diff --git a/README.md b/README.md index f02a7bb..227ba6d 100644 --- a/README.md +++ b/README.md @@ -92,38 +92,37 @@ nginx.ingress.kubernetes.io/proxy-body-size: nginx.ingress.kubernetes.io/proxy-request-buffering: "off" ``` -| Parameter | Description | Value | -|-------------|-------------|-------| -| `global.imagePullSecrets` | List of image pull secrets | `- name: registry` | -| `global.secret.dockerconfigjson` | Docker authentication configuration | `""` | -| `gateway.ingress.enabled` | Enable/Disable the Ingress resource | `false` | -| `gateway.ingress.annotations` | Additional annotations for Ingress | `{}` | -| `gateway.ingress.hosts` | Hostnames and paths for Ingress | `[]` | -| `gateway.ingress.tls` | TLS configuration for Ingress | `[]` | -| `gateway.authentication.authority` | Authority for authentication | `""` | -| `gateway.nameOverride` | Overrides the application name | `""` | -| `gateway.fullnameOverride` | Overrides the full name | `""` | -| `gateway.networkPolicy.enabled` | Enable/Disable the default Network Policy | `false` | -| `gateway.service.type` | Type of Kubernetes service | `""` | -| `gateway.service.http.port` | HTTP port for the service | `8080` | -| `gateway.service.ws.port` | WebSocket port for the service | `9090` | -| `gateway.podDisruptionBudget.minAvailable` | Minimum available pods in case of disruption | `1` | -| `gateway.replicaCount` | Number of replicas | `1` | -| `gateway.revisionHistoryLimit` | Number of revisions in history | `1` | -| `gateway.resources.limits.memory` | Maximum memory usage | `512Mi` | -| `gateway.resources.requests.cpu` | Requested CPU performance | `0.5` | -| `gateway.resources.requests.memory` | Requested memory usage | `256Mi` | -| `gateway.containerSecurityContext.enabled` | Enable/Disable container security context | `false` | -| `gateway.cloudhashlookup.enabled` | Enable/Disable cloud hash lookup | `false` | -| `gateway.uploadUrl` | URL for the upload service | `"http://localhost:8080/upload"` | -| `gateway.podAnnotations` | Annotations for pods | `{}` | -| `gateway.nodeSelector` | Node labels for pod assignment | `{}` | -| `gateway.affinity` | Affinity settings for pods | `{}` | -| `gateway.terminationGracePeriodSeconds` | Max time in seconds for scans to complete | `30` | -| `gdscan.nodeSelector` | gdscan node labels for pod assignment | `{}` | -| `gdscan.replicaCount` | Number of replicas for the gdscan deployment | `1`` | -| `gdscan.terminationGracePeriodSeconds` | Max time in seconds for scans to complete. Set to same value as ```gateway.terminationGracePeriodSeconds``` | `30` | -| `mini-identity-provider.nodeSelector` | mini-identity-provider Node labels for pod assignment | `{}` | +| Parameter | Description | Value | +| ------------------------------------------ | ----------------------------------------------------------------------------------------------------------- | -------------------------------- | +| `global.imagePullSecrets` | List of image pull secrets | `- name: registry` | +| `global.secret.dockerconfigjson` | Docker authentication configuration | `""` | +| `gateway.ingress.enabled` | Enable/Disable the Ingress resource | `false` | +| `gateway.ingress.annotations` | Additional annotations for Ingress | `{}` | +| `gateway.ingress.hosts` | Hostnames and paths for Ingress | `[]` | +| `gateway.ingress.tls` | TLS configuration for Ingress | `[]` | +| `gateway.authentication.authority` | Authority for authentication | `""` | +| `gateway.nameOverride` | Overrides the application name | `""` | +| `gateway.fullnameOverride` | Overrides the full name | `""` | +| `gateway.networkPolicy.enabled` | Enable/Disable the default Network Policy | `false` | +| `gateway.service.type` | Type of Kubernetes service | `""` | +| `gateway.service.http.port` | HTTP port for the service | `8080` | +| `gateway.service.ws.port` | WebSocket port for the service | `9090` | +| `gateway.podDisruptionBudget.minAvailable` | Minimum available pods in case of disruption | `1` | +| `gateway.replicaCount` | Number of replicas | `1` | +| `gateway.revisionHistoryLimit` | Number of revisions in history | `1` | +| `gateway.resources.limits.memory` | Maximum memory usage | `512Mi` | +| `gateway.resources.requests.cpu` | Requested CPU performance | `0.5` | +| `gateway.resources.requests.memory` | Requested memory usage | `256Mi` | +| `gateway.containerSecurityContext.enabled` | Enable/Disable container security context | `false` | +| `gateway.uploadUrl` | URL for the upload service | `"http://localhost:8080/upload"` | +| `gateway.podAnnotations` | Annotations for pods | `{}` | +| `gateway.nodeSelector` | Node labels for pod assignment | `{}` | +| `gateway.affinity` | Affinity settings for pods | `{}` | +| `gateway.terminationGracePeriodSeconds` | Max time in seconds for scans to complete | `30` | +| `gdscan.nodeSelector` | gdscan node labels for pod assignment | `{}` | +| `gdscan.replicaCount` | Number of replicas for the gdscan deployment | `1`` | +| `gdscan.terminationGracePeriodSeconds` | Max time in seconds for scans to complete. Set to same value as ```gateway.terminationGracePeriodSeconds``` | `30` | +| `mini-identity-provider.nodeSelector` | mini-identity-provider Node labels for pod assignment | `{}` | ### Production environment diff --git a/charts/vaas/Chart.yaml b/charts/vaas/Chart.yaml index 58dd2d4..7b2296e 100644 --- a/charts/vaas/Chart.yaml +++ b/charts/vaas/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: vaas -version: 1.2.5 +version: 1.3.0 description: Deployment of a Verdict-as-a-Service on-premise instance maintainers: - name: G DATA CyberDefense AG diff --git a/charts/vaas/templates/gateway/networkpolicy.yaml b/charts/vaas/templates/gateway/networkpolicy.yaml index 01766a6..b09d970 100644 --- a/charts/vaas/templates/gateway/networkpolicy.yaml +++ b/charts/vaas/templates/gateway/networkpolicy.yaml @@ -24,5 +24,4 @@ spec: - port: 80 # VerdictRequestForUrl - port: 6379 # Redis - port: 8080 # GdScan - - port: 9090 # Cloud Gateway {{- end }} \ No newline at end of file diff --git a/charts/vaas/templates/gateway/statefulset.yaml b/charts/vaas/templates/gateway/statefulset.yaml index b86dd8c..96e4d3e 100644 --- a/charts/vaas/templates/gateway/statefulset.yaml +++ b/charts/vaas/templates/gateway/statefulset.yaml @@ -52,18 +52,6 @@ spec: value: "http://gdscan:8080/scan/body" - name: RedisConfiguration__Configuration value: "redis-master" - {{- if .Values.gateway.cloudhashlookup.enabled }} - - name: VerdictAsAService__Url - value: {{ .Values.gateway.options.url | quote }} - - name: VerdictAsAService__TokenUrl - value: {{ .Values.gateway.options.tokenurl | quote }} - - name: VerdictAsAService__Credentials__GrantType - value: {{ .Values.gateway.options.credentials.granttype | quote }} - - name: VerdictAsAService__Credentials__ClientId - value: {{ .Values.gateway.options.credentials.clientid | quote }} - - name: VerdictAsAService__Credentials__ClientSecret - {{ toYaml .Values.gateway.options.credentials.clientsecret }} - {{- end }} - name: DOTNET_ENVIRONMENT value: {{ .Release.Name }} - name: ASPNETCORE_ENVIRONMENT diff --git a/charts/vaas/values.yaml b/charts/vaas/values.yaml index 6d2ac93..180c9db 100644 --- a/charts/vaas/values.yaml +++ b/charts/vaas/values.yaml @@ -115,9 +115,6 @@ gateway: pullPolicy: Always tag: 1.1.0 - cloudhashlookup: - enabled: false - uploadUrl: "http://vaas/upload" options: