initially working

2025-02-19 17:48:56 +01:00 · 2025-02-19 17:48:56 +01:00 · 26528365e7
commit 26528365e7
6 changed files with 97 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,2 @@
+secrets.txt
+.venv/
--- a/deployment/ingress.yml
+++ b/deployment/ingress.yml
@ -0,0 +1,22 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: defectdojo
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-production-http
+spec:
+  tls:
+    - hosts:
+        - defectdojo.hottis.de
+      secretName: defectdojo-cert
+  rules:
+    - host: defectdojo.hottis.de
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service: 
+                name: defectdojo-django
+                port: 
+                  number: 80
--- a/deployment/install.sh
+++ b/deployment/install.sh
@ -0,0 +1,41 @@
+#!/bin/bash
+
+NAMESPACE=$(cat namespace)
+DEFECTDOJO_VERSION=1.6.174
+
+kubectl create namespace $NAMESPACE \
+  --dry-run=client \
+  -o yaml | \
+  kubectl -f - apply
+
+SECRETS_FILE=`mktemp`
+gpg --decrypt --passphrase $GPG_PASSPHRASE --yes --batch --homedir /tmp/.gnupg --output $SECRETS_FILE secrets.asc
+. $SECRETS_FILE
+rm $SECRETS_FILE
+# eval "`cat secrets.asc | /usr/local/bin/decrypt-secrets.sh`"
+
+kubectl create secret generic defectdojo-postgresql-specific \
+  --dry-run=client \
+  -o yaml \
+  --save-config \
+  --from-literal=postgresql-password="$PGPASSWORD" | \
+  kubectl apply -f - -n $NAMESPACE
+
+kubectl create secret generic defectdojo-redis-specific \
+  --dry-run=client \
+  -o yaml \
+  --save-config \
+  --from-literal=redis-password="" | \
+  kubectl apply -f - -n $NAMESPACE
+
+
+helm repo add defectdojo 'https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/helm-charts'
+helm repo update
+helm upgrade --install \
+  defectdojo defectdojo/defectdojo \
+  -f values.yml \
+  --version=$DEFECTDOJO_VERSION \
+  --namespace=$NAMESPACE
+
+
+kubectl apply -f ingress.yml -n $NAMESPACE
--- a/deployment/namespace
+++ b/deployment/namespace
@ -0,0 +1 @@
+defectdojo
--- a/deployment/secrets.asc
+++ b/deployment/secrets.asc
@ -0,0 +1,7 @@
+-----BEGIN PGP MESSAGE-----
+
+jA0ECQMIBTFqH76O+EH80m0BfrFMTw8TSSx9cXepIYKzXVS40qB8WtHg4Dvu96jH
+E6DH3djCVjketkrTLm2n8gwT6FjcQXtinqhU8IqUiP1nLIu24ZHgy5+Y83MeGN4/
+dN/TcgiGmXiMM9N0VjGCJeUZ2aHNNunmQeSxVnrv
+=X3R9
+-----END PGP MESSAGE-----
--- a/deployment/values.yml
+++ b/deployment/values.yml
@ -0,0 +1,24 @@
+createSecret: true
+createPostgresqlSecret: false
+createRedisSecret: false
+
+siteUrl: "https://defectdojo.hottis.de"
+alternativeHosts:
+  - defectdojo.hottis.de
+
+django:
+  ingress:
+    enabled: false
+
+postgresql:
+  enabled: false
+  postgresServer: database.database1.svc.cluster.local
+
+redis:
+  enabled: false
+  redisServer: redis-master.redis.svc.cluster.local
+
+celery:
+  path: "/6"
+
+