From ace3f6488a9992a86e431a17407b571e9cf6e587 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Iv=C3=A1n=20Alejandro=20Marug=C3=A1n?= Date: Thu, 12 Sep 2024 09:29:53 +0200 Subject: [PATCH] feat: add topologySpreadContraints * Update docs * Migrate examples * Update _helpers.tpl --- charts/openbas/README.md | 4 +- charts/openbas/README.md.gotmpl | 4 +- charts/openbas/ci/ci-common-values.yaml | 38 +++ .../collector}/collector-atomic-red-team.yaml | 0 .../collector-microsoft-defender.yaml | 0 .../collector}/collector-microsoft-entra.yaml | 0 .../collector-microsoft-sentinel.yaml | 0 .../collector}/collector-mitre-attack.yaml | 0 .../collector-tanium-threat-response.yaml | 0 .../injector}/injector-http-query.yaml | 0 charts/openbas/templates/_helpers.tpl | 106 ++++++++ .../openbas/templates/caldera/configmap.yaml | 3 +- .../openbas/templates/caldera/deployment.yaml | 14 +- charts/openbas/templates/caldera/hpa.yaml | 3 +- .../templates/caldera/networkpolicy.yaml | 6 +- charts/openbas/templates/caldera/pdb.yaml | 6 +- charts/openbas/templates/caldera/service.yaml | 6 +- .../templates/collector/deployment.yaml | 10 + .../templates/injector/deployment.yaml | 10 + .../openbas/templates/server/deployment.yaml | 14 +- charts/openbas/templates/server/hpa.yaml | 3 +- .../templates/server/networkpolicy.yaml | 6 +- charts/openbas/templates/server/pdb.yaml | 6 +- charts/openbas/templates/server/secret.yaml | 3 +- charts/openbas/templates/server/service.yaml | 6 +- .../templates/server/serviceaccount.yaml | 3 +- charts/openbas/values.yaml | 254 ++++++++++-------- 27 files changed, 336 insertions(+), 169 deletions(-) rename charts/openbas/{collector-examples => examples/collector}/collector-atomic-red-team.yaml (100%) rename charts/openbas/{collector-examples => examples/collector}/collector-microsoft-defender.yaml (100%) rename charts/openbas/{collector-examples => examples/collector}/collector-microsoft-entra.yaml (100%) rename charts/openbas/{collector-examples => examples/collector}/collector-microsoft-sentinel.yaml (100%) rename charts/openbas/{collector-examples => examples/collector}/collector-mitre-attack.yaml (100%) rename charts/openbas/{collector-examples => examples/collector}/collector-tanium-threat-response.yaml (100%) rename charts/openbas/{injector-examples => examples/injector}/injector-http-query.yaml (100%) diff --git a/charts/openbas/README.md b/charts/openbas/README.md index 5900d5d..dede8f6 100644 --- a/charts/openbas/README.md +++ b/charts/openbas/README.md @@ -58,8 +58,8 @@ _See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command doc ## OpenBAS * [Environment configuration](https://docs.openbas.io/latest/deployment/configuration/#platform) -* [Collectors](https://github.com/OpenBAS-Platform/collectors/tree/main). Review `docker-compose.yaml` with the properly config or check collectors samples on [`collector-examples`](./collector-examples) folder. -* [Injectors](https://github.com/OpenBAS-Platform/injectors/tree/main). Review `docker-compose.yaml` with the properly config or check injectors samples on [`injector-examples`](./injector-examples) folder. +* [Collectors](https://github.com/OpenBAS-Platform/collectors/tree/main). Review `docker-compose.yaml` with the properly config or check collectors samples on [`collector-examples`](./examples/collector) folder. +* [Injectors](https://github.com/OpenBAS-Platform/injectors/tree/main). Review `docker-compose.yaml` with the properly config or check injectors samples on [`injector-examples`](./examples/injector) folder. ## Basic installation and examples diff --git a/charts/openbas/README.md.gotmpl b/charts/openbas/README.md.gotmpl index 09c3b42..166ec74 100644 --- a/charts/openbas/README.md.gotmpl +++ b/charts/openbas/README.md.gotmpl @@ -48,8 +48,8 @@ _See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command doc ## OpenBAS * [Environment configuration](https://docs.openbas.io/latest/deployment/configuration/#platform) -* [Collectors](https://github.com/OpenBAS-Platform/collectors/tree/main). Review `docker-compose.yaml` with the properly config or check collectors samples on [`collector-examples`](./collector-examples) folder. -* [Injectors](https://github.com/OpenBAS-Platform/injectors/tree/main). Review `docker-compose.yaml` with the properly config or check injectors samples on [`injector-examples`](./injector-examples) folder. +* [Collectors](https://github.com/OpenBAS-Platform/collectors/tree/main). Review `docker-compose.yaml` with the properly config or check collectors samples on [`collector-examples`](./examples/collector) folder. +* [Injectors](https://github.com/OpenBAS-Platform/injectors/tree/main). Review `docker-compose.yaml` with the properly config or check injectors samples on [`injector-examples`](./examples/injector) folder. ## Basic installation and examples diff --git a/charts/openbas/ci/ci-common-values.yaml b/charts/openbas/ci/ci-common-values.yaml index 8439fba..5276a0e 100644 --- a/charts/openbas/ci/ci-common-values.yaml +++ b/charts/openbas/ci/ci-common-values.yaml @@ -41,6 +41,21 @@ podDisruptionBudget: autoscaling: enabled: true +secrets: + OPENBAS_ADMIN_TOKEN: "b1976749-8a53-4f49-bf04-cafa2a3458c1" + OPENBAS_RABBITMQ_PASS: ChangeMe + +envFromSecrets: + OPENBAS_ADMIN_TOKEN: + name: openbas-ci-credentials + key: OPENBAS_ADMIN_TOKEN + OPENBAS_TOKEN: + name: openbas-ci-credentials + key: OPENBAS_TOKEN + OPENBAS_RABBITMQ_PASS: + name: openbas-ci-credentials + key: OPENBAS_RABBITMQ_PASS + caldera: enabled: true @@ -109,6 +124,11 @@ caldera: autoscaling: enabled: true + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: kubernetes.io/os + whenUnsatisfiable: DoNotSchedule + collectors: - name: atomic-red-team enabled: true @@ -137,6 +157,14 @@ collectors: COLLECTOR_ID: e668aa07-e1a3-41d8-8748-786be5df9dab COLLECTOR_NAME: "Atomic Red Team" COLLECTOR_LOG_LEVEL: error + envFromSecrets: + OPENBAS_TOKEN: + name: openbas-ci-credentials + key: OPENBAS_TOKEN + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: kubernetes.io/os + whenUnsatisfiable: DoNotSchedule injectors: - name: http-query @@ -164,6 +192,14 @@ injectors: INJECTOR_ID: e668aa07-e1a3-41d8-8748-786be5df9dab INJECTOR_NAME: "HTTP query" INJECTOR_LOG_LEVEL: error + envFromSecrets: + OPENBAS_TOKEN: + name: openbas-ci-credentials + key: OPENBAS_TOKEN + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: kubernetes.io/os + whenUnsatisfiable: DoNotSchedule minio: fullnameOverride: openbas-ci-minio @@ -184,6 +220,8 @@ postgresql: rabbitmq: fullnameOverride: openbas-ci-rabbitmq auth: + existingPasswordSecret: openbas-ci-credentials + existingSecretPasswordKey: OPENBAS_RABBITMQ_PASS erlangCookie: b25c953e-2193-4b8e-9f3b-9a3a5ba76d75 clustering: enabled: false diff --git a/charts/openbas/collector-examples/collector-atomic-red-team.yaml b/charts/openbas/examples/collector/collector-atomic-red-team.yaml similarity index 100% rename from charts/openbas/collector-examples/collector-atomic-red-team.yaml rename to charts/openbas/examples/collector/collector-atomic-red-team.yaml diff --git a/charts/openbas/collector-examples/collector-microsoft-defender.yaml b/charts/openbas/examples/collector/collector-microsoft-defender.yaml similarity index 100% rename from charts/openbas/collector-examples/collector-microsoft-defender.yaml rename to charts/openbas/examples/collector/collector-microsoft-defender.yaml diff --git a/charts/openbas/collector-examples/collector-microsoft-entra.yaml b/charts/openbas/examples/collector/collector-microsoft-entra.yaml similarity index 100% rename from charts/openbas/collector-examples/collector-microsoft-entra.yaml rename to charts/openbas/examples/collector/collector-microsoft-entra.yaml diff --git a/charts/openbas/collector-examples/collector-microsoft-sentinel.yaml b/charts/openbas/examples/collector/collector-microsoft-sentinel.yaml similarity index 100% rename from charts/openbas/collector-examples/collector-microsoft-sentinel.yaml rename to charts/openbas/examples/collector/collector-microsoft-sentinel.yaml diff --git a/charts/openbas/collector-examples/collector-mitre-attack.yaml b/charts/openbas/examples/collector/collector-mitre-attack.yaml similarity index 100% rename from charts/openbas/collector-examples/collector-mitre-attack.yaml rename to charts/openbas/examples/collector/collector-mitre-attack.yaml diff --git a/charts/openbas/collector-examples/collector-tanium-threat-response.yaml b/charts/openbas/examples/collector/collector-tanium-threat-response.yaml similarity index 100% rename from charts/openbas/collector-examples/collector-tanium-threat-response.yaml rename to charts/openbas/examples/collector/collector-tanium-threat-response.yaml diff --git a/charts/openbas/injector-examples/injector-http-query.yaml b/charts/openbas/examples/injector/injector-http-query.yaml similarity index 100% rename from charts/openbas/injector-examples/injector-http-query.yaml rename to charts/openbas/examples/injector/injector-http-query.yaml diff --git a/charts/openbas/templates/_helpers.tpl b/charts/openbas/templates/_helpers.tpl index e9e8af1..038a95c 100644 --- a/charts/openbas/templates/_helpers.tpl +++ b/charts/openbas/templates/_helpers.tpl @@ -60,3 +60,109 @@ Create the name of the service account to use {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} + +{{/* +####################### +SERVER SECTION +####################### +*/}} + +{{/* +Default server component +*/}} +{{- define "openbas.serverComponentLabel" -}} +openbas.component: server +{{- end -}} + +{{/* +Generate labels for server component +*/}} +{{- define "openbas.serverLabels" -}} +{{- toYaml (merge ((include "openbas.labels" .) | fromYaml) ((include "openbas.serverComponentLabel" .) | fromYaml)) }} +{{- end }} + +{{/* +Generate selectorLabels for server component +*/}} +{{- define "openbas.selectorServerLabels" -}} +{{- toYaml (merge ((include "openbas.selectorLabels" .) | fromYaml) ((include "openbas.serverComponentLabel" .) | fromYaml)) }} +{{- end }} + +{{/* +Ref: https://github.com/aws/karpenter-provider-aws/blob/main/charts/karpenter/templates/_helpers.tpl +Patch the label selector on an object +This template will add a labelSelector using matchLabels to the object referenced at _target if there is no labelSelector specified. +The matchLabels are created with the selectorLabels template. +This works because Helm treats dictionaries as mutable objects and allows passing them by reference. +*/}} +{{- define "openbas.patchSelectorServerLabels" -}} +{{- if not (hasKey ._target "labelSelector") }} +{{- $selectorLabels := (include "openbas.selectorServerLabels" .) | fromYaml }} +{{- $_ := set ._target "labelSelector" (dict "matchLabels" $selectorLabels) }} +{{- end }} +{{- end }} + +{{/* +Ref: https://github.com/aws/karpenter-provider-aws/blob/main/charts/karpenter/templates/_helpers.tpl +Patch topology spread constraints +This template uses the openbas.selectorLabels template to add a labelSelector to topologySpreadConstraints if one isn't specified. +This works because Helm treats dictionaries as mutable objects and allows passing them by reference. +*/}} +{{- define "openbas.patchTopologySpreadConstraintsServer" -}} +{{- range $constraint := .Values.topologySpreadConstraints }} +{{- include "openbas.patchSelectorServerLabels" (merge (dict "_target" $constraint (include "openbas.selectorServerLabels" $)) $) }} +{{- end }} +{{- end }} + +{{/* +####################### +CALDERA SECTION +####################### +*/}} + +{{/* +Default caldera component +*/}} +{{- define "openbas.calderaComponentLabel" -}} +openbas.component: caldera +{{- end -}} + +{{/* +Generate labels for caldera component +*/}} +{{- define "openbas.calderaLabels" -}} +{{- toYaml (merge ((include "openbas.labels" .) | fromYaml) ((include "openbas.calderaComponentLabel" .) | fromYaml)) }} +{{- end }} + +{{/* +Generate selectorLabels for caldera component +*/}} +{{- define "openbas.selectorCalderaLabels" -}} +{{- toYaml (merge ((include "openbas.selectorLabels" .) | fromYaml) ((include "openbas.calderaComponentLabel" .) | fromYaml)) }} +{{- end }} + +{{/* +Ref: https://github.com/aws/karpenter-provider-aws/blob/main/charts/karpenter/templates/_helpers.tpl +Patch the label selector on an object +This template will add a labelSelector using matchLabels to the object referenced at _target if there is no labelSelector specified. +The matchLabels are created with the selectorLabels template. +This works because Helm treats dictionaries as mutable objects and allows passing them by reference. +*/}} +{{- define "openbas.patchSelectorCalderaLabels" -}} +{{- if not (hasKey ._target "labelSelector") }} +{{- $selectorLabels := (include "openbas.selectorCalderaLabels" .) | fromYaml }} +{{- $_ := set ._target "labelSelector" (dict "matchLabels" $selectorLabels) }} +{{- end }} +{{- end }} + +{{/* +Ref: https://github.com/aws/karpenter-provider-aws/blob/main/charts/karpenter/templates/_helpers.tpl +Patch topology spread constraints +This template uses the openbas.selectorLabels template to add a labelSelector to topologySpreadConstraints if one isn't specified. +This works because Helm treats dictionaries as mutable objects and allows passing them by reference. +*/}} +{{- define "openbas.patchTopologySpreadConstraintsCaldera" -}} +{{- range $constraint := .Values.caldera.topologySpreadConstraints }} +{{- include "openbas.patchSelectorCalderaLabels" (merge (dict "_target" $constraint (include "openbas.selectorCalderaLabels" $)) $) }} +{{- end }} +{{- end }} diff --git a/charts/openbas/templates/caldera/configmap.yaml b/charts/openbas/templates/caldera/configmap.yaml index ff637a5..9e63d57 100644 --- a/charts/openbas/templates/caldera/configmap.yaml +++ b/charts/openbas/templates/caldera/configmap.yaml @@ -3,8 +3,7 @@ kind: ConfigMap metadata: name: {{ include "openbas.fullname" . }}-caldera-config labels: - openbas.component: caldera - {{- include "openbas.labels" . | nindent 4 }} + {{- include "openbas.calderaLabels" . | nindent 4 }} data: local.yml: | {{- .Values.caldera.config | toYaml | nindent 4 }} diff --git a/charts/openbas/templates/caldera/deployment.yaml b/charts/openbas/templates/caldera/deployment.yaml index 636ac97..23fbcaa 100644 --- a/charts/openbas/templates/caldera/deployment.yaml +++ b/charts/openbas/templates/caldera/deployment.yaml @@ -4,16 +4,14 @@ kind: Deployment metadata: name: {{ include "openbas.fullname" . }}-caldera labels: - openbas.component: caldera - {{- include "openbas.labels" . | nindent 4 }} + {{- include "openbas.calderaLabels" . | nindent 4 }} spec: {{- if not .Values.caldera.autoscaling.enabled }} replicas: {{ .Values.caldera.replicaCount }} {{- end }} selector: matchLabels: - openbas.component: caldera - {{- include "openbas.selectorLabels" . | nindent 6 }} + {{- include "openbas.selectorCalderaLabels" . | nindent 6 }} template: metadata: annotations: @@ -22,8 +20,7 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} labels: - openbas.component: caldera - {{- include "openbas.selectorLabels" . | nindent 8 }} + {{- include "openbas.selectorCalderaLabels" . | nindent 8 }} {{- with .Values.caldera.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} @@ -112,4 +109,9 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.caldera.topologySpreadConstraints }} + {{- $_ := include "openbas.patchTopologySpreadConstraintsCaldera" $ }} + topologySpreadConstraints: + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} diff --git a/charts/openbas/templates/caldera/hpa.yaml b/charts/openbas/templates/caldera/hpa.yaml index c072a7f..ec10ff7 100644 --- a/charts/openbas/templates/caldera/hpa.yaml +++ b/charts/openbas/templates/caldera/hpa.yaml @@ -4,8 +4,7 @@ kind: HorizontalPodAutoscaler metadata: name: {{ include "openbas.fullname" . }}-caldera labels: - openbas.component: caldera - {{- include "openbas.labels" . | nindent 4 }} + {{- include "openbas.calderaLabels" . | nindent 4 }} spec: scaleTargetRef: apiVersion: apps/v1 diff --git a/charts/openbas/templates/caldera/networkpolicy.yaml b/charts/openbas/templates/caldera/networkpolicy.yaml index f5fcf99..86b2037 100644 --- a/charts/openbas/templates/caldera/networkpolicy.yaml +++ b/charts/openbas/templates/caldera/networkpolicy.yaml @@ -4,16 +4,14 @@ kind: NetworkPolicy metadata: name: {{ include "openbas.fullname" . }}-caldera labels: - openbas.component: caldera - {{- include "openbas.labels" . | nindent 4 }} + {{- include "openbas.calderaLabels" . | nindent 4 }} spec: {{- if and (not .Values.caldera.networkPolicy.policyTypes) (not .Values.caldera.networkPolicy.ingress) (not .Values.caldera.networkPolicy.egress) }} podSelector: {} {{- else }} podSelector: matchLabels: - openbas.component: caldera - {{- include "openbas.selectorLabels" . | nindent 6 }} + {{- include "openbas.selectorCalderaLabels" . | nindent 6 }} {{- end }} {{- if .Values.caldera.networkPolicy.policyTypes }} diff --git a/charts/openbas/templates/caldera/pdb.yaml b/charts/openbas/templates/caldera/pdb.yaml index 417de85..be19630 100644 --- a/charts/openbas/templates/caldera/pdb.yaml +++ b/charts/openbas/templates/caldera/pdb.yaml @@ -4,13 +4,11 @@ kind: PodDisruptionBudget metadata: name: {{ include "openbas.fullname" . }}-caldera labels: - openbas.component: caldera - {{- include "openbas.labels" . | nindent 4 }} + {{- include "openbas.calderaLabels" . | nindent 4 }} spec: selector: matchLabels: - openbas.component: caldera - {{- include "openbas.selectorLabels" . | nindent 6 }} + {{- include "openbas.selectorCalderaLabels" . | nindent 6 }} {{- if .Values.caldera.podDisruptionBudget.minAvailable }} minAvailable: {{ .Values.caldera.podDisruptionBudget.minAvailable }} {{- end }} diff --git a/charts/openbas/templates/caldera/service.yaml b/charts/openbas/templates/caldera/service.yaml index efa1ecf..95b4aec 100644 --- a/charts/openbas/templates/caldera/service.yaml +++ b/charts/openbas/templates/caldera/service.yaml @@ -3,8 +3,7 @@ kind: Service metadata: name: {{ include "openbas.fullname" . }}-caldera labels: - openbas.component: caldera - {{- include "openbas.labels" . | nindent 4 }} + {{- include "openbas.calderaLabels" . | nindent 4 }} spec: type: {{ .Values.caldera.service.type }} ports: @@ -13,5 +12,4 @@ spec: protocol: TCP name: http selector: - openbas.component: caldera - {{- include "openbas.selectorLabels" . | nindent 4 }} + {{- include "openbas.selectorCalderaLabels" . | nindent 4 }} diff --git a/charts/openbas/templates/collector/deployment.yaml b/charts/openbas/templates/collector/deployment.yaml index f659a99..90b1f9c 100644 --- a/charts/openbas/templates/collector/deployment.yaml +++ b/charts/openbas/templates/collector/deployment.yaml @@ -135,6 +135,16 @@ spec: affinity: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - labelSelector: + matchLabels: + openbas.collector: {{ $collectorName }} + {{- include "openbas.selectorLabels" $ | nindent 14 }} + {{- toYaml $constraint | nindent 10 }} + {{- end }} + {{- end }} {{- end }} {{- end }} diff --git a/charts/openbas/templates/injector/deployment.yaml b/charts/openbas/templates/injector/deployment.yaml index 1a1b716..afe46df 100644 --- a/charts/openbas/templates/injector/deployment.yaml +++ b/charts/openbas/templates/injector/deployment.yaml @@ -135,6 +135,16 @@ spec: affinity: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - labelSelector: + matchLabels: + openbas.injector: {{ $injectorName }} + {{- include "openbas.selectorLabels" $ | nindent 14 }} + {{- toYaml $constraint | nindent 10 }} + {{- end }} + {{- end }} {{- end }} {{- end }} diff --git a/charts/openbas/templates/server/deployment.yaml b/charts/openbas/templates/server/deployment.yaml index e544686..a71dbb4 100644 --- a/charts/openbas/templates/server/deployment.yaml +++ b/charts/openbas/templates/server/deployment.yaml @@ -3,16 +3,14 @@ kind: Deployment metadata: name: {{ include "openbas.fullname" . }}-server labels: - openbas.component: server - {{- include "openbas.labels" . | nindent 4 }} + {{- include "openbas.serverLabels" . | nindent 4 }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} {{- end }} selector: matchLabels: - openbas.component: server - {{- include "openbas.selectorLabels" . | nindent 6 }} + {{- include "openbas.selectorServerLabels" . | nindent 6 }} template: metadata: {{- with .Values.podAnnotations }} @@ -20,8 +18,7 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} labels: - openbas.component: server - {{- include "openbas.selectorLabels" . | nindent 8 }} + {{- include "openbas.selectorServerLabels" . | nindent 8 }} {{- with .Values.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} @@ -175,3 +172,8 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.topologySpreadConstraints }} + {{- $_ := include "openbas.patchTopologySpreadConstraintsServer" $ }} + topologySpreadConstraints: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/openbas/templates/server/hpa.yaml b/charts/openbas/templates/server/hpa.yaml index 869e84d..051fcc7 100644 --- a/charts/openbas/templates/server/hpa.yaml +++ b/charts/openbas/templates/server/hpa.yaml @@ -4,8 +4,7 @@ kind: HorizontalPodAutoscaler metadata: name: {{ include "openbas.fullname" . }}-server labels: - openbas.component: server - {{- include "openbas.labels" . | nindent 4 }} + {{- include "openbas.serverLabels" . | nindent 4 }} spec: scaleTargetRef: apiVersion: apps/v1 diff --git a/charts/openbas/templates/server/networkpolicy.yaml b/charts/openbas/templates/server/networkpolicy.yaml index 002f93e..195acf3 100644 --- a/charts/openbas/templates/server/networkpolicy.yaml +++ b/charts/openbas/templates/server/networkpolicy.yaml @@ -4,16 +4,14 @@ kind: NetworkPolicy metadata: name: {{ include "openbas.fullname" . }}-server labels: - openbas.component: server - {{- include "openbas.labels" . | nindent 4 }} + {{- include "openbas.serverLabels" . | nindent 4 }} spec: {{- if and (not .Values.networkPolicy.policyTypes) (not .Values.networkPolicy.ingress) (not .Values.networkPolicy.egress) }} podSelector: {} {{- else }} podSelector: matchLabels: - openbas.component: server - {{- include "openbas.selectorLabels" . | nindent 6 }} + {{- include "openbas.selectorServerLabels" . | nindent 6 }} {{- end }} {{- if .Values.networkPolicy.policyTypes }} diff --git a/charts/openbas/templates/server/pdb.yaml b/charts/openbas/templates/server/pdb.yaml index 10d2918..99343f6 100644 --- a/charts/openbas/templates/server/pdb.yaml +++ b/charts/openbas/templates/server/pdb.yaml @@ -4,13 +4,11 @@ kind: PodDisruptionBudget metadata: name: {{ include "openbas.fullname" . }}-server labels: - openbas.component: server - {{- include "openbas.labels" . | nindent 4 }} + {{- include "openbas.serverLabels" . | nindent 4 }} spec: selector: matchLabels: - openbas.component: server - {{- include "openbas.selectorLabels" . | nindent 6 }} + {{- include "openbas.selectorServerLabels" . | nindent 6 }} {{- if .Values.podDisruptionBudget.minAvailable }} minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} {{- end }} diff --git a/charts/openbas/templates/server/secret.yaml b/charts/openbas/templates/server/secret.yaml index c6a4ef5..2cdba8c 100644 --- a/charts/openbas/templates/server/secret.yaml +++ b/charts/openbas/templates/server/secret.yaml @@ -5,8 +5,7 @@ type: Opaque metadata: name: {{ include "openbas.fullname" . }}-credentials labels: - openbas.component: server - {{- include "openbas.labels" . | nindent 4 }} + {{- include "openbas.serverLabels" . | nindent 4 }} annotations: helm.sh/hook: "pre-install,pre-upgrade" data: diff --git a/charts/openbas/templates/server/service.yaml b/charts/openbas/templates/server/service.yaml index 2946aec..5ced022 100644 --- a/charts/openbas/templates/server/service.yaml +++ b/charts/openbas/templates/server/service.yaml @@ -3,8 +3,7 @@ kind: Service metadata: name: {{ include "openbas.fullname" . }}-server labels: - openbas.component: server - {{- include "openbas.labels" . | nindent 4 }} + {{- include "openbas.serverLabels" . | nindent 4 }} spec: type: {{ .Values.service.type }} ports: @@ -22,5 +21,4 @@ spec: protocol: TCP {{- end }} selector: - openbas.component: server - {{- include "openbas.selectorLabels" . | nindent 4 }} + {{- include "openbas.selectorServerLabels" . | nindent 4 }} diff --git a/charts/openbas/templates/server/serviceaccount.yaml b/charts/openbas/templates/server/serviceaccount.yaml index 3a2f725..fcbcd4a 100644 --- a/charts/openbas/templates/server/serviceaccount.yaml +++ b/charts/openbas/templates/server/serviceaccount.yaml @@ -4,8 +4,7 @@ kind: ServiceAccount metadata: name: {{ include "openbas.serviceAccountName" . }} labels: - openbas.component: server - {{- include "openbas.labels" . | nindent 4 }} + {{- include "openbas.serverLabels" . | nindent 4 }} {{- with .Values.serviceAccount.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/charts/openbas/values.yaml b/charts/openbas/values.yaml index c979c18..d7b15ec 100644 --- a/charts/openbas/values.yaml +++ b/charts/openbas/values.yaml @@ -321,6 +321,13 @@ tolerations: [] #
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity affinity: {} +# -- Control how Pods are spread across your cluster +#
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/#example-multiple-topologyspreadconstraints +topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: zone + # whenUnsatisfiable: DoNotSchedule + # -- Collector Global environment collectorGlobalEnv: {} # MY_VARIABLE: my_value @@ -328,62 +335,63 @@ collectorGlobalEnv: {} # -- Collectors #
Ref: https://github.com/OpenBAS-Platform/collectors collectors: [] -# - name: collector-name -# enabled: true -# replicas: 1 -# # -- Image registry -# image: {} -# repository: -# pullPolicy: -# tag: -# # -- Environment variables to configure application -# env: {} -# # Plain vars -# # foo: bar -# # my_env: my_value -# # -- Deployment annotations -# deploymentAnnotations: {} -# # -- Pod annotations -# podAnnotations: {} -# # -- Enable or disable ready-checker waiting server is ready -# readyChecker: -# enabled: true -# # -- Number of retries before giving up -# retries: 30 -# # -- Timeout for each check -# timeout: 5 -# # -- Lifecycle configuration -# lifecycle: {} -# # preStop: -# # exec: -# # command: ["sh", "-c", "sleep 10"] -# # -- Configure Pod termination grace period -# terminationGracePeriodSeconds: 30 -# # -- Secrets from variables -# envFromSecrets: {} -# # Cipher vars -# # my_env: -# # name: release-name-credentials -# # key: secret_key -# # -- The resources limits and requested -# resources: {} -# limits: -# memory: 256Mi -# cpu: "250m" -# requests: -# memory: 56Mi -# cpu: "50m" -# # -- Node labels for pod assignment -# nodeSelector: {} -# project: "openbas" -# # -- Tolerations for pod assignment -# tolerations: [] -# - key: "project" -# operator: "Equal" -# value: "openbas" -# effect: "NoSchedule" -# # -- Affinity for pod assignment -# affinity: {} + # - name: collector-name + # enabled: true + # replicas: 1 + # # -- Image registry + # image: {} + # # repository: + # # pullPolicy: + # # tag: + # # -- Environment variables to configure application + # env: {} + # # foo: bar + # # my_env: my_value + # # -- Deployment annotations + # deploymentAnnotations: {} + # # -- Pod annotations + # podAnnotations: {} + # # -- Enable or disable ready-checker waiting server is ready + # readyChecker: + # enabled: true + # retries: 30 + # timeout: 5 + # # -- Lifecycle configuration + # lifecycle: {} + # # preStop: + # # exec: + # # command: ["sh", "-c", "sleep 10"] + # # -- Configure Pod termination grace period + # terminationGracePeriodSeconds: 30 + # # -- Secrets from variables + # envFromSecrets: {} + # # my_env: + # # name: release-name-credentials + # # key: secret_key + # # -- The resources limits and requested + # resources: {} + # # limits: + # # memory: 256Mi + # # cpu: "250m" + # # requests: + # # memory: 56Mi + # # cpu: "50m" + # # -- Node labels for pod assignment + # nodeSelector: {} + # # project: "openbas" + # # -- Tolerations for pod assignment + # tolerations: [] + # # - key: "project" + # # operator: "Equal" + # # value: "openbas" + # # effect: "NoSchedule" + # # -- Affinity for pod assignment + # affinity: {} + # # -- Control how Pods are spread across your cluster + # topologySpreadConstraints: [] + # # - maxSkew: 1 + # # topologyKey: zone + # # whenUnsatisfiable: DoNotSchedule # -- Injector Global environment injectorGlobalEnv: {} @@ -392,62 +400,63 @@ injectorGlobalEnv: {} # -- Injectors #
Ref: https://github.com/OpenBAS-Platform/injectors injectors: [] -# - name: collector-name -# enabled: true -# replicas: 1 -# # -- Image registry -# image: {} -# repository: -# pullPolicy: -# tag: -# # -- Environment variables to configure application -# env: {} -# # Plain vars -# # foo: bar -# # my_env: my_value -# # -- Deployment annotations -# deploymentAnnotations: {} -# # -- Pod annotations -# podAnnotations: {} -# # -- Enable or disable ready-checker waiting server is ready -# readyChecker: -# enabled: true -# # -- Number of retries before giving up -# retries: 30 -# # -- Timeout for each check -# timeout: 5 -# # -- Lifecycle configuration -# lifecycle: {} -# # preStop: -# # exec: -# # command: ["sh", "-c", "sleep 10"] -# # -- Configure Pod termination grace period -# terminationGracePeriodSeconds: 30 -# # -- Secrets from variables -# envFromSecrets: {} -# # Cipher vars -# # my_env: -# # name: release-name-credentials -# # key: secret_key -# # -- The resources limits and requested -# resources: {} -# limits: -# memory: 256Mi -# cpu: "250m" -# requests: -# memory: 56Mi -# cpu: "50m" -# # -- Node labels for pod assignment -# nodeSelector: {} -# project: "openbas" -# # -- Tolerations for pod assignment -# tolerations: [] -# - key: "project" -# operator: "Equal" -# value: "openbas" -# effect: "NoSchedule" -# # -- Affinity for pod assignment -# affinity: {} + # - name: injector-name + # enabled: true + # replicas: 1 + # # -- Image registry + # image: {} + # # repository: + # # pullPolicy: + # # tag: + # # -- Environment variables to configure application + # env: {} + # # foo: bar + # # my_env: my_value + # # -- Deployment annotations + # deploymentAnnotations: {} + # # -- Pod annotations + # podAnnotations: {} + # # -- Enable or disable ready-checker waiting server is ready + # readyChecker: + # enabled: true + # retries: 30 + # timeout: 5 + # # -- Lifecycle configuration + # lifecycle: {} + # # preStop: + # # exec: + # # command: ["sh", "-c", "sleep 10"] + # # -- Configure Pod termination grace period + # terminationGracePeriodSeconds: 30 + # # -- Secrets from variables + # envFromSecrets: {} + # # my_env: + # # name: release-name-credentials + # # key: secret_key + # # -- The resources limits and requested + # resources: {} + # # limits: + # # memory: 256Mi + # # cpu: "250m" + # # requests: + # # memory: 56Mi + # # cpu: "50m" + # # -- Node labels for pod assignment + # nodeSelector: {} + # # project: "openbas" + # # -- Tolerations for pod assignment + # tolerations: [] + # # - key: "project" + # # operator: "Equal" + # # value: "openbas" + # # effect: "NoSchedule" + # # -- Affinity for pod assignment + # affinity: {} + # # -- Control how Pods are spread across your cluster + # topologySpreadConstraints: [] + # # - maxSkew: 1 + # # topologyKey: zone + # # whenUnsatisfiable: DoNotSchedule # -- OpenBAS caldera-server deployment configuration caldera: @@ -662,16 +671,16 @@ caldera: # -- Additional volumes on the output Deployment definition volumes: [] - # - name: foo - # secret: - # secretName: mysecret - # optional: false + # - name: foo + # secret: + # secretName: mysecret + # optional: false # -- Additional volumeMounts on the output Deployment definition volumeMounts: [] - # - name: foo - # mountPath: "/etc/foo" - # readOnly: true + # - name: foo + # mountPath: "/etc/foo" + # readOnly: true # -- Node labels for pod assignment #
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector @@ -685,6 +694,13 @@ caldera: #
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity affinity: {} + # -- Control how Pods are spread across your cluster + #
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/#example-multiple-topologyspreadconstraints + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: zone + # whenUnsatisfiable: DoNotSchedule + # -- MinIO subchart deployment #
Ref: https://github.com/bitnami/charts/blob/main/bitnami/minio/values.yaml minio: