defectdojo-deployment/deployment/install.sh

#!/bin/bash

NAMESPACE=$(cat namespace)
DEFECTDOJO_VERSION=1.6.174

kubectl create namespace $NAMESPACE \
  --dry-run=client \
  -o yaml | \
  kubectl -f - apply

if [ -f secrets.txt ]; then
  . secrets.txt
else
  SECRETS_FILE=`mktemp`
  gpg --decrypt --passphrase $GPG_PASSPHRASE --yes --batch --homedir /tmp/.gnupg --output $SECRETS_FILE secrets.asc
  . $SECRETS_FILE
  rm $SECRETS_FILE
  # eval "`cat secrets.asc | /usr/local/bin/decrypt-secrets.sh`"
fi

kubectl create secret generic defectdojo-postgresql-specific \
  --dry-run=client \
  -o yaml \
  --save-config \
  --from-literal=postgresql-password="$PGPASSWORD" | \
  kubectl apply -f - -n $NAMESPACE

kubectl create secret generic defectdojo-redis-specific \
  --dry-run=client \
  -o yaml \
  --save-config \
  --from-literal=redis-password="" | \
  kubectl apply -f - -n $NAMESPACE

kubectl create secret generic defectdojo-extrasecrets \
  --dry-run=client \
  -o yaml \
  --save-config \
  --from-literal=DD_SESSION_COOKIE_SECURE="True" \
  --from-literal=DD_CSRF_COOKIE_SECURE="True" \
  --from-literal=DD_SECURE_SSL_REDIRECT="True" \
  --from-literal=DD_SOCIAL_AUTH_KEYCLOAK_OAUTH2_ENABLED="True" \
  --from-literal=DD_SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY="$KEYCLOAK_PUBLIC_KEY" \
  --from-literal=DD_SOCIAL_AUTH_KEYCLOAK_KEY="defectdojo" \
  --from-literal=DD_SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL="https://auth2.hottis.de/realms/hottis/protocol/openid-connect/auth" \
  --from-literal=DD_SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL="https://auth2.hottis.de/realms/hottis/protocol/openid-connect/token" \
  --from-literal=DD_SOCIAL_AUTH_KEYCLOAK_SECRET="$OPENID_SECRET" | \
  kubectl apply -f - -n $NAMESPACE


helm repo add defectdojo 'https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/helm-charts'
helm repo update
helm upgrade --install \
  defectdojo defectdojo/defectdojo \
  -f values.yml \
  --version=$DEFECTDOJO_VERSION \
  --namespace=$NAMESPACE


kubectl apply -f ingress.yml -n $NAMESPACE
initially working 2025-02-19 17:48:56 +01:00			`#!/bin/bash`

			`NAMESPACE=$(cat namespace)`
			`DEFECTDOJO_VERSION=1.6.174`

			`kubectl create namespace $NAMESPACE \`
			`--dry-run=client \`
			`-o yaml \| \`
			`kubectl -f - apply`

openidconnect, not yet working 2025-02-28 23:05:07 +01:00			`if [ -f secrets.txt ]; then`
			`. secrets.txt`
			`else`
			SECRETS_FILE=`mktemp`
			`gpg --decrypt --passphrase $GPG_PASSPHRASE --yes --batch --homedir /tmp/.gnupg --output $SECRETS_FILE secrets.asc`
			`. $SECRETS_FILE`
			`rm $SECRETS_FILE`
			# eval "`cat secrets.asc \| /usr/local/bin/decrypt-secrets.sh`"
			`fi`
initially working 2025-02-19 17:48:56 +01:00
			`kubectl create secret generic defectdojo-postgresql-specific \`
			`--dry-run=client \`
			`-o yaml \`
			`--save-config \`
			`--from-literal=postgresql-password="$PGPASSWORD" \| \`
			`kubectl apply -f - -n $NAMESPACE`

			`kubectl create secret generic defectdojo-redis-specific \`
			`--dry-run=client \`
			`-o yaml \`
			`--save-config \`
			`--from-literal=redis-password="" \| \`
			`kubectl apply -f - -n $NAMESPACE`

openidconnect, not yet working 2025-02-28 23:05:07 +01:00			`kubectl create secret generic defectdojo-extrasecrets \`
			`--dry-run=client \`
			`-o yaml \`
			`--save-config \`
			`--from-literal=DD_SESSION_COOKIE_SECURE="True" \`
			`--from-literal=DD_CSRF_COOKIE_SECURE="True" \`
			`--from-literal=DD_SECURE_SSL_REDIRECT="True" \`
			`--from-literal=DD_SOCIAL_AUTH_KEYCLOAK_OAUTH2_ENABLED="True" \`
			`--from-literal=DD_SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY="$KEYCLOAK_PUBLIC_KEY" \`
			`--from-literal=DD_SOCIAL_AUTH_KEYCLOAK_KEY="defectdojo" \`
			`--from-literal=DD_SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL="https://auth2.hottis.de/realms/hottis/protocol/openid-connect/auth" \`
			`--from-literal=DD_SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL="https://auth2.hottis.de/realms/hottis/protocol/openid-connect/token" \`
			`--from-literal=DD_SOCIAL_AUTH_KEYCLOAK_SECRET="$OPENID_SECRET" \| \`
			`kubectl apply -f - -n $NAMESPACE`

initially working 2025-02-19 17:48:56 +01:00
			`helm repo add defectdojo 'https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/helm-charts'`
			`helm repo update`
			`helm upgrade --install \`
			`defectdojo defectdojo/defectdojo \`
			`-f values.yml \`
			`--version=$DEFECTDOJO_VERSION \`
			`--namespace=$NAMESPACE`


			`kubectl apply -f ingress.yml -n $NAMESPACE`