D3N14L · olopost · Oct 8, 2022 · May 12, 2023
diff --git a/Chart.lock b/Chart.lock
diff --git a/Chart.yaml b/Chart.yaml
@@ -23,12 +23,3 @@ version: 0.1.0
 # It is recommended to use it with quotes.
 appVersion: "1.16.0"
 
-dependencies:
-  - name: postgresql
-    repository: https://charts.bitnami.com/bitnami
-    version: 10.12.3
-    condition: postgrsql.enabled
-  - name: redis
-    repository: https://charts.bitnami.com/bitnami
-    version: 15.4.1
-    condition: redis.enabled
diff --git a/templates/deployment.yaml b/templates/deployment.yaml
@@ -31,7 +31,11 @@ spec:
         - name: {{ .Chart.Name }}-webserver
           env:
             - name: OPENCVE_CONFIG
-              value: "/etc/opencve/opencve.cfg" 
+              value: "/etc/opencve/opencve.cfg"
+            - name: MY_POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
@@ -81,7 +85,7 @@ spec:
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
           volumeMounts:
-            - name: config-volume
+            - name: config-volume-upd
               mountPath: /etc/opencve
       initContainers:
         - name: {{ .Chart.Name }}-upgrade-db
@@ -130,3 +134,6 @@ spec:
         - name: config-volume
           secret:
             secretName: opencve
+        - name: config-volume-upd
+          secret:
+            secretName: opencve-upd
diff --git a/templates/secret.yaml b/templates/secret.yaml
@@ -10,7 +10,7 @@ stringData:
     ; webserver with a different value (ie opencve webserver -b 0.0.0.0:80).
     ;server_name = 0.0.0.0:8000
     ; leaving server_name empty for it to work with k8s 
-    server_name = 
+    server_name = {{ .Values.servername }}
 
     ; Used for securely signing the session cookie, keep it secret !
     secret_key = {{ .Values.secret_key }} 
@@ -66,14 +66,94 @@ stringData:
 
     [mail]
     ; Choices are 'smtp' or 'sendmail'
-    email_adapter = smtp
+    email_adapter = {{ .Values.mail.email_adapter }}
 
     ; The 'From' field of the sent emails
-    email_from = no-reply@opencve.io
+    email_from = {{ .Values.mail.email_from }}
 
     ; Configuration to set up SMTP mails.
-    smtp_server = <your_smtp_server>
-    smtp_port = 465
-    smtp_use_tls = True
-    smtp_username = <your_username>
-    smtp_password = <your_password>
+    smtp_server = {{ .Values.mail.smtp_server }}
+    smtp_port = {{ .Values.mail.smtp_port }}
+    smtp_use_tls = {{ .Values.mail.smtp_use_tls }}
+    smtp_username = {{ .Values.mail.smtp_username }}
+    smtp_password = {{ .Values.mail.smtp_password }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: opencve-upd
+type: Opaque
+stringData:
+  opencve.cfg: |+
+    [core]
+    ; The name and the port of OpenCVE server. Change it if you launch the
+    ; webserver with a different value (ie opencve webserver -b 0.0.0.0:80).
+    ;server_name = 0.0.0.0:8000
+    ; leaving server_name empty for it to work with k8s
+    server_name = opencve-sme
+
+    ; Used for securely signing the session cookie, keep it secret !
+    secret_key = {{ .Values.secret_key }}
+
+    ; OpenCVE only supports PostgreSQL as database.
+    {{ if .Values.postgresql.enabled }}
+    database_uri = postgresql://{{ .Values.postgresql.global.postgresql.postgresqlUsername }}:{{ .Values.postgresql.global.postgresql.postgresqlPassword }}@{{ .Release.Name }}-postgresql.{{ .Release.Namespace }}.svc.cluster.local:5432/{{ .Values.postgresql.global.postgresql.postgresqlDatabase }}
+    {{ else }}
+    database_uri = {{ .Values.opencve.config.database_uri }}
+    {{ end }}
+
+    ; see https://kombu.readthedocs.io/en/latest/userguide/connections.html#connection-urls
+    celery_broker_url = redis://opencve-redis-master.{{ .Release.Namespace }}.svc.cluster.local:6379/0
+    celery_result_backend = redis://opencve-redis-master.{{ .Release.Namespace }}.svc.cluster.local:6379/1
+
+    ; Display the static frontpage. If False the user will be redirect to the
+    ; vulnerabilitites (CVE) page.
+    display_welcome = False
+
+    ; Display the terms of service page.
+    display_terms = False
+
+    ; Number of items to display in tables.
+    cves_per_page = 20
+    vendors_per_page = 20
+    products_per_page = 20
+    cwes_per_page = 20
+    reports_per_page = 20
+    alerts_per_page = 20
+    tags_per_page = 20
+    activities_per_page = 20
+
+    ; Use the werkzeug middleware for reverse proxy
+    ; see https://werkzeug.palletsprojects.com/en/1.0.x/middleware/proxy_fix/
+    use_reverse_proxy = True
+
+    ; Display a reCAPTCHA form in register page.
+    display_recaptcha = False
+    recaptcha_site_key =
+    recaptcha_secret_key =
+
+    [api]
+    ; Enable the API ratelimit
+    ratelimit_enabled = False
+
+    ; Default value accross all API routes
+    ; see https://flask-limiter.readthedocs.io/en/stable/#rate-limit-string-notation
+    ratelimit_value = 3600/hour
+
+    ; Ratelimit storage URI
+    ; see https://limits.readthedocs.io/en/latest/storage.html
+    ratelimit_storage_url = redis://opencve-redis-master.{{ .Release.Namespace }}.svc.cluster.local:6379/2
+
+    [mail]
+    ; Choices are 'smtp' or 'sendmail'
+    email_adapter = {{ .Values.mail.email_adapter }}
+
+    ; The 'From' field of the sent emails
+    email_from = {{ .Values.mail.email_from }}
+
+    ; Configuration to set up SMTP mails.
+    smtp_server = {{ .Values.mail.smtp_server }}
+    smtp_port = {{ .Values.mail.smtp_port }}
+    smtp_use_tls = {{ .Values.mail.smtp_use_tls }}
+    smtp_username = {{ .Values.mail.smtp_username }}
+    smtp_password = {{ .Values.mail.smtp_password }}
diff --git a/templates/service.yaml b/templates/service.yaml
@@ -8,7 +8,7 @@ spec:
   type: {{ .Values.service.type }}
   ports:
     - port: {{ .Values.service.port }}
-      targetPort: http
+      targetPort: 8000
       protocol: TCP
       name: http
   selector:

diff --git a/values.yaml b/values.yaml
@@ -4,14 +4,16 @@
 
 replicaCount: 1
 
+servername:
+
 # Secert Key for signing session tokens
 secret_key: opencveopencveopencveopencveopencve
 
 image:
-  repository: opencve/opencve
+  repository: library/opencve
   pullPolicy: IfNotPresent
   # Overrides the image tag whose default is the chart appVersion.
-  tag: 1.2.3
+  tag: 1.4.0
 
 imagePullSecrets: []
 nameOverride: ""
@@ -44,13 +46,13 @@ service:
   port: 80
 
 ingress:
-  enabled: false
+  enabled: true
   className: ""
   annotations: {}
     # kubernetes.io/ingress.class: nginx
     # kubernetes.io/tls-acme: "true"
   hosts:
-    - host: opencve.local
+    - host: mcs.sme.dpsc
       paths:
         - path: /
           pathType: ImplementationSpecific
@@ -74,7 +76,7 @@ resources: {}
 autoscaling:
   enabled: false
   minReplicas: 1
-  maxReplicas: 100
+  maxReplicas: 1
   targetCPUUtilizationPercentage: 80
   # targetMemoryUtilizationPercentage: 80
 
@@ -89,12 +91,10 @@ opencve:
   config:
     # Use only if you are using an external database. 
     # Will be ignored if postgreql.enabled is true.
-    database_uri:
-
-
+    database_uri: postgresql://opencve:password@kast-default-postgresql.sql-store:5432/opencve
 # see bitnami/redis values
 redis:
-  enabled: true
+  enabled: false
   #global:
   #  redis:
   #    password: redis
@@ -104,11 +104,21 @@ redis:
 
 # see bitnami/postresql values
 postgresql:
-  enabled: true
+  enabled: false
   global:
     postgresql:
       postgresqlDatabase: opencve
-      postgresqlUsername: postgres
-      postgresqlPassword: opencve
+      postgresqlUsername: opencve
+      postgresqlPassword: password
   serviceAccount:
     enabled: true
+
+
+mail:
+  email_adapter: smtp
+  email_from: 
+  smtp_server: 
+  smtp_port: 
+  smtp_use_tls: 
+  smtp_username: 
+  smtp_password: