This repository was archived by the owner on Sep 3, 2025. It is now read-only.

Commit de70d2a

authored

feat: add helm support (#5)

1 parent 851582c commit de70d2aCopy full SHA for de70d2a

File tree

7 files changed

+206

-9

lines changed

go.mod
helm
- Chart.yaml
- templates
  - service.yaml
- values.yaml
reporter
- reporter.go
- reporter_test.go
root.go

7 files changed

+206

-9

lines changed

`‎go.mod`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-module github.com/coder/xray`
	`1`	`+module github.com/coder/coder-xray`
`2`	`2`
`3`	`3`	`go 1.21`
`4`	`4`

`‎helm/Chart.yaml`

Lines changed: 28 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,28 @@`
	`1`	`+apiVersion: v2`
	`2`	`+name: coder-xray`
	`3`	`+description: Query XRay results for Coder workspace pods and push them to Coder`
	`4`	`+home: https://github.com/coder/coder-xray`
	`5`	`+`
	`6`	`+# version and appVersion are injected at release and will always be shown as`
	`7`	`+# 0.1.0 in the repository.`
	`8`	`+#`
	`9`	`+# If you're installing the Helm chart directly from git it will have this`
	`10`	`+# version, which means the auto-generated image URI will be invalid. You can set`
	`11`	`+# "image.tag" to the desired tag manually.`
	`12`	`+type: application`
	`13`	`+version: "0.1.0"`
	`14`	`+appVersion: "0.1.0"`
	`15`	`+`
	`16`	`+# This matches the required version from Coder.`
	`17`	`+kubeVersion: ">= 1.19.0-0"`
	`18`	`+`
	`19`	`+keywords:`
	`20`	`+ - coder`
	`21`	`+ - terraform`
	`22`	`+sources:`
	`23`	`+ - https://github.com/coder/coder-xray/tree/main`
	`24`	`+icon: https://helm.coder.com/coder_logo_black.png`
	`25`	`+maintainers:`
	`26`	`+ - name: Coder Technologies, Inc.`
	`27`	`+ email: support@coder.com`
	`28`	`+ url: https://coder.com/contact`

`‎helm/templates/service.yaml`

Lines changed: 98 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,98 @@`
	`1`	`+apiVersion: rbac.authorization.k8s.io/v1`
	`2`	`+kind: Role`
	`3`	`+metadata:`
	`4`	`+ name: coder-xray-kube-role`
	`5`	`+rules:`
	`6`	`+- apiGroups: [""]`
	`7`	`+ resources: ["pods", "events"]`
	`8`	`+ verbs: ["get", "watch", "list"]`
	`9`	`+- apiGroups: ["apps"]`
	`10`	`+ resources: ["replicasets", "events"]`
	`11`	`+ verbs: ["get", "watch", "list"]`
	`12`	`+---`
	`13`	`+apiVersion: v1`
	`14`	`+kind: ServiceAccount`
	`15`	`+metadata:`
	`16`	`+ name: {{ .Values.serviceAccount.name \| quote }}`
	`17`	`+ annotations: {{ toYaml .Values.serviceAccount.annotations \| nindent 4 }}`
	`18`	`+ labels: {{ toYaml .Values.serviceAccount.labels \| nindent 4 }}`
	`19`	`+---`
	`20`	`+apiVersion: rbac.authorization.k8s.io/v1`
	`21`	`+kind: RoleBinding`
	`22`	`+metadata:`
	`23`	`+ name: coder-xray-kube-rolebinding`
	`24`	`+roleRef:`
	`25`	`+ apiGroup: rbac.authorization.k8s.io`
	`26`	`+ kind: Role`
	`27`	`+ name: coder-xray-kube-role`
	`28`	`+subjects:`
	`29`	`+- kind: ServiceAccount`
	`30`	`+ name: {{ .Values.serviceAccount.name \| quote }}`
	`31`	`+---`
	`32`	`+apiVersion: apps/v1`
	`33`	`+kind: Deployment`
	`34`	`+metadata:`
	`35`	`+ name: coder-xray-kube`
	`36`	`+spec:`
	`37`	`+ # This must remain at 1 otherwise duplicate logs can occur!`
	`38`	`+ replicas: 1`
	`39`	`+ selector:`
	`40`	`+ matchLabels:`
	`41`	`+ app.kubernetes.io/instance: {{ .Release.Name }}`
	`42`	`+ template:`
	`43`	`+ metadata:`
	`44`	`+ labels:`
	`45`	`+ app.kubernetes.io/instance: {{ .Release.Name }}`
	`46`	`+ spec:`
	`47`	`+ serviceAccountName: {{ .Values.serviceAccount.name \| quote }}`
	`48`	`+ restartPolicy: Always`
	`49`	`+ {{- with .Values.image.pullSecrets }}`
	`50`	`+ imagePullSecrets:`
	`51`	`+ {{- toYaml . \| nindent 8 }}`
	`52`	`+ {{- end }}`
	`53`	`+ {{- with .Values.nodeSelector }}`
	`54`	`+ nodeSelector:`
	`55`	`+ {{- toYaml . \| nindent 8 }}`
	`56`	`+ {{- end }}`
	`57`	`+ containers:`
	`58`	`+ - name: coder-xray-kube`
	`59`	`+ image: "{{ .Values.image.repo }}:{{ .Values.image.tag \| default .Chart.AppVersion }}"`
	`60`	`+ imagePullPolicy: {{ .Values.image.pullPolicy }}`
	`61`	`+ command:`
	`62`	`+ - /coder-xray scan`
	`63`	`+ env:`
	`64`	`+ - name: CODER_URL`
	`65`	`+ value: {{ .Values.coder.url }}`
	`66`	`+ - name: CODER_NAMESPACE`
	`67`	`+ value: {{ .Values.namespace \| default .Release.Namespace }}`
	`68`	`+ - name: CODER_TOKEN`
	`69`	`+ valueFrom:`
	`70`	`+ secretKeyRef:`
	`71`	`+ name: {{ .Values.coder.secretName }}`
	`72`	`+ key: coder-token`
	`73`	`+ {{- if .Values.image.sslCertFile }}`
	`74`	`+ - name: SSL_CERT_FILE`
	`75`	`+ value: {{ .Values.image.sslCertFile }}`
	`76`	`+ {{- end }}`
	`77`	`+ {{- if .Values.image.sslCertDir }}`
	`78`	`+ - name: SSL_CERT_DIR`
	`79`	`+ value: {{ .Values.image.sslCertDir }}`
	`80`	`+ {{- end }}`
	`81`	`+ - name: CODER_ARTIFACTORY_URL`
	`82`	`+ value: {{ .Values.artifactory.url }}`
	`83`	`+ - name: CODER_ARTIFACTORY_USER`
	`84`	`+ valueFrom:`
	`85`	`+ secretKeyRef:`
	`86`	`+ name: {{ .Values.artifactory.secretName }}`
	`87`	`+ key: user`
	`88`	`+ - name: CODER_ARTIFACTORY_TOKEN`
	`89`	`+ valueFrom:`
	`90`	`+ secretKeyRef:`
	`91`	`+ name: {{ .Values.artifactory.secretName }}`
	`92`	`+ key: token`
	`93`	`+ {{- if .Values.volumeMounts }}`
	`94`	`+ volumeMounts: {{- toYaml .Values.volumeMounts \| nindent 12 }}`
	`95`	`+ {{- end }}`
	`96`	`+ {{- if .Values.volumes }}`
	`97`	`+ volumes: {{- toYaml .Values.volumes \| nindent 8 }}`
	`98`	`+ {{- end }}`

`‎helm/values.yaml`

Lines changed: 71 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,71 @@`
	`1`	`+# artifactory -- Arguments related to the JFrog Artifactory instance`
	`2`	`+coder:`
	`3`	`+ # url -- The URL of your Coder deployment. Must prefix with http or https`
	`4`	`+ url: ""`
	`5`	`+ # secretName -- The secret to use to reference the Coder API token used`
	`6`	`+ # when pushing scan results to a deployment. Must have template admin privileges.`
	`7`	`+ # The key should be 'coder-token'.`
	`8`	`+ #`
	`9`	+ # Create the secret by running `kubectl create secret generic coder-xray --from-literal=coder-token='<token>'`
	`10`	`+ secretName: ""`
	`11`	`+`
	`12`	`+# namespace -- The namespace to searching for Pods within.`
	`13`	`+# If unspecified, this defaults to the Helm namespace.`
	`14`	`+namespace: ""`
	`15`	`+`
	`16`	`+# artifactory -- Arguments related to the JFrog Artifactory instance`
	`17`	`+# to interface with.`
	`18`	`+artifactory:`
	`19`	`+ # url -- The base url of the Artifactory instance. Must prefix with http or https.`
	`20`	`+ url: ""`
	`21`	`+ # secretName -- The secret to use to reference the user and token for querying`
	`22`	`+ # the Artifactory API. The key for the user should be 'user' and`
	`23`	`+ # the key for the token should be 'token'. The secret should be`
	`24`	`+ # managed separately.`
	`25`	`+ #`
	`26`	+ # Create the secret by running `kubectl create secret generic artifactory --from-literal=user='<user>' --from-literal=token='<token>'`
	`27`	`+ secretName: ""`
	`28`	`+`
	`29`	`+# volumes -- A list of extra volumes to add to the coder-xray pod.`
	`30`	`+volumes:`
	`31`	`+ # emptyDir: {}`
	`32`	`+ # - name: "my-volume"`
	`33`	`+`
	`34`	`+# volumeMounts -- A list of extra volume mounts to add to the coder-xray pod.`
	`35`	`+volumeMounts:`
	`36`	`+ # - name: "my-volume"`
	`37`	`+ # mountPath: "/mnt/my-volume"`
	`38`	`+`
	`39`	`+# image -- The image to use.`
	`40`	`+image:`
	`41`	`+ # image.repo -- The repository of the image.`
	`42`	`+ repo: "ghcr.io/coder/coder-xray"`
	`43`	`+ # image.tag -- The tag of the image, defaults to {{.Chart.AppVersion}}`
	`44`	`+ # if not set. If you're using the chart directly from git, the default`
	`45`	`+ # app version will not work and you'll need to set this value. The helm`
	`46`	`+ # chart helpfully fails quickly in this case.`
	`47`	`+ tag: ""`
	`48`	`+ # image.pullPolicy -- The pull policy to use for the image. See:`
	`49`	`+ # https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy`
	`50`	`+ pullPolicy: IfNotPresent`
	`51`	`+ # image.pullSecrets -- The secrets used for pulling the Coder image from`
	`52`	`+ # a private registry.`
	`53`	`+ pullSecrets: []`
	`54`	`+ # - name: "pull-secret"`
	`55`	`+ # image.sslCertFile -- Location of the SSL certificate file. Sets the $SSL_CERT_FILE`
	`56`	`+ # variable inside of the container.`
	`57`	`+ sslCertFile: ""`
	`58`	`+ # image.sslCertDir -- Directory to check for SSL certificate files. Sets the $SSL_CERT_DIR`
	`59`	`+ # variable inside of the container.`
	`60`	`+ sslCertDir: ""`
	`61`	`+`
	`62`	`+serviceAccount:`
	`63`	`+ # serviceAccount.annotations -- The service account annotations.`
	`64`	`+ annotations: {}`
	`65`	`+ # serviceAccount.labels -- The service account labels.`
	`66`	`+ labels: {}`
	`67`	`+ # coder.serviceAccount.name -- The service account name`
	`68`	`+ name: coder-xray`
	`69`	`+`
	`70`	`+# nodeSelector -- Node labels for constraining the coder-xray pod to specific nodes.`
	`71`	`+nodeSelector: {}`

`‎reporter/reporter.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -8,8 +8,8 @@ import (`
`8`	`8`
`9`	`9`	`"github.com/google/uuid"`
`10`	`10`
	`11`	`+ "github.com/coder/coder-xray/jfrog"`
`11`	`12`	`"github.com/coder/coder/v2/codersdk"`
`12`		`- "github.com/coder/xray/jfrog"`
`13`	`13`
`14`	`14`	`corev1 "k8s.io/api/core/v1"`
`15`	`15`	`v1 "k8s.io/apimachinery/pkg/apis/meta/v1"`

`‎reporter/reporter_test.go`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -14,10 +14,10 @@ import (`
`14`	`14`
`15`	`15`	`"cdr.dev/slog/sloggers/slogtest"`
`16`	`16`
	`17`	`+ "github.com/coder/coder-xray/jfrog"`
	`18`	`+ "github.com/coder/coder-xray/reporter"`
`17`	`19`	`"github.com/coder/coder/v2/codersdk"`
`18`	`20`	`"github.com/coder/coder/v2/codersdk/agentsdk"`
`19`		`- "github.com/coder/xray/jfrog"`
`20`		`- "github.com/coder/xray/reporter"`
`21`	`21`	`)`
`22`	`22`
`23`	`23`	`func TestK8SReporter(t *testing.T) {`

`‎root.go`

Lines changed: 5 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -13,8 +13,8 @@ import (`
`13`	`13`	`"cdr.dev/slog"`
`14`	`14`	`"cdr.dev/slog/sloggers/sloghuman"`
`15`	`15`
`16`		`- "github.com/coder/xray/jfrog"`
`17`		`- "github.com/coder/xray/reporter"`
	`16`	`+ "github.com/coder/coder-xray/jfrog"`
	`17`	`+ "github.com/coder/coder-xray/reporter"`
`18`	`18`	`)`
`19`	`19`
`20`	`20`	`func root() *cobra.Command {`
`@@ -101,9 +101,9 @@ func root() *cobra.Command {`
`101`	`101`	`}`
`102`	`102`	`cmd.Flags().StringVarP(&coderURL, "coder-url", "", os.Getenv("CODER_URL"), "URL of the Coder instance")`
`103`	`103`	`cmd.Flags().StringVarP(&coderToken, "coder-token", "", os.Getenv("CODER_TOKEN"), "Access Token for the Coder instance. Requires Template Admin privileges.")`
`104`		`- cmd.Flags().StringVarP(&artifactoryURL, "artifactory-url", "", os.Getenv("ARTIFACTORY_URL"), "URL of the JFrog Artifactory instance")`
`105`		`- cmd.Flags().StringVarP(&artifactoryToken, "artifactory-token", "", os.Getenv("ARTIFACTORY_TOKEN"), "Access Token for JFrog Artifactory instance")`
`106`		`- cmd.Flags().StringVarP(&artifactoryUser, "artifactory-user", "", os.Getenv("ARTIFACTORY_USER"), "User to interface with JFrog Artifactory instance")`
	`104`	`+ cmd.Flags().StringVarP(&artifactoryURL, "artifactory-url", "", os.Getenv("CODER_ARTIFACTORY_URL"), "URL of the JFrog Artifactory instance")`
	`105`	`+ cmd.Flags().StringVarP(&artifactoryToken, "artifactory-token", "", os.Getenv("CODER_ARTIFACTORY_TOKEN"), "Access Token for JFrog Artifactory instance")`
	`106`	`+ cmd.Flags().StringVarP(&artifactoryUser, "artifactory-user", "", os.Getenv("CODER_ARTIFACTORY_USER"), "User to interface with JFrog Artifactory instance")`
`107`	`107`	`cmd.Flags().StringVarP(&kubeConfig, "kubeconfig", "k", "/home/coder/.kube/config", "Path to the kubeconfig file")`
`108`	`108`	`cmd.Flags().StringVarP(&namespace, "namespace", "n", os.Getenv("CODER_NAMESPACE"), "Namespace to use when listing pods")`
`109`	`109`	`cmd.Flags().StringVarP(&fieldSelector, "field-selector", "f", "", "Field selector to use when listing pods")`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit de70d2a

File tree

7 files changed

7 files changed

`‎go.mod`

`‎helm/Chart.yaml`

`‎helm/templates/service.yaml`

`‎helm/values.yaml`

`‎reporter/reporter.go`

`‎reporter/reporter_test.go`

`‎root.go`

0 commit comments