From 2d77d091442c52afe681d86385b4186995171f4f Mon Sep 17 00:00:00 2001 From: Jesus Carpintero Date: Fri, 16 Jun 2023 17:28:01 +0200 Subject: [PATCH] Improve ingress based on .global.domain --- examples/aws.yaml | 67 +- examples/local.yaml | 212 +-- examples/templates/aws.yaml | 70 +- examples/templates/local.yaml | 1248 ++++------------- stable/vulcan/README.md | 627 ++++++--- stable/vulcan/templates/_common.tpl | 4 +- stable/vulcan/templates/_configmap.tpl | 2 +- stable/vulcan/templates/_helpers.tpl | 53 + stable/vulcan/templates/_hpa.yaml | 4 +- stable/vulcan/templates/_ingress.yaml | 92 +- stable/vulcan/templates/_proxy.tpl | 4 +- stable/vulcan/templates/_secret.tpl | 2 +- stable/vulcan/templates/_service.yaml | 2 +- stable/vulcan/templates/api/deployment.yaml | 8 +- .../templates/crontinuous/deployment.yaml | 4 +- stable/vulcan/templates/goaws/deployment.yaml | 2 +- .../vulcan/templates/insights/deployment.yaml | 2 +- .../vulcan/templates/metrics/deployment.yaml | 6 +- .../templates/persistence/deployment.yaml | 4 +- .../reportsgenerator/deployment.yaml | 12 +- .../vulcan/templates/results/deployment.yaml | 4 +- .../templates/scanengine/deployment.yaml | 4 +- .../templates/sqsexporter/deployment.yaml | 2 +- .../vulcan/templates/stream/deployment.yaml | 4 +- stable/vulcan/templates/ui/deployment.yaml | 2 +- .../vulcan/templates/vulndb/deployment.yaml | 8 +- .../templates/vulndbapi/deployment.yaml | 4 +- stable/vulcan/values.yaml | 93 +- 28 files changed, 1071 insertions(+), 1475 deletions(-) diff --git a/examples/aws.yaml b/examples/aws.yaml index a5cbff3d..69ab8580 100644 --- a/examples/aws.yaml +++ b/examples/aws.yaml @@ -1,5 +1,5 @@ global: - domain: example.vulcan.com + domain: vulcan.example.com region: eu-west-1 podLabels: global-namespace: "{{ .Release.Namespace }}" @@ -60,7 +60,6 @@ api: callback: https://www.vulcan.example.com/api/v1/login/callback issuer: http://www.issuer.com/appcode metadata: https://org.issuer.com/app/appcode/sso/saml/metadata - trustedDomains: '["vulcan.example.com"]' secretKey: apisecretkey globalPolicies: - name: web-scanning-global @@ -93,14 +92,6 @@ api: nginx.ingress.kubernetes.io/enable-cors: "true" nginx.ingress.kubernetes.io/proxy-body-size: 8m enabled: true - hosts: - - host: www.vulcan.example.com - paths: - - /api - tls: - - hosts: - - www.vulcan.example.com - secretName: vulcan-api-tls proxy: timeoutServer: 50s crontinuous: @@ -146,6 +137,8 @@ insights: imagePullSecrets: - name: pullsecretname ingress: + enabled: true + tls: true annotations: certmanager.k8s.io/cluster-issuer: letsencrypt nginx.ingress.kubernetes.io/configuration-snippet: | @@ -157,15 +150,6 @@ insights: more_set_headers "Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' https://insights.vulcan.example.com https://www.google-analytics.com; font-src 'self' https://insights.vulcan.example.com; connect-src 'self' https://insights.vulcan.example.com; img-src 'self' https://insights.vulcan.example.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://insights.vulcan.example.com; object-src 'none'"; nginx.ingress.kubernetes.io/cors-allow-origin: '*' nginx.ingress.kubernetes.io/enable-cors: "true" - enabled: true - hosts: - - host: insights.vulcan.example.com - paths: - - / - tls: - - hosts: - - insights.vulcan.example.com - secretName: vulcan-insights-tls metrics: annotations: iam.amazonaws.com/role: arn:aws:iam::000000000000:role/MetricsRole @@ -178,7 +162,6 @@ metrics: devHoseURL: http://devhosehost.com/devhose findingsQueueArn: arn:aws:sqs:eu-west-1:000000000000:MetricsFindings scansQueueArn: arn:aws:sqs:eu-west-1:000000000000:MetricsScans - vulcanAPIExternal: https://api.vulcan.example.com/api vulcanAPIToken: supersecretvulcantoken image: tag: tag-metrics @@ -211,18 +194,11 @@ persistence: imagePullSecrets: - name: pullsecretname ingress: + enabled: true + tls: true annotations: certmanager.k8s.io/cluster-issuer: letsencrypt nginx.ingress.kubernetes.io/proxy-body-size: 8m - enabled: true - hosts: - - host: persistence.vulcan.example.com - paths: - - / - tls: - - hosts: - - persistence.vulcan.example.com - secretName: vulcan-persistence-tls reportsgenerator: annotations: iam.amazonaws.com/role: arn:aws:iam::000000000000:role/ReportsGeneratorRole @@ -298,18 +274,11 @@ results: imagePullSecrets: - name: pullsecretname ingress: + enabled: true + tls: true annotations: certmanager.k8s.io/cluster-issuer: letsencrypt nginx.ingress.kubernetes.io/proxy-body-size: 8m - enabled: true - hosts: - - host: results.vulcan.example.com - paths: - - / - tls: - - hosts: - - results.vulcan.example.com - secretName: vulcan-results-tls scanengine: annotations: iam.amazonaws.com/role: arn:aws:iam::000000000000:role/ScanEngineRole @@ -362,19 +331,12 @@ stream: imagePullSecrets: - name: pullsecretname ingress: + enabled: true + tls: true annotations: certmanager.k8s.io/cluster-issuer: letsencrypt nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" - enabled: true - hosts: - - host: stream.vulcan.example.com - paths: - - / - tls: - - hosts: - - stream.vulcan.example.com - secretName: vulcan-stream-tls ui: conf: apiUrl: https://www.vulcan.example.com/api/v1/ @@ -393,17 +355,11 @@ ui: imagePullSecrets: - name: pullsecretname ingress: + enabled: true + tls: true annotations: certmanager.k8s.io/cluster-issuer: letsencrypt enabled: true - hosts: - - host: www.vulcan.example.com - paths: - - / - tls: - - hosts: - - www.vulcan.example.com - secretName: vulcan-ui-tls vulndb: annotations: iam.amazonaws.com/role: arn:aws:iam::000000000000:role/VulnDBRole @@ -411,7 +367,6 @@ vulndb: checksQueueArn: arn:aws:sqs:eu-west-1:000000000000:VulnDBChecks sqsNumProcessors: 5 logLevel: info - resultsUrl: https://results.vulcan.example.com vulnsTopicArn: arn:aws:sns:eu-west-1:000000000000:VulnDBVulns vulnsTopicEnabled: true kafka: diff --git a/examples/local.yaml b/examples/local.yaml index 84886ce9..ee8f8056 100644 --- a/examples/local.yaml +++ b/examples/local.yaml @@ -1,16 +1,18 @@ -minio: - enabled: true - ingress: - enabled: true - hostname: minio.vulcan.local +global: + domain: localhost.direct -goaws: - enabled: true - ingress: - enabled: true - hosts: - - host: goaws.vulcan.local - paths: [/] +extraManifests: + # See https://get.localhost.direct/ + tls: | + apiVersion: v1 + kind: Secret + metadata: + name: localhost-direct-tls + labels: {{- include "vulcan.labels" . | nindent 4 }} + type: kubernetes.io/tls + data: + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUdWVENDQlQyZ0F3SUJBZ0lNQ01XYUQwa0ZBK2JIT2Q4U01BMEdDU3FHU0liM0RRRUJDd1VBTUV3eEN6QUoKQmdOVkJBWVRBa0pGTVJrd0Z3WURWUVFLRXhCSGJHOWlZV3hUYVdkdUlHNTJMWE5oTVNJd0lBWURWUVFERXhsQgpiSEJvWVZOVFRDQkRRU0F0SUZOSVFUSTFOaUF0SUVjME1CNFhEVEl6TURRd01URTJNemN5TlZvWERUSTBNRFV3Ck1qRTJNemN5TkZvd0hURWJNQmtHQTFVRUF3d1NLaTVzYjJOaGJHaHZjM1F1WkdseVpXTjBNSUlCSWpBTkJna3EKaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFuOFNNS2ZMOXE3c3FPMGtNc2JoelRIVVNqWnVoRTVEYwprMU91SmhycTdWcXU2M0RKbXZRTEJFZTN0NkJWZHBHRlZDTWFBVVd5NjVXSjhSSEZqTWhCNktSSnRpMlcyNmhqClJOMU95V1JocS9PRlRjbjdrVjZqVFAwSUVVWXorSWRrNnZYVS9RSGJqWlVIWlZRMU81SDhpYVJ6SDRlaHphbmMKMmJPUEVCRzZibnNxYXFNZ2ozcnhEV1N5cG0zb0lyQ1lmZ09IMzUwVHQ5TGVUQytldC9aSTV3Y29LTGlqVWtLUgpjRHpQODFQb0xnUWtkQ29FTVhaKzdxNEpLcEtreFBwUWpqcDFiMUNabE9KZ2ozRE5QdkVyMnFNODV0dEhNRCtWCnhHTTA0NWxBVXNoaEdYaG1VbTFCUXNSRGdyeXg1dnhVS2dyQmdKUEJxS1o0VW9kYXNEdUU4UUlEQVFBQm80SUQKWkRDQ0EyQXdEZ1lEVlIwUEFRSC9CQVFEQWdXZ01JR1RCZ2dyQmdFRkJRY0JBUVNCaGpDQmd6QkdCZ2dyQmdFRgpCUWN3QW9ZNmFIUjBjRG92TDNObFkzVnlaUzVuYkc5aVlXeHphV2R1TG1OdmJTOWpZV05sY25RdllXeHdhR0Z6CmMyeGpZWE5vWVRJMU5tYzBMbU55ZERBNUJnZ3JCZ0VGQlFjd0FZWXRhSFIwY0RvdkwyOWpjM0F1WjJ4dlltRnMKYzJsbmJpNWpiMjB2WVd4d2FHRnpjMnhqWVhOb1lUSTFObWMwTUZjR0ExVWRJQVJRTUU0d0NBWUdaNEVNQVFJQgpNRUlHQ2lzR0FRUUJvRElLQVFNd05EQXlCZ2dyQmdFRkJRY0NBUlltYUhSMGNITTZMeTkzZDNjdVoyeHZZbUZzCmMybG5iaTVqYjIwdmNtVndiM05wZEc5eWVTOHdDUVlEVlIwVEJBSXdBREJCQmdOVkhSOEVPakE0TURhZ05LQXkKaGpCb2RIUndPaTh2WTNKc0xtZHNiMkpoYkhOcFoyNHVZMjl0TDJGc2NHaGhjM05zWTJGemFHRXlOVFpuTkM1agpjbXd3THdZRFZSMFJCQ2d3Sm9JU0tpNXNiMk5oYkdodmMzUXVaR2x5WldOMGdoQnNiMk5oYkdodmMzUXVaR2x5ClpXTjBNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpBZkJnTlZIU01FR0RBV2dCUlAKeTZ5b3d1K3IzWU52YTcvT21EMWNXQ1YyRlRBZEJnTlZIUTRFRmdRVW9raVBPQ3hwcFVGUCs0Um9DOGsyS0ZrUwpZYmt3Z2dGL0Jnb3JCZ0VFQWRaNUFnUUNCSUlCYndTQ0FXc0JhUUIxQUhQWm5va2JUSlo0b0NCOVI1M21zc1ljCjBGRmVjUmtxakd1QUVIckJkM0sxQUFBQmh6MnVaRTBBQUFRREFFWXdSQUlnQi9jMEJ6dVVKdG5SdFBuNGFTUW4KM0NkUWpRL2FwVmpCWHBaNWl0VjhYamdDSUJDWG90TXU4M2w2RnJpdDhCMXV0NTFIclJZc3NsNVRKTDMrTnlpOAo0Vk84QUhjQVNMRGphOXFtUnpRUDVXb0MrcDB3Nnh4U0FjdFczU3lCMmJ1L3F6blloSE1BQUFHSFBhNWt6UUFBCkJBTUFTREJHQWlFQTFZNmZrZzBvOWY5M3VHbXRmVXFQS0x2enZRQVg3T1h0c2ZDbC9WZEtkeVFDSVFERjdET24KRFpwbFJkVmRrRTl4WldoZ0R3bElOdFJYOHlVWGlrVWc2ejZORWdCM0FPN04wR1RWMnhyT3hWeTNuYlRORTZJeQpoMFo4dk96ZXcxRklXVVp4SDdXYkFBQUJoejJ1WlJFQUFBUURBRWd3UmdJaEFMeDRON3dZVjNyTzVOejIxbjFxCjNRbk5WVW5jR3RQSTFaTW9ydU5xV25IaEFpRUE1aU9vN213b1JSWUduNzduWEVSYUlBVU9BNGlWNnB2emFZeEMKeWFVMXJFTXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBSHowczk3ckVRWnJzV1FVRVpkaUhocjV4eUh0dFI3dAovMDkvbEVUMTU4aTNOM3hSQmhMUytpSEVPTGdhdnM4Q29GZkxwT21ySnVhNnpQczI2WGliM0cvT3pkNTRLMnN6CjF2VjJ5OVdKVFI0ZGNnOWlqaVZibUFLY2hlZG1UN1NxS3RicjFLc2hLQWoycThpelJWM2R1S1gxanNmaTN6UCsKYThQZTF2YloxcVVOSU5YQ3NqUjMyckcxbSt0d2x1TE13N2tONndiMlM1Qk4reVJHNTVYR0NZT0JMN0d2UEE0ZAowUlZrc2grVCtNMXNqaWNjRGU2bFcrVXZWYjJVM0xsS3VYekVGQTBHSnp3YU1aT0NzUjdnN3hvMFVGZVk5d1haCllmNWMzRHc5dml1SlZDVE0vWFc3QkpVaU1yQ21HZzg2NG1DZ0dGVkJnUnVnWmlrdXkxRVFmRTQ9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVUVENDQXpXZ0F3SUJBZ0lMQkFBQUFBQUJSRTd3TmpFd0RRWUpLb1pJaHZjTkFRRUxCUUF3VnpFTE1Ba0cKQTFVRUJoTUNRa1V4R1RBWEJnTlZCQW9URUVkc2IySmhiRk5wWjI0Z2JuWXRjMkV4RURBT0JnTlZCQXNUQjFKdgpiM1FnUTBFeEd6QVpCZ05WQkFNVEVrZHNiMkpoYkZOcFoyNGdVbTl2ZENCRFFUQWVGdzB4TkRBeU1qQXhNREF3Ck1EQmFGdzB5TkRBeU1qQXhNREF3TURCYU1Fd3hDekFKQmdOVkJBWVRBa0pGTVJrd0Z3WURWUVFLRXhCSGJHOWkKWVd4VGFXZHVJRzUyTFhOaE1TSXdJQVlEVlFRREV4bEJiSEJvWVZOVFRDQkRRU0F0SUZOSVFUSTFOaUF0SUVjeQpNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQTJnSHM1T3h6WVB0K2oycTN4aGZqCmttUXkxS3dBMmFJUHVlM3VhNHFHeXBKbjJYVFhYVWNDUEk5QTFwNXRGTTNEMmlrNXB3OEZDbWlpWmhvZXhMS0wKZGxqbHExMGRqMEN6T1l2dkhvTjlJdERqcVFBdTdGUFBZaG1GUkNoTXdDZkxldzdzRUdRQUVLUUZ6S0J5dmtGcwpNVnRJNUxIc3VTUHJWVTNRZldKS3BiU2xwRm1GeFNXUnB2Nm1DWjhHRUcyUGdReGtRRjV6QUpyZ0xtV1lWQkFBCmNKakk0ZTAwWDlpY3h3M0ExaU5aUmZ6K1ZYcUc3cFJnSXZHdTBlWlZSdmFaeFJzSWRGK3NzR1NFajRrNEhLR24Ka0NGUEFtNjk0R0ZuMVBoQ2h3OEs5OGtFYlNxcEwrOUNwZC9kbzFQYm1CNkIrWnB5ZTFyZVR6NS9vbGlnNGhldApad0lEQVFBQm80SUJJekNDQVI4d0RnWURWUjBQQVFIL0JBUURBZ0VHTUJJR0ExVWRFd0VCL3dRSU1BWUJBZjhDCkFRQXdIUVlEVlIwT0JCWUVGUFhOMVR3SVVQbHFUenEzbDlwV2crWnAwbWozTUVVR0ExVWRJQVErTUR3d09nWUUKVlIwZ0FEQXlNREFHQ0NzR0FRVUZCd0lCRmlSb2RIUndjem92TDNkM2R5NWhiSEJvWVhOemJDNWpiMjB2Y21WdwpiM05wZEc5eWVTOHdNd1lEVlIwZkJDd3dLakFvb0NhZ0pJWWlhSFIwY0RvdkwyTnliQzVuYkc5aVlXeHphV2R1CkxtNWxkQzl5YjI5MExtTnliREE5QmdnckJnRUZCUWNCQVFReE1DOHdMUVlJS3dZQkJRVUhNQUdHSVdoMGRIQTYKTHk5dlkzTndMbWRzYjJKaGJITnBaMjR1WTI5dEwzSnZiM1J5TVRBZkJnTlZIU01FR0RBV2dCUmdlMllhUlEyWAp5b2xRTDMwRXpUU28vL3o5U3pBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQVlFQm9Ga2ZuRm8zYlhLRldLc3YwClhKdXdIcUpMOWNzQ1AvZ0xvZktuUXRTM1RPdmpab0R6SlVONExoc1hWZ2RTR012UnFPem0rM00rcEdLTWdMVFMKeFJKem85UDZBamkrWXoyRXVKbkI4YnIzbjhOQTBWZ1lVOEZpM2E4WVFuODBUc1ZEMVhHd01BREg0NUN1UDFlRwpsODdxREJLT0luRGpacWRVZnk0b3k5UlUwTE1lWW1jSStTZmh5K05tdUNRYmlXcUpSR1h5MlV6U1dCeU1Uc0NWCm9kVHZaeTg0SU9ndS81WlI4THJZUFpKd1IyVWNubk55dEdBTVhPTFJjM2JncjA3aTVUZWxSUytLSXo2SHh6RG0KTVRoODlOMVN5dk5UQkNWWFZtYVU2QXZ1NWdNVVR1NzliWlJrbmw3T2VkU3lwczlBc1VTb1BvY1pYdW40SVJaWgpVdz09IAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2QUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktZd2dnU2lBZ0VBQW9JQkFRQ2Z4SXdwOHYycnV5bzcKU1F5eHVITk1kUktObTZFVGtOeVRVNjRtR3VydFdxN3JjTW1hOUFzRVI3ZTNvRlYya1lWVUl4b0JSYkxybFlueApFY1dNeUVIb3BFbTJMWmJicUdORTNVN0paR0dyODRWTnlmdVJYcU5NL1FnUlJqUDRoMlRxOWRUOUFkdU5sUWRsClZEVTdrZnlKcEhNZmg2SE5xZHpaczQ4UUVicHVleXBxb3lDUGV2RU5aTEttYmVnaXNKaCtBNGZmblJPMzB0NU0KTDU2Mzlram5CeWdvdUtOU1FwRndQTS96VStndUJDUjBLZ1F4ZG43dXJna3FrcVRFK2xDT09uVnZVSm1VNG1DUApjTTArOFN2YW96em0yMGN3UDVYRVl6VGptVUJTeUdFWmVHWlNiVUZDeEVPQ3ZMSG0vRlFxQ3NHQWs4R29wbmhTCmgxcXdPNFR4QWdNQkFBRUNnZ0VBZTZKaWdOZmIrN2ZqcjJzUkdycE01djYxczhXYU9ZVGhYRlRtTC9DbW1iU1MKSmZucTJURS9FVG5hYm92eGRzYVhzWXRVUldYRlZrOHJKdFVFMWJQbVpQdzFXbmdmQks1aTIxaVM3bi95b1ZqYQpjRjc4Z1BzR1RiNkZMckR2Nk1RRmtWbFpUOHpQTk5uOWxpazY1SFZOUXNweW1CU2lYbit6T3ZpYm5laktKMUdKCmVQQ2dnSE1UOHkxQ3JlWHIyQmtEak5VUis0ZXhkOVFhdEpiZlNTZG15YytGcytnWFoydytJclcxMTRyTTZHUWIKcDU2TGZLREkyUjNkSDB6Yy8xZzUzY2dvTDdNZ3ZxeHVnZ2p6SUFTR3c0WG8zZHlzeHN4QmdweXNCMHk3QVlyTAo3SnQxbkU5UVQ2QVQwRjVzdS8yUTJnM0ltVFRpWHF1bVB6TzhUWXRDQVFLQmdRREt1b09BSlR5SHVxRVRQd1huCjRRRlFNZEhjem1aVUVvYmVIdVdIbmlkeThIVjBBdzNjWDVaeFJxWmNoMUR3OWZPT1luYTZLSkthcTJZdzVHaHoKRGNxbEUxY1A2UW1pbThibUQ0L3o3NjMvSUlKNVQ4SjE4cDNBS0V3NS9CcituYldwOE43Wk1Eejl4YTYrcWtybQpOZnI5eE1HZFdRaDVPeXUrU2tudzJFdHhrUUtCZ1FESndCTDZ4OWV2dENhT09HbkEvMHZwc29GTWFGWDBTQngrCk5SQ3Y1ZWhySFc1RDg4UHk4OE8weW1SSElFVmFNTWtuZ2hsY1RVbG41OEtZcmswa3pxaE5Mb1pZWlZmNml2cHQKOXFRYVJuSVVneThrcmxyRGl5dm40T0ZuaGZoNURObS9uZCt3aWtQSkV3Y0kxcTB6OFI3K2c5eTNSS0NOTDZzMgpIUUczSmo4dFlRS0JnRW9CVkVmUFVBMXNQNmk2OVBqMDFubmo5ZXhaSEZuTWVaZFVTQTM5MmdESGJ0anUxSHlDCkdIVTVpVGwxM0VKYVJwTFB0dSsySis1MmExT2x6Y3RTV1l0eFIvTHk2eVdGSUZLVGs4VkUxWXV3M25CU2dYWjEKSHNrcTdNaXVFMXluVGMyL3RGb3NsZGM5OXRCN2NlUWdDSVBpODVyeENYclg4dHdBV29XbEw4VkJBb0dBUGcwNgppVEdBRUVXTGVrQzFuaXVuY0poN2xrR2M5a1picFNHeklUYklWbkcxNFdhUFJTRmVkek9zeGdlUjdSeUdNZ1djCndUdndNT29pZXcxWkl0SUJCOFFnZy8yZm9xcXVQYllYWVJGN3N2MXFPWkQ2ejV2MWhCc3htTUttMnF4dUtMWm8KLzRaM05OZ0tXTmlXYXh4bFdRaTdrUTZsaHVjN2RLaFZSN3lXditFQ2dZQXVNMmd0VDgzRHlSNHltU083UTZkdgpkVC9VT2J6cmtQZkRta1JXMnk0UFVxQUM2UGEvOSs0SGJCZ0hHcHRhMG1JdTdqd3pTZUR6dktoT2YzOVRPZEdkCnJncUM4Y29hblUzS1VRMGhRM3F4YzMxc0swNHhkMG9MN0lsSE44NHJhWWFranBsZFJjR0RhNXJNQnZ1QWhYN2wKVXR6S1hYUmFXTm9SeTBEZlJXem95dz09Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K postgresql: enabled: true @@ -18,107 +20,145 @@ postgresql: redis: enabled: true -results: - conf: - linkBase: https://results.vulcan.local +minio: + enabled: true ingress: enabled: true - hosts: - - host: results.vulcan.local - paths: [/] + hostname: minio.localhost.direct + tls: true + extraTls: + - secretName: localhost-direct-tls + apiIngress: + enabled: true + hostname: s3.localhost.direct + tls: true + extraTls: + - secretName: localhost-direct-tls -stream: - ingress: - annotations: - nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" - nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" +goaws: + enabled: true + ingress: &ingress enabled: true - hosts: - - host: stream.vulcan.local - paths: [/] + tls: true + secretName: localhost-direct-tls + +results: + enabled: true + image: + tag: latest + proxy: &proxy + enabled: false + dogstatsd: &dogstatsd + enabled: false + ingress: *ingress + +stream: + enabled: true + image: + tag: latest + proxy: *proxy + dogstatsd: *dogstatsd + ingress: *ingress persistence: - ingress: - enabled: true - hosts: - - host: persistence.vulcan.local - paths: [/] + enabled: true + image: + tag: latest + proxy: *proxy + dogstatsd: *dogstatsd + ingress: *ingress api: + enabled: true + image: + tag: latest conf: + secretKey: mysecretkey saml: - callback: https://www.vulcan.local/api/v1/login/callback - trustedDomains: '["www.vulcan.local"]' + # Setup your SAML + # Okta format + metadata: https://example.okta.com/app/yourclientid/sso/saml/metadata + issuer: http://www.okta.com/yourclientid + # auth0 format + # metadata: https://example.eu.auth0.com/samlp/metadata/yourclientid + # issuer: urn:example.eu.auth0.com + # callback: https://www.localhost.direct/api/v1/login/callback globalPolicies: + - name: default-global + allowedChecks: + - vulcan-exposed-http + - vulcan-exposed-ssh + - vulcan-http-headers + - vulcan-retirejs + - vulcan-semgrep + - vulcan-smtp-open-relay + - vulcan-trivy - name: web-scanning-global - allowedAssettypes: - blockedAssettypes: allowedChecks: - - vulcan-zap - blockedChecks: - excludingSuffixes: - - experimental - ingress: - enabled: true - annotations: - nginx.ingress.kubernetes.io/enable-cors: "true" - nginx.ingress.kubernetes.io/cors-allow-origin: "https://www.vulcan.local" - nginx.ingress.kubernetes.io/proxy-body-size: 8m - hosts: - - host: www.vulcan.local - paths: [/api] + # - vulcan-zap + # - vulcan-burp + proxy: *proxy + dogstatsd: *dogstatsd + ingress: *ingress crontinuous: - conf: - teamsWhitelistScan: '["team1", "team2"]' - teamsWhitelistReport: '["team3"]' - ingress: - enabled: false + enabled: true + image: + tag: latest + proxy: *proxy + ingress: *ingress scanengine: - ingress: - enabled: false + enabled: true + image: + tag: latest + proxy: *proxy + dogstatsd: *dogstatsd + ingress: *ingress ui: + enabled: true + image: + tag: latest + proxy: *proxy conf: - apiUrl: https://www.vulcan.local/api/v1/ - ingress: - enabled: true - hosts: - - host: www.vulcan.local - paths: [/] + apiUrl: + ingress: *ingress insights: - ingress: + enabled: true + image: + tag: latest + proxy: enabled: true - annotations: - nginx.ingress.kubernetes.io/configuration-snippet: | - more_set_headers "X-Frame-Options: SAMEORIGIN"; - more_set_headers "X-Content-Type-Options: nosniff"; - more_set_headers "X-Frame-Options: DENY"; - more_set_headers "X-Xss-Protection: 1"; - more_set_headers "Strict-Transport-Security: max-age=31536000; includeSubDomains"; - more_set_headers "Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' https://insights.vulcan.local https://www.google-analytics.com; font-src 'self' https://insights.vulcan.local; connect-src 'self' https://insights.vulcan.local; img-src 'self' https://insights.vulcan.local https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://insights.vulcan.local; object-src 'none'"; - hosts: - - host: insights.vulcan.local - paths: [/] + ingress: *ingress + +metrics: + enabled: false reportsgenerator: - conf: - generators: - scan: - vulcanUi: http://www.vulcan.local/ - proxyEndpoint: http://insights.vulcan.local - ses: - cc: '["tbd@tbd.com"]' - ingress: + enabled: true + image: + tag: latest + proxy: enabled: false + dogstatsd: *dogstatsd + ingress: *ingress + +vulndb: + enabled: true + image: + tag: latest vulndbapi: - ingress: - enabled: true - hosts: - - host: vulndbapi.vulcan.local - paths: [/] + enabled: true + image: + tag: latest + proxy: *proxy + dogstatsd: *dogstatsd conf: readReplicaHost: + ingress: *ingress + +sqsexporter: + enabled: false diff --git a/examples/templates/aws.yaml b/examples/templates/aws.yaml index 9887a962..e716edff 100644 --- a/examples/templates/aws.yaml +++ b/examples/templates/aws.yaml @@ -954,15 +954,15 @@ spec: - name: LOG_LEVEL value: "INFO" - name: COOKIE_DOMAIN - value: "example.vulcan.com" + value: "vulcan.example.com" - name: SAML_MEATADATA value: "https://org.issuer.com/app/appcode/sso/saml/metadata" - name: SAML_ISSUER value: "http://www.issuer.com/appcode" - name: SAML_CALLBACK - value: "https://www.vulcan.example.com/api/v1/login/callback" + value: http://www.vulcan.example.com/api/v1/login/callback - name: SAML_TRUSTED_DOMAINS - value: "[\"vulcan.example.com\"]" + value: "[\"www.vulcan.example.com\"]" - name: DEFAULT_OWNERS value: "[\"aaaaaaaa-xxxx-yyyy-zzzz-bbbbbbbbbbbb\"]" - name: SCANENGINE_URL @@ -1368,7 +1368,7 @@ spec: - name: VULCAN_API value: http://myrelease-vulcan-api/api - name: VULCAN_API_EXTERNAL - value: "https://api.vulcan.example.com/api" + value: "http://www.vulcan.example.com" - name: DOGSTATSD_ENABLED value: "true" @@ -1685,13 +1685,13 @@ spec: - name: PERSISTENCE_ENDPOINT # We keep this PERSISTENCE variable for compatibility value: "http://myrelease-vulcan-scanengine" - name: RESULTS_ENDPOINT - value: "http://myrelease-vulcan-results" + value: "https://results.vulcan.example.com" - name: SCAN_PROXY_ENDPOINT value: "https://insights.vulcan.example.com" - name: VULCAN_UI value: "https://www.vulcan.example.com/" - name: SCAN_VIEW_REPORT - value: "https://www.vulcan.example.com/api/v1/report?team_id=%s&scan_id=%s" + value: "http://www.vulcan.example.com/api/v1/report?team_id=%s&scan_id=%s" - name: LIVEREPORT_EMAIL_SUBJECT value: "Vulcan Digest" @@ -2339,7 +2339,7 @@ spec: - name: SNS_ENABLED value: "true" - name: RESULTS_URL - value: https://results.vulcan.example.com + value: "https://results.vulcan.example.com" - name: RESULTS_INTERNAL_URL value: "http://myrelease-vulcan-results" - name: KAFKA_ENABLED @@ -2644,12 +2644,8 @@ metadata: nginx.ingress.kubernetes.io/enable-cors: "true" nginx.ingress.kubernetes.io/proxy-body-size: 8m spec: - tls: - - hosts: - - "www.vulcan.example.com" - secretName: vulcan-api-tls rules: - - host: "www.vulcan.example.com" + - host: www.vulcan.example.com http: paths: - path: /api @@ -2683,12 +2679,8 @@ metadata: nginx.ingress.kubernetes.io/cors-allow-origin: '*' nginx.ingress.kubernetes.io/enable-cors: "true" spec: - tls: - - hosts: - - "insights.vulcan.example.com" - secretName: vulcan-insights-tls rules: - - host: "insights.vulcan.example.com" + - host: insights.vulcan.example.com http: paths: - path: / @@ -2698,6 +2690,10 @@ spec: name: myrelease-vulcan-insights port: number: 80 + tls: + - hosts: + - insights.vulcan.example.com + secretName: myrelease-vulcan-insights-tls --- # Source: vulcan/templates/persistence/ingress.yaml apiVersion: networking.k8s.io/v1 @@ -2714,12 +2710,8 @@ metadata: certmanager.k8s.io/cluster-issuer: letsencrypt nginx.ingress.kubernetes.io/proxy-body-size: 8m spec: - tls: - - hosts: - - "persistence.vulcan.example.com" - secretName: vulcan-persistence-tls rules: - - host: "persistence.vulcan.example.com" + - host: persistence.vulcan.example.com http: paths: - path: / @@ -2729,6 +2721,10 @@ spec: name: myrelease-vulcan-persistence port: number: 80 + tls: + - hosts: + - persistence.vulcan.example.com + secretName: myrelease-vulcan-persistence-tls --- # Source: vulcan/templates/results/ingress.yaml apiVersion: networking.k8s.io/v1 @@ -2745,12 +2741,8 @@ metadata: certmanager.k8s.io/cluster-issuer: letsencrypt nginx.ingress.kubernetes.io/proxy-body-size: 8m spec: - tls: - - hosts: - - "results.vulcan.example.com" - secretName: vulcan-results-tls rules: - - host: "results.vulcan.example.com" + - host: results.vulcan.example.com http: paths: - path: / @@ -2760,6 +2752,10 @@ spec: name: myrelease-vulcan-results port: number: 80 + tls: + - hosts: + - results.vulcan.example.com + secretName: myrelease-vulcan-results-tls --- # Source: vulcan/templates/stream/ingress.yaml apiVersion: networking.k8s.io/v1 @@ -2777,12 +2773,8 @@ metadata: nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" spec: - tls: - - hosts: - - "stream.vulcan.example.com" - secretName: vulcan-stream-tls rules: - - host: "stream.vulcan.example.com" + - host: stream.vulcan.example.com http: paths: - path: / @@ -2792,6 +2784,10 @@ spec: name: myrelease-vulcan-stream port: number: 80 + tls: + - hosts: + - stream.vulcan.example.com + secretName: myrelease-vulcan-stream-tls --- # Source: vulcan/templates/ui/ingress.yaml apiVersion: networking.k8s.io/v1 @@ -2807,12 +2803,8 @@ metadata: annotations: certmanager.k8s.io/cluster-issuer: letsencrypt spec: - tls: - - hosts: - - "www.vulcan.example.com" - secretName: vulcan-ui-tls rules: - - host: "www.vulcan.example.com" + - host: www.vulcan.example.com http: paths: - path: / @@ -2822,3 +2814,7 @@ spec: name: myrelease-vulcan-ui port: number: 80 + tls: + - hosts: + - www.vulcan.example.com + secretName: myrelease-vulcan-ui-tls diff --git a/examples/templates/local.yaml b/examples/templates/local.yaml index 72a8a1ce..003ed4d4 100644 --- a/examples/templates/local.yaml +++ b/examples/templates/local.yaml @@ -46,7 +46,7 @@ metadata: type: Opaque data: PG_PASSWORD: "c2VjcmV0" - SECRET_KEY: "VEJEVEJE" + SECRET_KEY: "bXlzZWNyZXRrZXk=" AWSCATALOGUE_KEY: "a2V5" --- # Source: vulcan/templates/crontinuous/secrets.yaml @@ -79,21 +79,20 @@ type: Opaque data: DD_API_KEY: "VEJE" --- -# Source: vulcan/templates/metrics/secrets.yaml +# Source: vulcan/templates/extra-manifests.yaml apiVersion: v1 kind: Secret metadata: - name: myrelease-vulcan-metrics + name: localhost-direct-tls labels: helm.sh/chart: vulcan-0.5.6 app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: vulcan app.kubernetes.io/instance: vulcan - app.kubernetes.io/name: metrics -type: Opaque +type: kubernetes.io/tls data: - DEVHOSE_TOKEN: "dG9rZW4=" - VULCAN_API_TOKEN: "dG9rZW4=" + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUdWVENDQlQyZ0F3SUJBZ0lNQ01XYUQwa0ZBK2JIT2Q4U01BMEdDU3FHU0liM0RRRUJDd1VBTUV3eEN6QUoKQmdOVkJBWVRBa0pGTVJrd0Z3WURWUVFLRXhCSGJHOWlZV3hUYVdkdUlHNTJMWE5oTVNJd0lBWURWUVFERXhsQgpiSEJvWVZOVFRDQkRRU0F0SUZOSVFUSTFOaUF0SUVjME1CNFhEVEl6TURRd01URTJNemN5TlZvWERUSTBNRFV3Ck1qRTJNemN5TkZvd0hURWJNQmtHQTFVRUF3d1NLaTVzYjJOaGJHaHZjM1F1WkdseVpXTjBNSUlCSWpBTkJna3EKaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFuOFNNS2ZMOXE3c3FPMGtNc2JoelRIVVNqWnVoRTVEYwprMU91SmhycTdWcXU2M0RKbXZRTEJFZTN0NkJWZHBHRlZDTWFBVVd5NjVXSjhSSEZqTWhCNktSSnRpMlcyNmhqClJOMU95V1JocS9PRlRjbjdrVjZqVFAwSUVVWXorSWRrNnZYVS9RSGJqWlVIWlZRMU81SDhpYVJ6SDRlaHphbmMKMmJPUEVCRzZibnNxYXFNZ2ozcnhEV1N5cG0zb0lyQ1lmZ09IMzUwVHQ5TGVUQytldC9aSTV3Y29LTGlqVWtLUgpjRHpQODFQb0xnUWtkQ29FTVhaKzdxNEpLcEtreFBwUWpqcDFiMUNabE9KZ2ozRE5QdkVyMnFNODV0dEhNRCtWCnhHTTA0NWxBVXNoaEdYaG1VbTFCUXNSRGdyeXg1dnhVS2dyQmdKUEJxS1o0VW9kYXNEdUU4UUlEQVFBQm80SUQKWkRDQ0EyQXdEZ1lEVlIwUEFRSC9CQVFEQWdXZ01JR1RCZ2dyQmdFRkJRY0JBUVNCaGpDQmd6QkdCZ2dyQmdFRgpCUWN3QW9ZNmFIUjBjRG92TDNObFkzVnlaUzVuYkc5aVlXeHphV2R1TG1OdmJTOWpZV05sY25RdllXeHdhR0Z6CmMyeGpZWE5vWVRJMU5tYzBMbU55ZERBNUJnZ3JCZ0VGQlFjd0FZWXRhSFIwY0RvdkwyOWpjM0F1WjJ4dlltRnMKYzJsbmJpNWpiMjB2WVd4d2FHRnpjMnhqWVhOb1lUSTFObWMwTUZjR0ExVWRJQVJRTUU0d0NBWUdaNEVNQVFJQgpNRUlHQ2lzR0FRUUJvRElLQVFNd05EQXlCZ2dyQmdFRkJRY0NBUlltYUhSMGNITTZMeTkzZDNjdVoyeHZZbUZzCmMybG5iaTVqYjIwdmNtVndiM05wZEc5eWVTOHdDUVlEVlIwVEJBSXdBREJCQmdOVkhSOEVPakE0TURhZ05LQXkKaGpCb2RIUndPaTh2WTNKc0xtZHNiMkpoYkhOcFoyNHVZMjl0TDJGc2NHaGhjM05zWTJGemFHRXlOVFpuTkM1agpjbXd3THdZRFZSMFJCQ2d3Sm9JU0tpNXNiMk5oYkdodmMzUXVaR2x5WldOMGdoQnNiMk5oYkdodmMzUXVaR2x5ClpXTjBNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpBZkJnTlZIU01FR0RBV2dCUlAKeTZ5b3d1K3IzWU52YTcvT21EMWNXQ1YyRlRBZEJnTlZIUTRFRmdRVW9raVBPQ3hwcFVGUCs0Um9DOGsyS0ZrUwpZYmt3Z2dGL0Jnb3JCZ0VFQWRaNUFnUUNCSUlCYndTQ0FXc0JhUUIxQUhQWm5va2JUSlo0b0NCOVI1M21zc1ljCjBGRmVjUmtxakd1QUVIckJkM0sxQUFBQmh6MnVaRTBBQUFRREFFWXdSQUlnQi9jMEJ6dVVKdG5SdFBuNGFTUW4KM0NkUWpRL2FwVmpCWHBaNWl0VjhYamdDSUJDWG90TXU4M2w2RnJpdDhCMXV0NTFIclJZc3NsNVRKTDMrTnlpOAo0Vk84QUhjQVNMRGphOXFtUnpRUDVXb0MrcDB3Nnh4U0FjdFczU3lCMmJ1L3F6blloSE1BQUFHSFBhNWt6UUFBCkJBTUFTREJHQWlFQTFZNmZrZzBvOWY5M3VHbXRmVXFQS0x2enZRQVg3T1h0c2ZDbC9WZEtkeVFDSVFERjdET24KRFpwbFJkVmRrRTl4WldoZ0R3bElOdFJYOHlVWGlrVWc2ejZORWdCM0FPN04wR1RWMnhyT3hWeTNuYlRORTZJeQpoMFo4dk96ZXcxRklXVVp4SDdXYkFBQUJoejJ1WlJFQUFBUURBRWd3UmdJaEFMeDRON3dZVjNyTzVOejIxbjFxCjNRbk5WVW5jR3RQSTFaTW9ydU5xV25IaEFpRUE1aU9vN213b1JSWUduNzduWEVSYUlBVU9BNGlWNnB2emFZeEMKeWFVMXJFTXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBSHowczk3ckVRWnJzV1FVRVpkaUhocjV4eUh0dFI3dAovMDkvbEVUMTU4aTNOM3hSQmhMUytpSEVPTGdhdnM4Q29GZkxwT21ySnVhNnpQczI2WGliM0cvT3pkNTRLMnN6CjF2VjJ5OVdKVFI0ZGNnOWlqaVZibUFLY2hlZG1UN1NxS3RicjFLc2hLQWoycThpelJWM2R1S1gxanNmaTN6UCsKYThQZTF2YloxcVVOSU5YQ3NqUjMyckcxbSt0d2x1TE13N2tONndiMlM1Qk4reVJHNTVYR0NZT0JMN0d2UEE0ZAowUlZrc2grVCtNMXNqaWNjRGU2bFcrVXZWYjJVM0xsS3VYekVGQTBHSnp3YU1aT0NzUjdnN3hvMFVGZVk5d1haCllmNWMzRHc5dml1SlZDVE0vWFc3QkpVaU1yQ21HZzg2NG1DZ0dGVkJnUnVnWmlrdXkxRVFmRTQ9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVUVENDQXpXZ0F3SUJBZ0lMQkFBQUFBQUJSRTd3TmpFd0RRWUpLb1pJaHZjTkFRRUxCUUF3VnpFTE1Ba0cKQTFVRUJoTUNRa1V4R1RBWEJnTlZCQW9URUVkc2IySmhiRk5wWjI0Z2JuWXRjMkV4RURBT0JnTlZCQXNUQjFKdgpiM1FnUTBFeEd6QVpCZ05WQkFNVEVrZHNiMkpoYkZOcFoyNGdVbTl2ZENCRFFUQWVGdzB4TkRBeU1qQXhNREF3Ck1EQmFGdzB5TkRBeU1qQXhNREF3TURCYU1Fd3hDekFKQmdOVkJBWVRBa0pGTVJrd0Z3WURWUVFLRXhCSGJHOWkKWVd4VGFXZHVJRzUyTFhOaE1TSXdJQVlEVlFRREV4bEJiSEJvWVZOVFRDQkRRU0F0SUZOSVFUSTFOaUF0SUVjeQpNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQTJnSHM1T3h6WVB0K2oycTN4aGZqCmttUXkxS3dBMmFJUHVlM3VhNHFHeXBKbjJYVFhYVWNDUEk5QTFwNXRGTTNEMmlrNXB3OEZDbWlpWmhvZXhMS0wKZGxqbHExMGRqMEN6T1l2dkhvTjlJdERqcVFBdTdGUFBZaG1GUkNoTXdDZkxldzdzRUdRQUVLUUZ6S0J5dmtGcwpNVnRJNUxIc3VTUHJWVTNRZldKS3BiU2xwRm1GeFNXUnB2Nm1DWjhHRUcyUGdReGtRRjV6QUpyZ0xtV1lWQkFBCmNKakk0ZTAwWDlpY3h3M0ExaU5aUmZ6K1ZYcUc3cFJnSXZHdTBlWlZSdmFaeFJzSWRGK3NzR1NFajRrNEhLR24Ka0NGUEFtNjk0R0ZuMVBoQ2h3OEs5OGtFYlNxcEwrOUNwZC9kbzFQYm1CNkIrWnB5ZTFyZVR6NS9vbGlnNGhldApad0lEQVFBQm80SUJJekNDQVI4d0RnWURWUjBQQVFIL0JBUURBZ0VHTUJJR0ExVWRFd0VCL3dRSU1BWUJBZjhDCkFRQXdIUVlEVlIwT0JCWUVGUFhOMVR3SVVQbHFUenEzbDlwV2crWnAwbWozTUVVR0ExVWRJQVErTUR3d09nWUUKVlIwZ0FEQXlNREFHQ0NzR0FRVUZCd0lCRmlSb2RIUndjem92TDNkM2R5NWhiSEJvWVhOemJDNWpiMjB2Y21WdwpiM05wZEc5eWVTOHdNd1lEVlIwZkJDd3dLakFvb0NhZ0pJWWlhSFIwY0RvdkwyTnliQzVuYkc5aVlXeHphV2R1CkxtNWxkQzl5YjI5MExtTnliREE5QmdnckJnRUZCUWNCQVFReE1DOHdMUVlJS3dZQkJRVUhNQUdHSVdoMGRIQTYKTHk5dlkzTndMbWRzYjJKaGJITnBaMjR1WTI5dEwzSnZiM1J5TVRBZkJnTlZIU01FR0RBV2dCUmdlMllhUlEyWAp5b2xRTDMwRXpUU28vL3o5U3pBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQVlFQm9Ga2ZuRm8zYlhLRldLc3YwClhKdXdIcUpMOWNzQ1AvZ0xvZktuUXRTM1RPdmpab0R6SlVONExoc1hWZ2RTR012UnFPem0rM00rcEdLTWdMVFMKeFJKem85UDZBamkrWXoyRXVKbkI4YnIzbjhOQTBWZ1lVOEZpM2E4WVFuODBUc1ZEMVhHd01BREg0NUN1UDFlRwpsODdxREJLT0luRGpacWRVZnk0b3k5UlUwTE1lWW1jSStTZmh5K05tdUNRYmlXcUpSR1h5MlV6U1dCeU1Uc0NWCm9kVHZaeTg0SU9ndS81WlI4THJZUFpKd1IyVWNubk55dEdBTVhPTFJjM2JncjA3aTVUZWxSUytLSXo2SHh6RG0KTVRoODlOMVN5dk5UQkNWWFZtYVU2QXZ1NWdNVVR1NzliWlJrbmw3T2VkU3lwczlBc1VTb1BvY1pYdW40SVJaWgpVdz09IAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2QUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktZd2dnU2lBZ0VBQW9JQkFRQ2Z4SXdwOHYycnV5bzcKU1F5eHVITk1kUktObTZFVGtOeVRVNjRtR3VydFdxN3JjTW1hOUFzRVI3ZTNvRlYya1lWVUl4b0JSYkxybFlueApFY1dNeUVIb3BFbTJMWmJicUdORTNVN0paR0dyODRWTnlmdVJYcU5NL1FnUlJqUDRoMlRxOWRUOUFkdU5sUWRsClZEVTdrZnlKcEhNZmg2SE5xZHpaczQ4UUVicHVleXBxb3lDUGV2RU5aTEttYmVnaXNKaCtBNGZmblJPMzB0NU0KTDU2Mzlram5CeWdvdUtOU1FwRndQTS96VStndUJDUjBLZ1F4ZG43dXJna3FrcVRFK2xDT09uVnZVSm1VNG1DUApjTTArOFN2YW96em0yMGN3UDVYRVl6VGptVUJTeUdFWmVHWlNiVUZDeEVPQ3ZMSG0vRlFxQ3NHQWs4R29wbmhTCmgxcXdPNFR4QWdNQkFBRUNnZ0VBZTZKaWdOZmIrN2ZqcjJzUkdycE01djYxczhXYU9ZVGhYRlRtTC9DbW1iU1MKSmZucTJURS9FVG5hYm92eGRzYVhzWXRVUldYRlZrOHJKdFVFMWJQbVpQdzFXbmdmQks1aTIxaVM3bi95b1ZqYQpjRjc4Z1BzR1RiNkZMckR2Nk1RRmtWbFpUOHpQTk5uOWxpazY1SFZOUXNweW1CU2lYbit6T3ZpYm5laktKMUdKCmVQQ2dnSE1UOHkxQ3JlWHIyQmtEak5VUis0ZXhkOVFhdEpiZlNTZG15YytGcytnWFoydytJclcxMTRyTTZHUWIKcDU2TGZLREkyUjNkSDB6Yy8xZzUzY2dvTDdNZ3ZxeHVnZ2p6SUFTR3c0WG8zZHlzeHN4QmdweXNCMHk3QVlyTAo3SnQxbkU5UVQ2QVQwRjVzdS8yUTJnM0ltVFRpWHF1bVB6TzhUWXRDQVFLQmdRREt1b09BSlR5SHVxRVRQd1huCjRRRlFNZEhjem1aVUVvYmVIdVdIbmlkeThIVjBBdzNjWDVaeFJxWmNoMUR3OWZPT1luYTZLSkthcTJZdzVHaHoKRGNxbEUxY1A2UW1pbThibUQ0L3o3NjMvSUlKNVQ4SjE4cDNBS0V3NS9CcituYldwOE43Wk1Eejl4YTYrcWtybQpOZnI5eE1HZFdRaDVPeXUrU2tudzJFdHhrUUtCZ1FESndCTDZ4OWV2dENhT09HbkEvMHZwc29GTWFGWDBTQngrCk5SQ3Y1ZWhySFc1RDg4UHk4OE8weW1SSElFVmFNTWtuZ2hsY1RVbG41OEtZcmswa3pxaE5Mb1pZWlZmNml2cHQKOXFRYVJuSVVneThrcmxyRGl5dm40T0ZuaGZoNURObS9uZCt3aWtQSkV3Y0kxcTB6OFI3K2c5eTNSS0NOTDZzMgpIUUczSmo4dFlRS0JnRW9CVkVmUFVBMXNQNmk2OVBqMDFubmo5ZXhaSEZuTWVaZFVTQTM5MmdESGJ0anUxSHlDCkdIVTVpVGwxM0VKYVJwTFB0dSsySis1MmExT2x6Y3RTV1l0eFIvTHk2eVdGSUZLVGs4VkUxWXV3M25CU2dYWjEKSHNrcTdNaXVFMXluVGMyL3RGb3NsZGM5OXRCN2NlUWdDSVBpODVyeENYclg4dHdBV29XbEw4VkJBb0dBUGcwNgppVEdBRUVXTGVrQzFuaXVuY0poN2xrR2M5a1picFNHeklUYklWbkcxNFdhUFJTRmVkek9zeGdlUjdSeUdNZ1djCndUdndNT29pZXcxWkl0SUJCOFFnZy8yZm9xcXVQYllYWVJGN3N2MXFPWkQ2ejV2MWhCc3htTUttMnF4dUtMWm8KLzRaM05OZ0tXTmlXYXh4bFdRaTdrUTZsaHVjN2RLaFZSN3lXditFQ2dZQXVNMmd0VDgzRHlSNHltU083UTZkdgpkVC9VT2J6cmtQZkRta1JXMnk0UFVxQUM2UGEvOSs0SGJCZ0hHcHRhMG1JdTdqd3pTZUR6dktoT2YzOVRPZEdkCnJncUM4Y29hblUzS1VRMGhRM3F4YzMxc0swNHhkMG9MN0lsSE44NHJhWWFranBsZFJjR0RhNXJNQnZ1QWhYN2wKVXR6S1hYUmFXTm9SeTBEZlJXem95dz09Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K --- # Source: vulcan/templates/persistence/secrets.yaml apiVersion: v1 @@ -372,94 +371,6 @@ data: ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf") exec redis-server "${ARGS[@]}" --- -# Source: vulcan/templates/api/deployment.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: myrelease-vulcan-api-proxy - labels: - helm.sh/chart: vulcan-0.5.6 - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: vulcan - app.kubernetes.io/instance: vulcan - app.kubernetes.io/name: api -data: - haproxy.cfg: | - global - daemon - maxconn 64 - log stdout format raw daemon - - defaults - mode http - timeout connect 5s - timeout client 25s - timeout server 25s - timeout tunnel 3600s - option http-server-close - - frontend http - bind *:9090 - log global - option httplog clf - http-request capture req.hdr(Host) len 50 - http-request capture req.hdr(User-Agent) len 100 - - default_backend app - - backend app - server app 127.0.0.1:8080 - - frontend stats - bind *:9101 - option http-use-htx - http-request use-service prometheus-exporter if { path /metrics } - monitor-uri /healthz ---- -# Source: vulcan/templates/crontinuous/deployment.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: myrelease-vulcan-crontinuous-proxy - labels: - helm.sh/chart: vulcan-0.5.6 - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: vulcan - app.kubernetes.io/instance: vulcan - app.kubernetes.io/name: crontinuous -data: - haproxy.cfg: | - global - daemon - maxconn 64 - log stdout format raw daemon - - defaults - mode http - timeout connect 5s - timeout client 25s - timeout server 25s - timeout tunnel 3600s - option http-server-close - - frontend http - bind *:9090 - log global - option httplog clf - http-request capture req.hdr(Host) len 50 - http-request capture req.hdr(User-Agent) len 100 - - default_backend app - - backend app - server app 127.0.0.1:8080 - - frontend stats - bind *:9101 - option http-use-htx - http-request use-service prometheus-exporter if { path /metrics } - monitor-uri /healthz ---- # Source: vulcan/templates/goaws/config.yaml apiVersion: v1 kind: ConfigMap @@ -470,378 +381,62 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: vulcan app.kubernetes.io/instance: vulcan - app.kubernetes.io/name: goaws -data: - goaws.yaml: | - Local: - Host: myrelease-vulcan-goaws - Port: 8080 - AccountId: "012345678900" - LogToFile: false - QueueAttributeDefaults: - VisibilityTimeout: 14400 - ReceiveMessageWaitTimeSeconds: 0 - Queues: - - Name: VulcanK8SAPIScans - - Name: VulcanK8SMetricsChecks - - Name: VulcanK8SMetricsFindings - - Name: VulcanK8SMetricsScans - - Name: VulcanK8SReportsGenerator - - Name: VulcanK8SScanEngineCheckStatus - - Name: VulcanK8SV2ChecksGeneric - - Name: VulcanK8SVulnDBChecks - Topics: - - Name: VulcanK8SChecks - Subscriptions: - - QueueName: VulcanK8SMetricsChecks - Raw: false - - QueueName: VulcanK8SVulnDBChecks - Raw: false - - Name: VulcanK8SScans - Subscriptions: - - QueueName: VulcanK8SAPIScans - Raw: false - - QueueName: VulcanK8SMetricsScans - Raw: false - - Name: VulcanK8SReportsGen - Subscriptions: - - QueueName: VulcanK8SReportsGenerator - Raw: false - - Name: VulcanK8SVulnDBVulns - Subscriptions: - - QueueName: VulcanK8SMetricsFindings - Raw: false - RandomLatency: - Min: 0 - Max: 0 ---- -# Source: vulcan/templates/insights/config.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: myrelease-vulcan-insights-proxy - labels: - helm.sh/chart: vulcan-0.5.6 - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: vulcan - app.kubernetes.io/instance: vulcan - app.kubernetes.io/name: insights -data: - haproxy.cfg: | - global - daemon - maxconn 64 - log stdout format raw daemon - - defaults - mode http - timeout connect 5s - timeout client 25s - timeout server 25s - timeout tunnel 3600s - option http-server-close - cache small - total-max-size 64 # mb - max-age 240 # seconds - - frontend http - bind *:9090 - log global - option httplog clf - http-request cache-use small - http-response cache-store small - http-request capture req.hdr(Host) len 50 - http-request capture req.hdr(User-Agent) len 100 - default_backend private - use_backend public if { path -i -m beg /public } - - backend private - server app 127.0.0.1:8080 - - backend public - server app 127.0.0.1:8081 - - frontend stats - bind *:9101 - option http-use-htx - http-request use-service prometheus-exporter if { path /metrics } - monitor-uri /healthz ---- -# Source: vulcan/templates/persistence/deployment.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: myrelease-vulcan-persistence-proxy - labels: - helm.sh/chart: vulcan-0.5.6 - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: vulcan - app.kubernetes.io/instance: vulcan - app.kubernetes.io/name: persistence -data: - haproxy.cfg: | - global - daemon - maxconn 64 - log stdout format raw daemon - - defaults - mode http - timeout connect 5s - timeout client 25s - timeout server 25s - timeout tunnel 3600s - option http-server-close - - frontend http - bind *:9090 - log global - option httplog clf - http-request capture req.hdr(Host) len 50 - http-request capture req.hdr(User-Agent) len 100 - - default_backend app - - backend app - server app 127.0.0.1:8080 - - frontend stats - bind *:9101 - option http-use-htx - http-request use-service prometheus-exporter if { path /metrics } - monitor-uri /healthz ---- -# Source: vulcan/templates/reportsgenerator/deployment.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: myrelease-vulcan-reportsgenerator-proxy - labels: - helm.sh/chart: vulcan-0.5.6 - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: vulcan - app.kubernetes.io/instance: vulcan - app.kubernetes.io/name: reportsgenerator -data: - haproxy.cfg: | - global - daemon - maxconn 64 - log stdout format raw daemon - - defaults - mode http - timeout connect 5s - timeout client 25s - timeout server 25s - timeout tunnel 3600s - option http-server-close - - frontend http - bind *:9090 - log global - option httplog clf - http-request capture req.hdr(Host) len 50 - http-request capture req.hdr(User-Agent) len 100 - - default_backend app - - backend app - server app 127.0.0.1:8080 - - frontend stats - bind *:9101 - option http-use-htx - http-request use-service prometheus-exporter if { path /metrics } - monitor-uri /healthz ---- -# Source: vulcan/templates/results/deployment.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: myrelease-vulcan-results-proxy - labels: - helm.sh/chart: vulcan-0.5.6 - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: vulcan - app.kubernetes.io/instance: vulcan - app.kubernetes.io/name: results -data: - haproxy.cfg: | - global - daemon - maxconn 64 - log stdout format raw daemon - - defaults - mode http - timeout connect 5s - timeout client 25s - timeout server 25s - timeout tunnel 3600s - option http-server-close - - frontend http - bind *:9090 - log global - option httplog clf - http-request capture req.hdr(Host) len 50 - http-request capture req.hdr(User-Agent) len 100 - - default_backend app - - backend app - server app 127.0.0.1:8080 - - frontend stats - bind *:9101 - option http-use-htx - http-request use-service prometheus-exporter if { path /metrics } - monitor-uri /healthz ---- -# Source: vulcan/templates/scanengine/deployment.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: myrelease-vulcan-scanengine-proxy - labels: - helm.sh/chart: vulcan-0.5.6 - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: vulcan - app.kubernetes.io/instance: vulcan - app.kubernetes.io/name: scanengine -data: - haproxy.cfg: | - global - daemon - maxconn 64 - log stdout format raw daemon - - defaults - mode http - timeout connect 5s - timeout client 25s - timeout server 25s - timeout tunnel 3600s - option http-server-close - - frontend http - bind *:9090 - log global - option httplog clf - http-request capture req.hdr(Host) len 50 - http-request capture req.hdr(User-Agent) len 100 - - default_backend app - - backend app - server app 127.0.0.1:8080 - - frontend stats - bind *:9101 - option http-use-htx - http-request use-service prometheus-exporter if { path /metrics } - monitor-uri /healthz ---- -# Source: vulcan/templates/stream/deployment.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: myrelease-vulcan-stream-proxy - labels: - helm.sh/chart: vulcan-0.5.6 - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: vulcan - app.kubernetes.io/instance: vulcan - app.kubernetes.io/name: stream -data: - haproxy.cfg: | - global - daemon - maxconn 64 - log stdout format raw daemon - - defaults - mode http - timeout connect 5s - timeout client 25s - timeout server 25s - timeout tunnel 3600s - option http-server-close - - frontend http - bind *:9090 - log global - option httplog clf - http-request capture req.hdr(Host) len 50 - http-request capture req.hdr(User-Agent) len 100 - - default_backend app - - backend app - server app 127.0.0.1:8080 - - frontend stats - bind *:9101 - option http-use-htx - http-request use-service prometheus-exporter if { path /metrics } - monitor-uri /healthz ---- -# Source: vulcan/templates/ui/deployment.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: myrelease-vulcan-ui-proxy - labels: - helm.sh/chart: vulcan-0.5.6 - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: vulcan - app.kubernetes.io/instance: vulcan - app.kubernetes.io/name: ui + app.kubernetes.io/name: goaws data: - haproxy.cfg: | - global - daemon - maxconn 64 - log stdout format raw daemon - - defaults - mode http - timeout connect 5s - timeout client 25s - timeout server 25s - timeout tunnel 3600s - option http-server-close - - frontend http - bind *:9090 - log global - option httplog clf - http-request capture req.hdr(Host) len 50 - http-request capture req.hdr(User-Agent) len 100 - - default_backend app - - backend app - server app 127.0.0.1:8080 - - frontend stats - bind *:9101 - option http-use-htx - http-request use-service prometheus-exporter if { path /metrics } - monitor-uri /healthz + goaws.yaml: | + Local: + Host: myrelease-vulcan-goaws + Port: 8080 + AccountId: "012345678900" + LogToFile: false + QueueAttributeDefaults: + VisibilityTimeout: 14400 + ReceiveMessageWaitTimeSeconds: 0 + Queues: + - Name: VulcanK8SAPIScans + - Name: VulcanK8SMetricsChecks + - Name: VulcanK8SMetricsFindings + - Name: VulcanK8SMetricsScans + - Name: VulcanK8SReportsGenerator + - Name: VulcanK8SScanEngineCheckStatus + - Name: VulcanK8SV2ChecksGeneric + - Name: VulcanK8SVulnDBChecks + Topics: + - Name: VulcanK8SChecks + Subscriptions: + - QueueName: VulcanK8SMetricsChecks + Raw: false + - QueueName: VulcanK8SVulnDBChecks + Raw: false + - Name: VulcanK8SScans + Subscriptions: + - QueueName: VulcanK8SAPIScans + Raw: false + - QueueName: VulcanK8SMetricsScans + Raw: false + - Name: VulcanK8SReportsGen + Subscriptions: + - QueueName: VulcanK8SReportsGenerator + Raw: false + - Name: VulcanK8SVulnDBVulns + Subscriptions: + - QueueName: VulcanK8SMetricsFindings + Raw: false + RandomLatency: + Min: 0 + Max: 0 --- -# Source: vulcan/templates/vulndbapi/deployment.yaml +# Source: vulcan/templates/insights/config.yaml apiVersion: v1 kind: ConfigMap metadata: - name: myrelease-vulcan-vulndbapi-proxy + name: myrelease-vulcan-insights-proxy labels: helm.sh/chart: vulcan-0.5.6 app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: vulcan app.kubernetes.io/instance: vulcan - app.kubernetes.io/name: vulndbapi + app.kubernetes.io/name: insights data: haproxy.cfg: | global @@ -856,19 +451,27 @@ data: timeout server 25s timeout tunnel 3600s option http-server-close + cache small + total-max-size 64 # mb + max-age 240 # seconds frontend http bind *:9090 log global option httplog clf + http-request cache-use small + http-response cache-store small http-request capture req.hdr(Host) len 50 http-request capture req.hdr(User-Agent) len 100 + default_backend private + use_backend public if { path -i -m beg /public } - default_backend app - - backend app + backend private server app 127.0.0.1:8080 + backend public + server app 127.0.0.1:8081 + frontend stats bind *:9101 option http-use-htx @@ -1387,10 +990,8 @@ spec: app.kubernetes.io/instance: vulcan app.kubernetes.io/name: api annotations: - checksum/secrets: a610f1fa858d194f64e8e8fea63e882eb02c27a896372f9cd175f50deb00dc14 - checksum/config-proxy: 4ba45566a092b043208fcf6bf26a0d842fc23e0e10b03c5802c85c930bb6e1c9 - prometheus.io/scrape: 'true' - prometheus.io/port: '9101' + checksum/secrets: abda7c176134f7cc20b378bba55157aab67aaf13fcc1255b3c73b7abc674b9b9 + spec: initContainers: - name: waitfordb @@ -1404,34 +1005,9 @@ spec: value: "5432" containers: - - name: dogstatsd - image: "datadog/dogstatsd:7.42.2" - envFrom: - - secretRef: - name: myrelease-vulcan-dogstatsd - ports: - - containerPort: 8125 - name: dogstatsd - protocol: UDP - - name: proxy - image: "haproxy:2.4.23-alpine" - imagePullPolicy: Always - ports: - - name: http - containerPort: 9090 - - name: metrics - containerPort: 9101 - volumeMounts: - - mountPath: /usr/local/etc/haproxy - readOnly: true - name: config-proxy - lifecycle: - preStop: - exec: - command: ["/bin/sh","-c","sleep 30;"] - name: api - image: "adevinta/vulcan-api:1.0" + image: "adevinta/vulcan-api:latest" imagePullPolicy: Always lifecycle: preStop: @@ -1473,15 +1049,15 @@ spec: - name: LOG_LEVEL value: "INFO" - name: COOKIE_DOMAIN - value: "vulcan.local" + value: "localhost.direct" - name: SAML_MEATADATA - value: "https://okta/app/TBD/sso/saml/metadata" + value: "https://example.okta.com/app/yourclientid/sso/saml/metadata" - name: SAML_ISSUER - value: "http://okta/TBD" + value: "http://www.okta.com/yourclientid" - name: SAML_CALLBACK - value: "https://www.vulcan.local/api/v1/login/callback" + value: https://www.localhost.direct/api/v1/login/callback - name: SAML_TRUSTED_DOMAINS - value: "[\"www.vulcan.local\"]" + value: "[\"www.localhost.direct\"]" - name: DEFAULT_OWNERS value: "[]" - name: SCANENGINE_URL @@ -1511,17 +1087,29 @@ spec: - name: AWSCATALOGUE_RETRY_INTERVAL value: "2" - name: "GPC_1_NAME" - value: "web-scanning-global" + value: "default-global" - name: "GPC_1_ALLOWED_ASSETTYPES" value: "[]" - name: "GPC_1_BLOCKED_ASSETTYPES" value: "[]" - name: "GPC_1_ALLOWED_CHECKS" - value: "[\"vulcan-zap\"]" + value: "[\"vulcan-exposed-http\",\"vulcan-exposed-ssh\",\"vulcan-http-headers\",\"vulcan-retirejs\",\"vulcan-semgrep\",\"vulcan-smtp-open-relay\",\"vulcan-trivy\"]" - name: "GPC_1_BLOCKED_CHECKS" value: "[]" - name: "GPC_1_EXCLUDING_SUFFIXES" - value: "[\"experimental\"]" + value: "[]" + - name: "GPC_2_NAME" + value: "web-scanning-global" + - name: "GPC_2_ALLOWED_ASSETTYPES" + value: "[]" + - name: "GPC_2_BLOCKED_ASSETTYPES" + value: "[]" + - name: "GPC_2_ALLOWED_CHECKS" + value: "[]" + - name: "GPC_2_BLOCKED_CHECKS" + value: "[]" + - name: "GPC_2_EXCLUDING_SUFFIXES" + value: "[]" - name: KAFKA_BROKER value: - name: KAFKA_USER @@ -1548,23 +1136,15 @@ spec: secretKeyRef: name: myrelease-vulcan-minio key: root-password - - name: DOGSTATSD_ENABLED - value: "true" - - name: DOGSTATSD_HOST - value: "localhost" - - name: DOGSTATSD_PORT - value: "8125" + envFrom: - secretRef: name: myrelease-vulcan-api ports: - - name: app + - name: http containerPort: 8080 protocol: TCP volumes: - - name: config-proxy - configMap: - name: myrelease-vulcan-api-proxy --- # Source: vulcan/templates/crontinuous/deployment.yaml apiVersion: apps/v1 @@ -1589,31 +1169,13 @@ spec: app.kubernetes.io/name: crontinuous annotations: checksum/secrets: 4de1dea9168b8ae8633f4ef69b1960d7808615887e0b1218cdfd1b1d987c09d1 - checksum/config-proxy: 4ba45566a092b043208fcf6bf26a0d842fc23e0e10b03c5802c85c930bb6e1c9 - prometheus.io/scrape: 'true' - prometheus.io/port: '9101' + spec: containers: - - name: proxy - image: "haproxy:2.4.23-alpine" - imagePullPolicy: Always - ports: - - name: http - containerPort: 9090 - - name: metrics - containerPort: 9101 - volumeMounts: - - mountPath: /usr/local/etc/haproxy - readOnly: true - name: config-proxy - lifecycle: - preStop: - exec: - command: ["/bin/sh","-c","sleep 30;"] - name: crontinuous - image: "adevinta/vulcan-crontinuous:1.0" + image: "adevinta/vulcan-crontinuous:latest" imagePullPolicy: Always lifecycle: preStop: @@ -1651,11 +1213,11 @@ spec: - name: ENABLE_TEAMS_WHITELIST_SCAN value: "false" - name: TEAMS_WHITELIST_SCAN - value: "[\"team1\", \"team2\"]" + value: "[]" - name: ENABLE_TEAMS_WHITELIST_REPORT value: "false" - name: TEAMS_WHITELIST_REPORT - value: "[\"team3\"]" + value: "[]" - name: AWS_S3_ENDPOINT value: "http://myrelease-vulcan-minio" @@ -1678,13 +1240,10 @@ spec: - secretRef: name: myrelease-vulcan-crontinuous ports: - - name: app + - name: http containerPort: 8080 protocol: TCP volumes: - - name: config-proxy - configMap: - name: myrelease-vulcan-crontinuous-proxy --- # Source: vulcan/templates/goaws/deployment.yaml apiVersion: apps/v1 @@ -1773,7 +1332,7 @@ spec: command: ["/bin/sh","-c","sleep 30;"] - name: insights-private - image: "pottava/s3-proxy:2.0" + image: "pottava/s3-proxy:latest" imagePullPolicy: Always lifecycle: preStop: @@ -1828,7 +1387,7 @@ spec: protocol: TCP - name: insights-public - image: "pottava/s3-proxy:2.0" + image: "pottava/s3-proxy:latest" imagePullPolicy: Always lifecycle: preStop: @@ -1886,106 +1445,6 @@ spec: configMap: name: myrelease-vulcan-insights-proxy --- -# Source: vulcan/templates/metrics/deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: myrelease-vulcan-metrics - labels: - helm.sh/chart: vulcan-0.5.6 - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: vulcan - app.kubernetes.io/instance: vulcan - app.kubernetes.io/name: metrics -spec: - selector: - matchLabels: - app.kubernetes.io/instance: vulcan - app.kubernetes.io/name: metrics - template: - metadata: - labels: - app.kubernetes.io/instance: vulcan - app.kubernetes.io/name: metrics - annotations: - checksum/secrets: b0d413a0b3902a84c0f51e59f152d29668f629dd011d9d8462b70fd2cbd5a1c3 - - spec: - containers: - - - name: dogstatsd - image: "datadog/dogstatsd:7.42.2" - envFrom: - - secretRef: - name: myrelease-vulcan-dogstatsd - ports: - - containerPort: 8125 - name: dogstatsd - protocol: UDP - - name: redis - image: "bitnami/redis:6.2.12" - env: - - name: ALLOW_EMPTY_PASSWORD - value: "yes" - ports: - - containerPort: 6379 - name: redis - protocol: TCP - - name: metrics - - image: "containers.mpi-internal.com/spt-security/vulcan-metrics:1.0" - imagePullPolicy: Always - lifecycle: - preStop: - exec: - command: ["/bin/sh","-c","sleep 30;"] - env: - - name: LOG_LEVEL - value: "warn" - - name: SQS_POLLING_INTERVAL - value: "10" - - name: CHECKS_SQS_QUEUE_ARN - value: "arn:aws:sqs:local:012345678900:VulcanK8SMetricsChecks" - - name: SCANS_SQS_QUEUE_ARN - value: "arn:aws:sqs:local:012345678900:VulcanK8SMetricsScans" - - name: FINDINGS_SQS_QUEUE_ARN - value: "arn:aws:sqs:local:012345678900:VulcanK8SMetricsFindings" - - name: RESULTS_HOST - value: "myrelease-vulcan-results" - - name: RESULTS_SCHEME - value: "http" - - name: DEVHOSE_URL - value: "http://devhose/devhose" - - name: DEVHOSE_TENANT - value: "tbd" - - name: DEVHOSE_METRICS_SOURCE - value: "tbd" - - name: DEVHOSE_FINDINGS_SOURCE - value: "tbd" - - name: REDIS_ADDR - value: "localhost:6379" - - name: VULCAN_API - value: http://myrelease-vulcan-api/api - - name: VULCAN_API_EXTERNAL - value: - - - name: AWS_SQS_ENDPOINT - value: "http://myrelease-vulcan-goaws" - - name: AWS_ACCESS_KEY_ID - value: ANYVALUE - - name: AWS_SECRET_ACCESS_KEY - value: ANYVALUE - - name: DOGSTATSD_ENABLED - value: "true" - - name: DOGSTATSD_HOST - value: "localhost" - - name: DOGSTATSD_PORT - value: "8125" - envFrom: - - secretRef: - name: myrelease-vulcan-metrics - volumes: ---- # Source: vulcan/templates/persistence/deployment.yaml apiVersion: apps/v1 kind: Deployment @@ -2009,9 +1468,7 @@ spec: app.kubernetes.io/name: persistence annotations: checksum/secrets: 64dfd3510554f471e7acf188272e139e6731696669825d65400e7e910fec49d3 - checksum/config-proxy: 4ba45566a092b043208fcf6bf26a0d842fc23e0e10b03c5802c85c930bb6e1c9 - prometheus.io/scrape: 'true' - prometheus.io/port: '9101' + spec: initContainers: - name: waitfordb @@ -2025,34 +1482,9 @@ spec: value: "5432" containers: - - name: dogstatsd - image: "datadog/dogstatsd:7.42.2" - envFrom: - - secretRef: - name: myrelease-vulcan-dogstatsd - ports: - - containerPort: 8125 - name: dogstatsd - protocol: UDP - - name: proxy - image: "haproxy:2.4.23-alpine" - imagePullPolicy: Always - ports: - - name: http - containerPort: 9090 - - name: metrics - containerPort: 9101 - volumeMounts: - - mountPath: /usr/local/etc/haproxy - readOnly: true - name: config-proxy - lifecycle: - preStop: - exec: - command: ["/bin/sh","-c","sleep 30;"] - name: persistence - image: "adevinta/vulcan-persistence:1.0" + image: "adevinta/vulcan-persistence:latest" imagePullPolicy: Always lifecycle: preStop: @@ -2115,23 +1547,15 @@ spec: secretKeyRef: name: myrelease-vulcan-minio key: root-password - - name: DOGSTATSD_ENABLED - value: "true" - - name: DOGSTATSD_HOST - value: "localhost" - - name: DOGSTATSD_PORT - value: "8125" + envFrom: - secretRef: name: myrelease-vulcan-persistence ports: - - name: app + - name: http containerPort: 8080 protocol: TCP volumes: - - name: config-proxy - configMap: - name: myrelease-vulcan-persistence-proxy --- # Source: vulcan/templates/reportsgenerator/deployment.yaml apiVersion: apps/v1 @@ -2156,9 +1580,7 @@ spec: app.kubernetes.io/name: reportsgenerator annotations: checksum/secrets: d12b57422221bb25b6455164ae353b8e7ea795e4561384b61e4d158b67cad050 - checksum/config-proxy: 4ba45566a092b043208fcf6bf26a0d842fc23e0e10b03c5802c85c930bb6e1c9 - prometheus.io/scrape: 'true' - prometheus.io/port: '9101' + spec: initContainers: - name: waitfordb @@ -2172,34 +1594,9 @@ spec: value: "5432" containers: - - name: dogstatsd - image: "datadog/dogstatsd:7.42.2" - envFrom: - - secretRef: - name: myrelease-vulcan-dogstatsd - ports: - - containerPort: 8125 - name: dogstatsd - protocol: UDP - - name: proxy - image: "haproxy:2.4.23-alpine" - imagePullPolicy: Always - ports: - - name: http - containerPort: 9090 - - name: metrics - containerPort: 9101 - volumeMounts: - - mountPath: /usr/local/etc/haproxy - readOnly: true - name: config-proxy - lifecycle: - preStop: - exec: - command: ["/bin/sh","-c","sleep 30;"] - name: reportsgenerator - image: "adevinta/vulcan-reports-generator:1.0" + image: "adevinta/vulcan-reports-generator:latest" imagePullPolicy: Always lifecycle: preStop: @@ -2273,13 +1670,13 @@ spec: - name: PERSISTENCE_ENDPOINT # We keep this PERSISTENCE variable for compatibility value: "http://myrelease-vulcan-scanengine" - name: RESULTS_ENDPOINT - value: "http://myrelease-vulcan-results" + value: "https://results.localhost.direct" - name: SCAN_PROXY_ENDPOINT - value: "http://insights.vulcan.local" + value: "https://insights.localhost.direct" - name: VULCAN_UI - value: "http://www.vulcan.local/" + value: "https://www.localhost.direct" - name: SCAN_VIEW_REPORT - value: "http://www.vulcan.local/api/v1/report?team_id=%s&scan_id=%s" + value: "https://www.localhost.direct/api/v1/report?team_id=%s&scan_id=%s" - name: LIVEREPORT_EMAIL_SUBJECT value: @@ -2301,23 +1698,15 @@ spec: secretKeyRef: name: myrelease-vulcan-minio key: root-password - - name: DOGSTATSD_ENABLED - value: "true" - - name: DOGSTATSD_HOST - value: "localhost" - - name: DOGSTATSD_PORT - value: "8125" + envFrom: - secretRef: name: myrelease-vulcan-reportsgenerator ports: - - name: app + - name: http containerPort: 8080 protocol: TCP volumes: - - name: config-proxy - configMap: - name: myrelease-vulcan-reportsgenerator-proxy --- # Source: vulcan/templates/results/deployment.yaml apiVersion: apps/v1 @@ -2341,40 +1730,13 @@ spec: app.kubernetes.io/instance: vulcan app.kubernetes.io/name: results annotations: - checksum/config-proxy: 4ba45566a092b043208fcf6bf26a0d842fc23e0e10b03c5802c85c930bb6e1c9 - prometheus.io/scrape: 'true' - prometheus.io/port: '9101' + spec: containers: - - name: dogstatsd - image: "datadog/dogstatsd:7.42.2" - envFrom: - - secretRef: - name: myrelease-vulcan-dogstatsd - ports: - - containerPort: 8125 - name: dogstatsd - protocol: UDP - - name: proxy - image: "haproxy:2.4.23-alpine" - imagePullPolicy: Always - ports: - - name: http - containerPort: 9090 - - name: metrics - containerPort: 9101 - volumeMounts: - - mountPath: /usr/local/etc/haproxy - readOnly: true - name: config-proxy - lifecycle: - preStop: - exec: - command: ["/bin/sh","-c","sleep 30;"] - name: results - image: "adevinta/vulcan-results:1.0" + image: "adevinta/vulcan-results:latest" imagePullPolicy: Always lifecycle: preStop: @@ -2410,7 +1772,7 @@ spec: - name: BUCKET_LOGS value: "logs" - name: LINK_BASE - value: "https://results.vulcan.local/v1" + value: "https://results.localhost.direct/v1" - name: AWS_S3_ENDPOINT value: "http://myrelease-vulcan-minio" @@ -2428,20 +1790,12 @@ spec: secretKeyRef: name: myrelease-vulcan-minio key: root-password - - name: DOGSTATSD_ENABLED - value: "true" - - name: DOGSTATSD_HOST - value: "localhost" - - name: DOGSTATSD_PORT - value: "8125" + ports: - - name: app + - name: http containerPort: 8080 protocol: TCP volumes: - - name: config-proxy - configMap: - name: myrelease-vulcan-results-proxy --- # Source: vulcan/templates/scanengine/deployment.yaml apiVersion: apps/v1 @@ -2466,9 +1820,7 @@ spec: app.kubernetes.io/name: scanengine annotations: checksum/secrets: d12b57422221bb25b6455164ae353b8e7ea795e4561384b61e4d158b67cad050 - checksum/config-proxy: 4ba45566a092b043208fcf6bf26a0d842fc23e0e10b03c5802c85c930bb6e1c9 - prometheus.io/scrape: 'true' - prometheus.io/port: '9101' + spec: initContainers: - name: waitfordb @@ -2482,34 +1834,9 @@ spec: value: "5432" containers: - - name: dogstatsd - image: "datadog/dogstatsd:7.42.2" - envFrom: - - secretRef: - name: myrelease-vulcan-dogstatsd - ports: - - containerPort: 8125 - name: dogstatsd - protocol: UDP - - name: proxy - image: "haproxy:2.4.23-alpine" - imagePullPolicy: Always - ports: - - name: http - containerPort: 9090 - - name: metrics - containerPort: 9101 - volumeMounts: - - mountPath: /usr/local/etc/haproxy - readOnly: true - name: config-proxy - lifecycle: - preStop: - exec: - command: ["/bin/sh","-c","sleep 30;"] - name: scanengine - image: "adevinta/vulcan-scan-engine:1.0" + image: "adevinta/vulcan-scan-engine:latest" imagePullPolicy: Always lifecycle: preStop: @@ -2574,77 +1901,15 @@ spec: value: ANYVALUE - name: AWS_SECRET_ACCESS_KEY value: ANYVALUE - - name: DOGSTATSD_ENABLED - value: "true" - - name: DOGSTATSD_HOST - value: "localhost" - - name: DOGSTATSD_PORT - value: "8125" + envFrom: - secretRef: name: myrelease-vulcan-scanengine ports: - - name: app + - name: http containerPort: 8080 protocol: TCP volumes: - - name: config-proxy - configMap: - name: myrelease-vulcan-scanengine-proxy ---- -# Source: vulcan/templates/sqsexporter/deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: myrelease-vulcan-sqsexporter - labels: - helm.sh/chart: vulcan-0.5.6 - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: vulcan - app.kubernetes.io/instance: vulcan - app.kubernetes.io/name: sqsexporter -spec: - selector: - matchLabels: - app.kubernetes.io/instance: vulcan - app.kubernetes.io/name: sqsexporter - template: - metadata: - labels: - app.kubernetes.io/instance: vulcan - app.kubernetes.io/name: sqsexporter - annotations: - prometheus.io/scrape: 'true' - prometheus.io/port: "8080" - spec: - containers: - - name: sqsexporter - - image: "jesusfcr/sqs-prometheus-exporter:0.4.0" - imagePullPolicy: Always - lifecycle: - preStop: - exec: - command: ["/bin/sh","-c","sleep 30;"] - env: - - name: PORT - value: "8080" - - name: SQS_QUEUE_NAME_PREFIX - value: VulcanK8S - - name: AWS_REGION - value: "local" - - - name: AWS_SQS_ENDPOINT - value: "http://myrelease-vulcan-goaws" - - name: AWS_ACCESS_KEY_ID - value: ANYVALUE - - name: AWS_SECRET_ACCESS_KEY - value: ANYVALUE - - ports: - - name: metrics - containerPort: 8080 - protocol: TCP --- # Source: vulcan/templates/stream/deployment.yaml apiVersion: apps/v1 @@ -2668,40 +1933,13 @@ spec: app.kubernetes.io/instance: vulcan app.kubernetes.io/name: stream annotations: - checksum/config-proxy: 4ba45566a092b043208fcf6bf26a0d842fc23e0e10b03c5802c85c930bb6e1c9 - prometheus.io/scrape: 'true' - prometheus.io/port: '9101' + spec: containers: - - name: dogstatsd - image: "datadog/dogstatsd:7.42.2" - envFrom: - - secretRef: - name: myrelease-vulcan-dogstatsd - ports: - - containerPort: 8125 - name: dogstatsd - protocol: UDP - - name: proxy - image: "haproxy:2.4.23-alpine" - imagePullPolicy: Always - ports: - - name: http - containerPort: 9090 - - name: metrics - containerPort: 9101 - volumeMounts: - - mountPath: /usr/local/etc/haproxy - readOnly: true - name: config-proxy - lifecycle: - preStop: - exec: - command: ["/bin/sh","-c","sleep 30;"] - name: stream - image: "adevinta/vulcan-stream:1.0" + image: "adevinta/vulcan-stream:latest" imagePullPolicy: Always lifecycle: preStop: @@ -2741,20 +1979,12 @@ spec: - name: REDIS_TTL value: "0" - - name: DOGSTATSD_ENABLED - value: "true" - - name: DOGSTATSD_HOST - value: "localhost" - - name: DOGSTATSD_PORT - value: "8125" + ports: - - name: app + - name: http containerPort: 8080 protocol: TCP volumes: - - name: config-proxy - configMap: - name: myrelease-vulcan-stream-proxy --- # Source: vulcan/templates/ui/deployment.yaml apiVersion: apps/v1 @@ -2778,31 +2008,13 @@ spec: app.kubernetes.io/instance: vulcan app.kubernetes.io/name: ui annotations: - checksum/config-proxy: 4ba45566a092b043208fcf6bf26a0d842fc23e0e10b03c5802c85c930bb6e1c9 - prometheus.io/scrape: 'true' - prometheus.io/port: '9101' + spec: containers: - - name: proxy - image: "haproxy:2.4.23-alpine" - imagePullPolicy: Always - ports: - - name: http - containerPort: 9090 - - name: metrics - containerPort: 9101 - volumeMounts: - - mountPath: /usr/local/etc/haproxy - readOnly: true - name: config-proxy - lifecycle: - preStop: - exec: - command: ["/bin/sh","-c","sleep 30;"] - name: ui - image: "adevinta/vulcan-ui:1.0" + image: "adevinta/vulcan-ui:latest" imagePullPolicy: Always lifecycle: preStop: @@ -2830,7 +2042,7 @@ spec: - name: PORT value: "8080" - name: API_URL - value: "https://www.vulcan.local/api/v1/" + value: "https://www.localhost.direct/api/v1/" - name: UI_DOCS_API_LINK value: "https://docs.example.com/vulcan/vulcan-api/" - name: UI_DOCS_WHITELISTING_LINK @@ -2848,13 +2060,10 @@ spec: ports: - - name: app + - name: http containerPort: 8080 protocol: TCP volumes: - - name: config-proxy - configMap: - name: myrelease-vulcan-ui-proxy --- # Source: vulcan/templates/vulndb/deployment.yaml apiVersion: apps/v1 @@ -2895,7 +2104,7 @@ spec: - name: vulndb - image: "adevinta/vulnerability-db:1.0" + image: "adevinta/vulnerability-db:latest" imagePullPolicy: Always lifecycle: preStop: @@ -2925,7 +2134,7 @@ spec: - name: SNS_ENABLED value: "true" - name: RESULTS_URL - value: http://vulcan-results.vulcan.com + value: "https://results.localhost.direct" - name: RESULTS_INTERNAL_URL value: "http://myrelease-vulcan-results" - name: KAFKA_ENABLED @@ -2975,9 +2184,7 @@ spec: app.kubernetes.io/name: vulndbapi annotations: checksum/secrets: 9f980ebd3194bdfdb04a084378c12199e6711219ef2e2e5f5ed02571e749e01b - checksum/config-proxy: 4ba45566a092b043208fcf6bf26a0d842fc23e0e10b03c5802c85c930bb6e1c9 - prometheus.io/scrape: 'true' - prometheus.io/port: '9101' + spec: initContainers: - name: waitfordb @@ -2991,25 +2198,9 @@ spec: value: "5432" containers: - - name: proxy - image: "haproxy:2.4.23-alpine" - imagePullPolicy: Always - ports: - - name: http - containerPort: 9090 - - name: metrics - containerPort: 9101 - volumeMounts: - - mountPath: /usr/local/etc/haproxy - readOnly: true - name: config-proxy - lifecycle: - preStop: - exec: - command: ["/bin/sh","-c","sleep 30;"] - name: vulndbapi - image: "adevinta/vulnerability-db-api:1.0" + image: "adevinta/vulnerability-db-api:latest" imagePullPolicy: Always lifecycle: preStop: @@ -3056,13 +2247,10 @@ spec: - secretRef: name: myrelease-vulcan-vulndbapi ports: - - name: app + - name: http containerPort: 8080 protocol: TCP volumes: - - name: config-proxy - configMap: - name: myrelease-vulcan-vulndbapi-proxy --- # Source: vulcan/charts/postgresql/templates/primary/statefulset.yaml apiVersion: apps/v1 @@ -3355,6 +2543,33 @@ spec: - name: redis-data emptyDir: {} --- +# Source: vulcan/charts/minio/templates/api-ingress.yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: myrelease-minio-api + namespace: "ns" + labels: + app.kubernetes.io/name: minio + helm.sh/chart: minio-12.6.4 + app.kubernetes.io/instance: myrelease + app.kubernetes.io/managed-by: Helm + annotations: +spec: + rules: + - host: s3.localhost.direct + http: + paths: + - path: / + pathType: ImplementationSpecific + backend: + service: + name: myrelease-minio + port: + name: minio-api + tls: + - secretName: localhost-direct-tls +--- # Source: vulcan/charts/minio/templates/ingress.yaml apiVersion: networking.k8s.io/v1 kind: Ingress @@ -3369,7 +2584,7 @@ metadata: annotations: spec: rules: - - host: minio.vulcan.local + - host: minio.localhost.direct http: paths: - path: / @@ -3379,6 +2594,8 @@ spec: name: myrelease-minio port: name: minio-console + tls: + - secretName: localhost-direct-tls --- # Source: vulcan/templates/api/ingress.yaml apiVersion: networking.k8s.io/v1 @@ -3391,13 +2608,9 @@ metadata: app.kubernetes.io/part-of: vulcan app.kubernetes.io/instance: vulcan app.kubernetes.io/name: api - annotations: - nginx.ingress.kubernetes.io/cors-allow-origin: https://www.vulcan.local - nginx.ingress.kubernetes.io/enable-cors: "true" - nginx.ingress.kubernetes.io/proxy-body-size: 8m spec: rules: - - host: "www.vulcan.local" + - host: www.localhost.direct http: paths: - path: /api @@ -3407,6 +2620,38 @@ spec: name: myrelease-vulcan-api port: number: 80 + tls: + - hosts: + - www.localhost.direct + secretName: localhost-direct-tls +--- +# Source: vulcan/templates/crontinuous/ingress.yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: myrelease-vulcan-crontinuous + labels: + helm.sh/chart: vulcan-0.5.6 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: vulcan + app.kubernetes.io/instance: vulcan + app.kubernetes.io/name: crontinuous +spec: + rules: + - host: crontinuous.localhost.direct + http: + paths: + - path: / + pathType: ImplementationSpecific + backend: + service: + name: myrelease-vulcan-crontinuous + port: + number: 80 + tls: + - hosts: + - crontinuous.localhost.direct + secretName: localhost-direct-tls --- # Source: vulcan/templates/goaws/ingress.yaml apiVersion: networking.k8s.io/v1 @@ -3421,7 +2666,7 @@ metadata: app.kubernetes.io/name: goaws spec: rules: - - host: "goaws.vulcan.local" + - host: goaws.localhost.direct http: paths: - path: / @@ -3431,6 +2676,10 @@ spec: name: myrelease-vulcan-goaws port: number: 80 + tls: + - hosts: + - goaws.localhost.direct + secretName: localhost-direct-tls --- # Source: vulcan/templates/insights/ingress.yaml apiVersion: networking.k8s.io/v1 @@ -3443,17 +2692,9 @@ metadata: app.kubernetes.io/part-of: vulcan app.kubernetes.io/instance: vulcan app.kubernetes.io/name: insights - annotations: - nginx.ingress.kubernetes.io/configuration-snippet: | - more_set_headers "X-Frame-Options: SAMEORIGIN"; - more_set_headers "X-Content-Type-Options: nosniff"; - more_set_headers "X-Frame-Options: DENY"; - more_set_headers "X-Xss-Protection: 1"; - more_set_headers "Strict-Transport-Security: max-age=31536000; includeSubDomains"; - more_set_headers "Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' https://insights.vulcan.local https://www.google-analytics.com; font-src 'self' https://insights.vulcan.local; connect-src 'self' https://insights.vulcan.local; img-src 'self' https://insights.vulcan.local https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://insights.vulcan.local; object-src 'none'"; spec: rules: - - host: "insights.vulcan.local" + - host: insights.localhost.direct http: paths: - path: / @@ -3463,6 +2704,10 @@ spec: name: myrelease-vulcan-insights port: number: 80 + tls: + - hosts: + - insights.localhost.direct + secretName: localhost-direct-tls --- # Source: vulcan/templates/persistence/ingress.yaml apiVersion: networking.k8s.io/v1 @@ -3477,7 +2722,7 @@ metadata: app.kubernetes.io/name: persistence spec: rules: - - host: "persistence.vulcan.local" + - host: persistence.localhost.direct http: paths: - path: / @@ -3487,6 +2732,38 @@ spec: name: myrelease-vulcan-persistence port: number: 80 + tls: + - hosts: + - persistence.localhost.direct + secretName: localhost-direct-tls +--- +# Source: vulcan/templates/reportsgenerator/ingress.yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: myrelease-vulcan-reportsgenerator + labels: + helm.sh/chart: vulcan-0.5.6 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: vulcan + app.kubernetes.io/instance: vulcan + app.kubernetes.io/name: reportsgenerator +spec: + rules: + - host: reportsgenerator.localhost.direct + http: + paths: + - path: / + pathType: ImplementationSpecific + backend: + service: + name: myrelease-vulcan-reportsgenerator + port: + number: 80 + tls: + - hosts: + - reportsgenerator.localhost.direct + secretName: localhost-direct-tls --- # Source: vulcan/templates/results/ingress.yaml apiVersion: networking.k8s.io/v1 @@ -3501,7 +2778,7 @@ metadata: app.kubernetes.io/name: results spec: rules: - - host: "results.vulcan.local" + - host: results.localhost.direct http: paths: - path: / @@ -3511,6 +2788,38 @@ spec: name: myrelease-vulcan-results port: number: 80 + tls: + - hosts: + - results.localhost.direct + secretName: localhost-direct-tls +--- +# Source: vulcan/templates/scanengine/ingress.yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: myrelease-vulcan-scanengine + labels: + helm.sh/chart: vulcan-0.5.6 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: vulcan + app.kubernetes.io/instance: vulcan + app.kubernetes.io/name: scanengine +spec: + rules: + - host: scanengine.localhost.direct + http: + paths: + - path: / + pathType: ImplementationSpecific + backend: + service: + name: myrelease-vulcan-scanengine + port: + number: 80 + tls: + - hosts: + - scanengine.localhost.direct + secretName: localhost-direct-tls --- # Source: vulcan/templates/stream/ingress.yaml apiVersion: networking.k8s.io/v1 @@ -3523,12 +2832,9 @@ metadata: app.kubernetes.io/part-of: vulcan app.kubernetes.io/instance: vulcan app.kubernetes.io/name: stream - annotations: - nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" - nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" spec: rules: - - host: "stream.vulcan.local" + - host: stream.localhost.direct http: paths: - path: / @@ -3538,6 +2844,10 @@ spec: name: myrelease-vulcan-stream port: number: 80 + tls: + - hosts: + - stream.localhost.direct + secretName: localhost-direct-tls --- # Source: vulcan/templates/ui/ingress.yaml apiVersion: networking.k8s.io/v1 @@ -3552,7 +2862,7 @@ metadata: app.kubernetes.io/name: ui spec: rules: - - host: "www.vulcan.local" + - host: www.localhost.direct http: paths: - path: / @@ -3562,6 +2872,10 @@ spec: name: myrelease-vulcan-ui port: number: 80 + tls: + - hosts: + - www.localhost.direct + secretName: localhost-direct-tls --- # Source: vulcan/templates/vulndbapi/ingress.yaml apiVersion: networking.k8s.io/v1 @@ -3576,7 +2890,7 @@ metadata: app.kubernetes.io/name: vulndbapi spec: rules: - - host: "vulndbapi.vulcan.local" + - host: vulndbapi.localhost.direct http: paths: - path: / @@ -3586,3 +2900,7 @@ spec: name: myrelease-vulcan-vulndbapi port: number: 80 + tls: + - hosts: + - vulndbapi.localhost.direct + secretName: localhost-direct-tls diff --git a/stable/vulcan/README.md b/stable/vulcan/README.md index 986712df..b92b9d14 100644 --- a/stable/vulcan/README.md +++ b/stable/vulcan/README.md @@ -27,361 +27,538 @@ A Helm chart for deploying Vulcan | global.domain | string | `"vulcan.local"` | | | global.region | string | `"local"` | | | global.podLabels | object | `{}` | custom labels for all components | -| anchors | object | `{"comp":{"affinity":{},"autoscaling":{"behavior":{},"enabled":false,"maxReplicas":5,"minReplicas":1,"targetCPUUtilizationPercentage":50,"targetMemoryUtilizationPercentage":null},"containerPort":8080,"extraEnv":{},"extraPodLabels":{},"fullnameOverride":"","image":{"pullPolicy":"Always"},"imagePullSecrets":[],"ingress":{"annotations":{},"enabled":false,"hosts":[],"tls":[]},"lifecycle":{"preStopSleep":30},"livenessProbe":{"enabled":true,"failureThreshold":10,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3},"meta":{"s3":false,"sns":false,"sqs":false},"nameOverride":"","nodeSelector":{},"podSecurityContext":{},"proxy":{"cache":{"enabled":false,"maxAge":240,"maxSize":64},"enabled":true,"image":{"repository":"haproxy","tag":"2.4.23-alpine"},"lifecycle":{"preStopSleep":30},"metricsPort":9101,"port":9090,"probe":false,"probeInitialDelay":5,"probePath":"/healthz","probeTimeoutSeconds":3,"resources":{},"timeoutClient":null,"timeoutConnect":null,"timeoutServer":null,"timeoutTunnel":null},"readinessProbe":{"enabled":true,"failureThreshold":5,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3},"replicaCount":null,"resources":{},"securityContext":{},"service":{"port":80,"portName":null,"protocol":"TCP","targetPort":null,"type":"ClusterIP"},"tolerations":[]},"db":{"ca":null,"host":null,"name":null,"password":"TBD","port":5432,"sslMode":"disable","user":null},"dogstatsd":{"enabled":true,"image":{"repository":"datadog/dogstatsd","tag":"7.42.2"}}}` | Anchors | +| anchors | object | `{"comp":{"affinity":{},"autoscaling":{"behavior":{},"enabled":false,"maxReplicas":5,"minReplicas":1,"targetCPUUtilizationPercentage":50,"targetMemoryUtilizationPercentage":null},"containerPort":8080,"extraEnv":{},"extraPodLabels":{},"fullnameOverride":"","image":{"pullPolicy":"Always"},"imagePullSecrets":[],"ingress":{"annotations":{},"enabled":false,"extraHosts":[],"extraPaths":[],"extraRules":[],"extraTls":[],"hostname":null,"ingressClassName":"","path":"/","pathType":"ImplementationSpecific","secretName":null,"tls":false},"lifecycle":{"preStopSleep":30},"livenessProbe":{"enabled":true,"failureThreshold":10,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3},"meta":{"s3":false,"sns":false,"sqs":false},"nameOverride":"","nodeSelector":{},"podSecurityContext":{},"proxy":{"cache":{"enabled":false,"maxAge":240,"maxSize":64},"enabled":true,"image":{"repository":"haproxy","tag":"2.4.23-alpine"},"lifecycle":{"preStopSleep":30},"metricsPort":9101,"port":9090,"probe":false,"probeInitialDelay":5,"probePath":"/healthz","probeTimeoutSeconds":3,"resources":{},"timeoutClient":null,"timeoutConnect":null,"timeoutServer":null,"timeoutTunnel":null},"readinessProbe":{"enabled":true,"failureThreshold":5,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3},"replicaCount":null,"resources":{},"securityContext":{},"service":{"port":80,"portName":null,"protocol":"TCP","targetPort":null,"type":"ClusterIP"},"tolerations":[]},"db":{"ca":null,"host":null,"name":null,"password":"TBD","port":5432,"sslMode":"disable","user":null},"dogstatsd":{"enabled":true,"image":{"repository":"datadog/dogstatsd","tag":"7.42.2"}}}` | Anchors | | anchors.db | object | `{"ca":null,"host":null,"name":null,"password":"TBD","port":5432,"sslMode":"disable","user":null}` | postgres database settings | +| reportsgenerator.dogstatsd.image.repository | string | `"datadog/dogstatsd"` | | +| stream.dogstatsd.image.repository | string | `"datadog/dogstatsd"` | | +| persistence.dogstatsd.image.repository | string | `"datadog/dogstatsd"` | | | metrics.dogstatsd.image.repository | string | `"datadog/dogstatsd"` | | -| scanengine.dogstatsd.image.repository | string | `"datadog/dogstatsd"` | | | results.dogstatsd.image.repository | string | `"datadog/dogstatsd"` | | -| stream.dogstatsd.image.repository | string | `"datadog/dogstatsd"` | | | api.dogstatsd.image.repository | string | `"datadog/dogstatsd"` | | -| reportsgenerator.dogstatsd.image.repository | string | `"datadog/dogstatsd"` | | -| persistence.dogstatsd.image.repository | string | `"datadog/dogstatsd"` | | -| results.dogstatsd.image.tag | string | `"7.42.2"` | | +| scanengine.dogstatsd.image.repository | string | `"datadog/dogstatsd"` | | | scanengine.dogstatsd.image.tag | string | `"7.42.2"` | | | metrics.dogstatsd.image.tag | string | `"7.42.2"` | | | stream.dogstatsd.image.tag | string | `"7.42.2"` | | -| api.dogstatsd.image.tag | string | `"7.42.2"` | | | persistence.dogstatsd.image.tag | string | `"7.42.2"` | | | reportsgenerator.dogstatsd.image.tag | string | `"7.42.2"` | | -| persistence.dogstatsd.enabled | bool | `true` | | +| api.dogstatsd.image.tag | string | `"7.42.2"` | | +| results.dogstatsd.image.tag | string | `"7.42.2"` | | +| api.dogstatsd.enabled | bool | `true` | | | metrics.dogstatsd.enabled | bool | `true` | | -| stream.dogstatsd.enabled | bool | `true` | | +| results.dogstatsd.enabled | bool | `true` | | | reportsgenerator.dogstatsd.enabled | bool | `true` | | +| persistence.dogstatsd.enabled | bool | `true` | | | scanengine.dogstatsd.enabled | bool | `true` | | -| api.dogstatsd.enabled | bool | `true` | | -| results.dogstatsd.enabled | bool | `true` | | -| goaws.<<.replicaCount | string | `nil` | | +| stream.dogstatsd.enabled | bool | `true` | | +| scanengine.<<.replicaCount | string | `nil` | | +| insights.<<.replicaCount | string | `nil` | | +| metrics.<<.replicaCount | string | `nil` | | +| stream.<<.replicaCount | string | `nil` | | | vulndb.<<.replicaCount | string | `nil` | | -| persistence.<<.replicaCount | string | `nil` | | | crontinuous.<<.replicaCount | string | `nil` | | -| insights.<<.replicaCount | string | `nil` | | +| reportsgenerator.<<.replicaCount | string | `nil` | | +| persistence.<<.replicaCount | string | `nil` | | +| results.<<.replicaCount | string | `nil` | | +| ui.<<.replicaCount | string | `nil` | | | sqsexporter.<<.replicaCount | string | `nil` | | +| goaws.<<.replicaCount | string | `nil` | | | api.<<.replicaCount | string | `nil` | | | vulndbapi.<<.replicaCount | string | `nil` | | -| metrics.<<.replicaCount | string | `nil` | | -| scanengine.<<.replicaCount | string | `nil` | | -| ui.<<.replicaCount | string | `nil` | | -| results.<<.replicaCount | string | `nil` | | -| reportsgenerator.<<.replicaCount | string | `nil` | | -| stream.<<.replicaCount | string | `nil` | | -| vulndbapi.<<.image.pullPolicy | string | `"Always"` | | -| metrics.<<.image.pullPolicy | string | `"Always"` | | | api.<<.image.pullPolicy | string | `"Always"` | | +| ui.<<.image.pullPolicy | string | `"Always"` | | +| results.<<.image.pullPolicy | string | `"Always"` | | | sqsexporter.<<.image.pullPolicy | string | `"Always"` | | +| vulndbapi.<<.image.pullPolicy | string | `"Always"` | | +| metrics.<<.image.pullPolicy | string | `"Always"` | | +| crontinuous.<<.image.pullPolicy | string | `"Always"` | | +| persistence.<<.image.pullPolicy | string | `"Always"` | | | stream.<<.image.pullPolicy | string | `"Always"` | | | vulndb.<<.image.pullPolicy | string | `"Always"` | | -| persistence.<<.image.pullPolicy | string | `"Always"` | | -| insights.<<.image.pullPolicy | string | `"Always"` | | -| scanengine.<<.image.pullPolicy | string | `"Always"` | | -| ui.<<.image.pullPolicy | string | `"Always"` | | -| crontinuous.<<.image.pullPolicy | string | `"Always"` | | | reportsgenerator.<<.image.pullPolicy | string | `"Always"` | | +| scanengine.<<.image.pullPolicy | string | `"Always"` | | +| insights.<<.image.pullPolicy | string | `"Always"` | | | goaws.<<.image.pullPolicy | string | `"Always"` | | -| results.<<.image.pullPolicy | string | `"Always"` | | -| crontinuous.<<.meta | object | `{"s3":false,"sns":false,"sqs":false}` | defines the required services for the component | -| ui.<<.meta | object | `{"s3":false,"sns":false,"sqs":false}` | defines the required services for the component | -| persistence.<<.meta | object | `{"s3":false,"sns":false,"sqs":false}` | defines the required services for the component | -| results.<<.meta | object | `{"s3":false,"sns":false,"sqs":false}` | defines the required services for the component | +| sqsexporter.<<.meta | object | `{"s3":false,"sns":false,"sqs":false}` | defines the required services for the component | | reportsgenerator.<<.meta | object | `{"s3":false,"sns":false,"sqs":false}` | defines the required services for the component | | scanengine.<<.meta | object | `{"s3":false,"sns":false,"sqs":false}` | defines the required services for the component | -| goaws.<<.meta | object | `{"s3":false,"sns":false,"sqs":false}` | defines the required services for the component | -| sqsexporter.<<.meta | object | `{"s3":false,"sns":false,"sqs":false}` | defines the required services for the component | -| anchors.comp.meta | object | `{"s3":false,"sns":false,"sqs":false}` | defines the required services for the component | | stream.<<.meta | object | `{"s3":false,"sns":false,"sqs":false}` | defines the required services for the component | -| insights.<<.meta | object | `{"s3":false,"sns":false,"sqs":false}` | defines the required services for the component | +| persistence.<<.meta | object | `{"s3":false,"sns":false,"sqs":false}` | defines the required services for the component | +| api.<<.meta | object | `{"s3":false,"sns":false,"sqs":false}` | defines the required services for the component | | vulndb.<<.meta | object | `{"s3":false,"sns":false,"sqs":false}` | defines the required services for the component | | metrics.<<.meta | object | `{"s3":false,"sns":false,"sqs":false}` | defines the required services for the component | | vulndbapi.<<.meta | object | `{"s3":false,"sns":false,"sqs":false}` | defines the required services for the component | -| api.<<.meta | object | `{"s3":false,"sns":false,"sqs":false}` | defines the required services for the component | -| metrics.<<.extraPodLabels | object | `{}` | custom extra labels | +| insights.<<.meta | object | `{"s3":false,"sns":false,"sqs":false}` | defines the required services for the component | +| anchors.comp.meta | object | `{"s3":false,"sns":false,"sqs":false}` | defines the required services for the component | +| ui.<<.meta | object | `{"s3":false,"sns":false,"sqs":false}` | defines the required services for the component | +| goaws.<<.meta | object | `{"s3":false,"sns":false,"sqs":false}` | defines the required services for the component | +| crontinuous.<<.meta | object | `{"s3":false,"sns":false,"sqs":false}` | defines the required services for the component | +| results.<<.meta | object | `{"s3":false,"sns":false,"sqs":false}` | defines the required services for the component | +| crontinuous.<<.extraPodLabels | object | `{}` | custom extra labels | | insights.<<.extraPodLabels | object | `{}` | custom extra labels | -| vulndb.<<.extraPodLabels | object | `{}` | custom extra labels | +| results.<<.extraPodLabels | object | `{}` | custom extra labels | | vulndbapi.<<.extraPodLabels | object | `{}` | custom extra labels | -| anchors.comp.extraPodLabels | object | `{}` | custom extra labels | -| sqsexporter.<<.extraPodLabels | object | `{}` | custom extra labels | -| ui.<<.extraPodLabels | object | `{}` | custom extra labels | +| goaws.<<.extraPodLabels | object | `{}` | custom extra labels | | reportsgenerator.<<.extraPodLabels | object | `{}` | custom extra labels | -| results.<<.extraPodLabels | object | `{}` | custom extra labels | -| stream.<<.extraPodLabels | object | `{}` | custom extra labels | | api.<<.extraPodLabels | object | `{}` | custom extra labels | -| crontinuous.<<.extraPodLabels | object | `{}` | custom extra labels | -| goaws.<<.extraPodLabels | object | `{}` | custom extra labels | | persistence.<<.extraPodLabels | object | `{}` | custom extra labels | +| vulndb.<<.extraPodLabels | object | `{}` | custom extra labels | | scanengine.<<.extraPodLabels | object | `{}` | custom extra labels | -| persistence.<<.extraEnv | object | `{}` | custom env variables | -| results.<<.extraEnv | object | `{}` | custom env variables | -| anchors.comp.extraEnv | object | `{}` | custom env variables | +| stream.<<.extraPodLabels | object | `{}` | custom extra labels | +| anchors.comp.extraPodLabels | object | `{}` | custom extra labels | +| ui.<<.extraPodLabels | object | `{}` | custom extra labels | +| sqsexporter.<<.extraPodLabels | object | `{}` | custom extra labels | +| metrics.<<.extraPodLabels | object | `{}` | custom extra labels | +| stream.<<.extraEnv | object | `{}` | custom env variables | +| sqsexporter.<<.extraEnv | object | `{}` | custom env variables | +| crontinuous.<<.extraEnv | object | `{}` | custom env variables | +| insights.<<.extraEnv | object | `{}` | custom env variables | | goaws.<<.extraEnv | object | `{}` | custom env variables | -| vulndb.<<.extraEnv | object | `{}` | custom env variables | +| api.<<.extraEnv | object | `{}` | custom env variables | +| vulndbapi.<<.extraEnv | object | `{}` | custom env variables | | ui.<<.extraEnv | object | `{}` | custom env variables | | reportsgenerator.<<.extraEnv | object | `{}` | custom env variables | -| crontinuous.<<.extraEnv | object | `{}` | custom env variables | -| api.<<.extraEnv | object | `{}` | custom env variables | -| metrics.<<.extraEnv | object | `{}` | custom env variables | -| stream.<<.extraEnv | object | `{}` | custom env variables | -| insights.<<.extraEnv | object | `{}` | custom env variables | +| persistence.<<.extraEnv | object | `{}` | custom env variables | +| anchors.comp.extraEnv | object | `{}` | custom env variables | +| results.<<.extraEnv | object | `{}` | custom env variables | +| vulndb.<<.extraEnv | object | `{}` | custom env variables | | scanengine.<<.extraEnv | object | `{}` | custom env variables | -| vulndbapi.<<.extraEnv | object | `{}` | custom env variables | -| sqsexporter.<<.extraEnv | object | `{}` | custom env variables | +| metrics.<<.extraEnv | object | `{}` | custom env variables | +| anchors.comp.proxy | object | `{"cache":{"enabled":false,"maxAge":240,"maxSize":64},"enabled":true,"image":{"repository":"haproxy","tag":"2.4.23-alpine"},"lifecycle":{"preStopSleep":30},"metricsPort":9101,"port":9090,"probe":false,"probeInitialDelay":5,"probePath":"/healthz","probeTimeoutSeconds":3,"resources":{},"timeoutClient":null,"timeoutConnect":null,"timeoutServer":null,"timeoutTunnel":null}` | proxy settings | +| reportsgenerator.<<.proxy | object | `{"cache":{"enabled":false,"maxAge":240,"maxSize":64},"enabled":true,"image":{"repository":"haproxy","tag":"2.4.23-alpine"},"lifecycle":{"preStopSleep":30},"metricsPort":9101,"port":9090,"probe":false,"probeInitialDelay":5,"probePath":"/healthz","probeTimeoutSeconds":3,"resources":{},"timeoutClient":null,"timeoutConnect":null,"timeoutServer":null,"timeoutTunnel":null}` | proxy settings | +| stream.<<.proxy | object | `{"cache":{"enabled":false,"maxAge":240,"maxSize":64},"enabled":true,"image":{"repository":"haproxy","tag":"2.4.23-alpine"},"lifecycle":{"preStopSleep":30},"metricsPort":9101,"port":9090,"probe":false,"probeInitialDelay":5,"probePath":"/healthz","probeTimeoutSeconds":3,"resources":{},"timeoutClient":null,"timeoutConnect":null,"timeoutServer":null,"timeoutTunnel":null}` | proxy settings | +| crontinuous.<<.proxy | object | `{"cache":{"enabled":false,"maxAge":240,"maxSize":64},"enabled":true,"image":{"repository":"haproxy","tag":"2.4.23-alpine"},"lifecycle":{"preStopSleep":30},"metricsPort":9101,"port":9090,"probe":false,"probeInitialDelay":5,"probePath":"/healthz","probeTimeoutSeconds":3,"resources":{},"timeoutClient":null,"timeoutConnect":null,"timeoutServer":null,"timeoutTunnel":null}` | proxy settings | +| results.<<.proxy | object | `{"cache":{"enabled":false,"maxAge":240,"maxSize":64},"enabled":true,"image":{"repository":"haproxy","tag":"2.4.23-alpine"},"lifecycle":{"preStopSleep":30},"metricsPort":9101,"port":9090,"probe":false,"probeInitialDelay":5,"probePath":"/healthz","probeTimeoutSeconds":3,"resources":{},"timeoutClient":null,"timeoutConnect":null,"timeoutServer":null,"timeoutTunnel":null}` | proxy settings | | vulndbapi.<<.proxy | object | `{"cache":{"enabled":false,"maxAge":240,"maxSize":64},"enabled":true,"image":{"repository":"haproxy","tag":"2.4.23-alpine"},"lifecycle":{"preStopSleep":30},"metricsPort":9101,"port":9090,"probe":false,"probeInitialDelay":5,"probePath":"/healthz","probeTimeoutSeconds":3,"resources":{},"timeoutClient":null,"timeoutConnect":null,"timeoutServer":null,"timeoutTunnel":null}` | proxy settings | -| goaws.<<.proxy | object | `{"cache":{"enabled":false,"maxAge":240,"maxSize":64},"enabled":true,"image":{"repository":"haproxy","tag":"2.4.23-alpine"},"lifecycle":{"preStopSleep":30},"metricsPort":9101,"port":9090,"probe":false,"probeInitialDelay":5,"probePath":"/healthz","probeTimeoutSeconds":3,"resources":{},"timeoutClient":null,"timeoutConnect":null,"timeoutServer":null,"timeoutTunnel":null}` | proxy settings | -| sqsexporter.<<.proxy | object | `{"cache":{"enabled":false,"maxAge":240,"maxSize":64},"enabled":true,"image":{"repository":"haproxy","tag":"2.4.23-alpine"},"lifecycle":{"preStopSleep":30},"metricsPort":9101,"port":9090,"probe":false,"probeInitialDelay":5,"probePath":"/healthz","probeTimeoutSeconds":3,"resources":{},"timeoutClient":null,"timeoutConnect":null,"timeoutServer":null,"timeoutTunnel":null}` | proxy settings | | persistence.<<.proxy | object | `{"cache":{"enabled":false,"maxAge":240,"maxSize":64},"enabled":true,"image":{"repository":"haproxy","tag":"2.4.23-alpine"},"lifecycle":{"preStopSleep":30},"metricsPort":9101,"port":9090,"probe":false,"probeInitialDelay":5,"probePath":"/healthz","probeTimeoutSeconds":3,"resources":{},"timeoutClient":null,"timeoutConnect":null,"timeoutServer":null,"timeoutTunnel":null}` | proxy settings | -| scanengine.<<.proxy | object | `{"cache":{"enabled":false,"maxAge":240,"maxSize":64},"enabled":true,"image":{"repository":"haproxy","tag":"2.4.23-alpine"},"lifecycle":{"preStopSleep":30},"metricsPort":9101,"port":9090,"probe":false,"probeInitialDelay":5,"probePath":"/healthz","probeTimeoutSeconds":3,"resources":{},"timeoutClient":null,"timeoutConnect":null,"timeoutServer":null,"timeoutTunnel":null}` | proxy settings | +| ui.<<.proxy | object | `{"cache":{"enabled":false,"maxAge":240,"maxSize":64},"enabled":true,"image":{"repository":"haproxy","tag":"2.4.23-alpine"},"lifecycle":{"preStopSleep":30},"metricsPort":9101,"port":9090,"probe":false,"probeInitialDelay":5,"probePath":"/healthz","probeTimeoutSeconds":3,"resources":{},"timeoutClient":null,"timeoutConnect":null,"timeoutServer":null,"timeoutTunnel":null}` | proxy settings | | insights.<<.proxy | object | `{"cache":{"enabled":false,"maxAge":240,"maxSize":64},"enabled":true,"image":{"repository":"haproxy","tag":"2.4.23-alpine"},"lifecycle":{"preStopSleep":30},"metricsPort":9101,"port":9090,"probe":false,"probeInitialDelay":5,"probePath":"/healthz","probeTimeoutSeconds":3,"resources":{},"timeoutClient":null,"timeoutConnect":null,"timeoutServer":null,"timeoutTunnel":null}` | proxy settings | +| goaws.<<.proxy | object | `{"cache":{"enabled":false,"maxAge":240,"maxSize":64},"enabled":true,"image":{"repository":"haproxy","tag":"2.4.23-alpine"},"lifecycle":{"preStopSleep":30},"metricsPort":9101,"port":9090,"probe":false,"probeInitialDelay":5,"probePath":"/healthz","probeTimeoutSeconds":3,"resources":{},"timeoutClient":null,"timeoutConnect":null,"timeoutServer":null,"timeoutTunnel":null}` | proxy settings | +| sqsexporter.<<.proxy | object | `{"cache":{"enabled":false,"maxAge":240,"maxSize":64},"enabled":true,"image":{"repository":"haproxy","tag":"2.4.23-alpine"},"lifecycle":{"preStopSleep":30},"metricsPort":9101,"port":9090,"probe":false,"probeInitialDelay":5,"probePath":"/healthz","probeTimeoutSeconds":3,"resources":{},"timeoutClient":null,"timeoutConnect":null,"timeoutServer":null,"timeoutTunnel":null}` | proxy settings | +| vulndb.<<.proxy | object | `{"cache":{"enabled":false,"maxAge":240,"maxSize":64},"enabled":true,"image":{"repository":"haproxy","tag":"2.4.23-alpine"},"lifecycle":{"preStopSleep":30},"metricsPort":9101,"port":9090,"probe":false,"probeInitialDelay":5,"probePath":"/healthz","probeTimeoutSeconds":3,"resources":{},"timeoutClient":null,"timeoutConnect":null,"timeoutServer":null,"timeoutTunnel":null}` | proxy settings | | api.<<.proxy | object | `{"cache":{"enabled":false,"maxAge":240,"maxSize":64},"enabled":true,"image":{"repository":"haproxy","tag":"2.4.23-alpine"},"lifecycle":{"preStopSleep":30},"metricsPort":9101,"port":9090,"probe":false,"probeInitialDelay":5,"probePath":"/healthz","probeTimeoutSeconds":3,"resources":{},"timeoutClient":null,"timeoutConnect":null,"timeoutServer":null,"timeoutTunnel":null}` | proxy settings | -| stream.<<.proxy | object | `{"cache":{"enabled":false,"maxAge":240,"maxSize":64},"enabled":true,"image":{"repository":"haproxy","tag":"2.4.23-alpine"},"lifecycle":{"preStopSleep":30},"metricsPort":9101,"port":9090,"probe":false,"probeInitialDelay":5,"probePath":"/healthz","probeTimeoutSeconds":3,"resources":{},"timeoutClient":null,"timeoutConnect":null,"timeoutServer":null,"timeoutTunnel":null}` | proxy settings | +| scanengine.<<.proxy | object | `{"cache":{"enabled":false,"maxAge":240,"maxSize":64},"enabled":true,"image":{"repository":"haproxy","tag":"2.4.23-alpine"},"lifecycle":{"preStopSleep":30},"metricsPort":9101,"port":9090,"probe":false,"probeInitialDelay":5,"probePath":"/healthz","probeTimeoutSeconds":3,"resources":{},"timeoutClient":null,"timeoutConnect":null,"timeoutServer":null,"timeoutTunnel":null}` | proxy settings | | metrics.<<.proxy | object | `{"cache":{"enabled":false,"maxAge":240,"maxSize":64},"enabled":true,"image":{"repository":"haproxy","tag":"2.4.23-alpine"},"lifecycle":{"preStopSleep":30},"metricsPort":9101,"port":9090,"probe":false,"probeInitialDelay":5,"probePath":"/healthz","probeTimeoutSeconds":3,"resources":{},"timeoutClient":null,"timeoutConnect":null,"timeoutServer":null,"timeoutTunnel":null}` | proxy settings | -| ui.<<.proxy | object | `{"cache":{"enabled":false,"maxAge":240,"maxSize":64},"enabled":true,"image":{"repository":"haproxy","tag":"2.4.23-alpine"},"lifecycle":{"preStopSleep":30},"metricsPort":9101,"port":9090,"probe":false,"probeInitialDelay":5,"probePath":"/healthz","probeTimeoutSeconds":3,"resources":{},"timeoutClient":null,"timeoutConnect":null,"timeoutServer":null,"timeoutTunnel":null}` | proxy settings | -| vulndb.<<.proxy | object | `{"cache":{"enabled":false,"maxAge":240,"maxSize":64},"enabled":true,"image":{"repository":"haproxy","tag":"2.4.23-alpine"},"lifecycle":{"preStopSleep":30},"metricsPort":9101,"port":9090,"probe":false,"probeInitialDelay":5,"probePath":"/healthz","probeTimeoutSeconds":3,"resources":{},"timeoutClient":null,"timeoutConnect":null,"timeoutServer":null,"timeoutTunnel":null}` | proxy settings | -| anchors.comp.proxy | object | `{"cache":{"enabled":false,"maxAge":240,"maxSize":64},"enabled":true,"image":{"repository":"haproxy","tag":"2.4.23-alpine"},"lifecycle":{"preStopSleep":30},"metricsPort":9101,"port":9090,"probe":false,"probeInitialDelay":5,"probePath":"/healthz","probeTimeoutSeconds":3,"resources":{},"timeoutClient":null,"timeoutConnect":null,"timeoutServer":null,"timeoutTunnel":null}` | proxy settings | -| results.<<.proxy | object | `{"cache":{"enabled":false,"maxAge":240,"maxSize":64},"enabled":true,"image":{"repository":"haproxy","tag":"2.4.23-alpine"},"lifecycle":{"preStopSleep":30},"metricsPort":9101,"port":9090,"probe":false,"probeInitialDelay":5,"probePath":"/healthz","probeTimeoutSeconds":3,"resources":{},"timeoutClient":null,"timeoutConnect":null,"timeoutServer":null,"timeoutTunnel":null}` | proxy settings | -| reportsgenerator.<<.proxy | object | `{"cache":{"enabled":false,"maxAge":240,"maxSize":64},"enabled":true,"image":{"repository":"haproxy","tag":"2.4.23-alpine"},"lifecycle":{"preStopSleep":30},"metricsPort":9101,"port":9090,"probe":false,"probeInitialDelay":5,"probePath":"/healthz","probeTimeoutSeconds":3,"resources":{},"timeoutClient":null,"timeoutConnect":null,"timeoutServer":null,"timeoutTunnel":null}` | proxy settings | -| crontinuous.<<.proxy | object | `{"cache":{"enabled":false,"maxAge":240,"maxSize":64},"enabled":true,"image":{"repository":"haproxy","tag":"2.4.23-alpine"},"lifecycle":{"preStopSleep":30},"metricsPort":9101,"port":9090,"probe":false,"probeInitialDelay":5,"probePath":"/healthz","probeTimeoutSeconds":3,"resources":{},"timeoutClient":null,"timeoutConnect":null,"timeoutServer":null,"timeoutTunnel":null}` | proxy settings | -| scanengine.<<.podSecurityContext | object | `{}` | | +| vulndbapi.<<.podSecurityContext | object | `{}` | | | stream.<<.podSecurityContext | object | `{}` | | -| ui.<<.podSecurityContext | object | `{}` | | -| reportsgenerator.<<.podSecurityContext | object | `{}` | | +| goaws.<<.podSecurityContext | object | `{}` | | | insights.<<.podSecurityContext | object | `{}` | | -| results.<<.podSecurityContext | object | `{}` | | -| vulndbapi.<<.podSecurityContext | object | `{}` | | -| sqsexporter.<<.podSecurityContext | object | `{}` | | -| vulndb.<<.podSecurityContext | object | `{}` | | -| crontinuous.<<.podSecurityContext | object | `{}` | | | api.<<.podSecurityContext | object | `{}` | | -| persistence.<<.podSecurityContext | object | `{}` | | -| goaws.<<.podSecurityContext | object | `{}` | | +| scanengine.<<.podSecurityContext | object | `{}` | | | metrics.<<.podSecurityContext | object | `{}` | | -| api.<<.securityContext | object | `{}` | | -| goaws.<<.securityContext | object | `{}` | | -| persistence.<<.securityContext | object | `{}` | | -| vulndb.<<.securityContext | object | `{}` | | -| crontinuous.<<.securityContext | object | `{}` | | +| persistence.<<.podSecurityContext | object | `{}` | | +| crontinuous.<<.podSecurityContext | object | `{}` | | +| ui.<<.podSecurityContext | object | `{}` | | +| sqsexporter.<<.podSecurityContext | object | `{}` | | +| reportsgenerator.<<.podSecurityContext | object | `{}` | | +| vulndb.<<.podSecurityContext | object | `{}` | | +| results.<<.podSecurityContext | object | `{}` | | +| stream.<<.securityContext | object | `{}` | | | vulndbapi.<<.securityContext | object | `{}` | | -| sqsexporter.<<.securityContext | object | `{}` | | +| goaws.<<.securityContext | object | `{}` | | | insights.<<.securityContext | object | `{}` | | -| results.<<.securityContext | object | `{}` | | -| ui.<<.securityContext | object | `{}` | | -| stream.<<.securityContext | object | `{}` | | -| metrics.<<.securityContext | object | `{}` | | +| sqsexporter.<<.securityContext | object | `{}` | | | scanengine.<<.securityContext | object | `{}` | | | reportsgenerator.<<.securityContext | object | `{}` | | -| crontinuous.<<.imagePullSecrets | list | `[]` | | -| results.<<.imagePullSecrets | list | `[]` | | +| crontinuous.<<.securityContext | object | `{}` | | +| results.<<.securityContext | object | `{}` | | +| metrics.<<.securityContext | object | `{}` | | +| ui.<<.securityContext | object | `{}` | | +| vulndb.<<.securityContext | object | `{}` | | +| api.<<.securityContext | object | `{}` | | +| persistence.<<.securityContext | object | `{}` | | +| persistence.<<.imagePullSecrets | list | `[]` | | +| scanengine.<<.imagePullSecrets | list | `[]` | | +| api.<<.imagePullSecrets | list | `[]` | | | ui.<<.imagePullSecrets | list | `[]` | | | vulndbapi.<<.imagePullSecrets | list | `[]` | | -| stream.<<.imagePullSecrets | list | `[]` | | | metrics.<<.imagePullSecrets | list | `[]` | | | vulndb.<<.imagePullSecrets | list | `[]` | | -| api.<<.imagePullSecrets | list | `[]` | | +| crontinuous.<<.imagePullSecrets | list | `[]` | | | goaws.<<.imagePullSecrets | list | `[]` | | -| scanengine.<<.imagePullSecrets | list | `[]` | | | insights.<<.imagePullSecrets | list | `[]` | | -| persistence.<<.imagePullSecrets | list | `[]` | | +| results.<<.imagePullSecrets | list | `[]` | | | sqsexporter.<<.imagePullSecrets | list | `[]` | | +| stream.<<.imagePullSecrets | list | `[]` | | | reportsgenerator.<<.imagePullSecrets | list | `[]` | | +| vulndbapi.<<.nameOverride | string | `""` | | +| insights.<<.nameOverride | string | `""` | | +| stream.<<.nameOverride | string | `""` | | +| sqsexporter.<<.nameOverride | string | `""` | | | results.<<.nameOverride | string | `""` | | -| api.<<.nameOverride | string | `""` | | | persistence.<<.nameOverride | string | `""` | | | goaws.<<.nameOverride | string | `""` | | -| vulndb.<<.nameOverride | string | `""` | | -| sqsexporter.<<.nameOverride | string | `""` | | -| crontinuous.<<.nameOverride | string | `""` | | -| vulndbapi.<<.nameOverride | string | `""` | | -| ui.<<.nameOverride | string | `""` | | -| reportsgenerator.<<.nameOverride | string | `""` | | +| api.<<.nameOverride | string | `""` | | | metrics.<<.nameOverride | string | `""` | | -| stream.<<.nameOverride | string | `""` | | +| crontinuous.<<.nameOverride | string | `""` | | +| vulndb.<<.nameOverride | string | `""` | | | scanengine.<<.nameOverride | string | `""` | | -| insights.<<.nameOverride | string | `""` | | -| vulndbapi.<<.fullnameOverride | string | `""` | | -| ui.<<.fullnameOverride | string | `""` | | +| reportsgenerator.<<.nameOverride | string | `""` | | +| ui.<<.nameOverride | string | `""` | | +| crontinuous.<<.fullnameOverride | string | `""` | | | goaws.<<.fullnameOverride | string | `""` | | -| persistence.<<.fullnameOverride | string | `""` | | -| scanengine.<<.fullnameOverride | string | `""` | | -| sqsexporter.<<.fullnameOverride | string | `""` | | -| insights.<<.fullnameOverride | string | `""` | | | reportsgenerator.<<.fullnameOverride | string | `""` | | -| crontinuous.<<.fullnameOverride | string | `""` | | -| stream.<<.fullnameOverride | string | `""` | | +| insights.<<.fullnameOverride | string | `""` | | | api.<<.fullnameOverride | string | `""` | | | results.<<.fullnameOverride | string | `""` | | +| vulndbapi.<<.fullnameOverride | string | `""` | | +| persistence.<<.fullnameOverride | string | `""` | | | metrics.<<.fullnameOverride | string | `""` | | +| scanengine.<<.fullnameOverride | string | `""` | | | vulndb.<<.fullnameOverride | string | `""` | | +| ui.<<.fullnameOverride | string | `""` | | +| sqsexporter.<<.fullnameOverride | string | `""` | | +| stream.<<.fullnameOverride | string | `""` | | +| scanengine.<<.containerPort | int | `8080` | | | ui.<<.containerPort | int | `8080` | | -| vulndbapi.<<.containerPort | int | `8080` | | +| sqsexporter.<<.containerPort | int | `8080` | | | metrics.<<.containerPort | int | `8080` | | -| results.<<.containerPort | int | `8080` | | -| crontinuous.<<.containerPort | int | `8080` | | -| api.<<.containerPort | int | `8080` | | | reportsgenerator.<<.containerPort | int | `8080` | | -| persistence.<<.containerPort | int | `8080` | | -| goaws.<<.containerPort | int | `8080` | | -| sqsexporter.<<.containerPort | int | `8080` | | -| scanengine.<<.containerPort | int | `8080` | | | stream.<<.containerPort | int | `8080` | | +| api.<<.containerPort | int | `8080` | | +| goaws.<<.containerPort | int | `8080` | | | insights.<<.containerPort | int | `8080` | | +| persistence.<<.containerPort | int | `8080` | | | vulndb.<<.containerPort | int | `8080` | | -| vulndb.<<.lifecycle.preStopSleep | int | `30` | | +| vulndbapi.<<.containerPort | int | `8080` | | +| results.<<.containerPort | int | `8080` | | +| crontinuous.<<.containerPort | int | `8080` | | | insights.<<.lifecycle.preStopSleep | int | `30` | | -| crontinuous.<<.lifecycle.preStopSleep | int | `30` | | +| reportsgenerator.<<.lifecycle.preStopSleep | int | `30` | | | goaws.<<.lifecycle.preStopSleep | int | `30` | | -| sqsexporter.<<.lifecycle.preStopSleep | int | `30` | | +| vulndb.<<.lifecycle.preStopSleep | int | `30` | | +| stream.<<.lifecycle.preStopSleep | int | `30` | | | persistence.<<.lifecycle.preStopSleep | int | `30` | | -| vulndbapi.<<.lifecycle.preStopSleep | int | `30` | | +| scanengine.<<.lifecycle.preStopSleep | int | `30` | | | results.<<.lifecycle.preStopSleep | int | `30` | | -| reportsgenerator.<<.lifecycle.preStopSleep | int | `30` | | +| vulndbapi.<<.lifecycle.preStopSleep | int | `30` | | | ui.<<.lifecycle.preStopSleep | int | `30` | | -| scanengine.<<.lifecycle.preStopSleep | int | `30` | | | api.<<.lifecycle.preStopSleep | int | `30` | | | metrics.<<.lifecycle.preStopSleep | int | `30` | | -| stream.<<.lifecycle.preStopSleep | int | `30` | | +| crontinuous.<<.lifecycle.preStopSleep | int | `30` | | +| sqsexporter.<<.lifecycle.preStopSleep | int | `30` | | +| ui.<<.livenessProbe | object | `{"enabled":true,"failureThreshold":10,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | liveness settings | +| scanengine.<<.livenessProbe | object | `{"enabled":true,"failureThreshold":10,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | liveness settings | +| sqsexporter.<<.livenessProbe | object | `{"enabled":true,"failureThreshold":10,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | liveness settings | | crontinuous.<<.livenessProbe | object | `{"enabled":true,"failureThreshold":10,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | liveness settings | -| vulndb.<<.livenessProbe | object | `{"enabled":true,"failureThreshold":10,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | liveness settings | -| metrics.<<.livenessProbe | object | `{"enabled":true,"failureThreshold":10,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | liveness settings | -| insights.<<.livenessProbe | object | `{"enabled":true,"failureThreshold":10,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | liveness settings | | goaws.<<.livenessProbe | object | `{"enabled":true,"failureThreshold":10,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | liveness settings | -| anchors.comp.livenessProbe | object | `{"enabled":true,"failureThreshold":10,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | liveness settings | +| vulndb.<<.livenessProbe | object | `{"enabled":true,"failureThreshold":10,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | liveness settings | | reportsgenerator.<<.livenessProbe | object | `{"enabled":true,"failureThreshold":10,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | liveness settings | +| anchors.comp.livenessProbe | object | `{"enabled":true,"failureThreshold":10,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | liveness settings | | persistence.<<.livenessProbe | object | `{"enabled":true,"failureThreshold":10,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | liveness settings | | stream.<<.livenessProbe | object | `{"enabled":true,"failureThreshold":10,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | liveness settings | | api.<<.livenessProbe | object | `{"enabled":true,"failureThreshold":10,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | liveness settings | -| sqsexporter.<<.livenessProbe | object | `{"enabled":true,"failureThreshold":10,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | liveness settings | -| ui.<<.livenessProbe | object | `{"enabled":true,"failureThreshold":10,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | liveness settings | -| results.<<.livenessProbe | object | `{"enabled":true,"failureThreshold":10,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | liveness settings | | vulndbapi.<<.livenessProbe | object | `{"enabled":true,"failureThreshold":10,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | liveness settings | -| scanengine.<<.livenessProbe | object | `{"enabled":true,"failureThreshold":10,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | liveness settings | -| insights.<<.readinessProbe | object | `{"enabled":true,"failureThreshold":5,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | readiness settings | -| scanengine.<<.readinessProbe | object | `{"enabled":true,"failureThreshold":5,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | readiness settings | -| ui.<<.readinessProbe | object | `{"enabled":true,"failureThreshold":5,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | readiness settings | +| insights.<<.livenessProbe | object | `{"enabled":true,"failureThreshold":10,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | liveness settings | +| metrics.<<.livenessProbe | object | `{"enabled":true,"failureThreshold":10,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | liveness settings | +| results.<<.livenessProbe | object | `{"enabled":true,"failureThreshold":10,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | liveness settings | | sqsexporter.<<.readinessProbe | object | `{"enabled":true,"failureThreshold":5,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | readiness settings | -| vulndbapi.<<.readinessProbe | object | `{"enabled":true,"failureThreshold":5,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | readiness settings | -| stream.<<.readinessProbe | object | `{"enabled":true,"failureThreshold":5,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | readiness settings | | results.<<.readinessProbe | object | `{"enabled":true,"failureThreshold":5,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | readiness settings | +| anchors.comp.readinessProbe | object | `{"enabled":true,"failureThreshold":5,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | readiness settings | +| crontinuous.<<.readinessProbe | object | `{"enabled":true,"failureThreshold":5,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | readiness settings | +| vulndb.<<.readinessProbe | object | `{"enabled":true,"failureThreshold":5,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | readiness settings | +| ui.<<.readinessProbe | object | `{"enabled":true,"failureThreshold":5,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | readiness settings | +| scanengine.<<.readinessProbe | object | `{"enabled":true,"failureThreshold":5,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | readiness settings | | metrics.<<.readinessProbe | object | `{"enabled":true,"failureThreshold":5,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | readiness settings | -| persistence.<<.readinessProbe | object | `{"enabled":true,"failureThreshold":5,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | readiness settings | +| api.<<.readinessProbe | object | `{"enabled":true,"failureThreshold":5,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | readiness settings | | goaws.<<.readinessProbe | object | `{"enabled":true,"failureThreshold":5,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | readiness settings | -| crontinuous.<<.readinessProbe | object | `{"enabled":true,"failureThreshold":5,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | readiness settings | -| anchors.comp.readinessProbe | object | `{"enabled":true,"failureThreshold":5,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | readiness settings | | reportsgenerator.<<.readinessProbe | object | `{"enabled":true,"failureThreshold":5,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | readiness settings | -| api.<<.readinessProbe | object | `{"enabled":true,"failureThreshold":5,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | readiness settings | -| vulndb.<<.readinessProbe | object | `{"enabled":true,"failureThreshold":5,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | readiness settings | -| stream.<<.readinessProbe.path | string | `nil` | defaults to healthcheckPath | -| vulndbapi.<<.readinessProbe.path | string | `nil` | defaults to healthcheckPath | -| results.<<.readinessProbe.path | string | `nil` | defaults to healthcheckPath | -| crontinuous.<<.readinessProbe.path | string | `nil` | defaults to healthcheckPath | +| vulndbapi.<<.readinessProbe | object | `{"enabled":true,"failureThreshold":5,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | readiness settings | +| insights.<<.readinessProbe | object | `{"enabled":true,"failureThreshold":5,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | readiness settings | +| persistence.<<.readinessProbe | object | `{"enabled":true,"failureThreshold":5,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | readiness settings | +| stream.<<.readinessProbe | object | `{"enabled":true,"failureThreshold":5,"initialDelaySeconds":5,"path":null,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":3}` | readiness settings | +| scanengine.<<.readinessProbe.path | string | `nil` | defaults to healthcheckPath | | anchors.comp.readinessProbe.path | string | `nil` | defaults to healthcheckPath | -| ui.<<.readinessProbe.path | string | `nil` | defaults to healthcheckPath | -| api.<<.readinessProbe.path | string | `nil` | defaults to healthcheckPath | | vulndb.<<.readinessProbe.path | string | `nil` | defaults to healthcheckPath | +| results.<<.readinessProbe.path | string | `nil` | defaults to healthcheckPath | | insights.<<.readinessProbe.path | string | `nil` | defaults to healthcheckPath | -| metrics.<<.readinessProbe.path | string | `nil` | defaults to healthcheckPath | | persistence.<<.readinessProbe.path | string | `nil` | defaults to healthcheckPath | -| scanengine.<<.readinessProbe.path | string | `nil` | defaults to healthcheckPath | +| crontinuous.<<.readinessProbe.path | string | `nil` | defaults to healthcheckPath | +| api.<<.readinessProbe.path | string | `nil` | defaults to healthcheckPath | +| metrics.<<.readinessProbe.path | string | `nil` | defaults to healthcheckPath | +| ui.<<.readinessProbe.path | string | `nil` | defaults to healthcheckPath | +| stream.<<.readinessProbe.path | string | `nil` | defaults to healthcheckPath | +| vulndbapi.<<.readinessProbe.path | string | `nil` | defaults to healthcheckPath | +| goaws.<<.readinessProbe.path | string | `nil` | defaults to healthcheckPath | | sqsexporter.<<.readinessProbe.path | string | `nil` | defaults to healthcheckPath | | reportsgenerator.<<.readinessProbe.path | string | `nil` | defaults to healthcheckPath | -| goaws.<<.readinessProbe.path | string | `nil` | defaults to healthcheckPath | -| stream.<<.autoscaling | object | `{"behavior":{},"enabled":false,"maxReplicas":5,"minReplicas":1,"targetCPUUtilizationPercentage":50,"targetMemoryUtilizationPercentage":null}` | autoscaling settings | +| ui.<<.autoscaling | object | `{"behavior":{},"enabled":false,"maxReplicas":5,"minReplicas":1,"targetCPUUtilizationPercentage":50,"targetMemoryUtilizationPercentage":null}` | autoscaling settings | | reportsgenerator.<<.autoscaling | object | `{"behavior":{},"enabled":false,"maxReplicas":5,"minReplicas":1,"targetCPUUtilizationPercentage":50,"targetMemoryUtilizationPercentage":null}` | autoscaling settings | -| metrics.<<.autoscaling | object | `{"behavior":{},"enabled":false,"maxReplicas":5,"minReplicas":1,"targetCPUUtilizationPercentage":50,"targetMemoryUtilizationPercentage":null}` | autoscaling settings | -| sqsexporter.<<.autoscaling | object | `{"behavior":{},"enabled":false,"maxReplicas":5,"minReplicas":1,"targetCPUUtilizationPercentage":50,"targetMemoryUtilizationPercentage":null}` | autoscaling settings | -| persistence.<<.autoscaling | object | `{"behavior":{},"enabled":false,"maxReplicas":5,"minReplicas":1,"targetCPUUtilizationPercentage":50,"targetMemoryUtilizationPercentage":null}` | autoscaling settings | +| api.<<.autoscaling | object | `{"behavior":{},"enabled":false,"maxReplicas":5,"minReplicas":1,"targetCPUUtilizationPercentage":50,"targetMemoryUtilizationPercentage":null}` | autoscaling settings | | anchors.comp.autoscaling | object | `{"behavior":{},"enabled":false,"maxReplicas":5,"minReplicas":1,"targetCPUUtilizationPercentage":50,"targetMemoryUtilizationPercentage":null}` | autoscaling settings | -| insights.<<.autoscaling | object | `{"behavior":{},"enabled":false,"maxReplicas":5,"minReplicas":1,"targetCPUUtilizationPercentage":50,"targetMemoryUtilizationPercentage":null}` | autoscaling settings | -| vulndbapi.<<.autoscaling | object | `{"behavior":{},"enabled":false,"maxReplicas":5,"minReplicas":1,"targetCPUUtilizationPercentage":50,"targetMemoryUtilizationPercentage":null}` | autoscaling settings | -| scanengine.<<.autoscaling | object | `{"behavior":{},"enabled":false,"maxReplicas":5,"minReplicas":1,"targetCPUUtilizationPercentage":50,"targetMemoryUtilizationPercentage":null}` | autoscaling settings | -| results.<<.autoscaling | object | `{"behavior":{},"enabled":false,"maxReplicas":5,"minReplicas":1,"targetCPUUtilizationPercentage":50,"targetMemoryUtilizationPercentage":null}` | autoscaling settings | -| crontinuous.<<.autoscaling | object | `{"behavior":{},"enabled":false,"maxReplicas":5,"minReplicas":1,"targetCPUUtilizationPercentage":50,"targetMemoryUtilizationPercentage":null}` | autoscaling settings | -| ui.<<.autoscaling | object | `{"behavior":{},"enabled":false,"maxReplicas":5,"minReplicas":1,"targetCPUUtilizationPercentage":50,"targetMemoryUtilizationPercentage":null}` | autoscaling settings | +| sqsexporter.<<.autoscaling | object | `{"behavior":{},"enabled":false,"maxReplicas":5,"minReplicas":1,"targetCPUUtilizationPercentage":50,"targetMemoryUtilizationPercentage":null}` | autoscaling settings | | goaws.<<.autoscaling | object | `{"behavior":{},"enabled":false,"maxReplicas":5,"minReplicas":1,"targetCPUUtilizationPercentage":50,"targetMemoryUtilizationPercentage":null}` | autoscaling settings | -| api.<<.autoscaling | object | `{"behavior":{},"enabled":false,"maxReplicas":5,"minReplicas":1,"targetCPUUtilizationPercentage":50,"targetMemoryUtilizationPercentage":null}` | autoscaling settings | +| metrics.<<.autoscaling | object | `{"behavior":{},"enabled":false,"maxReplicas":5,"minReplicas":1,"targetCPUUtilizationPercentage":50,"targetMemoryUtilizationPercentage":null}` | autoscaling settings | | vulndb.<<.autoscaling | object | `{"behavior":{},"enabled":false,"maxReplicas":5,"minReplicas":1,"targetCPUUtilizationPercentage":50,"targetMemoryUtilizationPercentage":null}` | autoscaling settings | -| stream.<<.service | object | `{"port":80,"portName":null,"protocol":"TCP","targetPort":null,"type":"ClusterIP"}` | service settings | -| reportsgenerator.<<.service | object | `{"port":80,"portName":null,"protocol":"TCP","targetPort":null,"type":"ClusterIP"}` | service settings | -| results.<<.service | object | `{"port":80,"portName":null,"protocol":"TCP","targetPort":null,"type":"ClusterIP"}` | service settings | +| crontinuous.<<.autoscaling | object | `{"behavior":{},"enabled":false,"maxReplicas":5,"minReplicas":1,"targetCPUUtilizationPercentage":50,"targetMemoryUtilizationPercentage":null}` | autoscaling settings | +| results.<<.autoscaling | object | `{"behavior":{},"enabled":false,"maxReplicas":5,"minReplicas":1,"targetCPUUtilizationPercentage":50,"targetMemoryUtilizationPercentage":null}` | autoscaling settings | +| persistence.<<.autoscaling | object | `{"behavior":{},"enabled":false,"maxReplicas":5,"minReplicas":1,"targetCPUUtilizationPercentage":50,"targetMemoryUtilizationPercentage":null}` | autoscaling settings | +| scanengine.<<.autoscaling | object | `{"behavior":{},"enabled":false,"maxReplicas":5,"minReplicas":1,"targetCPUUtilizationPercentage":50,"targetMemoryUtilizationPercentage":null}` | autoscaling settings | +| vulndbapi.<<.autoscaling | object | `{"behavior":{},"enabled":false,"maxReplicas":5,"minReplicas":1,"targetCPUUtilizationPercentage":50,"targetMemoryUtilizationPercentage":null}` | autoscaling settings | +| stream.<<.autoscaling | object | `{"behavior":{},"enabled":false,"maxReplicas":5,"minReplicas":1,"targetCPUUtilizationPercentage":50,"targetMemoryUtilizationPercentage":null}` | autoscaling settings | +| insights.<<.autoscaling | object | `{"behavior":{},"enabled":false,"maxReplicas":5,"minReplicas":1,"targetCPUUtilizationPercentage":50,"targetMemoryUtilizationPercentage":null}` | autoscaling settings | +| scanengine.<<.service | object | `{"port":80,"portName":null,"protocol":"TCP","targetPort":null,"type":"ClusterIP"}` | service settings | +| goaws.<<.service | object | `{"port":80,"portName":null,"protocol":"TCP","targetPort":null,"type":"ClusterIP"}` | service settings | | anchors.comp.service | object | `{"port":80,"portName":null,"protocol":"TCP","targetPort":null,"type":"ClusterIP"}` | service settings | | vulndb.<<.service | object | `{"port":80,"portName":null,"protocol":"TCP","targetPort":null,"type":"ClusterIP"}` | service settings | -| persistence.<<.service | object | `{"port":80,"portName":null,"protocol":"TCP","targetPort":null,"type":"ClusterIP"}` | service settings | -| vulndbapi.<<.service | object | `{"port":80,"portName":null,"protocol":"TCP","targetPort":null,"type":"ClusterIP"}` | service settings | -| sqsexporter.<<.service | object | `{"port":80,"portName":null,"protocol":"TCP","targetPort":null,"type":"ClusterIP"}` | service settings | -| metrics.<<.service | object | `{"port":80,"portName":null,"protocol":"TCP","targetPort":null,"type":"ClusterIP"}` | service settings | -| insights.<<.service | object | `{"port":80,"portName":null,"protocol":"TCP","targetPort":null,"type":"ClusterIP"}` | service settings | -| api.<<.service | object | `{"port":80,"portName":null,"protocol":"TCP","targetPort":null,"type":"ClusterIP"}` | service settings | +| results.<<.service | object | `{"port":80,"portName":null,"protocol":"TCP","targetPort":null,"type":"ClusterIP"}` | service settings | | crontinuous.<<.service | object | `{"port":80,"portName":null,"protocol":"TCP","targetPort":null,"type":"ClusterIP"}` | service settings | +| api.<<.service | object | `{"port":80,"portName":null,"protocol":"TCP","targetPort":null,"type":"ClusterIP"}` | service settings | +| metrics.<<.service | object | `{"port":80,"portName":null,"protocol":"TCP","targetPort":null,"type":"ClusterIP"}` | service settings | +| vulndbapi.<<.service | object | `{"port":80,"portName":null,"protocol":"TCP","targetPort":null,"type":"ClusterIP"}` | service settings | | ui.<<.service | object | `{"port":80,"portName":null,"protocol":"TCP","targetPort":null,"type":"ClusterIP"}` | service settings | -| goaws.<<.service | object | `{"port":80,"portName":null,"protocol":"TCP","targetPort":null,"type":"ClusterIP"}` | service settings | -| scanengine.<<.service | object | `{"port":80,"portName":null,"protocol":"TCP","targetPort":null,"type":"ClusterIP"}` | service settings | -| persistence.<<.ingress | object | `{"annotations":{},"enabled":false,"hosts":[],"tls":[]}` | ingress settings | -| metrics.<<.ingress | object | `{"annotations":{},"enabled":false,"hosts":[],"tls":[]}` | ingress settings | -| scanengine.<<.ingress | object | `{"annotations":{},"enabled":false,"hosts":[],"tls":[]}` | ingress settings | -| anchors.comp.ingress | object | `{"annotations":{},"enabled":false,"hosts":[],"tls":[]}` | ingress settings | -| crontinuous.<<.ingress | object | `{"annotations":{},"enabled":false,"hosts":[],"tls":[]}` | ingress settings | -| vulndb.<<.ingress | object | `{"annotations":{},"enabled":false,"hosts":[],"tls":[]}` | ingress settings | -| vulndbapi.<<.ingress | object | `{"annotations":{},"enabled":false,"hosts":[],"tls":[]}` | ingress settings | -| results.<<.ingress | object | `{"annotations":{},"enabled":false,"hosts":[],"tls":[]}` | ingress settings | -| reportsgenerator.<<.ingress | object | `{"annotations":{},"enabled":false,"hosts":[],"tls":[]}` | ingress settings | -| goaws.<<.ingress | object | `{"annotations":{},"enabled":false,"hosts":[],"tls":[]}` | ingress settings | -| ui.<<.ingress | object | `{"annotations":{},"enabled":false,"hosts":[],"tls":[]}` | ingress settings | -| api.<<.ingress | object | `{"annotations":{},"enabled":false,"hosts":[],"tls":[]}` | ingress settings | -| sqsexporter.<<.ingress | object | `{"annotations":{},"enabled":false,"hosts":[],"tls":[]}` | ingress settings | -| insights.<<.ingress | object | `{"annotations":{},"enabled":false,"hosts":[],"tls":[]}` | ingress settings | -| stream.<<.ingress | object | `{"annotations":{},"enabled":false,"hosts":[],"tls":[]}` | ingress settings | +| reportsgenerator.<<.service | object | `{"port":80,"portName":null,"protocol":"TCP","targetPort":null,"type":"ClusterIP"}` | service settings | +| stream.<<.service | object | `{"port":80,"portName":null,"protocol":"TCP","targetPort":null,"type":"ClusterIP"}` | service settings | +| insights.<<.service | object | `{"port":80,"portName":null,"protocol":"TCP","targetPort":null,"type":"ClusterIP"}` | service settings | +| persistence.<<.service | object | `{"port":80,"portName":null,"protocol":"TCP","targetPort":null,"type":"ClusterIP"}` | service settings | +| sqsexporter.<<.service | object | `{"port":80,"portName":null,"protocol":"TCP","targetPort":null,"type":"ClusterIP"}` | service settings | +| goaws.<<.ingress.enabled | bool | `false` | | +| scanengine.<<.ingress.enabled | bool | `false` | | +| sqsexporter.<<.ingress.enabled | bool | `false` | | +| api.ingress.<<.enabled | bool | `false` | | +| persistence.<<.ingress.enabled | bool | `false` | | +| vulndbapi.<<.ingress.enabled | bool | `false` | | +| insights.<<.ingress.enabled | bool | `false` | | +| reportsgenerator.<<.ingress.enabled | bool | `false` | | +| metrics.<<.ingress.enabled | bool | `false` | | +| results.<<.ingress.enabled | bool | `false` | | +| api.<<.ingress.enabled | bool | `false` | | +| ui.<<.ingress.enabled | bool | `false` | | +| vulndb.<<.ingress.enabled | bool | `false` | | +| crontinuous.<<.ingress.enabled | bool | `false` | | +| ui.ingress.<<.enabled | bool | `false` | | +| stream.<<.ingress.enabled | bool | `false` | | +| goaws.<<.ingress.pathType | string | `"ImplementationSpecific"` | | +| vulndb.<<.ingress.pathType | string | `"ImplementationSpecific"` | | +| insights.<<.ingress.pathType | string | `"ImplementationSpecific"` | | +| scanengine.<<.ingress.pathType | string | `"ImplementationSpecific"` | | +| api.ingress.<<.pathType | string | `"ImplementationSpecific"` | | +| vulndbapi.<<.ingress.pathType | string | `"ImplementationSpecific"` | | +| reportsgenerator.<<.ingress.pathType | string | `"ImplementationSpecific"` | | +| persistence.<<.ingress.pathType | string | `"ImplementationSpecific"` | | +| sqsexporter.<<.ingress.pathType | string | `"ImplementationSpecific"` | | +| metrics.<<.ingress.pathType | string | `"ImplementationSpecific"` | | +| stream.<<.ingress.pathType | string | `"ImplementationSpecific"` | | +| api.<<.ingress.pathType | string | `"ImplementationSpecific"` | | +| ui.<<.ingress.pathType | string | `"ImplementationSpecific"` | | +| crontinuous.<<.ingress.pathType | string | `"ImplementationSpecific"` | | +| results.<<.ingress.pathType | string | `"ImplementationSpecific"` | | +| ui.ingress.<<.pathType | string | `"ImplementationSpecific"` | | +| insights.<<.ingress.hostname | string | `nil` | | +| stream.<<.ingress.hostname | string | `nil` | | +| api.ingress.<<.hostname | string | `nil` | | +| sqsexporter.<<.ingress.hostname | string | `nil` | | +| ui.<<.ingress.hostname | string | `nil` | | +| api.<<.ingress.hostname | string | `nil` | | +| vulndb.<<.ingress.hostname | string | `nil` | | +| results.<<.ingress.hostname | string | `nil` | | +| metrics.<<.ingress.hostname | string | `nil` | | +| ui.ingress.<<.hostname | string | `nil` | | +| persistence.<<.ingress.hostname | string | `nil` | | +| reportsgenerator.<<.ingress.hostname | string | `nil` | | +| goaws.<<.ingress.hostname | string | `nil` | | +| crontinuous.<<.ingress.hostname | string | `nil` | | +| vulndbapi.<<.ingress.hostname | string | `nil` | | +| scanengine.<<.ingress.hostname | string | `nil` | | +| goaws.<<.ingress.path | string | `"/"` | | +| stream.<<.ingress.path | string | `"/"` | | +| vulndb.<<.ingress.path | string | `"/"` | | +| ui.<<.ingress.path | string | `"/"` | | +| ui.ingress.<<.path | string | `"/"` | | +| results.<<.ingress.path | string | `"/"` | | +| metrics.<<.ingress.path | string | `"/"` | | +| scanengine.<<.ingress.path | string | `"/"` | | +| sqsexporter.<<.ingress.path | string | `"/"` | | +| persistence.<<.ingress.path | string | `"/"` | | +| api.ingress.<<.path | string | `"/"` | | +| crontinuous.<<.ingress.path | string | `"/"` | | +| reportsgenerator.<<.ingress.path | string | `"/"` | | +| vulndbapi.<<.ingress.path | string | `"/"` | | +| insights.<<.ingress.path | string | `"/"` | | +| api.<<.ingress.path | string | `"/"` | | +| sqsexporter.<<.ingress.annotations | object | `{}` | | +| stream.<<.ingress.annotations | object | `{}` | | +| metrics.<<.ingress.annotations | object | `{}` | | +| api.<<.ingress.annotations | object | `{}` | | +| vulndbapi.<<.ingress.annotations | object | `{}` | | +| scanengine.<<.ingress.annotations | object | `{}` | | +| persistence.<<.ingress.annotations | object | `{}` | | +| crontinuous.<<.ingress.annotations | object | `{}` | | +| results.<<.ingress.annotations | object | `{}` | | +| vulndb.<<.ingress.annotations | object | `{}` | | +| reportsgenerator.<<.ingress.annotations | object | `{}` | | +| ui.ingress.<<.annotations | object | `{}` | | +| api.ingress.<<.annotations | object | `{}` | | +| goaws.<<.ingress.annotations | object | `{}` | | +| ui.<<.ingress.annotations | object | `{}` | | +| insights.<<.ingress.annotations | object | `{}` | | +| insights.<<.ingress.tls | bool | `false` | | +| vulndbapi.<<.ingress.tls | bool | `false` | | +| sqsexporter.<<.ingress.tls | bool | `false` | | +| crontinuous.<<.ingress.tls | bool | `false` | | +| metrics.<<.ingress.tls | bool | `false` | | +| api.<<.ingress.tls | bool | `false` | | +| goaws.<<.ingress.tls | bool | `false` | | +| ui.<<.ingress.tls | bool | `false` | | +| scanengine.<<.ingress.tls | bool | `false` | | +| ui.ingress.<<.tls | bool | `false` | | +| vulndb.<<.ingress.tls | bool | `false` | | +| stream.<<.ingress.tls | bool | `false` | | +| results.<<.ingress.tls | bool | `false` | | +| api.ingress.<<.tls | bool | `false` | | +| reportsgenerator.<<.ingress.tls | bool | `false` | | +| persistence.<<.ingress.tls | bool | `false` | | +| persistence.<<.ingress.secretName | string | `nil` | | +| api.ingress.<<.secretName | string | `nil` | | +| reportsgenerator.<<.ingress.secretName | string | `nil` | | +| stream.<<.ingress.secretName | string | `nil` | | +| results.<<.ingress.secretName | string | `nil` | | +| insights.<<.ingress.secretName | string | `nil` | | +| sqsexporter.<<.ingress.secretName | string | `nil` | | +| ui.ingress.<<.secretName | string | `nil` | | +| metrics.<<.ingress.secretName | string | `nil` | | +| crontinuous.<<.ingress.secretName | string | `nil` | | +| scanengine.<<.ingress.secretName | string | `nil` | | +| vulndbapi.<<.ingress.secretName | string | `nil` | | +| ui.<<.ingress.secretName | string | `nil` | | +| api.<<.ingress.secretName | string | `nil` | | +| goaws.<<.ingress.secretName | string | `nil` | | +| vulndb.<<.ingress.secretName | string | `nil` | | +| ui.ingress.<<.extraHosts | list | `[]` | | +| insights.<<.ingress.extraHosts | list | `[]` | | +| persistence.<<.ingress.extraHosts | list | `[]` | | +| api.<<.ingress.extraHosts | list | `[]` | | +| api.ingress.<<.extraHosts | list | `[]` | | +| stream.<<.ingress.extraHosts | list | `[]` | | +| results.<<.ingress.extraHosts | list | `[]` | | +| vulndbapi.<<.ingress.extraHosts | list | `[]` | | +| reportsgenerator.<<.ingress.extraHosts | list | `[]` | | +| metrics.<<.ingress.extraHosts | list | `[]` | | +| vulndb.<<.ingress.extraHosts | list | `[]` | | +| scanengine.<<.ingress.extraHosts | list | `[]` | | +| sqsexporter.<<.ingress.extraHosts | list | `[]` | | +| crontinuous.<<.ingress.extraHosts | list | `[]` | | +| goaws.<<.ingress.extraHosts | list | `[]` | | +| ui.<<.ingress.extraHosts | list | `[]` | | +| vulndbapi.<<.ingress.extraPaths | list | `[]` | | +| scanengine.<<.ingress.extraPaths | list | `[]` | | +| vulndb.<<.ingress.extraPaths | list | `[]` | | +| stream.<<.ingress.extraPaths | list | `[]` | | +| metrics.<<.ingress.extraPaths | list | `[]` | | +| reportsgenerator.<<.ingress.extraPaths | list | `[]` | | +| results.<<.ingress.extraPaths | list | `[]` | | +| ui.<<.ingress.extraPaths | list | `[]` | | +| crontinuous.<<.ingress.extraPaths | list | `[]` | | +| api.<<.ingress.extraPaths | list | `[]` | | +| insights.<<.ingress.extraPaths | list | `[]` | | +| api.ingress.<<.extraPaths | list | `[]` | | +| ui.ingress.<<.extraPaths | list | `[]` | | +| persistence.<<.ingress.extraPaths | list | `[]` | | +| goaws.<<.ingress.extraPaths | list | `[]` | | +| sqsexporter.<<.ingress.extraPaths | list | `[]` | | +| scanengine.<<.ingress.extraRules | list | `[]` | | +| api.ingress.<<.extraRules | list | `[]` | | +| reportsgenerator.<<.ingress.extraRules | list | `[]` | | +| ui.<<.ingress.extraRules | list | `[]` | | +| metrics.<<.ingress.extraRules | list | `[]` | | +| ui.ingress.<<.extraRules | list | `[]` | | +| api.<<.ingress.extraRules | list | `[]` | | +| vulndb.<<.ingress.extraRules | list | `[]` | | +| crontinuous.<<.ingress.extraRules | list | `[]` | | +| sqsexporter.<<.ingress.extraRules | list | `[]` | | +| stream.<<.ingress.extraRules | list | `[]` | | +| insights.<<.ingress.extraRules | list | `[]` | | +| vulndbapi.<<.ingress.extraRules | list | `[]` | | +| persistence.<<.ingress.extraRules | list | `[]` | | +| goaws.<<.ingress.extraRules | list | `[]` | | +| results.<<.ingress.extraRules | list | `[]` | | +| crontinuous.<<.ingress.extraTls | list | `[]` | | +| results.<<.ingress.extraTls | list | `[]` | | +| api.ingress.<<.extraTls | list | `[]` | | +| reportsgenerator.<<.ingress.extraTls | list | `[]` | | +| insights.<<.ingress.extraTls | list | `[]` | | +| ui.<<.ingress.extraTls | list | `[]` | | +| scanengine.<<.ingress.extraTls | list | `[]` | | +| vulndbapi.<<.ingress.extraTls | list | `[]` | | +| ui.ingress.<<.extraTls | list | `[]` | | +| api.<<.ingress.extraTls | list | `[]` | | +| metrics.<<.ingress.extraTls | list | `[]` | | +| vulndb.<<.ingress.extraTls | list | `[]` | | +| stream.<<.ingress.extraTls | list | `[]` | | +| sqsexporter.<<.ingress.extraTls | list | `[]` | | +| goaws.<<.ingress.extraTls | list | `[]` | | +| persistence.<<.ingress.extraTls | list | `[]` | | +| insights.<<.ingress.ingressClassName | string | `""` | | +| reportsgenerator.<<.ingress.ingressClassName | string | `""` | | +| vulndbapi.<<.ingress.ingressClassName | string | `""` | | +| metrics.<<.ingress.ingressClassName | string | `""` | | +| api.<<.ingress.ingressClassName | string | `""` | | +| stream.<<.ingress.ingressClassName | string | `""` | | +| ui.ingress.<<.ingressClassName | string | `""` | | +| crontinuous.<<.ingress.ingressClassName | string | `""` | | +| ui.<<.ingress.ingressClassName | string | `""` | | +| vulndb.<<.ingress.ingressClassName | string | `""` | | +| results.<<.ingress.ingressClassName | string | `""` | | +| api.ingress.<<.ingressClassName | string | `""` | | +| goaws.<<.ingress.ingressClassName | string | `""` | | +| persistence.<<.ingress.ingressClassName | string | `""` | | +| sqsexporter.<<.ingress.ingressClassName | string | `""` | | +| scanengine.<<.ingress.ingressClassName | string | `""` | | | persistence.<<.resources | object | `{}` | | | goaws.<<.resources | object | `{}` | | +| crontinuous.<<.resources | object | `{}` | | | ui.<<.resources | object | `{}` | | -| results.<<.resources | object | `{}` | | -| reportsgenerator.<<.resources | object | `{}` | | -| vulndb.<<.resources | object | `{}` | | | sqsexporter.<<.resources | object | `{}` | | +| vulndbapi.<<.resources | object | `{}` | | +| reportsgenerator.<<.resources | object | `{}` | | +| stream.<<.resources | object | `{}` | | +| results.<<.resources | object | `{}` | | | insights.<<.resources | object | `{}` | | | scanengine.<<.resources | object | `{}` | | -| vulndbapi.<<.resources | object | `{}` | | +| vulndb.<<.resources | object | `{}` | | | api.<<.resources | object | `{}` | | | metrics.<<.resources | object | `{}` | | -| stream.<<.resources | object | `{}` | | -| crontinuous.<<.resources | object | `{}` | | | sqsexporter.<<.nodeSelector | object | `{}` | | -| goaws.<<.nodeSelector | object | `{}` | | -| metrics.<<.nodeSelector | object | `{}` | | -| vulndb.<<.nodeSelector | object | `{}` | | -| stream.<<.nodeSelector | object | `{}` | | +| ui.<<.nodeSelector | object | `{}` | | | reportsgenerator.<<.nodeSelector | object | `{}` | | -| vulndbapi.<<.nodeSelector | object | `{}` | | -| results.<<.nodeSelector | object | `{}` | | | persistence.<<.nodeSelector | object | `{}` | | | insights.<<.nodeSelector | object | `{}` | | -| crontinuous.<<.nodeSelector | object | `{}` | | +| stream.<<.nodeSelector | object | `{}` | | +| vulndb.<<.nodeSelector | object | `{}` | | +| goaws.<<.nodeSelector | object | `{}` | | | scanengine.<<.nodeSelector | object | `{}` | | +| crontinuous.<<.nodeSelector | object | `{}` | | | api.<<.nodeSelector | object | `{}` | | -| ui.<<.nodeSelector | object | `{}` | | +| metrics.<<.nodeSelector | object | `{}` | | +| vulndbapi.<<.nodeSelector | object | `{}` | | +| results.<<.nodeSelector | object | `{}` | | +| scanengine.<<.tolerations | list | `[]` | | +| api.<<.tolerations | list | `[]` | | +| vulndbapi.<<.tolerations | list | `[]` | | | sqsexporter.<<.tolerations | list | `[]` | | | insights.<<.tolerations | list | `[]` | | -| scanengine.<<.tolerations | list | `[]` | | -| reportsgenerator.<<.tolerations | list | `[]` | | | metrics.<<.tolerations | list | `[]` | | -| crontinuous.<<.tolerations | list | `[]` | | -| vulndbapi.<<.tolerations | list | `[]` | | -| vulndb.<<.tolerations | list | `[]` | | -| stream.<<.tolerations | list | `[]` | | -| persistence.<<.tolerations | list | `[]` | | | results.<<.tolerations | list | `[]` | | -| api.<<.tolerations | list | `[]` | | | ui.<<.tolerations | list | `[]` | | +| stream.<<.tolerations | list | `[]` | | +| vulndb.<<.tolerations | list | `[]` | | | goaws.<<.tolerations | list | `[]` | | -| vulndbapi.<<.affinity | object | `{}` | | +| crontinuous.<<.tolerations | list | `[]` | | +| persistence.<<.tolerations | list | `[]` | | +| reportsgenerator.<<.tolerations | list | `[]` | | | vulndb.<<.affinity | object | `{}` | | -| api.<<.affinity | object | `{}` | | -| ui.<<.affinity | object | `{}` | | +| scanengine.<<.affinity | object | `{}` | | | persistence.<<.affinity | object | `{}` | | -| metrics.<<.affinity | object | `{}` | | +| crontinuous.<<.affinity | object | `{}` | | | results.<<.affinity | object | `{}` | | -| insights.<<.affinity | object | `{}` | | +| goaws.<<.affinity | object | `{}` | | +| metrics.<<.affinity | object | `{}` | | | stream.<<.affinity | object | `{}` | | -| crontinuous.<<.affinity | object | `{}` | | +| insights.<<.affinity | object | `{}` | | +| api.<<.affinity | object | `{}` | | +| vulndbapi.<<.affinity | object | `{}` | | | reportsgenerator.<<.affinity | object | `{}` | | -| scanengine.<<.affinity | object | `{}` | | | sqsexporter.<<.affinity | object | `{}` | | -| goaws.<<.affinity | object | `{}` | | +| ui.<<.affinity | object | `{}` | | | waitfordb.image.repository | string | `"busybox"` | | | waitfordb.image.tag | string | `"1.35.0"` | | | postgresql.enabled | bool | `false` | | @@ -432,7 +609,7 @@ A Helm chart for deploying Vulcan | results.conf.region | string | `nil` | | | results.conf.bucketReports | string | `"reports"` | | | results.conf.bucketLogs | string | `"logs"` | | -| results.conf.linkBase | string | `"http://vulcan-results"` | | +| results.conf.linkBase | string | `nil` | | | results.healthcheckPath | string | `"/healthcheck"` | | | results.meta.s3 | bool | `true` | | | persistence.enabled | bool | `true` | | @@ -486,7 +663,7 @@ A Helm chart for deploying Vulcan | api.conf.saml.metadata | string | `"https://okta/app/TBD/sso/saml/metadata"` | | | api.conf.saml.issuer | string | `"http://okta/TBD"` | | | api.conf.saml.callback | string | `nil` | | -| api.conf.saml.trustedDomains | string | `"[]"` | | +| api.conf.saml.trustedDomains | string | `nil` | | | api.conf.logLevel | string | `"INFO"` | | | api.conf.defaultOwners | string | `"[]"` | | | api.conf.vulndbapiUrl | string | `nil` | | @@ -505,6 +682,7 @@ A Helm chart for deploying Vulcan | api.conf.kafka.username | string | `nil` | | | api.conf.kafka.password | string | `nil` | | | api.conf.kafka.topics | string | `nil` | | +| api.ingress.subdomain | string | `"www"` | | | api.ingress.path | string | `"/api"` | | | crontinuous.enabled | bool | `true` | | | crontinuous.name | string | `"crontinuous"` | | @@ -557,6 +735,8 @@ A Helm chart for deploying Vulcan | ui.conf.contact.email | string | `"vulcan@example.com"` | | | ui.conf.contact.slack | string | `"https://example.slack.com/archives/XXXXX"` | | | ui.conf.dashboard.link | string | `nil` | if not set redirects to UI's dashboard.html | +| ui.ingress.subdomain | string | `"www"` | | +| ui.ingress.path | string | `"/"` | | | insights.enabled | bool | `true` | | | insights.name | string | `"insights"` | | | insights.image.repository | string | `"pottava/s3-proxy"` | | @@ -637,7 +817,7 @@ A Helm chart for deploying Vulcan | vulndbapi.image.pullPolicy | string | `"Always"` | | | vulndbapi.healthcheckPath | string | `"/healthcheck"` | | | vulndbapi.conf.logLevel | string | `"info"` | | -| vulndbapi.conf.readReplicaHost | string | `""` | | +| vulndbapi.conf.readReplicaHost | string | `nil` | | | vulndbapi.db | object | `{"<<":{"ca":null,"host":null,"name":null,"password":"TBD","port":5432,"sslMode":"disable","user":null},"name":"vulnerabilitydb"}` | postgres database settings | | vulndb.enabled | bool | `true` | | | vulndb.name | string | `"vulndb"` | | @@ -650,7 +830,7 @@ A Helm chart for deploying Vulcan | vulndb.conf.sqsNumProcessors | string | `nil` | | | vulndb.conf.vulnsTopicEnabled | bool | `true` | | | vulndb.conf.maxEventAge | int | `365` | | -| vulndb.conf.resultsUrl | string | `"http://vulcan-results.vulcan.com"` | | +| vulndb.conf.resultsUrl | string | `nil` | | | vulndb.conf.resultsInternalUrl | string | `nil` | | | vulndb.conf.kafka.enabled | bool | `false` | | | vulndb.conf.kafka.username | string | `nil` | | @@ -661,6 +841,7 @@ A Helm chart for deploying Vulcan | vulndb.meta.sqs | bool | `true` | | | vulndb.meta.sns | bool | `true` | | | vulndb.db | object | `{"<<":{"ca":null,"host":null,"name":null,"password":"TBD","port":5432,"sslMode":"disable","user":null},"name":"vulnerabilitydb"}` | postgres database settings | +| vulndb.ingress.enabled | bool | `false` | | | sqsexporter.enabled | bool | `true` | | | sqsexporter.name | string | `"sqsexporter"` | | | sqsexporter.image.repository | string | `"jesusfcr/sqs-prometheus-exporter"` | | diff --git a/stable/vulcan/templates/_common.tpl b/stable/vulcan/templates/_common.tpl index 8ba3ea64..347984a0 100644 --- a/stable/vulcan/templates/_common.tpl +++ b/stable/vulcan/templates/_common.tpl @@ -19,7 +19,9 @@ securityContext: {{- toYaml . | nindent 2 }} {{- end }} image: "{{ .Values.comp.image.repository }}:{{ .Values.comp.image.tag }}" -imagePullPolicy: {{ .Values.comp.image.pullPolicy }} +{{- with .Values.comp.image.pullPolicy }} +imagePullPolicy: {{ . }} +{{- end -}} {{- with .Values.comp.lifecycle }} {{- if or .preStopCommand .preStopSleep }} lifecycle: diff --git a/stable/vulcan/templates/_configmap.tpl b/stable/vulcan/templates/_configmap.tpl index 87b2ecd4..1650d9ba 100644 --- a/stable/vulcan/templates/_configmap.tpl +++ b/stable/vulcan/templates/_configmap.tpl @@ -6,7 +6,7 @@ Creates an standard ConfigMap with the content of .Args.template template and an apiVersion: v1 kind: ConfigMap metadata: - name: {{ template "vulcan.fullname" . }}-{{ .Values.comp.name }}{{ .Args.suffix | default "" }} + name: {{ include "comp.fullname" . }}{{ .Args.suffix | default "" }} labels: {{- include "vulcan.labels" . | nindent 4 }} app.kubernetes.io/name: {{ .Values.comp.name }} data: diff --git a/stable/vulcan/templates/_helpers.tpl b/stable/vulcan/templates/_helpers.tpl index 90904aa4..9deeb639 100644 --- a/stable/vulcan/templates/_helpers.tpl +++ b/stable/vulcan/templates/_helpers.tpl @@ -62,6 +62,50 @@ Pod labels {{- end }} {{- end -}} +{{- define "ingress.endpoint" -}} +{{- printf "%s://%s/" (ternary .Values.comp.ingress.tls "http" "https") (include "ingress.hostname" .) -}} +{{- end -}} + +{{- define "ingress.hostname" -}} +{{- .Values.comp.ingress.hostname | default (printf "%s.%s" (default .Values.comp.name .Values.comp.ingress.subdomain) .Values.global.domain) -}} +{{- end -}} + +{{- define "api.hostname" -}} +{{- .Values.api.ingress.hostname | default (printf "%s.%s" (default .Values.api.name .Values.api.ingress.subdomain) .Values.global.domain) -}} +{{- end -}} + +{{- define "api.endpoint" -}} +{{- printf "%s://%s" (ternary "https" "http" .Values.api.ingress.tls) (include "api.hostname" .) -}} +{{- end -}} + +{{- define "insights.hostname" -}} +{{- .Values.insights.ingress.hostname | default (printf "%s.%s" (default .Values.insights.name .Values.insights.ingress.subdomain) .Values.global.domain) -}} +{{- end -}} + +{{- define "insights.endpoint" -}} +{{- printf "%s://%s" (ternary "https" "http" .Values.insights.ingress.tls) (include "insights.hostname" .) -}} +{{- end -}} + +{{- define "results.hostname" -}} +{{- .Values.results.ingress.hostname | default (printf "%s.%s" (default .Values.results.name .Values.results.ingress.subdomain) .Values.global.domain) -}} +{{- end -}} + +{{- define "results.endpoint" -}} +{{- printf "%s://%s" (ternary "https" "http" .Values.results.ingress.tls) (include "results.hostname" .) -}} +{{- end -}} + +{{- define "ui.hostname" -}} +{{- .Values.ui.ingress.hostname | default (printf "%s.%s" (default .Values.ui.name .Values.ui.ingress.subdomain) .Values.global.domain) -}} +{{- end -}} + +{{- define "ui.endpoint" -}} +{{- printf "%s://%s" (ternary "https" "http" .Values.ui.ingress.tls) (include "ui.hostname" .) -}} +{{- end -}} + +{{- define "comp.fullname" -}} +{{- printf "%s-%s" (include "vulcan.fullname" .) .Values.comp.name -}} +{{- end -}} + {{- define "api.fullname" -}} {{- printf "%s-%s" (include "vulcan.fullname" .) .Values.api.name -}} {{- end -}} @@ -274,3 +318,12 @@ Pod labels {{- define "vulcan.redis.url" -}} {{- printf "%s:%s" (include "vulcan.redis.host" .) (include "vulcan.redis.port" .) -}} {{- end -}} + +{{/* +Converts toJson only if slice/map input. +This is used to allow backward compatibility with json values encoded as string (i.e. '["a","b"]') +This support will be deprecated anytime soon. +*/}} +{{- define "safeToJson" -}} +{{- ternary (toJson .) . (any (kindIs "slice" .) (kindIs "map" .)) -}} +{{- end -}} \ No newline at end of file diff --git a/stable/vulcan/templates/_hpa.yaml b/stable/vulcan/templates/_hpa.yaml index 7e659abd..84e34324 100644 --- a/stable/vulcan/templates/_hpa.yaml +++ b/stable/vulcan/templates/_hpa.yaml @@ -10,14 +10,14 @@ apiVersion: autoscaling/v2 {{- end }} kind: HorizontalPodAutoscaler metadata: - name: {{ template "vulcan.fullname" . }}-{{ .Values.comp.name }} + name: {{ include "comp.fullname" . }} labels: {{- include "vulcan.labels" . | nindent 4 }} app.kubernetes.io/name: {{ .Values.comp.name }} spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment - name: {{ template "vulcan.fullname" . }}-{{ .Values.comp.name }} + name: {{ include "comp.fullname" . }} minReplicas: {{ .Values.comp.autoscaling.minReplicas }} maxReplicas: {{ .Values.comp.autoscaling.maxReplicas }} {{- if semverCompare ">=1.23-0" (include "common.capabilities.kubeVersion" .) }} diff --git a/stable/vulcan/templates/_ingress.yaml b/stable/vulcan/templates/_ingress.yaml index e6d5c0da..bb61b1e8 100644 --- a/stable/vulcan/templates/_ingress.yaml +++ b/stable/vulcan/templates/_ingress.yaml @@ -3,81 +3,59 @@ Override names */}} {{- define "common-ingress" -}} {{- if and .Values.comp.enabled .Values.comp.ingress.enabled -}} -{{- $fullName := printf "%s-%s" (include "vulcan.fullname" . ) .Values.comp.name -}} -{{- $svcPort := .Values.comp.service.port -}} -{{- if and .Values.comp.ingress.className (not (semverCompare ">=1.18-0" (include "common.capabilities.kubeVersion" .))) }} - {{- if not (hasKey .Values.comp.ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .Values.comp.ingress.annotations "kubernetes.io/ingress.class" .Values.comp.ingress.className}} - {{- end }} -{{- end }} -{{- if semverCompare ">=1.19-0" (include "common.capabilities.kubeVersion" .) -}} apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" (include "common.capabilities.kubeVersion" .) -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} kind: Ingress metadata: - name: {{ $fullName }} + name: {{ include "comp.fullname" . }} labels: {{- include "vulcan.labels" . | nindent 4 }} app.kubernetes.io/name: {{ .Values.comp.name }} - {{- with .Values.comp.ingress.annotations }} + {{- if .Values.comp.ingress.annotations }} annotations: - {{- toYaml . | nindent 4 }} + {{- tpl (toYaml .Values.comp.ingress.annotations) . | nindent 4 }} {{- end }} spec: - {{- if and .Values.comp.ingress.className (semverCompare ">=1.18-0" (include "common.capabilities.kubeVersion" .)) }} - ingressClassName: {{ .Values.comp.ingress.className }} - {{- end }} - {{- if .Values.comp.ingress.tls }} - tls: - {{- range .Values.comp.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} + {{- if .Values.comp.ingress.className }} + ingressClassName: {{ .Values.comp.ingress.className | quote }} {{- end }} rules: - {{- range .Values.comp.ingress.hosts }} - - host: {{ .host | quote }} + - host: {{ include "ingress.hostname" . }} http: paths: - {{- range .paths }} - {{- if kindIs "string" . }} - - path: {{ . }} - {{- if semverCompare ">=1.18-0" (include "common.capabilities.kubeVersion" $) }} - pathType: ImplementationSpecific - {{- end }} + {{- if .Values.comp.ingress.extraPaths }} + {{- toYaml .Values.comp.ingress.extraPaths | nindent 10 }} + {{- end }} + - path: {{ .Values.comp.ingress.path | default "/" }} + pathType: {{ .Values.comp.ingress.pathType | default "ImplementationSpecific" }} backend: - {{- if semverCompare ">=1.19-0" (include "common.capabilities.kubeVersion" $) }} service: - name: {{ $fullName }} + name: {{ include "comp.fullname" . }} port: - number: {{ $svcPort }} - {{- else }} - serviceName: {{ $fullName }} - servicePort: {{ $svcPort }} - {{- end }} - {{- else }} - - path: {{ .path }} - {{- if and .pathType (semverCompare ">=1.18-0" (include "common.capabilities.kubeVersion" $)) }} - pathType: {{ .pathType }} - {{- end }} + number: {{ .Values.comp.service.port }} + {{- range .Values.comp.ingress.extraHosts }} + - host: {{ tpl .name $ | quote }} + http: + paths: + - path: {{ default "/" .path }} + pathType: {{ default "ImplementationSpecific" .pathType }} backend: - {{- if semverCompare ">=1.19-0" (include "common.capabilities.kubeVersion" $) }} service: - name: {{ $fullName }} + name: {{ include "comp.fullname" $ }} port: - number: {{ $svcPort }} - {{- else }} - serviceName: {{ $fullName }} - servicePort: {{ $svcPort }} - {{- end }} - {{- end }} - {{- end }} + number: {{ $.Values.comp.service.port }} + {{- end }} + {{- if .Values.comp.ingress.extraRules }} + {{- tpl (toYaml .Values.comp.ingress.extraRules) . | nindent 4 }} + {{- end }} + {{- if or .Values.comp.ingress.tls .Values.comp.ingress.extraTls }} + tls: + {{- if .Values.comp.ingress.tls }} + - hosts: + - {{ include "ingress.hostname" . }} + secretName: {{ .Values.comp.ingress.secretName | default (printf "%s-tls" (include "comp.fullname" . )) }} + {{- end }} + {{- if .Values.comp.ingress.extraTls }} + {{- tpl (toYaml .Values.comp.ingress.extraTls) . | nindent 4 }} {{- end }} {{- end }} {{- end -}} +{{- end -}} diff --git a/stable/vulcan/templates/_proxy.tpl b/stable/vulcan/templates/_proxy.tpl index e4d04760..605c0946 100644 --- a/stable/vulcan/templates/_proxy.tpl +++ b/stable/vulcan/templates/_proxy.tpl @@ -14,7 +14,7 @@ prometheus.io/port: '{{ .Values.comp.proxy.metricsPort | default 9101 }}' apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "vulcan.fullname" . }}-{{ .Values.comp.name }}-proxy + name: {{ include "comp.fullname" . }}-proxy labels: {{- include "vulcan.labels" . | nindent 4 }} app.kubernetes.io/name: {{ .Values.comp.name }} data: @@ -116,6 +116,6 @@ haproxy.cfg: | {{- if .Values.comp.proxy.enabled -}} - name: config-proxy configMap: - name: {{ include "vulcan.fullname" . }}-{{ .Values.comp.name }}-proxy + name: {{ include "comp.fullname" . }}-proxy {{- end -}} {{- end -}} diff --git a/stable/vulcan/templates/_secret.tpl b/stable/vulcan/templates/_secret.tpl index ac34c396..8ae4f82c 100644 --- a/stable/vulcan/templates/_secret.tpl +++ b/stable/vulcan/templates/_secret.tpl @@ -6,7 +6,7 @@ Creates an standard Secret with the content of .Args.template template and an op apiVersion: v1 kind: Secret metadata: - name: {{ template "vulcan.fullname" . }}-{{ .Values.comp.name }}{{ .Args.suffix | default "" }} + name: {{ include "comp.fullname" . }}{{ .Args.suffix | default "" }} labels: {{- include "vulcan.labels" . | nindent 4 }} app.kubernetes.io/name: {{ .Values.comp.name }} type: Opaque diff --git a/stable/vulcan/templates/_service.yaml b/stable/vulcan/templates/_service.yaml index 8892f1c5..c78fdb8a 100644 --- a/stable/vulcan/templates/_service.yaml +++ b/stable/vulcan/templates/_service.yaml @@ -6,7 +6,7 @@ Override names apiVersion: v1 kind: Service metadata: - name: {{ template "vulcan.fullname" . }}-{{ .Values.comp.name }} + name: {{ include "comp.fullname" . }} labels: {{- include "vulcan.labels" . | nindent 4 }} app.kubernetes.io/name: {{ .Values.comp.name }} spec: diff --git a/stable/vulcan/templates/api/deployment.yaml b/stable/vulcan/templates/api/deployment.yaml index 5b58399c..077deb34 100644 --- a/stable/vulcan/templates/api/deployment.yaml +++ b/stable/vulcan/templates/api/deployment.yaml @@ -5,7 +5,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "api.fullname" . }} + name: {{ include "comp.fullname" . }} labels: {{- include "vulcan.labels" . | nindent 4 }} app.kubernetes.io/name: {{ .Values.comp.name }} spec: @@ -53,9 +53,9 @@ spec: - name: SAML_ISSUER value: {{ .Values.comp.conf.saml.issuer | quote }} - name: SAML_CALLBACK - value: {{ .Values.comp.conf.saml.callback | quote }} + value: {{ .Values.comp.conf.saml.callback | default ( printf "%s/api/v1/login/callback" (include "api.endpoint" .) ) quote }} - name: SAML_TRUSTED_DOMAINS - value: {{ .Values.comp.conf.saml.trustedDomains | quote }} + value: {{ .Values.comp.conf.saml.trustedDomains | default (list (include "ui.hostname" .)) | toJson | quote }} - name: DEFAULT_OWNERS value: {{ .Values.comp.conf.defaultOwners | quote }} - name: SCANENGINE_URL @@ -107,7 +107,7 @@ spec: {{- include "common-container-envs" . | nindent 10 }} envFrom: - secretRef: - name: {{ include "api.fullname" . }} + name: {{ include "comp.fullname" . }} ports: - name: {{ include "common-appPortName" . }} containerPort: {{ .Values.comp.containerPort }} diff --git a/stable/vulcan/templates/crontinuous/deployment.yaml b/stable/vulcan/templates/crontinuous/deployment.yaml index 0fdbe136..edbff0e1 100644 --- a/stable/vulcan/templates/crontinuous/deployment.yaml +++ b/stable/vulcan/templates/crontinuous/deployment.yaml @@ -5,7 +5,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "crontinuous.fullname" . }} + name: {{ include "comp.fullname" . }} labels: {{- include "vulcan.labels" . | nindent 4 }} app.kubernetes.io/name: {{ .Values.comp.name }} spec: @@ -49,7 +49,7 @@ spec: {{- include "common-container-envs" . | nindent 10 }} envFrom: - secretRef: - name: {{ include "crontinuous.fullname" . }} + name: {{ include "comp.fullname" . }} ports: - name: {{ include "common-appPortName" . }} containerPort: {{ .Values.comp.containerPort }} diff --git a/stable/vulcan/templates/goaws/deployment.yaml b/stable/vulcan/templates/goaws/deployment.yaml index 59f910e1..d040c8a2 100644 --- a/stable/vulcan/templates/goaws/deployment.yaml +++ b/stable/vulcan/templates/goaws/deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "goaws.fullname" . }} + name: {{ include "comp.fullname" . }} labels: {{- include "vulcan.labels" . | nindent 4 }} app.kubernetes.io/name: {{ .Values.comp.name }} spec: diff --git a/stable/vulcan/templates/insights/deployment.yaml b/stable/vulcan/templates/insights/deployment.yaml index 2752199b..a823b1dc 100644 --- a/stable/vulcan/templates/insights/deployment.yaml +++ b/stable/vulcan/templates/insights/deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "insights.fullname" . }} + name: {{ include "comp.fullname" . }} labels: {{- include "vulcan.labels" . | nindent 4 }} app.kubernetes.io/name: {{ .Values.comp.name }} spec: diff --git a/stable/vulcan/templates/metrics/deployment.yaml b/stable/vulcan/templates/metrics/deployment.yaml index 999ec275..da043ea3 100644 --- a/stable/vulcan/templates/metrics/deployment.yaml +++ b/stable/vulcan/templates/metrics/deployment.yaml @@ -5,7 +5,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "metrics.fullname" . }} + name: {{ include "comp.fullname" . }} labels: {{- include "vulcan.labels" . | nindent 4 }} app.kubernetes.io/name: {{ .Values.comp.name }} spec: @@ -64,11 +64,11 @@ spec: - name: VULCAN_API value: {{ .Values.comp.conf.vulcanApi | default (include "api.url" .) }} - name: VULCAN_API_EXTERNAL - value: {{ .Values.comp.conf.vulcanAPIExternal | quote }} + value: {{ .Values.comp.conf.vulcanAPIExternal | default (include "api.endpoint" . ) | quote }} {{- include "common-container-envs" . | nindent 10 }} envFrom: - secretRef: - name: {{ include "metrics.fullname" . }} + name: {{ include "comp.fullname" . }} volumes: {{- include "common-deployment-volumes" . | nindent 6 }} {{- include "common-deployment-spec" . | nindent 6 }} diff --git a/stable/vulcan/templates/persistence/deployment.yaml b/stable/vulcan/templates/persistence/deployment.yaml index 7f26f5b8..505696b2 100644 --- a/stable/vulcan/templates/persistence/deployment.yaml +++ b/stable/vulcan/templates/persistence/deployment.yaml @@ -5,7 +5,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "persistence.fullname" . }} + name: {{ include "comp.fullname" . }} labels: {{- include "vulcan.labels" . | nindent 4 }} app.kubernetes.io/name: {{ .Values.comp.name }} spec: @@ -51,7 +51,7 @@ spec: {{- include "common-container-envs" . | nindent 10 }} envFrom: - secretRef: - name: {{ include "persistence.fullname" . }} + name: {{ include "comp.fullname" . }} ports: - name: {{ include "common-appPortName" . }} containerPort: {{ .Values.comp.containerPort }} diff --git a/stable/vulcan/templates/reportsgenerator/deployment.yaml b/stable/vulcan/templates/reportsgenerator/deployment.yaml index aac54110..d9ae22c4 100644 --- a/stable/vulcan/templates/reportsgenerator/deployment.yaml +++ b/stable/vulcan/templates/reportsgenerator/deployment.yaml @@ -5,7 +5,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "reportsgenerator.fullname" . }} + name: {{ include "comp.fullname" . }} labels: {{- include "vulcan.labels" . | nindent 4 }} app.kubernetes.io/name: {{ .Values.comp.name }} spec: @@ -83,13 +83,13 @@ spec: - name: PERSISTENCE_ENDPOINT # We keep this PERSISTENCE variable for compatibility value: {{ .Values.comp.conf.scanengineUrl | default (include "scanengine.url" .) | quote }} - name: RESULTS_ENDPOINT - value: {{ .Values.comp.conf.resultsUrl | default (include "results.url" .) | quote }} + value: {{ .Values.comp.conf.resultsUrl | default (include "results.endpoint" .) | quote }} - name: SCAN_PROXY_ENDPOINT - value: {{ .Values.comp.conf.generators.scan.proxyEndpoint | quote }} + value: {{ .Values.comp.conf.generators.scan.proxyEndpoint | default (include "insights.endpoint" .) | quote }} - name: VULCAN_UI - value: {{ .Values.comp.conf.generators.scan.vulcanUi | quote }} + value: {{ .Values.comp.conf.generators.scan.vulcanUi | default (include "ui.endpoint" .) | quote }} - name: SCAN_VIEW_REPORT - value: {{ printf "%sapi/v1/report?team_id=%s&scan_id=%s" .Values.comp.conf.generators.scan.vulcanUi "%s" "%s" | quote }} + value: {{ printf "%s%s/v1/report?team_id=%s&scan_id=%s" (include "api.endpoint" .) .Values.api.ingress.path "%s" "%s" | quote }} {{- if .Values.comp.conf.generators.scan.redirectUrl }} - name: SCAN_REDIRECT_URL value: {{ .Values.comp.conf.generators.scan.redirectUrl | quote }} @@ -99,7 +99,7 @@ spec: {{- include "common-container-envs" . | nindent 10 }} envFrom: - secretRef: - name: {{ include "reportsgenerator.fullname" . }} + name: {{ include "comp.fullname" . }} ports: - name: {{ include "common-appPortName" . }} containerPort: {{ .Values.comp.containerPort }} diff --git a/stable/vulcan/templates/results/deployment.yaml b/stable/vulcan/templates/results/deployment.yaml index 49432c51..e522c8a3 100644 --- a/stable/vulcan/templates/results/deployment.yaml +++ b/stable/vulcan/templates/results/deployment.yaml @@ -5,7 +5,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "results.fullname" . }} + name: {{ include "comp.fullname" . }} labels: {{- include "vulcan.labels" . | nindent 4 }} app.kubernetes.io/name: {{ .Values.comp.name }} spec: @@ -38,7 +38,7 @@ spec: - name: BUCKET_LOGS value: {{ .Values.comp.conf.bucketLogs | quote }} - name: LINK_BASE - value: "{{ .Values.comp.conf.linkBase }}/v1" + value: "{{ .Values.comp.conf.linkBase | default (include "results.endpoint" .) }}/v1" {{- include "common-container-envs" . | nindent 10 }} ports: - name: {{ include "common-appPortName" . }} diff --git a/stable/vulcan/templates/scanengine/deployment.yaml b/stable/vulcan/templates/scanengine/deployment.yaml index 7ca7d12f..2edc7d23 100644 --- a/stable/vulcan/templates/scanengine/deployment.yaml +++ b/stable/vulcan/templates/scanengine/deployment.yaml @@ -5,7 +5,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "scanengine.fullname" . }} + name: {{ include "comp.fullname" . }} labels: {{- include "vulcan.labels" . | nindent 4 }} app.kubernetes.io/name: {{ .Values.comp.name }} spec: @@ -71,7 +71,7 @@ spec: {{- include "common-container-envs" . | nindent 10 }} envFrom: - secretRef: - name: {{ include "scanengine.fullname" . }} + name: {{ include "comp.fullname" . }} ports: - name: {{ include "common-appPortName" . }} containerPort: {{ .Values.comp.containerPort }} diff --git a/stable/vulcan/templates/sqsexporter/deployment.yaml b/stable/vulcan/templates/sqsexporter/deployment.yaml index 0a1a1074..0afc6fad 100644 --- a/stable/vulcan/templates/sqsexporter/deployment.yaml +++ b/stable/vulcan/templates/sqsexporter/deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "vulcan.fullname" . }}-{{ .Values.comp.name }} + name: {{ include "comp.fullname" . }} labels: {{- include "vulcan.labels" . | nindent 4 }} app.kubernetes.io/name: {{ .Values.comp.name }} spec: diff --git a/stable/vulcan/templates/stream/deployment.yaml b/stable/vulcan/templates/stream/deployment.yaml index 3bc7e780..355aa794 100644 --- a/stable/vulcan/templates/stream/deployment.yaml +++ b/stable/vulcan/templates/stream/deployment.yaml @@ -5,7 +5,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "stream.fullname" . }} + name: {{ include "comp.fullname" . }} labels: {{- include "vulcan.labels" . | nindent 4 }} app.kubernetes.io/name: {{ .Values.comp.name }} spec: @@ -48,7 +48,7 @@ spec: {{- if (include "vulcan.redis.password" .) }} envFrom: - secretRef: - name: {{ include "stream.fullname" . }} + name: {{ include "comp.fullname" . }} {{- end }} ports: - name: {{ include "common-appPortName" . }} diff --git a/stable/vulcan/templates/ui/deployment.yaml b/stable/vulcan/templates/ui/deployment.yaml index ab218c52..eae93e79 100644 --- a/stable/vulcan/templates/ui/deployment.yaml +++ b/stable/vulcan/templates/ui/deployment.yaml @@ -30,7 +30,7 @@ spec: - name: PORT value: {{ .Values.comp.containerPort | quote }} - name: API_URL - value: {{ .Values.comp.conf.apiUrl | quote }} + value: {{ .Values.comp.conf.apiUrl | default (printf "%s%s/v1/" (include "api.endpoint" . ) .Values.api.ingress.path ) | quote }} - name: UI_DOCS_API_LINK value: {{ .Values.comp.conf.docs.apiLink | quote }} - name: UI_DOCS_WHITELISTING_LINK diff --git a/stable/vulcan/templates/vulndb/deployment.yaml b/stable/vulcan/templates/vulndb/deployment.yaml index 1d79df24..14d68145 100644 --- a/stable/vulcan/templates/vulndb/deployment.yaml +++ b/stable/vulcan/templates/vulndb/deployment.yaml @@ -5,7 +5,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "vulndb.fullname" . }} + name: {{ include "comp.fullname" . }} labels: {{- include "vulcan.labels" . | nindent 4 }} app.kubernetes.io/name: {{ .Values.comp.name }} spec: @@ -57,9 +57,9 @@ spec: - name: SNS_ENABLED value: {{ .Values.comp.conf.vulnsTopicEnabled | quote }} - name: RESULTS_URL - value: {{ .Values.comp.conf.resultsUrl | default ( printf "https://%s" (include "results.fullname" .)) }} + value: {{ .Values.comp.conf.resultsUrl | default (include "results.endpoint" .) | quote }} - name: RESULTS_INTERNAL_URL - value: {{ .Values.comp.conf.resultsInternalUrl | default (include "results.url" .)| quote }} + value: {{ .Values.comp.conf.resultsInternalUrl | default (include "results.url" .) | quote }} - name: KAFKA_ENABLED value: {{ .Values.comp.conf.kafka.enabled | quote }} - name: KAFKA_USER @@ -73,7 +73,7 @@ spec: {{- include "common-container-envs" . | nindent 10 }} envFrom: - secretRef: - name: {{ include "vulndb.fullname" . }} + name: {{ include "comp.fullname" . }} volumes: {{- include "common-deployment-volumes" . | nindent 6 }} {{- include "common-deployment-spec" . | nindent 6 }} diff --git a/stable/vulcan/templates/vulndbapi/deployment.yaml b/stable/vulcan/templates/vulndbapi/deployment.yaml index 1a2bc13a..be5a78cb 100644 --- a/stable/vulcan/templates/vulndbapi/deployment.yaml +++ b/stable/vulcan/templates/vulndbapi/deployment.yaml @@ -5,7 +5,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "vulndbapi.fullname" . }} + name: {{ include "comp.fullname" . }} labels: {{- include "vulcan.labels" . | nindent 4 }} app.kubernetes.io/name: {{ .Values.comp.name }} spec: @@ -61,7 +61,7 @@ spec: {{- include "common-container-envs" . | nindent 10 }} envFrom: - secretRef: - name: {{ include "vulndbapi.fullname" . }} + name: {{ include "comp.fullname" . }} ports: - name: {{ include "common-appPortName" . }} containerPort: {{ .Values.comp.containerPort }} diff --git a/stable/vulcan/values.yaml b/stable/vulcan/values.yaml index 3c56f44f..d8f9e071 100644 --- a/stable/vulcan/values.yaml +++ b/stable/vulcan/values.yaml @@ -122,12 +122,75 @@ anchors: protocol: TCP targetPort: - # -- ingress settings - ingress: + ingress: &ingress + ## @param ingress.enabled Enable ingress controller resource + ## enabled: false + ## @param ingress.pathType Default path type for the ingress resource + ## + pathType: ImplementationSpecific + ## @param ingress.hostname Default host for the ingress resource + ## + hostname: + ## @param ingress.path Default path for the ingress resource + ## + path: / + ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md + ## Use this parameter to set the required annotations for cert-manager, see + ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations + ## + ## e.g: + ## annotations: + ## kubernetes.io/ingress.class: nginx + ## cert-manager.io/cluster-issuer: cluster-issuer-name + ## annotations: {} - hosts: [] - tls: [] + ## @param ingress.tls Enable TLS for `ingress.hostname` parameter + ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }} + ## You can use the ingress.secrets parameter to create this TLS secret, rely on cert-manager to create it, or + ## let the chart create self-signed certificates for you + ## + tls: false + ## @param ingress.secretName Use an existing secret for tls. + ## + secretName: + ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. + ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array + ## Example: + ## extraHosts: + ## - name: magento.local + ## path: / + ## + extraHosts: [] + ## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host + ## e.g: + ## extraPaths: + ## - path: /* + ## backend: + ## serviceName: ssl-redirect + ## servicePort: use-annotation + ## + extraPaths: [] + ## @param ingress.extraRules The list of additional rules to be added to this ingress record. Evaluated as a template + ## Useful when looking for additional customization, such as using different backend + ## + extraRules: [] + ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. + ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls + ## Example: + ## extraTls: + ## - hosts: + ## - magento.local + ## secretName: magento.local-tls + ## + extraTls: [] + ## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) + ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . + ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ + ## + ingressClassName: "" resources: {} nodeSelector: {} @@ -281,7 +344,7 @@ results: region: bucketReports: reports bucketLogs: logs - linkBase: http://vulcan-results + linkBase: # https://results.global.local healthcheckPath: /healthcheck @@ -387,7 +450,7 @@ api: metadata: https://okta/app/TBD/sso/saml/metadata issuer: http://okta/TBD callback: # https://vulcan-api/api/v1/login/callback - trustedDomains: '[]' # '["vulcan-api"]' + trustedDomains: # '["www.vulcan.local"]' logLevel: INFO defaultOwners: '[]' # '["owner1","owner2"]' vulndbapiUrl: # http://vulnerabilitydbapi @@ -423,6 +486,8 @@ api: dogstatsd: *dogstatsd ingress: + <<: *ingress + subdomain: www path: /api @@ -516,7 +581,7 @@ ui: sqs: false conf: - apiUrl: # https://vulcan-api/api/v1/ + apiUrl: # https://www.vulcan.local/api/v1/ docs: apiLink: https://docs.example.com/vulcan/vulcan-api/ # vulcan API doc whitelistingLink: # vulcan scanner IPs @@ -529,6 +594,11 @@ ui: # -- if not set redirects to UI's dashboard.html link: # vulcan metrics dashboard + ingress: + <<: *ingress + subdomain: www + path: / + insights: enabled: true @@ -593,7 +663,7 @@ reportsgenerator: publicBucket: public-insights privateBucket: insights gaId: UA-000000000-0 - proxyEndpoint: # https://vulcan-insights + proxyEndpoint: # https://insights.vulcan.local contact: companyName: Example email: vulcan@example.com @@ -675,7 +745,7 @@ vulndbapi: conf: logLevel: info - readReplicaHost: "" + readReplicaHost: # -- postgres database settings db: @@ -700,7 +770,7 @@ vulndb: sqsNumProcessors: vulnsTopicEnabled: true maxEventAge: 365 - resultsUrl: http://vulcan-results.vulcan.com + resultsUrl: # https://results.vulcan.example.com resultsInternalUrl: # http://vulcan-results kafka: enabled: false @@ -721,6 +791,9 @@ vulndb: <<: *db name: vulnerabilitydb + ingress: + enabled: false + sqsexporter: enabled: true