diff --git a/charts/openbas/README.md b/charts/openbas/README.md index 7dda574..b6a73db 100644 --- a/charts/openbas/README.md +++ b/charts/openbas/README.md @@ -58,7 +58,7 @@ _See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command doc ## OpenBAS * [Environment configuration](https://docs.openbas.io/latest/deployment/configuration/#platform) -* [Connectors](https://github.com/OpenBAS-Platform/collectors/tree/main). Review `docker-compose.yaml` with the properly config +* [Collectors](https://github.com/OpenBAS-Platform/collectors/tree/main). Review `docker-compose.yaml` with the properly config * Check collectors samples on `collector-examples` folder ## Basic installation and examples @@ -95,7 +95,7 @@ helm show values openbas/openbas | caldera.service.targetPort | int | `8888` | Pod expose port | | caldera.service.type | string | `"ClusterIP"` | Kubernetes Service type. Allowed values: NodePort, LoadBalancer or ClusterIP | | caldera.tolerations | list | `[]` | Tolerations for pod assignment | -| collectorGlobalEnv | string | `nil` | Connector Global environment | +| collectorGlobalEnv | string | `nil` | Collector Global environment | | collectors | list | `[]` | Collectors Ref: https://github.com/OpenBAS-Platform/collectors | | env | object | `{"INJECTOR_CALDERA_API_KEY":"ChangeMe","INJECTOR_CALDERA_PUBLIC_URL":"http://release-name-caldera:8888","INJECTOR_CALDERA_URL":"http://release-name-caldera:8888","MINIO_ENDPOINT":"release-name-minio:9000","OPENBAS_ADMIN_EMAIL":"admin@openbas.io","OPENBAS_ADMIN_PASSWORD":"ChangeMe","OPENBAS_ADMIN_TOKEN":"ChangeMe","OPENBAS_AUTH-LOCAL-ENABLE":true,"OPENBAS_BASE-URL":"http://localhost:8080","OPENBAS_RABBITMQ_HOSTNAME":"release-name-rabbitmq","OPENBAS_RABBITMQ_MANAGEMENT-PORT":15672,"OPENBAS_RABBITMQ_PASS":"ChangeMe","OPENBAS_RABBITMQ_PORT":5672,"OPENBAS_RABBITMQ_USER":"user","SERVER_ADDRESS":"0.0.0.0","SERVER_PORT":8080,"SPRING_DATASOURCE_PASSWORD":"ChangeMe","SPRING_DATASOURCE_URL":"jdbc:postgresql://release-name-postgresql:5432/openbas","SPRING_DATASOURCE_USERNAME":"user"}` | Environment variables to configure application Ref: https://docs.openbas.io/latest/deployment/configuration/#platform | | envFromSecrets | object | `{}` | Secrets from variables | @@ -104,6 +104,8 @@ helm show values openbas/openbas | image | object | `{"pullPolicy":"IfNotPresent","repository":"openbas/platform","tag":""}` | Image registry | | imagePullSecrets | list | `[]` | Global Docker registry secret names as an array | | ingress | object | `{"annotations":{},"className":"","enabled":false,"hosts":[{"host":"chart-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]}` | Ingress configuration to expose app | +| injectorGlobalEnv | string | `nil` | Injector Global environment | +| injectors | list | `[]` | Injectors Ref: https://github.com/OpenBAS-Platform/injectors | | livenessProbe | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":180,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":5}` | Configure liveness checker Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes | | livenessProbeCustom | object | `{}` | Custom livenessProbe | | minio | object | `{"auth":{"rootPassword":"ChangeMe","rootUser":"ChangeMe"},"enabled":true,"mode":"standalone","persistence":{"enabled":false}}` | MinIO subchart deployment Ref: https://github.com/bitnami/charts/blob/main/bitnami/minio/values.yaml | diff --git a/charts/openbas/README.md.gotmpl b/charts/openbas/README.md.gotmpl index e92f403..49c7b60 100644 --- a/charts/openbas/README.md.gotmpl +++ b/charts/openbas/README.md.gotmpl @@ -48,7 +48,7 @@ _See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command doc ## OpenBAS * [Environment configuration](https://docs.openbas.io/latest/deployment/configuration/#platform) -* [Connectors](https://github.com/OpenBAS-Platform/collectors/tree/main). Review `docker-compose.yaml` with the properly config +* [Collectors](https://github.com/OpenBAS-Platform/collectors/tree/main). Review `docker-compose.yaml` with the properly config * Check collectors samples on `collector-examples` folder ## Basic installation and examples diff --git a/charts/openbas/docs/examples.md b/charts/openbas/docs/examples.md index 2b199ee..cbf0a65 100644 --- a/charts/openbas/docs/examples.md +++ b/charts/openbas/docs/examples.md @@ -98,7 +98,7 @@ Output: - 'RETRY=0; until [ $RETRY -eq 30 ]; do nc -zv openbas-ci-rabbitmq 5672 && break; echo "[$RETRY/30] waiting service openbas-ci-rabbitmq:5672 is ready"; sleep 5; RETRY=$(($RETRY + 1)); done' ``` -## Connector: sample complete +## Collector: sample complete ```yaml collectors: @@ -160,3 +160,63 @@ Or you can use affinity to run the collector in different node if you increase r - microsoft-entra topologyKey: kubernetes.io/hostname ``` + +## Injector: sample complete + +```yaml +injectors: +# https://github.com/OpenBAS-Platform/injectors/tree/main/http-query +- name: http-query + enabled: true + replicas: 1 + image: + repository: openbas/injector-http-query + env: + OPENBAS_URL: "XXXX" + OPENBAS_TOKEN: "XXXX" + INJECTOR_ID: ChangeMe + INJECTOR_NAME: "HTTP query" + INJECTOR_LOG_LEVEL: error + envFromSecrets: + MICROSOFT_ENTRA_CLIENT_SECRET: + name: my-secret-credentials + key: MICROSOFT_ENTRA_CLIENT_SECRET + resources: + requests: + memory: 128Mi + cpu: 100m + limits: + memory: 128Mi +``` + +You can config which node to run the injector using nodeSelector and tolerations. + +```yaml +injector: +- name: http-query + ... + nodeSelector: + project: "openbas" + tolerations: + - key: "project" + operator: "Equal" + value: "openbas" + effect: "NoSchedule" +``` + +Or you can use affinity to run the injector in different node if you increase replicas. + +```yaml +- name: http-query + ... + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: openbas.injector + operator: In + values: + - http-query + topologyKey: kubernetes.io/hostname +``` diff --git a/charts/openbas/injector-examples/injector-http-query.yaml b/charts/openbas/injector-examples/injector-http-query.yaml new file mode 100644 index 0000000..85507cc --- /dev/null +++ b/charts/openbas/injector-examples/injector-http-query.yaml @@ -0,0 +1,12 @@ +# http-query +# ref: https://github.com/OpenBAS-Platform/injectors/blob/main/http-query +- name: http-query + enabled: true + replicas: 1 + image: {} + env: + OPENBAS_URL: http://localhost + OPENBAS_TOKEN: ChangeMe + INJECTOR_ID: ChangeMe + INJECTOR_NAME: "HTTP query" + INJECTOR_LOG_LEVEL: error diff --git a/charts/openbas/templates/injector/deployment.yaml b/charts/openbas/templates/injector/deployment.yaml new file mode 100644 index 0000000..8bb7b1d --- /dev/null +++ b/charts/openbas/templates/injector/deployment.yaml @@ -0,0 +1,110 @@ +{{- range .Values.injectors }} +{{- $injectorName := .name }} + +{{- if .enabled }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ $injectorName }}-injector-{{ include "openbas.fullname" $ }} + labels: + openbas.injector: {{ $injectorName }} + {{- include "openbas.labels" $ | nindent 4 }} +spec: + {{- if not .autoscaling }} + replicas: {{ .replicas }} + {{- end }} + selector: + matchLabels: + openbas.injector: {{ $injectorName }} + {{- include "openbas.selectorLabels" $ | nindent 6 }} + template: + metadata: + {{- with .podAnnotations }} + annotations: + {{- toYaml $ | nindent 8 }} + {{- end }} + labels: + openbas.injector: {{ $injectorName }} + {{- include "openbas.selectorLabels" $ | nindent 8 }} + spec: + {{- if .imagePullSecrets }} + {{- with .imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- else if $.Values.global.imagePullSecrets }} + {{- with $.Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} + securityContext: + {{- toYaml .podSecurityContext | nindent 8 }} + containers: + - name: {{ $injectorName }}-injector + securityContext: + {{- toYaml .securityContext | nindent 12 }} + {{- if .image.repository }} + image: "{{ .image.repository }}:{{ .image.tag | default $.Chart.AppVersion }}" + {{- else if $.Values.global.imageRegistry }} + image: "{{ printf "%s/openbas/injector-%s" $.Values.global.imageRegistry .name }}:{{ .image.tag | default $.Chart.AppVersion }}" + {{- else }} + image: "{{ printf "openbas/injector-%s" .name }}:{{ .image.tag | default $.Chart.AppVersion }}" + {{- end }} + imagePullPolicy: {{ .image.pullPolicy | default "IfNotPresent" }} + env: + # Variables from secrets have precedence + {{- $envList := dict -}} + + {{- if .envFromSecrets }} + {{- range $key, $value := .envFromSecrets }} + - name: {{ $key | upper }} + valueFrom: + secretKeyRef: + name: {{ $value.name }} + key: {{ $value.key | default $key }} + {{- $_ := set $envList $key true }} + {{- end }} + {{- end }} + + # Special handling for OPENBAS_URL which is constructed from other values + {{- if not (hasKey .env "OPENBAS_URL") }} + - name: OPENBAS_URL + value: "http://{{ include "openbas.fullname" $ }}-server:{{ $.Values.service.port }}" + {{- end }} + + # Special handling for OPENBAS_TOKEN which is constructed from other values + {{- if and (not (hasKey .env "OPENBAS_TOKEN")) ($.Values.env.OPENBAS_ADMIN_TOKEN) }} + - name: OPENBAS_TOKEN + value: "{{ $.Values.env.OPENBAS_ADMIN_TOKEN }}" + {{- end }} + + # Add Variables in plain text if they were not already added from secrets + {{- if .env }} + {{- range $key, $value := .env }} + {{- if not (hasKey $envList $key) }} + - name: {{ $key | upper }} + value: {{ $value | quote }} + {{- $_ := set $envList $key true }} + {{- end }} + {{- end }} + {{- end }} + + resources: + {{- toYaml .resources | nindent 12 }} + {{- with .nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + +{{- end }} +{{- end }} diff --git a/charts/openbas/values.yaml b/charts/openbas/values.yaml index 676ba84..03dda9b 100644 --- a/charts/openbas/values.yaml +++ b/charts/openbas/values.yaml @@ -225,7 +225,7 @@ tolerations: [] # -- Affinity for pod assignment affinity: {} -# -- Connector Global environment +# -- Collector Global environment collectorGlobalEnv: # Plain vars # foo: bar @@ -275,6 +275,56 @@ collectors: [] # # -- Affinity for pod assignment # affinity: {} +# -- Injector Global environment +injectorGlobalEnv: + # Plain vars + # foo: bar + # my_env: my_value + +# -- Injectors +# Ref: https://github.com/OpenBAS-Platform/injectors +injectors: [] +# - name: connector-name +# enabled: true +# replicas: 1 +# # -- Image registry +# image: {} +# repository: +# pullPolicy: +# tag: +# # -- Environment variables to configure application +# env: {} +# # Plain vars +# # foo: bar +# # my_env: my_value +# # -- Pod annotations +# podAnnotations: {} +# # -- Secrets from variables +# envFromSecrets: {} +# # Cipher vars +# # my_env: +# # name: release-name-credentials +# # key: secret_key +# # -- The resources limits and requested +# resources: {} +# limits: +# memory: 256Mi +# cpu: "250m" +# requests: +# memory: 56Mi +# cpu: "50m" +# # -- Node labels for pod assignment +# nodeSelector: {} +# project: "openbas" +# # -- Tolerations for pod assignment +# tolerations: [] +# - key: "project" +# operator: "Equal" +# value: "openbas" +# effect: "NoSchedule" +# # -- Affinity for pod assignment +# affinity: {} + # -- OpenBAS caldera-server deployment configuration caldera: enabled: true