diff --git a/.github/workflows/__need-fix-to-issue.yml b/.github/workflows/__need-fix-to-issue.yml
index d8be25b0..b6ebea65 100644
--- a/.github/workflows/__need-fix-to-issue.yml
+++ b/.github/workflows/__need-fix-to-issue.yml
@@ -21,6 +21,10 @@ permissions:
contents: read
issues: write
+concurrency:
+ group: ${{ github.workflow }}-${{ github.ref }}
+ cancel-in-progress: true
+
jobs:
main:
uses: hoverkraft-tech/ci-github-common/.github/workflows/need-fix-to-issue.yml@9a3d71ca9f68bc1061db8ea1442084ac31a0f8bf # 0.23.0
diff --git a/.github/workflows/__shared-ci.yml b/.github/workflows/__shared-ci.yml
index 36d26595..a4d82667 100644
--- a/.github/workflows/__shared-ci.yml
+++ b/.github/workflows/__shared-ci.yml
@@ -23,7 +23,6 @@ jobs:
# FIXME: re-enable the following checks
linter-env: |
VALIDATE_KUBERNETES_KUBECONFORM=false
- VALIDATE_CHECKOV=false
VALIDATE_JAVASCRIPT_PRETTIER=false
test-action-docker-build-image:
diff --git a/actions/helm/parse-chart-uri/README.md b/actions/helm/parse-chart-uri/README.md
index 1f6bbcb9..d00f7493 100644
--- a/actions/helm/parse-chart-uri/README.md
+++ b/actions/helm/parse-chart-uri/README.md
@@ -42,9 +42,9 @@ This action does not requires any permissions.
-| **Input** | **Description** | **Default** | **Required** |
-| ---------------- | ------------------ | ----------- | ------------ |
-| uri | Chart URI to parse | | **true** |
+| **Input** | **Description** | **Default** | **Required** |
+| ------------------ | ------------------ | ----------- | ------------ |
+| `uri` | Chart URI to parse | | **true** |
diff --git a/tests/charts/umbrella-application/charts/app/templates/configmap.yaml b/tests/charts/umbrella-application/charts/app/templates/configmap.yaml
index 14321952..15a82d9d 100644
--- a/tests/charts/umbrella-application/charts/app/templates/configmap.yaml
+++ b/tests/charts/umbrella-application/charts/app/templates/configmap.yaml
@@ -1,13 +1,13 @@
---
-kind: ConfigMap
apiVersion: v1
+kind: ConfigMap
metadata:
- name: {{ template "app.fullname" . }}-config
- namespace: {{ .Values.namespace }}
+ name: {{ include "app.fullname" . }}-config
+ namespace: {{ .Values.namespace | default "app-system" }}
labels:
{{- include "app.labels" . | nindent 4 }}
data:
- {{- with .Values.application }}
+ {{- with .Values.app }}
DB_CONNECTION: {{ .dbConnection | quote }}
DB_HOST: {{ .dbHost | quote }}
DB_PORT: {{ .dbPort | quote }}
diff --git a/tests/charts/umbrella-application/charts/app/templates/deployment.yaml b/tests/charts/umbrella-application/charts/app/templates/deployment.yaml
index 64a3a549..725aa754 100644
--- a/tests/charts/umbrella-application/charts/app/templates/deployment.yaml
+++ b/tests/charts/umbrella-application/charts/app/templates/deployment.yaml
@@ -3,7 +3,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "app.fullname" . }}
- namespace: {{ .Values.namespace }}
+ namespace: {{ .Values.namespace | default "app-system" }}
labels:
{{- include "app.labels" . | nindent 4 }}
spec:
@@ -34,7 +34,11 @@ spec:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
+ {{- if .Values.image.digest }}
+ image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}@{{ .Values.image.digest }}"
+ {{- else }}
image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+ {{- end }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
envFrom:
- configMapRef:
diff --git a/tests/charts/umbrella-application/charts/app/templates/hpa.yaml b/tests/charts/umbrella-application/charts/app/templates/hpa.yaml
index 91f40db1..71606923 100644
--- a/tests/charts/umbrella-application/charts/app/templates/hpa.yaml
+++ b/tests/charts/umbrella-application/charts/app/templates/hpa.yaml
@@ -1,9 +1,10 @@
----
{{- if .Values.autoscaling.enabled }}
+---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "app.fullname" . }}
+ namespace: {{ .Values.namespace | default "app-system" }}
labels:
{{- include "app.labels" . | nindent 4 }}
spec:
@@ -18,12 +19,16 @@ spec:
- type: Resource
resource:
name: cpu
- targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
+ target:
+ type: Utilization
+ averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
- targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
+ target:
+ type: Utilization
+ averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}
diff --git a/tests/charts/umbrella-application/charts/app/templates/ingress.yaml b/tests/charts/umbrella-application/charts/app/templates/ingress.yaml
index 2add56a5..38e5492c 100644
--- a/tests/charts/umbrella-application/charts/app/templates/ingress.yaml
+++ b/tests/charts/umbrella-application/charts/app/templates/ingress.yaml
@@ -17,6 +17,7 @@ apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: {{ $fullName }}
+ namespace: {{ .Values.namespace | default "app-system" }}
labels:
{{- include "app.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
diff --git a/tests/charts/umbrella-application/charts/app/templates/networkpolicy.yaml b/tests/charts/umbrella-application/charts/app/templates/networkpolicy.yaml
new file mode 100644
index 00000000..37bb2d0b
--- /dev/null
+++ b/tests/charts/umbrella-application/charts/app/templates/networkpolicy.yaml
@@ -0,0 +1,58 @@
+{{- if .Values.networkPolicy.enabled }}
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: {{ include "app.fullname" . }}
+ namespace: {{ .Values.namespace | default "app-system" }}
+ labels:
+ {{- include "app.labels" . | nindent 4 }}
+spec:
+ podSelector:
+ matchLabels:
+ {{- include "app.selectorLabels" . | nindent 6 }}
+ policyTypes:
+ - Ingress
+ - Egress
+ ingress:
+ {{- if .Values.networkPolicy.ingress }}
+ {{- range .Values.networkPolicy.ingress }}
+ - {{- toYaml . | nindent 6 }}
+ {{- end }}
+ {{- else }}
+ # Default: Allow ingress from any pod in the same namespace on HTTP port
+ - from:
+ - namespaceSelector: {}
+ ports:
+ - protocol: TCP
+ port: 8080
+ {{- end }}
+ egress:
+ {{- if .Values.networkPolicy.egress }}
+ {{- range .Values.networkPolicy.egress }}
+ - {{- toYaml . | nindent 6 }}
+ {{- end }}
+ {{- else }}
+ # Default: Allow egress to DNS and MySQL
+ - to: []
+ ports:
+ - protocol: UDP
+ port: 53
+ - protocol: TCP
+ port: 53
+ - to:
+ - podSelector:
+ matchLabels:
+ app.kubernetes.io/name: mysql
+ ports:
+ - protocol: TCP
+ port: 3306
+ # Allow HTTPS for external API calls
+ - to: []
+ ports:
+ - protocol: TCP
+ port: 443
+ - protocol: TCP
+ port: 80
+ {{- end }}
+{{- end }}
diff --git a/tests/charts/umbrella-application/charts/app/templates/service.yaml b/tests/charts/umbrella-application/charts/app/templates/service.yaml
index b4718b1b..046846d8 100644
--- a/tests/charts/umbrella-application/charts/app/templates/service.yaml
+++ b/tests/charts/umbrella-application/charts/app/templates/service.yaml
@@ -3,8 +3,9 @@ apiVersion: v1
kind: Service
metadata:
name: {{ include "app.fullname" . }}
- namespace: {{ .Values.namespace }}
- labels: {{- include "app.labels" . | nindent 4 }}
+ namespace: {{ .Values.namespace | default "app-system" }}
+ labels:
+ {{- include "app.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
diff --git a/tests/charts/umbrella-application/charts/app/templates/serviceaccount.yaml b/tests/charts/umbrella-application/charts/app/templates/serviceaccount.yaml
index ae8e24f8..e0de7ba2 100644
--- a/tests/charts/umbrella-application/charts/app/templates/serviceaccount.yaml
+++ b/tests/charts/umbrella-application/charts/app/templates/serviceaccount.yaml
@@ -1,9 +1,10 @@
{{- if .Values.serviceAccount.create -}}
+---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "app.serviceAccountName" . }}
- namespace: {{ .Values.namespace }}
+ namespace: {{ .Values.namespace | default "app-system" }}
labels:
{{- include "app.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
diff --git a/tests/charts/umbrella-application/charts/app/values.yaml b/tests/charts/umbrella-application/charts/app/values.yaml
index da2eee0e..3bd017c6 100644
--- a/tests/charts/umbrella-application/charts/app/values.yaml
+++ b/tests/charts/umbrella-application/charts/app/values.yaml
@@ -2,6 +2,9 @@
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
---
+# Namespace for the application (defaults to "app-system" if not specified)
+namespace: "app-system"
+
app:
dbConnection: mysql
dbHost: "mysql"
@@ -88,7 +91,7 @@ autoscaling:
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
- # targetMemoryUtilizationPercentage: 80
+ targetMemoryUtilizationPercentage: 80
nodeSelector: {}
@@ -96,6 +99,14 @@ tolerations: []
affinity: {}
+# Network Policy configuration
+networkPolicy:
+ enabled: true
+ # Custom ingress rules (optional)
+ ingress: []
+ # Custom egress rules (optional)
+ egress: []
+
# chart dependencies
mysql:
fullnameOverride: mysql