Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add validatingAdmissionPolicyChart #235

Open
wants to merge 22 commits into
base: main
Choose a base branch
from
Open

feat: add validatingAdmissionPolicyChart #235

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
1b67f2c
add validatingAdmissionPolicyChart
Jul 9, 2024
b26ff8a
add validatingAdmissionPolicyChart
Jul 11, 2024
b56b97d
add validatingAdmissionPolicyChart
Jul 28, 2024
d13245f
add validatingAdmissionPolicyChart
Jul 29, 2024
15afb59
remove validatingAdmissionPolicyChart
Jul 29, 2024
7e9f9f6
update the policy chart
Jul 31, 2024
f6c710b
update the policy chart
Jul 31, 2024
6369d68
update the policy chart
Jul 31, 2024
cfdd147
update validatingAdmissionPolicyChart
Aug 1, 2024
3c4cbad
update the policy chart
Aug 1, 2024
ecd42c3
update the policy chart
Aug 2, 2024
1bce28a
update the policy chart
Aug 2, 2024
f23eb2d
update the changes
Sep 5, 2024
60dc04d
upadte the changes
Oct 1, 2024
8c346f2
add bypass labeles
Nov 28, 2024
4befc09
update the chart name
Nov 29, 2024
efb5ed0
update the chart name
Nov 29, 2024
f3702b3
update the bypass condition
Dec 2, 2024
122b75b
update the bypass condition
Dec 2, 2024
5a19d3d
add changes
Dec 2, 2024
1bf41fc
.
Dec 2, 2024
6b14380
update the values.yaml
Dec 2, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 23 additions & 15 deletions charts/devtron-backups/templates/backup-on-azure.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,24 +33,26 @@ spec:
- name: postgres-app-backup-cronjob
image: {{ .Values.postgres_backup.postgresImage | default "postgres:12" }}
volumeMounts:
- mountPath: /tmp
- mountPath: /postgres
name: psql-volume
env:
- name: PGPASSWORD
valueFrom:
secretKeyRef:
key: PG_PASSWORD
name: {{ .Values.postgres_backup.secretName }}
name: {{ .Values.postgres_backup.secretName }}
imagePullPolicy: Always
args:
- /bin/bash
- -c
- pg_dumpall -h {{ .Values.postgres_backup.host | default "postgresql-postgresql.devtroncd" }} --exclude-database=clairv4 -p 5432 -U postgres --no-privileges > /tmp/backup.tar;
- set -ex ; pg_dumpall -h {{ .Values.postgres_backup.host | default "postgresql-postgresql.devtroncd" }} --exclude-database=clairv4 -p 5432 -U postgres --no-privileges > /postgres/backup.tar; echo $? ; du -sh /postgres/backup.tar
resources:
{{ toYaml .Values.postgres_backup.resources | indent 13 }}
containers:
- name: az-cli-for-upload
image: {{ .Values.global.AZURE.image | default "quay.io/devtron/k8s-utils:az-cli-ubuntu" }}
volumeMounts:
- mountPath: /tmp
- mountPath: /postgres
name: psql-volume
env:
- name: AZURE_BLOB_ACCOUNT_NAME
Expand All @@ -74,13 +76,15 @@ spec:
name: devtron-azure-backup-secret
key: AZURE_BLOB_CONTAINER_FOR_ARGOCD
imagePullPolicy: Always
resources:
{{ toYaml .Values.postgres_backup.resources | indent 13 }}
args:
- /bin/bash
- -c
{{- if $.Values.global.AZURE.encryption.enabled }}
- date1=$(date +%Y%m%d-%H%M); gpg -c --batch --passphrase {{ .Values.global.AZURE.encryption.passphrase }} /tmp/backup.tar; rm -rvf /tmp/backup.tar; mv /tmp/backup.tar.gpg /tmp/backup-$date1.tar.gpg; az storage blob upload --account-name $AZURE_BLOB_ACCOUNT_NAME --container-name $AZURE_BLOB_CONTAINER_FOR_POSTGRES --file /tmp/backup-$date1.tar.gpg --account-key $AZURE_ACCOUNT_KEY;
{{- if $.Values.global.AZURE.encryption.enabled }}
- set -ex; date1=$(date +%Y%m%d-%H%M); gpg -c --batch --passphrase {{ .Values.global.AZURE.encryption.passphrase }} /postgres/backup.tar; rm -rvf /postgres/backup.tar; mv /postgres/backup.tar.gpg /postgres/backup-$date1.tar.gpg; az storage blob upload --account-name $AZURE_BLOB_ACCOUNT_NAME --container-name $AZURE_BLOB_CONTAINER_FOR_POSTGRES --file /postgres/backup-$date1.tar.gpg --account-key $AZURE_ACCOUNT_KEY;
{{- else }}
- date1=$(date +%Y%m%d-%H%M); mv /tmp/backup.tar /tmp/backup-$date1.tar; az storage blob upload --account-name $AZURE_BLOB_ACCOUNT_NAME --container-name $AZURE_BLOB_CONTAINER_FOR_POSTGRES --file /tmp/backup-$date1.tar --account-key $AZURE_ACCOUNT_KEY;
- set -ex; date1=$(date +%Y%m%d-%H%M); mv /postgres/backup.tar /postgres/backup-$date1.tar; az storage blob upload --account-name $AZURE_BLOB_ACCOUNT_NAME --container-name $AZURE_BLOB_CONTAINER_FOR_POSTGRES --file /postgres/backup-$date1.tar --account-key $AZURE_ACCOUNT_KEY;
{{- end }}
volumes:
- name: psql-volume
Expand All @@ -96,8 +100,8 @@ apiVersion: batch/v1beta1
{{ end -}}
kind: CronJob
metadata:
name: argocd-app-backup-cronjob
namespace: devtroncd
name: argocd-app-backup-cronjob
namespace: devtroncd
spec:
schedule: {{ .Values.global.schedule }}
jobTemplate:
Expand All @@ -108,19 +112,21 @@ spec:
- name: argocd-app-backup-job
image: {{ .Values.argocd_backup.argocdImage | default "quay.io/argoproj/argocd:v2.4.0" }}
volumeMounts:
- mountPath: /cache
- mountPath: /argocd
name: argocd-volume
env:
imagePullPolicy: Always
args:
- /bin/bash
- -c
- {{ .Values.argocd_backup.args | default "argocd admin export -n devtroncd > /cache/backup.yaml" }}
- {{ .Values.argocd_backup.args | default "argocd admin export -n devtroncd > /argocd/backup.yaml" }}
resources:
{{ toYaml .Values.argocd_backup.resources | indent 13 }}
containers:
- name: az-cli-for-upload
image: {{ .Values.global.AZURE.image | default "quay.io/devtron/k8s-utils:az-cli-ubuntu" }}
volumeMounts:
- mountPath: /cache
- mountPath: /argocd
name: argocd-volume
env:
- name: AZURE_BLOB_ACCOUNT_NAME
Expand All @@ -144,18 +150,20 @@ spec:
name: devtron-azure-backup-secret
key: AZURE_BLOB_CONTAINER_FOR_ARGOCD
imagePullPolicy: Always
resources:
{{ toYaml .Values.argocd_backup.resources | indent 13 }}
args:
- /bin/bash
- -c
{{- if $.Values.global.AZURE.encryption.enabled }}
- date1=$(date +%Y%m%d-%H%M); gpg -c --batch --passphrase {{ .Values.global.AZURE.encryption.passphrase }} /cache/backup.yaml ;rm -rvf /cache/backup.yaml ;mv /cache/backup.yaml.gpg /cache/backup-$date1.yaml.gpg; az storage blob upload --account-name $AZURE_BLOB_ACCOUNT_NAME --container-name $AZURE_BLOB_CONTAINER_FOR_ARGOCD --file /cache/backup-$date1.yaml.gpg --account-key $AZURE_ACCOUNT_KEY;
- set -ex; date1=$(date +%Y%m%d-%H%M); gpg -c --batch --passphrase {{ .Values.global.AZURE.encryption.passphrase }} /argocd/backup.yaml ;rm -rvf /argocd/backup.yaml ;mv /argocd/backup.yaml.gpg /argocd/backup-$date1.yaml.gpg; az storage blob upload --account-name $AZURE_BLOB_ACCOUNT_NAME --container-name $AZURE_BLOB_CONTAINER_FOR_ARGOCD --file /argocd/backup-$date1.yaml.gpg --account-key $AZURE_ACCOUNT_KEY;
{{- else }}
- date1=$(date +%Y%m%d-%H%M); mv /cache/backup.yaml /cache/backup-$date1.yaml; az storage blob upload --account-name $AZURE_BLOB_ACCOUNT_NAME --container-name $AZURE_BLOB_CONTAINER_FOR_ARGOCD --file /cache/backup-$date1.yaml --account-key $AZURE_ACCOUNT_KEY;
- set -ex; date1=$(date +%Y%m%d-%H%M); mv /argocd/backup.yaml /argocd/backup-$date1.yaml; az storage blob upload --account-name $AZURE_BLOB_ACCOUNT_NAME --container-name $AZURE_BLOB_CONTAINER_FOR_ARGOCD --file /argocd/backup-$date1.yaml --account-key $AZURE_ACCOUNT_KEY;
{{- end }}
volumes:
- name: argocd-volume
emptyDir: {}
restartPolicy: OnFailure
serviceAccountName: {{ .Values.argocd_backup.serviceAccountName }}
{{- end }}
{{- end }}
{{- end }}
28 changes: 18 additions & 10 deletions charts/devtron-backups/templates/backup-on-gcp.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ spec:
- name: postgres-app-backup-cronjob
image: {{ .Values.postgres_backup.postgresImage | default "postgres:12" }}
volumeMounts:
- mountPath: /tmp
- mountPath: /postgres
name: psql-volume
env:
- name: PGPASSWORD
Expand All @@ -45,12 +45,14 @@ spec:
args:
- /bin/bash
- -c
- pg_dumpall -h {{ .Values.postgres_backup.host | default "postgresql-postgresql.devtroncd" }} --exclude-database=clairv4 -p 5432 -U postgres --no-privileges > /tmp/backup.tar;
- set -ex; pg_dumpall -h {{ .Values.postgres_backup.host | default "postgresql-postgresql.devtroncd" }} --exclude-database=clairv4 -p 5432 -U postgres --no-privileges > /postgres/backup.tar; echo $? ; du -sh /postgres/backup.tar
resources:
{{ toYaml .Values.postgres_backup.resources | indent 13 }}
containers:
- name: gcloud-cli-for-cloud-storage-upload
image: {{ .Values.global.GCP.image | default "google/cloud-sdk:alpine" }}
volumeMounts:
- mountPath: /tmp
- mountPath: /postgres
name: psql-volume
env:
- name: GCS_BUCKET
Expand All @@ -66,13 +68,15 @@ spec:
key: GOOGLE_APPLICATION_CREDENTIALS
{{- end }}
imagePullPolicy: Always
resources:
{{ toYaml .Values.postgres_backup.resources | indent 13 }}
args:
- /bin/bash
- -c
{{- if $.Values.global.GCP.encryption.enabled }}
- echo $gcp_credentials > /tmp/gcp_credentials.json ; gcloud auth activate-service-account --key-file=/tmp/gcp_credentials.json ; date1=$(date +%Y%m%d-%H%M); gpg -c --batch --passphrase {{ .Values.global.GCP.encryption.passphrase }} /tmp/backup.tar; rm -rvf /tmp/backup.tar; mv /tmp/backup.tar.gpg /tmp/backup-$date1.tar.gpg; gsutil cp /tmp/backup-$date1.tar.gpg gs://$GCS_BUCKET/postgres/;
- set -ex; echo $gcp_credentials > /postgres/gcp_credentials.json ; gcloud auth activate-service-account --key-file=/postgres/gcp_credentials.json ; date1=$(date +%Y%m%d-%H%M); gpg -c --batch --passphrase {{ .Values.global.GCP.encryption.passphrase }} /postgres/backup.tar; rm -rvf /postgres/backup.tar; mv /postgres/backup.tar.gpg /postgres/backup-$date1.tar.gpg; gsutil cp /postgres/backup-$date1.tar.gpg gs://$GCS_BUCKET/postgres/;
{{- else}}
- echo $gcp_credentials > /tmp/gcp_credentials.json ; gcloud auth activate-service-account --key-file=/tmp/gcp_credentials.json ; date1=$(date +%Y%m%d-%H%M); mv /tmp/backup.tar /tmp/backup-$date1.tar; gsutil cp /tmp/backup-$date1.tar gs://$GCS_BUCKET/postgres/;
- set -ex; echo $gcp_credentials > /postgres/gcp_credentials.json ; gcloud auth activate-service-account --key-file=/postgres/gcp_credentials.json ; date1=$(date +%Y%m%d-%H%M); mv /postgres/backup.tar /postgres/backup-$date1.tar; gsutil cp /postgres/backup-$date1.tar gs://$GCS_BUCKET/postgres/;
{{- end }}
volumes:
- name: psql-volume
Expand Down Expand Up @@ -101,19 +105,21 @@ spec:
- name: argocd-app-backup-job
image: {{ .Values.argocd_backup.argocdImage | default "quay.io/argoproj/argocd:v2.4.0" }}
volumeMounts:
- mountPath: /cache
- mountPath: /argocd
name: argocd-volume
env:
imagePullPolicy: Always
args:
- /bin/bash
- -c
- {{ .Values.argocd_backup.args | default "argocd admin export -n devtroncd > /cache/backup.yaml" }}
- {{ .Values.argocd_backup.args | default "argocd admin export -n devtroncd > /argocd/backup.yaml" }}
resources:
{{ toYaml .Values.argocd_backup.resources | indent 13 }}
containers:
- name: gcloud-cli-for-cloud-storage-upload
image: {{ .Values.global.GCP.image | default "google/cloud-sdk:alpine" }}
volumeMounts:
- mountPath: /cache
- mountPath: /argocd
name: argocd-volume
env:
- name: GCS_BUCKET
Expand All @@ -129,13 +135,15 @@ spec:
key: GOOGLE_APPLICATION_CREDENTIALS
{{- end }}
imagePullPolicy: Always
resources:
{{ toYaml .Values.argocd_backup.resources | indent 13 }}
args:
- /bin/bash
- -c
{{- if $.Values.global.GCP.encryption.enabled }}
- echo $gcp_credentials > /tmp/gcp_credentials.json ; gcloud auth activate-service-account --key-file=/tmp/gcp_credentials.json ; date1=$(date +%Y%m%d-%H%M); gpg -c --batch --passphrase {{ .Values.global.GCP.encryption.passphrase }} /cache/backup.yaml; rm -rvf /cache/backup.yaml; mv /cache/backup.yaml.gpg /cache/backup-$date1.yaml.gpg; gsutil cp /cache/backup-$date1.yaml.gpg gs://$GCS_BUCKET/argocd/;
- set -ex; echo $gcp_credentials > /argocd/gcp_credentials.json ; gcloud auth activate-service-account --key-file=/argocd/gcp_credentials.json ; date1=$(date +%Y%m%d-%H%M); gpg -c --batch --passphrase {{ .Values.global.GCP.encryption.passphrase }} /argocd/backup.yaml; rm -rvf /argocd/backup.yaml; mv /argocd/backup.yaml.gpg /argocd/backup-$date1.yaml.gpg; gsutil cp /argocd/backup-$date1.yaml.gpg gs://$GCS_BUCKET/argocd/;
{{- else}}
- echo $gcp_credentials > /tmp/gcp_credentials.json ; gcloud auth activate-service-account --key-file=/tmp/gcp_credentials.json ; date1=$(date +%Y%m%d-%H%M); mv /cache/backup.yaml /cache/backup-$date1.yaml; gsutil cp /cache/backup-$date1.yaml gs://$GCS_BUCKET/argocd/;
- set -ex; echo $gcp_credentials > /argocd/gcp_credentials.json ; gcloud auth activate-service-account --key-file=/argocd/gcp_credentials.json ; date1=$(date +%Y%m%d-%H%M); mv /argocd/backup.yaml /argocd/backup-$date1.yaml; gsutil cp /argocd/backup-$date1.yaml gs://$GCS_BUCKET/argocd/;
{{- end }}
volumes:
- name: argocd-volume
Expand Down
23 changes: 23 additions & 0 deletions charts/k8s-shield/.helmignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
11 changes: 11 additions & 0 deletions charts/k8s-shield/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
apiVersion: v2
appVersion: 1.0.0
description: A Helm chart for Kubernetes admission policies
name: k8s-shield
type: application
version: 0.1.0
maintainers:
- email: [email protected]
name: Devtron Devops Team
- email: [email protected]
name: Neha Sharma
16 changes: 16 additions & 0 deletions charts/k8s-shield/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
{{- define "k8s-shield.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}

{{- define "k8s-shield.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
Loading
Loading