Skip to content

Decommission notification publisher #287

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
nscuro merged 1 commit into from
Jan 28, 2026
Merged

Decommission notification publisher #287

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 7 additions & 7 deletions charts/hyades/ci/test-initializer-values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -128,13 +128,13 @@ extraObjects:
- PLAINTEXT://0.0.0.0:9092
- --advertise-kafka-addr
- PLAINTEXT://redpanda.{{ .Release.Namespace }}.svc.cluster.local:9092
ports:
- name: kafka-api
containerPort: 9092
protocol: TCP
- name: redpanda-admin
containerPort: 9644
protocol: TCP
ports:
- name: kafka-api
containerPort: 9092
protocol: TCP
- name: redpanda-admin
containerPort: 9644
protocol: TCP
- apiVersion: v1
kind: Service
metadata:
Expand Down
14 changes: 7 additions & 7 deletions charts/hyades/ci/test-values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,13 +119,13 @@ extraObjects:
- PLAINTEXT://0.0.0.0:9092
- --advertise-kafka-addr
- PLAINTEXT://redpanda.{{ .Release.Namespace }}.svc.cluster.local:9092
ports:
- name: kafka-api
containerPort: 9092
protocol: TCP
- name: redpanda-admin
containerPort: 9644
protocol: TCP
ports:
- name: kafka-api
containerPort: 9092
protocol: TCP
- name: redpanda-admin
containerPort: 9644
protocol: TCP
- apiVersion: v1
kind: Service
metadata:
Expand Down
14 changes: 7 additions & 7 deletions charts/hyades/ci/test-vulnanalyzer-statefulset-values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -125,13 +125,13 @@ extraObjects:
- PLAINTEXT://0.0.0.0:9092
- --advertise-kafka-addr
- PLAINTEXT://redpanda.{{ .Release.Namespace }}.svc.cluster.local:9092
ports:
- name: kafka-api
containerPort: 9092
protocol: TCP
- name: redpanda-admin
containerPort: 9644
protocol: TCP
ports:
- name: kafka-api
containerPort: 9092
protocol: TCP
- name: redpanda-admin
containerPort: 9644
protocol: TCP
- apiVersion: v1
kind: Service
metadata:
Expand Down
43 changes: 0 additions & 43 deletions charts/hyades/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -220,49 +220,6 @@ Frontend image
{{- end -}}
{{- end -}}

{{/*
Notification publisher labels
*/}}
{{- define "hyades.notificationPublisherLabels" -}}
{{ include "hyades.commonLabels" . }}
{{ include "hyades.notificationPublisherSelectorLabels" . }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
{{- end -}}

{{/*
Notification publisher selector labels
*/}}
{{- define "hyades.notificationPublisherSelectorLabels" -}}
{{ include "hyades.commonSelectorLabels" . }}
app.kubernetes.io/name: {{ printf "%s-notification-publisher" (include "hyades.name" .) }}
app.kubernetes.io/component: notification-publisher
{{- end -}}

{{/*
Notification publisher name
*/}}
{{- define "hyades.notificationPublisherName" -}}
{{- printf "%s-notification-publisher" (include "hyades.name" .) -}}
{{- end -}}

{{/*
Notification publisher fully qualified name
*/}}
{{- define "hyades.notificationPublisherFullname" -}}
{{- printf "%s-notification-publisher" (include "hyades.fullname" .) -}}
{{- end -}}

{{/*
Notification publisher image
*/}}
{{- define "hyades.notificationPublisherImage" -}}
{{- if eq (substr 0 7 .Values.notificationPublisher.image.tag) "sha256:" -}}
{{- printf "%s/%s@%s" (.Values.notificationPublisher.image.registry | default .Values.common.image.registry) .Values.notificationPublisher.image.repository .Values.notificationPublisher.image.tag -}}
{{- else -}}
{{- printf "%s/%s:%s" (.Values.notificationPublisher.image.registry | default .Values.common.image.registry) .Values.notificationPublisher.image.repository (.Values.notificationPublisher.image.tag | default .Chart.AppVersion) -}}
{{- end -}}
{{- end -}}


{{/*
Repository metadata analyzer labels
Expand Down
135 changes: 0 additions & 135 deletions charts/hyades/templates/notification-publisher/deployment.yaml
View file
Open in desktop

This file was deleted.

38 changes: 0 additions & 38 deletions charts/hyades/templates/notification-publisher/hpa.yaml
View file
Open in desktop

This file was deleted.

2 changes: 1 addition & 1 deletion charts/hyades/templates/vuln-analyzer/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,61 +31,61 @@
{{- if .Values.initializer.enabled }}
- {{ include "hyades.initializerWaiterContainer" . | nindent 8 }}
{{- end }}
{{- with .Values.notificationPublisher.initContainers }}
{{- with .Values.vulnAnalyzer.initContainers }}
{{- tpl (toYaml .) $ | nindent 6 }}
{{- end }}
serviceAccountName: {{ include "hyades.serviceAccountName" . }}
containers:
- name: {{ include "hyades.vulnAnalyzerName" . }}
image: {{ include "hyades.vulnAnalyzerImage" . }}
imagePullPolicy: {{ .Values.vulnAnalyzer.image.pullPolicy }}
securityContext: {{ toYaml .Values.vulnAnalyzer.securityContext | nindent 10 }}
{{- with .Values.vulnAnalyzer.command }}
command: {{ toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.vulnAnalyzer.args }}
args: {{ toYaml . | nindent 8 }}
{{- end }}
resources: {{- toYaml .Values.vulnAnalyzer.resources | nindent 10 }}
env:
{{- with .Values.common.database.jdbcUrl }}
- name: QUARKUS_DATASOURCE_JDBC_URL
value: {{ tpl . $ | quote }}
{{- end}}
{{- with .Values.common.database.username }}
- name: QUARKUS_DATASOURCE_USERNAME
value: {{ . | quote }}
{{- end }}
{{- with .Values.common.database.password }}
- name: QUARKUS_DATASOURCE_PASSWORD
value: {{ . | quote }}
{{- end }}
- name: KAFKA_BOOTSTRAP_SERVERS
value: {{ tpl .Values.common.kafka.bootstrapServers $ | quote }}
{{- with .Values.common.kafka.topicPrefix }}
- name: DT_KAFKA_TOPIC_PREFIX
value: {{ . | quote }}
{{- end }}
{{- with .Values.vulnAnalyzer.extraEnv }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.vulnAnalyzer.extraEnvFrom }}
envFrom: {{ toYaml . | nindent 8 }}
{{- end }}
ports:
- name: web
containerPort: 8092
protocol: TCP
volumeMounts:
- name: tmp
mountPath: /tmp
{{- with .Values.vulnAnalyzer.additionalVolumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
livenessProbe:
httpGet:
scheme: HTTP
port: web

Check failure

Code scanning / Trivy

Default security context configured High

Artifact: charts/hyades/templates/vuln-analyzer/deployment.yaml
Type: helm
Vulnerability KSV118
Severity: HIGH
Message: deployment hyades-vulnerability-analyzer in null namespace is using the default security context, which allows root privileges
Link: KSV118
path: /q/health/live
failureThreshold: {{ .Values.vulnAnalyzer.probes.liveness.failureThreshold }}
initialDelaySeconds: {{ .Values.vulnAnalyzer.probes.liveness.initialDelaySeconds }}
Expand Down
2 changes: 1 addition & 1 deletion charts/hyades/templates/vuln-analyzer/statefulset.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ spec:
{{- if .Values.initializer.enabled }}
- {{ include "hyades.initializerWaiterContainer" . | nindent 8 }}
{{- end }}
{{- with .Values.notificationPublisher.initContainers }}
{{- with .Values.vulnAnalyzer.initContainers }}
{{- tpl (toYaml .) $ | nindent 6 }}
{{- end }}
serviceAccountName: {{ include "hyades.serviceAccountName" . }}
Expand Down
70 changes: 0 additions & 70 deletions charts/hyades/values.schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -288,76 +288,6 @@
}
}
},
"notificationPublisher": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean"
},
"replicaCount": {
"type": "integer"
},
"deployment": {
"type": "object",
"properties": {
"strategy": {
"type": "object"
}
}
},
"annotations": {
"type": "object"
},
"image": {
"$ref": "#/$defs/image"
},
"command": {
"type": "array",
"items": {
"type": "string"
}
},
"args": {
"type": "array",
"items": {
"type": "string"
}
},
"resources": {
"$ref": "#/$defs/resources"
},
"securityContext": {
"type": "object"
},
"extraEnv": {
"$ref": "#/$defs/objectArray"
},
"extraEnvFrom": {
"$ref": "#/$defs/objectArray"
},
"extraContainers": {
"$ref": "#/$defs/objectArray"
},
"tolerations": {
"$ref": "#/$defs/objectArray"
},
"probes": {
"$ref": "#/$defs/probes"
},
"additionalVolumeMounts": {
"$ref": "#/$defs/objectArray"
},
"additionalVolumes": {
"$ref": "#/$defs/objectArray"
},
"initContainers": {
"$ref": "#/$defs/objectArray"
},
"nodeSelector": {
"type": "object"
}
}
},
"repoMetaAnalyzer": {
"type": "object",
"properties": {
Expand Down
Loading
Loading