Skip to content

Commit

Permalink
feat: update netpols and swap postgres chart (#74)
Browse files Browse the repository at this point in the history 
## Description
Lock down and add ability to configure network policies. 
Swap dev-postgres chart to operator in line with other packages.

## Related Issue

Fixes #
[67](#67)

## Type of change

- [ ] Bug fix (non-breaking change which fixes an issue)
- [x] New feature (non-breaking change which adds functionality)
- [ ] Other (security config, docs update, etc)

Release-As: v9.9.2-uds.1
  • Loading branch information
@zachariahmiller
zachariahmiller authored May 13, 2024
1 parent fbbae9d commit a72bc8e
Show file tree
Hide file tree
Showing 9 changed files with 122 additions and 44 deletions.
27 changes: 22 additions & 5 deletions bundle/uds-bundle.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,16 +7,33 @@ metadata:
# x-release-please-end

packages:
- name: dev-postgres
repository: ghcr.io/defenseunicorns/packages/uds/dev-postgres
ref: 0.0.1

- name: dev-secrets
- name: dev-namespace
path: ../
ref: 0.1.0

- name: postgres-operator
repository: ghcr.io/defenseunicorns/packages/uds/postgres-operator
ref: 1.11.0-uds.0-upstream
overrides:
postgres-operator:
uds-postgres-config:
variables:
- name: POSTGRESQL
description: "Configure postgres using CRs via the uds-postgres-config chart"
path: postgresql

- name: sonarqube
path: ../
# x-release-please-start-version
ref: 9.9.2-uds.0
# x-release-please-end
overrides:
sonarqube:
sonarqube:
values:
- path: "jdbcOverwrite.jdbcSecretName"
value: "sonarqube.sonarqube.pg-cluster.credentials.postgresql.acid.zalan.do"
- path: "jdbcOverwrite.jdbcUsername"
value: "sonarqube.sonarqube"
- path: "jdbcOverwrite.jdbcUrl"
value: "jdbc:postgresql://pg-cluster.postgres.svc.cluster.local:5432/sonarqubedb"
19 changes: 14 additions & 5 deletions bundle/uds-config.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,15 @@
variables:
dev-postgres:
db_username: "sonarqube"
db_name: "sonarqubedb"
sonarqube:
sonarqube_db_endpoint: "postgresql.dev-postgres.svc.cluster.local"
postgres-operator:
postgresql:
enabled: true # Set to false to not create the PostgreSQL resource
teamId: "uds"
volume:
size: "10Gi"
numberOfInstances: 2
users:
sonarqube.sonarqube: [] # database owner
databases:
sonarqubedb: sonarqube.sonarqube
version: "13"
ingress:
remoteGenerated: Anywhere
45 changes: 45 additions & 0 deletions chart/templates/uds-package.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,3 +48,48 @@ spec:
podLabels:
app: sonarqube
remoteGenerated: Anywhere

- direction: Egress
remoteNamespace: keycloak
remoteSelector:
app.kubernetes.io/name: keycloak
selector:
app: sonarqube
port: 8080
description: "SSO Internal"

- direction: Egress
remoteGenerated: Anywhere
selector:
app: sonarqube
port: 443
description: "SSO External"

- direction: Egress
selector:
app: sonarqube
{{- if .Values.postgres.internal }}
remoteNamespace: {{ .Values.postgres.namespace | quote }}
remoteSelector:
{{ .Values.postgres.selector | toYaml | nindent 10 }}
port: {{ .Values.postgres.port }}
{{- else }}
remoteGenerated: Anywhere
{{- end }}
description: "Sonarqube Postgres"

# Custom rules for unanticipated scenarios
{{- range .Values.custom }}
- direction: {{ .direction }}
selector:
{{ .selector | toYaml | nindent 10 }}
{{- if not .remoteGenerated }}
remoteNamespace: {{ .remoteNamespace }}
remoteSelector:
{{ .remoteSelector | toYaml | nindent 10 }}
port: {{ .port }}
{{- else }}
remoteGenerated: {{ .remoteGenerated }}
{{- end }}
description: {{ .description }}
{{- end }}
22 changes: 22 additions & 0 deletions chart/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,3 +4,25 @@ sso:
secretName: sonarqube-sso
saml:
providerName: Keycloak # This is displayed on the SonarQube landing screen ("Log in with <providerName>")
postgres:
internal: true
selector:
cluster-name: pg-cluster
namespace: postgres
port: 5432
custom: []
# # Notice no `remoteGenerated` field here on custom internal rule
# - direction: Ingress
# selector:
# app: jenkins
# remoteNamespace: jenkins
# remoteSelector:
# app: jenkins
# port: 8180
# description: "Ingress from Jenkins"
# # No `remoteNamespace`, `remoteSelector`, or `port` fields on rule to `remoteGenerated`
# - direction: Egress
# selector:
# app: webservice
# remoteGenerated: Anywhere
# description: "Egress from SonarQube"
8 changes: 0 additions & 8 deletions src/dev-secrets/postgres-secret.yaml
View file

This file was deleted.

25 changes: 0 additions & 25 deletions src/dev-secrets/zarf.yaml
View file

This file was deleted.

4 changes: 4 additions & 0 deletions src/namespace/ns.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
kind: Namespace
apiVersion: v1
metadata:
name: sonarqube
14 changes: 14 additions & 0 deletions src/namespace/zarf.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/zarf/main/zarf.schema.json
kind: ZarfPackageConfig
metadata:
name: dev-namespace
description: "create namespaces for cross-ns secret functionality of pg operator"
version: 0.1.0

components:
- name: deploy-namespace-for-cross-ns-secret
required: true
manifests:
- name: dev-namespace
files:
- ns.yaml
2 changes: 1 addition & 1 deletion tasks/dependencies.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@ tasks:
- name: create
description: Create the Dependency Zarf Package(s)
actions:
- cmd: uds zarf package create src/dev-secrets/ --confirm --no-progress --architecture=${UDS_ARCH} --skip-sbom
- cmd: uds zarf package create src/namespace/ --confirm --no-progress --architecture=${UDS_ARCH} --skip-sbom

0 comments on commit a72bc8e

Please sign in to comment.