diff --git a/.github/workflows/image-build.yml b/.github/workflows/image-build.yml index f2ce5d81..081f114d 100644 --- a/.github/workflows/image-build.yml +++ b/.github/workflows/image-build.yml @@ -105,7 +105,7 @@ jobs: labels: ${{ steps.meta.outputs.labels }} provenance: false sbom: false - outputs: oci-mediatypes=true,compression=zstd,compression-level=19,force-compression=true,type=image + outputs: oci-mediatypes=true,force-compression=true,type=image image-build-alpine-trivydb: name: image-build-alpine-trivydb runs-on: ubuntu-22.04 @@ -198,7 +198,7 @@ jobs: labels: ${{ steps.meta.outputs.labels }} provenance: false sbom: false - outputs: oci-mediatypes=true,compression=zstd,compression-level=19,force-compression=true,type=image + outputs: oci-mediatypes=true,force-compression=true,type=image build-args: | WITH_TRIVY_DB=true image-build-debian: @@ -293,7 +293,7 @@ jobs: labels: ${{ steps.meta.outputs.labels }} provenance: false sbom: false - outputs: oci-mediatypes=true,compression=zstd,compression-level=19,force-compression=true,type=image + outputs: oci-mediatypes=true,force-compression=true,type=image image-build-debian-trivydb: name: image-build-debian-trivydb runs-on: ubuntu-22.04 @@ -386,6 +386,6 @@ jobs: labels: ${{ steps.meta.outputs.labels }} provenance: false sbom: false - outputs: oci-mediatypes=true,compression=zstd,compression-level=19,force-compression=true,type=image + outputs: oci-mediatypes=true,force-compression=true,type=image build-args: | WITH_TRIVY_DB=true diff --git a/Makefile b/Makefile index 2ce9a620..99125447 100644 --- a/Makefile +++ b/Makefile @@ -65,10 +65,10 @@ lint-go: ## Use golintci-lint on your project ## Docker: docker-build: docker-build-builder-local dockerfile-local ## Use the dockerfile to build the sigma image - @docker buildx build --build-arg USE_MIRROR=$(USE_MIRROR) --build-arg WITH_TRIVY_DB=$(WITH_TRIVY_DB) -f build/all.alpine.Dockerfile --platform $(DOCKER_PLATFORMS) --progress plain --output type=docker,name=$(DOCKER_REGISTRY)/$(BINARY_NAME):latest,push=false,oci-mediatypes=true,compression=zstd,compression-level=12,force-compression=true . + @docker buildx build --build-arg USE_MIRROR=$(USE_MIRROR) --build-arg WITH_TRIVY_DB=$(WITH_TRIVY_DB) -f build/all.alpine.Dockerfile --platform $(DOCKER_PLATFORMS) --progress plain --output type=docker,name=$(DOCKER_REGISTRY)/$(BINARY_NAME):latest,push=false,oci-mediatypes=true,force-compression=true . docker-build-builder: ## Use the dockerfile to build the sigma-builder image - @docker buildx build --build-arg USE_MIRROR=$(USE_MIRROR) -f build/builder.Dockerfile --platform $(DOCKER_PLATFORMS) --progress plain --output type=docker,name=$(DOCKER_REGISTRY)/$(BINARY_NAME)-builder:latest,push=false,oci-mediatypes=true,compression=zstd,compression-level=12,force-compression=true . + @docker buildx build --build-arg USE_MIRROR=$(USE_MIRROR) -f build/builder.Dockerfile --platform $(DOCKER_PLATFORMS) --progress plain --output type=docker,name=$(DOCKER_REGISTRY)/$(BINARY_NAME)-builder:latest,push=false,oci-mediatypes=true,force-compression=true . docker-build-builder-local: ## Use the dockerfile to build the sigma-builder image and save to local tarball file @docker buildx build --build-arg USE_MIRROR=$(USE_MIRROR) -f build/builder.Dockerfile --platform linux/amd64,linux/arm64 --progress plain --output type=oci,name=$(DOCKER_REGISTRY)/$(BINARY_NAME)-builder:latest,push=false,oci-mediatypes=true,dest=./bin/builder.$(VERSION).tar . @@ -78,15 +78,15 @@ dockerfile-local: ## Use skopeo to copy dockerfile to local tarball file .PHONY: docker-build-web docker-build-web: ## Build the web image - @docker buildx build --build-arg USE_MIRROR=$(USE_MIRROR) -f build/web.Dockerfile --platform $(DOCKER_PLATFORMS) --progress plain --output type=docker,name=$(DOCKER_REGISTRY)/$(BINARY_NAME)-web:latest,push=false,oci-mediatypes=true,compression=zstd,compression-level=12,force-compression=true . + @docker buildx build --build-arg USE_MIRROR=$(USE_MIRROR) -f build/web.Dockerfile --platform $(DOCKER_PLATFORMS) --progress plain --output type=docker,name=$(DOCKER_REGISTRY)/$(BINARY_NAME)-web:latest,push=false,oci-mediatypes=true,force-compression=true . .PHONY: docker-build-trivy docker-build-trivy: ## Build the trivy image - @docker buildx build --build-arg USE_MIRROR=$(USE_MIRROR) -f build/trivy.Dockerfile --platform $(DOCKER_PLATFORMS) --progress plain --output type=docker,name=$(DOCKER_REGISTRY)/$(BINARY_NAME)-trivy:latest,push=false,oci-mediatypes=true,compression=zstd,compression-level=12,force-compression=true . + @docker buildx build --build-arg USE_MIRROR=$(USE_MIRROR) -f build/trivy.Dockerfile --platform $(DOCKER_PLATFORMS) --progress plain --output type=docker,name=$(DOCKER_REGISTRY)/$(BINARY_NAME)-trivy:latest,push=false,oci-mediatypes=true,force-compression=true . .PHONY: docker-build-local docker-build-local: build ## Build the local sigma image - @docker buildx build --build-arg USE_MIRROR=$(USE_MIRROR) --build-arg WITH_TRIVY_DB=$(WITH_TRIVY_DB) -f build/local.Dockerfile --platform $(DOCKER_PLATFORMS) --progress plain --output type=docker,name=$(DOCKER_REGISTRY)/$(BINARY_NAME):latest,push=false,oci-mediatypes=true,compression=zstd,compression-level=12,force-compression=true . + @docker buildx build --build-arg USE_MIRROR=$(USE_MIRROR) --build-arg WITH_TRIVY_DB=$(WITH_TRIVY_DB) -f build/local.Dockerfile --platform $(DOCKER_PLATFORMS) --progress plain --output type=docker,name=$(DOCKER_REGISTRY)/$(BINARY_NAME):latest,push=false,oci-mediatypes=true,force-compression=true . ## Misc: migration-create: ## Create a new migration file diff --git a/build/all.alpine.Dockerfile b/build/all.alpine.Dockerfile index e8988db2..dcbd8aea 100644 --- a/build/all.alpine.Dockerfile +++ b/build/all.alpine.Dockerfile @@ -25,7 +25,7 @@ ARG USE_MIRROR=false RUN set -eux && \ if [ "$USE_MIRROR" = true ]; then sed -i "s/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g" /etc/apk/repositories; fi && \ apk add --no-cache wget && \ - wget -q -O syft_"${SYFT_VERSION}"_"${TARGETOS}"_"${TARGETARCH}".tar.gz https://github.com/anchore/syft/releases/download/v"${SYFT_VERSION}"/syft_"${SYFT_VERSION}"_"${TARGETOS}"_"${TARGETARCH}".tar.gz && \ + wget --progress=dot:giga -O syft_"${SYFT_VERSION}"_"${TARGETOS}"_"${TARGETARCH}".tar.gz https://github.com/anchore/syft/releases/download/v"${SYFT_VERSION}"/syft_"${SYFT_VERSION}"_"${TARGETOS}"_"${TARGETARCH}".tar.gz && \ tar -xzf syft_"${SYFT_VERSION}"_"${TARGETOS}"_"${TARGETARCH}".tar.gz && \ mv syft /usr/local/bin/syft && \ rm syft_"${SYFT_VERSION}"_"${TARGETOS}"_"${TARGETARCH}".tar.gz @@ -34,7 +34,7 @@ FROM alpine:${ALPINE_VERSION} AS trivy ARG USE_MIRROR=false ARG WITH_TRIVY_DB=false -ARG TRIVY_VERSION=0.55.1 +ARG TRIVY_VERSION=0.55.2 ARG TARGETOS TARGETARCH SHELL ["/bin/ash", "-eo", "pipefail", "-c"] @@ -47,7 +47,7 @@ RUN set -eux && \ arm64) export TRIVYARCH='ARM64' ;; \ esac; \ export TRIVYOS=$(echo "${TARGETOS}" | awk '{print toupper(substr($0, 1, 1)) substr($0, 2)}') && \ - wget -q -O trivy_"${TRIVY_VERSION}"_"${TRIVYOS}"-"${TRIVYARCH}".tar.gz https://github.com/aquasecurity/trivy/releases/download/v"${TRIVY_VERSION}"/trivy_"${TRIVY_VERSION}"_"${TRIVYOS}"-"${TRIVYARCH}".tar.gz && \ + wget --progress=dot:giga -O trivy_"${TRIVY_VERSION}"_"${TRIVYOS}"-"${TRIVYARCH}".tar.gz https://github.com/aquasecurity/trivy/releases/download/v"${TRIVY_VERSION}"/trivy_"${TRIVY_VERSION}"_"${TRIVYOS}"-"${TRIVYARCH}".tar.gz && \ tar -xzf trivy_"${TRIVY_VERSION}"_"${TRIVYOS}"-"${TRIVYARCH}".tar.gz && \ mv trivy /usr/local/bin/trivy && \ rm trivy_"${TRIVY_VERSION}"_"${TRIVYOS}"-"${TRIVYARCH}".tar.gz && \ diff --git a/build/all.debian.Dockerfile b/build/all.debian.Dockerfile index 8f4ce200..539668f0 100644 --- a/build/all.debian.Dockerfile +++ b/build/all.debian.Dockerfile @@ -26,7 +26,7 @@ ARG TARGETOS TARGETARCH RUN set -eux && \ if [ "$USE_MIRROR" = true ]; then sed -i "s/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g" /etc/apk/repositories; fi && \ apk add --no-cache wget && \ - wget -q -O syft_"${SYFT_VERSION}"_"${TARGETOS}"_"${TARGETARCH}".tar.gz https://github.com/anchore/syft/releases/download/v"${SYFT_VERSION}"/syft_"${SYFT_VERSION}"_"${TARGETOS}"_"${TARGETARCH}".tar.gz && \ + wget --progress=dot:giga -O syft_"${SYFT_VERSION}"_"${TARGETOS}"_"${TARGETARCH}".tar.gz https://github.com/anchore/syft/releases/download/v"${SYFT_VERSION}"/syft_"${SYFT_VERSION}"_"${TARGETOS}"_"${TARGETARCH}".tar.gz && \ tar -xzf syft_"${SYFT_VERSION}"_"${TARGETOS}"_"${TARGETARCH}".tar.gz && \ mv syft /usr/local/bin/syft && \ rm syft_"${SYFT_VERSION}"_"${TARGETOS}"_"${TARGETARCH}".tar.gz @@ -35,7 +35,7 @@ FROM alpine:${ALPINE_VERSION} AS trivy ARG USE_MIRROR=false ARG WITH_TRIVY_DB=false -ARG TRIVY_VERSION=0.55.1 +ARG TRIVY_VERSION=0.55.2 ARG TARGETOS TARGETARCH RUN set -eux && \ @@ -46,7 +46,7 @@ RUN set -eux && \ arm64) export TRIVYARCH='ARM64' ;; \ esac; \ export TRIVYOS=$(echo "${TARGETOS}" | awk '{print toupper(substr($0, 1, 1)) substr($0, 2)}') && \ - wget -q -O trivy_"${TRIVY_VERSION}"_"${TRIVYOS}"-"${TRIVYARCH}".tar.gz https://github.com/aquasecurity/trivy/releases/download/v"${TRIVY_VERSION}"/trivy_"${TRIVY_VERSION}"_"${TRIVYOS}"-"${TRIVYARCH}".tar.gz && \ + wget --progress=dot:giga -O trivy_"${TRIVY_VERSION}"_"${TRIVYOS}"-"${TRIVYARCH}".tar.gz https://github.com/aquasecurity/trivy/releases/download/v"${TRIVY_VERSION}"/trivy_"${TRIVY_VERSION}"_"${TRIVYOS}"-"${TRIVYARCH}".tar.gz && \ tar -xzf trivy_"${TRIVY_VERSION}"_"${TRIVYOS}"-"${TRIVYARCH}".tar.gz && \ mv trivy /usr/local/bin/trivy && \ rm trivy_"${TRIVY_VERSION}"_"${TRIVYOS}"-"${TRIVYARCH}".tar.gz && \ diff --git a/build/builder.Dockerfile b/build/builder.Dockerfile index 04fba95a..0789c23c 100644 --- a/build/builder.Dockerfile +++ b/build/builder.Dockerfile @@ -11,7 +11,7 @@ ARG TARGETOS TARGETARCH RUN set -eux && \ if [ "$USE_MIRROR" = true ]; then sed -i "s/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g" /etc/apk/repositories; fi && \ apk add --no-cache wget && \ - wget -O /tmp/cosign https://github.com/sigstore/cosign/releases/download/"${COSIGN_VERSION}"/cosign-"${TARGETOS}"-"${TARGETARCH}" && \ + wget --progress=dot:giga -O /tmp/cosign https://github.com/sigstore/cosign/releases/download/"${COSIGN_VERSION}"/cosign-"${TARGETOS}"-"${TARGETARCH}" && \ chmod +x /tmp/cosign FROM --platform=$BUILDPLATFORM golang:${GOLANG_VERSION} AS builder diff --git a/build/local.Dockerfile b/build/local.Dockerfile index e6960872..bbb5e86d 100644 --- a/build/local.Dockerfile +++ b/build/local.Dockerfile @@ -1,43 +1,44 @@ ARG ALPINE_VERSION=3.19 ARG GOLANG_VERSION=1.23.1-alpine3.19 -FROM --platform=$BUILDPLATFORM golang:${GOLANG_VERSION} AS skopeo +FROM --platform=$BUILDPLATFORM golang:${GOLANG_VERSION} AS fetcher ARG USE_MIRROR=false ARG SKOPEO_VERSION=1.16.0 +ARG TRIVY_VERSION=0.55.2 +ARG SYFT_VERSION=1.8.0 ARG TARGETOS TARGETARCH RUN set -eux && \ if [ "$USE_MIRROR" = true ]; then sed -i "s/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g" /etc/apk/repositories; fi && \ - apk add --no-cache make git && \ + apk add --no-cache make git wget curl file && \ git clone --branch v"${SKOPEO_VERSION}" https://github.com/containers/skopeo /go/src/github.com/containers/skopeo && \ cd /go/src/github.com/containers/skopeo && \ DISABLE_CGO=1 make bin/skopeo."${TARGETOS}"."${TARGETARCH}" && \ - cp bin/skopeo."${TARGETOS}"."${TARGETARCH}" /tmp/skopeo - -FROM alpine:${ALPINE_VERSION} - -ARG USE_MIRROR=false -ARG TRIVY_VERSION=0.55.1 -ARG SYFT_VERSION=1.8.0 -ARG TARGETOS TARGETARCH - -RUN set -eux && \ - if [ "$USE_MIRROR" = true ]; then sed -i "s/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g" /etc/apk/repositories; fi && \ - apk add --no-cache wget curl file && \ + cp bin/skopeo."${TARGETOS}"."${TARGETARCH}" /tmp/skopeo && \ case "${TARGETARCH}" in \ amd64) export TRIVYARCH='64bit' ;; \ arm64) export TRIVYARCH='ARM64' ;; \ esac; \ export TRIVYOS=$(echo "${TARGETOS}" | awk '{print toupper(substr($0, 1, 1)) substr($0, 2)}') && \ - wget -q -O trivy_"${TRIVY_VERSION}"_"${TRIVYOS}"-"${TRIVYARCH}".tar.gz https://github.com/aquasecurity/trivy/releases/download/v"${TRIVY_VERSION}"/trivy_"${TRIVY_VERSION}"_"${TRIVYOS}"-"${TRIVYARCH}".tar.gz && \ + wget --progress=dot:giga -O trivy_"${TRIVY_VERSION}"_"${TRIVYOS}"-"${TRIVYARCH}".tar.gz https://github.com/aquasecurity/trivy/releases/download/v"${TRIVY_VERSION}"/trivy_"${TRIVY_VERSION}"_"${TRIVYOS}"-"${TRIVYARCH}".tar.gz && \ tar -xzf trivy_"${TRIVY_VERSION}"_"${TRIVYOS}"-"${TRIVYARCH}".tar.gz && \ mv trivy /usr/local/bin/trivy && \ rm trivy_"${TRIVY_VERSION}"_"${TRIVYOS}"-"${TRIVYARCH}".tar.gz && \ - wget -q -O syft_"${SYFT_VERSION}"_"${TARGETOS}"_"${TARGETARCH}".tar.gz https://github.com/anchore/syft/releases/download/v"${SYFT_VERSION}"/syft_"${SYFT_VERSION}"_"${TARGETOS}"_"${TARGETARCH}".tar.gz && \ + wget --progress=dot:giga -O syft_"${SYFT_VERSION}"_"${TARGETOS}"_"${TARGETARCH}".tar.gz https://github.com/anchore/syft/releases/download/v"${SYFT_VERSION}"/syft_"${SYFT_VERSION}"_"${TARGETOS}"_"${TARGETARCH}".tar.gz && \ tar -xzf syft_"${SYFT_VERSION}"_"${TARGETOS}"_"${TARGETARCH}".tar.gz && \ mv syft /usr/local/bin/syft && \ - rm syft_"${SYFT_VERSION}"_"${TARGETOS}"_"${TARGETARCH}".tar.gz + rm syft_"${SYFT_VERSION}"_"${TARGETOS}"_"${TARGETARCH}".tar.gz && \ + mkdir -p /opt/trivy/ && \ + trivy --cache-dir /opt/trivy/ image --download-db-only --no-progress + +FROM alpine:${ALPINE_VERSION} + +ARG USE_MIRROR=false + +RUN set -eux && \ + if [ "$USE_MIRROR" = true ]; then sed -i "s/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g" /etc/apk/repositories; fi && \ + apk add --no-cache curl RUN adduser --disabled-password -h /home/sigma -s /bin/sh -u 1001 sigma @@ -45,7 +46,10 @@ USER sigma WORKDIR /home/sigma -COPY --from=skopeo /tmp/skopeo /usr/local/bin/skopeo +COPY --from=fetcher /tmp/skopeo /usr/local/bin/skopeo +COPY --from=fetcher /usr/local/bin/syft /usr/local/bin/syft +COPY --from=fetcher /usr/local/bin/trivy /usr/local/bin/trivy +COPY --from=fetcher /opt/trivy/ /opt/trivy/ COPY ./bin/*.tar /baseimages/ COPY ./conf/config.yaml /etc/sigma/config.yaml COPY ./bin/sigma /usr/local/bin/sigma diff --git a/build/trivy.Dockerfile b/build/trivy.Dockerfile index 7360e31c..534ec200 100644 --- a/build/trivy.Dockerfile +++ b/build/trivy.Dockerfile @@ -4,7 +4,7 @@ FROM alpine:${ALPINE_VERSION} AS trivy ARG USE_MIRROR=false ARG WITH_TRIVY_DB=false -ARG TRIVY_VERSION=0.55.1 +ARG TRIVY_VERSION=0.55.2 ARG TARGETOS TARGETARCH RUN set -eux && \ @@ -15,7 +15,7 @@ RUN set -eux && \ arm64) export TRIVYARCH='ARM64' ;; \ esac; \ export TRIVYOS=$(echo "${TARGETOS}" | awk '{print toupper(substr($0, 1, 1)) substr($0, 2)}') && \ - wget -q -O trivy_"${TRIVY_VERSION}"_"${TRIVYOS}"-"${TRIVYARCH}".tar.gz https://github.com/aquasecurity/trivy/releases/download/v"${TRIVY_VERSION}"/trivy_"${TRIVY_VERSION}"_"${TRIVYOS}"-"${TRIVYARCH}".tar.gz && \ + wget --progress=dot:giga -O trivy_"${TRIVY_VERSION}"_"${TRIVYOS}"-"${TRIVYARCH}".tar.gz https://github.com/aquasecurity/trivy/releases/download/v"${TRIVY_VERSION}"/trivy_"${TRIVY_VERSION}"_"${TRIVYOS}"-"${TRIVYARCH}".tar.gz && \ tar -xzf trivy_"${TRIVY_VERSION}"_"${TRIVYOS}"-"${TRIVYARCH}".tar.gz && \ mv trivy /usr/local/bin/trivy && \ rm trivy_"${TRIVY_VERSION}"_"${TRIVYOS}"-"${TRIVYARCH}".tar.gz && \ @@ -25,5 +25,4 @@ RUN set -eux && \ FROM scratch -COPY --from=trivy /usr/local/bin/trivy /usr/local/bin/trivy -COPY --from=trivy /opt/trivy/ /opt/trivy/ +COPY --from=trivy /opt/trivy/ / diff --git a/build/web.Dockerfile b/build/web.Dockerfile index fa682bbb..b4a2083f 100644 --- a/build/web.Dockerfile +++ b/build/web.Dockerfile @@ -6,13 +6,13 @@ FROM --platform=$BUILDPLATFORM node:${NODE_VERSION} AS web-builder ARG USE_MIRROR=false RUN set -eux && \ - if [ "$USE_MIRROR" = true ]; then sed -i "s/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g" /etc/apk/repositories; fi && \ - apk add --no-cache make bash ncurses build-base - -COPY ./web /web + if [ "$USE_MIRROR" = true ]; then sed -i "s/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g" /etc/apk/repositories; fi && \ + apk add --no-cache make bash ncurses build-base WORKDIR /web +COPY ./web . + RUN --mount=type=cache,target=/web/node_modules set -eux && corepack enable && yarn install --immutable && yarn build FROM nginx:1.27.1-alpine diff --git a/deploy/sigma/templates/configmap.yaml b/deploy/sigma/templates/configmap.yaml index b1b4db5c..7a406e4c 100644 --- a/deploy/sigma/templates/configmap.yaml +++ b/deploy/sigma/templates/configmap.yaml @@ -1,8 +1,8 @@ apiVersion: v1 kind: ConfigMap metadata: - name: "{{ printf "%s-config" .Chart.Name }}" - namespace: "{{ .Release.Namespace }}" + name: {{ printf "%s-config" ( include "sigma.fullname" . ) | quote }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "sigma.labels" . | nindent 4 }} data: @@ -38,12 +38,13 @@ data: type: external url: redis://:{{ .Values.redis.auth.password }}@{{ .Release.Name }}-redis-master:{{ .Values.redis.master.service.ports.redis }}/0 http: + internalEndpoint: {{ include "sigma.distribution" . }}:{{ .Values.service.distribution.port }} server: 0.0.0.0:{{.Values.service.server.port}} worker: 0.0.0.0:{{.Values.service.worker.port}} daemon: builder: enabled: {{ .Values.config.daemon.builder.enabled }} - image: "{{ .Values.image.registry }}/{{ .Values.config.daemon.builder.image.repository }}:{{ .Values.config.daemon.builder.image.tag | default .Chart.AppVersion }}" + image: "{{ .Values.image.registry }}/{{ .Values.config.daemon.builder.image.repository }}:{{ .Values.config.daemon.builder.image.tag }}" type: {{ .Values.config.daemon.builder.type | quote }} kubernetes: kubeconfig: "" @@ -77,7 +78,7 @@ data: forcePathStyle: {{ .Values.external.minio.pathStyle | default false }} {{- end }} proxy: - enabled: true + enabled: false endpoint: https://registry-1.docker.io tlsVerify: true username: "" @@ -85,14 +86,11 @@ data: workqueue: type: redis auth: - user: - password: "" - internalUser: - username: internal-sigma - password: internal-sigma + anonymous: + enabled: true admin: - username: sigma - password: {{ randAlphaNum 8 | b64enc | trunc 8 }} + username: "sigma" + password: "Admin@123" token: realm: "" service: "" diff --git a/deploy/sigma/templates/distribution/hpa.yaml b/deploy/sigma/templates/distribution/hpa.yaml index ee0c1dbb..84a2ddd7 100644 --- a/deploy/sigma/templates/distribution/hpa.yaml +++ b/deploy/sigma/templates/distribution/hpa.yaml @@ -2,15 +2,15 @@ apiVersion: autoscaling/v2beta1 kind: HorizontalPodAutoscaler metadata: - name: {{ include "sigma.distribution" . }} - namespace: "{{ .Release.Namespace }}" + name: {{ include "sigma.distribution" . | quote }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "sigma.distribution.labels" . | nindent 4 }} spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment - name: {{ include "sigma.distribution" . }} + name: {{ include "sigma.distribution" . | quote }} minReplicas: {{ .Values.autoscaling.minReplicas }} maxReplicas: {{ .Values.autoscaling.maxReplicas }} metrics: diff --git a/deploy/sigma/templates/distribution/service.yaml b/deploy/sigma/templates/distribution/service.yaml index 822e16f0..5b016f5b 100644 --- a/deploy/sigma/templates/distribution/service.yaml +++ b/deploy/sigma/templates/distribution/service.yaml @@ -1,12 +1,12 @@ apiVersion: v1 kind: Service metadata: - name: {{ include "sigma.distribution" . }} - namespace: "{{ .Release.Namespace }}" + name: {{ include "sigma.distribution" . | quote }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "sigma.distribution.labels" . | nindent 4 }} spec: - type: {{ .Values.service.type }} + type: {{ .Values.service.type | quote }} ports: - port: {{ .Values.service.distribution.port }} targetPort: http diff --git a/deploy/sigma/templates/ingress.yaml b/deploy/sigma/templates/ingress.yaml index c36b7998..4d6365fe 100644 --- a/deploy/sigma/templates/ingress.yaml +++ b/deploy/sigma/templates/ingress.yaml @@ -2,8 +2,8 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: {{ include "sigma.fullname" . }} - namespace: "{{ .Release.Namespace }}" + name: {{ include "sigma.fullname" . | quote }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "sigma.labels" . | nindent 4 }} {{- with .Values.ingress.annotations }} @@ -12,7 +12,7 @@ metadata: {{- end }} spec: {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .Values.ingress.className }} + ingressClassName: {{ .Values.ingress.className | quote }} {{- end }} {{- if .Values.ingress.tls }} tls: @@ -21,7 +21,7 @@ spec: {{- range .hosts }} - {{ . | quote }} {{- end }} - secretName: {{ .secretName }} + secretName: {{ .secretName | quote }} {{- end }} {{- end }} rules: @@ -30,16 +30,16 @@ spec: http: paths: {{- range .paths }} - - path: {{ .path }} - pathType: {{ .pathType }} + - path: {{ .path | quote }} + pathType: {{ .pathType | quote }} backend: service: {{- if (eq .name "server") }} - name: {{ include "sigma.server" $ }} + name: {{ include "sigma.server" $ | quote }} {{- else if (eq .name "web") }} - name: {{ include "sigma.web" $ }} + name: {{ include "sigma.web" $ | quote }} {{- else }} - name: {{ include "sigma.distribution" $ }} + name: {{ include "sigma.distribution" $ | quote }} {{- end }} port: number: {{ .port }} diff --git a/deploy/sigma/templates/server/hpa.yaml b/deploy/sigma/templates/server/hpa.yaml index be4fd6c2..b75a280b 100644 --- a/deploy/sigma/templates/server/hpa.yaml +++ b/deploy/sigma/templates/server/hpa.yaml @@ -2,15 +2,15 @@ apiVersion: autoscaling/v2beta1 kind: HorizontalPodAutoscaler metadata: - name: {{ include "sigma.server" . }} - namespace: "{{ .Release.Namespace }}" + name: {{ include "sigma.server" . | quote }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "sigma.server.labels" . | nindent 4 }} spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment - name: {{ include "sigma.server" . }} + name: {{ include "sigma.server" . | quote }} minReplicas: {{ .Values.autoscaling.minReplicas }} maxReplicas: {{ .Values.autoscaling.maxReplicas }} metrics: diff --git a/deploy/sigma/templates/server/service.yaml b/deploy/sigma/templates/server/service.yaml index 28a8d403..6499e860 100644 --- a/deploy/sigma/templates/server/service.yaml +++ b/deploy/sigma/templates/server/service.yaml @@ -1,12 +1,12 @@ apiVersion: v1 kind: Service metadata: - name: {{ include "sigma.server" . }} - namespace: "{{ .Release.Namespace }}" + name: {{ include "sigma.server" . | quote }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "sigma.server.labels" . | nindent 4 }} spec: - type: {{ .Values.service.type }} + type: {{ .Values.service.type | quote }} ports: - port: {{ .Values.service.server.port }} targetPort: http diff --git a/deploy/sigma/templates/web/hpa.yaml b/deploy/sigma/templates/web/hpa.yaml index 6b9755f4..04cfb318 100644 --- a/deploy/sigma/templates/web/hpa.yaml +++ b/deploy/sigma/templates/web/hpa.yaml @@ -2,15 +2,15 @@ apiVersion: autoscaling/v2beta1 kind: HorizontalPodAutoscaler metadata: - name: {{ include "sigma.web" . }} - namespace: "{{ .Release.Namespace }}" + name: {{ include "sigma.web" . | quote }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "sigma.web.labels" . | nindent 4 }} spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment - name: {{ include "sigma.web" . }} + name: {{ include "sigma.web" . | quote }} minReplicas: {{ .Values.autoscaling.minReplicas }} maxReplicas: {{ .Values.autoscaling.maxReplicas }} metrics: diff --git a/deploy/sigma/templates/web/service.yaml b/deploy/sigma/templates/web/service.yaml index 00dab3e8..856df314 100644 --- a/deploy/sigma/templates/web/service.yaml +++ b/deploy/sigma/templates/web/service.yaml @@ -1,12 +1,12 @@ apiVersion: v1 kind: Service metadata: - name: {{ include "sigma.web" . }} - namespace: "{{ .Release.Namespace }}" + name: {{ include "sigma.web" . | quote }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "sigma.web.labels" . | nindent 4 }} spec: - type: {{ .Values.service.type }} + type: {{ .Values.service.type | quote }} ports: - port: {{ .Values.service.web.port }} targetPort: http diff --git a/deploy/sigma/templates/worker/hpa.yaml b/deploy/sigma/templates/worker/hpa.yaml index ef11195d..4ddb888b 100644 --- a/deploy/sigma/templates/worker/hpa.yaml +++ b/deploy/sigma/templates/worker/hpa.yaml @@ -2,15 +2,15 @@ apiVersion: autoscaling/v2beta1 kind: HorizontalPodAutoscaler metadata: - name: {{ include "sigma.worker" . }} - namespace: "{{ .Release.Namespace }}" + name: {{ include "sigma.worker" . | quote }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "sigma.worker.labels" . | nindent 4 }} spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment - name: {{ include "sigma.worker" . }} + name: {{ include "sigma.worker" . | quote }} minReplicas: {{ .Values.autoscaling.minReplicas }} maxReplicas: {{ .Values.autoscaling.maxReplicas }} metrics: diff --git a/deploy/sigma/templates/worker/service.yaml b/deploy/sigma/templates/worker/service.yaml index 87e7a9a1..5fcabbb3 100644 --- a/deploy/sigma/templates/worker/service.yaml +++ b/deploy/sigma/templates/worker/service.yaml @@ -1,12 +1,12 @@ apiVersion: v1 kind: Service metadata: - name: {{ include "sigma.worker" . }} - namespace: "{{ .Release.Namespace }}" + name: {{ include "sigma.worker" . | quote }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "sigma.worker.labels" . | nindent 4 }} spec: - type: {{ .Values.service.type }} + type: {{ .Values.service.type | quote }} ports: - port: {{ .Values.service.worker.port }} targetPort: http diff --git a/pkg/cmds/distribution/distribution.go b/pkg/cmds/distribution/distribution.go index 7bd1757c..48b4c55c 100644 --- a/pkg/cmds/distribution/distribution.go +++ b/pkg/cmds/distribution/distribution.go @@ -31,8 +31,8 @@ import ( "github.com/go-sigma/sigma/pkg/consts" "github.com/go-sigma/sigma/pkg/graceful" "github.com/go-sigma/sigma/pkg/handlers" - "github.com/go-sigma/sigma/pkg/inits" "github.com/go-sigma/sigma/pkg/middlewares" + "github.com/go-sigma/sigma/pkg/modules/workq" "github.com/go-sigma/sigma/pkg/storage" "github.com/go-sigma/sigma/pkg/types/enums" "github.com/go-sigma/sigma/pkg/utils/ptr" @@ -80,8 +80,13 @@ func Serve() error { pprof.Register(e, consts.PprofPath) } + err := workq.Initialize(config) + if err != nil { + return err + } + handlers.InitializeDistribution(e) - err := storage.Initialize(config) + err = storage.Initialize(config) if err != nil { return err } @@ -111,12 +116,6 @@ func Serve() error { } }() - <-time.After(time.Second * 3) - err = inits.AfterInitialize(config) - if err != nil { - log.Error().Err(err).Msg("init something after server initialized") - } - // Wait for interrupt signal to gracefully shutdown the server with a timeout of 10 seconds. // Use a buffered channel to avoid missing signals as recommended for signal.Notify quit := make(chan os.Signal, 1) diff --git a/pkg/consts/consts.go b/pkg/consts/consts.go index 1a70b3f3..e0eab3b3 100644 --- a/pkg/consts/consts.go +++ b/pkg/consts/consts.go @@ -70,6 +70,8 @@ const ( ObsPresignMaxTtl = time.Minute * 30 // PprofPath ... PprofPath = "/__debug/pprof" + // BuilderImagePath ... + BuilderImagePath = "/baseimages/" ) const ( diff --git a/pkg/handlers/namespaces/namespaces_update_test.go b/pkg/handlers/namespaces/namespaces_update_test.go index a2936615..bc25ed0a 100644 --- a/pkg/handlers/namespaces/namespaces_update_test.go +++ b/pkg/handlers/namespaces/namespaces_update_test.go @@ -95,7 +95,6 @@ func TestPutNamespace(t *testing.T) { c.SetParamValues(strconv.FormatInt(resultID, 10)) err = namespaceHandler.PutNamespace(c) assert.NoError(t, err) - fmt.Println(rec.Body.String()) assert.Equal(t, http.StatusNoContent, c.Response().Status) req = httptest.NewRequest(http.MethodPut, "/", bytes.NewBufferString(`{"size_limit":101}`)) @@ -107,7 +106,6 @@ func TestPutNamespace(t *testing.T) { c.SetParamValues(strconv.FormatInt(resultID, 10)) err = namespaceHandler.PutNamespace(c) assert.NoError(t, err) - fmt.Println(rec.Body.String()) assert.Equal(t, http.StatusNoContent, c.Response().Status) req = httptest.NewRequest(http.MethodPut, "/", bytes.NewBufferString(`{"visibility":"test"}`))