From 26528365e78aa5079a7bdd32ef0359f17f99065a Mon Sep 17 00:00:00 2001
From: Wolfgang Hottgenroth <wolfgang.hottgenroth@icloud.com>
Date: Wed, 19 Feb 2025 17:48:56 +0100
Subject: [PATCH] initially working

---
 .gitignore             |  2 ++
 deployment/ingress.yml | 22 ++++++++++++++++++++++
 deployment/install.sh  | 41 +++++++++++++++++++++++++++++++++++++++++
 deployment/namespace   |  1 +
 deployment/secrets.asc |  7 +++++++
 deployment/values.yml  | 24 ++++++++++++++++++++++++
 6 files changed, 97 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 deployment/ingress.yml
 create mode 100755 deployment/install.sh
 create mode 100644 deployment/namespace
 create mode 100644 deployment/secrets.asc
 create mode 100644 deployment/values.yml

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..f4d1338
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+secrets.txt
+.venv/
diff --git a/deployment/ingress.yml b/deployment/ingress.yml
new file mode 100644
index 0000000..f5f1e45
--- /dev/null
+++ b/deployment/ingress.yml
@@ -0,0 +1,22 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: defectdojo
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-production-http
+spec:
+  tls:
+    - hosts:
+        - defectdojo.hottis.de
+      secretName: defectdojo-cert
+  rules:
+    - host: defectdojo.hottis.de
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service: 
+                name: defectdojo-django
+                port: 
+                  number: 80
diff --git a/deployment/install.sh b/deployment/install.sh
new file mode 100755
index 0000000..ee42c53
--- /dev/null
+++ b/deployment/install.sh
@@ -0,0 +1,41 @@
+#!/bin/bash
+
+NAMESPACE=$(cat namespace)
+DEFECTDOJO_VERSION=1.6.174
+
+kubectl create namespace $NAMESPACE \
+  --dry-run=client \
+  -o yaml | \
+  kubectl -f - apply
+
+SECRETS_FILE=`mktemp`
+gpg --decrypt --passphrase $GPG_PASSPHRASE --yes --batch --homedir /tmp/.gnupg --output $SECRETS_FILE secrets.asc
+. $SECRETS_FILE
+rm $SECRETS_FILE
+# eval "`cat secrets.asc | /usr/local/bin/decrypt-secrets.sh`"
+
+kubectl create secret generic defectdojo-postgresql-specific \
+  --dry-run=client \
+  -o yaml \
+  --save-config \
+  --from-literal=postgresql-password="$PGPASSWORD" | \
+  kubectl apply -f - -n $NAMESPACE
+
+kubectl create secret generic defectdojo-redis-specific \
+  --dry-run=client \
+  -o yaml \
+  --save-config \
+  --from-literal=redis-password="" | \
+  kubectl apply -f - -n $NAMESPACE
+
+
+helm repo add defectdojo 'https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/helm-charts'
+helm repo update
+helm upgrade --install \
+  defectdojo defectdojo/defectdojo \
+  -f values.yml \
+  --version=$DEFECTDOJO_VERSION \
+  --namespace=$NAMESPACE
+
+
+kubectl apply -f ingress.yml -n $NAMESPACE
diff --git a/deployment/namespace b/deployment/namespace
new file mode 100644
index 0000000..b2fe1be
--- /dev/null
+++ b/deployment/namespace
@@ -0,0 +1 @@
+defectdojo
diff --git a/deployment/secrets.asc b/deployment/secrets.asc
new file mode 100644
index 0000000..65ac0df
--- /dev/null
+++ b/deployment/secrets.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP MESSAGE-----
+
+jA0ECQMIBTFqH76O+EH80m0BfrFMTw8TSSx9cXepIYKzXVS40qB8WtHg4Dvu96jH
+E6DH3djCVjketkrTLm2n8gwT6FjcQXtinqhU8IqUiP1nLIu24ZHgy5+Y83MeGN4/
+dN/TcgiGmXiMM9N0VjGCJeUZ2aHNNunmQeSxVnrv
+=X3R9
+-----END PGP MESSAGE-----
diff --git a/deployment/values.yml b/deployment/values.yml
new file mode 100644
index 0000000..937914f
--- /dev/null
+++ b/deployment/values.yml
@@ -0,0 +1,24 @@
+createSecret: true
+createPostgresqlSecret: false
+createRedisSecret: false
+
+siteUrl: "https://defectdojo.hottis.de"
+alternativeHosts:
+  - defectdojo.hottis.de
+
+django:
+  ingress:
+    enabled: false
+
+postgresql:
+  enabled: false
+  postgresServer: database.database1.svc.cluster.local
+
+redis:
+  enabled: false
+  redisServer: redis-master.redis.svc.cluster.local
+
+celery:
+  path: "/6"
+
+