Merge branch 'sebastian/prod-2981-set-up-catalog-pipeline' of github.…

…com:pluralsh/scaffolds into sebastian/prod-2981-set-up-catalog-pipeline
pluralsh · Dec 12, 2024 · a3be76c · a3be76c
2 parents 26930a4 + 3f2c7dd
commit a3be76c
Show file tree

Hide file tree

Showing 8 changed files with 144 additions and 7 deletions.
diff --git a/catalogs/data/dagster/README.md b/catalogs/data/dagster/README.md
@@ -0,0 +1,7 @@
+# Dagster
+
+This is a baseline, prod-ready Dagster installation using Plural.
+
+## Contributing
+
+If there are any features or documentation you'd like to add to this setup, please feel free to contribute back at https://github.com/pluralsh/scaffolds.
diff --git a/catalogs/data/dagster/helmrepository.yaml b/catalogs/data/dagster/helmrepository.yaml
@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: dagster
+  namespace: apps
+spec:
+  interval: 5m0s
+  url: https://dagster-io.github.io/helm
diff --git a/catalogs/security/opa-gatekeeper/helmrepository.yaml b/catalogs/security/opa-gatekeeper/helmrepository.yaml
@@ -1,7 +1,7 @@
 apiVersion: source.toolkit.fluxcd.io/v1beta2
 kind: HelmRepository
 metadata:
-  name: opa-gatekeeper
+  name: gatekeeper
   namespace: apps
 spec:
   interval: 5m0s

diff --git a/catalogs/security/opa-gatekeeper/servicedeployments.yaml.liquid b/catalogs/security/opa-gatekeeper/servicedeployments.yaml.liquid
@@ -0,0 +1,69 @@
+apiVersion: deployments.plural.sh/v1alpha1
+kind: ServiceDeployment
+metadata:
+  name: opa-gatekeeper-{{ context.cluster }}
+  namespace: apps
+spec:
+  namespace: policy
+  git:
+    folder: helm/opa-gatekeeper
+    ref: main
+  repositoryRef:
+    kind: GitRepository
+    name: infra
+    namespace: infra
+  helm:
+    version: 3.15.1
+    chart: gatekeeper
+    repository:
+      name: gatekeeper
+      namespace: apps
+  configuration:
+    cluster: {{ context.cluster }}
+  clusterRef:
+    kind: Cluster
+    name: {{ context.cluster }}
+    namespace: infra
+---
+apiVersion: deployments.plural.sh/v1alpha1
+kind: ServiceDeployment
+metadata:
+  name: opa-constraints-{{ context.cluster }}
+  namespace: apps
+spec:
+  namespace: policy
+  templated: false
+  git:
+    folder: resources/policy/constraints
+    ref: main
+  repositoryRef:
+    kind: GitRepository
+    name: bootstrap
+    namespace: infra
+  clusterRef:
+    kind: Cluster
+    name: {{ context.cluster }}
+    namespace: infra
+---
+apiVersion: deployments.plural.sh/v1alpha1
+kind: ServiceDeployment
+metadata:
+  name: policy-bundle-{{ context.cluster }}
+  namespace: apps
+spec:
+  name: policy-bundle
+  namespace: policy
+  templated: false
+  git:
+    folder: resources/policy/bundles/{{ context.bundle }}
+    ref: main
+  kustomize:
+    path: '.'
+  repositoryRef:
+    kind: GitRepository
+    name: bootstrap
+    namespace: infra
+  clusterRef:
+    kind: Cluster
+    name: {{ context.cluster }}
+    namespace: infra
diff --git a/catalogs/security/trivy-operator/servicedeployment.yaml.liquid b/catalogs/security/trivy-operator/servicedeployment.yaml.liquid
@@ -18,8 +18,6 @@ spec:
     repository:
       name: trivy-operator
       namespace: apps
-    valuesFiles:
-    - {{ context.cluster }}.yaml.liquid
   configuration:
     cluster: {{ context.cluster }}
   clusterRef:

diff --git a/setup/catalogs/data/dagster.yaml b/setup/catalogs/data/dagster.yaml
@@ -0,0 +1,40 @@
+apiVersion: deployments.plural.sh/v1alpha1
+kind: PrAutomation
+metadata:
+  name: dagster
+spec:
+  name: dagster
+  icon: https://dagster.io/images/brand/logos/dagster-primary-mark.png
+  documentation: |
+    Sets up Dagster instance for given cloud
+  creates:
+    git:
+      ref: sebastian/prod-2981-set-up-catalog-pipeline # TODO set to main
+      folder: catalogs/data/dagster
+    templates:
+      - source: README.md
+        destination: documentation/dagster/README.md
+        external: true
+      - source: helmrepository.yaml
+        destination: "bootstrap/apps/dagster/{{ context.cluster }}/helmrepository.yaml"
+        external: true
+  repositoryRef:
+    name: scaffolds
+  catalogRef:
+    name: data
+  scmConnectionRef:
+    name: plural  # you'll need to add this ScmConnection manually before this is functional
+  title: "Dagster setup ({{ context.cluster }})"
+  message: |
+    Sets up Dagster on {{ context.cluster }} cluster.
+  identifier: pluralsh/plrl-dev-aws # FIXME
+  configuration:
+    - name: cluster
+      type: STRING
+      documentation: the cluster you want to deploy to
+    - name: cloud
+      type: ENUM
+      documentation: the cloud you can deploy Dagster to
+      values:
+        - aws
+
diff --git a/setup/catalogs/security/opa-gatekeeper.yaml b/setup/catalogs/security/opa-gatekeeper.yaml
@@ -6,7 +6,7 @@ spec:
   name: opa-gatekeeper
   icon: https://www.openpolicyagent.org/img/logos/opa-no-text-color.png
   documentation: |
-    Sets up an OPA Gatekeeper policy controller
+    Sets up OPA Gatekeeper policy controller
   creates:
     git:
       ref: sebastian/prod-2981-set-up-catalog-pipeline # TODO set to main
@@ -18,16 +18,30 @@ spec:
       - source: helmrepository.yaml
         destination: "bootstrap/apps/opa-gatekeeper/{{ context.cluster }}/helmrepository.yaml"
         external: true
+      - source: servicedeployments.yaml.liquid
+        destination: "bootstrap/apps/opa-gatekeeper/{{ context.cluster }}/servicedeployments.yaml"
+        external: true
   repositoryRef:
     name: scaffolds
   catalogRef:
     name: security
   scmConnectionRef:
     name: plural  # you'll need to add this ScmConnection manually before this is functional
   title: "OPA Gatekeeper setup ({{ context.cluster }})"
-  message: "Sets up OPA Gatekeeper on {{ context.cluster }} cluster."
+  message: |
+    Sets up OPA Gatekeeper on {{ context.cluster }} cluster.
   identifier: pluralsh/plrl-dev-aws # FIXME
   configuration:
   - name: cluster
     type: STRING
     documentation: the cluster you want to deploy to
+  - name: bundle
+    type: ENUM
+    documentation: the policy bundle you want to install
+    values:
+      - asm-policy-v0.0.1
+      - cis-k8s-v1.5.1
+      - policy-essentials-v2022
+      - psp-v2022
+      - pss-baseline-v2022
+
diff --git a/setup/catalogs/security/trivy-operator.yaml b/setup/catalogs/security/trivy-operator.yaml
@@ -6,7 +6,7 @@ spec:
   name: trivy-operator
   icon: https://aquasecurity.github.io/trivy-operator/latest/images/trivy-operator-logo.png
   documentation: |
-    Sets up an Trivy Operator security toolkit
+    Sets up Trivy Operator security toolkit
   creates:
     git:
       ref: sebastian/prod-2981-set-up-catalog-pipeline # TODO set to main
@@ -28,7 +28,8 @@ spec:
   scmConnectionRef:
     name: plural  # you'll need to add this ScmConnection manually before this is functional
   title: "Trivy Operator setup ({{ context.cluster }})"
-  message: "Sets up Trivy Operator on {{ context.cluster }} cluster."
+  message: |
+    Sets up Trivy Operator on {{ context.cluster }} cluster. Includes set of constraints and policy bundle.
   identifier: pluralsh/plrl-dev-aws # FIXME
   configuration:
   - name: cluster