL
value: admin@defectdojo.local
- name: DD_ADMIN_USER
value: admin
- name: DD_CREDENTIAL_AES_256_KEY
value: '&91a*agLqesc*0DJ+2*bAbsUZfR*4nLw'
- name: DD_DATABASE_URL
value: postgresql://defectdojo:defectdojo@postgres16.postgres:5432/defectdojo
- name: DD_INITIALIZE
value: "true"
- name: DD_SECRET_KEY
value: hhZCp@D28z!n@NED*yB!ROMt+WzsY*iq
image: allardkrings/defectdojo-django:1.0
imagePullPolicy: IfNotPresent
name: initializer
resources: {}
volumeMounts:
- mountPath: /app/docker/extra_settings
name: initializer-claim0
restartPolicy: Always
volumes:
- name: initializer-claim0
persistentVolumeClaim:
claimName: initializer-claim0
status: {}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
io.kompose.service: initializer-claim0
name: initializer-claim0
namespace: defectdojo
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi
status: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
io.kompose.service: celeryworker
name: celeryworker
namespace: defectdojo
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: celeryworker
strategy:
type: Recreate
template:
metadata:
labels:
io.kompose.service: celeryworker
spec:
containers:
- command:
- /wait-for-it.sh
- postgres16.postgres:5432
- -t
- "30"
- --
- /entrypoint-celery-worker.sh
env:
- name: DD_CELERY_BROKER_URL
value: redis://redis.defectdojo:6379/0
- name: DD_CREDENTIAL_AES_256_KEY
value: '&91a*agLqesc*0DJ+2*bAbsUZfR*4nLw'
- name: DD_DATABASE_URL
value: postgresql://defectdojo:defectdojo@postgres16.postgres:5432/defectdojo
- name: DD_SECRET_KEY
value: hhZCp@D28z!n@NED*yB!ROMt+WzsY*iq
image: allardkrings/defectdojo-django:1.0
imagePullPolicy: IfNotPresent
name: celeryworker
resources: {}
volumeMounts:
- mountPath: /app/docker/extra_settings
name: celeryworker-claim0
- mountPath: /app/media
name: defectdojo-media
restartPolicy: Always
volumes:
- name: celeryworker-claim0
persistentVolumeClaim:
claimName: celeryworker-claim0
- name: defectdojo-media
persistentVolumeClaim:
claimName: defectdojo-media-pvc
status: {}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
io.kompose.service: celeryworker-claim0
name: celeryworker-claim0
namespace: defectdojo
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi
status: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
io.kompose.service: celerybeat
name: celerybeat
namespace: defectdojo
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: celerybeat
strategy:
type: Recreate
template:
metadata:
labels:
io.kompose.service: celerybeat
spec:
containers:
- command:
- /wait-for-it.sh
- postgres16.postgres:5432
- -t
- "30"
- --
- /entrypoint-celery-beat.sh
env:
- name: DD_CELERY_BROKER_URL
value: redis://redis.defectdojo:6379/0
- name: DD_CREDENTIAL_AES_256_KEY
value: '&91a*agLqesc*0DJ+2*bAbsUZfR*4nLw'
- name: DD_DATABASE_URL
value: postgresql://defectdojo:defectdojo@postgres16.postgres:5432/defectdojo
- name: DD_SECRET_KEY
value: hhZCp@D28z!n@NED*yB!ROMt+WzsY*iq
image: allardkrings/defectdojo-django:1.0
imagePullPolicy: IfNotPresent
name: celerybeat
resources: {}
volumeMounts:
- mountPath: /app/docker/extra_settings
name: celerybeat-claim0
restartPolicy: Always
volumes:
- name: celerybeat-claim0
persistentVolumeClaim:
claimName: celerybeat-claim0
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
io.kompose.service: celerybeat-claim0
name: celerybeat-claim0
namespace: defectdojo
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
io.kompose.service: redis
name: redis
namespace: defectdojo
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: redis
strategy:
type: Recreate
template:
metadata:
labels:
io.kompose.service: redis
spec:
containers:
- image: redis:7.2.4-alpine@sha256:a40e29800d387e3cf9431902e1e7a362e4d819233d68ae39380532c3310091ac
name: redis
resources: {}
# volumeMounts:
# - mountPath: /data
# name: defectdojo-redis
restartPolicy: Always
# volumes:
# - name: defectdojo-redis
# persistentVolumeClaim:
# claimName: defectdojo-redis-pvc
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: defectdojo-redis-pvc
namespace: defectdojo
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: defectdojo-redis-pv
spec:
storageClassName: ""
capacity:
storage: 2Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
mountOptions:
- hard
- nfsvers=4.1
nfs:
server: 192.168.2.110
path: /mnt/nfs_share/defectdojo/redis
readOnly: false
---
apiVersion: v1
kind: Service
metadata:
labels:
io.kompose.service: redis
name: redis
namespace: defectdojo
spec:
ports:
- name: "6379"
port: 6379
targetPort: 6379
selector:
io.kompose.service: redis
status:
loadBalancer: {}

402
dev/defectdojo/yaml/defectdojo.bak Normal file
View File

@@ -0,0 +1,402 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
namespace: defectdojo
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: nginx
strategy:
type: Recreate
template:
metadata:
labels:
io.kompose.service: nginx
spec:
containers:
- env:
- name: NGINX_METRICS_ENABLED
value: "false"
- name: DD_UWSGI_HOST
value: "uwsgi.defectdojo"
- name: HTTP_AUTH_PASSWORD
value: "Defectdojo01@"
image: defectdojo/defectdojo-nginx
imagePullPolicy: IfNotPresent
name: nginx
ports:
- containerPort: 8080
- containerPort: 8443
resources: {}
volumeMounts:
- mountPath: /usr/share/nginx/html/media
name: defectdojo-media
restartPolicy: Always
volumes:
- name: defectdojo-media
persistentVolumeClaim:
claimName: defectdojo-media-pvc
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: defectdojo-media-pvc
namespace: defectdojo
spec:
storageClassName: ""
volumeName: defectdojo-media-pv
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
resources:
requests:
storage: 2Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: defectdojo-media-pv
spec:
storageClassName: ""
capacity:
storage: 2Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
mountOptions:
- hard
- nfsvers=4.1
nfs:
server: 192.168.2.110
path: /mnt/nfs_share/defectdojo/media
readOnly: false
---
apiVersion: v1
kind: Service
metadata:
labels:
io.kompose.service: nginx
name: nginx
namespace: defectdojo
spec:
ports:
- name: "8080"
port: 8080
targetPort: 8080
- name: "8443"
port: 8443
targetPort: 8443
selector:
io.kompose.service: nginx
status:
loadBalancer: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
io.kompose.service: uwsgi
name: uwsgi
namespace: defectdojo
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: uwsgi
strategy:
type: Recreate
template:
metadata:
labels:
io.kompose.service: uwsgi
spec:
containers:
- command:
- /wait-for-it.sh
- postgres16.postgres:5432
- -t
- "30"
- --
- /entrypoint-uwsgi.sh
env:
- name: DD_ALLOWED_HOSTS
value: '*'
- name: DD_CELERY_BROKER_URL
value: redis://redis.defectdojo:6379/0
- name: DD_CREDENTIAL_AES_256_KEY
value: '&91a*agLqesc*0DJ+2*bAbsUZfR*4nLw'
- name: DD_DATABASE_URL
value: postgresql://defectdojo:defectdojo@postgres16.postgres:5432/defectdojo
- name: DD_DEBUG
value: "False"
- name: DD_DJANGO_METRICS_ENABLED
value: "False"
- name: DD_SECRET_KEY
value: hhZCp@D28z!n@NED*yB!ROMt+WzsY*iq
image: defectdojo/defectdojo-django
imagePullPolicy: IfNotPresent
name: uwsgi
resources: {}
volumeMounts:
- mountPath: /app/docker/extra_settings
name: uwsgi-claim0
- mountPath: /app/media
name: defectdojo-media
restartPolicy: Always
volumes:
- name: uwsgi-claim0
persistentVolumeClaim:
claimName: uwsgi-claim0
- name: defectdojo-media
persistentVolumeClaim:
claimName: defectdojo-media-pvc
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
io.kompose.service: uwsgi-claim0
name: uwsgi-claim0
namespace: defectdojo
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi
status: {}
---
apiVersion: v1
kind: Service
metadata:
labels:
io.kompose.service: uwsgi
name: uwsgi
namespace: defectdojo
spec:
ports:
- name: "3031"
port: 3031
targetPort: 3031
selector:
io.kompose.service: uwsgi
status:
loadBalancer: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
io.kompose.service: celeryworker
name: celeryworker
namespace: defectdojo
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: celeryworker
strategy:
type: Recreate
template:
metadata:
labels:
io.kompose.service: celeryworker
spec:
containers:
- command:
- /wait-for-it.sh
- postgres16.postgres:5432
- -t
- "30"
- --
- /entrypoint-celery-worker.sh
env:
- name: DD_CELERY_BROKER_URL
value: redis://redis.defectdojo:6379/0
- name: DD_CREDENTIAL_AES_256_KEY
value: '&91a*agLqesc*0DJ+2*bAbsUZfR*4nLw'
- name: DD_DATABASE_URL
value: postgresql://defectdojo:defectdojo@postgres16.postgres:5432/defectdojo
- name: DD_SECRET_KEY
value: hhZCp@D28z!n@NED*yB!ROMt+WzsY*iq
image: allardkrings/defectdojo-django:1.0
imagePullPolicy: IfNotPresent
name: celeryworker
resources: {}
volumeMounts:
- mountPath: /app/docker/extra_settings
name: celeryworker-claim0
- mountPath: /app/media
name: defectdojo-media
restartPolicy: Always
volumes:
- name: celeryworker-claim0
persistentVolumeClaim:
claimName: celeryworker-claim0
- name: defectdojo-media
persistentVolumeClaim:
claimName: defectdojo-media-pvc
status: {}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
io.kompose.service: celeryworker-claim0
name: celeryworker-claim0
namespace: defectdojo
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi
status: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
io.kompose.service: celerybeat
name: celerybeat
namespace: defectdojo
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: celerybeat
strategy:
type: Recreate
template:
metadata:
labels:
io.kompose.service: celerybeat
spec:
containers:
- command:
- /wait-for-it.sh
- postgres16.postgres:5432
- -t
- "30"
- --
- /entrypoint-celery-beat.sh
env:
- name: DD_CELERY_BROKER_URL
value: redis://redis.defectdojo:6379/0
- name: DD_CREDENTIAL_AES_256_KEY
value: '&91a*agLqesc*0DJ+2*bAbsUZfR*4nLw'
- name: DD_DATABASE_URL
value: postgresql://defectdojo:defectdojo@postgres16.postgres:5432/defectdojo
- name: DD_SECRET_KEY
value: hhZCp@D28z!n@NED*yB!ROMt+WzsY*iq
image: allardkrings/defectdojo-django:1.0
imagePullPolicy: IfNotPresent
name: celerybeat
resources: {}
volumeMounts:
- mountPath: /app/docker/extra_settings
name: celerybeat-claim0
restartPolicy: Always
volumes:
- name: celerybeat-claim0
persistentVolumeClaim:
claimName: celerybeat-claim0
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
io.kompose.service: celerybeat-claim0
name: celerybeat-claim0
namespace: defectdojo
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
io.kompose.service: redis
name: redis
namespace: defectdojo
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: redis
strategy:
type: Recreate
template:
metadata:
labels:
io.kompose.service: redis
spec:
containers:
- image: redis:7.2.4-alpine@sha256:a40e29800d387e3cf9431902e1e7a362e4d819233d68ae39380532c3310091ac
name: redis
resources: {}
# volumeMounts:
# - mountPath: /data
# name: defectdojo-redis
restartPolicy: Always
# volumes:
# - name: defectdojo-redis
# persistentVolumeClaim:
# claimName: defectdojo-redis-pvc
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: defectdojo-redis-pvc
namespace: defectdojo
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: defectdojo-redis-pv
spec:
storageClassName: ""
capacity:
storage: 2Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
mountOptions:
- hard
- nfsvers=4.1
nfs:
server: 192.168.2.110
path: /mnt/nfs_share/defectdojo/redis
readOnly: false
---
apiVersion: v1
kind: Service
metadata:
labels:
io.kompose.service: redis
name: redis
namespace: defectdojo
spec:
ports:
- name: "6379"
port: 6379
targetPort: 6379
selector:
io.kompose.service: redis
status:
loadBalancer: {}

410
dev/defectdojo/yaml/defectdojo.yaml Normal file
View File

@@ -0,0 +1,410 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
namespace: defectdojo
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: nginx
strategy:
type: Recreate
template:
metadata:
labels:
io.kompose.service: nginx
spec:
containers:
- env:
- name: NGINX_METRICS_ENABLED
value: "false"
- name: DD_UWSGI_HOST
value: "uwsgi.defectdojo"
- name: HTTP_AUTH_PASSWORD
value: "Defectdojo01@"
image: defectdojo/defectdojo-nginx
imagePullPolicy: IfNotPresent
name: nginx
ports:
- containerPort: 8080
- containerPort: 8443
resources: {}
volumeMounts:
- mountPath: /usr/share/nginx/html/media
name: defectdojo-media
restartPolicy: Always
volumes:
- name: defectdojo-media
persistentVolumeClaim:
claimName: defectdojo-media-pvc
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: defectdojo-media-pvc
namespace: defectdojo
spec:
storageClassName: ""
volumeName: defectdojo-media-pv
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
resources:
requests:
storage: 2Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: defectdojo-media-pv
spec:
storageClassName: ""
capacity:
storage: 2Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
mountOptions:
- hard
- nfsvers=4.1
nfs:
server: 192.168.2.110
path: /mnt/nfs_share/defectdojo/media
readOnly: false
---
apiVersion: v1
kind: Service
metadata:
labels:
io.kompose.service: nginx
name: nginx
namespace: defectdojo
spec:
ports:
- name: "8080"
port: 8080
targetPort: 8080
- name: "8443"
port: 8443
targetPort: 8443
selector:
io.kompose.service: nginx
status:
loadBalancer: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
io.kompose.service: uwsgi
name: uwsgi
namespace: defectdojo
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: uwsgi
strategy:
type: Recreate
template:
metadata:
labels:
io.kompose.service: uwsgi
spec:
containers:
- command:
- /wait-for-it.sh
- postgres16.postgres:5432
- -t
- "30"
- --
- /entrypoint-uwsgi.sh
env:
- name: DD_ALLOWED_HOSTS
value: '*'
- name: DD_CELERY_BROKER_URL
value: redis://redis.defectdojo:6379/0
- name: DD_CREDENTIAL_AES_256_KEY
value: '&91a*agLqesc*0DJ+2*bAbsUZfR*4nLw'
- name: DD_DATABASE_URL
value: postgresql://defectdojo:defectdojo@postgres16.postgres:5432/defectdojo
- name: DD_DEBUG
value: "False"
- name: DD_DJANGO_METRICS_ENABLED
value: "False"
- name: DD_ASYNC_FINDING_IMPORT
value: "False"
- name: DD_SECRET_KEY
value: hhZCp@D28z!n@NED*yB!ROMt+WzsY*iq
- name: DD_ENABLE_AUDITLOG
value: "False"
image: defectdojo/defectdojo-django
imagePullPolicy: IfNotPresent
name: uwsgi
resources: {}
volumeMounts:
- mountPath: /app/docker/extra_settings
name: uwsgi-claim0
- mountPath: /app/media
name: defectdojo-media
restartPolicy: Always
volumes:
- name: uwsgi-claim0
persistentVolumeClaim:
claimName: uwsgi-claim0
- name: defectdojo-media
persistentVolumeClaim:
claimName: defectdojo-media-pvc
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
io.kompose.service: uwsgi-claim0
name: uwsgi-claim0
namespace: defectdojo
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi
status: {}
---
apiVersion: v1
kind: Service
metadata:
labels:
io.kompose.service: uwsgi
name: uwsgi
namespace: defectdojo
spec:
ports:
- name: "3031"
port: 3031
targetPort: 3031
selector:
io.kompose.service: uwsgi
status:
loadBalancer: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
io.kompose.service: celeryworker
name: celeryworker
namespace: defectdojo
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: celeryworker
strategy:
type: Recreate
template:
metadata:
labels:
io.kompose.service: celeryworker
spec:
containers:
- command:
- /wait-for-it.sh
- postgres16.postgres:5432
- -t
- "30"
- --
- /entrypoint-celery-worker.sh
env:
- name: DD_CELERY_BROKER_URL
value: redis://redis.defectdojo:6379/0
- name: DD_CREDENTIAL_AES_256_KEY
value: '&91a*agLqesc*0DJ+2*bAbsUZfR*4nLw'
- name: DD_DATABASE_URL
value: postgresql://defectdojo:defectdojo@postgres16.postgres:5432/defectdojo
- name: DD_SECRET_KEY
value: hhZCp@D28z!n@NED*yB!ROMt+WzsY*iq
- name: DD_ENABLE_AUDITLOG
value: "False"
image: defectdojo/defectdojo-django
imagePullPolicy: IfNotPresent
name: celeryworker
resources: {}
volumeMounts:
- mountPath: /app/docker/extra_settings
name: celeryworker-claim0
- mountPath: /app/media
name: defectdojo-media
restartPolicy: Always
volumes:
- name: celeryworker-claim0
persistentVolumeClaim:
claimName: celeryworker-claim0
- name: defectdojo-media
persistentVolumeClaim:
claimName: defectdojo-media-pvc
status: {}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
io.kompose.service: celeryworker-claim0
name: celeryworker-claim0
namespace: defectdojo
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi
status: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
io.kompose.service: celerybeat
name: celerybeat
namespace: defectdojo
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: celerybeat
strategy:
type: Recreate
template:
metadata:
labels:
io.kompose.service: celerybeat
spec:
containers:
- command:
- /wait-for-it.sh
- postgres16.postgres:5432
- -t
- "30"
- --
- /entrypoint-celery-beat.sh
env:
- name: DD_CELERY_BROKER_URL
value: redis://redis.defectdojo:6379/0
- name: DD_CREDENTIAL_AES_256_KEY
value: '&91a*agLqesc*0DJ+2*bAbsUZfR*4nLw'
- name: DD_DATABASE_URL
value: postgresql://defectdojo:defectdojo@postgres16.postgres:5432/defectdojo
- name: DD_SECRET_KEY
value: hhZCp@D28z!n@NED*yB!ROMt+WzsY*iq
- name: DD_ENABLE_AUDITLOG
value: "False"
image: defectdojo/defectdojo-django
imagePullPolicy: IfNotPresent
name: celerybeat
resources: {}
volumeMounts:
- mountPath: /app/docker/extra_settings
name: celerybeat-claim0
restartPolicy: Always
volumes:
- name: celerybeat-claim0
persistentVolumeClaim:
claimName: celerybeat-claim0
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
io.kompose.service: celerybeat-claim0
name: celerybeat-claim0
namespace: defectdojo
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
io.kompose.service: redis
name: redis
namespace: defectdojo
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: redis
strategy:
type: Recreate
template:
metadata:
labels:
io.kompose.service: redis
spec:
containers:
- image: redis:7.2.4-alpine@sha256:a40e29800d387e3cf9431902e1e7a362e4d819233d68ae39380532c3310091ac
name: redis
resources: {}
# volumeMounts:
# - mountPath: /data
# name: defectdojo-redis
restartPolicy: Always
# volumes:
# - name: defectdojo-redis
# persistentVolumeClaim:
# claimName: defectdojo-redis-pvc
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: defectdojo-redis-pvc
namespace: defectdojo
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: defectdojo-redis-pv
spec:
storageClassName: ""
capacity:
storage: 2Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
mountOptions:
- hard
- nfsvers=4.1
nfs:
server: 192.168.2.110
path: /mnt/nfs_share/defectdojo/redis
readOnly: false
---
apiVersion: v1
kind: Service
metadata:
labels:
io.kompose.service: redis
name: redis
namespace: defectdojo
spec:
ports:
- name: "6379"
port: 6379
targetPort: 6379
selector:
io.kompose.service: redis
status:
loadBalancer: {}

27
dev/defectdojo/yaml/dt-report.json Normal file
View File

File diff suppressed because one or more lines are too long

14
dev/defectdojo/yaml/ingressroute-http.yml Executable file
View File

@@ -0,0 +1,14 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: defectdojo-http
namespace: defectdojo
spec:
entryPoints:
- web
routes:
- match: Host(`defectdojo-dev.allarddcs.nl`)
kind: Rule
services:
- name: nginx
port: 8080

16
dev/defectdojo/yaml/ingressroute-tls.yml Executable file
View File

@@ -0,0 +1,16 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: defectdojo-tls
namespace: defectdojo
spec:
entryPoints:
- websecure
routes:
- match: Host(`defectdojo-dev.allarddcs.nl`)
kind: Rule
services:
- name: nginx
port: 8080
tls:
certResolver: letsencrypt

5
dev/defectdojo/yaml/restart.sh Executable file
View File

@@ -0,0 +1,5 @@
microk8s kubectl rollout restart deployment -n defectdojo uwsgi
microk8s kubectl rollout restart deployment -n defectdojo celerybeat
microk8s kubectl rollout restart deployment -n defectdojo celeryworker
microk8s kubectl rollout restart deployment -n defectdojo celeryworker-high
microk8s kubectl rollout restart deployment -n defectdojo celeryworker-low