AllardDCS/kubernetes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

change

Browse Source
This commit is contained in:
Ubuntu
2025-11-28 13:36:24 +01:00
parent f8f5596af1
commit 93b7c2b770
22 changed files with 2 additions and 2109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
dev/defectdojo/yaml/README.md → dev/defectdojo/README.md
View File

0
dev/defectdojo/yaml/admin-password.txt → dev/defectdojo/admin-password.txt
View File

0
dev/defectdojo/yaml/defectdojo.yaml → dev/defectdojo/defectdojo.yaml
View File

0
dev/defectdojo/yaml/extra/defectdojo-with-initializer.ignore → dev/defectdojo/extra/defectdojo-with-initializer.ignore
View File

0
dev/defectdojo/yaml/defectdojo-with-initializer.yaml → dev/defectdojo/extra/defectdojo-with-initializer.yaml
View File

42
dev/defectdojo/helm/README.md
View File

@@ -1,42 +0,0 @@
#Installatie
https://epam.github.io/edp-install/operator-guide/install-defectdojo/
kubectl create namespace defectdojo
helm repo add defectdojo 'https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/helm-charts'
helm repo update
Create PostgreSQL admin secret:
kubectl -n defectdojo create secret generic defectdojo-postgresql-specific \
--from-literal=postgresql-password=defectdojodefect \
--from-literal=postgresql-postgres-password=defectdojodefect
Create Rabbitmq admin secret:
kubectl -n defectdojo create secret generic defectdojo-rabbitmq-specific \
--from-literal=rabbitmq-password=defectdojo \
--from-literal=rabbitmq-erlang-cookie=defectdojodefectdojodefectdojojo
Create DefectDojo admin secret:
kubectl -n defectdojo create secret generic defectdojo \
--from-literal=DD_ADMIN_PASSWORD=defectdojodefectdojojo \
--from-literal=DD_SECRET_KEY=defectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefecdojojo \
--from-literal=DD_CREDENTIAL_AES_256_KEY=defectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefecdojojo \
--from-literal=METRICS_HTTP_AUTH_PASSWORD=defectdojodefectdojodefectdojojo
Install DefectDojo v.2.22.4 using defectdojo/defectdojo Helm chart v.1.6.69:
helm upgrade --install \
defectdojo \
--version 1.6.69 \
defectdojo/defectdojo \
--namespace defectdojo \
--values values.yaml

1060
dev/defectdojo/helm/defectdojo-helm.yaml
View File

File diff suppressed because it is too large Load Diff

5
dev/defectdojo/helm/defectdojo-secret.sh
View File

@@ -1,5 +0,0 @@
microk8s kubectl -n defectdojo create secret generic defectdojo \
--from-literal=DD_ADMIN_PASSWORD=defectdojodefectdojojo \
--from-literal=DD_SECRET_KEY=defectdodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojo \
--from-literal=DD_CREDENTIAL_AES_256_KEY=defectdodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojodefectdojo \
--from-literal=METRICS_HTTP_AUTH_PASSWORD=defectdojodefectdojodefectdojojo -n defectdojo

14
dev/defectdojo/helm/ingressroute-http.yaml
View File

@@ -1,14 +0,0 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: defectdojo-http
namespace: defectdojo
spec:
entryPoints:
- web
routes:
- match: Host(`defectdojo-dev.allarddcs.nl`)
kind: Rule
services:
- name: defectdojo-django
port: 80

16
dev/defectdojo/helm/ingressroute-tls.yaml
View File

@@ -1,16 +0,0 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: defectdojo-tls
namespace: defectdojo
spec:
entryPoints:
- websecure
routes:
- match: Host(`defectdojo-dev.allarddcs.nl`)
kind: Rule
services:
- name: defectdojo-django
port: 80
tls:
certResolver: letsencrypt

68
dev/defectdojo/helm/persistent-volumes.yaml
View File

@@ -1,68 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: defectdojo-postgres-pv
spec:
storageClassName: ""
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
mountOptions:
- hard
- nfsvers=4.1
nfs:
server: 192.168.2.110
path: /mnt/nfs_share/defectdojo/postgres
readOnly: false
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: data-defectdojo-postgresql-0
namespace: defectdojo
spec:
storageClassName: ""
volumeName: defectdojo-postgres-pv
accessModes:
- ReadWriteMany
volumeMode: Filesystem
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: defectdojo-rabbitmq-pv
spec:
storageClassName: ""
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
mountOptions:
- hard
- nfsvers=4.1
nfs:
server: 192.168.2.110
path: /mnt/nfs_share/defectdojo/rabbitmq
readOnly: false
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: data-defectdojo-rabbitmq-0
namespace: defectdojo
spec:
storageClassName: ""
volumeName: defectdojo-rabbitmq-pv
accessModes:
- ReadWriteMany
volumeMode: Filesystem
resources:
requests:
storage: 1Gi

3
dev/defectdojo/helm/postgres-secret.sh
View File

@@ -1,3 +0,0 @@
microk8s kubectl -n defectdojo create secret generic defectdojo-postgresql-specific \
--from-literal=postgresql-password=defectdojo \
--from-literal=postgresql-postgres-password=defectdojo -n defectdojo

3
dev/defectdojo/helm/rabbitmq-secret.sh
View File

@@ -1,3 +0,0 @@
microk8s kubectl -n defectdojo create secret generic defectdojo-rabbitmq-specific \
--from-literal=rabbitmq-password=mqrabbitmq \
--from-literal=rabbitmq-erlang-cookie=rabbitmqrabbitmqrabbitmqrabbitmq -n defectdojo

552
dev/defectdojo/helm/values-complete.yaml
View File

@@ -1,552 +0,0 @@
---
# Global settings
# create defectdojo specific secret
createSecret: false
# create rabbitmq secret in defectdojo chart, outside of rabbitmq chart
createRabbitMqSecret: false
# create redis secret in defectdojo chart, outside of redis chart
createRedisSecret: false
# create mysql secret in defectdojo chart, outside of mysql chart
createMysqlSecret: false
# create postgresql secret in defectdojo chart, outside of postgresql chart
createPostgresqlSecret: false
# create postgresql-ha secret in defectdojo chart, outside of postgresql-ha chart
createPostgresqlHaSecret: false
# create postgresql-ha-pgpool secret in defectdojo chart, outside of postgresql-ha chart
createPostgresqlHaPgpoolSecret: false
# Track configuration (trackConfig): will automatically respin application pods in case of config changes detection
# can be:
# - disabled, default
# - enabled, enables tracking configuration changes based on SHA256
# trackConfig: disabled
# Enables application network policy
# For more info follow https://kubernetes.io/docs/concepts/services-networking/network-policies/
networkPolicy:
enabled: false
# if additional labels need to be allowed (e.g. prometheus scraper)
ingressExtend: []
# ingressExtend:
# - podSelector:
# matchLabels:
# app.kubernetes.io/instance: defectdojo-prometheus
egress: []
# egress:
# - to:
# - ipBlock:
# cidr: 10.0.0.0/24
# ports:
# - protocol: TCP
# port: 443
# Configuration value to select database type
# Option to use "postgresql" or "mysql" database type, by default "mysql" is chosen
# Set the "enable" field to true of the database type you select (if you want to use internal database) and false of the one you don't select
database: postgresql
# Primary hostname of instance
host: defectdojo.default.minikube.local
# The full URL to your defectdojo instance, depends on the domain where DD is deployed, it also affects links in Jira
# site_url: 'https://<yourdomain>'
# optional list of alternative hostnames to use that gets appended to
# DD_ALLOWED_HOSTS. This is necessary when your local hostname does not match
# the global hostname.
# alternativeHosts:
# - defectdojo.example.com
imagePullPolicy: Always
# Where to pull the defectDojo images from. Defaults to "defectdojo/*" repositories on hub.docker.com
repositoryPrefix: defectdojo
# When using a private registry, name of the secret that holds the registry secret (eg deploy token from gitlab-ci project)
# Create secrets as: kubectl create secret docker-registry defectdojoregistrykey --docker-username=registry_username --docker-password=registry_password --docker-server='https://index.docker.io/v1/'
# imagePullSecrets: defectdojoregistrykey
tag: latest
# Additional labels to add to the pods:
# podLabels:
# key: value
podLabels: {}
# Allow overriding of revisionHistoryLimit across all deployments.
# revisionHistoryLimit: 10
securityContext:
enabled: true
djangoSecurityContext:
# django dockerfile sets USER=1001
runAsUser: 1001
nginxSecurityContext:
# nginx dockerfile sets USER=1001
runAsUser: 1001
tests:
unitTests:
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
admin:
user: admin
password:
firstName: Administrator
lastName: User
mail: admin@defectdojo.local
secretKey:
credentialAes256Key:
metricsHttpAuthPassword:
monitoring:
enabled: false
# Add the nginx prometheus exporter sidecar
prometheus:
enabled: false
image: nginx/nginx-prometheus-exporter:0.11.0
imagePullPolicy: IfNotPresent
annotations: {}
# Components
celery:
broker: rabbitmq
# To use an external celery broker, set the hostname here
brokerHost: ""
logLevel: INFO
beat:
annotations: {}
affinity: {}
nodeSelector: {}
replicas: 1
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 2000m
memory: 256Mi
tolerations: []
worker:
annotations: {}
affinity: {}
logLevel: INFO
nodeSelector: {}
replicas: 1
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 2000m
memory: 512Mi
tolerations: []
app_settings:
pool_type: solo
# Performance improved celery worker config when needing to deal with a lot of findings (e.g deduplication ops)
# Comment out the "solo" line, and uncomment the following lines.
# pool_type: prefork
# autoscale_min: 2
# autoscale_max: 8
# concurrency: 8
# prefetch_multiplier: 128
# A list of extra volumes to mount. This
# is useful for bringing in extra data that can be referenced by other configurations
# at a well known path, such as local_settings. The
# value of this should be a list of objects.
#
# Example:
#
# ```yaml
# extraVolumes:
# - type: configMap
# name: local_settings
# path: /app/dojo/settings/local_settings.py
# subPath: local_settings.py
# - type: hostPath
# name: host_directory
# path: /tmp
# hostPath: /tmp
# ```
#
# Each object supports the following keys:
#
# - `type` - Type of the volume, must be one of "configMap", "secret", "hostPath". Case sensitive.
# Even is supported we are highly recommending to avoid hostPath for security reasons (usually blocked by PSP)
# - `name` - Name of the configMap or secret to be mounted. This also controls
# the path that it is mounted to. The volume will be mounted to `/consul/userconfig/<name>`.
# - `path` - defines where file should be exposed
# - `subPath` - extracts only particular file from secret or configMap
# - `pathType` - only for hostPath, can be one of the "DirectoryOrCreate", "Directory" (default), "FileOrCreate",
# "File", "Socket", "CharDevice", "BlockDevice"
# - `hostPath` - only for hostPath, file or directory from local host
# @type: array<map>
extraVolumes: []
django:
annotations: {}
service:
annotations: {}
affinity: {}
ingress:
enabled: true
ingressClassName: ""
activateTLS: true
secretName: defectdojo-tls
annotations: {}
# Restricts the type of ingress controller that can interact with our chart (nginx, traefik, ...)
# kubernetes.io/ingress.class: nginx
# Depending on the size and complexity of your scans, you might want to increase the default ingress timeouts if you see repeated 504 Gateway Timeouts
# nginx.ingress.kubernetes.io/proxy-read-timeout: "1800"
# nginx.ingress.kubernetes.io/proxy-send-timeout: "1800"
nginx:
tls:
enabled: false
generateCertificate: false
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 2000m
memory: 256Mi
nodeSelector: {}
replicas: 1
tolerations: []
uwsgi:
livenessProbe:
# Enable liveness checks on uwsgi container. Those values are use on nginx readiness checks as well.
enabled: true
failureThreshold: 6
initialDelaySeconds: 120
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 2000m
memory: 512Mi
app_settings:
processes: 2
threads: 2
enable_debug: false # this also requires DD_DEBUG to be set to True
certificates:
# includes additional CA certificate as volume, it refrences REQUESTS_CA_BUNDLE env varible
# to create configMap `kubectl create cm defectdojo-ca-certs --from-file=ca.crt`
# NOTE: it reflects REQUESTS_CA_BUNDLE for celery workers, beats as well
enabled: false
configName: defectdojo-ca-certs
certMountPath: /certs/
certFileName: ca.crt
# A list of extra volumes to mount. This
# is useful for bringing in extra data that can be referenced by other configurations
# at a well known path, such as local_settings. The
# value of this should be a list of objects.
#
# Example:
#
# ```yaml
# extraVolumes:
# - type: configMap
# name: local_settings
# path: /app/dojo/settings/local_settings.py
# container: uwsgi
# subPath: local_settings.py
# - type: hostPath
# name: host_directory
# path: /app/dojo/settings/
# hostPath: /var/run
# container: uwsgi
# ```
#
# Each object supports the following keys:
#
# - `type` - Type of the volume, must be one of "configMap", "secret", "hostPath". Case sensitive.
# Even is supported we are highly recommending to avoid hostPath for security reasons (usually blocked by PSP)
# - `name` - Name of the configMap or secret to be mounted. This also controls
# the path that it is mounted to. The volume will be mounted to `/consul/userconfig/<name>`.
# - `path` - defines where file should be exposed
# - `container` - defines where volume needs to be mounted, must be uwsgi or nginx
# - `subPath` - extracts only particular file from secret or configMap
# - `pathType` - only for hostPath, can be one of the "DirectoryOrCreate", "Directory" (default), "FileOrCreate",
# "File", "Socket", "CharDevice", "BlockDevice"
# - `hostPath` - only for hostPath, file or directory from local host
# @type: array<map>
extraVolumes: []
# This feature needs more preparation before can be enabled, please visit KUBERNETES.md#media-persistent-volume
mediaPersistentVolume:
enabled: true
fsGroup: 1001
# any name
name: media
# could be emptyDir (not for production) or pvc
type: emptyDir
# in case if pvc specified, should point to the already existing pvc
persistentVolumeClaim:
# set to true to create a new pvc and if django.mediaPersistentVolume.type is set to pvc
create: false
name:
size: 5Gi
accessModes:
- ReadWriteMany # check KUBERNETES.md doc first for option to choose
storageClassName:
initializer:
run: true
jobAnnotations: {
helm.sh/hook: "post-install,post-upgrade"
}
annotations: {}
keepSeconds: 60
affinity: {}
nodeSelector: {}
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 2000m
memory: 512Mi
# A list of extra volumes to mount. This
# is useful for bringing in extra data that can be referenced by other configurations
# at a well known path, such as local_settings. The
# value of this should be a list of objects.
#
# Example:
#
# ```yaml
# extraVolumes:
# - type: configMap
# name: local_settings
# path: /app/dojo/settings/local_settings.py
# subPath: local_settings.py
# - type: hostPath
# name: host_directory
# path: /tmp
# hostPath: /tmp
# ```
#
# Each object supports the following keys:
#
# - `type` - Type of the volume, must be one of "configMap", "secret", "hostPath". Case sensitive.
# Even is supported we are highly recommending to avoid hostPath for security reasons (usually blocked by PSP)
# - `name` - Name of the configMap or secret to be mounted. This also controls
# the path that it is mounted to. The volume will be mounted to `/consul/userconfig/<name>`.
# - `path` - defines where file should be exposed
# - `subPath` - extracts only particular file from secret or configMap
# - `pathType` - only for hostPath, can be one of the "DirectoryOrCreate", "Directory" (default), "FileOrCreate",
# "File", "Socket", "CharDevice", "BlockDevice"
# - `hostPath` - only for hostPath, file or directory from local host
# @type: array<map>
extraVolumes: []
mysql:
enabled: false
auth:
username: defectdojo
password: ""
rootPassword: ""
database: defectdojo
existingSecret: defectdojo-mysql-specific
secretKey: mysql-password
primary:
service:
ports:
mysql: 3306
# To use an external mySQL instance, set enabled to false and uncomment
# the line below / add external address:
# mysqlServer: "127.0.0.1"
postgresql:
# enabled: true
enabled: false
image:
tag: 11.16.0-debian-11-r9
auth:
username: defectdojo
password: ""
database: defectdojo
existingSecret: defectdojo-postgresql-specific
secretKeys:
adminPasswordKey: postgresql-postgres-password
userPasswordKey: postgresql-password
replicationPasswordKey: postgresql-replication-password
architecture: standalone
primary:
name: primary
persistence:
enabled: true
service:
ports:
postgresql: 5432
podSecurityContext:
# Default is true for K8s. Enabled needs to false for OpenShift restricted SCC and true for anyuid SCC
enabled: true
# fsGroup specification below is not applied if enabled=false. enabled=false is the required setting for OpenShift "restricted SCC" to work successfully.
fsGroup: 1001
containerSecurityContext:
# Default is true for K8s. Enabled needs to false for OpenShift restricted SCC and true for anyuid SCC
enabled: true
# runAsUser specification below is not applied if enabled=false. enabled=false is the required setting for OpenShift "restricted SCC" to work successfully.
runAsUser: 1001
affinity: {}
nodeSelector: {}
volumePermissions:
enabled: false
# if using restricted SCC set runAsUser: "auto" and if running under anyuid SCC - runAsUser needs to match the line above
containerSecurityContext:
runAsUser: 1001
shmVolume:
chmod:
enabled: false
# To use an external PostgreSQL instance, set enabled to false and uncomment
# the line below:
# postgresServer: "127.0.0.1"
postgresqlha:
enabled: false
global:
pgpool:
existingSecret: defectdojo-postgresql-ha-pgpool
serviceAccount:
create: true
postgresql:
replicaCount: 3
username: defectdojo
password: ""
repmgrPassword: ""
database: defectdojo
existingSecret: defectdojo-postgresql-ha-specific
securityContext:
enabled: true
fsGroup: 1001
containerSecurityContext:
enabled: true
runAsUser: 1001
pgpool:
replicaCount: 3
adminPassword: ""
securityContext:
enabled: true
fsGroup: 1001
volumePermissions:
enabled: true
securityContext:
runAsUser: 1001
persistence:
enabled: true
service:
ports:
postgresql: 5432
# Google CloudSQL support in GKE via gce-proxy
cloudsql:
# To use CloudSQL in GKE set 'enable: true'
enabled: false
# By default, the proxy has verbose logging. Set this to false to make it less verbose
verbose: true
image:
# set repo and image tag of gce-proxy
repository: gcr.io/cloudsql-docker/gce-proxy
tag: 1.33.14
pullPolicy: IfNotPresent
# set CloudSQL instance: 'project:zone:instancename'
instance: ""
# use IAM database authentication
enable_iam_login: false
# whether to use a private IP to connect to the database
use_private_ip: false
# Settings to make running the chart on GKE simpler
gke:
# Set to true to configure the Ingress to use the GKE provided ingress controller
useGKEIngress: false
# Set to true to have GKE automatically provision a TLS certificate for the host specified
# Requires useGKEIngress to be set to true
# When using this option, be sure to set django.ingress.activateTLS to false
useManagedCertificate: false
# Workload Identity allows the K8s service account to assume the IAM access of a GCP service account to interact with other GCP services
workloadIdentityEmail: ""
rabbitmq:
enabled: true
replicaCount: 1
auth:
password: ""
erlangCookie: ""
existingPasswordSecret: defectdojo-rabbitmq-specific
secretPasswordKey: ""
existingErlangSecret: defectdojo-rabbitmq-specific
memoryHighWatermark:
enabled: true
type: relative
value: 0.5
affinity: {}
nodeSelector: {}
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
podSecurityContext:
enabled: true
fsGroup: 1001
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsNonRoot: true
# For more advance options check the bitnami chart documentation: https://github.com/bitnami/charts/tree/master/bitnami/redis
redis:
enabled: false
scheme: "redis"
transportEncryption:
enabled: false
params: ''
auth:
existingSecret: defectdojo-redis-specific
existingSecretPasswordKey: redis-password
password: ""
architecture: standalone
# To use an external Redis instance, set enabled to false and uncomment
# the line below:
# redisServer: myrediscluster
# To use a different port for Redis (default: 6379) add a port number and uncomment the lines below:
# master:
# service:
# ports:
# redis: xxxx
# To add extra variables not predefined by helm config it is possible to define in extraConfigs block, e.g. below:
# NOTE Do not store any kind of sensitive information inside of it
# extraConfigs:
# DD_SOCIAL_AUTH_AUTH0_OAUTH2_ENABLED: 'true'
# DD_SOCIAL_AUTH_AUTH0_KEY: 'dev'
# DD_SOCIAL_AUTH_AUTH0_DOMAIN: 'xxxxx'
# Extra secrets can be created inside of extraSecrets block:
# NOTE This is just an exmaple, do not store sensitive data in plain text form, better inject it during the deployment/upgrade by --set extraSecrets.secret=someSecret
# extraSecrets:
# DD_SOCIAL_AUTH_AUTH0_SECRET: 'xxx'
extraConfigs: {}
# To add (or override) extra variables which need to be pulled from another configMap, you can
# use extraEnv. For example:
# extraEnv:
# - name: DD_DATABASE_HOST
# valueFrom:
# configMapKeyRef:
# name: my-other-postgres-configmap
# key: cluster_endpoint

36
dev/defectdojo/helm/values.yaml
View File

@@ -1,36 +0,0 @@
tag: 2.22.4
fullnameOverride: defectdojo
host: defectdojo.alldcs.nl
site_url: https://defectdojo.alldcs.nl
alternativeHosts:
- defectdojo-django.defectdojo
celery:
beat:
nodeSelector:
kubernetes.io/arch: amd64
worker:
nodeSelector:
kubernetes.io/arch: amd64
initializer:
# should be false after initial installation was performed
run: true
nodeSelector:
kubernetes.io/arch: amd64
django:
ingress:
enabled: true # change to 'false' for OpenShift
activateTLS: false
uwsgi:
livenessProbe:
# Enable liveness checks on uwsgi container. Those values are use on nginx readiness checks as well.
# default value is 120, so in our case 20 is just fine
initialDelaySeconds: 20
nodeSelector:
kubernetes.io/arch: amd64
rabbitmq:
nodeSelector:
kubernetes.io/arch: amd64
postgresql:
primary:
nodeSelector:
kubernetes.io/arch: amd64

0
dev/defectdojo/yaml/ingressroute-http.yml → dev/defectdojo/ingressroute-http.yml
View File

0
dev/defectdojo/yaml/ingressroute-tls.yml → dev/defectdojo/ingressroute-tls.yml
View File

0
dev/defectdojo/installeren_met_yaml
View File

0
dev/defectdojo/yaml/restart.sh → dev/defectdojo/restart.sh
View File

283
dev/defectdojo/yaml/chatgpt/defectdojo.yaml
View File

@@ -1,283 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: defectdojo
namespace: defectdojo
spec:
replicas: 1
selector:
matchLabels:
app: defectdojo
template:
metadata:
labels:
app: defectdojo
spec:
containers:
- name: defectdojo
image: defectdojo/defectdojo:2.31.0
env:
- name: DD_DATABASE_URL
valueFrom:
secretKeyRef:
name: defectdojo-secret
key: DD_DATABASE_URL
- name: DD_ADMIN_USER
valueFrom:
secretKeyRef:
name: defectdojo-secret
key: DD_ADMIN_USER
- name: DD_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: defectdojo-secret
key: DD_ADMIN_PASSWORD
- name: DD_REDIS_HOST
value: redis
- name: DD_REDIS_PORT
value: "6379"
volumeMounts:
- name: web-storage
mountPath: /app/media
volumes:
- name: web-storage
persistentVolumeClaim:
claimName: dd-web-pvc
---
apiVersion: v1
kind: Service
metadata:
name: defectdojo
namespace: defectdojo
spec:
ports:
- port: 8080
targetPort: 8080
selector:
app: defectdojo
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: celery-worker
namespace: defectdojo
spec:
replicas: 1
selector:
matchLabels:
app: celery-worker
template:
metadata:
labels:
app: celery-worker
spec:
containers:
- name: celery-worker
image: defectdojo/worker:2.31.0
env:
- name: DD_DATABASE_URL
valueFrom:
secretKeyRef:
name: defectdojo-secret
key: DD_DATABASE_URL
- name: DD_REDIS_HOST
value: redis
volumeMounts:
- name: worker-storage
mountPath: /app/media
volumes:
- name: worker-storage
persistentVolumeClaim:
claimName: dd-celeryworker-pvc
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: celery-beat
namespace: defectdojo
spec:
replicas: 1
selector:
matchLabels:
app: celery-beat
template:
metadata:
labels:
app: celery-beat
spec:
containers:
- name: celery-beat
image: defectdojo/beat:2.31.0
env:
- name: DD_DATABASE_URL
valueFrom:
secretKeyRef:
name: defectdojo-secret
key: DD_DATABASE_URL
- name: DD_REDIS_HOST
value: redis
volumeMounts:
- name: beat-storage
mountPath: /app/media
volumes:
- name: beat-storage
persistentVolumeClaim:
claimName: dd-celerybeat-pvc
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis
namespace: defectdojo
spec:
replicas: 1
selector:
matchLabels:
app: redis
template:
metadata:
labels:
app: redis
spec:
containers:
- name: redis
image: redis:7
volumeMounts:
- mountPath: /data
name: redis-storage
command: ["redis-server", "--appendonly", "yes"]
volumes:
- name: redis-storage
persistentVolumeClaim:
claimName: dd-redis-pvc
---
apiVersion: v1
kind: Service
metadata:
name: redis
namespace: defectdojo
spec:
ports:
- port: 6379
selector:
app: redis
---
apiVersion: v1
kind: Secret
metadata:
name: defectdojo-secret
namespace: defectdojo
type: Opaque
stringData:
DD_DATABASE_URL: "postgres://defectdojo:defectdojo@postgres15.postgres.svc.cluster.local:5432/defectdojo"
DD_ADMIN_USER: "admin"
DD_ADMIN_PASSWORD: "Defectdojo01@"
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-defectdojo-nginx
spec:
capacity:
storage: 2Gi
accessModes:
- ReadWriteMany
nfs:
server: 192.168.2.110
path: /mnt/nfs_share/defectdojo/nginx
persistentVolumeReclaimPolicy: Retain
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-defectdojo-redis
spec:
capacity:
storage: 2Gi
accessModes:
- ReadWriteMany
nfs:
server: 192.168.2.110
path: /mnt/nfs_share/defectdojo/redis
persistentVolumeReclaimPolicy: Retain
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-defectdojo-celerybeat
spec:
capacity:
storage: 2Gi
accessModes:
- ReadWriteMany
nfs:
server: 192.168.2.110
path: /mnt/nfs_share/defectdojo/celerybeat
persistentVolumeReclaimPolicy: Retain
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-defectdojo-celeryworker
spec:
capacity:
storage: 2Gi
accessModes:
- ReadWriteMany
nfs:
server: 192.168.2.110
path: /mnt/nfs_share/defectdojo/celeryworker
persistentVolumeReclaimPolicy: Retain
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc-defectdojo-nginx
namespace: defectdojo
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 2Gi
volumeName: pv-defectdojo-nginx
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc-defectdojo-redis
namespace: defectdojo
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 2Gi
volumeName: pv-defectdojo-redis
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc-defectdojo-celerybeat
namespace: defectdojo
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 2Gi
volumeName: pv-defectdojo-celerybeat
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc-defectdojo-celeryworker
namespace: defectdojo
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 2Gi
volumeName: pv-defectdojo-celeryworker

27
dev/defectdojo/yaml/dt-report.json.bak
View File

File diff suppressed because one or more lines are too long

2
dev/tekton/README.md
View File

@@ -8,6 +8,8 @@ https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml
kubectl apply --filename \
https://storage.googleapis.com/tekton-releases/dashboard/latest/release-full.yaml
let op: er staat ook een dashboard.yaml in de git, die is alleen voor argocd
#daarna:
kubectl apply -f ingressroute-tls.yaml