Functional

danmanners · Nov 10, 2023 · 2df3a8f · 2df3a8f
1 parent 34dad3e
commit 2df3a8f
Show file tree

Hide file tree

Showing 5 changed files with 49 additions and 4 deletions.
diff --git a/manifests/workloads/kubeclarity/db-root-creds.yaml b/manifests/workloads/kubeclarity/db-root-creds.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+data:
+  password: dUJnenFVMWU3N3dQeEpKc29CZzRoQmpwR09keHMx
+  username: cG9zdGdyZXM=
+kind: Secret
+metadata:
+  name: postgres-superuser
+  namespace: kubeclarity
+type: kubernetes.io/basic-auth
diff --git a/manifests/workloads/kubeclarity/initdb.yaml b/manifests/workloads/kubeclarity/initdb.yaml
@@ -0,0 +1,35 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: kubeclarity-initdb
+  namespace: kubeclarity
+  labels:
+    app: kubeclarity
+spec:
+  backoffLimit: 4
+  template:
+    spec:
+      restartPolicy: OnFailure
+      containers:
+      - name: kubeclarity-initdb
+        image: core.harbor.homelab.danmanners.com/ghcr.io/onedr0p/postgres-initdb:14.8
+        imagePullPolicy: IfNotPresent
+        env:
+        - name: POSTGRES_HOST
+          value: "primary-rw.postgres.svc.cluster.local"
+        - name: POSTGRES_DB
+          value: kubeclarity
+        - name: POSTGRES_SUPER_PASS
+          valueFrom:
+            secretKeyRef:
+              name: postgres-superuser
+              key: password
+        - name: POSTGRES_USER
+          value: kubeclarity
+        - name: POSTGRES_PASS
+          valueFrom:
+            secretKeyRef:
+              name: kubeclarity-postgresql-secret
+              key: secretKey
+        - name: POSTGRES_PORT
+          value: "5432"
diff --git a/manifests/workloads/kubeclarity/kustomization.yaml b/manifests/workloads/kubeclarity/kustomization.yaml
@@ -3,6 +3,7 @@ kind: Kustomization
 namespace: kubeclarity
 
 resources:
+- db-root-creds.yaml
 - external-dns.yaml
 - ingress-basicAuth.yaml
 - postgresSecret.yaml
diff --git a/manifests/workloads/kubeclarity/postgresSecret.yaml b/manifests/workloads/kubeclarity/postgresSecret.yaml
@@ -6,7 +6,7 @@ metadata:
   namespace: kubeclarity
 spec:
   encryptedData:
-    secretKey: AgCz1Ml8IcfESeKLShP7pFGgqxdUkmcvTdICfHvEktbZJmDm8lrEnn4pP1BixddoJHbAXJ6i5GvpVpL6Yy+Fkst01ZPGu9M0cAmjorX66wcVSI9CzinNL2iT1wTNl4IIEaGY4MfGm0MG7l+tybbkIAzFqCssNjnRGZcBC7tmXFhAAhznIMGYITqO1emmM1w4jOgUu/F5YJlg8n2Vfsy/PrQbtgFupR21kBQ5mEaiOWFTpWUPECPFsC3q9McTuMikT1P1R56AiH0r5PnG8tJohjF8Bdud+cYvLoGYPbBW42JSgNzfjpVhMiNOqJ87lAloGvlUN/bUZKVilbc9SZxUhuUCQmL0Wq4N0MRk29NfG9HYD7530J/FxNlrB9sA3Q5JE59WMZ8cQ7PH9JKeDPmoMK6LtBPwQrxKMYdUdkBo764V+WHAEujuJ8D2e1rncAt2Q+umGiWgNLkP8oLMz8uJ5VQ0IHrWRYpWKZ5NbtrfluJLSQPVzz9ga1ceIU9c1BWaKLin2XH4i5YoFC012BCg20zNytYVitM23Sx6Qm4ZdGgVrFpfq1GgUQ/B/ab/DLbUT+uwdn4GZihf9LP66falzocH+EzwM0vOmiXYfsuKG5EmTcRSwiHDYOZIVfo9qTrPs2dvZBHLBtrdm+Xm4bhn2BkvYmiVNjsozTAPFZj9yllIoXStH4hUXClt2BXpCHaa1f9UCR7ib7+TSj4+qAMm03fuXC40/K3OKQhH1Xto7LCB7ALhQeKXTzJxTubz5F9MIKemlBX3mJgKkn+zGV4=
+    secretKey: AgBPP/TI3HUni5Cy5nFvEDPS/zvo8rZqx+vWRNNgajuq/nUEJFxoJ6CkcvZKBZTfiJnjYsqduwQ+bEbCN0RsKitMWhJGMCVBPdvPTF6qqfrXurck7+DIacShz53ZUQ81Q0ngns7PaDZnzHSqNyJe9+Nb8hMjfM6WzNTR8KBAbbpFg7Aj0oINhqCoqbMa+CTNJp0MdTGb5aOC5om6KHudWg4r195MsQ4MyA5NZgKMtBDSDK/NeJA055D47alcSFzVA5ukyFmeREJl4TepCXjKmJYNEzYoNPM1JR5wGLru2MvsRznYdwXpDuvEMzABKKxhAFyUkdZXiGge4uTt+G7bamy+wmRkQNqSAp2/sZnh988n7yOujey0vrVBBrf/pgU5iIPi1AvZJ715zwopfwRe3opMcMqsDic1FpBp7Qgg8xy22bROvBCip7NflxJthy73XY5adClesU4it6GWK/c8pQnW/K+1LgyX9nHVb53d1T3+u4kh3uFm+PH3YfVTFNhkbeUFgmAPCrKHPIWNZLxV3vu7Fne0R6vwTY5gxni9SFDxWeON3OlNNL4a5f58D7jODTSC2baeq5X/7w9BrqfL/tQ1A5S9TvA1Z1W4mDFGnyLDFvsk1FyIdQ/PDyj3U5e6I7EzRu1XVQe+C0vpjt14PI6iIoj6o/0dCB0W7K/F+QcPNEH2syYvcjhVCOeR2p1D1olN1fNoxdmW1RbKebeZSZP588d6bL0q4oP0v5tIGfoBJ9p1aDeF9kbl5qdZE1Un4gj1Xv1Who99HnugUSA=
   template:
     metadata:
       creationTimestamp: null

diff --git a/manifests/workloads/kubeclarity/values.yaml b/manifests/workloads/kubeclarity/values.yaml
@@ -171,7 +171,7 @@ kubeclarity-runtime-scan:
     ## Scanner config.
     scanner:
       ## Space seperated list of scanners. (grype dependency-track)
-      scannerList: "grype"
+      scannerList: "grype dependency-track trivy"
 
       grype:
         ## Enable grype scanner, if true make sure to add it to scannerList above
@@ -187,7 +187,7 @@ kubeclarity-runtime-scan:
       dependency-track:
         ## Enable dependency-track scanner, if true make sure to add it to scannerList above
         ##
-        enabled: false
+        enabled: true
         insecureSkipVerify: "true"
         disableTls: "true"
         apiserverAddress: "dependency-track-apiserver.dependency-track"
@@ -197,7 +197,7 @@ kubeclarity-runtime-scan:
         ## Enable trivy scanner, if true make sure to add it to scannerList above.
         ## To guarentee reliable scans, also ensure that the trivy analyzer is enabled.
         ##
-        enabled: false
+        enabled: true
         timeout: "300"