Skip to content

Commit

Permalink
adding service deployment for meshcard service
Browse files Browse the repository at this point in the history
  • Loading branch information
@MichaelLukowski
MichaelLukowski committed Nov 11, 2024
1 parent dea6974 commit d57ae24
Show file tree
Hide file tree
Showing 5 changed files with 195 additions and 47 deletions.
82 changes: 35 additions & 47 deletions .secrets.baseline
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,6 @@
{
"name": "GitHubTokenDetector"
},
{
"name": "GitLabTokenDetector"
},
{
"name": "HexHighEntropyString",
"limit": 3.0
Expand All @@ -39,9 +36,6 @@
{
"name": "IbmCosHmacDetector"
},
{
"name": "IPPublicDetector"
},
{
"name": "JwtTokenDetector"
},
Expand All @@ -55,15 +49,9 @@
{
"name": "NpmDetector"
},
{
"name": "OpenAIDetector"
},
{
"name": "PrivateKeyDetector"
},
{
"name": "PypiTokenDetector"
},
{
"name": "SendGridDetector"
},
Expand All @@ -79,9 +67,6 @@
{
"name": "StripeDetector"
},
{
"name": "TelegramBotTokenDetector"
},
{
"name": "TwilioKeyDetector"
}
Expand All @@ -90,10 +75,6 @@
{
"path": "detect_secrets.filters.allowlist.is_line_allowlisted"
},
{
"path": "detect_secrets.filters.common.is_baseline_file",
"filename": ".secrets.baseline"
},
{
"path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
"min_level": 2
Expand Down Expand Up @@ -261,15 +242,6 @@
"line_number": 154
}
],
"files/lambda/test-security_alerts.py": [
{
"type": "AWS Access Key",
"filename": "files/lambda/test-security_alerts.py",
"hashed_secret": "4e041fbfd5dd5918d3d5e968f5f739f815ae92da",
"is_verified": false,
"line_number": 5
}
],
"files/scripts/psql-fips-fix.sh": [
{
"type": "Secret Keyword",
Expand Down Expand Up @@ -991,63 +963,63 @@
"filename": "kube/services/fence/fence-deploy.yaml",
"hashed_secret": "dbd5f43594a152b52261c8e21520a3989823fe55",
"is_verified": false,
"line_number": 72
"line_number": 75
},
{
"type": "Secret Keyword",
"filename": "kube/services/fence/fence-deploy.yaml",
"hashed_secret": "1c062eaac9e6fa0766377d3cfc3e4a88982fecdb",
"is_verified": false,
"line_number": 75
"line_number": 78
},
{
"type": "Secret Keyword",
"filename": "kube/services/fence/fence-deploy.yaml",
"hashed_secret": "694cfd0a009a42055e975de9111b2f3c6e8a3634",
"is_verified": false,
"line_number": 78
"line_number": 81
},
{
"type": "Secret Keyword",
"filename": "kube/services/fence/fence-deploy.yaml",
"hashed_secret": "4b09a441cef18c75560f6c3caeafc96f2163c3fd",
"is_verified": false,
"line_number": 88
"line_number": 91
},
{
"type": "Secret Keyword",
"filename": "kube/services/fence/fence-deploy.yaml",
"hashed_secret": "7e7478a28dcc3695a083b66b47243b050c813e2d",
"is_verified": false,
"line_number": 91
"line_number": 94
},
{
"type": "Secret Keyword",
"filename": "kube/services/fence/fence-deploy.yaml",
"hashed_secret": "2f57bb00fcb93481c2be444e3e9f322b6cb5fadb",
"is_verified": false,
"line_number": 94
"line_number": 97
},
{
"type": "Secret Keyword",
"filename": "kube/services/fence/fence-deploy.yaml",
"hashed_secret": "98f5a68541a6d981bf5825f23dffe6a0b150e457",
"is_verified": false,
"line_number": 97
"line_number": 100
},
{
"type": "Secret Keyword",
"filename": "kube/services/fence/fence-deploy.yaml",
"hashed_secret": "0849046cdafcdb17f5a4bf5c528430d5e04ad295",
"is_verified": false,
"line_number": 100
"line_number": 103
},
{
"type": "Secret Keyword",
"filename": "kube/services/fence/fence-deploy.yaml",
"hashed_secret": "9ce05cf6168d15dfe02aac9ca9e0712c19c9436d",
"is_verified": false,
"line_number": 103
"line_number": 106
}
],
"kube/services/fenceshib/fenceshib-canary-deploy.yaml": [
Expand Down Expand Up @@ -2839,6 +2811,22 @@
"line_number": 68
}
],
"kube/services/meshcard/meshcard-deploy.yaml": [
{
"type": "Secret Keyword",
"filename": "kube/services/meshcard/meshcard-deploy.yaml",
"hashed_secret": "9ce05cf6168d15dfe02aac9ca9e0712c19c9436d",
"is_verified": false,
"line_number": 56
},
{
"type": "Secret Keyword",
"filename": "kube/services/meshcard/meshcard-deploy.yaml",
"hashed_secret": "72dcc2237d61927cc07b54edeca2bd279b94c377",
"is_verified": false,
"line_number": 59
}
],
"kube/services/metadata/metadata-deploy.yaml": [
{
"type": "Secret Keyword",
Expand Down Expand Up @@ -3040,63 +3028,63 @@
"filename": "kube/services/presigned-url-fence/presigned-url-fence-deploy.yaml",
"hashed_secret": "dbd5f43594a152b52261c8e21520a3989823fe55",
"is_verified": false,
"line_number": 74
"line_number": 78
},
{
"type": "Secret Keyword",
"filename": "kube/services/presigned-url-fence/presigned-url-fence-deploy.yaml",
"hashed_secret": "1c062eaac9e6fa0766377d3cfc3e4a88982fecdb",
"is_verified": false,
"line_number": 77
"line_number": 81
},
{
"type": "Secret Keyword",
"filename": "kube/services/presigned-url-fence/presigned-url-fence-deploy.yaml",
"hashed_secret": "694cfd0a009a42055e975de9111b2f3c6e8a3634",
"is_verified": false,
"line_number": 80
"line_number": 84
},
{
"type": "Secret Keyword",
"filename": "kube/services/presigned-url-fence/presigned-url-fence-deploy.yaml",
"hashed_secret": "4b09a441cef18c75560f6c3caeafc96f2163c3fd",
"is_verified": false,
"line_number": 90
"line_number": 94
},
{
"type": "Secret Keyword",
"filename": "kube/services/presigned-url-fence/presigned-url-fence-deploy.yaml",
"hashed_secret": "7e7478a28dcc3695a083b66b47243b050c813e2d",
"is_verified": false,
"line_number": 93
"line_number": 97
},
{
"type": "Secret Keyword",
"filename": "kube/services/presigned-url-fence/presigned-url-fence-deploy.yaml",
"hashed_secret": "2f57bb00fcb93481c2be444e3e9f322b6cb5fadb",
"is_verified": false,
"line_number": 96
"line_number": 100
},
{
"type": "Secret Keyword",
"filename": "kube/services/presigned-url-fence/presigned-url-fence-deploy.yaml",
"hashed_secret": "98f5a68541a6d981bf5825f23dffe6a0b150e457",
"is_verified": false,
"line_number": 99
"line_number": 103
},
{
"type": "Secret Keyword",
"filename": "kube/services/presigned-url-fence/presigned-url-fence-deploy.yaml",
"hashed_secret": "0849046cdafcdb17f5a4bf5c528430d5e04ad295",
"is_verified": false,
"line_number": 102
"line_number": 106
},
{
"type": "Secret Keyword",
"filename": "kube/services/presigned-url-fence/presigned-url-fence-deploy.yaml",
"hashed_secret": "9ce05cf6168d15dfe02aac9ca9e0712c19c9436d",
"is_verified": false,
"line_number": 105
"line_number": 109
}
],
"kube/services/qa-dashboard/qa-dashboard-deployment.yaml": [
Expand Down Expand Up @@ -3689,5 +3677,5 @@
}
]
},
"generated_at": "2024-08-27T21:36:15Z"
"generated_at": "2024-11-11T20:42:32Z"
}
9 changes: 9 additions & 0 deletions gen3/bin/kube-setup-meshcard.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
source "${GEN3_HOME}/gen3/lib/utils.sh"
gen3_load "gen3/lib/kube-setup-init"

[[ -z "$GEN3_ROLL_ALL" ]] && gen3 kube-setup-secrets

g3kubectl apply -f "${GEN3_HOME}/kube/services/kayako-wrapper/meshcard-service.yaml"
gen3 roll meshcard

gen3_log_info "The meshcard service has been deployed onto the kubernetes cluster"
101 changes: 101 additions & 0 deletions kube/services/meshcard/meshcard-deploy.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,101 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: meshcard-deployment
spec:
selector:
matchLabels:
app: meshcard
revisionHistoryLimit: 2
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 2
maxUnavailable: 25%
template:
metadata:
labels:
app: meshcard
public: "yes"
netnolimit: "yes"
userhelper: "yes"
GEN3_DATE_LABEL
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 25
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- meshcard
topologyKey: "kubernetes.io/hostname"
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
preference:
matchExpressions:
- key: karpenter.sh/capacity-type
operator: In
values:
- on-demand
- weight: 99
preference:
matchExpressions:
- key: eks.amazonaws.com/capacityType
operator: In
values:
- ONDEMAND
automountServiceAccountToken: false
volumes:
- name: ca-volume
secret:
secretName: "service-ca"
- name: config-volume
secret:
secretName: "meshcard-config"
- name: privacy-policy
configMap:
name: "privacy-policy"
containers:
- name: meshcard
GEN3_MESHCARD_IMAGE
readinessProbe:
httpGet:
path: /_status/
port: 8000
initialDelaySeconds: 30
periodSeconds: 60
timeoutSeconds: 30
livenessProbe:
httpGet:
path: /_status/
port: 8000
initialDelaySeconds: 60
periodSeconds: 60
timeoutSeconds: 30
failureThreshold: 6
resources:
requests:
cpu: 0.6
memory: 512Mi
limits:
cpu: 2
memory: 4096Mi
ports:
- containerPort: 8000
command:
- /bin/bash
- /src/start.sh
env:
- name: HOSTNAME
value: revproxy-service
volumeMounts:
- name: "ca-volume"
readOnly: true
mountPath: "/usr/local/share/ca-certificates/cdis/cdis-ca.crt"
subPath: "ca.pem"
imagePullPolicy: Always
19 changes: 19 additions & 0 deletions kube/services/meshcard/meshcard-service.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
kind: Service
apiVersion: v1
metadata:
name: meshcard-service
spec:
selector:
app: meshcard
ports:
- protocol: TCP
port: 80
targetPort: 8000
name: http
nodePort: null
- protocol: TCP
port: 443
targetPort: 8000
name: https
nodePort: null
type: ClusterIP
Loading

0 comments on commit d57ae24

Please sign in to comment.