From 71f7fa7833e10a149c5b03bcd9920f754036a3eb Mon Sep 17 00:00:00 2001 From: allard Date: Tue, 25 Nov 2025 14:24:25 +0100 Subject: [PATCH] change --- dev/defectdojo/yaml/defectdojo-helm.yaml | 1075 ----------------- dev/defectdojo/yaml/defectdojo.bak | 402 ------ .../{dt-report.json => dt-report.json.bak} | 0 3 files changed, 1477 deletions(-) delete mode 100644 dev/defectdojo/yaml/defectdojo-helm.yaml delete mode 100644 dev/defectdojo/yaml/defectdojo.bak rename dev/defectdojo/yaml/{dt-report.json => dt-report.json.bak} (100%) diff --git a/dev/defectdojo/yaml/defectdojo-helm.yaml b/dev/defectdojo/yaml/defectdojo-helm.yaml deleted file mode 100644 index 9d99811..0000000 --- a/dev/defectdojo/yaml/defectdojo-helm.yaml +++ /dev/null @@ -1,1075 +0,0 @@ ---- -# Source: defectdojo/charts/rabbitmq/templates/serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: defectdojo-rabbitmq - namespace: "defectdojo" - labels: - app.kubernetes.io/name: rabbitmq - helm.sh/chart: rabbitmq-11.2.2 - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/managed-by: Helm -automountServiceAccountToken: true -secrets: - - name: defectdojo-rabbitmq ---- -# Source: defectdojo/charts/rabbitmq/templates/config-secret.yaml -apiVersion: v1 -kind: Secret -metadata: - name: defectdojo-rabbitmq-config - namespace: "defectdojo" - labels: - app.kubernetes.io/name: rabbitmq - helm.sh/chart: rabbitmq-11.2.2 - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/managed-by: Helm -type: Opaque -data: - rabbitmq.conf: |- - IyMgVXNlcm5hbWUgYW5kIHBhc3N3b3JkCiMjCmRlZmF1bHRfdXNlciA9IHVzZXIKIyMgQ2x1c3RlcmluZwojIwpjbHVzdGVyX2Zvcm1hdGlvbi5wZWVyX2Rpc2NvdmVyeV9iYWNrZW5kICA9IHJhYmJpdF9wZWVyX2Rpc2NvdmVyeV9rOHMKY2x1c3Rlcl9mb3JtYXRpb24uazhzLmhvc3QgPSBrdWJlcm5ldGVzLmRlZmF1bHQKY2x1c3Rlcl9mb3JtYXRpb24ubm9kZV9jbGVhbnVwLmludGVydmFsID0gMTAKY2x1c3Rlcl9mb3JtYXRpb24ubm9kZV9jbGVhbnVwLm9ubHlfbG9nX3dhcm5pbmcgPSB0cnVlCmNsdXN0ZXJfcGFydGl0aW9uX2hhbmRsaW5nID0gYXV0b2hlYWwKIyBxdWV1ZSBtYXN0ZXIgbG9jYXRvcgpxdWV1ZV9tYXN0ZXJfbG9jYXRvciA9IG1pbi1tYXN0ZXJzCiMgZW5hYmxlIGd1ZXN0IHVzZXIKbG9vcGJhY2tfdXNlcnMuZ3Vlc3QgPSBmYWxzZQojZGVmYXVsdF92aG9zdCA9IGRlZmVjdGRvam8tdmhvc3QKI2Rpc2tfZnJlZV9saW1pdC5hYnNvbHV0ZSA9IDUwTUIKIyMgTWVtb3J5IFRocmVzaG9sZAojIwp0b3RhbF9tZW1vcnlfYXZhaWxhYmxlX292ZXJyaWRlX3ZhbHVlID0gNTM2ODcwOTEyCnZtX21lbW9yeV9oaWdoX3dhdGVybWFyay5yZWxhdGl2ZSA9IDAuNQ== ---- -# Source: defectdojo/templates/configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: defectdojo - labels: - app.kubernetes.io/name: defectdojo - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/managed-by: Helm - helm.sh/chart: defectdojo-1.6.112 -data: - DD_ADMIN_USER: admin - DD_ADMIN_MAIL: admin@defectdojo.local - DD_ADMIN_FIRST_NAME: Admin - DD_ADMIN_LAST_NAME: User - DD_ALLOWED_HOSTS: defectdojo.alldcs.nl,defectdojo-django.defectdojo - DD_SITE_URL: https://defectdojo.alldcs.nl - DD_CELERY_BROKER_SCHEME: amqp - DD_CELERY_BROKER_USER: 'user' - DD_CELERY_BROKER_HOST: defectdojo-rabbitmq - DD_CELERY_BROKER_PORT: '5672' - DD_CELERY_BROKER_PARAMS: '' - DD_CELERY_BROKER_PATH: '//' - DD_CELERY_LOG_LEVEL: INFO - DD_CELERY_WORKER_POOL_TYPE: solo - DD_CELERY_WORKER_AUTOSCALE_MIN: '' - DD_CELERY_WORKER_AUTOSCALE_MAX: '' - DD_CELERY_WORKER_CONCURRENCY: '' - DD_CELERY_WORKER_PREFETCH_MULTIPLIER: '' - DD_DATABASE_ENGINE: django.db.backends.postgresql - DD_DATABASE_HOST: defectdojo-postgresql - DD_DATABASE_PORT: '5432' - DD_DATABASE_USER: defectdojo - DD_DATABASE_NAME: defectdojo - DD_INITIALIZE: 'true' - DD_UWSGI_ENDPOINT: /run/defectdojo/uwsgi.sock - DD_UWSGI_HOST: localhost - DD_UWSGI_PASS: unix:///run/defectdojo/uwsgi.sock - DD_UWSGI_NUM_OF_PROCESSES: '2' - DD_UWSGI_NUM_OF_THREADS: '2' - DD_DJANGO_METRICS_ENABLED: 'false' - NGINX_METRICS_ENABLED: 'false' - METRICS_HTTP_AUTH_USER: monitoring ---- -# Source: defectdojo/charts/rabbitmq/templates/role.yaml -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: defectdojo-rabbitmq-endpoint-reader - namespace: "defectdojo" - labels: - app.kubernetes.io/name: rabbitmq - helm.sh/chart: rabbitmq-11.2.2 - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/managed-by: Helm -rules: - - apiGroups: [""] - resources: ["endpoints"] - verbs: ["get"] - - apiGroups: [""] - resources: ["events"] - verbs: ["create"] ---- -# Source: defectdojo/charts/rabbitmq/templates/rolebinding.yaml -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: defectdojo-rabbitmq-endpoint-reader - namespace: "defectdojo" - labels: - app.kubernetes.io/name: rabbitmq - helm.sh/chart: rabbitmq-11.2.2 - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/managed-by: Helm -subjects: - - kind: ServiceAccount - name: defectdojo-rabbitmq -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: defectdojo-rabbitmq-endpoint-reader ---- -# Source: defectdojo/charts/postgresql/templates/primary/svc-headless.yaml -apiVersion: v1 -kind: Service -metadata: - name: defectdojo-postgresql-hl - namespace: "defectdojo" - labels: - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-11.6.26 - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: primary - # Use this annotation in addition to the actual publishNotReadyAddresses - # field below because the annotation will stop being respected soon but the - # field is broken in some versions of Kubernetes: - # https://github.com/kubernetes/kubernetes/issues/58662 - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" -spec: - type: ClusterIP - clusterIP: None - # We want all pods in the StatefulSet to have their addresses published for - # the sake of the other Postgresql pods even before they're ready, since they - # have to be able to talk to each other in order to become ready. - publishNotReadyAddresses: true - ports: - - name: tcp-postgresql - port: 5432 - targetPort: tcp-postgresql - selector: - app.kubernetes.io/name: postgresql - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/component: primary ---- -# Source: defectdojo/charts/postgresql/templates/primary/svc.yaml -apiVersion: v1 -kind: Service -metadata: - name: defectdojo-postgresql - namespace: "defectdojo" - labels: - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-11.6.26 - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: primary - annotations: -spec: - type: ClusterIP - sessionAffinity: None - ports: - - name: tcp-postgresql - port: 5432 - targetPort: tcp-postgresql - nodePort: null - selector: - app.kubernetes.io/name: postgresql - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/component: primary ---- -# Source: defectdojo/charts/rabbitmq/templates/svc-headless.yaml -apiVersion: v1 -kind: Service -metadata: - name: defectdojo-rabbitmq-headless - namespace: "defectdojo" - labels: - app.kubernetes.io/name: rabbitmq - helm.sh/chart: rabbitmq-11.2.2 - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/managed-by: Helm -spec: - clusterIP: None - ports: - - name: epmd - port: 4369 - targetPort: epmd - - name: amqp - port: 5672 - targetPort: amqp - - name: dist - port: 25672 - targetPort: dist - - name: http-stats - port: 15672 - targetPort: stats - selector: - app.kubernetes.io/name: rabbitmq - app.kubernetes.io/instance: defectdojo - publishNotReadyAddresses: true ---- -# Source: defectdojo/charts/rabbitmq/templates/svc.yaml -apiVersion: v1 -kind: Service -metadata: - name: defectdojo-rabbitmq - namespace: "defectdojo" - labels: - app.kubernetes.io/name: rabbitmq - helm.sh/chart: rabbitmq-11.2.2 - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/managed-by: Helm -spec: - type: ClusterIP - sessionAffinity: None - ports: - - name: amqp - port: 5672 - targetPort: amqp - nodePort: null - - name: epmd - port: 4369 - targetPort: epmd - nodePort: null - - name: dist - port: 25672 - targetPort: dist - nodePort: null - - name: http-stats - port: 15672 - targetPort: stats - nodePort: null - selector: - app.kubernetes.io/name: rabbitmq - app.kubernetes.io/instance: defectdojo ---- -# Source: defectdojo/templates/django-service.yaml -apiVersion: v1 -kind: Service -metadata: - name: defectdojo-django - labels: - defectdojo.org/component: django - app.kubernetes.io/name: defectdojo - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/managed-by: Helm - helm.sh/chart: defectdojo-1.6.112 -spec: - selector: - defectdojo.org/component: django - app.kubernetes.io/name: defectdojo - app.kubernetes.io/instance: defectdojo - ports: - - name: http - protocol: TCP - port: 80 - targetPort: http ---- -# Source: defectdojo/templates/celery-beat-deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: defectdojo-celery-beat - labels: - defectdojo.org/component: celery - defectdojo.org/subcomponent: beat - app.kubernetes.io/name: defectdojo - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/managed-by: Helm - helm.sh/chart: defectdojo-1.6.112 -spec: - replicas: 1 - selector: - matchLabels: - defectdojo.org/component: celery - app.kubernetes.io/name: defectdojo - app.kubernetes.io/instance: defectdojo - template: - metadata: - labels: - defectdojo.org/component: celery - app.kubernetes.io/name: defectdojo - app.kubernetes.io/instance: defectdojo - annotations: - spec: - serviceAccountName: defectdojo - volumes: - - name: run - emptyDir: {} - containers: - - command: - - /entrypoint-celery-beat.sh - name: celery - image: "defectdojo/defectdojo-django:2.22.4" - imagePullPolicy: Always - securityContext: - runAsUser: 1001 - volumeMounts: - - name: run - mountPath: /run/defectdojo - envFrom: - - configMapRef: - name: defectdojo - - secretRef: - name: defectdojo-extrasecrets - optional: true - env: - - name: DD_CELERY_BROKER_PASSWORD - valueFrom: - secretKeyRef: - name: defectdojo-rabbitmq-specific - key: rabbitmq-password - - name: DD_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: defectdojo-postgresql-specific - key: postgresql-password - - name: DD_SECRET_KEY - valueFrom: - secretKeyRef: - name: defectdojo - key: DD_SECRET_KEY - resources: - limits: - cpu: 2000m - memory: 256Mi - requests: - cpu: 100m - memory: 128Mi - nodeSelector: - kubernetes.io/arch: amd64 ---- -# Source: defectdojo/templates/celery-worker-deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: defectdojo-celery-worker - labels: - defectdojo.org/component: celery - defectdojo.org/subcomponent: worker - app.kubernetes.io/name: defectdojo - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/managed-by: Helm - helm.sh/chart: defectdojo-1.6.112 -spec: - replicas: 1 - selector: - matchLabels: - defectdojo.org/component: celery - app.kubernetes.io/name: defectdojo - app.kubernetes.io/instance: defectdojo - template: - metadata: - labels: - defectdojo.org/component: celery - app.kubernetes.io/name: defectdojo - app.kubernetes.io/instance: defectdojo - annotations: - spec: - serviceAccountName: defectdojo - volumes: - containers: - - name: celery - image: "defectdojo/defectdojo-django:2.22.4" - imagePullPolicy: Always - securityContext: - runAsUser: 1001 - command: ['/entrypoint-celery-worker.sh'] - volumeMounts: - envFrom: - - configMapRef: - name: defectdojo - - secretRef: - name: defectdojo-extrasecrets - optional: true - env: - - name: DD_CELERY_BROKER_PASSWORD - valueFrom: - secretKeyRef: - name: defectdojo-rabbitmq-specific - key: rabbitmq-password - - name: DD_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: defectdojo-postgresql-specific - key: postgresql-password - - name: DD_SECRET_KEY - valueFrom: - secretKeyRef: - name: defectdojo - key: DD_SECRET_KEY - resources: - limits: - cpu: 2000m - memory: 512Mi - requests: - cpu: 100m - memory: 128Mi - nodeSelector: - kubernetes.io/arch: amd64 ---- -# Source: defectdojo/templates/django-deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: defectdojo-django - labels: - defectdojo.org/component: django - app.kubernetes.io/name: defectdojo - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/managed-by: Helm - helm.sh/chart: defectdojo-1.6.112 -spec: - replicas: 1 - selector: - matchLabels: - defectdojo.org/component: django - app.kubernetes.io/name: defectdojo - app.kubernetes.io/instance: defectdojo - template: - metadata: - labels: - defectdojo.org/component: django - app.kubernetes.io/name: defectdojo - app.kubernetes.io/instance: defectdojo - annotations: - spec: - serviceAccountName: defectdojo - securityContext: - fsGroup: 1001 - volumes: - - name: run - emptyDir: {} - - name: media - emptyDir: {} - containers: - - name: uwsgi - image: 'harbor-dev.alldcs.nl/allard/defectdojo:1.0' - imagePullPolicy: Always - securityContext: - runAsUser: 1001 - volumeMounts: - - name: run - mountPath: /run/defectdojo - - name: media - mountPath: "/app/media" - ports: - - name: http-uwsgi - protocol: TCP - containerPort: 8081 - envFrom: - - configMapRef: - name: defectdojo - - secretRef: - name: defectdojo-extrasecrets - optional: true - env: - - name: DD_CELERY_BROKER_PASSWORD - valueFrom: - secretKeyRef: - name: defectdojo-rabbitmq-specific - key: rabbitmq-password - - name: DD_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: defectdojo-postgresql-specific - key: postgresql-password - - name: DD_SECRET_KEY - valueFrom: - secretKeyRef: - name: defectdojo - key: DD_SECRET_KEY - - name: DD_CREDENTIAL_AES_256_KEY - valueFrom: - secretKeyRef: - name: defectdojo - key: DD_CREDENTIAL_AES_256_KEY - - name: DD_SESSION_COOKIE_SECURE - value: "False" - - name: DD_CSRF_COOKIE_SECURE - value: "False" - livenessProbe: - httpGet: - path: /login?force_login_form&next=/ - port: http-uwsgi - httpHeaders: - - name: Host - value: defectdojo.alldcs.nl - failureThreshold: 6 - initialDelaySeconds: 20 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: - limits: - cpu: 2000m - memory: 512Mi - requests: - cpu: 100m - memory: 256Mi - - name: nginx - image: 'defectdojo/defectdojo-nginx:2.22.4' - imagePullPolicy: Always - securityContext: - runAsUser: 1001 - volumeMounts: - - name: run - mountPath: /run/defectdojo - - name: media - mountPath: /usr/share/nginx/html/media - ports: - - name: http - protocol: TCP - containerPort: 8080 - envFrom: - - configMapRef: - name: defectdojo - env: - - name: METRICS_HTTP_AUTH_PASSWORD - valueFrom: - secretKeyRef: - name: defectdojo - key: METRICS_HTTP_AUTH_PASSWORD - - name: USE_TLS - value: 'false' - - name: GENERATE_TLS_CERTIFICATE - value: 'false' - livenessProbe: - httpGet: - path: /nginx_health - port: http - httpHeaders: - - name: Host - value: defectdojo.alldcs.nl - initialDelaySeconds: 10 - periodSeconds: 10 - failureThreshold: 6 - readinessProbe: - httpGet: - path: /uwsgi_health - port: http - httpHeaders: - - name: Host - value: defectdojo.alldcs.nl - failureThreshold: 6 - initialDelaySeconds: 20 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: - limits: - cpu: 2000m - memory: 256Mi - requests: - cpu: 100m - memory: 128Mi - nodeSelector: - kubernetes.io/arch: amd64 ---- -# Source: defectdojo/charts/postgresql/templates/primary/statefulset.yaml -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: defectdojo-postgresql - namespace: "defectdojo" - labels: - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-11.6.26 - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: primary - annotations: -spec: - replicas: 1 - serviceName: defectdojo-postgresql-hl - updateStrategy: - rollingUpdate: {} - type: RollingUpdate - selector: - matchLabels: - app.kubernetes.io/name: postgresql - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/component: primary - template: - metadata: - name: defectdojo-postgresql - labels: - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-11.6.26 - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: primary - annotations: - spec: - serviceAccountName: default - - affinity: - podAffinity: - - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/name: postgresql - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/component: primary - namespaces: - - "defectdojo" - topologyKey: kubernetes.io/hostname - weight: 1 - nodeAffinity: - - nodeSelector: - kubernetes.io/arch: amd64 - securityContext: - fsGroup: 1001 - hostNetwork: false - hostIPC: false - initContainers: - containers: - - name: postgresql - image: docker.io/bitnami/postgresql:11.16.0-debian-11-r9 - imagePullPolicy: "IfNotPresent" - securityContext: - runAsUser: 1001 - env: - - name: BITNAMI_DEBUG - value: "false" - - name: POSTGRESQL_PORT_NUMBER - value: "5432" - - name: POSTGRESQL_VOLUME_DIR - value: "/bitnami/postgresql" - - name: PGDATA - value: "/bitnami/postgresql/data" - # Authentication - - name: POSTGRES_USER - value: "defectdojo" - - name: POSTGRES_POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: defectdojo-postgresql-specific - key: postgresql-postgres-password - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: defectdojo-postgresql-specific - key: postgresql-password - - name: POSTGRES_DB - value: "defectdojo" - # Replication - # Initdb - # Standby - # LDAP - - name: POSTGRESQL_ENABLE_LDAP - value: "no" - # TLS - - name: POSTGRESQL_ENABLE_TLS - value: "no" - # Audit - - name: POSTGRESQL_LOG_HOSTNAME - value: "false" - - name: POSTGRESQL_LOG_CONNECTIONS - value: "false" - - name: POSTGRESQL_LOG_DISCONNECTIONS - value: "false" - - name: POSTGRESQL_PGAUDIT_LOG_CATALOG - value: "off" - # Others - - name: POSTGRESQL_CLIENT_MIN_MESSAGES - value: "error" - - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES - value: "pgaudit" - ports: - - name: tcp-postgresql - containerPort: 5432 - livenessProbe: - failureThreshold: 6 - initialDelaySeconds: 30 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - exec: - command: - - /bin/sh - - -c - - exec pg_isready -U "defectdojo" -d "dbname=defectdojo" -h 127.0.0.1 -p 5432 - readinessProbe: - failureThreshold: 6 - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - exec: - command: - - /bin/sh - - -c - - -e - - - | - exec pg_isready -U "defectdojo" -d "dbname=defectdojo" -h 127.0.0.1 -p 5432 - [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] - resources: - limits: {} - requests: - cpu: 250m - memory: 256Mi - volumeMounts: - - name: dshm - mountPath: /dev/shm - - name: data - mountPath: /bitnami/postgresql - volumes: - - name: dshm - emptyDir: - medium: Memory - volumeClaimTemplates: - - metadata: - name: data - spec: - accessModes: - - "ReadWriteOnce" - resources: - requests: - storage: "8Gi" ---- -# Source: defectdojo/charts/rabbitmq/templates/statefulset.yaml -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: defectdojo-rabbitmq - namespace: "defectdojo" - labels: - app.kubernetes.io/name: rabbitmq - helm.sh/chart: rabbitmq-11.2.2 - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/managed-by: Helm -spec: - serviceName: defectdojo-rabbitmq-headless - podManagementPolicy: OrderedReady - replicas: 1 - updateStrategy: - type: RollingUpdate - selector: - matchLabels: - app.kubernetes.io/name: rabbitmq - app.kubernetes.io/instance: defectdojo - template: - metadata: - labels: - app.kubernetes.io/name: rabbitmq - helm.sh/chart: rabbitmq-11.2.2 - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/managed-by: Helm - annotations: - checksum/config: 208929eee544dead36ca3c947884b65e8ffb3c4e72fbf6721922c651640ffe3c - spec: - - serviceAccountName: defectdojo-rabbitmq - affinity: - podAffinity: - - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/name: rabbitmq - app.kubernetes.io/instance: defectdojo - namespaces: - - "defectdojo" - topologyKey: kubernetes.io/hostname - weight: 1 - nodeAffinity: - - nodeSelector: - kubernetes.io/arch: amd64 - securityContext: - fsGroup: 1001 - terminationGracePeriodSeconds: 120 - initContainers: - containers: - - name: rabbitmq - image: docker.io/bitnami/rabbitmq:3.11.5-debian-11-r2 - imagePullPolicy: "IfNotPresent" - securityContext: - runAsNonRoot: true - runAsUser: 1001 - lifecycle: - preStop: - exec: - command: - - /bin/bash - - -ec - - | - if [[ -f /opt/bitnami/scripts/rabbitmq/nodeshutdown.sh ]]; then - /opt/bitnami/scripts/rabbitmq/nodeshutdown.sh -t "120" -d "false" - else - rabbitmqctl stop_app - fi - env: - - name: BITNAMI_DEBUG - value: "false" - - name: MY_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: K8S_SERVICE_NAME - value: defectdojo-rabbitmq-headless - - name: K8S_ADDRESS_TYPE - value: hostname - - name: RABBITMQ_FORCE_BOOT - value: "no" - - name: RABBITMQ_NODE_NAME - value: "rabbit@$(MY_POD_NAME).$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.cluster.local" - - name: K8S_HOSTNAME_SUFFIX - value: ".$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.cluster.local" - - name: RABBITMQ_MNESIA_DIR - value: "/bitnami/rabbitmq/mnesia/$(RABBITMQ_NODE_NAME)" - - name: RABBITMQ_LDAP_ENABLE - value: "no" - - name: RABBITMQ_LOGS - value: "-" - - name: RABBITMQ_ULIMIT_NOFILES - value: "65536" - - name: RABBITMQ_USE_LONGNAME - value: "true" - - name: RABBITMQ_ERL_COOKIE - valueFrom: - secretKeyRef: - name: defectdojo-rabbitmq-specific - key: rabbitmq-erlang-cookie - - name: RABBITMQ_LOAD_DEFINITIONS - value: "no" - - name: RABBITMQ_DEFINITIONS_FILE - value: "/app/load_definition.json" - - name: RABBITMQ_SECURE_PASSWORD - value: "yes" - - name: RABBITMQ_USERNAME - value: "user" - - name: RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: defectdojo-rabbitmq-specific - key: rabbitmq-password - - name: RABBITMQ_PLUGINS - value: "rabbitmq_management, rabbitmq_peer_discovery_k8s, rabbitmq_auth_backend_ldap" - envFrom: - ports: - - name: amqp - containerPort: 5672 - - name: dist - containerPort: 25672 - - name: stats - containerPort: 15672 - - name: epmd - containerPort: 4369 - livenessProbe: - failureThreshold: 6 - initialDelaySeconds: 120 - periodSeconds: 30 - successThreshold: 1 - timeoutSeconds: 20 - exec: - command: - - /bin/bash - - -ec - - rabbitmq-diagnostics -q ping - readinessProbe: - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 30 - successThreshold: 1 - timeoutSeconds: 20 - exec: - command: - - /bin/bash - - -ec - - rabbitmq-diagnostics -q check_running && rabbitmq-diagnostics -q check_local_alarms - resources: - limits: - cpu: 500m - memory: 512Mi - requests: - cpu: 100m - memory: 128Mi - volumeMounts: - - name: configuration - mountPath: /bitnami/rabbitmq/conf - - name: data - mountPath: /bitnami/rabbitmq/mnesia - volumes: - - name: configuration - secret: - secretName: defectdojo-rabbitmq-config - items: - - key: rabbitmq.conf - path: rabbitmq.conf - volumeClaimTemplates: - - metadata: - name: data - labels: - app.kubernetes.io/name: rabbitmq - app.kubernetes.io/instance: defectdojo - spec: - accessModes: - - "ReadWriteOnce" - resources: - requests: - storage: "8Gi" ---- -# Source: defectdojo/templates/django-ingress.yaml -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: defectdojo - labels: - defectdojo.org/component: django - app.kubernetes.io/name: defectdojo - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/managed-by: Helm - helm.sh/chart: defectdojo-1.6.112 -spec: - rules: - - host: defectdojo.alldcs.nl - http: - paths: - - path: / - backend: - serviceName: defectdojo-django - servicePort: http ---- -# Source: defectdojo/templates/sa.yaml -kind: ServiceAccount -apiVersion: v1 -metadata: - name: defectdojo - labels: - app.kubernetes.io/name: defectdojo - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/managed-by: Helm - helm.sh/chart: defectdojo-1.6.112 - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: "pre-install" - helm.sh/hook-delete-policy: "before-hook-creation" ---- -# Source: defectdojo/templates/tests/unit-tests.yaml -apiVersion: v1 -kind: Pod -metadata: - name: defectdojo-unit-tests - labels: - app.kubernetes.io/name: defectdojo - helm.sh/chart: defectdojo-1.6.112 - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/managed-by: Helm - annotations: - helm.sh/hook: test-success -spec: - serviceAccountName: defectdojo - containers: - - name: unit-tests - image: 'defectdojo/defectdojo-django:2.22.4' - imagePullPolicy: Always - securityContext: - runAsUser: 1001 - command: ['/entrypoint-unit-tests.sh'] - envFrom: - - configMapRef: - name: defectdojo - env: - - name: DD_DATABASE_USER - value: defectdojo - - name: DD_CELERY_BROKER_PASSWORD - valueFrom: - secretKeyRef: - # Use broker chart secret - # name: defectdojo-rabbitmq - # Use secret handled outside of the chart - name: defectdojo-rabbitmq-specific - key: rabbitmq-password - - name: DD_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: defectdojo-postgresql-specific - key: postgresql-password - - name: DD_DEBUG - value: 'True' - - name: DD_SECRET_KEY - valueFrom: - secretKeyRef: - name: defectdojo - key: DD_SECRET_KEY - - name: DD_CREDENTIAL_AES_256_KEY - valueFrom: - secretKeyRef: - name: defectdojo - key: DD_CREDENTIAL_AES_256_KEY - resources: - limits: - cpu: 500m - memory: 512Mi - requests: - cpu: 100m - memory: 128Mi - restartPolicy: Never ---- -# Source: defectdojo/templates/initializer-job.yaml -apiVersion: batch/v1 -kind: Job -metadata: - name: defectdojo-initializer-2024-05-16-11-17 - labels: - defectdojo.org/component: initializer - app.kubernetes.io/name: defectdojo - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/managed-by: Helm - helm.sh/chart: defectdojo-1.6.112 - annotations: - helm.sh/hook: post-install,post-upgrade -spec: - ttlSecondsAfterFinished: 60 - template: - metadata: - labels: - defectdojo.org/component: initializer - app.kubernetes.io/name: defectdojo - app.kubernetes.io/instance: defectdojo - annotations: - spec: - serviceAccountName: defectdojo - volumes: - containers: - - name: initializer - image: "defectdojo/defectdojo-django:2.22.4" - imagePullPolicy: Always - securityContext: - runAsUser: 1001 - volumeMounts: - command: - - /entrypoint-initializer.sh - envFrom: - - configMapRef: - name: defectdojo - - secretRef: - name: defectdojo - env: - - name: DD_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: defectdojo-postgresql-specific - key: postgresql-password - resources: - limits: - cpu: 2000m - memory: 512Mi - requests: - cpu: 100m - memory: 256Mi - restartPolicy: Never - nodeSelector: - kubernetes.io/arch: amd64 - backoffLimit: 1 diff --git a/dev/defectdojo/yaml/defectdojo.bak b/dev/defectdojo/yaml/defectdojo.bak deleted file mode 100644 index cf8dd45..0000000 --- a/dev/defectdojo/yaml/defectdojo.bak +++ /dev/null @@ -1,402 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: nginx - namespace: defectdojo -spec: - replicas: 1 - selector: - matchLabels: - io.kompose.service: nginx - strategy: - type: Recreate - template: - metadata: - labels: - io.kompose.service: nginx - spec: - containers: - - env: - - name: NGINX_METRICS_ENABLED - value: "false" - - name: DD_UWSGI_HOST - value: "uwsgi.defectdojo" - - name: HTTP_AUTH_PASSWORD - value: "Defectdojo01@" - image: defectdojo/defectdojo-nginx - imagePullPolicy: IfNotPresent - name: nginx - ports: - - containerPort: 8080 - - containerPort: 8443 - resources: {} - volumeMounts: - - mountPath: /usr/share/nginx/html/media - name: defectdojo-media - restartPolicy: Always - volumes: - - name: defectdojo-media - persistentVolumeClaim: - claimName: defectdojo-media-pvc ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: defectdojo-media-pvc - namespace: defectdojo -spec: - storageClassName: "" - volumeName: defectdojo-media-pv - accessModes: - - ReadWriteOnce - volumeMode: Filesystem - resources: - requests: - storage: 2Gi ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: defectdojo-media-pv -spec: - storageClassName: "" - capacity: - storage: 2Gi - accessModes: - - ReadWriteOnce - persistentVolumeReclaimPolicy: Retain - mountOptions: - - hard - - nfsvers=4.1 - nfs: - server: 192.168.2.110 - path: /mnt/nfs_share/defectdojo/media - readOnly: false ---- -apiVersion: v1 -kind: Service -metadata: - labels: - io.kompose.service: nginx - name: nginx - namespace: defectdojo -spec: - ports: - - name: "8080" - port: 8080 - targetPort: 8080 - - name: "8443" - port: 8443 - targetPort: 8443 - selector: - io.kompose.service: nginx -status: - loadBalancer: {} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - io.kompose.service: uwsgi - name: uwsgi - namespace: defectdojo -spec: - replicas: 1 - selector: - matchLabels: - io.kompose.service: uwsgi - strategy: - type: Recreate - template: - metadata: - labels: - io.kompose.service: uwsgi - spec: - containers: - - command: - - /wait-for-it.sh - - postgres16.postgres:5432 - - -t - - "30" - - -- - - /entrypoint-uwsgi.sh - env: - - name: DD_ALLOWED_HOSTS - value: '*' - - name: DD_CELERY_BROKER_URL - value: redis://redis.defectdojo:6379/0 - - name: DD_CREDENTIAL_AES_256_KEY - value: '&91a*agLqesc*0DJ+2*bAbsUZfR*4nLw' - - name: DD_DATABASE_URL - value: postgresql://defectdojo:defectdojo@postgres16.postgres:5432/defectdojo - - name: DD_DEBUG - value: "False" - - name: DD_DJANGO_METRICS_ENABLED - value: "False" - - name: DD_SECRET_KEY - value: hhZCp@D28z!n@NED*yB!ROMt+WzsY*iq - image: defectdojo/defectdojo-django - imagePullPolicy: IfNotPresent - name: uwsgi - resources: {} - volumeMounts: - - mountPath: /app/docker/extra_settings - name: uwsgi-claim0 - - mountPath: /app/media - name: defectdojo-media - restartPolicy: Always - volumes: - - name: uwsgi-claim0 - persistentVolumeClaim: - claimName: uwsgi-claim0 - - name: defectdojo-media - persistentVolumeClaim: - claimName: defectdojo-media-pvc ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - creationTimestamp: null - labels: - io.kompose.service: uwsgi-claim0 - name: uwsgi-claim0 - namespace: defectdojo -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Mi -status: {} ---- -apiVersion: v1 -kind: Service -metadata: - labels: - io.kompose.service: uwsgi - name: uwsgi - namespace: defectdojo -spec: - ports: - - name: "3031" - port: 3031 - targetPort: 3031 - selector: - io.kompose.service: uwsgi -status: - loadBalancer: {} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - io.kompose.service: celeryworker - name: celeryworker - namespace: defectdojo -spec: - replicas: 1 - selector: - matchLabels: - io.kompose.service: celeryworker - strategy: - type: Recreate - template: - metadata: - labels: - io.kompose.service: celeryworker - spec: - containers: - - command: - - /wait-for-it.sh - - postgres16.postgres:5432 - - -t - - "30" - - -- - - /entrypoint-celery-worker.sh - env: - - name: DD_CELERY_BROKER_URL - value: redis://redis.defectdojo:6379/0 - - name: DD_CREDENTIAL_AES_256_KEY - value: '&91a*agLqesc*0DJ+2*bAbsUZfR*4nLw' - - name: DD_DATABASE_URL - value: postgresql://defectdojo:defectdojo@postgres16.postgres:5432/defectdojo - - name: DD_SECRET_KEY - value: hhZCp@D28z!n@NED*yB!ROMt+WzsY*iq - image: allardkrings/defectdojo-django:1.0 - imagePullPolicy: IfNotPresent - name: celeryworker - resources: {} - volumeMounts: - - mountPath: /app/docker/extra_settings - name: celeryworker-claim0 - - mountPath: /app/media - name: defectdojo-media - restartPolicy: Always - volumes: - - name: celeryworker-claim0 - persistentVolumeClaim: - claimName: celeryworker-claim0 - - name: defectdojo-media - persistentVolumeClaim: - claimName: defectdojo-media-pvc -status: {} ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - creationTimestamp: null - labels: - io.kompose.service: celeryworker-claim0 - name: celeryworker-claim0 - namespace: defectdojo -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Mi -status: {} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - io.kompose.service: celerybeat - name: celerybeat - namespace: defectdojo -spec: - replicas: 1 - selector: - matchLabels: - io.kompose.service: celerybeat - strategy: - type: Recreate - template: - metadata: - labels: - io.kompose.service: celerybeat - spec: - containers: - - command: - - /wait-for-it.sh - - postgres16.postgres:5432 - - -t - - "30" - - -- - - /entrypoint-celery-beat.sh - env: - - name: DD_CELERY_BROKER_URL - value: redis://redis.defectdojo:6379/0 - - name: DD_CREDENTIAL_AES_256_KEY - value: '&91a*agLqesc*0DJ+2*bAbsUZfR*4nLw' - - name: DD_DATABASE_URL - value: postgresql://defectdojo:defectdojo@postgres16.postgres:5432/defectdojo - - name: DD_SECRET_KEY - value: hhZCp@D28z!n@NED*yB!ROMt+WzsY*iq - image: allardkrings/defectdojo-django:1.0 - imagePullPolicy: IfNotPresent - name: celerybeat - resources: {} - volumeMounts: - - mountPath: /app/docker/extra_settings - name: celerybeat-claim0 - restartPolicy: Always - volumes: - - name: celerybeat-claim0 - persistentVolumeClaim: - claimName: celerybeat-claim0 ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - labels: - io.kompose.service: celerybeat-claim0 - name: celerybeat-claim0 - namespace: defectdojo -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Mi ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - io.kompose.service: redis - name: redis - namespace: defectdojo -spec: - replicas: 1 - selector: - matchLabels: - io.kompose.service: redis - strategy: - type: Recreate - template: - metadata: - labels: - io.kompose.service: redis - spec: - containers: - - image: redis:7.2.4-alpine@sha256:a40e29800d387e3cf9431902e1e7a362e4d819233d68ae39380532c3310091ac - name: redis - resources: {} -# volumeMounts: -# - mountPath: /data -# name: defectdojo-redis - restartPolicy: Always -# volumes: -# - name: defectdojo-redis -# persistentVolumeClaim: -# claimName: defectdojo-redis-pvc ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: defectdojo-redis-pvc - namespace: defectdojo -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: defectdojo-redis-pv -spec: - storageClassName: "" - capacity: - storage: 2Gi - accessModes: - - ReadWriteOnce - persistentVolumeReclaimPolicy: Retain - mountOptions: - - hard - - nfsvers=4.1 - nfs: - server: 192.168.2.110 - path: /mnt/nfs_share/defectdojo/redis - readOnly: false ---- -apiVersion: v1 -kind: Service -metadata: - labels: - io.kompose.service: redis - name: redis - namespace: defectdojo -spec: - ports: - - name: "6379" - port: 6379 - targetPort: 6379 - selector: - io.kompose.service: redis -status: - loadBalancer: {} - diff --git a/dev/defectdojo/yaml/dt-report.json b/dev/defectdojo/yaml/dt-report.json.bak similarity index 100% rename from dev/defectdojo/yaml/dt-report.json rename to dev/defectdojo/yaml/dt-report.json.bak