diff --git a/charts/incubator/modsecurity-crs/.helmignore b/charts/incubator/modsecurity-crs/.helmignore new file mode 100644 index 00000000000..77ca5567b26 --- /dev/null +++ b/charts/incubator/modsecurity-crs/.helmignore @@ -0,0 +1,30 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# OWNERS file for Kubernetes +OWNERS +# helm-docs templates +*.gotmpl +# docs folder +/docs +# icon +icon.png diff --git a/charts/incubator/modsecurity-crs/CHANGELOG.md b/charts/incubator/modsecurity-crs/CHANGELOG.md new file mode 100644 index 00000000000..825c32f0d03 --- /dev/null +++ b/charts/incubator/modsecurity-crs/CHANGELOG.md @@ -0,0 +1 @@ +# Changelog diff --git a/charts/incubator/modsecurity-crs/Chart.yaml b/charts/incubator/modsecurity-crs/Chart.yaml new file mode 100644 index 00000000000..13d626eb0c4 --- /dev/null +++ b/charts/incubator/modsecurity-crs/Chart.yaml @@ -0,0 +1,30 @@ +apiVersion: v2 +appVersion: "3.3.4" +dependencies: + - name: common + repository: https://library-charts.truecharts.org + version: 13.2.1 +deprecated: false +description: ModSecurity is an open source, cross platform Web Application Firewall (WAF) engine. +home: https://truecharts.org/charts/incubator/modsecurity-crs +icon: https://truecharts.org/img/hotlink-ok/chart-icons/modsecurity-crs.png +keywords: + - modsecurity-crs + - waf + - networking +kubeVersion: ">=1.16.0-0" +maintainers: + - email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +name: modsecurity-crs +sources: + - https://github.com/truecharts/charts/tree/master/charts/incubator/modsecurity-crs + - https://github.com/coreruleset/modsecurity-crs-docker +type: application +version: 0.0.1 +annotations: + truecharts.org/catagories: | + - networking + - security + truecharts.org/SCALE-support: "true" diff --git a/charts/incubator/modsecurity-crs/README.md b/charts/incubator/modsecurity-crs/README.md new file mode 100644 index 00000000000..7e59600739c --- /dev/null +++ b/charts/incubator/modsecurity-crs/README.md @@ -0,0 +1 @@ +# README diff --git a/charts/incubator/modsecurity-crs/icon.png b/charts/incubator/modsecurity-crs/icon.png new file mode 100644 index 00000000000..01641046e44 Binary files /dev/null and b/charts/incubator/modsecurity-crs/icon.png differ diff --git a/charts/incubator/modsecurity-crs/questions.yaml b/charts/incubator/modsecurity-crs/questions.yaml new file mode 100644 index 00000000000..e51d7a80037 --- /dev/null +++ b/charts/incubator/modsecurity-crs/questions.yaml @@ -0,0 +1,83 @@ +# Include{groups} +portals: + open: +# Include{portalLink} +questions: +# Include{global} +# Include{workload} +# Include{workloadDeployment} + +# Include{replicas1} +# Include{podSpec} +# Include{containerMain} + + - variable: env + label: Image Environment + schema: + additional_attrs: true + type: dict + attrs: + - variable: BACKEND + label: Backend + description: A string indicating the partial URL for the remote server of the ProxyPass directive. + schema: + type: string + private: true + default: "" +# Include{containerBasic} +# Include{containerAdvanced} + +# Include{containerConfig} +# Include{podOptions} +# Include{serviceRoot} +# Include{serviceMain} +# Include{serviceSelectorLoadBalancer} +# Include{serviceSelectorExtras} + - variable: main + label: "Main Service Port Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Port" + description: "This port exposes the container port on the service" + schema: + type: int + default: 8081 + required: true +# Include{serviceExpertRoot} +# Include{serviceExpert} +# Include{serviceList} +# Include{persistenceList} +# Include{securityContextRoot} + + - variable: runAsUser + label: "runAsUser" + description: "The UserID of the user running the application" + schema: + type: int + default: 0 + - variable: runAsGroup + label: "runAsGroup" + description: "The groupID of the user running the application" + schema: + type: int + default: 0 +# Include{securityContextContainer} +# Include{securityContextAdvanced} +# Include{securityContextPod} + - variable: fsGroup + label: "fsGroup" + description: "The group that should own ALL storage." + schema: + type: int + default: 568 + +# Include{resources} +# Include{advanced} +# Include{addons} +# Include{codeserver} +# Include{netshoot} +# Include{vpn} +# Include{documentation} diff --git a/charts/incubator/modsecurity-crs/templates/NOTES.txt b/charts/incubator/modsecurity-crs/templates/NOTES.txt new file mode 100644 index 00000000000..efcb74cb772 --- /dev/null +++ b/charts/incubator/modsecurity-crs/templates/NOTES.txt @@ -0,0 +1 @@ +{{- include "tc.v1.common.lib.chart.notes" $ -}} diff --git a/charts/incubator/modsecurity-crs/templates/common.yaml b/charts/incubator/modsecurity-crs/templates/common.yaml new file mode 100644 index 00000000000..b51394e00a4 --- /dev/null +++ b/charts/incubator/modsecurity-crs/templates/common.yaml @@ -0,0 +1 @@ +{{ include "tc.v1.common.loader.all" . }} diff --git a/charts/incubator/modsecurity-crs/values.yaml b/charts/incubator/modsecurity-crs/values.yaml new file mode 100644 index 00000000000..ebd460133a7 --- /dev/null +++ b/charts/incubator/modsecurity-crs/values.yaml @@ -0,0 +1,55 @@ +image: + repository: tccr.io/truecharts/modsecurity-crs-apache + pullPolicy: IfNotPresent + tag: v3.3.4@sha256:c1e6aaa4d31250e2d7ed38e72926bf8bdd9f98c16e11744efebd7d4d1d2f7a9a + +securityContext: + container: + runAsNonRoot: false + readOnlyRootFilesystem: false + runAsUser: 0 + runAsGroup: 0 + +service: + main: + ports: + main: + protocol: http + port: 8081 + +workload: + main: + podSpec: + containers: + main: + probes: + liveness: + path: "/healthz" + readiness: + path: "/healthz" + startup: + path: "/healthz" + env: + PORT: "{{ .Values.service.main.ports.main.port }}" + MODSEC_DATA_DIR: "{{ .Values.persistence.data.mountPath }}" + MODSEC_TMP_DIR: "{{ .Values.persistence.temp.mountPath }}" + MODSEC_UPLOAD_DIR: "{{ .Values.persistence.upload.mountPath }}" + BACKEND: "http://localhost:80" + +persistence: + data: + enabled: true + type: emptyDir + mountPath: /modsecurity/data + temp: + enabled: true + type: emptyDir + mountPath: /modsecurity/temp + upload: + enabled: true + type: emptyDir + mountPath: /modsecurity/upload + +portal: + open: + enabled: true