Skip to content

Fix update function for gdscan pod #93 #98

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
doxthree merged 5 commits into from
Feb 5, 2025
Merged

Fix update function for gdscan pod #93 #98

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
0421edb
Fix update function for gdscan pod #93
pstadermann Feb 4, 2025
cd0b2da
Use HTTP API for smoke test
pstadermann Feb 4, 2025
91c8995
Update .github/workflows/ci.yaml
doxthree Feb 4, 2025
9c087ac
change assertion in log
doxthree Feb 4, 2025
df42899
update chart version
doxthree Feb 5, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 4 additions & 5 deletions .github/workflows/ci.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ jobs:
with:
fetch-depth: 0
path: vaas-helm

- name: Checkout Vaas Java SDK
uses: actions/checkout@v4
with:
Expand Down Expand Up @@ -72,7 +72,7 @@ jobs:
- name: Set up kubectl
uses: azure/setup-kubectl@v4
with:
version: 'latest'
version: "latest"

- name: Install Helm
uses: azure/setup-helm@v4
Expand Down Expand Up @@ -125,11 +125,10 @@ jobs:
export SCAN_PATH=$(pwd)/build.gradle
export CLIENT_ID=vaas
export CLIENT_SECRET=$(minikube kubectl -- get secret -n vaas vaas-client-secret -o jsonpath="{.data.secret}" | base64 -d)
export VAAS_URL=ws://vaas/ws
export VAAS_URL=http://vaas
export TOKEN_URL=http://vaas/auth/protocol/openid-connect/token
gradle fileScan
gradle fileScan
minikube kubectl -- logs -n vaas $(minikube kubectl -- get pods -n vaas -l app.kubernetes.io/name=gateway -o jsonpath="{.items[0].metadata.name}") | grep "Got verdict from store: Clean"
minikube kubectl -- logs -n vaas $(minikube kubectl -- get pods -n vaas -l app.kubernetes.io/name=gateway -o jsonpath="{.items[0].metadata.name}") | grep '"Verdict":"Clean","Url":null,"Source":"Cache"'
cd -

- name: Push chart
Expand Down
2 changes: 1 addition & 1 deletion charts/vaas/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
apiVersion: v2
name: vaas
version: 2.5.2
version: 2.6.0
description: Deployment of a Verdict-as-a-Service on-premise instance
maintainers:
- name: G DATA CyberDefense AG
Expand Down
11 changes: 10 additions & 1 deletion charts/vaas/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -160,6 +160,8 @@ gateway:
drop: ["ALL"]
seccompProfile:
type: RuntimeDefault
runAsUser: 1001
runAsGroup: 1001
image:
repository: ghcr.io/gdatasoftwareag/vaas/gateway
pullPolicy: Always
Expand Down Expand Up @@ -211,6 +213,8 @@ gdscan:
drop: ["ALL"]
seccompProfile:
type: RuntimeDefault
runAsUser: 1001
runAsGroup: 1001
terminationGracePeriodSeconds: 30

nameOverride: ""
Expand Down Expand Up @@ -283,6 +287,8 @@ gdscan:
drop: ["ALL"]
seccompProfile:
type: RuntimeDefault
runAsUser: 1000
runAsGroup: 1000
podAnnotations: {}
enabled: true
# every hour
Expand Down Expand Up @@ -316,7 +322,8 @@ redis:
enabled: false
podSecurityContext:
enabled: true
fsGroup: 1654
fsGroupChangePolicy: "OnRootMismatch"
fsGroup: 1001
containerSecurityContext:
enabled: true
readOnlyRootFilesystem: true
Expand All @@ -326,5 +333,7 @@ redis:
drop: ["ALL"]
seccompProfile:
type: RuntimeDefault
runAsUser: 1001
runAsGroup: 1001
networkPolicy:
enabled: true