DependencyTrack · JuryA · Apr 12, 2024 · Apr 12, 2024 · Apr 12, 2024 · Apr 12, 2024
@@ -1,3 +1,46 @@
-# IntelliJ
+# File created using '.gitignore Generator' for Visual Studio Code: https://bit.ly/vscode-gig
+# Created by https://www.toptal.com/developers/gitignore/api/windows,visualstudiocode,linux,helm,jetbrains
+# Edit at https://www.toptal.com/developers/gitignore?templates=windows,visualstudiocode,linux,helm,jetbrains
+
+### Helm ###
+# Chart dependencies
+**/charts/*.tgz
+
+### IntelliJ ###
 .idea/*
-!.idea/icon.svg
+!.idea/icon.svg
+
+### Linux ###
+*~
+
+# Linux trash folder which might appear on any partition or disk
+.Trash-*
+
+### VisualStudioCode ###
+.vscode/*
+!.vscode/settings.json
+!.vscode/tasks.json
+!.vscode/launch.json
+!.vscode/extensions.json
+!.vscode/*.code-snippets
+
+# Local History for Visual Studio Code
+.history/
+
+### VisualStudioCode Patch ###
+# Ignore all local history of files
+.history
+.ionide
+
+### Windows ###
+# Windows thumbnail cache files
+Thumbs.db
+Thumbs.db:encryptable
+ehthumbs.db
+ehthumbs_vista.db
+
+# Dump file
+*.stackdump
+
+# Folder config file
+[Dd]esktop.ini
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
@@ -0,0 +1,6 @@
+dependencies:
+- name: common
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 2.19.1
+digest: sha256:f3d03c6da540e7e18162d5336c8c35627f8295f25fe68bfdc4fef57ba6046c1c
+generated: "2024-04-12T17:57:55.376976539+02:00"
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: dependency-track
-version: 0.1.2
+version: 0.2.0
 type: application
 appVersion: 4.10.1
 description: |-
@@ -14,3 +14,7 @@ maintainers:
 - name: nscuro
   email: [email protected]
   url: https://github.com/nscuro
+dependencies:
+- name: common
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: ^2.19.1
@@ -1,6 +1,6 @@
 # dependency-track
 
-![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.10.1](https://img.shields.io/badge/AppVersion-4.10.1-informational?style=flat-square)
+![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.10.1](https://img.shields.io/badge/AppVersion-4.10.1-informational?style=flat-square)
 
 Dependency-Track is an intelligent Component Analysis platform
 that allows organizations to identify and reduce risk in the software supply chain.
@@ -17,6 +17,12 @@ that allows organizations to identify and reduce risk in the software supply cha
 
 * <https://github.com/DependencyTrack/helm-charts/tree/main/charts/dependency-track>
 
+## Requirements
+
+| Repository | Name | Version |
+|------------|------|---------|
+| oci://registry-1.docker.io/bitnamicharts | common | ^2.19.1 |
+
 ## Values
 
 | Key | Type | Default | Description |
@@ -92,7 +98,30 @@ that allows organizations to identify and reduce risk in the software supply cha
 | frontend.service.nodePort | string | `nil` |  |
 | frontend.service.type | string | `"ClusterIP"` |  |
 | frontend.tolerations | list | `[]` |  |
-| ingress.annotations | object | `{}` |  |
-| ingress.enabled | bool | `false` |  |
-| ingress.hostname | string | `"example.com"` |  |
+| ingress.annotations | object | `{}` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. For a full list of possible ingress annotations. Use this parameter to set the required annotations for cert-manager, see ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations |
+| ingress.apiVersion | string | `""` | Force Ingress API version (automatically detected if not set) |
+| ingress.enabled | bool | `false` | Set to true to enable ingress record generation |
+| ingress.extraHosts | list | `[]` | The list of additional hostnames to be covered with this ingress record. Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array |
+| ingress.extraPaths | list | `[]` | Any additional arbitrary paths that may need to be added to the ingress under the main host. For example: The ALB ingress controller requires a special rule for handling SSL redirection. |
+| ingress.extraRules | list | `[]` | The list of additional rules to be added to this ingress record. Evaluated as a template. Useful when looking for additional customization, such as using different backend |
+| ingress.extraTls | list | `[]` | The tls configuration for additional hostnames to be covered with this ingress record. see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls |
+| ingress.hostname | string | `"dependency-track.local.gd"` | Default host for the ingress resource |
+| ingress.ingressClassName | string | `""` | Set the ingerssClassName on the ingress record for k8s 1.18+ This is supported in **Kubernetes 1.18+** and required if you have more than one `IngressClass` marked as the `default` for your cluster. ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ |
+| ingress.path | string | `"/"` | The URL Path to **dependency-track**. You may need to set this to `/*` in order to use this with ALB ingress controllers. |
+| ingress.pathType | string | `"ImplementationSpecific"` | Ingress path type |
+| ingress.secrets | list | `[]` | If you're providing your own certificates, please use this to add the certificates as secrets key and certificate should start with `-----BEGIN CERTIFICATE-----` or `-----BEGIN RSA PRIVATE KEY-----` and name should line up with a `tlsSecret` set further up. If you're using **cert-manager**, this is unneeded, as it will create the **secret** for you if it is not set. It is also possible to create and manage the certificates outside of this helm chart. |
+| ingress.selfSigned | bool | `false` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm |
+| ingress.tls | bool | `false` | Create TLS Secret TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` You can use the `ingress.secrets` parameter to create this TLS secret or relay on cert-manager to create it |
+| ingress.tlsWwwPrefix | bool | `false` | Adds **www** subdomain to default certificate Creates tls host with ingress.hostname: `{{ print "www.%s" .Values.ingress.hostname }}` Is enabled if "`nginx.ingress.kubernetes.io/from-to-www-redirect`" is "`true`" |
+| tls.autoGenerated | bool | `true` | Auto-generate self-signed certificates |
+| tls.ca | string | `""` | Content of the certificate CA to be added to the secret |
+| tls.cert | string | `""` | Content of the certificate to be added to the secret |
+| tls.certCAFilename | string | `"ca.crt"` | Path of the certificate CA file when mounted as a secret |
+| tls.certFilename | string | `"tls.crt"` | Path of the certificate file when mounted as a secret |
+| tls.certKeyFilename | string | `"tls.key"` | Path of the certificate key file when mounted as a secret |
+| tls.enabled | bool | `false` | Enable TLS transport |
+| tls.existingSecret | string | `""` | Name of a secret containing the certificates |
+| tls.key | string | `""` | Content of the certificate key to be added to the secret |
 
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1)
@@ -12,10 +12,10 @@ metadata:
 spec:
   type: {{ .Values.apiServer.service.type | quote }}
   ports:
-  - name: web
+  - name: http
     port: 8080
-    targetPort: web
+    targetPort: http
     {{- with .Values.apiServer.service.nodePort }}
     nodePort: {{ . }}
     {{- end }}
-  selector: {{- include "dependencytrack.apiServerSelectorLabels" . | nindent 4 }}
+  selector: {{- include "dependencytrack.apiServerSelectorLabels" . | nindent 4 }}
@@ -14,8 +14,8 @@ spec:
     matchLabels: {{- include "dependencytrack.apiServerSelectorLabels" . | nindent 6 }}
   jobLabel: {{ include "dependencytrack.apiServerFullname" . }}
   endpoints:
-  - port: web
+  - port: http
     path: /metrics
     interval: {{ .Values.apiServer.serviceMonitor.scrapeInternal }}
     timeout: {{ .Values.apiServer.serviceMonitor.scrapeTimeout }}
-{{- end }}
+{{- end }}
@@ -62,7 +62,7 @@ spec:
         envFrom: {{ toYaml . | nindent 8 }}
         {{- end }}
         ports:
-        - name: web
+        - name: http
           containerPort: 8080
           protocol: TCP
         volumeMounts:
@@ -79,7 +79,7 @@ spec:
         livenessProbe:
           httpGet:
             scheme: HTTP
-            port: web
+            port: http
             path: /health/live
           failureThreshold: {{ .Values.apiServer.probes.liveness.failureThreshold }}
           initialDelaySeconds: {{ .Values.apiServer.probes.liveness.initialDelaySeconds }}
@@ -89,7 +89,7 @@ spec:
         readinessProbe:
           httpGet:
             scheme: HTTP
-            port: web
+            port: http
             path: /health/ready
           failureThreshold: {{ .Values.apiServer.probes.readiness.failureThreshold }}
           initialDelaySeconds: {{ .Values.apiServer.probes.readiness.initialDelaySeconds }}
@@ -126,4 +126,4 @@ spec:
           storage: {{ .Values.apiServer.persistentVolume.size }}
       accessModes:
       - ReadWriteOnce
-  {{- end }}
+  {{- end }}
@@ -55,7 +55,7 @@ spec:
         envFrom: {{ toYaml . | nindent 8 }}
         {{- end }}
         ports:
-        - name: web
+        - name: http
           containerPort: 8080
           protocol: TCP
         volumeMounts:
@@ -64,7 +64,7 @@ spec:
         livenessProbe:
           httpGet:
             scheme: HTTP
-            port: web
+            port: http
             path: /
           failureThreshold: {{ .Values.frontend.probes.liveness.failureThreshold }}
           initialDelaySeconds: {{ .Values.frontend.probes.liveness.initialDelaySeconds }}
@@ -74,7 +74,7 @@ spec:
         readinessProbe:
           httpGet:
             scheme: HTTP
-            port: web
+            port: http
             path: /
           failureThreshold: {{ .Values.frontend.probes.readiness.failureThreshold }}
           initialDelaySeconds: {{ .Values.frontend.probes.readiness.initialDelaySeconds }}

@@ -12,10 +12,10 @@ metadata:
 spec:
   type: {{ .Values.frontend.service.type | quote }}
   ports:
-  - name: web
+  - name: http
     port: 8080
-    targetPort: web
+    targetPort: http
     {{- with .Values.frontend.service.nodePort }}
     nodePort: {{ . }}
     {{- end }}
-  selector: {{- include "dependencytrack.frontendSelectorLabels" . | nindent 4 }}
+  selector: {{- include "dependencytrack.frontendSelectorLabels" . | nindent 4 }}
@@ -1,29 +1,83 @@
-{{- if .Values.ingress.enabled -}}
-apiVersion: networking.k8s.io/v1
+{{- if .Values.ingress.enabled }}
+apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
 kind: Ingress
 metadata:
-  name: {{ include "dependencytrack.fullname" . }}
-  namespace: {{ .Release.Namespace }}
-  {{- with .Values.ingress.annotations }}
-  annotations: {{- toYaml . | nindent 4 }}
+  name: {{ include "common.names.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
 > [!WARNING] 
 > The charts in this repository are still being worked on, and are not yet ready for production use. 
 > [!WARNING] 
 > The charts in this repository are still being worked on, and are not yet ready for production use. 
+  {{- if or .Values.ingress.annotations .Values.commonAnnotations }}
+  {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.ingress.annotations .Values.commonAnnotations ) "context" . ) }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
   {{- end }}
 spec:
+  {{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }}
+  ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
+  {{- end }}
   rules:
-  - host: {{ .Values.ingress.hostname | quote }}
-    http:
-      paths:
-      - path: /api
-        pathType: Prefix
-        backend:
-          service:
-            name: {{ include "dependencytrack.apiServerFullname" . }}
-            port:
-              name: web
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: {{ include "dependencytrack.frontendFullname" . }}
-            port:
-              name: web
-{{- end }}
+    {{- if .Values.ingress.hostname }}
+    - host: {{ .Values.ingress.hostname | quote }}
+      http:
+        paths:
+          {{- if .Values.ingress.extraPaths }}
+          {{- toYaml .Values.ingress.extraPaths | nindent 10 }}
+          {{- end }}
+          - path: {{ default "/api" .apiPath }}
+            {{- if eq "true" (include "common.ingress.supportsPathType" $) }}
+            pathType: {{ default "ImplementationSpecific" .pathType }}
+            {{- end }}
+            backend: {{- include "common.ingress.backend" (dict "serviceName" (include "dependencytrack.apiServerFullname" $) "servicePort" "http" "context" $) | nindent 14 }}
+          - path: {{ default "/" .path }}
+            {{- if eq "true" (include "common.ingress.supportsPathType" $) }}
+            pathType: {{ default "ImplementationSpecific" .pathType }}
+            {{- end }}
+            backend: {{- include "common.ingress.backend" (dict "serviceName" (include "dependencytrack.frontendFullname" $) "servicePort" "http" "context" $) | nindent 14 }}
+    {{- else if .Values.ingress.path }}
+    - http:
+        paths:
+          {{- if .Values.ingress.extraPaths }}
+          {{- toYaml .Values.ingress.extraPaths | nindent 10 }}
+          {{- end }}
+          - path: {{ default "/api" .apiPath }}
+            {{- if eq "true" (include "common.ingress.supportsPathType" $) }}
+            pathType: {{ default "ImplementationSpecific" .pathType }}
+            {{- end }}
+            backend: {{- include "common.ingress.backend" (dict "serviceName" (include "dependencytrack.apiServerFullname" $) "servicePort" "http" "context" $) | nindent 14 }}
+          - path: {{ default "/" .path }}
+            {{- if eq "true" (include "common.ingress.supportsPathType" $) }}
+            pathType: {{ default "ImplementationSpecific" .pathType }}
+            {{- end }}
+            backend: {{- include "common.ingress.backend" (dict "serviceName" (include "dependencytrack.frontendFullname" $) "servicePort" "http" "context" $) | nindent 14 }}
+    {{- end }}
+    {{- range .Values.ingress.extraHosts }}
+    - host: {{ .name | quote }}
+      http:
+        paths:
+          - path: {{ default "/api" .apiPath }}
+            {{- if eq "true" (include "common.ingress.supportsPathType" $) }}
+            pathType: {{ default "ImplementationSpecific" .pathType }}
+            {{- end }}
+            backend: {{- include "common.ingress.backend" (dict "serviceName" (include "dependencytrack.apiServerFullname" $) "servicePort" "http" "context" $) | nindent 14 }}
+          - path: {{ default "/" .path }}
+            {{- if eq "true" (include "common.ingress.supportsPathType" $) }}
+            pathType: {{ default "ImplementationSpecific" .pathType }}
+            {{- end }}
+            backend: {{- include "common.ingress.backend" (dict "serviceName" (include "dependencytrack.frontendFullname" $) "servicePort" "http" "context" $) | nindent 14 }}
+    {{- end }}
+    {{- if .Values.ingress.extraRules }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraRules "context" $) | nindent 4 }}
+    {{- end }}
+  {{- if or (and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned (not (empty .Values.ingress.secrets)))) .Values.ingress.extraTls }}
+  tls:
+    {{- if and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned (not (empty .Values.ingress.secrets))) }}
+    - hosts:
+        - {{ .Values.ingress.hostname | quote }}
+        {{- if or (.Values.ingress.tlsWwwPrefix) (eq (index .Values.ingress.annotations "nginx.ingress.kubernetes.io/from-to-www-redirect") "true" ) }}
+        - {{ printf "www.%s" (tpl .Values.ingress.hostname $) | quote }}
+        {{- end }}
+      secretName: {{ printf "%s-tls" .Values.ingress.hostname }}
+    {{- end }}
+    {{- if .Values.ingress.extraTls }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraTls "context" $) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end }}
@@ -0,0 +1,30 @@
+{{- if and .Values.tls.enabled (not .Values.tls.existingSecret) }}
+{{- $ca := genCA "dependency-track-ca" 365 }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ printf "%s-tls" (include "common.names.fullname" .) }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+type: kubernetes.io/tls
+data:
+  {{- if .Values.tls.autoGenerated }}
+  {{- $cert := genSignedCert (include "common.names.fullname" .) nil (list (include "common.names.fullname" .) (printf "%s.%s" (include "common.names.fullname" .) (include "common.names.namespace" .)) (printf "%s.%s.svc" (include "common.names.fullname" .) (include "common.names.namespace" .)) (printf "%s.%s.svc.%s" (include "common.names.fullname" .) (include "common.names.namespace" .) .Values.clusterDomain)) 365 $ca }}
+  {{ .Values.tls.certFilename }}: {{ include "common.secrets.lookup" (dict "secret" (printf "%s-tls" (include "common.names.fullname" .)) "key" .Values.tls.certFilename "defaultValue" $cert.Cert "context" $) }}
+  {{ .Values.tls.certKeyFilename }}: {{ include "common.secrets.lookup" (dict "secret" (printf "%s-tls" (include "common.names.fullname" .)) "key" .Values.tls.certKeyFilename "defaultValue" $cert.Key "context" $) }}
+  {{ .Values.tls.certCAFilename }}: {{ include "common.secrets.lookup" (dict "secret" (printf "%s-tls" (include "common.names.fullname" .)) "key" .Values.tls.certCAFilename "defaultValue" $ca.Cert "context" $) }}
+  {{- else }}
+  {{- if .Values.tls.cert }}
+  {{ .Values.tls.certFilename }}: {{ .Values.tls.cert | b64enc }}
+  {{- end }}
+  {{- if .Values.tls.key }}
+  {{ .Values.tls.certKeyFilename }}: {{ .Values.tls.key | b64enc }}
+  {{- end }}
+  {{- if .Values.tls.ca }}
+  {{ .Values.tls.certCAFilename }}: {{ .Values.tls.ca | b64enc }}
+  {{- end }}
+  {{- end }}
+{{- end }}