initially working

This commit is contained in:
Wolfgang Hottgenroth 2025-02-19 17:48:56 +01:00
commit 26528365e7
Signed by: wn
GPG Key ID: 18FDFA577A8871AD
6 changed files with 97 additions and 0 deletions

2
.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
secrets.txt
.venv/

22
deployment/ingress.yml Normal file
View File

@ -0,0 +1,22 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: defectdojo
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production-http
spec:
tls:
- hosts:
- defectdojo.hottis.de
secretName: defectdojo-cert
rules:
- host: defectdojo.hottis.de
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: defectdojo-django
port:
number: 80

41
deployment/install.sh Executable file
View File

@ -0,0 +1,41 @@
#!/bin/bash
NAMESPACE=$(cat namespace)
DEFECTDOJO_VERSION=1.6.174
kubectl create namespace $NAMESPACE \
--dry-run=client \
-o yaml | \
kubectl -f - apply
SECRETS_FILE=`mktemp`
gpg --decrypt --passphrase $GPG_PASSPHRASE --yes --batch --homedir /tmp/.gnupg --output $SECRETS_FILE secrets.asc
. $SECRETS_FILE
rm $SECRETS_FILE
# eval "`cat secrets.asc | /usr/local/bin/decrypt-secrets.sh`"
kubectl create secret generic defectdojo-postgresql-specific \
--dry-run=client \
-o yaml \
--save-config \
--from-literal=postgresql-password="$PGPASSWORD" | \
kubectl apply -f - -n $NAMESPACE
kubectl create secret generic defectdojo-redis-specific \
--dry-run=client \
-o yaml \
--save-config \
--from-literal=redis-password="" | \
kubectl apply -f - -n $NAMESPACE
helm repo add defectdojo 'https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/helm-charts'
helm repo update
helm upgrade --install \
defectdojo defectdojo/defectdojo \
-f values.yml \
--version=$DEFECTDOJO_VERSION \
--namespace=$NAMESPACE
kubectl apply -f ingress.yml -n $NAMESPACE

1
deployment/namespace Normal file
View File

@ -0,0 +1 @@
defectdojo

7
deployment/secrets.asc Normal file
View File

@ -0,0 +1,7 @@
-----BEGIN PGP MESSAGE-----
jA0ECQMIBTFqH76O+EH80m0BfrFMTw8TSSx9cXepIYKzXVS40qB8WtHg4Dvu96jH
E6DH3djCVjketkrTLm2n8gwT6FjcQXtinqhU8IqUiP1nLIu24ZHgy5+Y83MeGN4/
dN/TcgiGmXiMM9N0VjGCJeUZ2aHNNunmQeSxVnrv
=X3R9
-----END PGP MESSAGE-----

24
deployment/values.yml Normal file
View File

@ -0,0 +1,24 @@
createSecret: true
createPostgresqlSecret: false
createRedisSecret: false
siteUrl: "https://defectdojo.hottis.de"
alternativeHosts:
- defectdojo.hottis.de
django:
ingress:
enabled: false
postgresql:
enabled: false
postgresServer: database.database1.svc.cluster.local
redis:
enabled: false
redisServer: redis-master.redis.svc.cluster.local
celery:
path: "/6"