initially working

2025-02-19 17:48:56 +01:00 · 2025-02-19 17:48:56 +01:00 · 26528365e7
commit 26528365e7
6 changed files with 97 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,2 @@
 secrets.txt
 .venv/
--- a/deployment/ingress.yml
+++ b/deployment/ingress.yml
@ -0,0 +1,22 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: defectdojo
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-production-http
 spec:
  tls:
    - hosts:
        - defectdojo.hottis.de
      secretName: defectdojo-cert
  rules:
    - host: defectdojo.hottis.de
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service: 
                name: defectdojo-django
                port: 
                  number: 80
--- a/deployment/install.sh
+++ b/deployment/install.sh
@ -0,0 +1,41 @@
 #!/bin/bash
 NAMESPACE=$(cat namespace)
 DEFECTDOJO_VERSION=1.6.174
 kubectl create namespace $NAMESPACE \
  --dry-run=client \
  -o yaml | \
  kubectl -f - apply
 SECRETS_FILE=`mktemp`
 gpg --decrypt --passphrase $GPG_PASSPHRASE --yes --batch --homedir /tmp/.gnupg --output $SECRETS_FILE secrets.asc
 . $SECRETS_FILE
 rm $SECRETS_FILE
 # eval "`cat secrets.asc | /usr/local/bin/decrypt-secrets.sh`"
 kubectl create secret generic defectdojo-postgresql-specific \
  --dry-run=client \
  -o yaml \
  --save-config \
  --from-literal=postgresql-password="$PGPASSWORD" | \
  kubectl apply -f - -n $NAMESPACE
 kubectl create secret generic defectdojo-redis-specific \
  --dry-run=client \
  -o yaml \
  --save-config \
  --from-literal=redis-password="" | \
  kubectl apply -f - -n $NAMESPACE
 helm repo add defectdojo 'https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/helm-charts'
 helm repo update
 helm upgrade --install \
  defectdojo defectdojo/defectdojo \
  -f values.yml \
  --version=$DEFECTDOJO_VERSION \
  --namespace=$NAMESPACE
 kubectl apply -f ingress.yml -n $NAMESPACE
--- a/deployment/namespace
+++ b/deployment/namespace
@ -0,0 +1 @@
 defectdojo
--- a/deployment/secrets.asc
+++ b/deployment/secrets.asc
@ -0,0 +1,7 @@
 -----BEGIN PGP MESSAGE-----
 jA0ECQMIBTFqH76O+EH80m0BfrFMTw8TSSx9cXepIYKzXVS40qB8WtHg4Dvu96jH
 E6DH3djCVjketkrTLm2n8gwT6FjcQXtinqhU8IqUiP1nLIu24ZHgy5+Y83MeGN4/
 dN/TcgiGmXiMM9N0VjGCJeUZ2aHNNunmQeSxVnrv
 =X3R9
 -----END PGP MESSAGE-----
--- a/deployment/values.yml
+++ b/deployment/values.yml
@ -0,0 +1,24 @@
 createSecret: true
 createPostgresqlSecret: false
 createRedisSecret: false
 siteUrl: "https://defectdojo.hottis.de"
 alternativeHosts:
  - defectdojo.hottis.de
 django:
  ingress:
    enabled: false
 postgresql:
  enabled: false
  postgresServer: database.database1.svc.cluster.local
 redis:
  enabled: false
  redisServer: redis-master.redis.svc.cluster.local
 celery:
  path: "/6"