diff --git a/charts/awsmp-datree-admission-webhook/Chart.yaml b/charts/awsmp-datree-admission-webhook/Chart.yaml index 358b9f79..36c31bc4 100644 --- a/charts/awsmp-datree-admission-webhook/Chart.yaml +++ b/charts/awsmp-datree-admission-webhook/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -name: datree-admission-webhook +name: awsmp-datree-admission-webhook description: A Helm chart for Datree admission webhook for Kubernetes clusters icon: https://github.com/datreeio/admission-webhook-datree/blob/main/internal/images/diagram.png type: application diff --git a/charts/awsmp-datree-free-admission-webhook/Chart.yaml b/charts/awsmp-datree-free-admission-webhook/Chart.yaml new file mode 100644 index 00000000..58fd6bcf --- /dev/null +++ b/charts/awsmp-datree-free-admission-webhook/Chart.yaml @@ -0,0 +1,31 @@ +apiVersion: v2 +name: awsmp-datree-free-admission-webhook +description: A Helm chart for Datree admission webhook for Kubernetes clusters +icon: https://github.com/datreeio/admission-webhook-datree/blob/main/internal/images/diagram.png +type: application +keywords: + - datree-admission-webhook + - policy agent + - validating webhook + - admissions controller +home: datree.io +sources: + - https://github.com/datreeio/admission-webhook-datree + +kubeVersion: ">=1.16.0-0" + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.1.21" + +dependencies: + - name: datree-lib + version: 0.1.0 + repository: file://../datree-lib diff --git a/charts/awsmp-datree-free-admission-webhook/values.schema.json b/charts/awsmp-datree-free-admission-webhook/values.schema.json new file mode 100644 index 00000000..92f2d0b1 --- /dev/null +++ b/charts/awsmp-datree-free-admission-webhook/values.schema.json @@ -0,0 +1,239 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "namespace": { + "type": "string", + "description": "The name of the namespace all resources will be created in, if not specified in the release." + }, + "replicaCount": { + "type": "integer", + "description": "The number of Datree webhook-server replicas to deploy for the webhook.", + "minimum": 2 + }, + "customLabels": { + "type": "object", + "description": "Additional labels to add to all resources." + }, + "customAnnotations": { + "type": "object", + "description": "Additional annotations to add to all resources." + }, + "debug": { + "type": "boolean", + "description": "Run the webhook-server in debug mode, this will log debug information to the console." + }, + "rbac": { + "type": "object", + "description": "Required ClusterRoles, ClusterRoleBindings, and ServiceAccount for datree-webhook-server, If not created they should be provided.", + "properties": { + "serviceAccount": { + "type": "object", + "properties": { + "create": { + "type": "boolean", + "description": "Create or not the ServiceAccount for the webhook-server. If not created it should be provided." + }, + "name": { + "type": "string", + "description": "The ServiceAccount name" + } + }, + "required": ["create", "name"] + }, + "clusterRole": { + "type": "object", + "properties": { + "create": { + "type": "boolean", + "description": "Create or not the ClusterRole for the webhook-server. If not created it should be provided." + }, + "name": { + "type": "string", + "description": "The ClusterRole name" + } + }, + "required": ["create", "name"] + } + }, + "required": ["serviceAccount", "clusterRole"] + }, + "datree": { + "type": "object", + "description": "Datree webhook configuration. (Checkout more details at htttps://hub.datree.com)", + "properties": { + "token": { + "type": "string", + "description": "The token used to link the CLI to your dashboard." + }, + "policy": { + "type": "string", + "description": "The name of the policy to check, e.g: staging." + }, + "verbose": { + "type": "string", + "description": "Display 'How to Fix' link for failed rules in output." + }, + "output": { + "type": "string", + "description": "The format output of the policy check results: yaml, json, xml, simple, JUnit." + }, + "noRecord": { + "type": "string", + "description": "Don't record the results of the policy check." + } + }, + "required": ["token", "policy", "verbose", "output", "noRecord"] + }, + "image": { + "type": "object", + "description": "The Datree webhook-server image to use.", + "properties": { + "repository": { + "type": "string", + "description": "Image repository" + }, + "tag": { + "type": "string", + "description": "Image tag", + "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$" + }, + "pullPolicy": { + "type": "string", + "description": "Image pull policy", + "pattern": "^(Always|Never|IfNotPresent)$" + } + }, + "required": ["repository", "tag", "pullPolicy"] + }, + "securityContext": { + "type": "object", + "description": "Security context for the webhook-server containers", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + } + }, + "required": [ + "allowPrivilegeEscalation", + "readOnlyRootFilesystem", + "runAsNonRoot", + "runAsUser" + ] + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "memory": { + "type": "string" + } + }, + "required": ["memory"] + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": ["string", "integer"] + }, + "memory": { + "type": ["string", "integer"] + } + }, + "required": ["cpu", "memory"] + } + }, + "required": ["limits", "requests"] + }, + "hooks": { + "type": "object", + "description": "Helm Hooks: pre-install and pre-delete that the chart run during install", + "properties": { + "timeoutTime": { + "type": ["integer", "null"], + "description": "The timeout time the hook will wait for the webhook-server is ready." + }, + "image": { + "type": "object", + "description": "The image for running kubectl commands", + "properties": { + "repository": { + "type": "string" + }, + "sha": { + "type": "string", + "pattern": "^sha256\\W[a-f0-9]{64}$" + }, + "pullPolicy": { + "type": "string", + "pattern": "^(Always|Never|IfNotPresent)$" + } + }, + "required": ["repository", "sha", "pullPolicy"] + } + }, + "required": ["image"] + }, + "aws": { + "type": "object", + "description": "AWS Marketplace configuration", + "properties": { + "licenseConfigSecretName": { + "type": "string", + "description": "The name of the secret that contains the license configuration." + }, + "region": { + "type": "string", + "description": "The AWS Region", + "pattern": "(af|ap|ca|eu|me|sa|us)-(central|north|(north(?:east|west))|south|south(?:east|west)|east|west)-\\d+" + }, + "enableCheckEntitlement": { + "type": "boolean", + "description": "Enable or not AWS Marketplace license checkout, this is relevant for paid products only." + }, + "productId": { + "type": "string", + "description": "The application's Product SKU (Product ID)" + }, + "issuerKey": { + "type": "string", + "description": "The trusted issuer of the license (AWS Marketplace)", + "enum": ["aws:294406891311:AWS/Marketplace:issuer-fingerprint"] + } + }, + "required": [ + "licenseConfigSecretName", + "region", + "enableCheckEntitlement", + "productId", + "issuerKey" + ] + } + }, + "required": [ + "namespace", + "replicaCount", + "customLabels", + "customAnnotations", + "debug", + "rbac", + "datree", + "image", + "securityContext", + "resources", + "hooks", + "aws" + ] +} diff --git a/charts/datree-admission-webhook/values-awsmp-datree-free.yaml b/charts/awsmp-datree-free-admission-webhook/values.yaml similarity index 100% rename from charts/datree-admission-webhook/values-awsmp-datree-free.yaml rename to charts/awsmp-datree-free-admission-webhook/values.yaml diff --git a/charts/datree-admission-webhook/templates/service.yaml b/charts/datree-admission-webhook/templates/service.yaml index 9de309d0..63e43841 100644 --- a/charts/datree-admission-webhook/templates/service.yaml +++ b/charts/datree-admission-webhook/templates/service.yaml @@ -1 +1,5 @@ {{- include "datree-lib.service" .}} +--- +{{- include "datree-lib.serviceaccounts" .}} +--- +