From 549d5f6805eba79423b5f842df31a6eb4df2352e Mon Sep 17 00:00:00 2001 From: ahrav Date: Tue, 12 Sep 2023 08:48:19 -0700 Subject: [PATCH] add helm chart for Trufflehog (#1) --- .gitignore | 26 ++++++++++++++++ index.yaml | 12 ++++++++ trufflehog/Chart.yaml | 4 +++ trufflehog/templates/_helpers.tpl | 46 ++++++++++++++++++++++++++++ trufflehog/templates/deployment.yaml | 36 ++++++++++++++++++++++ trufflehog/values.yaml | 15 +++++++++ 6 files changed, 139 insertions(+) create mode 100644 .gitignore create mode 100644 index.yaml create mode 100644 trufflehog/Chart.yaml create mode 100644 trufflehog/templates/_helpers.tpl create mode 100644 trufflehog/templates/deployment.yaml create mode 100644 trufflehog/values.yaml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..3ca4247 --- /dev/null +++ b/.gitignore @@ -0,0 +1,26 @@ +# Helm ignore +*.tgz + +# Hidden directories +**/.DS_Store +**/.idea + +# Temp files +*.tmp +*.bak +*.swp +*.save + +# IDEs +.idea/ +.vscode/ +*.iml + +# Logs +logs/ +*.log + +# OS generated +*.pid +*.seed +*.pid.lock diff --git a/index.yaml b/index.yaml new file mode 100644 index 0000000..73157b7 --- /dev/null +++ b/index.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +entries: + trufflehog: + - apiVersion: v2 + created: "2023-09-12T08:47:06.739867-07:00" + description: A Helm chart for trufflehog secrets scanning + digest: ef6023985ef6d494093cf19077f70d09518b073271facfdec49c93790f3b4426 + name: trufflehog + urls: + - https://trufflescurity.github.io/helm-charts/trufflehog-0.1.0.tgz + version: 0.1.0 +generated: "2023-09-12T08:47:06.739412-07:00" diff --git a/trufflehog/Chart.yaml b/trufflehog/Chart.yaml new file mode 100644 index 0000000..5c24f79 --- /dev/null +++ b/trufflehog/Chart.yaml @@ -0,0 +1,4 @@ +apiVersion: v2 +name: trufflehog +description: A Helm chart for trufflehog secrets scanning +version: 0.1.0 diff --git a/trufflehog/templates/_helpers.tpl b/trufflehog/templates/_helpers.tpl new file mode 100644 index 0000000..36c2e62 --- /dev/null +++ b/trufflehog/templates/_helpers.tpl @@ -0,0 +1,46 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "trufflehog.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "trufflehog.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "trufflehog.labels" -}} +helm.sh/chart: {{ include "trufflehog.chart" . }} +{{ include "trufflehog.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "trufflehog.selectorLabels" -}} +app.kubernetes.io/name: {{ include "trufflehog.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Chart version +*/}} +{{- define "trufflehog.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/trufflehog/templates/deployment.yaml b/trufflehog/templates/deployment.yaml new file mode 100644 index 0000000..d3014cf --- /dev/null +++ b/trufflehog/templates/deployment.yaml @@ -0,0 +1,36 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "trufflehog.fullname" . }} + labels: + {{- include "trufflehog.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "trufflehog.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "trufflehog.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + spec: + volumes: + - name: config-secret-volume + secret: + secretName: {{ .Values.config.secretName }} + containers: + - name: trufflehog + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + terminationMessagePolicy: FallbackToLogsOnError + command: ["/usr/local/bin/scanner", "scan", "--config=/secret/config.yaml", "--port=8080"] + livenessProbe: + httpGet: + path: /healthz + port: 8080 + initialDelaySeconds: {{ .Values.probe.initialDelaySeconds }} + periodSeconds: {{ .Values.probe.periodSeconds }} + volumeMounts: + - name: config-secret-volume + mountPath: /secret/ diff --git a/trufflehog/values.yaml b/trufflehog/values.yaml new file mode 100644 index 0000000..0b2cdf9 --- /dev/null +++ b/trufflehog/values.yaml @@ -0,0 +1,15 @@ +replicaCount: 1 + +image: + repository: us-docker.pkg.dev/thog-artifacts/public/scanner + tag: latest + +config: + secretName: config + +probe: + initialDelaySeconds: 3 + periodSeconds: 3 + +nameOverride: "" +fullnameOverride: ""