public_git
/
ckotzbauer_helm-charts
mirror of https://github.com/ckotzbauer/helm-charts.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

feat: added sbom-operator 

Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de>
This commit is contained in:
Christian Kotzbauer 2022-01-20 11:31:01 +01:00
parent 924dfd84a8
commit 733e12b796
11 changed files with 301 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -19,3 +19,4 @@ helm repo add ckotzbauer https://ckotzbauer.github.io/helm-charts
- [nfs-client-provisioner](https://github.com/ckotzbauer/helm-charts/tree/main/charts/nfs-client-provisioner) - [nfs-client-provisioner](https://github.com/ckotzbauer/helm-charts/tree/main/charts/nfs-client-provisioner)
- [postgres-operator](https://github.com/ckotzbauer/helm-charts/tree/main/charts/postgres-operator) - [postgres-operator](https://github.com/ckotzbauer/helm-charts/tree/main/charts/postgres-operator)
- [prometheus-blackbox-exporter](https://github.com/ckotzbauer/helm-charts/tree/main/charts/prometheus-blackbox-exporter) - [prometheus-blackbox-exporter](https://github.com/ckotzbauer/helm-charts/tree/main/charts/prometheus-blackbox-exporter)
- [sbom-operator](https://github.com/ckotzbauer/helm-charts/tree/main/charts/sbom-operator)

21
charts/sbom-operator/.helmignore Normal file
View File

@ -0,0 +1,21 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

19
charts/sbom-operator/Chart.yaml Normal file
View File

@ -0,0 +1,19 @@
apiVersion: v2
description: Catalogue all images of a Kubernetes cluster to Git with Syft
name: sbom-operator
version: 0.1.0
appVersion: 0.1.0
home: https://github.com/ckotzbauer/sbom-operator
sources:
- https://github.com/ckotzbauer/sbom-operator
- https://github.com/ckotzbauer/helm-charts
keywords:
- kubernetes-operator
- operator
- sbom
- syft
- git
- supply-chain-security
maintainers:
- name: ckotzbauer
email: git@ckotzbauer.de

60
charts/sbom-operator/README.md Normal file
View File

@ -0,0 +1,60 @@
# sbom-operator
> Catalogue all images of a Kubernetes cluster to Git with Syft.
Learn more: [https://github.com/ckotzbauer/sbom-operator](https://github.com/ckotzbauer/sbom-operator)
## Installing the Chart
To install the chart with the release name `my-release`:
```bash
$ helm install my-release ckotzbauer/sbom-operator
```
The command deploys the sbom-operator operator on the Kubernetes cluster using the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
## Uninstalling the Chart
To uninstall/delete the `my-release` deployment:
```bash
$ helm delete my-release
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
## Configuration
The following table lists the configurable parameters of the sbom-operator chart and their default values.
| Parameter | Description | Default |
| -------------------------------------- | ------------------------------------------------- | ---------------------------------------- |
| `image.repository` | container image repository | `ghcr.io/ckotzbauer/sbom-operator` |
| `image.tag` | container image tag | `0.1.0` |
| `image.pullPolicy` | container image pull policy | `IfNotPresent` |
| `nodeSelector` | node labels for pod assignment | `{}` |
| `tolerations` | node tolerations for pod assignment | `[]` |
| `affinity` | node affinity for pod assignment | `{}` |
| `podAnnotations` | annotations to add to each pod | `{}` |
| `resources` | pod resource requests & limits | See [values.yaml](values.yaml) |
| `securityContext` | container securityContext | See [values.yaml](values.yaml) |
| `serviceAccount.create` | Should we create a ServiceAccount | `true` |
| `serviceAccount.name` | Name of the ServiceAccount to use | null |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```bash
$ helm install my-release \
--set key_1=value_1,key_2=value_2 \
ckotzbauer/sbom-operator
```
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
```bash
# example for staging
$ helm install my-release -f values.yaml ckotzbauer/sbom-operator
```
> **Tip**: You can use the default [values.yaml](values.yaml)

6
charts/sbom-operator/templates/NOTES.txt Normal file
View File

@ -0,0 +1,6 @@
** Please be patient while the chart is being deployed **
To monitor the deployment, execute the following command:
kubectl get pods -l name={{ template "app.name" . }} --namespace {{ .Release.Namespace }} -w

63
charts/sbom-operator/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,63 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "app.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app.name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "app.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "app.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Common labels
*/}}
{{- define "app.labels" -}}
helm.sh/chart: {{ include "app.chart" . }}
{{ include "app.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "app.selectorLabels" -}}
app.kubernetes.io/name: {{ include "app.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "app.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "app.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}

20
charts/sbom-operator/templates/clusterrole.yaml Normal file
View File

@ -0,0 +1,20 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "app.name" . }}
labels:
{{- include "app.labels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- pods
- namespaces
verbs:
- list
- apiGroups:
- ""
resources:
- secrets
verbs:
- get

14
charts/sbom-operator/templates/clusterrolebinding.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "app.name" . }}
labels:
{{- include "app.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ template "app.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ template "app.name" . }}
apiGroup: rbac.authorization.k8s.io

52
charts/sbom-operator/templates/deployment.yaml Normal file
View File

@ -0,0 +1,52 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "app.name" . }}
labels:
{{- include "app.labels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "app.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "app.selectorLabels" . | nindent 8 }}
{{- if .Values.podAnnotations }}
annotations:
{{ toYaml .Values.podAnnotations | indent 8 }}
{{- end }}
spec:
serviceAccountName: {{ template "app.serviceAccountName" . }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
args:
{{- range $key, $value := .Values.args }}
{{- if $value }}
- --{{ $key }}={{ $value }}
{{- else }}
- --{{ $key }}
{{- end }}
{{- end }}
env:
{{- if .Values.envVars }}
{{ toYaml .Values.envVars | nindent 12 }}
{{- end }}
securityContext:
{{ toYaml .Values.securityContext | indent 12 }}
resources:
{{ toYaml .Values.resources | indent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}

8
charts/sbom-operator/templates/serviceaccount.yaml Normal file
View File

@ -0,0 +1,8 @@
{{ if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "app.serviceAccountName" . }}
labels:
{{- include "app.labels" . | nindent 4 }}
{{- end -}}

37
charts/sbom-operator/values.yaml Normal file
View File

@ -0,0 +1,37 @@
# Default values for sbom-operator.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
image:
repository: ghcr.io/ckotzbauer/sbom-operator
tag: 0.1.0
pullPolicy: IfNotPresent
podAnnotations: {}
resources: {}
# requests:
# cpu: 500m
# memory: 1Gi
# limits:
# cpu: 100m
# memory: 100Mi
securityContext:
privileged: false
runAsUser: 1001
runAsNonRoot: true
serviceAccount:
# Specifies whether a ServiceAccount should be created
create: true
# The name of the ServiceAccount to use.
# If not set and create is true, a name is generated using the fullname template
name:
nodeSelector: {}
tolerations: []
affinity: {}