Skip to content

Commit

Permalink
Merge branch 'main' of github.com:GDATASoftwareAG/gdscan into add-opt…
Browse files Browse the repository at this point in the history 
…ional-np
  • Loading branch information
@ata-no-one
ata-no-one committed Feb 28, 2024
2 parents 911091a + fb2c60f commit 65cd811
Show file tree
Hide file tree
Showing 7 changed files with 70 additions and 33 deletions.
5 changes: 4 additions & 1 deletion .gitignore
View file
Original file line number Diff line number Diff line change
@@ -1 +1,4 @@
*-local.yaml
*-local.yaml
*-locale.yml
*-locale.yaml
*-local.yml
19 changes: 10 additions & 9 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,12 +62,13 @@ helm upgrade gdscan gdscan/gdscan -f values.yaml

# Options

| Name | Description | Value |
| ---------------------------------- | --------------------------------------------------------------------------------------------------------------------- | ------------------------ |
| `service.type` | service type | `ClusterIP` |
| `service.ports.api` | API service port | `8080` |
| `service.annotations` | service annotations | `{}` |
| `replicaCount` | number of pods | `1` |
| `autoscaling.enabled` | enable auto scaling | `false` |
| `autoscaling.maxReplicas` | maximum number of replicas | `20` |
| `autoscaling.metrics` | custom metrics for auto scaling | |
| Name | Description | Value |
| ------------------------------- | --------------------------------------------------------------------------------------------------------------------- | ------------------------ |
| `service.type` | service type | `ClusterIP` |
| `service.ports.api` | API service port | `8080` |
| `service.annotations` | service annotations | `{}` |
| `replicaCount` | number of pods | `1` |
| `autoscaling.enabled` | enable auto scaling | `false` |
| `autoscaling.maxReplicas` | maximum number of replicas | `20` |
| `autoscaling.metrics` | custom metrics for auto scaling | |
| `terminationGracePeriodSeconds` | max time in seconds for scans to complete | `30` |
2 changes: 1 addition & 1 deletion charts/gdscan/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,4 +5,4 @@ maintainers:
- name: G DATA CyberDefense AG
email: [email protected]
type: application
version: 1.6.0
version: 1.7.0
9 changes: 9 additions & 0 deletions charts/gdscan/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,3 +109,12 @@ app.kubernetes.io/namespace: {{ .Release.Namespace }}
{{- end -}}

{{- end -}}

{{- define "common.secondsToHHMMSS" -}}
{{- $totalSeconds := . -}}
{{- $hours := div $totalSeconds 3600 | printf "%02d" -}}
{{- $totalSeconds = mod $totalSeconds 3600 -}}
{{- $minutes := div $totalSeconds 60 | printf "%02d" -}}
{{- $seconds := mod $totalSeconds 60 | printf "%02d" -}}
{{- printf "%s:%s:%s" $hours $minutes $seconds -}}
{{- end -}}
18 changes: 11 additions & 7 deletions charts/gdscan/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,10 +39,8 @@ spec:
emptyDir: {}
- name: scan-socket
emptyDir: {}
{{- if .Values.client.containerSecurityContext.enabled }}
- name: client-tmp
emptyDir: {}
{{- end }}
- name: server-var-log
emptyDir: {}
{{- include "gdscan.imagePullSecrets" . | nindent 6 }}
Expand All @@ -53,6 +51,9 @@ spec:
value: "{{ now | unixEpoch }}"
image: '{{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}'
imagePullPolicy: {{ .Values.server.image.pullPolicy }}
{{- if .Values.server.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.server.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
volumeMounts:
- name: server-tmp
mountPath: /tmp
Expand All @@ -75,10 +76,8 @@ spec:
mountPath: /tmp/scan
- name: scan-socket
mountPath: /var/share/run
{{- if .Values.client.containerSecurityContext.enabled }}
- name: client-tmp
mountPath: /tmp
{{- end }}
resources:
{{- toYaml .Values.resources.client | nindent 12 }}
ports:
Expand All @@ -96,8 +95,11 @@ spec:
path: /health
port: api
initialDelaySeconds: 15
periodSeconds: 5
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
periodSeconds: 5
env:
- name: HostOptions__ShutdownTimeout
value: {{ include "common.secondsToHHMMSS" .Values.terminationGracePeriodSeconds | quote }}
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
Expand All @@ -110,4 +112,6 @@ spec:
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
securityContext:
fsGroup: 1654
{{- end }}
15 changes: 6 additions & 9 deletions charts/gdscan/templates/stateful-set.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,14 +37,10 @@ spec:
emptyDir: {}
- name: scan-socket
emptyDir: {}
{{- if .Values.client.containerSecurityContext.enabled }}
- name: client-tmp
emptyDir: {}
{{- end }}
{{- if .Values.server.containerSecurityContext.enabled }}
- name: server-var-log
emptyDir: {}
{{- end }}
containers:
- name: {{ .Values.server.name }}
env:
Expand All @@ -62,10 +58,8 @@ spec:
mountPath: /tmp/scan
- name: scan-socket
mountPath: /var/share/run
{{- if .Values.server.containerSecurityContext.enabled }}
- name: server-var-log
mountPath: /var/log
{{- end }}
resources:
{{- toYaml .Values.resources.server | nindent 12 }}
- name: {{ .Values.client.name }}
Expand All @@ -79,10 +73,8 @@ spec:
mountPath: /tmp/scan
- name: scan-socket
mountPath: /var/share/run
{{- if .Values.client.containerSecurityContext.enabled }}
- name: client-tmp
mountPath: /tmp
{{- end }}
resources:
{{- toYaml .Values.resources.client | nindent 12 }}
ports:
Expand All @@ -101,7 +93,10 @@ spec:
port: api
initialDelaySeconds: 15
periodSeconds: 5
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
env:
- name: HostOptions__ShutdownTimeout
value: {{ include "common.secondsToHHMMSS" .Values.terminationGracePeriodSeconds | quote }}
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
Expand All @@ -114,4 +109,6 @@ spec:
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
securityContext:
fsGroup: 1654
{{- end }}
35 changes: 29 additions & 6 deletions charts/gdscan/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,17 +5,33 @@ server:
image:
repository: ghcr.io/gdatasoftwareag/vaas/scanserver
pullPolicy: Always
tag: 1.9.6
tag: 1
containerSecurityContext:
enabled: false
enabled: true
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
runAsNonRoot: true
capabilities:
drop: ["ALL"]
seccompProfile:
type: RuntimeDefault
runAsGroup: 1001
runAsUser: 1001
client:
name: client
image:
repository: ghcr.io/gdatasoftwareag/vaas/scanclient
pullPolicy: Always
tag: 1.9.6
tag: 1
containerSecurityContext:
enabled: false
enabled: true
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
runAsNonRoot: true
capabilities:
drop: ["ALL"]
seccompProfile:
type: RuntimeDefault
terminationGracePeriodSeconds: 30

imagePullSecrets:
Expand Down Expand Up @@ -91,9 +107,16 @@ autoUpdate:
image:
registry: docker.io
repository: bitnami/kubectl
tag: latest
tag: 1.29
containerSecurityContext:
enabled: false
enabled: true
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
runAsNonRoot: true
capabilities:
drop: ["ALL"]
seccompProfile:
type: RuntimeDefault
enabled: true
# every hour
schedule: "0 * * * *"
Expand Down

0 comments on commit 65cd811

Please sign in to comment.