Migrate resoto -> fixinventory

.github/workflows/k8s-build.yaml

@@ -26,7 +26,7 @@ jobs:
         run: |
           NO_START_KIND=1 CI_ENABLED=1 IMAGE_TAG=edge bash -x ./scripts/setup-kind.sh
           # make sure we get the example collector in a reasonable time.
-          timeout 10m /bin/bash -c "until echo 'config set resoto.worker resotoworker.collector=[example]; workflows run collect; kind' | kubectl exec -i deploy/resoto-resotocore -- resh --stdin | grep example; do sleep 1; done"
+          timeout 10m /bin/bash -c "until echo 'config set fix.worker fixworker.collector=[example]; workflows run collect; kind' | kubectl exec -i deploy/fixinventory-fixcore -- resh --stdin | grep example; do sleep 1; done"
       - name: Debug info on failure
         if: ${{ failure() }}
         run: |
@@ -35,8 +35,8 @@ jobs:
           echo "Cluster state:"
           kubectl describe all
           echo "Core logs:"
-          kubectl logs deploy/resoto-resotocore
+          kubectl logs deploy/fixinventory-fixcore
           echo "Worker logs:"
-          kubectl logs deploy/resoto-resotoworker
+          kubectl logs deploy/fixinventory-fixworker
           echo "Metrics logs:"
-          kubectl logs deploy/resoto-resotometrics
+          kubectl logs deploy/fixinventory-fixmetrics

.github/workflows/validate-docs.yaml

@@ -15,9 +15,9 @@ jobs:
 
       - uses: supplypike/setup-bin@v1
         with:
-          uri: 'https://github.com/norwoodj/helm-docs/releases/download/v1.11.3/helm-docs_1.11.3_Linux_x86_64.tar.gz'
+          uri: 'https://github.com/norwoodj/helm-docs/releases/download/v1.13.1/helm-docs_1.13.1_Linux_x86_64.tar.gz'
           name: 'helm-docs'
-          version: '1.11.3'
+          version: '1.13.1'
 
       - name: generate & compare documentation
         run: |

README.md

@@ -17,10 +17,10 @@ $ helm repo add someengineering https://helm.some.engineering
 
 ## Charts
 
-### [`resoto`](./someengineering/resoto/README.md)
+### [`fixinventory`](./someengineering/fixinventory/README.md)
 
-- [Chart documentation](./someengineering/resoto/README.md)
-- [Installation instructions](https://resoto.com/docs/getting-started/install-resoto/kubernetes)
+- [Chart documentation](./someengineering/fixinventory/README.md)
+- [Installation instructions](https://inventory.fix.security)
 
 ## Contact
 

_config.yml

@@ -8,7 +8,7 @@ plugins:
   - jekyll-remote-theme
   - jekyll-redirect-from
 header_pages:
-  - someengineering/resoto/README.md
+  - someengineering/fixinventory/README.md
 minima:
   skin: auto
   social_links:

scripts/setup-kind.sh

@@ -14,30 +14,30 @@ fi
 
 if [ -z "${CI_ENABLED}" ]; then
   helm repo add someengineering https://someengineering.github.io/helm-charts
-  helm install resoto someengineering/resoto --set image.tag=$IMAGE_TAG -f - <<EOF
-resotocore:
+  helm install fixinventory someengineering/fixinventory --set image.tag=$IMAGE_TAG -f - <<EOF
+fixcore:
   extraArgs: ["--analytics-opt-out"]
 prometheus:
   enabled: false
 EOF
 else
   DIR="$(dirname "$(realpath "$0")")"
-  helm dependency update "$DIR/../someengineering/resoto"
-  helm upgrade -i resoto "$DIR/../someengineering/resoto" --set image.tag=$IMAGE_TAG -f - <<EOF
-resotocore:
+  helm dependency update "$DIR/../someengineering/fixinventory"
+  helm upgrade -i fixinventory "$DIR/../someengineering/fixinventory" --set image.tag=$IMAGE_TAG -f - <<EOF
+fixcore:
   extraArgs: ["--analytics-opt-out"]
 prometheus:
   enabled: false
 EOF
 fi
 
 # wait for it to be ready
-kubectl rollout status deploy/resoto-resotocore --timeout=600s
-kubectl rollout status deploy/resoto-resotoworker --timeout=300s
-kubectl rollout status deploy/resoto-resotometrics --timeout=300s
+kubectl rollout status deploy/fixinventory-fixcore --timeout=600s
+kubectl rollout status deploy/fixinventory-fixworker --timeout=300s
+kubectl rollout status deploy/fixinventory-fixmetrics --timeout=300s
 
 # see an example query!
 echo 'Setup done. You can now run queries. For example:'
-echo 'kubectl exec -i deploy/resoto-resotocore -- resh --stdin <<EOF'
+echo 'kubectl exec -i deploy/fixinventory-fixcore -- resh --stdin <<EOF'
 echo 'query is(resource) | count reported.kind'
 echo 'EOF'

scripts/validate-docs.sh

@@ -4,7 +4,7 @@ set -o errexit
 set -o nounset
 set -o pipefail
 
-cd someengineering/resoto
+cd someengineering/fixinventory
 
 NEW_FILE="$(helm-docs --dry-run)"
 OLD_FILE="$(cat README.md)"

someengineering/fixinventory/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

someengineering/fixinventory/Chart.yaml

@@ -0,0 +1,38 @@
+apiVersion: v2
+name: fixinventory
+description: |
+  A Helm chart for installing Fix Inventory in Kubernetes.
+type: application
+version: 0.10.5
+appVersion: "4.0.5"
+maintainers: []
+icon: https://cdn.fix.security/assets/fix-logos/fix-logo.svg
+home: https://inventory.fix.security
+dependencies:
+  - name: prometheus
+    version: 18.1.0
+    repository: https://prometheus-community.github.io/helm-charts
+    condition: prometheus.enabled
+  - name: kube-arangodb
+    alias: arangodb
+    repository: https://arangodb.github.io/kube-arangodb
+    condition: arangodb.operator.enabled
+    version: 1.2.26
+  - name: common
+    alias: common
+    repository: https://charts.bitnami.com/bitnami
+    tags:
+      - bitnami-common
+    version: 2.4.0
+sources:
+  - https://github.com/someengineering/fixinventory
+keywords:
+  - fix
+  - fixinventory
+  - cloud
+  - automation
+  - aws
+  - gcp
+  - azure
+  - digitalocean
+  - k8s

someengineering/fixinventory/README.md

@@ -0,0 +1,104 @@
+# fixinventory
+
+![Version: 0.10.5](https://img.shields.io/badge/Version-0.10.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.0.5](https://img.shields.io/badge/AppVersion-4.0.5-informational?style=flat-square)
+
+A Helm chart for installing Fix Inventory in Kubernetes.
+
+**Homepage:** <https://inventory.fix.security>
+
+## Source Code
+
+* <https://github.com/someengineering/fixinventory>
+
+## Requirements
+
+| Repository | Name | Version |
+|------------|------|---------|
+| https://arangodb.github.io/kube-arangodb | arangodb(kube-arangodb) | 1.2.26 |
+| https://charts.bitnami.com/bitnami | common(common) | 2.4.0 |
+| https://prometheus-community.github.io/helm-charts | prometheus | 18.1.0 |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` | Configure node affinity for all pods. |
+| arangodb | object | `{"operator":{"deployment":{"externalAccessType":"None","mode":"Single","spec":{},"tlsCASecretName":"None"},"enabled":false,"replicaCount":1},"persistentVolumeClaimSpec":{"accessModes":["ReadWriteOnce"],"resources":{"requests":{"storage":"50Gi"}}},"version":"3.10.4"}` | Install ArangoDB operator as dependency. |
+| arangodb.operator | object | `{"deployment":{"externalAccessType":"None","mode":"Single","spec":{},"tlsCASecretName":"None"},"enabled":false,"replicaCount":1}` | See: https://www.arangodb.com/docs/stable/deployment-kubernetes-helm.html#configurable-values-for-arangodb-kubernetes-operator for a list of possible configuration values. |
+| arangodb.operator.deployment | object | `{"externalAccessType":"None","mode":"Single","spec":{},"tlsCASecretName":"None"}` | Defines the ArangoDB deployment and database. |
+| arangodb.operator.deployment.externalAccessType | string | `"None"` | Should the database externally accessible. https://www.arangodb.com/docs/stable/deployment-kubernetes-deployment-resource.html#specexternalaccesstype-string |
+| arangodb.operator.deployment.mode | string | `"Single"` | The ArangoDB deployment mode. Can be either "Cluster", "ActiveFailover" or "Single". https://www.arangodb.com/docs/stable/deployment-kubernetes-deployment-resource.html#specmode-string |
+| arangodb.operator.deployment.spec | object | `{}` | The arangodb specification. https://www.arangodb.com/docs/stable/deployment-kubernetes-deployment-resource.html#specification-reference |
+| arangodb.operator.deployment.tlsCASecretName | string | `"None"` | Secret name that holds the ArangoDB certificate authority. |
+| arangodb.operator.enabled | bool | `false` | The ArangoDB operator is helpful for more complex deployments. Default is disabled, while a single instance database deployment is performed. |
+| arangodb.operator.replicaCount | int | `1` | Replication count for Operator deployment. |
+| arangodb.persistentVolumeClaimSpec | object | `{"accessModes":["ReadWriteOnce"],"resources":{"requests":{"storage":"50Gi"}}}` | The size of the volume for the database data. |
+| arangodb.version | string | `"3.10.4"` | The version of ArangoDB to use. |
+| fixcore | object | `{"extraArgs":[],"extraEnv":[],"graphdb":{"database":"fix","passwordSecret":{"key":"password","name":"arango-user"},"server":"http://graph-db-server:8529","username":"fix"},"image":{"repository":"somecr.io/someengineering/fixcore","tag":""},"ingress":{"annotations":{},"className":"","enabled":false,"hosts":[{"host":"chart-example.local","paths":[{"path":"/","pathType":"Prefix"}]}],"tls":[],"useHttpsService":false},"overrides":["fixcore.runtime.start_collect_on_subscriber_connect=true"],"resources":{},"service":{"port":8900,"type":"ClusterIP"}}` | Configuration for Fix Core. |
+| fixcore.extraArgs | list | `[]` | Use this section to define extra arguments |
+| fixcore.extraEnv | list | `[]` | Use this section to pass extra environment variables |
+| fixcore.graphdb | object | `{"database":"fix","passwordSecret":{"key":"password","name":"arango-user"},"server":"http://graph-db-server:8529","username":"fix"}` | This defines the access to the graph database |
+| fixcore.graphdb.database | string | `"fix"` | The name of the database to use |
+| fixcore.graphdb.passwordSecret | object | `{"key":"password","name":"arango-user"}` | The secret to get the password from |
+| fixcore.graphdb.passwordSecret.key | string | `"password"` | The secret key to get the password from |
+| fixcore.graphdb.passwordSecret.name | string | `"arango-user"` | The secret name to get the password from |
+| fixcore.graphdb.server | string | `"http://graph-db-server:8529"` | The complete url of the graph database |
+| fixcore.graphdb.username | string | `"fix"` | The name of the user to connect |
+| fixcore.image.repository | string | `"somecr.io/someengineering/fixcore"` | Image repository |
+| fixcore.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. |
+| fixcore.ingress.annotations | object | `{}` | All annotations for the ingress. In case the ingress controller is configured to use HTTPS, the following annotations are defined by default: className =~ nginx: - see: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#backend-protocol - "nginx.ingress.kubernetes.io/backend-protocol" is set to "HTTPS" by default. |
+| fixcore.ingress.className | string | `""` | The class of the ingress. If omitted, the configured default ingress class is used. |
+| fixcore.ingress.enabled | bool | `false` | In case you want to expose the service outside the k8s cluster, you can use an ingress. |
+| fixcore.ingress.hosts | list | `[{"host":"chart-example.local","paths":[{"path":"/","pathType":"Prefix"}]}]` | Ingress host configuration. |
+| fixcore.ingress.useHttpsService | bool | `false` | Configure ingress to talk to the service via HTTPS. If enabled, the ingress controller needs to be configured for that. Turning it on without additional user configuration, will most likely render your ingress unusable! Since this configuration is specific for the ingress controller implementation, it can not be provided by this chart. Please refer to the documentation of your ingress controller for further information. |
+| fixcore.overrides | list | `["fixcore.runtime.start_collect_on_subscriber_connect=true"]` | Use this section to override configuration values |
+| fixcore.overrides[0] | string | `"fixcore.runtime.start_collect_on_subscriber_connect=true"` | start a collect cycle automatically when the first collector is connected |
+| fixcore.resources | object | `{}` | Define resources requests and limits for this pod. |
+| fixcore.service.port | int | `8900` | Port of the service to expose. Two services will be created: fixinventory-fixcore:8900 (HTTPS) and fixinventory-fixcore-http:8900 (HTTP) |
+| fixcore.service.type | string | `"ClusterIP"` | Type of service. ClusterIP is only reachable within the cluster. If you want to make your installation available outside the cluster, consider setting up an ingress or use type LoadBalancer. |
+| fixmetrics | object | `{"extraArgs":[],"extraEnv":[],"image":{"repository":"somecr.io/someengineering/fixmetrics","tag":""},"overrides":[],"resources":{},"serviceMonitor":{"enabled":false,"interval":"30s","scrapeTimeout":"25s"}}` | Configuration for Fix Metrics. |
+| fixmetrics.extraArgs | list | `[]` | Use this section to define extra arguments |
+| fixmetrics.extraEnv | list | `[]` | Use this section to pass extra environment variables |
+| fixmetrics.image.repository | string | `"somecr.io/someengineering/fixmetrics"` | Image repository |
+| fixmetrics.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. |
+| fixmetrics.overrides | list | `[]` | Use this section to override configuration values |
+| fixmetrics.resources | object | `{}` | Define resources requests and limits for this pod. |
+| fixmetrics.serviceMonitor | object | `{"enabled":false,"interval":"30s","scrapeTimeout":"25s"}` | Prometheus serviceMonitor configuration |
+| fixmetrics.serviceMonitor.enabled | bool | `false` | Whether a Prometheus serviceMonitor should be created |
+| fixmetrics.serviceMonitor.interval | string | `"30s"` | Metrics scrape interval |
+| fixmetrics.serviceMonitor.scrapeTimeout | string | `"25s"` | Metrics scrape timeout |
+| fixworker | object | `{"extraArgs":[],"extraEnv":[],"image":{"repository":"somecr.io/someengineering/fixworker","tag":""},"overrides":[],"resources":{},"volumeMounts":[],"volumes":[]}` | Configuration for Fix Worker. |
+| fixworker.extraArgs | list | `[]` | Use this section to define extra arguments |
+| fixworker.extraEnv | list | `[]` | Use this section to pass extra environment variables |
+| fixworker.image.repository | string | `"somecr.io/someengineering/fixworker"` | Image repository |
+| fixworker.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. |
+| fixworker.overrides | list | `[]` | Use this section to override configuration values |
+| fixworker.resources | object | `{}` | Define resources requests and limits for this pod. |
+| fixworker.volumeMounts | list | `[]` | Use this section to define volume mounts for the worker |
+| fixworker.volumes | list | `[]` | Use this section to define volumes of the worker |
+| fullnameOverride | string | `""` | In case you want to override the generated fully qualified application name. |
+| image | object | `{"tag":""}` | Image tag used for all Fix Inventory components. |
+| image.tag | string | `""` | The specific component version always takes precedence. |
+| imagePullPolicy | string | `"IfNotPresent"` | The image pull policy |
+| imagePullSecrets | list | `[]` | In case you use a custom repository which needs secrets. |
+| nameOverride | string | `""` | In case you want to override the name of this chart. |
+| nodeSelector | object | `{}` | Configure node selectors for all pods. |
+| podAnnotations | object | `{}` | Configure annotations for all pods. |
+| podSecurityContext | object | `{}` | Configure the security context on the pod level. |
+| prometheus | object | `{"enabled":true,"server":{"persistentVolume":{"size":"50Gi"},"retention":"730d"}}` | Configure the prometheus component. Type helm show values prometheus-community/prometheus for a list of possible configuration values. |
+| prometheus.enabled | bool | `true` | You can disable the Prometheus dependency by setting this to false. |
+| prometheus.server | object | `{"persistentVolume":{"size":"50Gi"},"retention":"730d"}` | Define attributes for the Prometheus service. |
+| prometheus.server.persistentVolume | object | `{"size":"50Gi"}` | Define the persistent volume properties. |
+| prometheus.server.persistentVolume.size | string | `"50Gi"` | Size of the persistent volume. |
+| prometheus.server.retention | string | `"730d"` | Duration to keep time series data. |
+| psk | string | `""` | Defines the private shared key that is used to secure the communication between the components. If the value is not set, a random key is generated. You can get the psk from the secret fixinventory-psk. |
+| replicaCount | int | `1` | Defines the number of workers to run in parallel. Only increase this number, if you know what you are doing. |
+| securityContext | object | `{}` | Configure the security context on the container level. |
+| serviceAccount | object | `{"annotations":{},"create":true,"name":""}` | Define and configure a service account that used by Fix Inventory. |
+| serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
+| serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
+| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
+| tolerations | list | `[]` | Configure toleration's for all pods. |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1)

someengineering/fixinventory/templates/NOTES.txt

@@ -0,0 +1,45 @@
+1. Get the application:
+{{- if .Values.fixcore.ingress.enabled }}
+{{- range $host := .Values.fixcore.ingress.hosts }}
+  Make sure you have a working IngressController and DNS configured to point to the ingress controller external IP.
+
+  {{- range .paths }}
+  http{{ if $.Values.fixcore.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
+  {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.fixcore.service.type }}
+
+Execute the following lines on your command line:
+
+# --------------------------- snip ---------------------------
+export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "fixinventory.fullname" . }}-fixcore-http)
+export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+echo http://$NODE_IP:$NODE_PORT
+# --------------------------- snap ---------------------------
+
+{{- else if contains "LoadBalancer" .Values.fixcore.service.type }}
+
+NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+
+Execute the following lines on your command line:
+
+# --------------------------- snip ---------------------------
+echo "Waiting for the external IP address to be available..."
+timeout 600s bash -c 'until kubectl get --namespace {{ .Release.Namespace }} service/{{ include "fixinventory.fullname" . }}-fixcore-http --output=jsonpath='{.status.loadBalancer}' | grep "ingress"; do sleep 1 ; done > /dev/null'
+export SERVICE_IP=$(kubectl get service --namespace {{ .Release.Namespace }} {{ include "fixinventory.fullname" . }}-fixcore-http --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+echo "Fix Inventory is now accessible at http://$SERVICE_IP:{{ .Values.fixcore.service.port }}"
+# --------------------------- snap ---------------------------
+
+{{- else if contains "ClusterIP" .Values.fixcore.service.type }}
+
+Execute the following lines on your command line:
+
+# --------------------------- snip ---------------------------
+echo "Fix Inventory is now accessible at http://127.0.0.1:8900"
+kubectl --namespace {{ .Release.Namespace }} port-forward services/{{ include "fixinventory.fullname" . }}-fixcore-http 8900:{{ .Values.fixcore.service.port }}
+# --------------------------- snap ---------------------------
+
+Note that for this to work, the port-forward must remain open.
+{{- end }}
+
+2. Open the application URL in your web browser and continue the installation.