Giter Site home page Giter Site logo

helm-charts's Introduction

πŸ‘‹ Hello! I'm devopstales.

Blog β€’ Twitter β€’ Helm Repo β€’ Homebrew tap

  • πŸ”­ I’m currently working on Trivy Operator
  • 🌱 I’m currently learning Go and Python
  • πŸ’¬ Ask me about Openshift, Kubernetes, Helm and Python
  • πŸ“« How to reach me: @_devopstales on Twitter
  • β˜• If you like what i do, maybe consider buying me a coffee/tea πŸ₯ΊπŸ‘‰πŸ‘ˆ

Buy Me A Coffee

Open source projects

🎁 Projects ⭐ Stars πŸ“š Forks πŸ›Ž Issues πŸ“¬ Pull requests
Trivy Operator Stars Forks Issues Pull Requests
KubeDash Stars Forks Issues Pull Requests
Kubectl OpenID Connect Stars Forks Issues Pull Requests
kubectl-user-create Stars Forks Issues Pull Requests
kube-log-symlinker Stars Forks Issues Pull Requests
k8s-logrotate Stars Forks Issues Pull Requests
DevOpsTales Helm Repository Stars Forks Issues Pull Requests

helm-charts's People

Contributors

amartingarcia avatar devopstales avatar evgkrsk avatar loeken avatar

Stargazers

avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

eugenegoncharuk evgkrsk vmansolas christianwoehrle kovtalex

helm-charts's Issues

self managed secret

hi as this seems to be the most stable chart/repo published to artifacthub for permissions manager i wanted to start using it. Do you plan on supporting this repo in the future?

If so could i submit a PR to add a enabledSecrets: false to the values.yaml, which if set would provide a different secret then the chart's secret (

helm-charts/charts/permission-manager/templates/deployment.yaml

Line 38 in cd508ae

name: {{ include "permission-manager.fullname" . }}
)

this would allow me to encrypt my self-managed secret with sealed secrets and tell the helm chart via values.yaml to use this instead.

untested patch:

From fa1b26587de857915d6ba4976155cb67074a003a Mon Sep 17 00:00:00 2001
From: loeken <[email protected]>
Date: Mon, 14 Mar 2022 23:08:50 +0100
Subject: [PATCH] added existingSecret as an option to provide a self managed
 secret to be used instead of the chart's one

Signed-off-by: loeken <[email protected]>
---
 charts/permission-manager/templates/deployment.yaml | 6 +++++-
 charts/permission-manager/values.yaml               | 9 +++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/charts/permission-manager/templates/deployment.yaml b/charts/permission-manager/templates/deployment.yaml
index 7a7ff4f..36d59ea 100644
--- a/charts/permission-manager/templates/deployment.yaml
+++ b/charts/permission-manager/templates/deployment.yaml
@@ -35,7 +35,11 @@ spec:
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           envFrom:
             - secretRef:
-                name: {{ include "permission-manager.fullname" . }} 
+              {{- if .Values.config.existingSecret }}
+                name:  {{ .Values.config.existingSecret }}
+              {{- else }}
+                name: {{ include "permission-manager.fullname" . }}
+              {{- end }}
           ports:
             - name: http
               containerPort: 4000 
diff --git a/charts/permission-manager/values.yaml b/charts/permission-manager/values.yaml
index b6702a6..2781627 100644
--- a/charts/permission-manager/values.yaml
+++ b/charts/permission-manager/values.yaml
@@ -100,3 +100,12 @@ config:
 
   # Random password to login to web-app. PLEASE CHANGE!
   basicAuthPassword: RrXwZSBdTXhQL6 
+  
+  # Set to name of a secret. will read basicAuthPassword from secret instead of confg.basicAuthPassword 
+  # example : basicAuthExistingSecret: permission-maanger-htpasswd that has the same structure as the chart's secret
+  # stringData:
+  #   PORT: "4000" # port where server is exposed
+  #   CLUSTER_NAME: {{ .Values.config.clusterName }}
+  #   CONTROL_PLANE_ADDRESS: {{ .Values.config.controlePlaneAddress }}
+  #   BASIC_AUTH_PASSWORD: {{ .Values.config.basicAuthPassword }}
+  existingSecret: false
-- 
2.35.1

permissions-manager

Hi,

sorry for my late response here, thanks for merging in the secret part for the permissions manager chart ( #12 ). I've finally had the time to start testing the chart but it seems it hasnt been published properly?

❯ helm repo add devopstales https://devopstales.github.io/helm-charts
"devopstales" has been added to your repositories
❯ helm repo update
Hang tight while we grab the latest from your chart repositories...
[output of other repos removed]
...Successfully got an update from the "devopstales" chart repository
❯ helm pull devopstales/permission-manager --untar
Error: chart "permission-manager" matching  not found in devopstales index. (try 'helm repo update'): no chart version found for permission-manager-
❯ helm search repo devopstales
NAME                             	CHART VERSION	APP VERSION	DESCRIPTION                                       
devopstales/kube-openid-connect  	1            	1.16.0     	A Helm chart for Kubernetes                       
devopstales/kuberos              	0.2.1        	2018-07-03 	An OIDC authentication helper for Kubernetes      
devopstales/pushprox             	0.1.4        	0.1.0      	Sets up a deployment of the PushProx proxy and ...
devopstales/trivy-image-validator	1.0.2        	1.16.0     	A Helm chart for trivy-image-validator Admissio...
devopstales/trivy-operator       	2.3.2        	1.16.0     	A Helm chart for trivy-operator                   
devopstales/trivy-scanner        	1.0.2        	1.16.0     	A Helm chart for trivy-scanner

it doesnt seem to show up for me (the artifacthub page also doesnt show the version with the changes i sent via the PR.

any advice?

Operator is not scanning Images

Hi the operator does not scan running images and does not export the metrics:

I have set "trivy-scan: "true" to the namespace like in your demo: https://github.com/devopstales/trivy-operator/blob/main/deploy/10_demo.yaml

I have set serviceMonitor.enabled=true. But Prometheus can scape the python metrics only and not trivy metrics. Also the operator stops logging, but the pod is running:

β”‚ [2022-02-03 09:10:56,507] kopf.activities.star [INFO    ] CRD already exists!!!                                                                                                                                                            β”‚
β”‚ [2022-02-03 09:10:56,508] kopf.activities.star [INFO    ] Activity 'startup_fn_crd' succeeded.                                                                                                                                             β”‚
β”‚ [2022-02-03 09:10:56,673] kopf.activities.star [INFO    ] trivy cache created...                                                                                                                                                           β”‚
β”‚ [2022-02-03 09:10:56,674] kopf.activities.star [INFO    ] Activity 'startup_fn_trivy_cache' succeeded.                                                                                                                                     β”‚
β”‚ [2022-02-03 09:10:56,675] kopf.activities.star [INFO    ] Prometheus Exporter started...                                                                                                                                                   β”‚
β”‚ [2022-02-03 09:10:56,676] kopf.activities.star [INFO    ] Activity 'startup_fn_prometheus_client' succeeded.                                                                                                                               β”‚
β”‚ [2022-02-03 09:10:56,693] kopf.activities.star [INFO    ] Day to certifiacet expiration: 364                                                                                                                                               β”‚
β”‚ [2022-02-03 09:10:56,694] kopf.activities.star [INFO    ] Activity 'configure' succeeded.                                                                                                                                                  β”‚
β”‚ [2022-02-03 09:10:56,696] kopf._core.engines.a [INFO    ] Initial authentication has been initiated.                                                                                                                                       β”‚
β”‚ [2022-02-03 09:10:56,701] kopf.activities.auth [INFO    ] Activity 'login_via_client' succeeded.                                                                                                                                           β”‚
β”‚ [2022-02-03 09:10:56,701] kopf._core.engines.a [INFO    ] Initial authentication has finished.                                                                                                                                             β”‚
β”‚ [2022-02-03 09:10:57,065] kopf._core.reactor.o [WARNING ] Not enough permissions to watch for resources: changes (creation/deletion/updates) will not be noticed; the resources are only refreshed on operator restarts.                   β”‚
β”‚ [2022-02-03 09:10:57,171] kopf.objects         [INFO    ] [trivy-scan/trivy-operator-main-config] NamespaceScanner Created

Cron is set to */5 * * * *.

The label "trivy-operator-validation: "true" works. So I cannot start a vulnerable pod.

Versions:
Image: devopstales/trivy-operator:2.2
Chart-Version: 2.2
K8s: v1.21.5-eks-bc4871b
OS: bottlerocket-aws-k8s-1.21-x86_64-v1.5.2-1602f3a8 (containerd as runtime)

I have installed it via cli, so the most parameters are default values:

helm3 upgrade --install trivy-operator devopstales/trivy-operator --set serviceMonitor.enabled=true

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    πŸ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. πŸ“ŠπŸ“ˆπŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❀️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.