From 5d678d2b18039bcafc360d8d66a358d24d2289d7 Mon Sep 17 00:00:00 2001 From: Timothy Clarke Date: Fri, 9 Nov 2018 13:10:27 +0000 Subject: [PATCH 1/5] Added Dockerfile for dockerhub and Helm chart for Kubernetes --- kubernetes/.helmignore | 21 ++++++++ kubernetes/Chart.yaml | 5 ++ kubernetes/README.md | 55 ++++++++++++++++++++ kubernetes/configMaps/filterlist.txt | 24 +++++++++ kubernetes/templates/NOTES.txt | 19 +++++++ kubernetes/templates/_helpers.tpl | 32 ++++++++++++ kubernetes/templates/configMap.yaml | 7 +++ kubernetes/templates/deployment.yaml | 78 ++++++++++++++++++++++++++++ kubernetes/templates/ingress.yaml | 39 ++++++++++++++ kubernetes/templates/service.yaml | 23 ++++++++ kubernetes/values.yaml | 55 ++++++++++++++++++++ 11 files changed, 358 insertions(+) create mode 100644 kubernetes/.helmignore create mode 100644 kubernetes/Chart.yaml create mode 100644 kubernetes/README.md create mode 100644 kubernetes/configMaps/filterlist.txt create mode 100644 kubernetes/templates/NOTES.txt create mode 100644 kubernetes/templates/_helpers.tpl create mode 100644 kubernetes/templates/configMap.yaml create mode 100644 kubernetes/templates/deployment.yaml create mode 100644 kubernetes/templates/ingress.yaml create mode 100644 kubernetes/templates/service.yaml create mode 100644 kubernetes/values.yaml diff --git a/kubernetes/.helmignore b/kubernetes/.helmignore new file mode 100644 index 0000000..f0c1319 --- /dev/null +++ b/kubernetes/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/Chart.yaml b/kubernetes/Chart.yaml new file mode 100644 index 0000000..2f5e21d --- /dev/null +++ b/kubernetes/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: A Content Security Policy & XSS collector +name: csp-collector +version: 0.1.0 diff --git a/kubernetes/README.md b/kubernetes/README.md new file mode 100644 index 0000000..cdfc81f --- /dev/null +++ b/kubernetes/README.md @@ -0,0 +1,55 @@ +# Kubernetes / Helm Deployment Template for the CSP Report Collector + +## TL;DR; + +```console +$ helm install -n csp-reporter -f custom-values.yaml kubernetes +``` + +## Introduction +This chart deploys a Content Security Policy report collector from +https://github.com/jacobbednarz/go-csp-collector/ + +Using the [kubernetes/values.yaml][1] file create a custom-values.yaml override +with just the changed values then run the command above. +eg. +``` +replicaCount: 2 +custom: + filterlist: "custom.filter.list" + +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: nginx + certmanager.k8s.io/cluster-issuer: 'my-key-name' + certmanager.k8s.io/acme-challenge-type: 'dns01' + certmanager.k8s.io/acme-dns01-provider: 'route53' + nginx.ingress.kubernetes.io/force-ssl-redirect: 'true' + hosts: + - csp-reports.example.com + tls: + - secretName: csp-reports.example.com-tls + hosts: + - csp-reports.example.com +``` + +## Config params +| Parameter | Description | Default | +| --------------------------- | :------------------------------- | :----------------------------- | +| `ingress` | A standard ingress block | | +| `ingress.enabled` | Enables or Disables the ingress block | `false` | +| `ingress.annotations` | Ingress annotations | `{}` | +| `ingress.hosts` | List of FQDN's the be browsed to | Not Set | +| `ingress.tls.secretName` | Name of the secret to use | Not Set | +| `ingress.tls.hosts` | List of FQDN's the above secret is associated with| Not Set | +| `service.type` | Service type | `ClusterIP` | +| `service.port` | Service port | `80` | +| `service.annotations` | Service annotations | `{}` | +| `custom` | CLI Param Options (see Below) | | +| `custom.filterlist` | Name of file within the configMaps dir for custom filters| `false` Uses list compiled into the app | +| `custom.jsonOutput` | Log entries as json objects, use `false` for plain text | `true` | +| `custom.debug` | Logs in debug mode | `false` | + + +[1]: https://github.com/jacobbednarz/go-csp-collector/kubernetes/values.yaml diff --git a/kubernetes/configMaps/filterlist.txt b/kubernetes/configMaps/filterlist.txt new file mode 100644 index 0000000..bcc93ef --- /dev/null +++ b/kubernetes/configMaps/filterlist.txt @@ -0,0 +1,24 @@ +resource:// +chromenull:// +chrome-extension:// +safari-extension:// +mxjscall:// +webviewprogressproxy:// +res:// +mx:// +safari-resource:// +chromeinvoke:// +chromeinvokeimmediate:// +mbinit:// +opera:// +localhost +127.0.0.1 +none:// +about:blank +android-webview +ms-browser-extension +wvjbscheme://__wvjb_queue_message__ +nativebaiduhd://adblock +bdvideo://error +https://fonts.gstatic.com/s/roboto/v18/KFO +https://fonts.gstatic.com/s/googlesans/v9/4Ua diff --git a/kubernetes/templates/NOTES.txt b/kubernetes/templates/NOTES.txt new file mode 100644 index 0000000..a21edde --- /dev/null +++ b/kubernetes/templates/NOTES.txt @@ -0,0 +1,19 @@ +{{- if .Values.ingress.enabled }} +1. The CSP reporter availble by setting your report-uri to : +{{- range .Values.ingress.hosts }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "csp-collector.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ template "csp-collector.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "csp-collector.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "csp-collector.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:{{ .Values.service.port }} +{{- end }} diff --git a/kubernetes/templates/_helpers.tpl b/kubernetes/templates/_helpers.tpl new file mode 100644 index 0000000..7c97f95 --- /dev/null +++ b/kubernetes/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "csp-collector.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "csp-collector.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "csp-collector.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/kubernetes/templates/configMap.yaml b/kubernetes/templates/configMap.yaml new file mode 100644 index 0000000..022b9fc --- /dev/null +++ b/kubernetes/templates/configMap.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "csp-collector.fullname" . }} +data: +{{ (.Files.Glob "configMaps/*").AsConfig | indent 2 }} diff --git a/kubernetes/templates/deployment.yaml b/kubernetes/templates/deployment.yaml new file mode 100644 index 0000000..5865a44 --- /dev/null +++ b/kubernetes/templates/deployment.yaml @@ -0,0 +1,78 @@ +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + name: {{ template "csp-collector.fullname" . }} + labels: + app: {{ template "csp-collector.name" . }} + chart: {{ template "csp-collector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + checksum/config: {{ include (print $.Template.BasePath "/configMap.yaml") . | sha256sum | trunc 63 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ template "csp-collector.name" . }} + release: {{ .Release.Name }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configMap.yaml") . | sha256sum | trunc 63 }} + labels: + app: {{ template "csp-collector.name" . }} + release: {{ .Release.Name }} + spec: + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + volumeMounts: + - name: config-volume + mountPath: /configs + args: + - "/csp_collector" + {{- if .Values.custom.jsonOutput }} + - "--output-format" + - "json" + {{- end }} + {{- if .Values.custom.filterlist }} + - "--filter-file" + - "/configs/{{- .Values.custom.filterlist -}}" + {{- end }} + {{- if .Values.custom.graylogHost }} + - "--graylog" + - "{{- .Values.custom.graylogHost -}}" + {{- end }} + {{- if .Values.custom.debug }} + - "--debug" + {{- end }} + ports: + - name: http + containerPort: 8080 + protocol: TCP + livenessProbe: + httpGet: + path: /_healthcheck + port: http + readinessProbe: + httpGet: + path: /_healthcheck + port: http + resources: +{{ toYaml .Values.resources | indent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + volumes: + - name: config-volume + configMap: + name: {{ template "csp-collector.fullname" . }} + {{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} diff --git a/kubernetes/templates/ingress.yaml b/kubernetes/templates/ingress.yaml new file mode 100644 index 0000000..21f5c9f --- /dev/null +++ b/kubernetes/templates/ingress.yaml @@ -0,0 +1,39 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "csp-collector.fullname" . -}} +{{- $servicePort := .Values.service.port -}} +{{- $ingressPath := .Values.ingress.path -}} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + app: {{ template "csp-collector.name" . }} + chart: {{ template "csp-collector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- with .Values.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ . }} + http: + paths: + - path: {{ $ingressPath }} + backend: + serviceName: {{ $fullName }} + servicePort: http + {{- end }} +{{- end }} diff --git a/kubernetes/templates/service.yaml b/kubernetes/templates/service.yaml new file mode 100644 index 0000000..e85fa17 --- /dev/null +++ b/kubernetes/templates/service.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "csp-collector.fullname" . }} + labels: + app: {{ template "csp-collector.name" . }} + chart: {{ template "csp-collector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if .Values.service.annotations }} + annotations: +{{ toYaml .Values.service.annotations | indent 4 }} +{{- end }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + app: {{ template "csp-collector.name" . }} + release: {{ .Release.Name }} diff --git a/kubernetes/values.yaml b/kubernetes/values.yaml new file mode 100644 index 0000000..bc1e610 --- /dev/null +++ b/kubernetes/values.yaml @@ -0,0 +1,55 @@ +# Default values for csp-collector. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: jacobbednarz/go-csp-collector + tag: latest + pullPolicy: Always + +service: + type: ClusterIP + port: 8080 + annotations: {} + +custom: + # filterlist is either false, to use the built in filter list, + # or the path within the configMaps directly without any prefixes. Eg + # filterlist: 'filterlist.txt' + filterlist: false + # Log Json Output + jsonOutput: true + debug: false + +ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + path: / + hosts: + - chart-example.local + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} From d963b35ab74685f17d24dab37c0e8da9f4490d9a Mon Sep 17 00:00:00 2001 From: Timothy Clarke Date: Tue, 13 Nov 2018 16:06:23 +0000 Subject: [PATCH 2/5] PR#17 Update from comments. --- kubernetes/Chart.yaml | 2 +- kubernetes/README.md | 6 +++--- kubernetes/configMaps/filterlist.txt | 2 -- kubernetes/templates/NOTES.txt | 2 +- 4 files changed, 5 insertions(+), 7 deletions(-) diff --git a/kubernetes/Chart.yaml b/kubernetes/Chart.yaml index 2f5e21d..84084af 100644 --- a/kubernetes/Chart.yaml +++ b/kubernetes/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 appVersion: "1.0" -description: A Content Security Policy & XSS collector +description: A Content Security Policy violation collector name: csp-collector version: 0.1.0 diff --git a/kubernetes/README.md b/kubernetes/README.md index cdfc81f..86f9a32 100644 --- a/kubernetes/README.md +++ b/kubernetes/README.md @@ -1,13 +1,13 @@ -# Kubernetes / Helm Deployment Template for the CSP Report Collector +# Kubernetes / Helm Deployment Template for the CSP violation collector ## TL;DR; ```console -$ helm install -n csp-reporter -f custom-values.yaml kubernetes +$ helm install -n csp-collector -f custom-values.yaml kubernetes ``` ## Introduction -This chart deploys a Content Security Policy report collector from +This chart deploys a Content Security Policy violation collector from https://github.com/jacobbednarz/go-csp-collector/ Using the [kubernetes/values.yaml][1] file create a custom-values.yaml override diff --git a/kubernetes/configMaps/filterlist.txt b/kubernetes/configMaps/filterlist.txt index bcc93ef..2372d6f 100644 --- a/kubernetes/configMaps/filterlist.txt +++ b/kubernetes/configMaps/filterlist.txt @@ -20,5 +20,3 @@ ms-browser-extension wvjbscheme://__wvjb_queue_message__ nativebaiduhd://adblock bdvideo://error -https://fonts.gstatic.com/s/roboto/v18/KFO -https://fonts.gstatic.com/s/googlesans/v9/4Ua diff --git a/kubernetes/templates/NOTES.txt b/kubernetes/templates/NOTES.txt index a21edde..b52be3b 100644 --- a/kubernetes/templates/NOTES.txt +++ b/kubernetes/templates/NOTES.txt @@ -1,5 +1,5 @@ {{- if .Values.ingress.enabled }} -1. The CSP reporter availble by setting your report-uri to : +1. The CSP violation collector is available by setting your report-uri to: {{- range .Values.ingress.hosts }} http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }} {{- end }} From d327c896f71fbe488b8ff743dfdb8558c3cad8d3 Mon Sep 17 00:00:00 2001 From: Timothy Clarke Date: Sun, 24 May 2020 14:57:30 +0100 Subject: [PATCH 3/5] Updated for K8s 1.16 or later --- README.md | 8 ++++++++ .../kubernetes-helm}/.helmignore | 0 .../kubernetes-helm}/Chart.yaml | 0 .../kubernetes-helm}/README.md | 0 .../kubernetes-helm}/configMaps/filterlist.txt | 3 +++ .../kubernetes-helm}/templates/NOTES.txt | 0 .../kubernetes-helm}/templates/_helpers.tpl | 18 ++++++++++++++++++ .../kubernetes-helm}/templates/configMap.yaml | 2 ++ .../kubernetes-helm}/templates/deployment.yaml | 13 ++++--------- .../kubernetes-helm}/templates/ingress.yaml | 5 +---- .../kubernetes-helm}/templates/service.yaml | 5 +---- .../kubernetes-helm}/values.yaml | 0 12 files changed, 37 insertions(+), 17 deletions(-) rename {kubernetes => deployments/kubernetes-helm}/.helmignore (100%) rename {kubernetes => deployments/kubernetes-helm}/Chart.yaml (100%) rename {kubernetes => deployments/kubernetes-helm}/README.md (100%) rename {kubernetes => deployments/kubernetes-helm}/configMaps/filterlist.txt (86%) rename {kubernetes => deployments/kubernetes-helm}/templates/NOTES.txt (100%) rename {kubernetes => deployments/kubernetes-helm}/templates/_helpers.tpl (71%) rename {kubernetes => deployments/kubernetes-helm}/templates/configMap.yaml (70%) rename {kubernetes => deployments/kubernetes-helm}/templates/deployment.yaml (84%) rename {kubernetes => deployments/kubernetes-helm}/templates/ingress.yaml (83%) rename {kubernetes => deployments/kubernetes-helm}/templates/service.yaml (73%) rename {kubernetes => deployments/kubernetes-helm}/values.yaml (100%) diff --git a/README.md b/README.md index 600a4e8..377c247 100644 --- a/README.md +++ b/README.md @@ -81,5 +81,13 @@ violation data because there are already a bunch of great solutions out there. Once you have your violations being collected, be sure to slurp them into your favourite log aggregation tool. +### Deployments + +Currently supported deployment mechanisms: + +- [kubernetes/helm][3] + + [1]: https://github.com/jacobbednarz/go-csp-collector/blob/master/sample.filterlist.txt [2]: https://github.com/jacobbednarz/go-csp-collector/releases +[3]: https://github.com/jacobbednarz/go-csp-collector/blob/master/deployment/kubernetes-helm/README.md diff --git a/kubernetes/.helmignore b/deployments/kubernetes-helm/.helmignore similarity index 100% rename from kubernetes/.helmignore rename to deployments/kubernetes-helm/.helmignore diff --git a/kubernetes/Chart.yaml b/deployments/kubernetes-helm/Chart.yaml similarity index 100% rename from kubernetes/Chart.yaml rename to deployments/kubernetes-helm/Chart.yaml diff --git a/kubernetes/README.md b/deployments/kubernetes-helm/README.md similarity index 100% rename from kubernetes/README.md rename to deployments/kubernetes-helm/README.md diff --git a/kubernetes/configMaps/filterlist.txt b/deployments/kubernetes-helm/configMaps/filterlist.txt similarity index 86% rename from kubernetes/configMaps/filterlist.txt rename to deployments/kubernetes-helm/configMaps/filterlist.txt index 2372d6f..7f96061 100644 --- a/kubernetes/configMaps/filterlist.txt +++ b/deployments/kubernetes-helm/configMaps/filterlist.txt @@ -1,3 +1,4 @@ +# hash indicates a comment resource:// chromenull:// chrome-extension:// @@ -11,6 +12,8 @@ chromeinvoke:// chromeinvokeimmediate:// mbinit:// opera:// +ms-appx:// +ms-appx-web:// localhost 127.0.0.1 none:// diff --git a/kubernetes/templates/NOTES.txt b/deployments/kubernetes-helm/templates/NOTES.txt similarity index 100% rename from kubernetes/templates/NOTES.txt rename to deployments/kubernetes-helm/templates/NOTES.txt diff --git a/kubernetes/templates/_helpers.tpl b/deployments/kubernetes-helm/templates/_helpers.tpl similarity index 71% rename from kubernetes/templates/_helpers.tpl rename to deployments/kubernetes-helm/templates/_helpers.tpl index 7c97f95..635dcce 100644 --- a/kubernetes/templates/_helpers.tpl +++ b/deployments/kubernetes-helm/templates/_helpers.tpl @@ -30,3 +30,21 @@ Create chart name and version as used by the chart label. {{- define "csp-collector.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} + +{{/* +Common labels +*/}} +{{- define "csp-collector.labels" -}} +helm.sh/chart: {{ include "csp-collector.chart" . }} +{{ include "csp-collector.selectorLabels" . }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "csp-collector.selectorLabels" -}} +app.kubernetes.io/name: {{ include "csp-collector.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + diff --git a/kubernetes/templates/configMap.yaml b/deployments/kubernetes-helm/templates/configMap.yaml similarity index 70% rename from kubernetes/templates/configMap.yaml rename to deployments/kubernetes-helm/templates/configMap.yaml index 022b9fc..814e400 100644 --- a/kubernetes/templates/configMap.yaml +++ b/deployments/kubernetes-helm/templates/configMap.yaml @@ -3,5 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ template "csp-collector.fullname" . }} + labels: + {{- include "csp-collector.labels" . | nindent 4 }} data: {{ (.Files.Glob "configMaps/*").AsConfig | indent 2 }} diff --git a/kubernetes/templates/deployment.yaml b/deployments/kubernetes-helm/templates/deployment.yaml similarity index 84% rename from kubernetes/templates/deployment.yaml rename to deployments/kubernetes-helm/templates/deployment.yaml index 5865a44..84dd93b 100644 --- a/kubernetes/templates/deployment.yaml +++ b/deployments/kubernetes-helm/templates/deployment.yaml @@ -1,26 +1,21 @@ -apiVersion: apps/v1beta2 +apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "csp-collector.fullname" . }} labels: - app: {{ template "csp-collector.name" . }} - chart: {{ template "csp-collector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + {{- include "csp-collector.labels" . | nindent 4 }} checksum/config: {{ include (print $.Template.BasePath "/configMap.yaml") . | sha256sum | trunc 63 }} spec: replicas: {{ .Values.replicaCount }} selector: matchLabels: - app: {{ template "csp-collector.name" . }} - release: {{ .Release.Name }} + {{- include "csp-collector.selectorLabels" . | nindent 6 }} template: metadata: annotations: checksum/config: {{ include (print $.Template.BasePath "/configMap.yaml") . | sha256sum | trunc 63 }} labels: - app: {{ template "csp-collector.name" . }} - release: {{ .Release.Name }} + {{- include "csp-collector.selectorLabels" . | nindent 8 }} spec: containers: - name: {{ .Chart.Name }} diff --git a/kubernetes/templates/ingress.yaml b/deployments/kubernetes-helm/templates/ingress.yaml similarity index 83% rename from kubernetes/templates/ingress.yaml rename to deployments/kubernetes-helm/templates/ingress.yaml index 21f5c9f..e42c1a3 100644 --- a/kubernetes/templates/ingress.yaml +++ b/deployments/kubernetes-helm/templates/ingress.yaml @@ -7,10 +7,7 @@ kind: Ingress metadata: name: {{ $fullName }} labels: - app: {{ template "csp-collector.name" . }} - chart: {{ template "csp-collector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + {{- include "csp-collector.labels" . | nindent 4 }} {{- with .Values.ingress.annotations }} annotations: {{ toYaml . | indent 4 }} diff --git a/kubernetes/templates/service.yaml b/deployments/kubernetes-helm/templates/service.yaml similarity index 73% rename from kubernetes/templates/service.yaml rename to deployments/kubernetes-helm/templates/service.yaml index e85fa17..cf66c33 100644 --- a/kubernetes/templates/service.yaml +++ b/deployments/kubernetes-helm/templates/service.yaml @@ -3,10 +3,7 @@ kind: Service metadata: name: {{ template "csp-collector.fullname" . }} labels: - app: {{ template "csp-collector.name" . }} - chart: {{ template "csp-collector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + {{- include "csp-collector.labels" . | nindent 4 }} {{- if .Values.service.annotations }} annotations: {{ toYaml .Values.service.annotations | indent 4 }} diff --git a/kubernetes/values.yaml b/deployments/kubernetes-helm/values.yaml similarity index 100% rename from kubernetes/values.yaml rename to deployments/kubernetes-helm/values.yaml From 502a5bac73313f8d1045a5957ac23e9f58148579 Mon Sep 17 00:00:00 2001 From: Timothy Clarke Date: Sun, 24 May 2020 15:10:33 +0100 Subject: [PATCH 4/5] Removed Custom host --- deployments/kubernetes-helm/README.md | 8 ++++---- deployments/kubernetes-helm/templates/deployment.yaml | 4 ---- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/deployments/kubernetes-helm/README.md b/deployments/kubernetes-helm/README.md index 86f9a32..b833731 100644 --- a/deployments/kubernetes-helm/README.md +++ b/deployments/kubernetes-helm/README.md @@ -3,14 +3,14 @@ ## TL;DR; ```console -$ helm install -n csp-collector -f custom-values.yaml kubernetes +$ helm upgrade csp-collector kubernetes-helm --values custom-values.yaml --install ``` ## Introduction This chart deploys a Content Security Policy violation collector from https://github.com/jacobbednarz/go-csp-collector/ -Using the [kubernetes/values.yaml][1] file create a custom-values.yaml override +Using the [kubernetes-helm/values.yaml][1] file create a custom-values.yaml override with just the changed values then run the command above. eg. ``` @@ -47,9 +47,9 @@ ingress: | `service.port` | Service port | `80` | | `service.annotations` | Service annotations | `{}` | | `custom` | CLI Param Options (see Below) | | +| `custom.debug` | Logs in debug mode | `false` | | `custom.filterlist` | Name of file within the configMaps dir for custom filters| `false` Uses list compiled into the app | | `custom.jsonOutput` | Log entries as json objects, use `false` for plain text | `true` | -| `custom.debug` | Logs in debug mode | `false` | -[1]: https://github.com/jacobbednarz/go-csp-collector/kubernetes/values.yaml +[1]: https://github.com/jacobbednarz/go-csp-collector/blob/master/deployment/kubernetes-helm/values.yaml diff --git a/deployments/kubernetes-helm/templates/deployment.yaml b/deployments/kubernetes-helm/templates/deployment.yaml index 84dd93b..65838a5 100644 --- a/deployments/kubernetes-helm/templates/deployment.yaml +++ b/deployments/kubernetes-helm/templates/deployment.yaml @@ -34,10 +34,6 @@ spec: - "--filter-file" - "/configs/{{- .Values.custom.filterlist -}}" {{- end }} - {{- if .Values.custom.graylogHost }} - - "--graylog" - - "{{- .Values.custom.graylogHost -}}" - {{- end }} {{- if .Values.custom.debug }} - "--debug" {{- end }} From ab8adc14301c5a62543fa22c4e1a5391c559c07c Mon Sep 17 00:00:00 2001 From: Jacob Bednarz Date: Mon, 25 May 2020 08:07:36 +1000 Subject: [PATCH 5/5] Markdown formatting fixes --- README.md | 1 - deployments/kubernetes-helm/README.md | 4 ++-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 377c247..abf82c3 100644 --- a/README.md +++ b/README.md @@ -87,7 +87,6 @@ Currently supported deployment mechanisms: - [kubernetes/helm][3] - [1]: https://github.com/jacobbednarz/go-csp-collector/blob/master/sample.filterlist.txt [2]: https://github.com/jacobbednarz/go-csp-collector/releases [3]: https://github.com/jacobbednarz/go-csp-collector/blob/master/deployment/kubernetes-helm/README.md diff --git a/deployments/kubernetes-helm/README.md b/deployments/kubernetes-helm/README.md index b833731..e06a03f 100644 --- a/deployments/kubernetes-helm/README.md +++ b/deployments/kubernetes-helm/README.md @@ -7,13 +7,13 @@ $ helm upgrade csp-collector kubernetes-helm --values custom-values.yaml --insta ``` ## Introduction + This chart deploys a Content Security Policy violation collector from https://github.com/jacobbednarz/go-csp-collector/ Using the [kubernetes-helm/values.yaml][1] file create a custom-values.yaml override with just the changed values then run the command above. eg. -``` replicaCount: 2 custom: filterlist: "custom.filter.list" @@ -35,6 +35,7 @@ ingress: ``` ## Config params + | Parameter | Description | Default | | --------------------------- | :------------------------------- | :----------------------------- | | `ingress` | A standard ingress block | | @@ -51,5 +52,4 @@ ingress: | `custom.filterlist` | Name of file within the configMaps dir for custom filters| `false` Uses list compiled into the app | | `custom.jsonOutput` | Log entries as json objects, use `false` for plain text | `true` | - [1]: https://github.com/jacobbednarz/go-csp-collector/blob/master/deployment/kubernetes-helm/values.yaml