From 775a8622fc9afd551e18aebfac27c7986bb02315 Mon Sep 17 00:00:00 2001 From: thread-koder Date: Thu, 30 Nov 2023 16:22:06 +0300 Subject: [PATCH 1/7] [spiderfoot] create helpers templates --- charts/spiderfoot/templates/_helpers.tpl | 8 ++++ charts/spiderfoot/templates/_labels.tpl | 35 +++++++++++++++++ charts/spiderfoot/templates/_names.tpl | 45 ++++++++++++++++++++++ charts/spiderfoot/templates/_storage.tpl | 22 +++++++++++ charts/spiderfoot/templates/_tplvalues.tpl | 32 +++++++++++++++ 5 files changed, 142 insertions(+) create mode 100644 charts/spiderfoot/templates/_labels.tpl create mode 100644 charts/spiderfoot/templates/_names.tpl create mode 100644 charts/spiderfoot/templates/_storage.tpl create mode 100644 charts/spiderfoot/templates/_tplvalues.tpl diff --git a/charts/spiderfoot/templates/_helpers.tpl b/charts/spiderfoot/templates/_helpers.tpl index d208869..d1dbb23 100644 --- a/charts/spiderfoot/templates/_helpers.tpl +++ b/charts/spiderfoot/templates/_helpers.tpl @@ -60,3 +60,11 @@ Create the name of the service account to use {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} + + +{{/* +Return the proper Storage Class +*/}} +{{- define "spiderfoot.storageClass" -}} +{{- include "common.storage.class" (dict "persistence" .Values.persistence) -}} +{{- end -}} diff --git a/charts/spiderfoot/templates/_labels.tpl b/charts/spiderfoot/templates/_labels.tpl new file mode 100644 index 0000000..63ea8bf --- /dev/null +++ b/charts/spiderfoot/templates/_labels.tpl @@ -0,0 +1,35 @@ +{{- define "common.labels.standard" -}} +{{- if and (hasKey . "customLabels") (hasKey . "context") -}} +{{- $default := dict "app.kubernetes.io/name" (include "common.names.name" .context) "helm.sh/chart" (include "common.names.chart" .context) "app.kubernetes.io/instance" .context.Release.Name "app.kubernetes.io/managed-by" .context.Release.Service -}} +{{- with .context.Chart.AppVersion -}} +{{- $_ := set $default "app.kubernetes.io/version" . -}} +{{- end -}} +{{ template "common.tplvalues.merge" (dict "values" (list .customLabels $default) "context" .context) }} +{{- else -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +helm.sh/chart: {{ include "common.names.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- with .Chart.AppVersion }} +app.kubernetes.io/version: {{ . | quote }} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Labels used on immutable fields such as deploy.spec.selector.matchLabels or svc.spec.selector +{{ include "common.labels.matchLabels" (dict "customLabels" .Values.podLabels "context" $) -}} + +We don't want to loop over custom labels appending them to the selector +since it's very likely that it will break deployments, services, etc. +However, it's important to overwrite the standard labels if the user +overwrote them on metadata.labels fields. +*/}} +{{- define "common.labels.matchLabels" -}} +{{- if and (hasKey . "customLabels") (hasKey . "context") -}} +{{ merge (pick (include "common.tplvalues.render" (dict "value" .customLabels "context" .context) | fromYaml) "app.kubernetes.io/name" "app.kubernetes.io/instance") (dict "app.kubernetes.io/name" (include "common.names.name" .context) "app.kubernetes.io/instance" .context.Release.Name ) | toYaml }} +{{- else -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/spiderfoot/templates/_names.tpl b/charts/spiderfoot/templates/_names.tpl new file mode 100644 index 0000000..bc14968 --- /dev/null +++ b/charts/spiderfoot/templates/_names.tpl @@ -0,0 +1,45 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "common.names.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "common.names.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "common.names.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts. +*/}} +{{- define "common.names.namespace" -}} +{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a fully qualified app name adding the installation's namespace. +*/}} +{{- define "common.names.fullname.namespace" -}} +{{- printf "%s-%s" (include "common.names.fullname" .) (include "common.names.namespace" .) | trunc 63 | trimSuffix "-" -}} +{{- end -}} \ No newline at end of file diff --git a/charts/spiderfoot/templates/_storage.tpl b/charts/spiderfoot/templates/_storage.tpl new file mode 100644 index 0000000..b0327a9 --- /dev/null +++ b/charts/spiderfoot/templates/_storage.tpl @@ -0,0 +1,22 @@ +{{/* +Return the proper Storage Class +{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} +*/}} +{{- define "common.storage.class" -}} + +{{- $storageClass := .persistence.storageClass -}} +{{- if .global -}} + {{- if .global.storageClass -}} + {{- $storageClass = .global.storageClass -}} + {{- end -}} +{{- end -}} + +{{- if $storageClass -}} + {{- if (eq "-" $storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" $storageClass -}} + {{- end -}} +{{- end -}} + +{{- end -}} \ No newline at end of file diff --git a/charts/spiderfoot/templates/_tplvalues.tpl b/charts/spiderfoot/templates/_tplvalues.tpl new file mode 100644 index 0000000..56c1269 --- /dev/null +++ b/charts/spiderfoot/templates/_tplvalues.tpl @@ -0,0 +1,32 @@ +{{/* +Renders a value that contains template perhaps with scope if the scope is present. +Usage: +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ ) }} +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ "scope" $app ) }} +*/}} +{{- define "common.tplvalues.render" -}} +{{- $value := typeIs "string" .value | ternary .value (.value | toYaml) }} +{{- if contains "{{" (toJson .value) }} + {{- if .scope }} + {{- tpl (cat "{{- with $.RelativeScope -}}" $value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} + {{- else }} + {{- tpl $value .context }} + {{- end }} +{{- else }} + {{- $value }} +{{- end }} +{{- end -}} + +{{/* +Merge a list of values that contains template after rendering them. +Merge precedence is consistent with http://masterminds.github.io/sprig/dicts.html#merge-mustmerge +Usage: +{{ include "common.tplvalues.merge" ( dict "values" (list .Values.path.to.the.Value1 .Values.path.to.the.Value2) "context" $ ) }} +*/}} +{{- define "common.tplvalues.merge" -}} +{{- $dst := dict -}} +{{- range .values -}} +{{- $dst = include "common.tplvalues.render" (dict "value" . "context" $.context "scope" $.scope) | fromYaml | merge $dst -}} +{{- end -}} +{{ $dst | toYaml }} +{{- end -}} \ No newline at end of file From 981aaa744f8740d5e47bd486af0f6e7d2d591bc0 Mon Sep 17 00:00:00 2001 From: thread-koder Date: Thu, 30 Nov 2023 16:22:45 +0300 Subject: [PATCH 2/7] [spiderfoot] modify deployment --- charts/spiderfoot/templates/deployment.yaml | 40 ++++++++++++++++++--- 1 file changed, 36 insertions(+), 4 deletions(-) diff --git a/charts/spiderfoot/templates/deployment.yaml b/charts/spiderfoot/templates/deployment.yaml index 330121a..83279b3 100644 --- a/charts/spiderfoot/templates/deployment.yaml +++ b/charts/spiderfoot/templates/deployment.yaml @@ -18,7 +18,10 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} labels: - {{- include "spiderfoot.selectorLabels" . | nindent 8 }} + {{- include "spiderfoot.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: @@ -35,18 +38,47 @@ spec: imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - name: http - containerPort: 5001 + containerPort: {{ .Values.service.port }} protocol: TCP + {{- if .Values.livenessProbe.enabled }} livenessProbe: httpGet: - path: / + path: {{ .Values.livenessProbe.path }} port: http + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} readinessProbe: httpGet: - path: / + path: {{ .Values.readinessProbe.path }} port: http + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + volumes: + - name: spiderfoot-data + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim | default (printf "%s-spiderfott" (include "common.names.fullname" .)) }} + {{- else }} + emptyDir: {} + {{- end }} + {{- if .Values.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} From 25cc2f64fdbcc6b5f3d890b6d02633186b76e44b Mon Sep 17 00:00:00 2001 From: thread-koder Date: Thu, 30 Nov 2023 16:23:12 +0300 Subject: [PATCH 3/7] [spiderfoot] add automountServiceAccountToken --- charts/spiderfoot/templates/serviceaccount.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/spiderfoot/templates/serviceaccount.yaml b/charts/spiderfoot/templates/serviceaccount.yaml index 8834e32..536ad0b 100644 --- a/charts/spiderfoot/templates/serviceaccount.yaml +++ b/charts/spiderfoot/templates/serviceaccount.yaml @@ -9,4 +9,5 @@ metadata: annotations: {{- toYaml . | nindent 4 }} {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} {{- end }} From dc81960168303a95ea69123da9ee651b78fc0616 Mon Sep 17 00:00:00 2001 From: thread-koder Date: Thu, 30 Nov 2023 16:23:47 +0300 Subject: [PATCH 4/7] [spidefoot] add pv and pvc --- charts/spiderfoot/templates/pv.yaml | 22 ++++++++++++++++ charts/spiderfoot/templates/pvc.yaml | 38 ++++++++++++++++++---------- 2 files changed, 47 insertions(+), 13 deletions(-) create mode 100644 charts/spiderfoot/templates/pv.yaml diff --git a/charts/spiderfoot/templates/pv.yaml b/charts/spiderfoot/templates/pv.yaml new file mode 100644 index 0000000..3ecdb62 --- /dev/null +++ b/charts/spiderfoot/templates/pv.yaml @@ -0,0 +1,22 @@ +{{- if and .Values.persistence.enabled .Values.persistence.hostPath (not .Values.persistence.existingClaim) -}} +apiVersion: v1 +kind: PersistentVolume +metadata: + name: {{ include "common.names.fullname" . }}-spiderfoot + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if not (empty .Values.persistence.accessModes) }} + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + {{- end }} + capacity: + storage: {{ .Values.persistence.size | quote }} + hostPath: + path: {{ .Values.persistence.hostPath | quote }} +{{- end -}} \ No newline at end of file diff --git a/charts/spiderfoot/templates/pvc.yaml b/charts/spiderfoot/templates/pvc.yaml index 4026b63..4e4f86b 100644 --- a/charts/spiderfoot/templates/pvc.yaml +++ b/charts/spiderfoot/templates/pvc.yaml @@ -1,21 +1,33 @@ -{{- if .Values.persistence.enabled }} -{{- if not .Values.persistence.existingClaim -}} +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} kind: PersistentVolumeClaim apiVersion: v1 metadata: - name: {{ template "spiderfoot.fullname" . }} - labels: - app: {{ template "spiderfoot.fullname" . }} + name: {{ include "common.names.fullname" . }}-spiderfoot + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if or .Values.persistence.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.persistence.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} spec: - accessModes: - - {{ .Values.persistence.accessMode | quote }} -{{- if .Values.persistence.storageClass }} - storageClassName: "{{ .Values.persistence.storageClass }}" -{{- else }} + {{- if .Values.persistence.hostPath }} storageClassName: "" -{{- end }} + {{- else }} + {{- include "spiderfoot.storageClass" . | nindent 2 }} + {{- end }} + {{- if not (empty .Values.persistence.accessModes) }} + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + {{- end }} resources: requests: storage: {{ .Values.persistence.size | quote }} -{{- end -}} -{{- end }} + {{- if .Values.persistence.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.selector "context" $) | nindent 4 }} + {{- end -}} + {{- if .Values.persistence.dataSource }} + dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.dataSource "context" $) | nindent 4 }} + {{- end }} +{{- end -}} \ No newline at end of file From 39c1cf03f40eae7aca7c0f75e481e2a7cf7f2a1b Mon Sep 17 00:00:00 2001 From: thread-koder Date: Thu, 30 Nov 2023 16:24:10 +0300 Subject: [PATCH 5/7] [spiderfoot] modify hpa.yaml --- charts/spiderfoot/templates/hpa.yaml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/charts/spiderfoot/templates/hpa.yaml b/charts/spiderfoot/templates/hpa.yaml index 0c4044b..0c60fcd 100644 --- a/charts/spiderfoot/templates/hpa.yaml +++ b/charts/spiderfoot/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ include "spiderfoot.fullname" . }} @@ -17,12 +17,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} {{- end }} From 3d73846fed0386b483c526c928f8e215a1a5ac10 Mon Sep 17 00:00:00 2001 From: thread-koder Date: Thu, 30 Nov 2023 16:24:57 +0300 Subject: [PATCH 6/7] [spiderfoot] add missing values in the values file --- charts/spiderfoot/values.yaml | 100 +++++++++++++++++++++++++++++++--- 1 file changed, 91 insertions(+), 9 deletions(-) diff --git a/charts/spiderfoot/values.yaml b/charts/spiderfoot/values.yaml index 9499b5e..7a67521 100644 --- a/charts/spiderfoot/values.yaml +++ b/charts/spiderfoot/values.yaml @@ -12,11 +12,17 @@ image: imagePullSecrets: [] nameOverride: "" +namespaceOverride: "" fullnameOverride: "" +commonLabels: {} +commonAnnotations: {} + serviceAccount: # Specifies whether a service account should be created create: true + # Automatically mount a ServiceAccount's API credentials? + automount: true # Annotations to add to the service account annotations: {} # The name of the service account to use. @@ -24,11 +30,14 @@ serviceAccount: name: "" podAnnotations: {} +podLabels: {} -podSecurityContext: {} +podSecurityContext: + {} # fsGroup: 2000 -securityContext: {} +securityContext: + {} # capabilities: # drop: # - ALL @@ -38,12 +47,13 @@ securityContext: {} service: type: ClusterIP - port: 80 + port: 5001 ingress: enabled: false className: "" - annotations: {} + annotations: + {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" hosts: @@ -56,7 +66,8 @@ ingress: # hosts: # - chart-example.local -resources: {} +resources: + {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following @@ -75,15 +86,86 @@ autoscaling: targetCPUUtilizationPercentage: 80 # targetMemoryUtilizationPercentage: 80 +# Additional volumes on the output Deployment definition. +extraVolumes: [] +# - name: foo +# secret: +# secretName: mysecret +# optional: false + +# Additional volumeMounts on the output Deployment definition. +volumeMounts: [] +# - name: foo +# mountPath: "/etc/foo" +# readOnly: true + nodeSelector: {} tolerations: [] affinity: {} -# Enable/disable persistence +livenessProbe: + enabled: true + path: / + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 5 + successThreshold: 1 + +readinessProbe: + enabled: true + path: / + initialDelaySeconds: 30 + periodSeconds: 5 + timeoutSeconds: 1 + failureThreshold: 5 + successThreshold: 1 + persistence: + ## @param persistence.enabled Enable persistence using PVC + ## enabled: false - accessMode: ReadWriteOnce - size: 4Gi - storageClass: do-block-storage \ No newline at end of file + ## @param persistence.storageClass PVC Storage Class for spiderfoot volume + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param persistence.accessModes PVC Access Mode for spiderfoot volume + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + ## + accessModes: + - ReadWriteOnce + ## @param persistence.size PVC Storage Request for spiderfoot volume + ## + size: 8Gi + ## @param persistence.dataSource Custom PVC data source + ## + dataSource: {} + ## @param persistence.existingClaim A manually managed Persistent Volume Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + ## + existingClaim: "" + ## @param persistence.hostPath If defined, the spiderfoot-data volume will mount to the specified hostPath. + ## Requires persistence.enabled: true + ## Requires persistence.existingClaim: nil|false + ## Default: nil. + ## + hostPath: "" + ## @param persistence.annotations Persistent Volume Claim annotations + ## + annotations: {} + ## @param persistence.selector Selector to match an existing Persistent Volume for spiderfoot data PVC + ## If set, the PVC can't have a PV dynamically provisioned for it + ## E.g. + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} From 2f518ac68963d70e18d7a0775f15eb5aa00de689 Mon Sep 17 00:00:00 2001 From: thread-koder Date: Thu, 30 Nov 2023 16:25:16 +0300 Subject: [PATCH 7/7] [spiderfoot] bump chart version to 2.0.0 --- charts/spiderfoot/Chart.yaml | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/charts/spiderfoot/Chart.yaml b/charts/spiderfoot/Chart.yaml index 1198647..3b55ae2 100644 --- a/charts/spiderfoot/Chart.yaml +++ b/charts/spiderfoot/Chart.yaml @@ -1,6 +1,24 @@ apiVersion: v2 name: spiderfoot -description: Spiderfoot helm chart for Kubernetes +description: A Helm chart for spiderfoot + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. type: application -version: 1.0.1 -appVersion: 3.3.0 + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 2.0.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "3.3.0"