From 93b7c2b7703e72009aa85ae708121febab986c1a Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Fri, 28 Nov 2025 13:36:24 +0100 Subject: [PATCH] change --- dev/defectdojo/{yaml => }/README.md | 0 dev/defectdojo/{yaml => }/admin-password.txt | 0 dev/defectdojo/{yaml => }/defectdojo.yaml | 0 .../extra/defectdojo-with-initializer.ignore | 0 .../defectdojo-with-initializer.yaml | 0 dev/defectdojo/helm/README.md | 42 - dev/defectdojo/helm/defectdojo-helm.yaml | 1060 ----------------- dev/defectdojo/helm/defectdojo-secret.sh | 5 - dev/defectdojo/helm/ingressroute-http.yaml | 14 - dev/defectdojo/helm/ingressroute-tls.yaml | 16 - dev/defectdojo/helm/persistent-volumes.yaml | 68 -- dev/defectdojo/helm/postgres-secret.sh | 3 - dev/defectdojo/helm/rabbitmq-secret.sh | 3 - dev/defectdojo/helm/values-complete.yaml | 552 --------- dev/defectdojo/helm/values.yaml | 36 - .../{yaml => }/ingressroute-http.yml | 0 .../{yaml => }/ingressroute-tls.yml | 0 dev/defectdojo/installeren_met_yaml | 0 dev/defectdojo/{yaml => }/restart.sh | 0 dev/defectdojo/yaml/chatgpt/defectdojo.yaml | 283 ----- dev/defectdojo/yaml/dt-report.json.bak | 27 - dev/tekton/README.md | 2 + 22 files changed, 2 insertions(+), 2109 deletions(-) rename dev/defectdojo/{yaml => }/README.md (100%) rename dev/defectdojo/{yaml => }/admin-password.txt (100%) rename dev/defectdojo/{yaml => }/defectdojo.yaml (100%) rename dev/defectdojo/{yaml => }/extra/defectdojo-with-initializer.ignore (100%) rename dev/defectdojo/{yaml => extra}/defectdojo-with-initializer.yaml (100%) delete mode 100755 dev/defectdojo/helm/README.md delete mode 100644 dev/defectdojo/helm/defectdojo-helm.yaml delete mode 100755 dev/defectdojo/helm/defectdojo-secret.sh delete mode 100755 dev/defectdojo/helm/ingressroute-http.yaml delete mode 100755 dev/defectdojo/helm/ingressroute-tls.yaml delete mode 100755 dev/defectdojo/helm/persistent-volumes.yaml delete mode 100755 dev/defectdojo/helm/postgres-secret.sh delete mode 100755 dev/defectdojo/helm/rabbitmq-secret.sh delete mode 100755 dev/defectdojo/helm/values-complete.yaml delete mode 100755 dev/defectdojo/helm/values.yaml rename dev/defectdojo/{yaml => }/ingressroute-http.yml (100%) rename dev/defectdojo/{yaml => }/ingressroute-tls.yml (100%) delete mode 100644 dev/defectdojo/installeren_met_yaml rename dev/defectdojo/{yaml => }/restart.sh (100%) delete mode 100644 dev/defectdojo/yaml/chatgpt/defectdojo.yaml delete mode 100644 dev/defectdojo/yaml/dt-report.json.bak diff --git a/dev/defectdojo/yaml/README.md b/dev/defectdojo/README.md similarity index 100% rename from dev/defectdojo/yaml/README.md rename to dev/defectdojo/README.md diff --git a/dev/defectdojo/yaml/admin-password.txt b/dev/defectdojo/admin-password.txt similarity index 100% rename from dev/defectdojo/yaml/admin-password.txt rename to dev/defectdojo/admin-password.txt diff --git a/dev/defectdojo/yaml/defectdojo.yaml b/dev/defectdojo/defectdojo.yaml similarity index 100% rename from dev/defectdojo/yaml/defectdojo.yaml rename to dev/defectdojo/defectdojo.yaml diff --git a/dev/defectdojo/yaml/extra/defectdojo-with-initializer.ignore b/dev/defectdojo/extra/defectdojo-with-initializer.ignore similarity index 100% rename from dev/defectdojo/yaml/extra/defectdojo-with-initializer.ignore rename to dev/defectdojo/extra/defectdojo-with-initializer.ignore diff --git a/dev/defectdojo/yaml/defectdojo-with-initializer.yaml b/dev/defectdojo/extra/defectdojo-with-initializer.yaml similarity index 100% rename from dev/defectdojo/yaml/defectdojo-with-initializer.yaml rename to dev/defectdojo/extra/defectdojo-with-initializer.yaml diff --git a/dev/defectdojo/helm/README.md b/dev/defectdojo/helm/README.md deleted file mode 100755 index e8c8e36..0000000 --- a/dev/defectdojo/helm/README.md +++ /dev/null @@ -1,42 +0,0 @@ -#Installatie - -https://epam.github.io/edp-install/operator-guide/install-defectdojo/ - - -kubectl create namespace defectdojo - -helm repo add defectdojo 'https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/helm-charts' -helm repo update - -Create PostgreSQL admin secret: - - -kubectl -n defectdojo create secret generic defectdojo-postgresql-specific \ ---from-literal=postgresql-password=defectdojodefect \ ---from-literal=postgresql-postgres-password=defectdojodefect - -Create Rabbitmq admin secret: - - -kubectl -n defectdojo create secret generic defectdojo-rabbitmq-specific \ ---from-literal=rabbitmq-password=defectdojo \ ---from-literal=rabbitmq-erlang-cookie=defectdojodefectdojodefectdojojo - -Create DefectDojo admin secret: - - -kubectl -n defectdojo create secret generic defectdojo \ ---from-literal=DD_ADMIN_PASSWORD=defectdojodefectdojojo \ ---from-literal=DD_SECRET_KEY=defectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefecdojojo \ ---from-literal=DD_CREDENTIAL_AES_256_KEY=defectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefecdojojo \ ---from-literal=METRICS_HTTP_AUTH_PASSWORD=defectdojodefectdojodefectdojojo - -Install DefectDojo v.2.22.4 using defectdojo/defectdojo Helm chart v.1.6.69: - - -helm upgrade --install \ -defectdojo \ ---version 1.6.69 \ -defectdojo/defectdojo \ ---namespace defectdojo \ ---values values.yaml diff --git a/dev/defectdojo/helm/defectdojo-helm.yaml b/dev/defectdojo/helm/defectdojo-helm.yaml deleted file mode 100644 index 98e0bcd..0000000 --- a/dev/defectdojo/helm/defectdojo-helm.yaml +++ /dev/null @@ -1,1060 +0,0 @@ ---- -# Source: defectdojo/charts/rabbitmq/templates/serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: defectdojo-rabbitmq - namespace: "defectdojo" - labels: - app.kubernetes.io/name: rabbitmq - helm.sh/chart: rabbitmq-11.2.2 - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/managed-by: Helm -automountServiceAccountToken: true -secrets: - - name: defectdojo-rabbitmq ---- -# Source: defectdojo/charts/rabbitmq/templates/config-secret.yaml -apiVersion: v1 -kind: Secret -metadata: - name: defectdojo-rabbitmq-config - namespace: "defectdojo" - labels: - app.kubernetes.io/name: rabbitmq - helm.sh/chart: rabbitmq-11.2.2 - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/managed-by: Helm -type: Opaque -data: - rabbitmq.conf: |- - IyMgVXNlcm5hbWUgYW5kIHBhc3N3b3JkCiMjCmRlZmF1bHRfdXNlciA9IHVzZXIKIyMgQ2x1c3RlcmluZwojIwpjbHVzdGVyX2Zvcm1hdGlvbi5wZWVyX2Rpc2NvdmVyeV9iYWNrZW5kICA9IHJhYmJpdF9wZWVyX2Rpc2NvdmVyeV9rOHMKY2x1c3Rlcl9mb3JtYXRpb24uazhzLmhvc3QgPSBrdWJlcm5ldGVzLmRlZmF1bHQKY2x1c3Rlcl9mb3JtYXRpb24ubm9kZV9jbGVhbnVwLmludGVydmFsID0gMTAKY2x1c3Rlcl9mb3JtYXRpb24ubm9kZV9jbGVhbnVwLm9ubHlfbG9nX3dhcm5pbmcgPSB0cnVlCmNsdXN0ZXJfcGFydGl0aW9uX2hhbmRsaW5nID0gYXV0b2hlYWwKIyBxdWV1ZSBtYXN0ZXIgbG9jYXRvcgpxdWV1ZV9tYXN0ZXJfbG9jYXRvciA9IG1pbi1tYXN0ZXJzCiMgZW5hYmxlIGd1ZXN0IHVzZXIKbG9vcGJhY2tfdXNlcnMuZ3Vlc3QgPSBmYWxzZQojZGVmYXVsdF92aG9zdCA9IGRlZmVjdGRvam8tdmhvc3QKI2Rpc2tfZnJlZV9saW1pdC5hYnNvbHV0ZSA9IDUwTUIKIyMgTWVtb3J5IFRocmVzaG9sZAojIwp0b3RhbF9tZW1vcnlfYXZhaWxhYmxlX292ZXJyaWRlX3ZhbHVlID0gNTM2ODcwOTEyCnZtX21lbW9yeV9oaWdoX3dhdGVybWFyay5yZWxhdGl2ZSA9IDAuNQ== ---- -# Source: defectdojo/templates/configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: defectdojo - labels: - app.kubernetes.io/name: defectdojo - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/managed-by: Helm - helm.sh/chart: defectdojo-1.6.112 -data: - DD_ADMIN_USER: admin - DD_ADMIN_MAIL: admin@defectdojo.local - DD_ADMIN_FIRST_NAME: Admin - DD_ADMIN_LAST_NAME: User - DD_ALLOWED_HOSTS: defectdojo.default.minikube.local - DD_SITE_URL: http://localhost:8080 - DD_CELERY_BROKER_SCHEME: amqp - DD_CELERY_BROKER_USER: 'user' - DD_CELERY_BROKER_HOST: defectdojo-rabbitmq - DD_CELERY_BROKER_PORT: '5672' - DD_CELERY_BROKER_PARAMS: '' - DD_CELERY_BROKER_PATH: '//' - DD_CELERY_LOG_LEVEL: INFO - DD_CELERY_WORKER_POOL_TYPE: solo - DD_CELERY_WORKER_AUTOSCALE_MIN: '' - DD_CELERY_WORKER_AUTOSCALE_MAX: '' - DD_CELERY_WORKER_CONCURRENCY: '' - DD_CELERY_WORKER_PREFETCH_MULTIPLIER: '' - DD_DATABASE_ENGINE: django.db.backends.postgresql - DD_DATABASE_HOST: defectdojo-postgresql - DD_DATABASE_PORT: '5432' - DD_DATABASE_USER: defectdojo - DD_DATABASE_NAME: defectdojo - DD_INITIALIZE: 'true' - DD_UWSGI_ENDPOINT: /run/defectdojo/uwsgi.sock - DD_UWSGI_HOST: localhost - DD_UWSGI_PASS: unix:///run/defectdojo/uwsgi.sock - DD_UWSGI_NUM_OF_PROCESSES: '2' - DD_UWSGI_NUM_OF_THREADS: '2' - DD_DJANGO_METRICS_ENABLED: 'false' - NGINX_METRICS_ENABLED: 'false' - METRICS_HTTP_AUTH_USER: monitoring ---- -# Source: defectdojo/charts/rabbitmq/templates/role.yaml -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: defectdojo-rabbitmq-endpoint-reader - namespace: "defectdojo" - labels: - app.kubernetes.io/name: rabbitmq - helm.sh/chart: rabbitmq-11.2.2 - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/managed-by: Helm -rules: - - apiGroups: [""] - resources: ["endpoints"] - verbs: ["get"] - - apiGroups: [""] - resources: ["events"] - verbs: ["create"] ---- -# Source: defectdojo/charts/rabbitmq/templates/rolebinding.yaml -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: defectdojo-rabbitmq-endpoint-reader - namespace: "defectdojo" - labels: - app.kubernetes.io/name: rabbitmq - helm.sh/chart: rabbitmq-11.2.2 - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/managed-by: Helm -subjects: - - kind: ServiceAccount - name: defectdojo-rabbitmq -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: defectdojo-rabbitmq-endpoint-reader ---- -# Source: defectdojo/charts/postgresql/templates/primary/svc-headless.yaml -apiVersion: v1 -kind: Service -metadata: - name: defectdojo-postgresql-hl - namespace: "defectdojo" - labels: - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-11.6.26 - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: primary - # Use this annotation in addition to the actual publishNotReadyAddresses - # field below because the annotation will stop being respected soon but the - # field is broken in some versions of Kubernetes: - # https://github.com/kubernetes/kubernetes/issues/58662 - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" -spec: - type: ClusterIP - clusterIP: None - # We want all pods in the StatefulSet to have their addresses published for - # the sake of the other Postgresql pods even before they're ready, since they - # have to be able to talk to each other in order to become ready. - publishNotReadyAddresses: true - ports: - - name: tcp-postgresql - port: 5432 - targetPort: tcp-postgresql - selector: - app.kubernetes.io/name: postgresql - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/component: primary ---- -# Source: defectdojo/charts/postgresql/templates/primary/svc.yaml -apiVersion: v1 -kind: Service -metadata: - name: defectdojo-postgresql - namespace: "defectdojo" - labels: - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-11.6.26 - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: primary - annotations: -spec: - type: ClusterIP - sessionAffinity: None - ports: - - name: tcp-postgresql - port: 5432 - targetPort: tcp-postgresql - nodePort: null - selector: - app.kubernetes.io/name: postgresql - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/component: primary ---- -# Source: defectdojo/charts/rabbitmq/templates/svc-headless.yaml -apiVersion: v1 -kind: Service -metadata: - name: defectdojo-rabbitmq-headless - namespace: "defectdojo" - labels: - app.kubernetes.io/name: rabbitmq - helm.sh/chart: rabbitmq-11.2.2 - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/managed-by: Helm -spec: - clusterIP: None - ports: - - name: epmd - port: 4369 - targetPort: epmd - - name: amqp - port: 5672 - targetPort: amqp - - name: dist - port: 25672 - targetPort: dist - - name: http-stats - port: 15672 - targetPort: stats - selector: - app.kubernetes.io/name: rabbitmq - app.kubernetes.io/instance: defectdojo - publishNotReadyAddresses: true ---- -# Source: defectdojo/charts/rabbitmq/templates/svc.yaml -apiVersion: v1 -kind: Service -metadata: - name: defectdojo-rabbitmq - namespace: "defectdojo" - labels: - app.kubernetes.io/name: rabbitmq - helm.sh/chart: rabbitmq-11.2.2 - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/managed-by: Helm -spec: - type: ClusterIP - sessionAffinity: None - ports: - - name: amqp - port: 5672 - targetPort: amqp - nodePort: null - - name: epmd - port: 4369 - targetPort: epmd - nodePort: null - - name: dist - port: 25672 - targetPort: dist - nodePort: null - - name: http-stats - port: 15672 - targetPort: stats - nodePort: null - selector: - app.kubernetes.io/name: rabbitmq - app.kubernetes.io/instance: defectdojo ---- -# Source: defectdojo/templates/django-service.yaml -apiVersion: v1 -kind: Service -metadata: - name: defectdojo-django - labels: - defectdojo.org/component: django - app.kubernetes.io/name: defectdojo - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/managed-by: Helm - helm.sh/chart: defectdojo-1.6.112 -spec: - selector: - defectdojo.org/component: django - app.kubernetes.io/name: defectdojo - app.kubernetes.io/instance: defectdojo - ports: - - name: http - protocol: TCP - port: 80 - targetPort: http ---- -# Source: defectdojo/templates/celery-beat-deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: defectdojo-celery-beat - labels: - defectdojo.org/component: celery - defectdojo.org/subcomponent: beat - app.kubernetes.io/name: defectdojo - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/managed-by: Helm - helm.sh/chart: defectdojo-1.6.112 -spec: - replicas: 1 - selector: - matchLabels: - defectdojo.org/component: celery - app.kubernetes.io/name: defectdojo - app.kubernetes.io/instance: defectdojo - template: - metadata: - labels: - defectdojo.org/component: celery - app.kubernetes.io/name: defectdojo - app.kubernetes.io/instance: defectdojo - annotations: - spec: - serviceAccountName: defectdojo - volumes: - - name: run - emptyDir: {} - containers: - - command: - - /entrypoint-celery-beat.sh - name: celery - image: "allardkrings/defectdojo-django:1.0" - imagePullPolicy: IfNotPresent - securityContext: - runAsUser: 1001 - volumeMounts: - - name: run - mountPath: /run/defectdojo - envFrom: - - configMapRef: - name: defectdojo - - secretRef: - name: defectdojo-extrasecrets - optional: true - env: - - name: DD_CELERY_BROKER_PASSWORD - valueFrom: - secretKeyRef: - name: defectdojo-rabbitmq-specific - key: rabbitmq-password - - name: DD_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: defectdojo-postgresql-specific - key: postgresql-password - - name: DD_SECRET_KEY - valueFrom: - secretKeyRef: - name: defectdojo - key: DD_SECRET_KEY - resources: - limits: - cpu: 2000m - memory: 256Mi - requests: - cpu: 100m - memory: 128Mi ---- -# Source: defectdojo/templates/celery-worker-deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: defectdojo-celery-worker - labels: - defectdojo.org/component: celery - defectdojo.org/subcomponent: worker - app.kubernetes.io/name: defectdojo - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/managed-by: Helm - helm.sh/chart: defectdojo-1.6.112 -spec: - replicas: 1 - selector: - matchLabels: - defectdojo.org/component: celery - app.kubernetes.io/name: defectdojo - app.kubernetes.io/instance: defectdojo - template: - metadata: - labels: - defectdojo.org/component: celery - app.kubernetes.io/name: defectdojo - app.kubernetes.io/instance: defectdojo - annotations: - spec: - serviceAccountName: defectdojo - volumes: - containers: - - name: celery - image: "allardkrings/defectdojo-django:1.0" - imagePullPolicy: IfNotPresent - securityContext: - runAsUser: 1001 - command: ['/entrypoint-celery-worker.sh'] - volumeMounts: - envFrom: - - configMapRef: - name: defectdojo - - secretRef: - name: defectdojo-extrasecrets - optional: true - env: - - name: DD_CELERY_BROKER_PASSWORD - valueFrom: - secretKeyRef: - name: defectdojo-rabbitmq-specific - key: rabbitmq-password - - name: DD_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: defectdojo-postgresql-specific - key: postgresql-password - - name: DD_SECRET_KEY - valueFrom: - secretKeyRef: - name: defectdojo - key: DD_SECRET_KEY - resources: - limits: - cpu: 2000m - memory: 512Mi - requests: - cpu: 100m - memory: 128Mi ---- -# Source: defectdojo/templates/django-deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: defectdojo-django - labels: - defectdojo.org/component: django - app.kubernetes.io/name: defectdojo - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/managed-by: Helm - helm.sh/chart: defectdojo-1.6.112 -spec: - replicas: 1 - selector: - matchLabels: - defectdojo.org/component: django - app.kubernetes.io/name: defectdojo - app.kubernetes.io/instance: defectdojo - template: - metadata: - labels: - defectdojo.org/component: django - app.kubernetes.io/name: defectdojo - app.kubernetes.io/instance: defectdojo - annotations: - spec: - serviceAccountName: defectdojo - securityContext: - fsGroup: 1001 - volumes: - - name: run - emptyDir: {} - - name: media - emptyDir: {} - containers: - - name: uwsgi - image: 'allardkrings/defectdojo-django:1.0' - imagePullPolicy: IfNotPresent - securityContext: - runAsUser: 1001 - volumeMounts: - - name: run - mountPath: /run/defectdojo - - name: media - mountPath: "/app/media" - ports: - - name: http-uwsgi - protocol: TCP - containerPort: 8081 - envFrom: - - configMapRef: - name: defectdojo - - secretRef: - name: defectdojo-extrasecrets - optional: true - env: - - name: DD_CELERY_BROKER_PASSWORD - valueFrom: - secretKeyRef: - name: defectdojo-rabbitmq-specific - key: rabbitmq-password - - name: DD_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: defectdojo-postgresql-specific - key: postgresql-password - - name: DD_SECRET_KEY - valueFrom: - secretKeyRef: - name: defectdojo - key: DD_SECRET_KEY - - name: DD_CREDENTIAL_AES_256_KEY - valueFrom: - secretKeyRef: - name: defectdojo - key: DD_CREDENTIAL_AES_256_KEY - - name: DD_SESSION_COOKIE_SECURE - value: "True" - - name: DD_CSRF_COOKIE_SECURE - value: "True" - livenessProbe: - httpGet: - path: /login?force_login_form&next=/ - port: http-uwsgi - httpHeaders: - - name: Host - value: defectdojo.default.minikube.local - failureThreshold: 6 - initialDelaySeconds: 120 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: - limits: - cpu: 2000m - memory: 512Mi - requests: - cpu: 100m - memory: 256Mi - - name: nginx - image: 'allardkrings/defectdojo-nginx:1.0' - imagePullPolicy: IfNotPresent - securityContext: - runAsUser: 1001 - volumeMounts: - - name: run - mountPath: /run/defectdojo - - name: media - mountPath: /usr/share/nginx/html/media - ports: - - name: http - protocol: TCP - containerPort: 8080 - envFrom: - - configMapRef: - name: defectdojo - env: - - name: METRICS_HTTP_AUTH_PASSWORD - valueFrom: - secretKeyRef: - name: defectdojo - key: METRICS_HTTP_AUTH_PASSWORD - - name: USE_TLS - value: 'false' - - name: GENERATE_TLS_CERTIFICATE - value: 'false' - livenessProbe: - httpGet: - path: /nginx_health - port: http - httpHeaders: - - name: Host - value: defectdojo.default.minikube.local - initialDelaySeconds: 10 - periodSeconds: 10 - failureThreshold: 6 - readinessProbe: - httpGet: - path: /uwsgi_health - port: http - httpHeaders: - - name: Host - value: defectdojo.default.minikube.local - failureThreshold: 6 - initialDelaySeconds: 120 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: - limits: - cpu: 2000m - memory: 256Mi - requests: - cpu: 100m - memory: 128Mi ---- -# Source: defectdojo/charts/postgresql/templates/primary/statefulset.yaml -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: defectdojo-postgresql - namespace: "defectdojo" - labels: - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-11.6.26 - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: primary - annotations: -spec: - replicas: 1 - serviceName: defectdojo-postgresql-hl - updateStrategy: - rollingUpdate: {} - type: RollingUpdate - selector: - matchLabels: - app.kubernetes.io/name: postgresql - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/component: primary - template: - metadata: - name: defectdojo-postgresql - labels: - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-11.6.26 - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: primary - annotations: - spec: - serviceAccountName: default - affinity: - podAffinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/name: postgresql - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/component: primary - namespaces: - - "defectdojo" - topologyKey: kubernetes.io/hostname - weight: 1 - nodeAffinity: - securityContext: - fsGroup: 1001 - hostNetwork: false - hostIPC: false - initContainers: - containers: - - name: postgresql - image: docker.io/bitnami/postgresql:11.16.0-debian-11-r9 - imagePullPolicy: "IfNotPresent" - securityContext: - runAsUser: 1001 - env: - - name: BITNAMI_DEBUG - value: "false" - - name: POSTGRESQL_PORT_NUMBER - value: "5432" - - name: POSTGRESQL_VOLUME_DIR - value: "/bitnami/postgresql" - - name: PGDATA - value: "/bitnami/postgresql/data" - # Authentication - - name: POSTGRES_USER - value: "defectdojo" - - name: POSTGRES_POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: defectdojo-postgresql-specific - key: postgresql-postgres-password - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: defectdojo-postgresql-specific - key: postgresql-password - - name: POSTGRES_DB - value: "defectdojo" - # Replication - # Initdb - # Standby - # LDAP - - name: POSTGRESQL_ENABLE_LDAP - value: "no" - # TLS - - name: POSTGRESQL_ENABLE_TLS - value: "no" - # Audit - - name: POSTGRESQL_LOG_HOSTNAME - value: "false" - - name: POSTGRESQL_LOG_CONNECTIONS - value: "false" - - name: POSTGRESQL_LOG_DISCONNECTIONS - value: "false" - - name: POSTGRESQL_PGAUDIT_LOG_CATALOG - value: "off" - # Others - - name: POSTGRESQL_CLIENT_MIN_MESSAGES - value: "error" - - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES - value: "pgaudit" - ports: - - name: tcp-postgresql - containerPort: 5432 - livenessProbe: - failureThreshold: 6 - initialDelaySeconds: 30 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - exec: - command: - - /bin/sh - - -c - - exec pg_isready -U "defectdojo" -d "dbname=defectdojo" -h 127.0.0.1 -p 5432 - readinessProbe: - failureThreshold: 6 - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - exec: - command: - - /bin/sh - - -c - - -e - - | - exec pg_isready -U "defectdojo" -d "dbname=defectdojo" -h 127.0.0.1 -p 5432 - [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] - resources: - limits: {} - requests: - cpu: 250m - memory: 256Mi - volumeMounts: - - name: dshm - mountPath: /dev/shm - - name: data - mountPath: /bitnami/postgresql - volumes: - - name: dshm - emptyDir: - medium: Memory - volumeClaimTemplates: - - metadata: - name: data - spec: - accessModes: - - "ReadWriteOnce" - resources: - requests: - storage: "8Gi" ---- -# Source: defectdojo/charts/rabbitmq/templates/statefulset.yaml -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: defectdojo-rabbitmq - namespace: "defectdojo" - labels: - app.kubernetes.io/name: rabbitmq - helm.sh/chart: rabbitmq-11.2.2 - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/managed-by: Helm -spec: - serviceName: defectdojo-rabbitmq-headless - podManagementPolicy: OrderedReady - replicas: 1 - updateStrategy: - type: RollingUpdate - selector: - matchLabels: - app.kubernetes.io/name: rabbitmq - app.kubernetes.io/instance: defectdojo - template: - metadata: - labels: - app.kubernetes.io/name: rabbitmq - helm.sh/chart: rabbitmq-11.2.2 - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/managed-by: Helm - annotations: - checksum/config: 208929eee544dead36ca3c947884b65e8ffb3c4e72fbf6721922c651640ffe3c - spec: - serviceAccountName: defectdojo-rabbitmq - affinity: - podAffinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/name: rabbitmq - app.kubernetes.io/instance: defectdojo - namespaces: - - "defectdojo" - topologyKey: kubernetes.io/hostname - weight: 1 - nodeAffinity: - securityContext: - fsGroup: 1001 - terminationGracePeriodSeconds: 120 - initContainers: - containers: - - name: rabbitmq - image: docker.io/bitnami/rabbitmq:3.11.5-debian-11-r2 - imagePullPolicy: "IfNotPresent" - securityContext: - runAsNonRoot: true - runAsUser: 1001 - lifecycle: - preStop: - exec: - command: - - /bin/bash - - -ec - - | - if [[ -f /opt/bitnami/scripts/rabbitmq/nodeshutdown.sh ]]; then - /opt/bitnami/scripts/rabbitmq/nodeshutdown.sh -t "120" -d "false" - else - rabbitmqctl stop_app - fi - env: - - name: BITNAMI_DEBUG - value: "false" - - name: MY_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: K8S_SERVICE_NAME - value: defectdojo-rabbitmq-headless - - name: K8S_ADDRESS_TYPE - value: hostname - - name: RABBITMQ_FORCE_BOOT - value: "no" - - name: RABBITMQ_NODE_NAME - value: "rabbit@$(MY_POD_NAME).$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.cluster.local" - - name: K8S_HOSTNAME_SUFFIX - value: ".$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.cluster.local" - - name: RABBITMQ_MNESIA_DIR - value: "/bitnami/rabbitmq/mnesia/$(RABBITMQ_NODE_NAME)" - - name: RABBITMQ_LDAP_ENABLE - value: "no" - - name: RABBITMQ_LOGS - value: "-" - - name: RABBITMQ_ULIMIT_NOFILES - value: "65536" - - name: RABBITMQ_USE_LONGNAME - value: "true" - - name: RABBITMQ_ERL_COOKIE - valueFrom: - secretKeyRef: - name: defectdojo-rabbitmq-specific - key: rabbitmq-erlang-cookie - - name: RABBITMQ_LOAD_DEFINITIONS - value: "no" - - name: RABBITMQ_DEFINITIONS_FILE - value: "/app/load_definition.json" - - name: RABBITMQ_SECURE_PASSWORD - value: "yes" - - name: RABBITMQ_USERNAME - value: "user" - - name: RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: defectdojo-rabbitmq-specific - key: rabbitmq-password - - name: RABBITMQ_PLUGINS - value: "rabbitmq_management, rabbitmq_peer_discovery_k8s, rabbitmq_auth_backend_ldap" - envFrom: - ports: - - name: amqp - containerPort: 5672 - - name: dist - containerPort: 25672 - - name: stats - containerPort: 15672 - - name: epmd - containerPort: 4369 - livenessProbe: - failureThreshold: 6 - initialDelaySeconds: 120 - periodSeconds: 30 - successThreshold: 1 - timeoutSeconds: 20 - exec: - command: - - /bin/bash - - -ec - - rabbitmq-diagnostics -q ping - readinessProbe: - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 30 - successThreshold: 1 - timeoutSeconds: 20 - exec: - command: - - /bin/bash - - -ec - - rabbitmq-diagnostics -q check_running && rabbitmq-diagnostics -q check_local_alarms - resources: - limits: - cpu: 500m - memory: 512Mi - requests: - cpu: 100m - memory: 128Mi - volumeMounts: - - name: configuration - mountPath: /bitnami/rabbitmq/conf - - name: data - mountPath: /bitnami/rabbitmq/mnesia - volumes: - - name: configuration - secret: - secretName: defectdojo-rabbitmq-config - items: - - key: rabbitmq.conf - path: rabbitmq.conf - volumeClaimTemplates: - - metadata: - name: data - labels: - app.kubernetes.io/name: rabbitmq - app.kubernetes.io/instance: defectdojo - spec: - accessModes: - - "ReadWriteOnce" - resources: - requests: - storage: "8Gi" ---- -# Source: defectdojo/templates/django-ingress.yaml -apiVersion: networking.k8s.io/v1beta1 -kind: Ingress -metadata: - name: defectdojo - labels: - defectdojo.org/component: django - app.kubernetes.io/name: defectdojo - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/managed-by: Helm - helm.sh/chart: defectdojo-1.6.112 -spec: - tls: - - hosts: - - defectdojo.default.minikube.local - secretName: defectdojo-tls - rules: - - host: defectdojo.default.minikube.local - http: - paths: - - path: / - backend: - serviceName: defectdojo-django - servicePort: http ---- -# Source: defectdojo/templates/sa.yaml -kind: ServiceAccount -apiVersion: v1 -metadata: - name: defectdojo - labels: - app.kubernetes.io/name: defectdojo - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/managed-by: Helm - helm.sh/chart: defectdojo-1.6.112 - annotations: - helm.sh/resource-policy: keep - helm.sh/hook: "pre-install" - helm.sh/hook-delete-policy: "before-hook-creation" ---- -# Source: defectdojo/templates/tests/unit-tests.yaml -apiVersion: v1 -kind: Pod -metadata: - name: defectdojo-unit-tests - labels: - app.kubernetes.io/name: defectdojo - helm.sh/chart: defectdojo-1.6.112 - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/managed-by: Helm - annotations: - helm.sh/hook: test-success -spec: - serviceAccountName: defectdojo - containers: - - name: unit-tests - image: 'allardkrings/defectdojo-django:1.0' - imagePullPolicy: IfNotPresent - securityContext: - runAsUser: 1001 - command: ['/entrypoint-unit-tests.sh'] - envFrom: - - configMapRef: - name: defectdojo - env: - - name: DD_DATABASE_USER - value: defectdojo - - name: DD_CELERY_BROKER_PASSWORD - valueFrom: - secretKeyRef: - # Use broker chart secret - # name: defectdojo-rabbitmq - # Use secret handled outside of the chart - name: defectdojo-rabbitmq-specific - key: rabbitmq-password - - name: DD_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: defectdojo-postgresql-specific - key: postgresql-password - - name: DD_DEBUG - value: 'True' - - name: DD_SECRET_KEY - valueFrom: - secretKeyRef: - name: defectdojo - key: DD_SECRET_KEY - - name: DD_CREDENTIAL_AES_256_KEY - valueFrom: - secretKeyRef: - name: defectdojo - key: DD_CREDENTIAL_AES_256_KEY - resources: - limits: - cpu: 500m - memory: 512Mi - requests: - cpu: 100m - memory: 128Mi - restartPolicy: Never ---- -# Source: defectdojo/templates/initializer-job.yaml -apiVersion: batch/v1 -kind: Job -metadata: - name: defectdojo-initializer-2024-05-19-12-59 - labels: - defectdojo.org/component: initializer - app.kubernetes.io/name: defectdojo - app.kubernetes.io/instance: defectdojo - app.kubernetes.io/managed-by: Helm - helm.sh/chart: defectdojo-1.6.112 - annotations: - helm.sh/hook: post-install,post-upgrade -spec: - ttlSecondsAfterFinished: 60 - template: - metadata: - labels: - defectdojo.org/component: initializer - app.kubernetes.io/name: defectdojo - app.kubernetes.io/instance: defectdojo - annotations: - spec: - serviceAccountName: defectdojo - volumes: - containers: - - name: initializer - image: "allardkrings/defectdojo-django:1.0" - imagePullPolicy: IfNotPresent - securityContext: - runAsUser: 1001 - volumeMounts: - command: - - /entrypoint-initializer.sh - envFrom: - - configMapRef: - name: defectdojo - - secretRef: - name: defectdojo - env: - - name: DD_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: defectdojo-postgresql-specific - key: postgresql-password - resources: - limits: - cpu: 2000m - memory: 512Mi - requests: - cpu: 100m - memory: 256Mi - restartPolicy: Never - backoffLimit: 1 diff --git a/dev/defectdojo/helm/defectdojo-secret.sh b/dev/defectdojo/helm/defectdojo-secret.sh deleted file mode 100755 index 6c2a236..0000000 --- a/dev/defectdojo/helm/defectdojo-secret.sh +++ /dev/null @@ -1,5 +0,0 @@ -microk8s kubectl -n defectdojo create secret generic defectdojo \ ---from-literal=DD_ADMIN_PASSWORD=defectdojodefectdojojo \ ---from-literal=DD_SECRET_KEY=defectdodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojo \ ---from-literal=DD_CREDENTIAL_AES_256_KEY=defectdodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojo \ ---from-literal=METRICS_HTTP_AUTH_PASSWORD=defectdojodefectdojodefectdojojo -n defectdojo diff --git a/dev/defectdojo/helm/ingressroute-http.yaml b/dev/defectdojo/helm/ingressroute-http.yaml deleted file mode 100755 index 7a5f0a7..0000000 --- a/dev/defectdojo/helm/ingressroute-http.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: defectdojo-http - namespace: defectdojo -spec: - entryPoints: - - web - routes: - - match: Host(`defectdojo-dev.allarddcs.nl`) - kind: Rule - services: - - name: defectdojo-django - port: 80 diff --git a/dev/defectdojo/helm/ingressroute-tls.yaml b/dev/defectdojo/helm/ingressroute-tls.yaml deleted file mode 100755 index e90cd99..0000000 --- a/dev/defectdojo/helm/ingressroute-tls.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: defectdojo-tls - namespace: defectdojo -spec: - entryPoints: - - websecure - routes: - - match: Host(`defectdojo-dev.allarddcs.nl`) - kind: Rule - services: - - name: defectdojo-django - port: 80 - tls: - certResolver: letsencrypt diff --git a/dev/defectdojo/helm/persistent-volumes.yaml b/dev/defectdojo/helm/persistent-volumes.yaml deleted file mode 100755 index d727ade..0000000 --- a/dev/defectdojo/helm/persistent-volumes.yaml +++ /dev/null @@ -1,68 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: defectdojo-postgres-pv -spec: - storageClassName: "" - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - persistentVolumeReclaimPolicy: Retain - mountOptions: - - hard - - nfsvers=4.1 - nfs: - server: 192.168.2.110 - path: /mnt/nfs_share/defectdojo/postgres - readOnly: false ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: data-defectdojo-postgresql-0 - namespace: defectdojo -spec: - storageClassName: "" - volumeName: defectdojo-postgres-pv - accessModes: - - ReadWriteMany - volumeMode: Filesystem - resources: - requests: - storage: 1Gi ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: defectdojo-rabbitmq-pv -spec: - storageClassName: "" - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - persistentVolumeReclaimPolicy: Retain - mountOptions: - - hard - - nfsvers=4.1 - nfs: - server: 192.168.2.110 - path: /mnt/nfs_share/defectdojo/rabbitmq - readOnly: false ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: data-defectdojo-rabbitmq-0 - namespace: defectdojo -spec: - storageClassName: "" - volumeName: defectdojo-rabbitmq-pv - accessModes: - - ReadWriteMany - volumeMode: Filesystem - resources: - requests: - storage: 1Gi - diff --git a/dev/defectdojo/helm/postgres-secret.sh b/dev/defectdojo/helm/postgres-secret.sh deleted file mode 100755 index 85e04b2..0000000 --- a/dev/defectdojo/helm/postgres-secret.sh +++ /dev/null @@ -1,3 +0,0 @@ -microk8s kubectl -n defectdojo create secret generic defectdojo-postgresql-specific \ ---from-literal=postgresql-password=defectdojo \ ---from-literal=postgresql-postgres-password=defectdojo -n defectdojo diff --git a/dev/defectdojo/helm/rabbitmq-secret.sh b/dev/defectdojo/helm/rabbitmq-secret.sh deleted file mode 100755 index e0a809c..0000000 --- a/dev/defectdojo/helm/rabbitmq-secret.sh +++ /dev/null @@ -1,3 +0,0 @@ -microk8s kubectl -n defectdojo create secret generic defectdojo-rabbitmq-specific \ ---from-literal=rabbitmq-password=mqrabbitmq \ ---from-literal=rabbitmq-erlang-cookie=rabbitmqrabbitmqrabbitmqrabbitmq -n defectdojo diff --git a/dev/defectdojo/helm/values-complete.yaml b/dev/defectdojo/helm/values-complete.yaml deleted file mode 100755 index 321eadb..0000000 --- a/dev/defectdojo/helm/values-complete.yaml +++ /dev/null @@ -1,552 +0,0 @@ ---- -# Global settings -# create defectdojo specific secret -createSecret: false -# create rabbitmq secret in defectdojo chart, outside of rabbitmq chart -createRabbitMqSecret: false -# create redis secret in defectdojo chart, outside of redis chart -createRedisSecret: false -# create mysql secret in defectdojo chart, outside of mysql chart -createMysqlSecret: false -# create postgresql secret in defectdojo chart, outside of postgresql chart -createPostgresqlSecret: false -# create postgresql-ha secret in defectdojo chart, outside of postgresql-ha chart -createPostgresqlHaSecret: false -# create postgresql-ha-pgpool secret in defectdojo chart, outside of postgresql-ha chart -createPostgresqlHaPgpoolSecret: false -# Track configuration (trackConfig): will automatically respin application pods in case of config changes detection -# can be: -# - disabled, default -# - enabled, enables tracking configuration changes based on SHA256 -# trackConfig: disabled - -# Enables application network policy -# For more info follow https://kubernetes.io/docs/concepts/services-networking/network-policies/ -networkPolicy: - enabled: false - # if additional labels need to be allowed (e.g. prometheus scraper) - ingressExtend: [] - # ingressExtend: - # - podSelector: - # matchLabels: - # app.kubernetes.io/instance: defectdojo-prometheus - egress: [] - # egress: - # - to: - # - ipBlock: - # cidr: 10.0.0.0/24 - # ports: - # - protocol: TCP - # port: 443 - -# Configuration value to select database type -# Option to use "postgresql" or "mysql" database type, by default "mysql" is chosen -# Set the "enable" field to true of the database type you select (if you want to use internal database) and false of the one you don't select -database: postgresql -# Primary hostname of instance -host: defectdojo.default.minikube.local - -# The full URL to your defectdojo instance, depends on the domain where DD is deployed, it also affects links in Jira -# site_url: 'https://' - -# optional list of alternative hostnames to use that gets appended to -# DD_ALLOWED_HOSTS. This is necessary when your local hostname does not match -# the global hostname. -# alternativeHosts: -# - defectdojo.example.com -imagePullPolicy: Always -# Where to pull the defectDojo images from. Defaults to "defectdojo/*" repositories on hub.docker.com -repositoryPrefix: defectdojo -# When using a private registry, name of the secret that holds the registry secret (eg deploy token from gitlab-ci project) -# Create secrets as: kubectl create secret docker-registry defectdojoregistrykey --docker-username=registry_username --docker-password=registry_password --docker-server='https://index.docker.io/v1/' -# imagePullSecrets: defectdojoregistrykey -tag: latest - -# Additional labels to add to the pods: -# podLabels: -# key: value -podLabels: {} - -# Allow overriding of revisionHistoryLimit across all deployments. -# revisionHistoryLimit: 10 - -securityContext: - enabled: true - djangoSecurityContext: - # django dockerfile sets USER=1001 - runAsUser: 1001 - nginxSecurityContext: - # nginx dockerfile sets USER=1001 - runAsUser: 1001 - -tests: - unitTests: - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 500m - memory: 512Mi - -admin: - user: admin - password: - firstName: Administrator - lastName: User - mail: admin@defectdojo.local - secretKey: - credentialAes256Key: - metricsHttpAuthPassword: - -monitoring: - enabled: false - # Add the nginx prometheus exporter sidecar - prometheus: - enabled: false - image: nginx/nginx-prometheus-exporter:0.11.0 - imagePullPolicy: IfNotPresent - -annotations: {} - -# Components -celery: - broker: rabbitmq - # To use an external celery broker, set the hostname here - brokerHost: "" - logLevel: INFO - beat: - annotations: {} - affinity: {} - nodeSelector: {} - replicas: 1 - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 256Mi - tolerations: [] - worker: - annotations: {} - affinity: {} - logLevel: INFO - nodeSelector: {} - replicas: 1 - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 512Mi - tolerations: [] - app_settings: - pool_type: solo - # Performance improved celery worker config when needing to deal with a lot of findings (e.g deduplication ops) - # Comment out the "solo" line, and uncomment the following lines. - # pool_type: prefork - # autoscale_min: 2 - # autoscale_max: 8 - # concurrency: 8 - # prefetch_multiplier: 128 - - # A list of extra volumes to mount. This - # is useful for bringing in extra data that can be referenced by other configurations - # at a well known path, such as local_settings. The - # value of this should be a list of objects. - # - # Example: - # - # ```yaml - # extraVolumes: - # - type: configMap - # name: local_settings - # path: /app/dojo/settings/local_settings.py - # subPath: local_settings.py - # - type: hostPath - # name: host_directory - # path: /tmp - # hostPath: /tmp - # ``` - # - # Each object supports the following keys: - # - # - `type` - Type of the volume, must be one of "configMap", "secret", "hostPath". Case sensitive. - # Even is supported we are highly recommending to avoid hostPath for security reasons (usually blocked by PSP) - # - `name` - Name of the configMap or secret to be mounted. This also controls - # the path that it is mounted to. The volume will be mounted to `/consul/userconfig/`. - # - `path` - defines where file should be exposed - # - `subPath` - extracts only particular file from secret or configMap - # - `pathType` - only for hostPath, can be one of the "DirectoryOrCreate", "Directory" (default), "FileOrCreate", - # "File", "Socket", "CharDevice", "BlockDevice" - # - `hostPath` - only for hostPath, file or directory from local host - # @type: array - extraVolumes: [] - -django: - annotations: {} - service: - annotations: {} - affinity: {} - ingress: - enabled: true - ingressClassName: "" - activateTLS: true - secretName: defectdojo-tls - annotations: {} - # Restricts the type of ingress controller that can interact with our chart (nginx, traefik, ...) - # kubernetes.io/ingress.class: nginx - # Depending on the size and complexity of your scans, you might want to increase the default ingress timeouts if you see repeated 504 Gateway Timeouts - # nginx.ingress.kubernetes.io/proxy-read-timeout: "1800" - # nginx.ingress.kubernetes.io/proxy-send-timeout: "1800" - nginx: - tls: - enabled: false - generateCertificate: false - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 256Mi - nodeSelector: {} - replicas: 1 - tolerations: [] - uwsgi: - livenessProbe: - # Enable liveness checks on uwsgi container. Those values are use on nginx readiness checks as well. - enabled: true - failureThreshold: 6 - initialDelaySeconds: 120 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: - requests: - cpu: 100m - memory: 256Mi - limits: - cpu: 2000m - memory: 512Mi - app_settings: - processes: 2 - threads: 2 - enable_debug: false # this also requires DD_DEBUG to be set to True - certificates: - # includes additional CA certificate as volume, it refrences REQUESTS_CA_BUNDLE env varible - # to create configMap `kubectl create cm defectdojo-ca-certs --from-file=ca.crt` - # NOTE: it reflects REQUESTS_CA_BUNDLE for celery workers, beats as well - enabled: false - configName: defectdojo-ca-certs - certMountPath: /certs/ - certFileName: ca.crt - - # A list of extra volumes to mount. This - # is useful for bringing in extra data that can be referenced by other configurations - # at a well known path, such as local_settings. The - # value of this should be a list of objects. - # - # Example: - # - # ```yaml - # extraVolumes: - # - type: configMap - # name: local_settings - # path: /app/dojo/settings/local_settings.py - # container: uwsgi - # subPath: local_settings.py - # - type: hostPath - # name: host_directory - # path: /app/dojo/settings/ - # hostPath: /var/run - # container: uwsgi - # ``` - # - # Each object supports the following keys: - # - # - `type` - Type of the volume, must be one of "configMap", "secret", "hostPath". Case sensitive. - # Even is supported we are highly recommending to avoid hostPath for security reasons (usually blocked by PSP) - # - `name` - Name of the configMap or secret to be mounted. This also controls - # the path that it is mounted to. The volume will be mounted to `/consul/userconfig/`. - # - `path` - defines where file should be exposed - # - `container` - defines where volume needs to be mounted, must be uwsgi or nginx - # - `subPath` - extracts only particular file from secret or configMap - # - `pathType` - only for hostPath, can be one of the "DirectoryOrCreate", "Directory" (default), "FileOrCreate", - # "File", "Socket", "CharDevice", "BlockDevice" - # - `hostPath` - only for hostPath, file or directory from local host - # @type: array - extraVolumes: [] - - # This feature needs more preparation before can be enabled, please visit KUBERNETES.md#media-persistent-volume - mediaPersistentVolume: - enabled: true - fsGroup: 1001 - # any name - name: media - # could be emptyDir (not for production) or pvc - type: emptyDir - # in case if pvc specified, should point to the already existing pvc - persistentVolumeClaim: - # set to true to create a new pvc and if django.mediaPersistentVolume.type is set to pvc - create: false - name: - size: 5Gi - accessModes: - - ReadWriteMany # check KUBERNETES.md doc first for option to choose - storageClassName: - -initializer: - run: true - jobAnnotations: { - helm.sh/hook: "post-install,post-upgrade" - } - annotations: {} - keepSeconds: 60 - affinity: {} - nodeSelector: {} - resources: - requests: - cpu: 100m - memory: 256Mi - limits: - cpu: 2000m - memory: 512Mi - - # A list of extra volumes to mount. This - # is useful for bringing in extra data that can be referenced by other configurations - # at a well known path, such as local_settings. The - # value of this should be a list of objects. - # - # Example: - # - # ```yaml - # extraVolumes: - # - type: configMap - # name: local_settings - # path: /app/dojo/settings/local_settings.py - # subPath: local_settings.py - # - type: hostPath - # name: host_directory - # path: /tmp - # hostPath: /tmp - # ``` - # - # Each object supports the following keys: - # - # - `type` - Type of the volume, must be one of "configMap", "secret", "hostPath". Case sensitive. - # Even is supported we are highly recommending to avoid hostPath for security reasons (usually blocked by PSP) - # - `name` - Name of the configMap or secret to be mounted. This also controls - # the path that it is mounted to. The volume will be mounted to `/consul/userconfig/`. - # - `path` - defines where file should be exposed - # - `subPath` - extracts only particular file from secret or configMap - # - `pathType` - only for hostPath, can be one of the "DirectoryOrCreate", "Directory" (default), "FileOrCreate", - # "File", "Socket", "CharDevice", "BlockDevice" - # - `hostPath` - only for hostPath, file or directory from local host - # @type: array - extraVolumes: [] - -mysql: - enabled: false - auth: - username: defectdojo - password: "" - rootPassword: "" - database: defectdojo - existingSecret: defectdojo-mysql-specific - secretKey: mysql-password - primary: - service: - ports: - mysql: 3306 - # To use an external mySQL instance, set enabled to false and uncomment - # the line below / add external address: - # mysqlServer: "127.0.0.1" - -postgresql: -# enabled: true - enabled: false - image: - tag: 11.16.0-debian-11-r9 - auth: - username: defectdojo - password: "" - database: defectdojo - existingSecret: defectdojo-postgresql-specific - secretKeys: - adminPasswordKey: postgresql-postgres-password - userPasswordKey: postgresql-password - replicationPasswordKey: postgresql-replication-password - architecture: standalone - primary: - name: primary - persistence: - enabled: true - service: - ports: - postgresql: 5432 - podSecurityContext: - # Default is true for K8s. Enabled needs to false for OpenShift restricted SCC and true for anyuid SCC - enabled: true - # fsGroup specification below is not applied if enabled=false. enabled=false is the required setting for OpenShift "restricted SCC" to work successfully. - fsGroup: 1001 - containerSecurityContext: - # Default is true for K8s. Enabled needs to false for OpenShift restricted SCC and true for anyuid SCC - enabled: true - # runAsUser specification below is not applied if enabled=false. enabled=false is the required setting for OpenShift "restricted SCC" to work successfully. - runAsUser: 1001 - affinity: {} - nodeSelector: {} - volumePermissions: - enabled: false - # if using restricted SCC set runAsUser: "auto" and if running under anyuid SCC - runAsUser needs to match the line above - containerSecurityContext: - runAsUser: 1001 - shmVolume: - chmod: - enabled: false - - # To use an external PostgreSQL instance, set enabled to false and uncomment - # the line below: - # postgresServer: "127.0.0.1" - -postgresqlha: - enabled: false - global: - pgpool: - existingSecret: defectdojo-postgresql-ha-pgpool - serviceAccount: - create: true - postgresql: - replicaCount: 3 - username: defectdojo - password: "" - repmgrPassword: "" - database: defectdojo - existingSecret: defectdojo-postgresql-ha-specific - securityContext: - enabled: true - fsGroup: 1001 - containerSecurityContext: - enabled: true - runAsUser: 1001 - pgpool: - replicaCount: 3 - adminPassword: "" - securityContext: - enabled: true - fsGroup: 1001 - volumePermissions: - enabled: true - securityContext: - runAsUser: 1001 - persistence: - enabled: true - service: - ports: - postgresql: 5432 - -# Google CloudSQL support in GKE via gce-proxy -cloudsql: - # To use CloudSQL in GKE set 'enable: true' - enabled: false - # By default, the proxy has verbose logging. Set this to false to make it less verbose - verbose: true - image: - # set repo and image tag of gce-proxy - repository: gcr.io/cloudsql-docker/gce-proxy - tag: 1.33.14 - pullPolicy: IfNotPresent - # set CloudSQL instance: 'project:zone:instancename' - instance: "" - # use IAM database authentication - enable_iam_login: false - # whether to use a private IP to connect to the database - use_private_ip: false - -# Settings to make running the chart on GKE simpler -gke: - # Set to true to configure the Ingress to use the GKE provided ingress controller - useGKEIngress: false - # Set to true to have GKE automatically provision a TLS certificate for the host specified - # Requires useGKEIngress to be set to true - # When using this option, be sure to set django.ingress.activateTLS to false - useManagedCertificate: false - # Workload Identity allows the K8s service account to assume the IAM access of a GCP service account to interact with other GCP services - workloadIdentityEmail: "" - -rabbitmq: - enabled: true - replicaCount: 1 - auth: - password: "" - erlangCookie: "" - existingPasswordSecret: defectdojo-rabbitmq-specific - secretPasswordKey: "" - existingErlangSecret: defectdojo-rabbitmq-specific - memoryHighWatermark: - enabled: true - type: relative - value: 0.5 - affinity: {} - nodeSelector: {} - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 500m - memory: 512Mi - podSecurityContext: - enabled: true - fsGroup: 1001 - containerSecurityContext: - enabled: true - runAsUser: 1001 - runAsNonRoot: true - -# For more advance options check the bitnami chart documentation: https://github.com/bitnami/charts/tree/master/bitnami/redis -redis: - enabled: false - scheme: "redis" - transportEncryption: - enabled: false - params: '' - auth: - existingSecret: defectdojo-redis-specific - existingSecretPasswordKey: redis-password - password: "" - architecture: standalone - # To use an external Redis instance, set enabled to false and uncomment - # the line below: - # redisServer: myrediscluster - # To use a different port for Redis (default: 6379) add a port number and uncomment the lines below: - # master: - # service: - # ports: - # redis: xxxx - -# To add extra variables not predefined by helm config it is possible to define in extraConfigs block, e.g. below: -# NOTE Do not store any kind of sensitive information inside of it -# extraConfigs: -# DD_SOCIAL_AUTH_AUTH0_OAUTH2_ENABLED: 'true' -# DD_SOCIAL_AUTH_AUTH0_KEY: 'dev' -# DD_SOCIAL_AUTH_AUTH0_DOMAIN: 'xxxxx' - -# Extra secrets can be created inside of extraSecrets block: -# NOTE This is just an exmaple, do not store sensitive data in plain text form, better inject it during the deployment/upgrade by --set extraSecrets.secret=someSecret -# extraSecrets: -# DD_SOCIAL_AUTH_AUTH0_SECRET: 'xxx' -extraConfigs: {} - -# To add (or override) extra variables which need to be pulled from another configMap, you can -# use extraEnv. For example: -# extraEnv: -# - name: DD_DATABASE_HOST -# valueFrom: -# configMapKeyRef: -# name: my-other-postgres-configmap -# key: cluster_endpoint - diff --git a/dev/defectdojo/helm/values.yaml b/dev/defectdojo/helm/values.yaml deleted file mode 100755 index 34dde96..0000000 --- a/dev/defectdojo/helm/values.yaml +++ /dev/null @@ -1,36 +0,0 @@ -tag: 2.22.4 -fullnameOverride: defectdojo -host: defectdojo.alldcs.nl -site_url: https://defectdojo.alldcs.nl -alternativeHosts: - - defectdojo-django.defectdojo -celery: - beat: - nodeSelector: - kubernetes.io/arch: amd64 - worker: - nodeSelector: - kubernetes.io/arch: amd64 -initializer: - # should be false after initial installation was performed - run: true - nodeSelector: - kubernetes.io/arch: amd64 -django: - ingress: - enabled: true # change to 'false' for OpenShift - activateTLS: false - uwsgi: - livenessProbe: - # Enable liveness checks on uwsgi container. Those values are use on nginx readiness checks as well. - # default value is 120, so in our case 20 is just fine - initialDelaySeconds: 20 - nodeSelector: - kubernetes.io/arch: amd64 -rabbitmq: - nodeSelector: - kubernetes.io/arch: amd64 -postgresql: - primary: - nodeSelector: - kubernetes.io/arch: amd64 diff --git a/dev/defectdojo/yaml/ingressroute-http.yml b/dev/defectdojo/ingressroute-http.yml similarity index 100% rename from dev/defectdojo/yaml/ingressroute-http.yml rename to dev/defectdojo/ingressroute-http.yml diff --git a/dev/defectdojo/yaml/ingressroute-tls.yml b/dev/defectdojo/ingressroute-tls.yml similarity index 100% rename from dev/defectdojo/yaml/ingressroute-tls.yml rename to dev/defectdojo/ingressroute-tls.yml diff --git a/dev/defectdojo/installeren_met_yaml b/dev/defectdojo/installeren_met_yaml deleted file mode 100644 index e69de29..0000000 diff --git a/dev/defectdojo/yaml/restart.sh b/dev/defectdojo/restart.sh similarity index 100% rename from dev/defectdojo/yaml/restart.sh rename to dev/defectdojo/restart.sh diff --git a/dev/defectdojo/yaml/chatgpt/defectdojo.yaml b/dev/defectdojo/yaml/chatgpt/defectdojo.yaml deleted file mode 100644 index 22d68b6..0000000 --- a/dev/defectdojo/yaml/chatgpt/defectdojo.yaml +++ /dev/null @@ -1,283 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: defectdojo - namespace: defectdojo -spec: - replicas: 1 - selector: - matchLabels: - app: defectdojo - template: - metadata: - labels: - app: defectdojo - spec: - containers: - - name: defectdojo - image: defectdojo/defectdojo:2.31.0 - env: - - name: DD_DATABASE_URL - valueFrom: - secretKeyRef: - name: defectdojo-secret - key: DD_DATABASE_URL - - name: DD_ADMIN_USER - valueFrom: - secretKeyRef: - name: defectdojo-secret - key: DD_ADMIN_USER - - name: DD_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: defectdojo-secret - key: DD_ADMIN_PASSWORD - - name: DD_REDIS_HOST - value: redis - - name: DD_REDIS_PORT - value: "6379" - volumeMounts: - - name: web-storage - mountPath: /app/media - volumes: - - name: web-storage - persistentVolumeClaim: - claimName: dd-web-pvc ---- -apiVersion: v1 -kind: Service -metadata: - name: defectdojo - namespace: defectdojo -spec: - ports: - - port: 8080 - targetPort: 8080 - selector: - app: defectdojo ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: celery-worker - namespace: defectdojo -spec: - replicas: 1 - selector: - matchLabels: - app: celery-worker - template: - metadata: - labels: - app: celery-worker - spec: - containers: - - name: celery-worker - image: defectdojo/worker:2.31.0 - env: - - name: DD_DATABASE_URL - valueFrom: - secretKeyRef: - name: defectdojo-secret - key: DD_DATABASE_URL - - name: DD_REDIS_HOST - value: redis - volumeMounts: - - name: worker-storage - mountPath: /app/media - volumes: - - name: worker-storage - persistentVolumeClaim: - claimName: dd-celeryworker-pvc ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: celery-beat - namespace: defectdojo -spec: - replicas: 1 - selector: - matchLabels: - app: celery-beat - template: - metadata: - labels: - app: celery-beat - spec: - containers: - - name: celery-beat - image: defectdojo/beat:2.31.0 - env: - - name: DD_DATABASE_URL - valueFrom: - secretKeyRef: - name: defectdojo-secret - key: DD_DATABASE_URL - - name: DD_REDIS_HOST - value: redis - volumeMounts: - - name: beat-storage - mountPath: /app/media - volumes: - - name: beat-storage - persistentVolumeClaim: - claimName: dd-celerybeat-pvc ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: redis - namespace: defectdojo -spec: - replicas: 1 - selector: - matchLabels: - app: redis - template: - metadata: - labels: - app: redis - spec: - containers: - - name: redis - image: redis:7 - volumeMounts: - - mountPath: /data - name: redis-storage - command: ["redis-server", "--appendonly", "yes"] - volumes: - - name: redis-storage - persistentVolumeClaim: - claimName: dd-redis-pvc ---- -apiVersion: v1 -kind: Service -metadata: - name: redis - namespace: defectdojo -spec: - ports: - - port: 6379 - selector: - app: redis ---- -apiVersion: v1 -kind: Secret -metadata: - name: defectdojo-secret - namespace: defectdojo -type: Opaque -stringData: - DD_DATABASE_URL: "postgres://defectdojo:defectdojo@postgres15.postgres.svc.cluster.local:5432/defectdojo" - DD_ADMIN_USER: "admin" - DD_ADMIN_PASSWORD: "Defectdojo01@" ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: pv-defectdojo-nginx -spec: - capacity: - storage: 2Gi - accessModes: - - ReadWriteMany - nfs: - server: 192.168.2.110 - path: /mnt/nfs_share/defectdojo/nginx - persistentVolumeReclaimPolicy: Retain ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: pv-defectdojo-redis -spec: - capacity: - storage: 2Gi - accessModes: - - ReadWriteMany - nfs: - server: 192.168.2.110 - path: /mnt/nfs_share/defectdojo/redis - persistentVolumeReclaimPolicy: Retain ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: pv-defectdojo-celerybeat -spec: - capacity: - storage: 2Gi - accessModes: - - ReadWriteMany - nfs: - server: 192.168.2.110 - path: /mnt/nfs_share/defectdojo/celerybeat - persistentVolumeReclaimPolicy: Retain ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: pv-defectdojo-celeryworker -spec: - capacity: - storage: 2Gi - accessModes: - - ReadWriteMany - nfs: - server: 192.168.2.110 - path: /mnt/nfs_share/defectdojo/celeryworker - persistentVolumeReclaimPolicy: Retain ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: pvc-defectdojo-nginx - namespace: defectdojo -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 2Gi - volumeName: pv-defectdojo-nginx ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: pvc-defectdojo-redis - namespace: defectdojo -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 2Gi - volumeName: pv-defectdojo-redis ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: pvc-defectdojo-celerybeat - namespace: defectdojo -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 2Gi - volumeName: pv-defectdojo-celerybeat ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: pvc-defectdojo-celeryworker - namespace: defectdojo -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 2Gi - volumeName: pv-defectdojo-celeryworker - diff --git a/dev/defectdojo/yaml/dt-report.json.bak b/dev/defectdojo/yaml/dt-report.json.bak deleted file mode 100644 index 0ebb72f..0000000 --- a/dev/defectdojo/yaml/dt-report.json.bak +++ /dev/null @@ -1,27 +0,0 @@ -Dependency-Track
\ No newline at end of file diff --git a/dev/tekton/README.md b/dev/tekton/README.md index 35d482f..0b3dbb9 100755 --- a/dev/tekton/README.md +++ b/dev/tekton/README.md @@ -8,6 +8,8 @@ https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml kubectl apply --filename \ https://storage.googleapis.com/tekton-releases/dashboard/latest/release-full.yaml + let op: er staat ook een dashboard.yaml in de git, die is alleen voor argocd + #daarna: kubectl apply -f ingressroute-tls.yaml