deploy and svc

Author: czpnt

charts/waf-multihost/Chart.yaml

@@ -2,4 +2,4 @@ apiVersion: v2
 name: waf-multihost
 description: CloudGuard WAF Deployment for multiple hostnames
 version: 0.1.0
-appVersion: "1.0"
+appVersion: "1.1"

charts/waf-multihost/templates/deployment.yaml

@@ -0,0 +1,87 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: waf
+spec:
+  replicas: {{ .Values.replicaCount }}  # Adjust the number of replicas as needed
+  selector:
+    matchLabels:
+      app: waf
+  template:
+    metadata:
+      labels:
+        app: waf
+    spec:
+      containers:
+      - name: cloudguard-appsec-standalone
+        env:
+        - name: CPTOKEN
+          valueFrom:
+            secretKeyRef:
+              name: waf
+              key: cptoken
+        # securityContext:
+        #   runAsUser: 0
+        #   runAsGroup: 0
+        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+        #image: checkpoint/cloudguard-appsec-standalone:787396
+        args:
+        - /cloudguard-appsec-standalone
+        - --token
+        - $(CPTOKEN)
+        - --ignore-all
+        # env:
+        # - name: https_proxy
+        #   value: "user:password@Proxy address:port"
+        ports:
+        - containerPort: 443  # SSL port
+        - containerPort: 80   # HTTP port
+        - containerPort: 8117 # Health-check port
+        volumeMounts:
+        - name: certs-volume
+          mountPath: "/etc/certs"
+          readOnly: true
+        # - name: certs
+        #   mountPath: "/etc/certs2/"
+        imagePullPolicy: Always
+        livenessProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /
+            port: 8117
+            scheme: HTTP
+          periodSeconds: 20
+          successThreshold: 1
+          timeoutSeconds: 10
+        startupProbe:
+          failureThreshold: 90
+          httpGet:
+            path: /
+            port: 8117
+            scheme: HTTP
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 10
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      #schedulerName: default-scheduler
+      securityContext: {}
+      terminationGracePeriodSeconds: 30
+      volumes:
+        - name: tls-secret
+          secret:
+            secretName: hello-klaud-tls
+        - name: certs-volume
+          projected:
+            sources:
+            {{- range $host := .Values.certificates.hosts }}
+            - secret:
+              name: {{ $.Release.Name }}-{{ $host.hostname | replace "." "-" }}-tls
+              items:
+              - key: tls.key
+                path: {{ $host.hostname }}.key
+              - key: tls.crt
+                path: {{ $host.hostname }}.pem
+            {{- end }}

charts/waf-multihost/templates/secret.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: waf
+type: Opaque
+stringData:
+  cptoken: {{ .Values.cptoken }}

charts/waf-multihost/templates/service.yaml

@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: waf
+spec:
+  selector:
+    app: waf
+  ports:
+    - protocol: TCP
+      port: 443
+      name: https
+      targetPort: 443  # Match the containerPort of the deployed pod
+    - protocol: TCP
+      port: 80
+      name: http
+      targetPort: 80   # Match the containerPort of the deployed pod
+    - protocol: TCP
+      port: 8117
+      name: health-check
+      targetPort: 8117  # Match the containerPort of the deployed pod
+  type: LoadBalancer

charts/waf-multihost/values.yaml

@@ -1,9 +1,11 @@
-replicaCount: 1
+replicaCount: 2
 
 image:
-  repository: my-app
+  repository: checkpoint/cloudguard-appsec-standalone
   tag: "latest"
 
+# token of your Docker Single Managed profile
+cptoken:
 
 certificates:
   issuer: letsencrypt-prod  # Your cert-manager issuer