diff --git a/charts/app-config-frontend/Chart.yaml b/charts/app-config-frontend/Chart.yaml index dac7bc62..a6d9721e 100644 --- a/charts/app-config-frontend/Chart.yaml +++ b/charts/app-config-frontend/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.0.2 +version: 1.1.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/app-config-frontend/README.md b/charts/app-config-frontend/README.md index f52d0bf7..a966bf5a 100644 --- a/charts/app-config-frontend/README.md +++ b/charts/app-config-frontend/README.md @@ -3,7 +3,7 @@ # app-config-frontend [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/app-config-frontend)](https://artifacthub.io/packages/helm/radar-base/app-config-frontend) -![Version: 1.0.2](https://img.shields.io/badge/Version-1.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.5.0](https://img.shields.io/badge/AppVersion-0.5.0-informational?style=flat-square) +![Version: 1.1.0](https://img.shields.io/badge/Version-1.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.5.0](https://img.shields.io/badge/AppVersion-0.5.0-informational?style=flat-square) A Helm chart for the frontend application of RADAR-base application config (app-config). @@ -70,6 +70,7 @@ A Helm chart for the frontend application of RADAR-base application config (app- | readinessProbe.timeoutSeconds | int | `5` | Timeout seconds for readinessProbe | | readinessProbe.successThreshold | int | `1` | Success threshold for readinessProbe | | readinessProbe.failureThreshold | int | `3` | Failure threshold for readinessProbe | +| networkpolicy | object | check `values.yaml` | Network policy defines who can access this application and who this applications has access to | | authUrl | string | `"http://localhost/managementportal/oauth"` | Authorization URL of the IDP | | authCallbackUrl | string | `"http://localhost/appconfig/login"` | Callback URL to where authorization-code should be returned | | backendUrl | string | `"/appconfig/api"` | Base-URL of the App Config backend service | diff --git a/charts/app-config-frontend/templates/networkpolicy.yaml b/charts/app-config-frontend/templates/networkpolicy.yaml new file mode 100644 index 00000000..3710fdea --- /dev/null +++ b/charts/app-config-frontend/templates/networkpolicy.yaml @@ -0,0 +1,12 @@ +{{- if .Values.networkpolicy }} +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: {{ template "app-config-frontend.fullname" . }} + labels: +{{ include "app-config-frontend.labels" . | indent 4 }} +spec: + podSelector: +{{ include "app-config-frontend.labels" . | indent 4 }} + {{- tpl (toYaml .Values.networkpolicy) . | nindent 2 }} +{{- end -}} diff --git a/charts/app-config-frontend/values.yaml b/charts/app-config-frontend/values.yaml index 02827250..b58a0023 100644 --- a/charts/app-config-frontend/values.yaml +++ b/charts/app-config-frontend/values.yaml @@ -127,6 +127,33 @@ readinessProbe: # -- Failure threshold for readinessProbe failureThreshold: 3 +# -- Network policy defines who can access this application and who this applications has access to +# @default -- check `values.yaml` +networkpolicy: + policyTypes: + - Ingress + - Egress + ingress: + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: ingress-nginx + egress: + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system + podSelector: + matchLabels: + k8s-app: kube-dns + ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP # -- Authorization URL of the IDP authUrl: http://localhost/managementportal/oauth diff --git a/charts/app-config/Chart.yaml b/charts/app-config/Chart.yaml index 05c120b6..f0c21980 100644 --- a/charts/app-config/Chart.yaml +++ b/charts/app-config/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: "0.5.0" description: A Helm chart for RADAR-base application config (app-config) backend service which is used as mobile app configuration engine with per-project and per-user configuration. name: app-config -version: 1.0.3 +version: 1.1.0 icon: "http://radar-base.org/wp-content/uploads/2022/09/Logo_RADAR-Base-RGB.png" sources: - https://github.com/RADAR-base/radar-helm-charts/tree/main/charts/app-config diff --git a/charts/app-config/README.md b/charts/app-config/README.md index ec816013..0f1275d9 100644 --- a/charts/app-config/README.md +++ b/charts/app-config/README.md @@ -3,7 +3,7 @@ # app-config [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/app-config)](https://artifacthub.io/packages/helm/radar-base/app-config) -![Version: 1.0.3](https://img.shields.io/badge/Version-1.0.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.5.0](https://img.shields.io/badge/AppVersion-0.5.0-informational?style=flat-square) +![Version: 1.1.0](https://img.shields.io/badge/Version-1.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.5.0](https://img.shields.io/badge/AppVersion-0.5.0-informational?style=flat-square) A Helm chart for RADAR-base application config (app-config) backend service which is used as mobile app configuration engine with per-project and per-user configuration. @@ -72,6 +72,7 @@ A Helm chart for RADAR-base application config (app-config) backend service whic | readinessProbe.timeoutSeconds | int | `5` | Timeout seconds for readinessProbe | | readinessProbe.successThreshold | int | `1` | Success threshold for readinessProbe | | readinessProbe.failureThreshold | int | `3` | Failure threshold for readinessProbe | +| networkpolicy | object | check `values.yaml` | Network policy defines who can access this application and who this applications has access to | | javaOpts | string | `"-Xmx550m"` | Standard JAVA_OPTS that should be passed to this service | | clientId | string | `"radar_appconfig"` | OAuth2 client id | | clientSecret | string | `"secret"` | OAuth2 client secret | diff --git a/charts/app-config/templates/networkpolicy.yaml b/charts/app-config/templates/networkpolicy.yaml new file mode 100644 index 00000000..cd70634c --- /dev/null +++ b/charts/app-config/templates/networkpolicy.yaml @@ -0,0 +1,12 @@ +{{- if .Values.networkpolicy }} +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: {{ template "app-config.fullname" . }} + labels: +{{ include "app-config.labels" . | indent 4 }} +spec: + podSelector: +{{ include "app-config.labels" . | indent 4 }} + {{- tpl (toYaml .Values.networkpolicy) . | nindent 2 }} +{{- end -}} diff --git a/charts/app-config/values.yaml b/charts/app-config/values.yaml index 222c09cb..d74ebca0 100644 --- a/charts/app-config/values.yaml +++ b/charts/app-config/values.yaml @@ -132,6 +132,47 @@ readinessProbe: # -- Failure threshold for readinessProbe failureThreshold: 3 +# -- Network policy defines who can access this application and who this applications has access to +# @default -- check `values.yaml` +networkpolicy: + policyTypes: + - Ingress + - Egress + ingress: + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: ingress-nginx + egress: + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: management-portal + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: postgresql + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system + podSelector: + matchLabels: + k8s-app: kube-dns + ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # -- Standard JAVA_OPTS that should be passed to this service javaOpts: "-Xmx550m" # -- OAuth2 client id diff --git a/charts/catalog-server/Chart.yaml b/charts/catalog-server/Chart.yaml index 9a7b1534..b39ec62f 100644 --- a/charts/catalog-server/Chart.yaml +++ b/charts/catalog-server/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: "0.8.2" description: A Helm chart for RADAR-base catalogue server. This application creates RADAR-base topics in Kafka, registers schemas in Schema Registry and keeps a catalog of available source types. name: catalog-server -version: 0.4.8 +version: 0.5.0 icon: "http://radar-base.org/wp-content/uploads/2022/09/Logo_RADAR-Base-RGB.png" sources: - https://github.com/RADAR-base/radar-helm-charts/tree/main/charts/catalog-server diff --git a/charts/catalog-server/README.md b/charts/catalog-server/README.md index 3bd8552d..39f986c5 100644 --- a/charts/catalog-server/README.md +++ b/charts/catalog-server/README.md @@ -3,7 +3,7 @@ # catalog-server [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/catalog-server)](https://artifacthub.io/packages/helm/radar-base/catalog-server) -![Version: 0.4.8](https://img.shields.io/badge/Version-0.4.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.8.2](https://img.shields.io/badge/AppVersion-0.8.2-informational?style=flat-square) +![Version: 0.5.0](https://img.shields.io/badge/Version-0.5.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.8.2](https://img.shields.io/badge/AppVersion-0.8.2-informational?style=flat-square) A Helm chart for RADAR-base catalogue server. This application creates RADAR-base topics in Kafka, registers schemas in Schema Registry and keeps a catalog of available source types. @@ -65,6 +65,7 @@ A Helm chart for RADAR-base catalogue server. This application creates RADAR-bas | readinessProbe.timeoutSeconds | int | `5` | Timeout seconds for readinessProbe | | readinessProbe.successThreshold | int | `1` | Success threshold for readinessProbe | | readinessProbe.failureThreshold | int | `3` | Failure threshold for readinessProbe | +| networkpolicy | object | check `values.yaml` | Network policy defines who can access this application and who this applications has access to | | kafka_num_brokers | int | `3` | number of Kafka brokers to look for | | kafka | string | `"cp-kafka-headless:9092"` | URI of Kafka brokers | | schema_registry | string | `"http://cp-schema-registry:8081"` | URL of the confluent schema registry | diff --git a/charts/catalog-server/templates/networkpolicy.yaml b/charts/catalog-server/templates/networkpolicy.yaml new file mode 100644 index 00000000..eb7d27cb --- /dev/null +++ b/charts/catalog-server/templates/networkpolicy.yaml @@ -0,0 +1,12 @@ +{{- if .Values.networkpolicy }} +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: {{ template "catalog-server.fullname" . }} + labels: +{{ include "catalog-server.labels" . | indent 4 }} +spec: + podSelector: +{{ include "catalog-server.labels" . | indent 4 }} + {{- tpl (toYaml .Values.networkpolicy) . | nindent 2 }} +{{- end -}} diff --git a/charts/catalog-server/values.yaml b/charts/catalog-server/values.yaml index a30798ee..40236353 100644 --- a/charts/catalog-server/values.yaml +++ b/charts/catalog-server/values.yaml @@ -122,6 +122,60 @@ readinessProbe: # -- Failure threshold for readinessProbe failureThreshold: 3 +# -- Network policy defines who can access this application and who this applications has access to +# @default -- check `values.yaml` +networkpolicy: + policyTypes: + - Ingress + - Egress + ingress: + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: management-portal + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: radar-s3-connector + egress: + - to: + - ipBlock: + cidr: 0.0.0.0/0 + except: + - 10.0.0.0/8 + - 192.168.0.0/16 + - 172.16.0.0/20 + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system + podSelector: + matchLabels: + k8s-app: kube-dns + ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: cp-kafka + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: cp-schema-registry + # -- number of Kafka brokers to look for kafka_num_brokers: 3 # -- URI of Kafka brokers diff --git a/charts/kube-prometheus-stack/Chart.yaml b/charts/kube-prometheus-stack/Chart.yaml index 2510f70f..cc25ac74 100644 --- a/charts/kube-prometheus-stack/Chart.yaml +++ b/charts/kube-prometheus-stack/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: "0.60.1" description: A Helm chart for Prometheus operator stack. This chart is an overlay for original kube-prometheus-stack chart. It defines some the default values for namespaces to monitor, alert templates, Nginx configuration and authentication and a few extra charts for Grafana. For more details on how to customize those values refer to original chart. name: kube-prometheus-stack -version: 0.4.1 +version: 0.4.2 sources: ["https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack"] deprecated: false type: application diff --git a/charts/kube-prometheus-stack/README.md b/charts/kube-prometheus-stack/README.md index e2e163ea..47c9ffbc 100644 --- a/charts/kube-prometheus-stack/README.md +++ b/charts/kube-prometheus-stack/README.md @@ -3,7 +3,7 @@ # kube-prometheus-stack [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/kube-prometheus-stack)](https://artifacthub.io/packages/helm/radar-base/kube-prometheus-stack) -![Version: 0.4.1](https://img.shields.io/badge/Version-0.4.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.60.1](https://img.shields.io/badge/AppVersion-0.60.1-informational?style=flat-square) +![Version: 0.4.2](https://img.shields.io/badge/Version-0.4.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.60.1](https://img.shields.io/badge/AppVersion-0.60.1-informational?style=flat-square) A Helm chart for Prometheus operator stack. This chart is an overlay for original kube-prometheus-stack chart. It defines some the default values for namespaces to monitor, alert templates, Nginx configuration and authentication and a few extra charts for Grafana. For more details on how to customize those values refer to original chart. diff --git a/charts/kube-prometheus-stack/values.yaml b/charts/kube-prometheus-stack/values.yaml index e859846b..d22a65eb 100644 --- a/charts/kube-prometheus-stack/values.yaml +++ b/charts/kube-prometheus-stack/values.yaml @@ -154,6 +154,11 @@ kube-prometheus-stack: patch: enabled: false + networkPolicy: + ## Enable creation of NetworkPolicy resources. + ## + enabled: false + ## Deploy a Prometheus instance ## prometheus: diff --git a/charts/management-portal/Chart.yaml b/charts/management-portal/Chart.yaml index ef8e65bf..c2db2d00 100644 --- a/charts/management-portal/Chart.yaml +++ b/charts/management-portal/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: "2.0.0" description: A Helm chart for RADAR-Base Management Portal to manage projects and participants throughout RADAR-base. name: management-portal -version: 1.0.4 +version: 1.1.0 icon: "http://radar-base.org/wp-content/uploads/2022/09/Logo_RADAR-Base-RGB.png" sources: - https://github.com/RADAR-base/radar-helm-charts/tree/main/charts/management-portal diff --git a/charts/management-portal/README.md b/charts/management-portal/README.md index 811b2fa4..b65e27eb 100644 --- a/charts/management-portal/README.md +++ b/charts/management-portal/README.md @@ -3,7 +3,7 @@ # management-portal [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/management-portal)](https://artifacthub.io/packages/helm/radar-base/management-portal) -![Version: 1.0.4](https://img.shields.io/badge/Version-1.0.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.0](https://img.shields.io/badge/AppVersion-2.0.0-informational?style=flat-square) +![Version: 1.1.0](https://img.shields.io/badge/Version-1.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.0](https://img.shields.io/badge/AppVersion-2.0.0-informational?style=flat-square) A Helm chart for RADAR-Base Management Portal to manage projects and participants throughout RADAR-base. @@ -76,6 +76,7 @@ A Helm chart for RADAR-Base Management Portal to manage projects and participant | readinessProbe.timeoutSeconds | int | `5` | Timeout seconds for readinessProbe | | readinessProbe.successThreshold | int | `1` | Success threshold for readinessProbe | | readinessProbe.failureThreshold | int | `3` | Failure threshold for readinessProbe | +| networkpolicy | object | check `values.yaml` | Network policy defines who can access this application and who this applications has access to | | keystore | string | `""` | base 64 encoded binary p12 keystore containing a ECDSA certificate with alias `radarbase-managementportal-ec` and a RSA certificate with alias `selfsigned`. | | postgres.host | string | `"postgresql"` | host name of the postgres db | | postgres.port | int | `5432` | post of the postgres db | @@ -101,7 +102,7 @@ A Helm chart for RADAR-Base Management Portal to manage projects and participant | smtp.from | string | `"noreply@example.com"` | Email address which should be used to send activation emails | | smtp.starttls | bool | `false` | set to true,if ttls should be enabled | | smtp.auth | bool | `true` | set to true, if the account should be authenticated before sending emails | -| oauth_clients | object | check values.yaml | OAuth2 Client configuration | +| oauth_clients | object | check `values.yaml` | OAuth2 Client configuration | ## OAuth Client Configuration List of OAuth client configurations supported by RADAR-base. Each client should be enabled separately, if relevant and used in the installation. diff --git a/charts/management-portal/templates/configmap.yaml b/charts/management-portal/templates/configmap.yaml index 7bd9af0b..ec112e9c 100644 --- a/charts/management-portal/templates/configmap.yaml +++ b/charts/management-portal/templates/configmap.yaml @@ -3,10 +3,7 @@ kind: ConfigMap metadata: name: {{ template "management-portal.fullname" . }} labels: - app: {{ template "management-portal.name" . }} - chart: {{ template "management-portal.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} +{{ include "management-portal.labels" . | indent 4 }} data: healthcheck.sh: | #!/bin/sh diff --git a/charts/management-portal/templates/deployment.yaml b/charts/management-portal/templates/deployment.yaml index 1bd766fd..3e2e0239 100644 --- a/charts/management-portal/templates/deployment.yaml +++ b/charts/management-portal/templates/deployment.yaml @@ -3,10 +3,7 @@ kind: Deployment metadata: name: {{ include "management-portal.fullname" . }} labels: - app.kubernetes.io/name: {{ include "management-portal.name" . }} - helm.sh/chart: {{ include "management-portal.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} +{{ include "management-portal.labels" . | indent 4 }} spec: replicas: {{ .Values.replicaCount }} selector: diff --git a/charts/management-portal/templates/networkpolicy.yaml b/charts/management-portal/templates/networkpolicy.yaml new file mode 100644 index 00000000..de372cff --- /dev/null +++ b/charts/management-portal/templates/networkpolicy.yaml @@ -0,0 +1,12 @@ +{{- if .Values.networkpolicy }} +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: {{ template "management-portal.fullname" . }} + labels: +{{ include "management-portal.labels" . | indent 4 }} +spec: + podSelector: +{{ include "management-portal.labels" . | indent 4 }} + {{- tpl (toYaml .Values.networkpolicy) . | nindent 2 }} +{{- end -}} diff --git a/charts/management-portal/templates/secrets-config.yaml b/charts/management-portal/templates/secrets-config.yaml index fcd95c57..0ba36ae6 100644 --- a/charts/management-portal/templates/secrets-config.yaml +++ b/charts/management-portal/templates/secrets-config.yaml @@ -32,9 +32,6 @@ kind: Secret metadata: name: {{ template "management-portal.fullname" . }}-config labels: - app: {{ template "management-portal.name" . }} - chart: {{ template "management-portal.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} +{{ include "management-portal.labels" . | indent 4 }} data: oauth_client_details.csv: {{ include "oauth-clients-details.csv" . | b64enc | quote }} diff --git a/charts/management-portal/templates/secrets-keystore.yaml b/charts/management-portal/templates/secrets-keystore.yaml index 41427679..ee19d878 100644 --- a/charts/management-portal/templates/secrets-keystore.yaml +++ b/charts/management-portal/templates/secrets-keystore.yaml @@ -3,10 +3,7 @@ kind: Secret metadata: name: {{ template "management-portal.fullname" . }}-keystore labels: - app: {{ template "management-portal.name" . }} - chart: {{ template "management-portal.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} +{{ include "management-portal.labels" . | indent 4 }} type: Opaque data: keystore.p12: {{ .Values.keystore }} diff --git a/charts/management-portal/templates/secrets-postgres-keystore.yaml b/charts/management-portal/templates/secrets-postgres-keystore.yaml index 2f901c03..4fc585c4 100644 --- a/charts/management-portal/templates/secrets-postgres-keystore.yaml +++ b/charts/management-portal/templates/secrets-postgres-keystore.yaml @@ -4,10 +4,7 @@ kind: Secret metadata: name: {{ template "management-portal.fullname" . }}-root-cert labels: - app: {{ template "management-portal.name" . }} - chart: {{ template "management-portal.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} +{{ include "management-portal.labels" . | indent 4 }} type: Opaque data: root.crt: {{ .Values.postgres.ssl.keystore }} diff --git a/charts/management-portal/templates/secrets.yaml b/charts/management-portal/templates/secrets.yaml index 4bbef140..de101f14 100644 --- a/charts/management-portal/templates/secrets.yaml +++ b/charts/management-portal/templates/secrets.yaml @@ -4,10 +4,7 @@ kind: Secret metadata: name: {{ template "management-portal.fullname" . }} labels: - app: {{ template "management-portal.name" . }} - chart: {{ template "management-portal.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} +{{ include "management-portal.labels" . | indent 4 }} type: Opaque data: postgresql_password: {{ .Values.postgres.password | b64enc | quote }} diff --git a/charts/management-portal/templates/service.yaml b/charts/management-portal/templates/service.yaml index b41395a4..61c4fbce 100644 --- a/charts/management-portal/templates/service.yaml +++ b/charts/management-portal/templates/service.yaml @@ -3,10 +3,7 @@ kind: Service metadata: name: {{ include "management-portal.fullname" . }} labels: - app.kubernetes.io/name: {{ include "management-portal.name" . }} - helm.sh/chart: {{ include "management-portal.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} +{{ include "management-portal.labels" . | indent 4 }} spec: type: {{ .Values.service.type }} ports: diff --git a/charts/management-portal/values.yaml b/charts/management-portal/values.yaml index 72ed347b..ace98537 100644 --- a/charts/management-portal/values.yaml +++ b/charts/management-portal/values.yaml @@ -150,6 +150,108 @@ readinessProbe: # -- Failure threshold for readinessProbe failureThreshold: 3 +# -- Network policy defines who can access this application and who this applications has access to +# @default -- check `values.yaml` +networkpolicy: + policyTypes: + - Ingress + - Egress + ingress: + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: ingress-nginx + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: app-config + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: radar-appserver + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: radar-fitbit-connector + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: radar-gateway + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: radar-integration + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: radar-push-endpoint + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: radar-rest-sources-backend + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: radar-upload-connect-backend + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: radar-upload-source-connector + egress: + - to: + - ipBlock: + cidr: 0.0.0.0/0 + except: + - 10.0.0.0/8 + - 192.168.0.0/16 + - 172.16.0.0/20 + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: '{{ .Values.catalogue_server }}' + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: '{{ .Values.postgres.host }}' + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system + podSelector: + matchLabels: + k8s-app: kube-dns + ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # -- base 64 encoded binary p12 keystore containing a ECDSA certificate with alias `radarbase-managementportal-ec` and a RSA certificate with alias `selfsigned`. keystore: "" # With helmfile, this can be set in a production.yaml.gotmpl @@ -221,7 +323,7 @@ smtp: auth: true # -- OAuth2 Client configuration -# @default -- check values.yaml +# @default -- check `values.yaml` oauth_clients: pRMT: enable: false diff --git a/charts/radar-appserver/Chart.yaml b/charts/radar-appserver/Chart.yaml index 8f58a58b..3629b6ae 100644 --- a/charts/radar-appserver/Chart.yaml +++ b/charts/radar-appserver/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: "2.4.1" description: A Helm chart for the backend application of RADAR-base Appserver name: radar-appserver -version: 0.1.12 +version: 0.2.0 icon: "http://radar-base.org/wp-content/uploads/2022/09/Logo_RADAR-Base-RGB.png" sources: - https://github.com/RADAR-base/radar-helm-charts/tree/main/charts/radar-appserver diff --git a/charts/radar-appserver/README.md b/charts/radar-appserver/README.md index d3db2e52..7cbe9509 100644 --- a/charts/radar-appserver/README.md +++ b/charts/radar-appserver/README.md @@ -3,7 +3,7 @@ # radar-appserver [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/radar-appserver)](https://artifacthub.io/packages/helm/radar-base/radar-appserver) -![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) +![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) A Helm chart for the backend application of RADAR-base Appserver @@ -67,6 +67,7 @@ A Helm chart for the backend application of RADAR-base Appserver | readinessProbe.timeoutSeconds | int | `5` | Timeout seconds for readinessProbe | | readinessProbe.successThreshold | int | `1` | Success threshold for readinessProbe | | readinessProbe.failureThreshold | int | `3` | Failure threshold for readinessProbe | +| networkpolicy | object | check `values.yaml` | Network policy defines who can access this application and who this applications has access to | | postgres.host | string | `"radar-appserver-postgresql"` | host name of the postgres db | | postgres.port | int | `5432` | post of the postgres db | | postgres.database | string | `"appserver"` | database name | diff --git a/charts/radar-appserver/templates/_helpers.tpl b/charts/radar-appserver/templates/_helpers.tpl index 44683a71..dc2182df 100644 --- a/charts/radar-appserver/templates/_helpers.tpl +++ b/charts/radar-appserver/templates/_helpers.tpl @@ -52,3 +52,23 @@ Return true if a secret object should be created {{- true -}} {{- end -}} {{- end -}} + +{{/* +Common labels +*/}} +{{- define "radar-appserver.labels" -}} +helm.sh/chart: {{ include "radar-appserver.chart" . }} +{{ include "radar-appserver.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "radar-appserver.selectorLabels" -}} +app.kubernetes.io/name: {{ include "radar-appserver.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/charts/radar-appserver/templates/configmap.yaml b/charts/radar-appserver/templates/configmap.yaml index 8fe3dda8..d6daa8ae 100644 --- a/charts/radar-appserver/templates/configmap.yaml +++ b/charts/radar-appserver/templates/configmap.yaml @@ -3,10 +3,7 @@ kind: ConfigMap metadata: name: {{ template "radar-appserver.fullname" . }} labels: - app: {{ template "radar-appserver.name" . }} - chart: {{ template "radar-appserver.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} +{{ include "radar-appserver.labels" . | indent 4 }} data: healthcheck.sh: | #!/bin/sh diff --git a/charts/radar-appserver/templates/deployment.yaml b/charts/radar-appserver/templates/deployment.yaml index b7d8babb..9a886717 100644 --- a/charts/radar-appserver/templates/deployment.yaml +++ b/charts/radar-appserver/templates/deployment.yaml @@ -3,10 +3,7 @@ kind: Deployment metadata: name: {{ include "radar-appserver.fullname" . }} labels: - app.kubernetes.io/name: {{ include "radar-appserver.name" . }} - helm.sh/chart: {{ include "radar-appserver.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} +{{ include "radar-appserver.labels" . | indent 4 }} spec: replicas: {{ .Values.replicaCount }} selector: diff --git a/charts/radar-appserver/templates/ingress.yaml b/charts/radar-appserver/templates/ingress.yaml index ff5c8f19..7fe21753 100644 --- a/charts/radar-appserver/templates/ingress.yaml +++ b/charts/radar-appserver/templates/ingress.yaml @@ -13,10 +13,7 @@ kind: Ingress metadata: name: {{ $fullName }} labels: - app.kubernetes.io/name: {{ include "radar-appserver.name" . }} - helm.sh/chart: {{ include "radar-appserver.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} +{{ include "radar-appserver.labels" . | indent 4 }} {{- with .Values.ingress.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/charts/radar-appserver/templates/networkpolicy.yaml b/charts/radar-appserver/templates/networkpolicy.yaml new file mode 100644 index 00000000..bee3f0f3 --- /dev/null +++ b/charts/radar-appserver/templates/networkpolicy.yaml @@ -0,0 +1,12 @@ +{{- if .Values.networkpolicy }} +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: {{ template "radar-appserver.fullname" . }} + labels: +{{ include "radar-appserver.labels" . | indent 4 }} +spec: + podSelector: +{{ include "radar-appserver.labels" . | indent 4 }} + {{- tpl (toYaml .Values.networkpolicy) . | nindent 2 }} +{{- end -}} diff --git a/charts/radar-appserver/templates/secrets.yaml b/charts/radar-appserver/templates/secrets.yaml index 30da374a..5364ccad 100644 --- a/charts/radar-appserver/templates/secrets.yaml +++ b/charts/radar-appserver/templates/secrets.yaml @@ -4,10 +4,7 @@ kind: Secret metadata: name: {{ template "radar-appserver.fullname" . }} labels: - app: {{ template "radar-appserver.name" . }} - chart: {{ template "radar-appserver.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} +{{ include "radar-appserver.labels" . | indent 4 }} type: Opaque data: managementPortalClientId: {{ .Values.radar_admin_user | b64enc | quote }} diff --git a/charts/radar-appserver/templates/service.yaml b/charts/radar-appserver/templates/service.yaml index bfc67849..76d74102 100644 --- a/charts/radar-appserver/templates/service.yaml +++ b/charts/radar-appserver/templates/service.yaml @@ -3,10 +3,7 @@ kind: Service metadata: name: {{ include "radar-appserver.fullname" . }} labels: - app.kubernetes.io/name: {{ include "radar-appserver.name" . }} - helm.sh/chart: {{ include "radar-appserver.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} +{{ include "radar-appserver.labels" . | indent 4 }} spec: type: {{ .Values.service.type }} ports: diff --git a/charts/radar-appserver/values.yaml b/charts/radar-appserver/values.yaml index 93864c2a..cc2317d1 100644 --- a/charts/radar-appserver/values.yaml +++ b/charts/radar-appserver/values.yaml @@ -124,6 +124,54 @@ readinessProbe: # -- Failure threshold for readinessProbe failureThreshold: 3 +# -- Network policy defines who can access this application and who this applications has access to +# @default -- check `values.yaml` +networkpolicy: + policyTypes: + - Ingress + - Egress + ingress: + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: ingress-nginx + egress: + - to: + - ipBlock: + cidr: 0.0.0.0/0 + except: + - 10.0.0.0/8 + - 192.168.0.0/16 + - 172.16.0.0/20 + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: 'management-portal' + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: '{{ .Values.postgres.host }}' + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system + podSelector: + matchLabels: + k8s-app: kube-dns + ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # Configuration of the Postgres data base to store data from Appserver postgres: # -- host name of the postgres db diff --git a/charts/radar-backend/Chart.yaml b/charts/radar-backend/Chart.yaml index 2c4ce6be..ba084454 100644 --- a/charts/radar-backend/Chart.yaml +++ b/charts/radar-backend/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: "0.4.0" description: A Helm chart for RADAR-Base backend services which provides a layer to monitor and analyze streams of wearable data and write data to storage. name: radar-backend -version: 0.1.4 +version: 0.2.0 icon: "http://radar-base.org/wp-content/uploads/2022/09/Logo_RADAR-Base-RGB.png" sources: - https://github.com/RADAR-base/radar-helm-charts/tree/main/charts/radar-backend diff --git a/charts/radar-backend/templates/configmap.yaml b/charts/radar-backend/templates/configmap.yaml index 23b21e9a..23650347 100644 --- a/charts/radar-backend/templates/configmap.yaml +++ b/charts/radar-backend/templates/configmap.yaml @@ -3,10 +3,7 @@ kind: ConfigMap metadata: name: {{ template "radar-backend.fullname" . }} labels: - app: {{ template "radar-backend.name" . }} - chart: {{ template "radar-backend.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} +{{ include "radar-backend.labels" . | indent 4 }} data: radar.yml: | version: 1.0 diff --git a/charts/radar-backend/templates/deployment.yaml b/charts/radar-backend/templates/deployment.yaml index 3bcd919f..d37c4b51 100644 --- a/charts/radar-backend/templates/deployment.yaml +++ b/charts/radar-backend/templates/deployment.yaml @@ -3,10 +3,7 @@ kind: Deployment metadata: name: {{ include "radar-backend.fullname" . }} labels: - app.kubernetes.io/name: {{ include "radar-backend.name" . }} - helm.sh/chart: {{ include "radar-backend.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} +{{ include "radar-backend.labels" . | indent 4 }} spec: replicas: {{ .Values.replicaCount }} selector: diff --git a/charts/radar-backend/templates/networkpolicy.yaml b/charts/radar-backend/templates/networkpolicy.yaml new file mode 100644 index 00000000..7857e7c8 --- /dev/null +++ b/charts/radar-backend/templates/networkpolicy.yaml @@ -0,0 +1,12 @@ +{{- if .Values.networkpolicy }} +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: {{ template "radar-backend.fullname" . }} + labels: +{{ include "radar-backend.labels" . | indent 4 }} +spec: + podSelector: +{{ include "radar-backend.labels" . | indent 4 }} + {{- tpl (toYaml .Values.networkpolicy) . | nindent 2 }} +{{- end -}} diff --git a/charts/radar-backend/templates/pvc.yaml b/charts/radar-backend/templates/pvc.yaml index 289eded1..eb2511ef 100644 --- a/charts/radar-backend/templates/pvc.yaml +++ b/charts/radar-backend/templates/pvc.yaml @@ -4,10 +4,7 @@ apiVersion: v1 metadata: name: {{ template "radar-backend.fullname" . }} labels: - app: "{{ template "radar-backend.fullname" . }}" - chart: "{{ template "radar-backend.chart" . }}" - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} +{{ include "radar-backend.labels" . | indent 4 }} spec: accessModes: - {{ .Values.persistence.accessMode | quote }} diff --git a/charts/radar-backend/templates/service.yaml b/charts/radar-backend/templates/service.yaml index 4ecacac2..4a25a222 100644 --- a/charts/radar-backend/templates/service.yaml +++ b/charts/radar-backend/templates/service.yaml @@ -3,10 +3,7 @@ kind: Service metadata: name: {{ include "radar-backend.fullname" . }} labels: - app.kubernetes.io/name: {{ include "radar-backend.name" . }} - helm.sh/chart: {{ include "radar-backend.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} +{{ include "radar-backend.labels" . | indent 4 }} spec: type: {{ .Values.service.type }} ports: diff --git a/charts/radar-backend/values.yaml b/charts/radar-backend/values.yaml index aac69bee..75a20b48 100644 --- a/charts/radar-backend/values.yaml +++ b/charts/radar-backend/values.yaml @@ -57,6 +57,51 @@ extraEnvVars: - name: TOPIC_LIST value: "application_record_counts" +# -- Network policy defines who can access this application and who this applications has access to +# @default -- check `values.yaml` +networkpolicy: + policyTypes: + - Egress + egress: + - to: + - ipBlock: + cidr: 0.0.0.0/0 + except: + - 10.0.0.0/8 + - 192.168.0.0/16 + - 172.16.0.0/20 + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: 'cp-zookeeper' + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: 'cp-kafka' + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: 'cp-schema-registry' + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system + podSelector: + matchLabels: + k8s-app: kube-dns + ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # command: "monitor" # command: "stream" diff --git a/charts/radar-fitbit-connector/Chart.yaml b/charts/radar-fitbit-connector/Chart.yaml index 3c45820b..f14f2556 100644 --- a/charts/radar-fitbit-connector/Chart.yaml +++ b/charts/radar-fitbit-connector/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: "0.4.1" description: A Helm chart for RADAR-base fitbit connector. This application collects data from participants via the Fitbit Web API. name: radar-fitbit-connector -version: 0.2.9 +version: 0.3.0 icon: "http://radar-base.org/wp-content/uploads/2022/09/Logo_RADAR-Base-RGB.png" sources: - https://github.com/RADAR-base/radar-helm-charts/tree/main/charts/radar-fitbit-connector diff --git a/charts/radar-fitbit-connector/README.md b/charts/radar-fitbit-connector/README.md index 5e98667d..c0eb7a5b 100644 --- a/charts/radar-fitbit-connector/README.md +++ b/charts/radar-fitbit-connector/README.md @@ -3,7 +3,7 @@ # radar-fitbit-connector [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/radar-fitbit-connector)](https://artifacthub.io/packages/helm/radar-base/radar-fitbit-connector) -![Version: 0.2.9](https://img.shields.io/badge/Version-0.2.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.4.1](https://img.shields.io/badge/AppVersion-0.4.1-informational?style=flat-square) +![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.4.1](https://img.shields.io/badge/AppVersion-0.4.1-informational?style=flat-square) A Helm chart for RADAR-base fitbit connector. This application collects data from participants via the Fitbit Web API. @@ -67,6 +67,7 @@ A Helm chart for RADAR-base fitbit connector. This application collects data fro | readinessProbe.timeoutSeconds | int | `5` | Timeout seconds for readinessProbe | | readinessProbe.successThreshold | int | `1` | Success threshold for readinessProbe | | readinessProbe.failureThreshold | int | `3` | Failure threshold for readinessProbe | +| networkpolicy | object | check `values.yaml` | Network policy defines who can access this application and who this applications has access to | | zookeeper | string | `"cp-zookeeper-headless:2181"` | URI of Zookeeper instances of the cluster | | kafka | string | `"PLAINTEXT://cp-kafka-headless:9092"` | URI of Kafka brokers of the cluster | | kafka_num_brokers | string | `"3"` | Number of Kafka brokers. This is used to validate the cluster availability at connector init. | diff --git a/charts/radar-fitbit-connector/templates/configmap-properties.yaml b/charts/radar-fitbit-connector/templates/configmap-properties.yaml index cebcdbc2..7e52eda0 100644 --- a/charts/radar-fitbit-connector/templates/configmap-properties.yaml +++ b/charts/radar-fitbit-connector/templates/configmap-properties.yaml @@ -3,10 +3,7 @@ kind: ConfigMap metadata: name: {{ template "radar-fitbit-connector.fullname" . }}-properties labels: - app: {{ template "radar-fitbit-connector.name" . }} - chart: {{ template "radar-fitbit-connector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} +{{ include "radar-fitbit-connector.labels" . | indent 4 }} data: source-fitbit.properties: | name=radar-fitbit-source diff --git a/charts/radar-fitbit-connector/templates/configmap-users.yaml b/charts/radar-fitbit-connector/templates/configmap-users.yaml index 963d266e..cf1a18ea 100644 --- a/charts/radar-fitbit-connector/templates/configmap-users.yaml +++ b/charts/radar-fitbit-connector/templates/configmap-users.yaml @@ -3,10 +3,7 @@ kind: ConfigMap metadata: name: {{ template "radar-fitbit-connector.fullname" . }}-users labels: - app: {{ template "radar-fitbit-connector.name" . }} - chart: {{ template "radar-fitbit-connector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} +{{ include "radar-fitbit-connector.labels" . | indent 4 }} data: fitbit-user.yml: | --- diff --git a/charts/radar-fitbit-connector/templates/deployment.yaml b/charts/radar-fitbit-connector/templates/deployment.yaml index e4c0f78c..969a96de 100644 --- a/charts/radar-fitbit-connector/templates/deployment.yaml +++ b/charts/radar-fitbit-connector/templates/deployment.yaml @@ -3,10 +3,7 @@ kind: Deployment metadata: name: {{ include "radar-fitbit-connector.fullname" . }} labels: - app.kubernetes.io/name: {{ include "radar-fitbit-connector.name" . }} - helm.sh/chart: {{ include "radar-fitbit-connector.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} +{{ include "radar-fitbit-connector.labels" . | indent 4 }} spec: replicas: {{ .Values.replicaCount }} selector: diff --git a/charts/radar-fitbit-connector/templates/networkpolicy.yaml b/charts/radar-fitbit-connector/templates/networkpolicy.yaml new file mode 100644 index 00000000..47f9ac1b --- /dev/null +++ b/charts/radar-fitbit-connector/templates/networkpolicy.yaml @@ -0,0 +1,12 @@ +{{- if .Values.networkpolicy }} +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: {{ template "radar-fitbit-connector.fullname" . }} + labels: +{{ include "radar-fitbit-connector.labels" . | indent 4 }} +spec: + podSelector: +{{ include "radar-fitbit-connector.labels" . | indent 4 }} + {{- tpl (toYaml .Values.networkpolicy) . | nindent 2 }} +{{- end -}} diff --git a/charts/radar-fitbit-connector/templates/pvc.yaml b/charts/radar-fitbit-connector/templates/pvc.yaml index c4c3db9b..ca448cb5 100644 --- a/charts/radar-fitbit-connector/templates/pvc.yaml +++ b/charts/radar-fitbit-connector/templates/pvc.yaml @@ -4,10 +4,7 @@ apiVersion: v1 metadata: name: {{ template "radar-fitbit-connector.fullname" . }} labels: - app: "{{ template "radar-fitbit-connector.fullname" . }}" - chart: "{{ template "radar-fitbit-connector.chart" . }}" - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} +{{ include "radar-fitbit-connector.labels" . | indent 4 }} spec: accessModes: - {{ .Values.persistence.accessMode | quote }} diff --git a/charts/radar-fitbit-connector/templates/service.yaml b/charts/radar-fitbit-connector/templates/service.yaml index 49c0ac33..faf7ab9a 100644 --- a/charts/radar-fitbit-connector/templates/service.yaml +++ b/charts/radar-fitbit-connector/templates/service.yaml @@ -3,10 +3,7 @@ kind: Service metadata: name: {{ include "radar-fitbit-connector.fullname" . }} labels: - app.kubernetes.io/name: {{ include "radar-fitbit-connector.name" . }} - helm.sh/chart: {{ include "radar-fitbit-connector.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} +{{ include "radar-fitbit-connector.labels" . | indent 4 }} spec: type: {{ .Values.service.type }} ports: diff --git a/charts/radar-fitbit-connector/values.yaml b/charts/radar-fitbit-connector/values.yaml index 505b8ead..e8404866 100644 --- a/charts/radar-fitbit-connector/values.yaml +++ b/charts/radar-fitbit-connector/values.yaml @@ -126,6 +126,63 @@ readinessProbe: # -- Failure threshold for readinessProbe failureThreshold: 3 +# -- Network policy defines who can access this application and who this applications has access to +# @default -- check `values.yaml` +networkpolicy: + policyTypes: + - Egress + egress: + - to: + - ipBlock: + cidr: 0.0.0.0/0 + except: + - 10.0.0.0/8 + - 192.168.0.0/16 + - 172.16.0.0/20 + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: 'cp-zookeeper' + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: 'cp-kafka' + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: 'cp-schema-registry' + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: 'radar-rest-sources-backend' + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: 'management-portal' + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system + podSelector: + matchLabels: + k8s-app: kube-dns + ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # -- URI of Zookeeper instances of the cluster zookeeper: cp-zookeeper-headless:2181 # -- URI of Kafka brokers of the cluster diff --git a/charts/radar-gateway/Chart.yaml b/charts/radar-gateway/Chart.yaml index 15dbb92d..e77df9e3 100644 --- a/charts/radar-gateway/Chart.yaml +++ b/charts/radar-gateway/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: "0.6.0" description: A Helm chart for RADAR-base gateway. REST Gateway to Kafka, for incoming participant data. It performs authentication, authorization, content validation and decompression. For more details of the configurations, see https://github.com/RADAR-base/RADAR-Gateway/blob/master/gateway.yml. name: radar-gateway -version: 1.0.4 +version: 1.1.1 icon: "http://radar-base.org/wp-content/uploads/2022/09/Logo_RADAR-Base-RGB.png" sources: - https://github.com/RADAR-base/radar-helm-charts/tree/main/charts/radar-gateway diff --git a/charts/radar-gateway/README.md b/charts/radar-gateway/README.md index c3de0dee..9296023b 100644 --- a/charts/radar-gateway/README.md +++ b/charts/radar-gateway/README.md @@ -3,7 +3,7 @@ # radar-gateway [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/radar-gateway)](https://artifacthub.io/packages/helm/radar-base/radar-gateway) -![Version: 1.0.4](https://img.shields.io/badge/Version-1.0.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.6.0](https://img.shields.io/badge/AppVersion-0.6.0-informational?style=flat-square) +![Version: 1.1.1](https://img.shields.io/badge/Version-1.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.6.0](https://img.shields.io/badge/AppVersion-0.6.0-informational?style=flat-square) A Helm chart for RADAR-base gateway. REST Gateway to Kafka, for incoming participant data. It performs authentication, authorization, content validation and decompression. For more details of the configurations, see https://github.com/RADAR-base/RADAR-Gateway/blob/master/gateway.yml. @@ -68,6 +68,7 @@ A Helm chart for RADAR-base gateway. REST Gateway to Kafka, for incoming partici | readinessProbe.timeoutSeconds | int | `5` | Timeout seconds for readinessProbe | | readinessProbe.successThreshold | int | `1` | Success threshold for readinessProbe | | readinessProbe.failureThreshold | int | `3` | Failure threshold for readinessProbe | +| networkpolicy | object | check `values.yaml` | Network policy defines who can access this application and who this applications has access to | | serviceMonitor.enabled | bool | `true` | Enable metrics to be collected via Prometheus-operator | | managementportal_url | string | `"http://management-portal:8080/managementportal"` | URL of the management portal application | | schemaRegistry | string | `"http://cp-schema-registry:8081"` | Schema Registry URL | diff --git a/charts/radar-gateway/templates/configmap.yaml b/charts/radar-gateway/templates/configmap.yaml index 2b224270..66a0ff5c 100644 --- a/charts/radar-gateway/templates/configmap.yaml +++ b/charts/radar-gateway/templates/configmap.yaml @@ -3,10 +3,7 @@ kind: ConfigMap metadata: name: {{ template "radar-gateway.fullname" . }} labels: - app: {{ template "radar-gateway.name" . }} - chart: {{ template "radar-gateway.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} +{{ include "radar-gateway.labels" . | indent 4 }} data: healthcheck.sh: | #!/bin/sh diff --git a/charts/radar-gateway/templates/deployment.yaml b/charts/radar-gateway/templates/deployment.yaml index 9187510b..ad5dd161 100644 --- a/charts/radar-gateway/templates/deployment.yaml +++ b/charts/radar-gateway/templates/deployment.yaml @@ -3,10 +3,7 @@ kind: Deployment metadata: name: {{ include "radar-gateway.fullname" . }} labels: - app.kubernetes.io/name: {{ include "radar-gateway.name" . }} - helm.sh/chart: {{ include "radar-gateway.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} +{{ include "radar-gateway.labels" . | indent 4 }} spec: replicas: {{ .Values.replicaCount }} selector: diff --git a/charts/radar-gateway/templates/hpa.yaml b/charts/radar-gateway/templates/hpa.yaml index 8320c733..1146f300 100644 --- a/charts/radar-gateway/templates/hpa.yaml +++ b/charts/radar-gateway/templates/hpa.yaml @@ -7,10 +7,7 @@ kind: HorizontalPodAutoscaler metadata: name: {{ include "radar-gateway.fullname" . }} labels: - app.kubernetes.io/name: {{ include "radar-gateway.name" . }} - helm.sh/chart: {{ include "radar-gateway.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} +{{ include "radar-gateway.labels" . | indent 4 }} spec: maxReplicas: 5 minReplicas: 1 diff --git a/charts/radar-gateway/templates/jmx-configmap.yaml b/charts/radar-gateway/templates/jmx-configmap.yaml index 9737f121..4d45490c 100644 --- a/charts/radar-gateway/templates/jmx-configmap.yaml +++ b/charts/radar-gateway/templates/jmx-configmap.yaml @@ -2,6 +2,8 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ include "radar-gateway.fullname" . }}-jmx-configmap + labels: +{{ include "radar-gateway.labels" . | indent 4 }} data: config.yml: | jmxUrl: service:jmx:rmi:///jndi/rmi://localhost:9010/jmxrmi diff --git a/charts/radar-gateway/templates/networkpolicy.yaml b/charts/radar-gateway/templates/networkpolicy.yaml new file mode 100644 index 00000000..a6a04726 --- /dev/null +++ b/charts/radar-gateway/templates/networkpolicy.yaml @@ -0,0 +1,12 @@ +{{- if .Values.networkpolicy }} +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: {{ template "radar-gateway.fullname" . }} + labels: +{{ include "radar-gateway.labels" . | indent 4 }} +spec: + podSelector: +{{ include "radar-gateway.labels" . | indent 4 }} + {{- tpl (toYaml .Values.networkpolicy) . | nindent 2 }} +{{- end -}} diff --git a/charts/radar-gateway/templates/service.yaml b/charts/radar-gateway/templates/service.yaml index c88734a6..ec7ceece 100644 --- a/charts/radar-gateway/templates/service.yaml +++ b/charts/radar-gateway/templates/service.yaml @@ -3,10 +3,7 @@ kind: Service metadata: name: {{ include "radar-gateway.fullname" . }} labels: - app.kubernetes.io/name: {{ include "radar-gateway.name" . }} - helm.sh/chart: {{ include "radar-gateway.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} +{{ include "radar-gateway.labels" . | indent 4 }} spec: type: {{ .Values.service.type }} ports: diff --git a/charts/radar-gateway/templates/servicemonitor.yaml b/charts/radar-gateway/templates/servicemonitor.yaml index 4c1329f7..ff413781 100644 --- a/charts/radar-gateway/templates/servicemonitor.yaml +++ b/charts/radar-gateway/templates/servicemonitor.yaml @@ -4,18 +4,12 @@ kind: ServiceMonitor metadata: name: {{ include "radar-gateway.fullname" . }} labels: - app.kubernetes.io/name: {{ include "radar-gateway.name" . }} - helm.sh/chart: {{ include "radar-gateway.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} +{{ include "radar-gateway.labels" . | indent 4 }} spec: selector: matchLabels: - app.kubernetes.io/name: {{ include "radar-gateway.name" . }} - helm.sh/chart: {{ include "radar-gateway.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} +{{ include "radar-gateway.labels" . | indent 6 }} endpoints: - port: metrics interval: 15s -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/charts/radar-gateway/values.yaml b/charts/radar-gateway/values.yaml index 8568848a..d54be122 100644 --- a/charts/radar-gateway/values.yaml +++ b/charts/radar-gateway/values.yaml @@ -130,6 +130,53 @@ readinessProbe: # -- Failure threshold for readinessProbe failureThreshold: 3 +# -- Network policy defines who can access this application and who this applications has access to +# @default -- check `values.yaml` +networkpolicy: + policyTypes: + - Ingress + - Egress + ingress: + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: ingress-nginx + egress: + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: 'cp-kafka' + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: 'cp-schema-registry' + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: 'management-portal' + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system + podSelector: + matchLabels: + k8s-app: kube-dns + ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + serviceMonitor: # -- Enable metrics to be collected via Prometheus-operator enabled: true diff --git a/charts/radar-home/Chart.yaml b/charts/radar-home/Chart.yaml index 33bfad6a..a2ca32a6 100644 --- a/charts/radar-home/Chart.yaml +++ b/charts/radar-home/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: "0.1.3" description: RADAR-base home page. name: radar-home -version: 0.1.6 +version: 0.2.0 icon: "http://radar-base.org/wp-content/uploads/2022/09/Logo_RADAR-Base-RGB.png" sources: - https://github.com/RADAR-base/radar-helm-charts/tree/main/charts/radar-home diff --git a/charts/radar-home/README.md b/charts/radar-home/README.md index 4bbb681c..44d31d28 100644 --- a/charts/radar-home/README.md +++ b/charts/radar-home/README.md @@ -3,7 +3,7 @@ # radar-home [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/radar-home)](https://artifacthub.io/packages/helm/radar-base/radar-home) -![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.3](https://img.shields.io/badge/AppVersion-0.1.3-informational?style=flat-square) +![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.3](https://img.shields.io/badge/AppVersion-0.1.3-informational?style=flat-square) RADAR-base home page. @@ -67,6 +67,7 @@ RADAR-base home page. | readinessProbe.timeoutSeconds | int | `5` | Timeout seconds for readinessProbe | | readinessProbe.successThreshold | int | `1` | Success threshold for readinessProbe | | readinessProbe.failureThreshold | int | `3` | Failure threshold for readinessProbe | +| networkpolicy | object | check `values.yaml` | Network policy defines who can access this application and who this applications has access to | | s3.enabled | bool | `false` | Enable link to S3 | | s3.url | string | `nil` | URL to S3 | | dashboard.enabled | bool | `false` | Enable link to dashboard | diff --git a/charts/radar-home/templates/networkpolicy.yaml b/charts/radar-home/templates/networkpolicy.yaml new file mode 100644 index 00000000..de581c88 --- /dev/null +++ b/charts/radar-home/templates/networkpolicy.yaml @@ -0,0 +1,12 @@ +{{- if .Values.networkpolicy }} +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: {{ template "radar-home.fullname" . }} + labels: +{{ include "radar-home.labels" . | indent 4 }} +spec: + podSelector: +{{ include "radar-home.labels" . | indent 4 }} + {{- tpl (toYaml .Values.networkpolicy) . | nindent 2 }} +{{- end -}} diff --git a/charts/radar-home/values.yaml b/charts/radar-home/values.yaml index fd6f3f6e..fc50aa38 100644 --- a/charts/radar-home/values.yaml +++ b/charts/radar-home/values.yaml @@ -112,6 +112,34 @@ readinessProbe: # -- Failure threshold for readinessProbe failureThreshold: 3 +# -- Network policy defines who can access this application and who this applications has access to +# @default -- check `values.yaml` +networkpolicy: + policyTypes: + - Ingress + - Egress + ingress: + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: ingress-nginx + egress: + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system + podSelector: + matchLabels: + k8s-app: kube-dns + ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + s3: # -- Enable link to S3 enabled: false diff --git a/charts/radar-integration/Chart.yaml b/charts/radar-integration/Chart.yaml index 439cce2c..1e1d3e06 100644 --- a/charts/radar-integration/Chart.yaml +++ b/charts/radar-integration/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: "1.0.4" description: A Helm chart for RADAR-Base REDCap survey integration application. name: radar-integration -version: 0.4.4 +version: 0.5.0 icon: "http://radar-base.org/wp-content/uploads/2022/09/Logo_RADAR-Base-RGB.png" sources: - https://github.com/RADAR-base/radar-helm-charts/tree/main/charts/radar-integration diff --git a/charts/radar-integration/README.md b/charts/radar-integration/README.md index 50239772..e9f8aeaf 100644 --- a/charts/radar-integration/README.md +++ b/charts/radar-integration/README.md @@ -3,7 +3,7 @@ # radar-integration [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/radar-integration)](https://artifacthub.io/packages/helm/radar-base/radar-integration) -![Version: 0.4.4](https://img.shields.io/badge/Version-0.4.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.4](https://img.shields.io/badge/AppVersion-1.0.4-informational?style=flat-square) +![Version: 0.5.0](https://img.shields.io/badge/Version-0.5.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.4](https://img.shields.io/badge/AppVersion-1.0.4-informational?style=flat-square) A Helm chart for RADAR-Base REDCap survey integration application. @@ -30,7 +30,7 @@ A Helm chart for RADAR-Base REDCap survey integration application. | Key | Type | Default | Description | |-----|------|---------|-------------| -| replicaCount | int | `2` | Number of radar-push-endpoint replicas to deploy | +| replicaCount | int | `2` | Number replicas to deploy | | image.repository | string | `"radarbase/radar-redcapintegration"` | radar-integration image repository | | image.tag | string | `"1.0.4"` | radar-integration image tag (immutable tags are recommended) Overrides the image tag whose default is the chart appVersion. | | image.pullPolicy | string | `"IfNotPresent"` | radar-integration image pull policy | @@ -66,6 +66,7 @@ A Helm chart for RADAR-Base REDCap survey integration application. | readinessProbe.timeoutSeconds | int | `5` | Timeout seconds for readinessProbe | | readinessProbe.successThreshold | int | `1` | Success threshold for readinessProbe | | readinessProbe.failureThreshold | int | `3` | Failure threshold for readinessProbe | +| networkpolicy | object | check `values.yaml` | Network policy defines who can access this application and who this applications has access to | | oauth_client_id | string | `"radar_redcap_integrator"` | OAuth2 clientId used by the webApp for making requests | | oauth_client_secret | string | `"secret"` | OAuth2 client secret | | managementportal_url | string | `"http://management-portal:8080/managementportal"` | URL of the Management Portal | diff --git a/charts/radar-integration/templates/configmap.yaml b/charts/radar-integration/templates/configmap.yaml index 53892d41..d1d8b13c 100644 --- a/charts/radar-integration/templates/configmap.yaml +++ b/charts/radar-integration/templates/configmap.yaml @@ -3,10 +3,7 @@ kind: ConfigMap metadata: name: {{ template "radar-integration.fullname" . }} labels: - app: {{ template "radar-integration.name" . }} - chart: {{ template "radar-integration.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} +{{ include "radar-integration.labels" . | indent 4 }} data: radar.yml: | # ManagementPortal configuration diff --git a/charts/radar-integration/templates/deployment.yaml b/charts/radar-integration/templates/deployment.yaml index 395aa963..b8044136 100644 --- a/charts/radar-integration/templates/deployment.yaml +++ b/charts/radar-integration/templates/deployment.yaml @@ -3,10 +3,7 @@ kind: Deployment metadata: name: {{ include "radar-integration.fullname" . }} labels: - app.kubernetes.io/name: {{ include "radar-integration.name" . }} - helm.sh/chart: {{ include "radar-integration.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} +{{ include "radar-integration.labels" . | indent 4 }} spec: replicas: {{ .Values.replicaCount }} selector: diff --git a/charts/radar-integration/templates/networkpolicy.yaml b/charts/radar-integration/templates/networkpolicy.yaml new file mode 100644 index 00000000..111299e2 --- /dev/null +++ b/charts/radar-integration/templates/networkpolicy.yaml @@ -0,0 +1,12 @@ +{{- if .Values.networkpolicy }} +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: {{ template "radar-integration.fullname" . }} + labels: +{{ include "radar-integration.labels" . | indent 4 }} +spec: + podSelector: +{{ include "radar-integration.labels" . | indent 4 }} + {{- tpl (toYaml .Values.networkpolicy) . | nindent 2 }} +{{- end -}} diff --git a/charts/radar-integration/templates/service.yaml b/charts/radar-integration/templates/service.yaml index e684bc27..86aca10e 100644 --- a/charts/radar-integration/templates/service.yaml +++ b/charts/radar-integration/templates/service.yaml @@ -3,10 +3,7 @@ kind: Service metadata: name: {{ include "radar-integration.fullname" . }} labels: - app.kubernetes.io/name: {{ include "radar-integration.name" . }} - helm.sh/chart: {{ include "radar-integration.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} +{{ include "radar-integration.labels" . | indent 4 }} spec: type: {{ .Values.service.type }} ports: diff --git a/charts/radar-integration/values.yaml b/charts/radar-integration/values.yaml index 8a854e58..d22c9c24 100644 --- a/charts/radar-integration/values.yaml +++ b/charts/radar-integration/values.yaml @@ -2,7 +2,7 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -# -- Number of radar-push-endpoint replicas to deploy +# -- Number replicas to deploy replicaCount: 2 image: @@ -120,6 +120,48 @@ readinessProbe: # -- Failure threshold for readinessProbe failureThreshold: 3 +# -- Network policy defines who can access this application and who this applications has access to +# @default -- check `values.yaml` +networkpolicy: + policyTypes: + - Ingress + - Egress + ingress: + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: ingress-nginx + egress: + - to: + - ipBlock: + cidr: 0.0.0.0/0 + except: + - 10.0.0.0/8 + - 192.168.0.0/16 + - 172.16.0.0/20 + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: 'management-portal' + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system + podSelector: + matchLabels: + k8s-app: kube-dns + ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # -- OAuth2 clientId used by the webApp for making requests oauth_client_id: radar_redcap_integrator # -- OAuth2 client secret diff --git a/charts/radar-jdbc-connector/Chart.yaml b/charts/radar-jdbc-connector/Chart.yaml index 0d98a680..23a1b3e5 100644 --- a/charts/radar-jdbc-connector/Chart.yaml +++ b/charts/radar-jdbc-connector/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: "10.5.2" name: radar-jdbc-connector description: A Helm chart for RADAR-base JDBC Kafka connector. This is a fork of the Kafka JDBC connector which allows data from topics to be imported into JDBC databases (including TimescaleDB databases which is used in the dashboard pipeline). -version: 0.4.5 +version: 0.5.0 icon: "http://radar-base.org/wp-content/uploads/2022/09/Logo_RADAR-Base-RGB.png" sources: - https://github.com/RADAR-base/radar-helm-charts/tree/main/charts/radar-jdbc-connector diff --git a/charts/radar-jdbc-connector/README.md b/charts/radar-jdbc-connector/README.md index cca62fd5..5fb3b5f5 100644 --- a/charts/radar-jdbc-connector/README.md +++ b/charts/radar-jdbc-connector/README.md @@ -3,7 +3,7 @@ # radar-jdbc-connector [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/radar-jdbc-connector)](https://artifacthub.io/packages/helm/radar-base/radar-jdbc-connector) -![Version: 0.4.5](https://img.shields.io/badge/Version-0.4.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 10.5.2](https://img.shields.io/badge/AppVersion-10.5.2-informational?style=flat-square) +![Version: 0.5.0](https://img.shields.io/badge/Version-0.5.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 10.5.2](https://img.shields.io/badge/AppVersion-10.5.2-informational?style=flat-square) A Helm chart for RADAR-base JDBC Kafka connector. This is a fork of the Kafka JDBC connector which allows data from topics to be imported into JDBC databases (including TimescaleDB databases which is used in the dashboard pipeline). @@ -63,6 +63,7 @@ A Helm chart for RADAR-base JDBC Kafka connector. This is a fork of the Kafka JD | readinessProbe.timeoutSeconds | int | `5` | Timeout seconds for readinessProbe | | readinessProbe.successThreshold | int | `1` | Success threshold for readinessProbe | | readinessProbe.failureThreshold | int | `3` | Failure threshold for readinessProbe | +| networkpolicy | object | check `values.yaml` | Network policy defines who can access this application and who this applications has access to | | kafka | string | `"PLAINTEXT://cp-kafka-headless:9092"` | URI of Kafka brokers of the cluster | | kafka_num_brokers | string | `"3"` | Number of Kafka brokers. This is used to validate the cluster availability at connector init. | | schema_registry | string | `"http://cp-schema-registry:8081"` | URL of the Kafka schema registry | diff --git a/charts/radar-jdbc-connector/templates/networkpolicy.yaml b/charts/radar-jdbc-connector/templates/networkpolicy.yaml new file mode 100644 index 00000000..c30605cf --- /dev/null +++ b/charts/radar-jdbc-connector/templates/networkpolicy.yaml @@ -0,0 +1,12 @@ +{{- if .Values.networkpolicy }} +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: {{ template "radar-jdbc-connector.fullname" . }} + labels: +{{ include "radar-jdbc-connector.labels" . | indent 4 }} +spec: + podSelector: +{{ include "radar-jdbc-connector.labels" . | indent 4 }} + {{- tpl (toYaml .Values.networkpolicy) . | nindent 2 }} +{{- end -}} diff --git a/charts/radar-jdbc-connector/values.yaml b/charts/radar-jdbc-connector/values.yaml index 129aa9ee..bd625cf0 100644 --- a/charts/radar-jdbc-connector/values.yaml +++ b/charts/radar-jdbc-connector/values.yaml @@ -104,6 +104,46 @@ readinessProbe: # -- Failure threshold for readinessProbe failureThreshold: 3 +# -- Network policy defines who can access this application and who this applications has access to +# @default -- check `values.yaml` +networkpolicy: + policyTypes: + - Egress + egress: + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: 'cp-kafka' + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: 'cp-schema-registry' + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: 'timescaledb-postgresql' + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system + podSelector: + matchLabels: + k8s-app: kube-dns + ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # -- URI of Kafka brokers of the cluster kafka: PLAINTEXT://cp-kafka-headless:9092 # -- Number of Kafka brokers. This is used to validate the cluster availability at connector init. diff --git a/charts/radar-output/Chart.yaml b/charts/radar-output/Chart.yaml index 8490696d..9dd96bb4 100644 --- a/charts/radar-output/Chart.yaml +++ b/charts/radar-output/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: "2.3.1" description: A Helm chart for RADAR-base output restructure service. This application reads data from intermediate storage and restructure the data into project-> subject-id-> data topic -> data split per hour. This service offers few options to choose the source and target of the pipeline. name: radar-output -version: 0.3.4 +version: 0.4.0 icon: "http://radar-base.org/wp-content/uploads/2022/09/Logo_RADAR-Base-RGB.png" sources: - https://github.com/RADAR-base/radar-helm-charts/tree/main/charts/radar-output diff --git a/charts/radar-output/README.md b/charts/radar-output/README.md index f2ee233d..fc8d330e 100644 --- a/charts/radar-output/README.md +++ b/charts/radar-output/README.md @@ -3,7 +3,7 @@ # radar-output [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/radar-output)](https://artifacthub.io/packages/helm/radar-base/radar-output) -![Version: 0.3.4](https://img.shields.io/badge/Version-0.3.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.1](https://img.shields.io/badge/AppVersion-2.3.1-informational?style=flat-square) +![Version: 0.4.0](https://img.shields.io/badge/Version-0.4.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.1](https://img.shields.io/badge/AppVersion-2.3.1-informational?style=flat-square) A Helm chart for RADAR-base output restructure service. This application reads data from intermediate storage and restructure the data into project-> subject-id-> data topic -> data split per hour. This service offers few options to choose the source and target of the pipeline. @@ -46,6 +46,7 @@ A Helm chart for RADAR-base output restructure service. This application reads d | tolerations | list | `[]` | Toleration labels for pod assignment | | affinity | object | `{}` | Affinity labels for pod assignment | | extraEnvVars | list | `[]` | Extra environment variables | +| networkpolicy | object | check `values.yaml` | Network policy defines who can access this application and who this applications has access to | | javaOpts | string | `"-Xms400m -Xmx3g"` | | | existingSecret | string | `nil` | Existing secret for storing S3 or Azure credentials. | | source.type | string | `"s3"` | Type of the intermediate storage of the RADAR-base pipeline e.g. s3, hdfs | diff --git a/charts/radar-output/templates/configmap.yaml b/charts/radar-output/templates/configmap.yaml index c539e4ff..ec936d92 100644 --- a/charts/radar-output/templates/configmap.yaml +++ b/charts/radar-output/templates/configmap.yaml @@ -3,10 +3,7 @@ kind: ConfigMap metadata: name: {{ template "radar-output.fullname" . }} labels: - app: {{ template "radar-output.name" . }} - chart: {{ template "radar-output.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} +{{ include "radar-output.labels" . | indent 4 }} data: config.yaml: | service: diff --git a/charts/radar-output/templates/networkpolicy.yaml b/charts/radar-output/templates/networkpolicy.yaml new file mode 100644 index 00000000..dad04738 --- /dev/null +++ b/charts/radar-output/templates/networkpolicy.yaml @@ -0,0 +1,12 @@ +{{- if .Values.networkpolicy }} +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: {{ template "radar-output.fullname" . }} + labels: +{{ include "radar-output.labels" . | indent 4 }} +spec: + podSelector: +{{ include "radar-output.labels" . | indent 4 }} + {{- tpl (toYaml .Values.networkpolicy) . | nindent 2 }} +{{- end -}} diff --git a/charts/radar-output/templates/secrets.yaml b/charts/radar-output/templates/secrets.yaml index 22a57929..b00d74b6 100644 --- a/charts/radar-output/templates/secrets.yaml +++ b/charts/radar-output/templates/secrets.yaml @@ -4,10 +4,7 @@ kind: Secret metadata: name: {{ template "radar-output.fullname" . }} labels: - app: {{ template "radar-output.name" . }} - chart: {{ template "radar-output.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} +{{ include "radar-output.labels" . | indent 4 }} type: Opaque data: sourceS3AccessToken: {{ .Values.source.s3.accessToken | b64enc | quote }} diff --git a/charts/radar-output/values.yaml b/charts/radar-output/values.yaml index 371b896f..8b889a8c 100644 --- a/charts/radar-output/values.yaml +++ b/charts/radar-output/values.yaml @@ -63,6 +63,46 @@ extraEnvVars: [] # - name: BEARER_AUTH # value: true +# -- Network policy defines who can access this application and who this applications has access to +# @default -- check `values.yaml` +networkpolicy: + policyTypes: + - Egress + egress: + - to: + - ipBlock: + cidr: 0.0.0.0/0 + except: + - 10.0.0.0/8 + - 192.168.0.0/16 + - 172.16.0.0/20 + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: 'minio' + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: 'redis' + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system + podSelector: + matchLabels: + k8s-app: kube-dns + ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + javaOpts: "-Xms400m -Xmx3g" # -- Existing secret for storing S3 or Azure credentials. diff --git a/charts/radar-push-endpoint/Chart.yaml b/charts/radar-push-endpoint/Chart.yaml index 6f1c1703..a7ab01db 100644 --- a/charts/radar-push-endpoint/Chart.yaml +++ b/charts/radar-push-endpoint/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: "0.2.2" description: A Helm chart for RADAR-base Push Endpoint. REST Gateway to Kafka, for incoming data from Push or Subscription based WEB APIs. It performs authentication, authorization and content validation. For more details of the configurations, see https://github.com/RADAR-base/RADAR-PushEndpoint. name: radar-push-endpoint -version: 0.1.8 +version: 0.2.1 icon: "http://radar-base.org/wp-content/uploads/2022/09/Logo_RADAR-Base-RGB.png" sources: - https://github.com/RADAR-base/radar-helm-charts/tree/main/charts/radar-push-endpoint diff --git a/charts/radar-push-endpoint/README.md b/charts/radar-push-endpoint/README.md index 970c0a0f..443e13c3 100644 --- a/charts/radar-push-endpoint/README.md +++ b/charts/radar-push-endpoint/README.md @@ -3,7 +3,7 @@ # radar-push-endpoint [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/radar-push-endpoint)](https://artifacthub.io/packages/helm/radar-base/radar-push-endpoint) -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.2.2](https://img.shields.io/badge/AppVersion-0.2.2-informational?style=flat-square) +![Version: 0.2.1](https://img.shields.io/badge/Version-0.2.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.2.2](https://img.shields.io/badge/AppVersion-0.2.2-informational?style=flat-square) A Helm chart for RADAR-base Push Endpoint. REST Gateway to Kafka, for incoming data from Push or Subscription based WEB APIs. It performs authentication, authorization and content validation. For more details of the configurations, see https://github.com/RADAR-base/RADAR-PushEndpoint. @@ -67,6 +67,7 @@ A Helm chart for RADAR-base Push Endpoint. REST Gateway to Kafka, for incoming d | readinessProbe.successThreshold | int | `1` | Success threshold for readinessProbe | | readinessProbe.failureThreshold | int | `3` | Failure threshold for readinessProbe | | serviceMonitor.enabled | bool | `true` | Enable metrics to be collected via Prometheus-operator | +| networkpolicy | object | check `values.yaml` | Network policy defines who can access this application and who this applications has access to | | schemaRegistry | string | `"http://cp-schema-registry:8081"` | Schema Registry URL | | max_requests | int | `1000` | Not used. To be confirmed | | bootstrapServers | string | `"cp-kafka-headless:9092"` | Kafka broker URLs | diff --git a/charts/radar-push-endpoint/templates/_helpers.tpl b/charts/radar-push-endpoint/templates/_helpers.tpl index 00082978..7db5cba9 100644 --- a/charts/radar-push-endpoint/templates/_helpers.tpl +++ b/charts/radar-push-endpoint/templates/_helpers.tpl @@ -30,3 +30,23 @@ Create chart name and version as used by the chart label. {{- define "radar-push-endpoint.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} + +{{/* +Common labels +*/}} +{{- define "radar-push-endpoint.labels" -}} +helm.sh/chart: {{ include "radar-push-endpoint.chart" . }} +{{ include "radar-push-endpoint.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "radar-push-endpoint.selectorLabels" -}} +app.kubernetes.io/name: {{ include "radar-push-endpoint.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/charts/radar-push-endpoint/templates/configmap.yaml b/charts/radar-push-endpoint/templates/configmap.yaml index e4fe024c..984d7e18 100644 --- a/charts/radar-push-endpoint/templates/configmap.yaml +++ b/charts/radar-push-endpoint/templates/configmap.yaml @@ -3,10 +3,7 @@ kind: ConfigMap metadata: name: {{ template "radar-push-endpoint.fullname" . }} labels: - app: {{ template "radar-push-endpoint.name" . }} - chart: {{ template "radar-push-endpoint.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} +{{ include "radar-push-endpoint.labels" . | indent 4 }} data: healthcheck.sh: | #!/bin/sh diff --git a/charts/radar-push-endpoint/templates/deployment.yaml b/charts/radar-push-endpoint/templates/deployment.yaml index 43c09758..e405d6db 100644 --- a/charts/radar-push-endpoint/templates/deployment.yaml +++ b/charts/radar-push-endpoint/templates/deployment.yaml @@ -3,10 +3,7 @@ kind: Deployment metadata: name: {{ include "radar-push-endpoint.fullname" . }} labels: - app.kubernetes.io/name: {{ include "radar-push-endpoint.name" . }} - helm.sh/chart: {{ include "radar-push-endpoint.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} +{{ include "radar-push-endpoint.labels" . | indent 4 }} spec: replicas: {{ .Values.replicaCount }} selector: diff --git a/charts/radar-push-endpoint/templates/hpa.yaml b/charts/radar-push-endpoint/templates/hpa.yaml index 26e4d7f9..547cc485 100644 --- a/charts/radar-push-endpoint/templates/hpa.yaml +++ b/charts/radar-push-endpoint/templates/hpa.yaml @@ -7,10 +7,7 @@ kind: HorizontalPodAutoscaler metadata: name: {{ include "radar-push-endpoint.fullname" . }} labels: - app.kubernetes.io/name: {{ include "radar-push-endpoint.name" . }} - helm.sh/chart: {{ include "radar-push-endpoint.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} +{{ include "radar-push-endpoint.labels" . | indent 4 }} spec: maxReplicas: 5 minReplicas: 1 diff --git a/charts/radar-push-endpoint/templates/ingress.yaml b/charts/radar-push-endpoint/templates/ingress.yaml index bbb0950f..491ca7f1 100644 --- a/charts/radar-push-endpoint/templates/ingress.yaml +++ b/charts/radar-push-endpoint/templates/ingress.yaml @@ -7,10 +7,7 @@ kind: Ingress metadata: name: {{ $fullName }} labels: - app.kubernetes.io/name: {{ include "radar-push-endpoint.name" . }} - helm.sh/chart: {{ include "radar-push-endpoint.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} +{{ include "radar-push-endpoint.labels" . | indent 4 }} {{- with .Values.ingress.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/charts/radar-push-endpoint/templates/jmx-configmap.yaml b/charts/radar-push-endpoint/templates/jmx-configmap.yaml index 94e096f4..117bf3a3 100644 --- a/charts/radar-push-endpoint/templates/jmx-configmap.yaml +++ b/charts/radar-push-endpoint/templates/jmx-configmap.yaml @@ -2,6 +2,8 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ include "radar-push-endpoint.fullname" . }}-jmx-configmap + labels: +{{ include "radar-push-endpoint.labels" . | indent 4 }} data: config.yml: | jmxUrl: service:jmx:rmi:///jndi/rmi://localhost:9010/jmxrmi diff --git a/charts/radar-push-endpoint/templates/networkpolicy.yaml b/charts/radar-push-endpoint/templates/networkpolicy.yaml new file mode 100644 index 00000000..925c0b37 --- /dev/null +++ b/charts/radar-push-endpoint/templates/networkpolicy.yaml @@ -0,0 +1,12 @@ +{{- if .Values.networkpolicy }} +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: {{ template "radar-push-endpoint.fullname" . }} + labels: +{{ include "radar-push-endpoint.labels" . | indent 4 }} +spec: + podSelector: +{{ include "radar-push-endpoint.labels" . | indent 4 }} + {{- tpl (toYaml .Values.networkpolicy) . | nindent 2 }} +{{- end -}} diff --git a/charts/radar-push-endpoint/templates/service.yaml b/charts/radar-push-endpoint/templates/service.yaml index c4723af5..5bc9fcb2 100644 --- a/charts/radar-push-endpoint/templates/service.yaml +++ b/charts/radar-push-endpoint/templates/service.yaml @@ -3,10 +3,7 @@ kind: Service metadata: name: {{ include "radar-push-endpoint.fullname" . }} labels: - app.kubernetes.io/name: {{ include "radar-push-endpoint.name" . }} - helm.sh/chart: {{ include "radar-push-endpoint.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} +{{ include "radar-push-endpoint.labels" . | indent 4 }} spec: type: {{ .Values.service.type }} ports: diff --git a/charts/radar-push-endpoint/templates/servicemonitor.yaml b/charts/radar-push-endpoint/templates/servicemonitor.yaml index 164639dd..fbff7e0b 100644 --- a/charts/radar-push-endpoint/templates/servicemonitor.yaml +++ b/charts/radar-push-endpoint/templates/servicemonitor.yaml @@ -4,18 +4,12 @@ kind: ServiceMonitor metadata: name: {{ include "radar-push-endpoint.fullname" . }} labels: - app.kubernetes.io/name: {{ include "radar-push-endpoint.name" . }} - helm.sh/chart: {{ include "radar-push-endpoint.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} +{{ include "radar-push-endpoint.labels" . | indent 4 }} spec: selector: matchLabels: - app.kubernetes.io/name: {{ include "radar-push-endpoint.name" . }} - helm.sh/chart: {{ include "radar-push-endpoint.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} +{{ include "radar-push-endpoint.labels" . | indent 4 }} endpoints: - port: metrics interval: 15s -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/charts/radar-push-endpoint/values.yaml b/charts/radar-push-endpoint/values.yaml index ee85eb74..5ae7d859 100644 --- a/charts/radar-push-endpoint/values.yaml +++ b/charts/radar-push-endpoint/values.yaml @@ -141,6 +141,72 @@ serviceMonitor: # -- Enable metrics to be collected via Prometheus-operator enabled: true +# -- Network policy defines who can access this application and who this applications has access to +# @default -- check `values.yaml` +networkpolicy: + policyTypes: + - Ingress + - Egress + ingress: + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: ingress-nginx + egress: + - to: + - ipBlock: + cidr: 0.0.0.0/0 + except: + - 10.0.0.0/8 + - 192.168.0.0/16 + - 172.16.0.0/20 + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: 'cp-schema-registry' + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: 'cp-kafka' + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: 'redis' + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: 'radar-rest-sources-backend' + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: 'management-portal' + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system + podSelector: + matchLabels: + k8s-app: kube-dns + ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # -- Schema Registry URL schemaRegistry: http://cp-schema-registry:8081 # -- Not used. To be confirmed diff --git a/charts/radar-rest-sources-authorizer/Chart.yaml b/charts/radar-rest-sources-authorizer/Chart.yaml index 1e445cf0..de52499e 100644 --- a/charts/radar-rest-sources-authorizer/Chart.yaml +++ b/charts/radar-rest-sources-authorizer/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: "4.4.0" description: A Helm chart for the front-end application of RADAR-base Rest Sources Authorizer which is a portal to authorize the Fitbit connector to read data from Fitbit accounts. name: radar-rest-sources-authorizer -version: 1.0.3 +version: 1.1.0 icon: "http://radar-base.org/wp-content/uploads/2022/09/Logo_RADAR-Base-RGB.png" sources: - https://github.com/RADAR-base/radar-helm-charts/tree/main/charts/radar-rest-sources-authorizer diff --git a/charts/radar-rest-sources-authorizer/README.md b/charts/radar-rest-sources-authorizer/README.md index f884692d..9c26f805 100644 --- a/charts/radar-rest-sources-authorizer/README.md +++ b/charts/radar-rest-sources-authorizer/README.md @@ -3,7 +3,7 @@ # radar-rest-sources-authorizer [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/radar-rest-sources-authorizer)](https://artifacthub.io/packages/helm/radar-base/radar-rest-sources-authorizer) -![Version: 1.0.3](https://img.shields.io/badge/Version-1.0.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.4.0](https://img.shields.io/badge/AppVersion-4.4.0-informational?style=flat-square) +![Version: 1.1.0](https://img.shields.io/badge/Version-1.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.4.0](https://img.shields.io/badge/AppVersion-4.4.0-informational?style=flat-square) A Helm chart for the front-end application of RADAR-base Rest Sources Authorizer which is a portal to authorize the Fitbit connector to read data from Fitbit accounts. @@ -68,5 +68,6 @@ A Helm chart for the front-end application of RADAR-base Rest Sources Authorizer | readinessProbe.timeoutSeconds | int | `3` | Timeout seconds for readinessProbe | | readinessProbe.successThreshold | int | `1` | Success threshold for readinessProbe | | readinessProbe.failureThreshold | int | `3` | Failure threshold for readinessProbe | +| networkpolicy | object | check `values.yaml` | Network policy defines who can access this application and who this applications has access to | | clientId | string | `"radar_rest_sources_authorizer"` | OAuth2 client id of the application registered in Management Portal. It is assumed that this is a public client with empty client secret. | | serverName | string | `"localhost"` | Domain name of the server | diff --git a/charts/radar-rest-sources-authorizer/templates/deployment.yaml b/charts/radar-rest-sources-authorizer/templates/deployment.yaml index 5a3416dc..dccdc578 100644 --- a/charts/radar-rest-sources-authorizer/templates/deployment.yaml +++ b/charts/radar-rest-sources-authorizer/templates/deployment.yaml @@ -3,10 +3,7 @@ kind: Deployment metadata: name: {{ include "radar-rest-sources-authorizer.fullname" . }} labels: - app.kubernetes.io/name: {{ include "radar-rest-sources-authorizer.name" . }} - helm.sh/chart: {{ include "radar-rest-sources-authorizer.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} +{{ include "radar-rest-sources-authorizer.labels" . | indent 4 }} spec: replicas: {{ .Values.replicaCount }} selector: diff --git a/charts/radar-rest-sources-authorizer/templates/networkpolicy.yaml b/charts/radar-rest-sources-authorizer/templates/networkpolicy.yaml new file mode 100644 index 00000000..4c9d4879 --- /dev/null +++ b/charts/radar-rest-sources-authorizer/templates/networkpolicy.yaml @@ -0,0 +1,12 @@ +{{- if .Values.networkpolicy }} +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: {{ template "radar-rest-sources-authorizer.fullname" . }} + labels: +{{ include "radar-rest-sources-authorizer.labels" . | indent 4 }} +spec: + podSelector: +{{ include "radar-rest-sources-authorizer.labels" . | indent 4 }} + {{- tpl (toYaml .Values.networkpolicy) . | nindent 2 }} +{{- end -}} diff --git a/charts/radar-rest-sources-authorizer/templates/service.yaml b/charts/radar-rest-sources-authorizer/templates/service.yaml index 67a4f843..c88d1ea4 100644 --- a/charts/radar-rest-sources-authorizer/templates/service.yaml +++ b/charts/radar-rest-sources-authorizer/templates/service.yaml @@ -3,10 +3,7 @@ kind: Service metadata: name: {{ include "radar-rest-sources-authorizer.fullname" . }} labels: - app.kubernetes.io/name: {{ include "radar-rest-sources-authorizer.name" . }} - helm.sh/chart: {{ include "radar-rest-sources-authorizer.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} +{{ include "radar-rest-sources-authorizer.labels" . | indent 4 }} spec: type: {{ .Values.service.type }} ports: diff --git a/charts/radar-rest-sources-authorizer/values.yaml b/charts/radar-rest-sources-authorizer/values.yaml index 475d7599..48f0d6c2 100644 --- a/charts/radar-rest-sources-authorizer/values.yaml +++ b/charts/radar-rest-sources-authorizer/values.yaml @@ -123,6 +123,34 @@ readinessProbe: # -- Failure threshold for readinessProbe failureThreshold: 3 +# -- Network policy defines who can access this application and who this applications has access to +# @default -- check `values.yaml` +networkpolicy: + policyTypes: + - Ingress + - Egress + ingress: + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: ingress-nginx + egress: + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system + podSelector: + matchLabels: + k8s-app: kube-dns + ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # -- OAuth2 client id of the application registered in Management Portal. It is assumed that this is a public client with empty client secret. clientId: radar_rest_sources_authorizer # -- Domain name of the server diff --git a/charts/radar-rest-sources-backend/Chart.yaml b/charts/radar-rest-sources-backend/Chart.yaml index 97f629e0..a9c026b2 100644 --- a/charts/radar-rest-sources-backend/Chart.yaml +++ b/charts/radar-rest-sources-backend/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: "4.4.0" description: A Helm chart for the backend application of RADAR-base Rest Sources Authorizer name: radar-rest-sources-backend -version: 1.0.4 +version: 1.1.0 icon: "http://radar-base.org/wp-content/uploads/2022/09/Logo_RADAR-Base-RGB.png" sources: - https://github.com/RADAR-base/radar-helm-charts/tree/main/charts/radar-rest-sources-backend diff --git a/charts/radar-rest-sources-backend/README.md b/charts/radar-rest-sources-backend/README.md index e7ec2ba0..994584fe 100644 --- a/charts/radar-rest-sources-backend/README.md +++ b/charts/radar-rest-sources-backend/README.md @@ -3,7 +3,7 @@ # radar-rest-sources-backend [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/radar-rest-sources-backend)](https://artifacthub.io/packages/helm/radar-base/radar-rest-sources-backend) -![Version: 1.0.4](https://img.shields.io/badge/Version-1.0.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.4.0](https://img.shields.io/badge/AppVersion-4.4.0-informational?style=flat-square) +![Version: 1.1.0](https://img.shields.io/badge/Version-1.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.4.0](https://img.shields.io/badge/AppVersion-4.4.0-informational?style=flat-square) A Helm chart for the backend application of RADAR-base Rest Sources Authorizer @@ -68,6 +68,7 @@ A Helm chart for the backend application of RADAR-base Rest Sources Authorizer | readinessProbe.timeoutSeconds | int | `3` | Timeout seconds for readinessProbe | | readinessProbe.successThreshold | int | `1` | Success threshold for readinessProbe | | readinessProbe.failureThreshold | int | `3` | Failure threshold for readinessProbe | +| networkpolicy | object | check `values.yaml` | Network policy defines who can access this application and who this applications has access to | | authorizer.tokenExpiryTimeInMinutes | int | `15` | Within how many minutes an online authorization attempt should be finalized. Steps: logging in to Fitbit, returning to the authorizer. | | authorizer.persistentTokenExpiryInMin | int | `7200` | Within how many minutes an authorization attempt by a participant should be finalized. Steps: passing token to participant, them logging in to Fitbit, and returning to the authorizer. | | postgres.host | string | `"postgresql"` | host name of the postgres db | diff --git a/charts/radar-rest-sources-backend/templates/configmap.yaml b/charts/radar-rest-sources-backend/templates/configmap.yaml index af872bb3..5c54a2dc 100644 --- a/charts/radar-rest-sources-backend/templates/configmap.yaml +++ b/charts/radar-rest-sources-backend/templates/configmap.yaml @@ -4,10 +4,7 @@ kind: ConfigMap metadata: name: {{ template "radar-rest-sources-backend.fullname" . }} labels: - app: {{ template "radar-rest-sources-backend.name" . }} - chart: {{ template "radar-rest-sources-backend.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} +{{ include "radar-rest-sources-backend.labels" . | indent 4 }} data: authorizer.yml: | service: diff --git a/charts/radar-rest-sources-backend/templates/deployment.yaml b/charts/radar-rest-sources-backend/templates/deployment.yaml index c0aef336..f5e544a7 100644 --- a/charts/radar-rest-sources-backend/templates/deployment.yaml +++ b/charts/radar-rest-sources-backend/templates/deployment.yaml @@ -3,10 +3,7 @@ kind: Deployment metadata: name: {{ include "radar-rest-sources-backend.fullname" . }} labels: - app.kubernetes.io/name: {{ include "radar-rest-sources-backend.name" . }} - helm.sh/chart: {{ include "radar-rest-sources-backend.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} +{{ include "radar-rest-sources-backend.labels" . | indent 4 }} spec: replicas: {{ .Values.replicaCount }} selector: diff --git a/charts/radar-rest-sources-backend/templates/networkpolicy.yaml b/charts/radar-rest-sources-backend/templates/networkpolicy.yaml new file mode 100644 index 00000000..16ea0894 --- /dev/null +++ b/charts/radar-rest-sources-backend/templates/networkpolicy.yaml @@ -0,0 +1,12 @@ +{{- if .Values.networkpolicy }} +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: {{ template "radar-rest-sources-backend.fullname" . }} + labels: +{{ include "radar-rest-sources-backend.labels" . | indent 4 }} +spec: + podSelector: +{{ include "radar-rest-sources-backend.labels" . | indent 4 }} + {{- tpl (toYaml .Values.networkpolicy) . | nindent 2 }} +{{- end -}} diff --git a/charts/radar-rest-sources-backend/templates/secrets-postgres-crt.yaml b/charts/radar-rest-sources-backend/templates/secrets-postgres-crt.yaml index 95851f06..e7ff877b 100644 --- a/charts/radar-rest-sources-backend/templates/secrets-postgres-crt.yaml +++ b/charts/radar-rest-sources-backend/templates/secrets-postgres-crt.yaml @@ -4,10 +4,7 @@ kind: Secret metadata: name: {{ template "radar-rest-sources-backend.fullname" . }}-root-cert labels: - app: {{ template "radar-rest-sources-backend.name" . }} - chart: {{ template "radar-rest-sources-backend.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} +{{ include "radar-rest-sources-backend.labels" . | indent 4 }} type: Opaque data: root.crt: {{ .Files.Get "files/root.crt" | b64enc | quote }} diff --git a/charts/radar-rest-sources-backend/templates/secrets.yaml b/charts/radar-rest-sources-backend/templates/secrets.yaml index ad06b186..6f5fddb3 100644 --- a/charts/radar-rest-sources-backend/templates/secrets.yaml +++ b/charts/radar-rest-sources-backend/templates/secrets.yaml @@ -4,10 +4,7 @@ kind: Secret metadata: name: {{ template "radar-rest-sources-backend.fullname" . }} labels: - app: {{ template "radar-rest-sources-backend.name" . }} - chart: {{ template "radar-rest-sources-backend.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} +{{ include "radar-rest-sources-backend.labels" . | indent 4 }} type: Opaque data: postgresql_password: {{ .Values.postgres.password | b64enc | quote }} diff --git a/charts/radar-rest-sources-backend/templates/service.yaml b/charts/radar-rest-sources-backend/templates/service.yaml index 9a2370ef..9e8694c4 100644 --- a/charts/radar-rest-sources-backend/templates/service.yaml +++ b/charts/radar-rest-sources-backend/templates/service.yaml @@ -3,10 +3,7 @@ kind: Service metadata: name: {{ include "radar-rest-sources-backend.fullname" . }} labels: - app.kubernetes.io/name: {{ include "radar-rest-sources-backend.name" . }} - helm.sh/chart: {{ include "radar-rest-sources-backend.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} +{{ include "radar-rest-sources-backend.labels" . | indent 4 }} spec: type: {{ .Values.service.type }} ports: diff --git a/charts/radar-rest-sources-backend/values.yaml b/charts/radar-rest-sources-backend/values.yaml index 035a3b3f..17f15b20 100644 --- a/charts/radar-rest-sources-backend/values.yaml +++ b/charts/radar-rest-sources-backend/values.yaml @@ -129,6 +129,74 @@ readinessProbe: # -- Failure threshold for readinessProbe failureThreshold: 3 +# -- Network policy defines who can access this application and who this applications has access to +# @default -- check `values.yaml` +networkpolicy: + policyTypes: + - Ingress + - Egress + ingress: + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: ingress-nginx + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: management-portal + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: radar-push-endpoint + egress: + - to: + - ipBlock: + cidr: 0.0.0.0/0 + except: + - 10.0.0.0/8 + - 192.168.0.0/16 + - 172.16.0.0/20 + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: '{{ .Values.postgres.host }}' + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: 'redis' + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: 'management-portal' + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system + podSelector: + matchLabels: + k8s-app: kube-dns + ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # Additional authorizer configurations. authorizer: # -- Within how many minutes an online authorization attempt should be finalized. Steps: logging in to Fitbit, returning to the authorizer. diff --git a/charts/radar-s3-connector/Chart.yaml b/charts/radar-s3-connector/Chart.yaml index 04b51476..854bd03a 100644 --- a/charts/radar-s3-connector/Chart.yaml +++ b/charts/radar-s3-connector/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: "7.3.2-hotfix" description: A Helm chart for RADAR-base s3 connector. This connector uses Confluent s3 connector with a custom data transformers. These configurations enable a sink connector. See full list of properties here https://docs.confluent.io/kafka-connect-s3-sink/current/configuration_options.html#s3-configuration-options name: radar-s3-connector -version: 0.2.10 +version: 0.3.0 icon: "http://radar-base.org/wp-content/uploads/2022/09/Logo_RADAR-Base-RGB.png" sources: - https://github.com/RADAR-base/radar-helm-charts/tree/main/charts/radar-s3-connector diff --git a/charts/radar-s3-connector/README.md b/charts/radar-s3-connector/README.md index e31406fb..9ea51b29 100644 --- a/charts/radar-s3-connector/README.md +++ b/charts/radar-s3-connector/README.md @@ -3,7 +3,7 @@ # radar-s3-connector [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/radar-s3-connector)](https://artifacthub.io/packages/helm/radar-base/radar-s3-connector) -![Version: 0.2.10](https://img.shields.io/badge/Version-0.2.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 7.3.2-hotfix](https://img.shields.io/badge/AppVersion-7.3.2--hotfix-informational?style=flat-square) +![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 7.3.2-hotfix](https://img.shields.io/badge/AppVersion-7.3.2--hotfix-informational?style=flat-square) A Helm chart for RADAR-base s3 connector. This connector uses Confluent s3 connector with a custom data transformers. These configurations enable a sink connector. See full list of properties here https://docs.confluent.io/kafka-connect-s3-sink/current/configuration_options.html#s3-configuration-options @@ -63,6 +63,7 @@ A Helm chart for RADAR-base s3 connector. This connector uses Confluent s3 conne | readinessProbe.timeoutSeconds | int | `10` | Timeout seconds for readinessProbe | | readinessProbe.successThreshold | int | `1` | Success threshold for readinessProbe | | readinessProbe.failureThreshold | int | `3` | Failure threshold for readinessProbe | +| networkpolicy | object | check `values.yaml` | Network policy defines who can access this application and who this applications has access to | | kafka.url | string | `"PLAINTEXT://cp-kafka-headless:9092"` | Kafka broker URLs | | schemaRegistry.url | string | `"http://cp-schema-registry:8081"` | Schema registry URL | | catalogServer.url | string | `"http://catalog-server:9010"` | Catalog server URL | diff --git a/charts/radar-s3-connector/templates/configmap.yaml b/charts/radar-s3-connector/templates/configmap.yaml index 4c546b26..e12aee51 100644 --- a/charts/radar-s3-connector/templates/configmap.yaml +++ b/charts/radar-s3-connector/templates/configmap.yaml @@ -3,10 +3,7 @@ kind: ConfigMap metadata: name: {{ template "radar-s3-connector.fullname" . }} labels: - app: {{ template "radar-s3-connector.name" . }} - chart: {{ template "radar-s3-connector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} +{{ include "radar-s3-connector.labels" . | indent 4 }} data: sink-s3.properties: | name=radar-s3-sink-connector diff --git a/charts/radar-s3-connector/templates/deployment.yaml b/charts/radar-s3-connector/templates/deployment.yaml index b25335b6..d17e2989 100644 --- a/charts/radar-s3-connector/templates/deployment.yaml +++ b/charts/radar-s3-connector/templates/deployment.yaml @@ -3,10 +3,7 @@ kind: Deployment metadata: name: {{ include "radar-s3-connector.fullname" . }} labels: - app.kubernetes.io/name: {{ include "radar-s3-connector.name" . }} - helm.sh/chart: {{ include "radar-s3-connector.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} +{{ include "radar-s3-connector.labels" . | indent 4 }} spec: replicas: {{ .Values.replicaCount }} selector: diff --git a/charts/radar-s3-connector/templates/networkpolicy.yaml b/charts/radar-s3-connector/templates/networkpolicy.yaml new file mode 100644 index 00000000..2148c720 --- /dev/null +++ b/charts/radar-s3-connector/templates/networkpolicy.yaml @@ -0,0 +1,12 @@ +{{- if .Values.networkpolicy }} +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: {{ template "radar-s3-connector.fullname" . }} + labels: +{{ include "radar-s3-connector.labels" . | indent 4 }} +spec: + podSelector: +{{ include "radar-s3-connector.labels" . | indent 4 }} + {{- tpl (toYaml .Values.networkpolicy) . | nindent 2 }} +{{- end -}} diff --git a/charts/radar-s3-connector/templates/secrets.yaml b/charts/radar-s3-connector/templates/secrets.yaml index 3aed0a41..86e6eddd 100644 --- a/charts/radar-s3-connector/templates/secrets.yaml +++ b/charts/radar-s3-connector/templates/secrets.yaml @@ -3,10 +3,7 @@ kind: Secret metadata: name: {{ template "radar-s3-connector.fullname" . }} labels: - app: {{ template "radar-s3-connector.name" . }} - chart: {{ template "radar-s3-connector.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} +{{ include "radar-s3-connector.labels" . | indent 4 }} type: Opaque data: {{ if .Values.cc.enabled -}} diff --git a/charts/radar-s3-connector/templates/service.yaml b/charts/radar-s3-connector/templates/service.yaml index ae1a3fd6..8d12c595 100644 --- a/charts/radar-s3-connector/templates/service.yaml +++ b/charts/radar-s3-connector/templates/service.yaml @@ -3,10 +3,7 @@ kind: Service metadata: name: {{ include "radar-s3-connector.fullname" . }} labels: - app.kubernetes.io/name: {{ include "radar-s3-connector.name" . }} - helm.sh/chart: {{ include "radar-s3-connector.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} +{{ include "radar-s3-connector.labels" . | indent 4 }} spec: type: {{ .Values.service.type }} ports: diff --git a/charts/radar-s3-connector/values.yaml b/charts/radar-s3-connector/values.yaml index 24ba4f6c..49c687e5 100644 --- a/charts/radar-s3-connector/values.yaml +++ b/charts/radar-s3-connector/values.yaml @@ -104,6 +104,57 @@ readinessProbe: # -- Failure threshold for readinessProbe failureThreshold: 3 +# -- Network policy defines who can access this application and who this applications has access to +# @default -- check `values.yaml` +networkpolicy: + policyTypes: + - Egress + egress: + - to: + - ipBlock: + cidr: 0.0.0.0/0 + except: + - 10.0.0.0/8 + - 192.168.0.0/16 + - 172.16.0.0/20 + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: 'cp-kafka' + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: 'cp-schema-registry' + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: 'catalog-server' + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: 'minio' + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system + podSelector: + matchLabels: + k8s-app: kube-dns + ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + kafka: # -- Kafka broker URLs url: PLAINTEXT://cp-kafka-headless:9092 diff --git a/charts/radar-upload-connect-backend/Chart.yaml b/charts/radar-upload-connect-backend/Chart.yaml index 3f65d47b..2f7c6de5 100644 --- a/charts/radar-upload-connect-backend/Chart.yaml +++ b/charts/radar-upload-connect-backend/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: "0.5.10" description: A Helm chart for RADAR-base upload connector backend application. This application is an upload system that stores uploaded data and its metadata in PostgreSQL for later processing. name: radar-upload-connect-backend -version: 0.2.7 +version: 0.3.0 icon: "http://radar-base.org/wp-content/uploads/2022/09/Logo_RADAR-Base-RGB.png" sources: - https://github.com/RADAR-base/radar-helm-charts/tree/main/charts/radar-upload-connect-backend diff --git a/charts/radar-upload-connect-backend/README.md b/charts/radar-upload-connect-backend/README.md index 8ad81f42..c11fb705 100644 --- a/charts/radar-upload-connect-backend/README.md +++ b/charts/radar-upload-connect-backend/README.md @@ -3,7 +3,7 @@ # radar-upload-connect-backend [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/radar-upload-connect-backend)](https://artifacthub.io/packages/helm/radar-base/radar-upload-connect-backend) -![Version: 0.2.7](https://img.shields.io/badge/Version-0.2.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.5.10](https://img.shields.io/badge/AppVersion-0.5.10-informational?style=flat-square) +![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.5.10](https://img.shields.io/badge/AppVersion-0.5.10-informational?style=flat-square) A Helm chart for RADAR-base upload connector backend application. This application is an upload system that stores uploaded data and its metadata in PostgreSQL for later processing. @@ -68,6 +68,7 @@ A Helm chart for RADAR-base upload connector backend application. This applicati | readinessProbe.timeoutSeconds | int | `10` | Timeout seconds for readinessProbe | | readinessProbe.successThreshold | int | `1` | Success threshold for readinessProbe | | readinessProbe.failureThreshold | int | `3` | Failure threshold for readinessProbe | +| networkpolicy | object | check `values.yaml` | Network policy defines who can access this application and who this applications has access to | | client_id | string | `"radar_upload_backend"` | OAuth2 client id of the upload connect backend application | | client_secret | string | `"secret"` | OAuth2 client secret of the upload connect backend | | postgres.host | string | `"radar-upload-postgresql"` | Host name of the database to store uploaded data and metadata | diff --git a/charts/radar-upload-connect-backend/templates/configmap.yaml b/charts/radar-upload-connect-backend/templates/configmap.yaml index ff07ecef..b4bbf18e 100644 --- a/charts/radar-upload-connect-backend/templates/configmap.yaml +++ b/charts/radar-upload-connect-backend/templates/configmap.yaml @@ -3,10 +3,7 @@ kind: ConfigMap metadata: name: {{ template "radar-upload-connect-backend.fullname" . }} labels: - app: {{ template "radar-upload-connect-backend.name" . }} - chart: {{ template "radar-upload-connect-backend.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} +{{ include "radar-upload-connect-backend.labels" . | indent 4 }} data: upload.yml: | baseUri: "http://0.0.0.0:8085/upload/api/" diff --git a/charts/radar-upload-connect-backend/templates/deployment.yaml b/charts/radar-upload-connect-backend/templates/deployment.yaml index 07514f3a..f2ce20c8 100644 --- a/charts/radar-upload-connect-backend/templates/deployment.yaml +++ b/charts/radar-upload-connect-backend/templates/deployment.yaml @@ -3,10 +3,7 @@ kind: Deployment metadata: name: {{ include "radar-upload-connect-backend.fullname" . }} labels: - app.kubernetes.io/name: {{ include "radar-upload-connect-backend.name" . }} - helm.sh/chart: {{ include "radar-upload-connect-backend.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} +{{ include "radar-upload-connect-backend.labels" . | indent 4 }} spec: replicas: {{ .Values.replicaCount }} selector: diff --git a/charts/radar-upload-connect-backend/templates/networkpolicy.yaml b/charts/radar-upload-connect-backend/templates/networkpolicy.yaml new file mode 100644 index 00000000..e1d9ed62 --- /dev/null +++ b/charts/radar-upload-connect-backend/templates/networkpolicy.yaml @@ -0,0 +1,12 @@ +{{- if .Values.networkpolicy }} +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: {{ template "radar-upload-connect-backend.fullname" . }} + labels: +{{ include "radar-upload-connect-backend.labels" . | indent 4 }} +spec: + podSelector: +{{ include "radar-upload-connect-backend.labels" . | indent 4 }} + {{- tpl (toYaml .Values.networkpolicy) . | nindent 2 }} +{{- end -}} diff --git a/charts/radar-upload-connect-backend/templates/service.yaml b/charts/radar-upload-connect-backend/templates/service.yaml index fcf8f3ca..3389c196 100644 --- a/charts/radar-upload-connect-backend/templates/service.yaml +++ b/charts/radar-upload-connect-backend/templates/service.yaml @@ -3,10 +3,7 @@ kind: Service metadata: name: {{ include "radar-upload-connect-backend.fullname" . }} labels: - app.kubernetes.io/name: {{ include "radar-upload-connect-backend.name" . }} - helm.sh/chart: {{ include "radar-upload-connect-backend.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} +{{ include "radar-upload-connect-backend.labels" . | indent 4 }} spec: type: {{ .Values.service.type }} ports: diff --git a/charts/radar-upload-connect-backend/values.yaml b/charts/radar-upload-connect-backend/values.yaml index 3b7df075..2dc4973c 100644 --- a/charts/radar-upload-connect-backend/values.yaml +++ b/charts/radar-upload-connect-backend/values.yaml @@ -126,6 +126,54 @@ readinessProbe: # -- Failure threshold for readinessProbe failureThreshold: 3 +# -- Network policy defines who can access this application and who this applications has access to +# @default -- check `values.yaml` +networkpolicy: + policyTypes: + - Ingress + - Egress + ingress: + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: ingress-nginx + egress: + - to: + - ipBlock: + cidr: 0.0.0.0/0 + except: + - 10.0.0.0/8 + - 192.168.0.0/16 + - 172.16.0.0/20 + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: '{{ .Values.postgres.host }}' + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: 'management-portal' + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system + podSelector: + matchLabels: + k8s-app: kube-dns + ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # -- OAuth2 client id of the upload connect backend application client_id: radar_upload_backend # -- OAuth2 client secret of the upload connect backend diff --git a/charts/radar-upload-connect-frontend/Chart.yaml b/charts/radar-upload-connect-frontend/Chart.yaml index 869b34a8..9b984726 100644 --- a/charts/radar-upload-connect-frontend/Chart.yaml +++ b/charts/radar-upload-connect-frontend/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: "0.5.10" description: A Helm chart for RADAR-base upload connector frontend application that provides a UI for uploading files and sending them to the upload-backend. name: radar-upload-connect-frontend -version: 0.2.6 +version: 0.3.0 icon: "http://radar-base.org/wp-content/uploads/2022/09/Logo_RADAR-Base-RGB.png" sources: - https://github.com/RADAR-base/radar-helm-charts/tree/main/charts/radar-upload-connect-frontend diff --git a/charts/radar-upload-connect-frontend/README.md b/charts/radar-upload-connect-frontend/README.md index 4fb7430f..ef7639ee 100644 --- a/charts/radar-upload-connect-frontend/README.md +++ b/charts/radar-upload-connect-frontend/README.md @@ -3,7 +3,7 @@ # radar-upload-connect-frontend [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/radar-upload-connect-frontend)](https://artifacthub.io/packages/helm/radar-base/radar-upload-connect-frontend) -![Version: 0.2.6](https://img.shields.io/badge/Version-0.2.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.5.10](https://img.shields.io/badge/AppVersion-0.5.10-informational?style=flat-square) +![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.5.10](https://img.shields.io/badge/AppVersion-0.5.10-informational?style=flat-square) A Helm chart for RADAR-base upload connector frontend application that provides a UI for uploading files and sending them to the upload-backend. @@ -68,5 +68,6 @@ A Helm chart for RADAR-base upload connector frontend application that provides | readinessProbe.timeoutSeconds | int | `10` | Timeout seconds for readinessProbe | | readinessProbe.successThreshold | int | `1` | Success threshold for readinessProbe | | readinessProbe.failureThreshold | int | `3` | Failure threshold for readinessProbe | +| networkpolicy | object | check `values.yaml` | Network policy defines who can access this application and who this applications has access to | | server_name | string | `"localhost"` | Server name or domain name | | vue_app_client_id | string | `"radar_upload_frontend"` | OAuth2 client id of the upload connect frontend application | diff --git a/charts/radar-upload-connect-frontend/templates/deployment.yaml b/charts/radar-upload-connect-frontend/templates/deployment.yaml index ef205476..f936b091 100644 --- a/charts/radar-upload-connect-frontend/templates/deployment.yaml +++ b/charts/radar-upload-connect-frontend/templates/deployment.yaml @@ -3,10 +3,7 @@ kind: Deployment metadata: name: {{ include "radar-upload-connect-frontend.fullname" . }} labels: - app.kubernetes.io/name: {{ include "radar-upload-connect-frontend.name" . }} - helm.sh/chart: {{ include "radar-upload-connect-frontend.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} +{{ include "radar-upload-connect-frontend.labels" . | indent 4 }} spec: replicas: {{ .Values.replicaCount }} selector: diff --git a/charts/radar-upload-connect-frontend/templates/networkpolicy.yaml b/charts/radar-upload-connect-frontend/templates/networkpolicy.yaml new file mode 100644 index 00000000..34f56d82 --- /dev/null +++ b/charts/radar-upload-connect-frontend/templates/networkpolicy.yaml @@ -0,0 +1,12 @@ +{{- if .Values.networkpolicy }} +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: {{ template "radar-upload-connect-frontend.fullname" . }} + labels: +{{ include "radar-upload-connect-frontend.labels" . | indent 4 }} +spec: + podSelector: +{{ include "radar-upload-connect-frontend.labels" . | indent 4 }} + {{- tpl (toYaml .Values.networkpolicy) . | nindent 2 }} +{{- end -}} diff --git a/charts/radar-upload-connect-frontend/templates/service.yaml b/charts/radar-upload-connect-frontend/templates/service.yaml index f18b69f7..53a6eed7 100644 --- a/charts/radar-upload-connect-frontend/templates/service.yaml +++ b/charts/radar-upload-connect-frontend/templates/service.yaml @@ -3,10 +3,7 @@ kind: Service metadata: name: {{ include "radar-upload-connect-frontend.fullname" . }} labels: - app.kubernetes.io/name: {{ include "radar-upload-connect-frontend.name" . }} - helm.sh/chart: {{ include "radar-upload-connect-frontend.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} +{{ include "radar-upload-connect-frontend.labels" . | indent 4 }} spec: type: {{ .Values.service.type }} ports: diff --git a/charts/radar-upload-connect-frontend/values.yaml b/charts/radar-upload-connect-frontend/values.yaml index a2a2dc59..8e24bc91 100644 --- a/charts/radar-upload-connect-frontend/values.yaml +++ b/charts/radar-upload-connect-frontend/values.yaml @@ -124,6 +124,34 @@ readinessProbe: # -- Failure threshold for readinessProbe failureThreshold: 3 +# -- Network policy defines who can access this application and who this applications has access to +# @default -- check `values.yaml` +networkpolicy: + policyTypes: + - Ingress + - Egress + ingress: + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: ingress-nginx + egress: + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system + podSelector: + matchLabels: + k8s-app: kube-dns + ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # -- Server name or domain name server_name: localhost # -- OAuth2 client id of the upload connect frontend application diff --git a/charts/radar-upload-source-connector/Chart.yaml b/charts/radar-upload-source-connector/Chart.yaml index 83ea7393..3100fe64 100644 --- a/charts/radar-upload-source-connector/Chart.yaml +++ b/charts/radar-upload-source-connector/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: "0.5.10" description: A Helm chart for RADAR-base upload kafka connector. This is used for reading uploaded data from backend and sending them to Kafka cluster for later processing. name: radar-upload-source-connector -version: 0.2.7 +version: 0.3.0 icon: "http://radar-base.org/wp-content/uploads/2022/09/Logo_RADAR-Base-RGB.png" sources: - https://github.com/RADAR-base/radar-helm-charts/tree/main/charts/radar-upload-source-connector diff --git a/charts/radar-upload-source-connector/README.md b/charts/radar-upload-source-connector/README.md index 041052b8..89542195 100644 --- a/charts/radar-upload-source-connector/README.md +++ b/charts/radar-upload-source-connector/README.md @@ -3,7 +3,7 @@ # radar-upload-source-connector [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/radar-upload-source-connector)](https://artifacthub.io/packages/helm/radar-base/radar-upload-source-connector) -![Version: 0.2.7](https://img.shields.io/badge/Version-0.2.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.5.10](https://img.shields.io/badge/AppVersion-0.5.10-informational?style=flat-square) +![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.5.10](https://img.shields.io/badge/AppVersion-0.5.10-informational?style=flat-square) A Helm chart for RADAR-base upload kafka connector. This is used for reading uploaded data from backend and sending them to Kafka cluster for later processing. @@ -61,6 +61,7 @@ A Helm chart for RADAR-base upload kafka connector. This is used for reading upl | readinessProbe.timeoutSeconds | int | `5` | Timeout seconds for readinessProbe | | readinessProbe.successThreshold | int | `1` | Success threshold for readinessProbe | | readinessProbe.failureThreshold | int | `3` | Failure threshold for readinessProbe | +| networkpolicy | object | check `values.yaml` | Network policy defines who can access this application and who this applications has access to | | zookeeper | string | `"cp-zookeeper-headless:2181"` | Zookeeper URL | | kafka | string | `"PLAINTEXT://cp-kafka-headless:9092"` | Kafka broker URLs | | kafka_num_brokers | string | `"3"` | Number of brokers in the cluster | diff --git a/charts/radar-upload-source-connector/templates/configmap.yaml b/charts/radar-upload-source-connector/templates/configmap.yaml index abfd5766..8b4a4b8f 100644 --- a/charts/radar-upload-source-connector/templates/configmap.yaml +++ b/charts/radar-upload-source-connector/templates/configmap.yaml @@ -3,10 +3,7 @@ kind: ConfigMap metadata: name: {{ template "radar-upload-source-connector.fullname" . }} labels: - app: {{ template "radar-upload-source-connector.name" . }} - chart: {{ template "radar-upload-source-connector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} +{{ include "radar-upload-source-connector.labels" . | indent 4 }} data: source-upload.properties: | name=radar-upload-source diff --git a/charts/radar-upload-source-connector/templates/deployment.yaml b/charts/radar-upload-source-connector/templates/deployment.yaml index 521e39a7..833dfc73 100644 --- a/charts/radar-upload-source-connector/templates/deployment.yaml +++ b/charts/radar-upload-source-connector/templates/deployment.yaml @@ -3,10 +3,7 @@ kind: Deployment metadata: name: {{ include "radar-upload-source-connector.fullname" . }} labels: - app.kubernetes.io/name: {{ include "radar-upload-source-connector.name" . }} - helm.sh/chart: {{ include "radar-upload-source-connector.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} +{{ include "radar-upload-source-connector.labels" . | indent 4 }} spec: replicas: {{ .Values.replicaCount }} selector: diff --git a/charts/radar-upload-source-connector/templates/networkpolicy.yaml b/charts/radar-upload-source-connector/templates/networkpolicy.yaml new file mode 100644 index 00000000..48487f3c --- /dev/null +++ b/charts/radar-upload-source-connector/templates/networkpolicy.yaml @@ -0,0 +1,12 @@ +{{- if .Values.networkpolicy }} +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: {{ template "radar-upload-source-connector.fullname" . }} + labels: +{{ include "radar-upload-source-connector.labels" . | indent 4 }} +spec: + podSelector: +{{ include "radar-upload-source-connector.labels" . | indent 4 }} + {{- tpl (toYaml .Values.networkpolicy) . | nindent 2 }} +{{- end -}} diff --git a/charts/radar-upload-source-connector/templates/service.yaml b/charts/radar-upload-source-connector/templates/service.yaml index 1d204d1c..a72abeb6 100644 --- a/charts/radar-upload-source-connector/templates/service.yaml +++ b/charts/radar-upload-source-connector/templates/service.yaml @@ -3,10 +3,7 @@ kind: Service metadata: name: {{ include "radar-upload-source-connector.fullname" . }} labels: - app.kubernetes.io/name: {{ include "radar-upload-source-connector.name" . }} - helm.sh/chart: {{ include "radar-upload-source-connector.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} +{{ include "radar-upload-source-connector.labels" . | indent 4 }} spec: type: {{ .Values.service.type }} ports: diff --git a/charts/radar-upload-source-connector/values.yaml b/charts/radar-upload-source-connector/values.yaml index db37d002..069ce104 100644 --- a/charts/radar-upload-source-connector/values.yaml +++ b/charts/radar-upload-source-connector/values.yaml @@ -103,6 +103,63 @@ readinessProbe: # -- Failure threshold for readinessProbe failureThreshold: 3 +# -- Network policy defines who can access this application and who this applications has access to +# @default -- check `values.yaml` +networkpolicy: + policyTypes: + - Egress + egress: + - to: + - ipBlock: + cidr: 0.0.0.0/0 + except: + - 10.0.0.0/8 + - 192.168.0.0/16 + - 172.16.0.0/20 + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: 'cp-zookeeper' + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: 'cp-kafka' + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: 'cp-schema-registry' + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: 'management-portal' + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: 'minio' + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system + podSelector: + matchLabels: + k8s-app: kube-dns + ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # -- Zookeeper URL zookeeper: cp-zookeeper-headless:2181 # -- Kafka broker URLs diff --git a/charts/s3-proxy/Chart.yaml b/charts/s3-proxy/Chart.yaml index 49ea8f4a..b7e1f1cb 100644 --- a/charts/s3-proxy/Chart.yaml +++ b/charts/s3-proxy/Chart.yaml @@ -5,7 +5,7 @@ sources: ["https://github.com/gaul/s3proxy"] type: application home: "https://radar-base.org" name: s3-proxy -version: 0.2.3 +version: 0.3.0 maintainers: - email: keyvan@thehyve.nl name: Keyvan Hedayati diff --git a/charts/s3-proxy/README.md b/charts/s3-proxy/README.md index 5ea8af8c..496bcab9 100644 --- a/charts/s3-proxy/README.md +++ b/charts/s3-proxy/README.md @@ -3,7 +3,7 @@ # s3-proxy [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/s3-proxy)](https://artifacthub.io/packages/helm/radar-base/s3-proxy) -![Version: 0.2.3](https://img.shields.io/badge/Version-0.2.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.0](https://img.shields.io/badge/AppVersion-2.0.0-informational?style=flat-square) +![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.0](https://img.shields.io/badge/AppVersion-2.0.0-informational?style=flat-square) A Helm chart for S3 Proxy. It uses https://hub.docker.com/r/andrewgaul/s3proxy to proxy S3 API requests to any supported cloud provider. For more examples see Find some example configurations at https://github.com/gaul/s3proxy/wiki/Storage-backend-examples. @@ -60,6 +60,7 @@ A Helm chart for S3 Proxy. It uses https://hub.docker.com/r/andrewgaul/s3proxy t | readinessProbe.timeoutSeconds | int | `3` | Timeout seconds for readinessProbe | | readinessProbe.successThreshold | int | `1` | Success threshold for readinessProbe | | readinessProbe.failureThreshold | int | `3` | Failure threshold for readinessProbe | +| networkpolicy | object | check `values.yaml` | Network policy defines who can access this application and who this applications has access to | | s3.identity | string | `nil` | Credentials used to access this proxy | | s3.credential | string | `""` | Credentials used to access this proxy | | target | object | Check below | Where requests should be proxied to | diff --git a/charts/s3-proxy/templates/configmap.yaml b/charts/s3-proxy/templates/configmap.yaml deleted file mode 100644 index 2e78d15a..00000000 --- a/charts/s3-proxy/templates/configmap.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "s3-proxy.fullname" . }} - labels: - app: {{ template "s3-proxy.name" . }} - chart: {{ template "s3-proxy.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} diff --git a/charts/s3-proxy/templates/deployment.yaml b/charts/s3-proxy/templates/deployment.yaml index 225b0bc0..a92280d0 100644 --- a/charts/s3-proxy/templates/deployment.yaml +++ b/charts/s3-proxy/templates/deployment.yaml @@ -3,10 +3,7 @@ kind: Deployment metadata: name: {{ include "s3-proxy.fullname" . }} labels: - app.kubernetes.io/name: {{ include "s3-proxy.name" . }} - helm.sh/chart: {{ include "s3-proxy.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} +{{ include "s3-proxy.labels" . | indent 4 }} spec: replicas: {{ .Values.replicaCount }} selector: diff --git a/charts/s3-proxy/templates/networkpolicy.yaml b/charts/s3-proxy/templates/networkpolicy.yaml new file mode 100644 index 00000000..521ce29c --- /dev/null +++ b/charts/s3-proxy/templates/networkpolicy.yaml @@ -0,0 +1,12 @@ +{{- if .Values.networkpolicy }} +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: {{ template "s3-proxy.fullname" . }} + labels: +{{ include "s3-proxy.labels" . | indent 4 }} +spec: + podSelector: +{{ include "s3-proxy.labels" . | indent 4 }} + {{- tpl (toYaml .Values.networkpolicy) . | nindent 2 }} +{{- end -}} diff --git a/charts/s3-proxy/templates/secrets.yaml b/charts/s3-proxy/templates/secrets.yaml index 8113085f..f09b5f5f 100644 --- a/charts/s3-proxy/templates/secrets.yaml +++ b/charts/s3-proxy/templates/secrets.yaml @@ -3,10 +3,7 @@ kind: Secret metadata: name: {{ template "s3-proxy.fullname" . }} labels: - app: {{ template "s3-proxy.name" . }} - chart: {{ template "s3-proxy.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} +{{ include "s3-proxy.labels" . | indent 4 }} type: Opaque data: s3Credential: {{ .Values.s3.credential | b64enc | quote }} diff --git a/charts/s3-proxy/templates/service.yaml b/charts/s3-proxy/templates/service.yaml index 41b66ae6..54776126 100644 --- a/charts/s3-proxy/templates/service.yaml +++ b/charts/s3-proxy/templates/service.yaml @@ -3,10 +3,7 @@ kind: Service metadata: name: {{ include "s3-proxy.fullname" . }} labels: - app.kubernetes.io/name: {{ include "s3-proxy.name" . }} - helm.sh/chart: {{ include "s3-proxy.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} +{{ include "s3-proxy.labels" . | indent 4 }} spec: type: {{ .Values.service.type }} ports: diff --git a/charts/s3-proxy/values.yaml b/charts/s3-proxy/values.yaml index d727c567..28f683d7 100644 --- a/charts/s3-proxy/values.yaml +++ b/charts/s3-proxy/values.yaml @@ -103,6 +103,62 @@ readinessProbe: # -- Failure threshold for readinessProbe failureThreshold: 3 +# -- Network policy defines who can access this application and who this applications has access to +# @default -- check `values.yaml` +networkpolicy: + policyTypes: + - Ingress + - Egress + ingress: + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: radar-output + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: radar-s3-connector + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: radar-upload-source-connector + egress: + - to: + - ipBlock: + cidr: 0.0.0.0/0 + except: + - 10.0.0.0/8 + - 192.168.0.0/16 + - 172.16.0.0/20 + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: 'minio' + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system + podSelector: + matchLabels: + k8s-app: kube-dns + ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + s3: # -- Credentials used to access this proxy identity: null diff --git a/charts/velero-s3-deployment/Chart.yaml b/charts/velero-s3-deployment/Chart.yaml index 53664834..9562af7e 100644 --- a/charts/velero-s3-deployment/Chart.yaml +++ b/charts/velero-s3-deployment/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: "1.0" description: A Helm chart for Velero S3 deployment, this chart holds resources used by Velero with a deployment to mirror the local object storage to a remote object storage. name: velero-s3-deployment -version: 0.1.1 +version: 0.2.0 sources: ["https://github.com/RADAR-base/radar-helm-charts/tree/main/charts/velero-s3-deployment"] deprecated: false type: application diff --git a/charts/velero-s3-deployment/README.md b/charts/velero-s3-deployment/README.md index 9775189f..0887886f 100644 --- a/charts/velero-s3-deployment/README.md +++ b/charts/velero-s3-deployment/README.md @@ -3,7 +3,7 @@ # velero-s3-deployment [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/velero-s3-deployment)](https://artifacthub.io/packages/helm/radar-base/velero-s3-deployment) -![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0](https://img.shields.io/badge/AppVersion-1.0-informational?style=flat-square) +![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0](https://img.shields.io/badge/AppVersion-1.0-informational?style=flat-square) A Helm chart for Velero S3 deployment, this chart holds resources used by Velero with a deployment to mirror the local object storage to a remote object storage. @@ -44,6 +44,7 @@ A Helm chart for Velero S3 deployment, this chart holds resources used by Velero | imagePullSecrets | list | `[]` | Docker registry secret names as an array | | podSecurityContext | object | `{}` | Configure object storage backup pod pods' Security Context | | securityContext | object | `{}` | Configure object storage backup pod containers' Security Context | +| networkpolicy | object | check `values.yaml` | Network policy defines who can access this application and who this applications has access to | | local.address | string | `"minio.default:9000"` | Address of local object storage to backup data from | | local.accessKey | string | `"accessKey"` | Access key of local object storage | | local.secretKey | string | `"secretKey"` | Secret key of local object storage | diff --git a/charts/velero-s3-deployment/templates/networkpolicy.yaml b/charts/velero-s3-deployment/templates/networkpolicy.yaml new file mode 100644 index 00000000..2009681f --- /dev/null +++ b/charts/velero-s3-deployment/templates/networkpolicy.yaml @@ -0,0 +1,12 @@ +{{- if .Values.networkpolicy }} +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: {{ template "velero-s3-deployment.fullname" . }} + labels: +{{ include "velero-s3-deployment.labels" . | indent 4 }} +spec: + podSelector: +{{ include "velero-s3-deployment.labels" . | indent 4 }} + {{- tpl (toYaml .Values.networkpolicy) . | nindent 2 }} +{{- end -}} diff --git a/charts/velero-s3-deployment/values.yaml b/charts/velero-s3-deployment/values.yaml index 5574efa6..1238bd9b 100644 --- a/charts/velero-s3-deployment/values.yaml +++ b/charts/velero-s3-deployment/values.yaml @@ -29,6 +29,39 @@ securityContext: {} # runAsNonRoot: true # runAsUser: 1000 +# -- Network policy defines who can access this application and who this applications has access to +# @default -- check `values.yaml` +networkpolicy: + policyTypes: + - Egress + egress: + - to: + - ipBlock: + cidr: 0.0.0.0/0 + except: + - 10.0.0.0/8 + - 192.168.0.0/16 + - 172.16.0.0/20 + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: 'minio' + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system + podSelector: + matchLabels: + k8s-app: kube-dns + ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + local: # -- Address of local object storage to backup data from address: minio.default:9000