From a61d143d539acc7094326377451c1fcb6e3e53c4 Mon Sep 17 00:00:00 2001 From: GabrielPalmar Date: Sun, 28 Sep 2025 14:30:23 -0500 Subject: [PATCH 1/4] chore(ci): Adding Kube-Linter --- .github/workflows/kube-linter.yml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 .github/workflows/kube-linter.yml diff --git a/.github/workflows/kube-linter.yml b/.github/workflows/kube-linter.yml new file mode 100644 index 0000000..fe18ebf --- /dev/null +++ b/.github/workflows/kube-linter.yml @@ -0,0 +1,23 @@ +name: Kube-Linter + +on: + push: + branches: + - test + pull_request: + branches: + - main + +permissions: + contents: read + +jobs: + linting: + runs-on: ubuntu-latest + steps: + - name: Scan repo with kube-linter + uses: stackrox/kube-linter-action@v1.0.4 + with: + directory: helm-charts + format: sarif + output-file: kube-linter.sarif From bbcecaa5aec9af9c4d918eff8d45c53bad2c1f5e Mon Sep 17 00:00:00 2001 From: GabrielPalmar Date: Sun, 28 Sep 2025 14:34:00 -0500 Subject: [PATCH 2/4] chore(ci): Adding Kube-Linter pt.2 --- .github/workflows/kube-linter.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/kube-linter.yml b/.github/workflows/kube-linter.yml index fe18ebf..c7c943b 100644 --- a/.github/workflows/kube-linter.yml +++ b/.github/workflows/kube-linter.yml @@ -18,6 +18,6 @@ jobs: - name: Scan repo with kube-linter uses: stackrox/kube-linter-action@v1.0.4 with: - directory: helm-charts + directory: helm-chart format: sarif output-file: kube-linter.sarif From 8e59ffda7b1cdbd5482909e5b51798eb1f225d1f Mon Sep 17 00:00:00 2001 From: GabrielPalmar Date: Sun, 28 Sep 2025 14:36:30 -0500 Subject: [PATCH 3/4] chore(ci): Adding Kube-Linter pt.3 --- .github/workflows/kube-linter.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/kube-linter.yml b/.github/workflows/kube-linter.yml index c7c943b..2f5e7d8 100644 --- a/.github/workflows/kube-linter.yml +++ b/.github/workflows/kube-linter.yml @@ -15,9 +15,10 @@ jobs: linting: runs-on: ubuntu-latest steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Scan repo with kube-linter uses: stackrox/kube-linter-action@v1.0.4 with: directory: helm-chart - format: sarif - output-file: kube-linter.sarif From bc98985f751fd1e6bdacf9879b44acf9067cf6eb Mon Sep 17 00:00:00 2001 From: GabrielPalmar Date: Mon, 29 Sep 2025 13:31:40 -0500 Subject: [PATCH 4/4] fix(k8s): Resolving issues with sec --- .github/workflows/kube-linter.yml | 2 +- helm-chart/Chart.yaml | 2 +- helm-chart/templates/cronjob.yaml | 4 ++++ helm-chart/templates/deployment.yaml | 14 ++++++++++++++ kustomize/base/deployment.yaml | 2 +- kustomize/overlays/prod/deployment-patch.yaml | 2 +- kustomize/overlays/staging/deployment-patch.yaml | 2 +- 7 files changed, 23 insertions(+), 5 deletions(-) diff --git a/.github/workflows/kube-linter.yml b/.github/workflows/kube-linter.yml index 2f5e7d8..0fd3bcf 100644 --- a/.github/workflows/kube-linter.yml +++ b/.github/workflows/kube-linter.yml @@ -3,7 +3,7 @@ name: Kube-Linter on: push: branches: - - test + - main pull_request: branches: - main diff --git a/helm-chart/Chart.yaml b/helm-chart/Chart.yaml index 16c32d4..5bab78e 100644 --- a/helm-chart/Chart.yaml +++ b/helm-chart/Chart.yaml @@ -3,4 +3,4 @@ name: hivebox description: A Helm chart for HiveBox application type: application version: 0.1.0 -appVersion: "0.7.0" +appVersion: "0.7.1" diff --git a/helm-chart/templates/cronjob.yaml b/helm-chart/templates/cronjob.yaml index b54f5e5..769e044 100644 --- a/helm-chart/templates/cronjob.yaml +++ b/helm-chart/templates/cronjob.yaml @@ -30,6 +30,10 @@ spec: sleep 5 fi done + securityContext: + {{- include "common.containerSecurityContext" . | nindent 16 }} + resources: + {{- include "common.resources" (dict "Values" .Values "name" "cronjob") | nindent 16 }} containers: - name: temperature-storage image: {{ .Values.images.cronjob }} diff --git a/helm-chart/templates/deployment.yaml b/helm-chart/templates/deployment.yaml index 1da0d76..de4c439 100644 --- a/helm-chart/templates/deployment.yaml +++ b/helm-chart/templates/deployment.yaml @@ -14,6 +14,20 @@ spec: labels: app: hivebox spec: + {{- if gt (int .Values.replicas.hivebox) 1 }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - hivebox + topologyKey: kubernetes.io/hostname + {{- end }} securityContext: {{- include "common.podSecurityContext" . | nindent 8 }} containers: diff --git a/kustomize/base/deployment.yaml b/kustomize/base/deployment.yaml index 604e4a0..ad17429 100644 --- a/kustomize/base/deployment.yaml +++ b/kustomize/base/deployment.yaml @@ -21,7 +21,7 @@ spec: runAsGroup: 1000 containers: - name: hivebox - image: ghcr.io/gabrielpalmar/hivebox:latest@sha256:c731999c3fd9b757e2fd816e3c9dcf645dba56647d8a921cb567ece3cf378dc3 + image: ghcr.io/gabrielpalmar/hivebox:0.7.1@sha256:c731999c6fac6f2f17f746aea7fafe073cf608c49729eb1e189ecf3551c62646 ports: - containerPort: 5000 env: diff --git a/kustomize/overlays/prod/deployment-patch.yaml b/kustomize/overlays/prod/deployment-patch.yaml index b58fab5..4208c17 100644 --- a/kustomize/overlays/prod/deployment-patch.yaml +++ b/kustomize/overlays/prod/deployment-patch.yaml @@ -8,4 +8,4 @@ spec: spec: containers: - name: hivebox - image: ghcr.io/gabrielpalmar/hivebox:0.7.0 + image: ghcr.io/gabrielpalmar/hivebox:0.7.1@sha256:c731999c6fac6f2f17f746aea7fafe073cf608c49729eb1e189ecf3551c62646 diff --git a/kustomize/overlays/staging/deployment-patch.yaml b/kustomize/overlays/staging/deployment-patch.yaml index dfc82b5..effb6af 100644 --- a/kustomize/overlays/staging/deployment-patch.yaml +++ b/kustomize/overlays/staging/deployment-patch.yaml @@ -8,4 +8,4 @@ spec: spec: containers: - name: hivebox - image: ghcr.io/gabrielpalmar/hivebox:0.7.0@sha256:c731999c3fd9b757e2fd816e3c9dcf645dba56647d8a921cb567ece3cf378dc3 + image: ghcr.io/gabrielpalmar/hivebox:0.7.1@sha256:c731999c6fac6f2f17f746aea7fafe073cf608c49729eb1e189ecf3551c62646