From 6c4263fe5dd075f95da94bf36cbb9600b1cf7a3c Mon Sep 17 00:00:00 2001 From: dmeenaarmorcode Date: Mon, 24 Mar 2025 17:12:18 +0530 Subject: [PATCH 01/19] Adding helm charts for the repo --- .../docs/charts/armorcode-web-agent-0.1.0.tgz | Bin 0 -> 4240 bytes web-agent/docs/charts/index.yaml | 25 ++++ web-agent/helm-chart/templates/_helpers.tpl | 62 +++++++++ web-agent/multi-agent-values-local.yaml | 87 +++++++++++++ web-agent/multi-agent-values.yaml | 119 ++++++++++++++++++ 5 files changed, 293 insertions(+) create mode 100644 web-agent/docs/charts/armorcode-web-agent-0.1.0.tgz create mode 100644 web-agent/docs/charts/index.yaml create mode 100644 web-agent/helm-chart/templates/_helpers.tpl create mode 100644 web-agent/multi-agent-values-local.yaml create mode 100644 web-agent/multi-agent-values.yaml diff --git a/web-agent/docs/charts/armorcode-web-agent-0.1.0.tgz b/web-agent/docs/charts/armorcode-web-agent-0.1.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..9bc7980efd4e699f92c3b9b5ca6fe26c9d58eadc GIT binary patch literal 4240 zcmV;B5O41viwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH+}Z`(Ms{ac@6;N*a9uafP=Nebik;d)8;ZEh z!GqgsckTyCs34y)8r4O|m32VNEhHQ-s93R0vv0C;`&7OwD;2XmU?G0cT1__*Jn5iu_(QB1SGnuejA zhkZ2%0}@LLEF?qMk%lfgW--kL&V{#PKSLz%Cp6}LMLF+FOi_`~f-AhdrYzy(AcSh# z2O(4wKL~;2xMV~u1Bpf;l4GXeafV1bh6LjRU1b>O=${peh|mBaN3v@t3IN_qh(Kp~ zR#?Dk$zrT9Z^I0+EF_|$NJ)(3*aQnZW`k%L4T1-Zzi0g~P+DUCcmkkf{qG;`4chB} z@8IZZ{eO?N18=^ftVl8FQHLo>acjBTmF!#hJlKIZD4qi{QXoxXjuse*;6Sf)yY_=% z2aai$(Hvr$PsyxgY9_0uP@3xcJWzj5@D!D);Nt*b$7z*gw!jQNeS8NY#2Q)7-t*nx|Z_&KIW@8r_m9G4!0PIZ_dHF3?Oa zD2EyYYU$w`;t@z{Vlwnx%n7T>Il&8@(n683jzI}tJOVLE-IAO+pE!n;#wdkJNm2nM zLo*zx|K&(BTu@E~WlO*I1Q2L8))?gSDAV+erX*gD;S@^&0XybH7QvL!3>cmfF4*!V zlvU%ZL7;i6q|*uEYCacIwQ_;;Sj#~%CmgUAl7Um`UlgZUTvK)hg(9da>w;Vt8e%<5 zffqQ|bGe|&IZkmbC>tAYW=O>IcW8oBZnNa56wy^V!7RrD^N7&?daFa@m2F=v3tS-y z;mwR;&ecz>K5fwsyiQYk4JW7Pz%Zw2>CEvE1g#0t6NVQk#uedkb61snyR@NWI$gcu zAu5V7$UcTi&Vw2o6AkcCWsTurzk#D*RM42FWB7D(b|3JI<1=^h)Xezx;^ORFidm_4 z@K=FZj#5Z47bI8X%-1l86#q(TeAVn@OcEx|IQ6eT=VKd8CvaAzQb+ZF zpW{?c`A8HGFa^8pzk`GJ{_kkCxBq1SeUEf=(|-}X`C3TLD&|_xNZ(!eb(Cw3Hf1x86ydXTPgYS7!LQ6CnhUf2VJ3+IXa3>2lu3?qR7RV_@*G+n}%5~XBHa3bZQ>O&O#hBa;lFJud{KO81F zMp6fGnql~NB|3G_rv#@72gER>BqIVRa-k~~@Y7_exFTg?jxwporMP|`1#hRoaEcK( z?34RbL~?HS&MJ=>+jxSd0!jdJK#F)n?N&^d@J&XOX~kDtSn<|?tS#S$_bIRN?5ci@ zf8Ks@YZ@z#Xe7}`%`RQn(%HzoCvgQMxtK!lZ#?`P@3nC0Mz^18{?En)bVgRL9J3vl zqpC*NOcf24O3k+A2&)?P@V2|hTh+M(EGi2|D~n(Q;J%?9km)( zlRL+07V)|Ex{TrG21p*KWwN=WktSs`EH_reJJVd`%q+u(*F|ADad#K28by`ACv+lch#vXW2Ps3lg{MYqnaG=U$9$_c-*Dqb!80 z?YSdgYzsZ}(c22aiVXR)wf$<^Z2#4}@rQT=H`{;1{e!`N)Bf8V4EGP8?7#1k@rFF=>RGN?~w^V@`%CNwU!&X9|Zo-n% zTQNHtOKX==Dpaoeu({etq4LeAEvdYMs<8fL%PYU1DzAUpa^uQSrS{vFkvzd)Rf+zx z`PNw|OYFBTGhRViWIk<)_4cW<>W3|@-Fd3q`B~Lx^s7d!zbcMlb$oEFB(&n3n;}KK zdlrO>g7+80;ELqQ7-|n*kYRxmB+$4z^SHS&gLEf%`>C^!S2BE)NVW!q9?o0HB?EH- zBaO>om`cWKJ#|{O<8ysjsIVf;ThS57*5P7!!F6xioB`ks$A!mX(b?6uN^f`h&{DU# z(+}u&qvHTp%9}1Z!zxqSa>qQlf3IpXx_bDaKDK)4`qThcjg4;m$!DPKTB&2v>QlpG znhX3@G`S|||DY_@RjkpVTw#qmeomQvlRAW~{Xq4yQ#hSX!JX@GTT9g@%J^EchI>u) z+Fc91iVlN8AzBOCn#k=Y95vK#z!WL;Yrr~?SDLJiS`{e7 zUXTv7jv8zuHbn~c8n6!JwIXff)+GwHAE*PftA^XSZJENp4zL4%Q;oMw!17 zBF!^n9q2z1$*&Phn!lpC5QTr>W$~E={Z)uUcektJqfx}SAc^~FTB&+pqG%~*l;pGa z@3pM506u1Ito*2yd0DnX8ed1-c5Gv~y35jr^{JN%e1l?H(6r3(d#P<#gmwFHOPVaL zBcn`KJVRnWhQ7#(etp%)Mek9lYq8o@+R)(jL11J~@tVD;0K{k2;Bksb);ju;S(OnI zEo!(`f$cgZ>Rg-^VtGQ^Cv7VuB{S6CtM84eRE5Et$w~t8CdQnodbhgd>4% z&VQgWK~t>HUY*(OWPW3lZNHe=AHli4PEqfc; zVX+QMTOB=PA*_S421HM*`*mQ(80cBGy$-HY>%Cg}u7h>db5DuYwMdmD@41`J4TICz zllEG&;$9QMPQy(Vd=8mvGHzG_@9kwE=gv>pBJf-jYOe!^@)_P(p}Gp>cyw&3b=%KX`L_0*~@gTn=ZFgC#vl{RGnzLTv?q6x;<-phqJ8{ z*A|YsZhEZ$Zlf;PwYs1^<7IB1`LqgC|;MA?}KP%YQP=UL^>86-A1qjpuxs;s z`!4~V%6osMg>Ta4^lYY3p_`Nqpz8%CP57&>hRoJZmIgS~A@Kf*({Xaa|Z@>RM+8Yg?^#Aur_i#w> z)RNgqWIa91D=F-e(>%sGVubqj{<*6D;9bI_?F;lX>kkF`QsTf;gbET~VRPZP!*hNM zlfx0t<24tG@9Frg_+3eN&2KI8F^cEa14tmb8Ue2!s0QI1r1yVn+;-*ePIC02_MFd_ z+saPka4{#`4F#l43$E-9UtO9zuPP(BsNTVu;6NP2HFb@| z0ttbcTx`KGf)_7VZc)5=0U>HM|OZ@zTL&icL&~;PUcvg7`czNEC=} zD$#(tW+;4t1IC)PNMg~HtPD{Q{6bm1F=!7I&8uN(5L0a^+~6}mWy{bBLG(O`k$`{v zN^@7#VGoDB?(zL8Y$;31Z03I)JMeyds zFF{ZZef@@1y{^>OewzAFL)4cbpw9Th#5>ab_(mp+!i z4Q|6ax!>-u+u#;1+n3%i;Z`qAXHLK^Tvk2od-{3_4laRaH4=SO{!$s`O|W_n)zB*H zi3vb*3zu)Fr&OFV%B&&VIDEW;Mfj{K2ZOVHR=@6MW1Fbl8sv+09s5KWJdC=Ef?vX@#V^-b5|7==YfA)6iDLtj9^pyTG>Hh-&0RR7Or)XdRTmS&(dqj%> literal 0 HcmV?d00001 diff --git a/web-agent/docs/charts/index.yaml b/web-agent/docs/charts/index.yaml new file mode 100644 index 0000000..e7904fb --- /dev/null +++ b/web-agent/docs/charts/index.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +entries: + armorcode-web-agent: + - apiVersion: v2 + created: "2025-03-23T19:43:31.472891+05:30" + description: Helm chart for deploying ArmorCode Web Agent with support for multiple + API keys + digest: e891d5167ad527dc7dae84d58bb73b123d57c2bfac6f657c1de821be98675aa2 + home: https://github.com/armor-code/agent + icon: https://raw.githubusercontent.com/armor-code/agent/main/docs/charts/icon.png + keywords: + - armorcode + - web-agent + - security + maintainers: + - email: deepakmeena@armorcode.io + name: Deepak Meena + name: armorcode-web-agent + sources: + - https://github.com/armor-code/agent + type: application + urls: + - https://raw.githubusercontent.com/armor-code/agent/main/web-agent/docs/charts/armorcode-web-agent-0.1.0.tgz + version: 0.1.0 +generated: "2025-03-23T19:43:31.472009+05:30" diff --git a/web-agent/helm-chart/templates/_helpers.tpl b/web-agent/helm-chart/templates/_helpers.tpl new file mode 100644 index 0000000..d0ce59b --- /dev/null +++ b/web-agent/helm-chart/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "armorcode-web-agent.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "armorcode-web-agent.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "armorcode-web-agent.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "armorcode-web-agent.labels" -}} +helm.sh/chart: {{ include "armorcode-web-agent.chart" . }} +{{ include "armorcode-web-agent.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "armorcode-web-agent.selectorLabels" -}} +app.kubernetes.io/name: {{ include "armorcode-web-agent.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "armorcode-web-agent.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "armorcode-web-agent.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/web-agent/multi-agent-values-local.yaml b/web-agent/multi-agent-values-local.yaml new file mode 100644 index 0000000..52a7f66 --- /dev/null +++ b/web-agent/multi-agent-values-local.yaml @@ -0,0 +1,87 @@ +# Example values file for deploying multiple ArmorCode Web Agents +# Each agent will have its own API key + +# Common configuration for all agents +agentDefaults: + # ArmorCode server URL - common for all agents + serverUrl: https://qa.armorcode.ai + + # Enable debug mode + debugMode: true + + # Request timeout in seconds + timeout: 30 + + # Whether to verify SSL certificates + verify: false + + # Thread pool size + poolSize: 5 + + # Whether to upload directly to ArmorCode + uploadToAc: true + +# Turn off single deployment mode +singleDeployment: + enabled: false + +# Enable multiple deployments mode +multipleDeployments: + enabled: true + + # List of deployments with unique names and API keys + instances: + # First agent - Production environment + - name: prod + apiKey: + envName: production + + # Second agent - Staging environment + - name: staging + apiKey: + envName: staging + + # Third agent - Development environment + - name: dev + apiKey: + envName: development + +# Use local built image +image: + repository: armorcode-web-agent + tag: local + pullPolicy: Never # Never pull from registry, use local image only + +# Disable persistence for this example +persistence: + enabled: false + +# Network policy configuration +networkPolicy: + enabled: true + spec: + podSelector: + matchLabels: + app.kubernetes.io/name: armorcode-web-agent + policyTypes: + - Egress + egress: + # Allow DNS resolution + - to: + - namespaceSelector: {} + podSelector: + matchLabels: + k8s-app: kube-dns + ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + + # Allow HTTPS to all external destinations + - to: + - ipBlock: + cidr: 0.0.0.0/0 + ports: + - port: 443 + protocol: TCP diff --git a/web-agent/multi-agent-values.yaml b/web-agent/multi-agent-values.yaml new file mode 100644 index 0000000..6826560 --- /dev/null +++ b/web-agent/multi-agent-values.yaml @@ -0,0 +1,119 @@ +# Example values file for deploying multiple ArmorCode Web Agents +# Using official images from registry + +# Common configuration for all agents +agentDefaults: + # ArmorCode server URL - common for all agents + serverUrl: https://app.armorcode.com + + # Enable debug mode + debugMode: true + + # Request timeout in seconds + timeout: 30 + + # Whether to verify SSL certificates + verify: false + + # Thread pool size + poolSize: 5 + + # Whether to upload directly to ArmorCode + uploadToAc: true + +# Turn off single deployment mode +singleDeployment: + enabled: false + +# Enable multiple deployments mode +multipleDeployments: + enabled: true + + # List of deployments with unique names and API keys + instances: + # First agent - Production environment + - name: prod + apiKey: 82305e3a-cc44-4f17-ab51-638basdas + envName: production + + # Second agent - Staging environment + - name: staging + apiKey: asdasdasd2343q8732q312w + envName: staging + + # Third agent - Development environment + - name: dev + apiKey: asdasdas34392847238 + envName: development + +# Use official image from registry +image: + repository: armorcode/armorcode-web-agent + tag: latest + pullPolicy: IfNotPresent + +# Configure centralized persistence for logs and data +persistence: + enabled: true + # ReadWriteMany allows pods on different nodes to access the same volume + accessMode: ReadWriteMany + # Recommended storage classes by platform: + # - AWS: "efs" + # - GCP: "filestore" + # - Azure: "azurefile" + # - On-prem: "nfs" + storageClassName: "" # Change to appropriate RWX storage class + size: 5Gi # Increased for multiple agents + +# Network policy configuration +networkPolicy: + enabled: false + spec: + podSelector: + matchLabels: + app.kubernetes.io/name: armorcode-web-agent + policyTypes: + - Egress + egress: + # Allow DNS resolution + - to: + - namespaceSelector: {} + podSelector: + matchLabels: + k8s-app: kube-dns + ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + + # Allow HTTPS to all external destinations + - to: + - ipBlock: + cidr: 0.0.0.0/0 + ports: + - port: 443 + protocol: TCP + +# Resource requests and limits +resources: + limits: + cpu: 1000m + memory: 512Mi + requests: + cpu: 500m + memory: 512Mi + +# Security context for the container +securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: false + runAsNonRoot: true + runAsUser: 10001 + runAsGroup: 10001 + +# Pod security context +podSecurityContext: + fsGroup: 10001 From 926adc56f88a48a699a92908fc8f10da1f225997 Mon Sep 17 00:00:00 2001 From: dmeenaarmorcode Date: Mon, 24 Mar 2025 17:12:30 +0530 Subject: [PATCH 02/19] Adding helm charts for the repo --- web-agent/helm-chart/Chart.yaml | 16 ++ web-agent/helm-chart/README.md | 178 ++++++++++++++++++ .../helm-chart/templates/deployment.yaml | 142 ++++++++++++++ .../helm-chart/templates/networkpolicy.yaml | 10 + web-agent/helm-chart/templates/pvc.yaml | 39 ++++ web-agent/helm-chart/templates/secret.yaml | 29 +++ .../helm-chart/templates/serviceaccount.yaml | 12 ++ web-agent/helm-chart/values.yaml | 97 ++++++++++ 8 files changed, 523 insertions(+) create mode 100644 web-agent/helm-chart/Chart.yaml create mode 100644 web-agent/helm-chart/README.md create mode 100644 web-agent/helm-chart/templates/deployment.yaml create mode 100644 web-agent/helm-chart/templates/networkpolicy.yaml create mode 100644 web-agent/helm-chart/templates/pvc.yaml create mode 100644 web-agent/helm-chart/templates/secret.yaml create mode 100644 web-agent/helm-chart/templates/serviceaccount.yaml create mode 100644 web-agent/helm-chart/values.yaml diff --git a/web-agent/helm-chart/Chart.yaml b/web-agent/helm-chart/Chart.yaml new file mode 100644 index 0000000..a885f11 --- /dev/null +++ b/web-agent/helm-chart/Chart.yaml @@ -0,0 +1,16 @@ +apiVersion: v2 +name: armorcode-web-agent +version: 0.1.0 # Increment as needed +description: Helm chart for deploying ArmorCode Web Agent with support for multiple API keys +type: application +keywords: + - armorcode + - web-agent + - security +home: https://github.com/armor-code/agent # Your repo URL +sources: + - https://github.com/armor-code/agent +maintainers: + - name: Deepak Meena + email: deepakmeena@armorcode.io +icon: https://raw.githubusercontent.com/armor-code/agent/main/docs/charts/icon.png # If you have an icon \ No newline at end of file diff --git a/web-agent/helm-chart/README.md b/web-agent/helm-chart/README.md new file mode 100644 index 0000000..9f7b8b9 --- /dev/null +++ b/web-agent/helm-chart/README.md @@ -0,0 +1,178 @@ +# ArmorCode Web Agent Helm Chart + +This Helm chart deploys the ArmorCode Web Agent on Kubernetes. The chart supports two deployment patterns: + +1. **Single Deployment** - One deployment with multiple replicas, all using the same API key +2. **Multiple Deployments** - Multiple separate deployments, each with its own API key + +## Prerequisites + +- Kubernetes 1.16+ +- Helm 3.0+ + +## Installation + +### Single Deployment + +For a single deployment with one API key: + +```bash +# Create a values file (my-values.yaml) +cat < my-values.yaml +singleDeployment: + enabled: true + replicaCount: 1 + apiKey: your-api-key + +agentDefaults: + serverUrl: https://app.armorcode.com + +# The image will be pulled from the registry +image: + repository: docker.io/armorcode/armorcode-web-agent + tag: latest + pullPolicy: IfNotPresent +EOF + +# Install the chart +helm install armorcode-web-agent ./helm-chart -f my-values.yaml +``` + +### Multiple Deployments + +For multiple deployments with different API keys: + +```bash +# Install the chart using the provided multi-agent-values.yaml +helm install armorcode-web-agents ./helm-chart -f multi-agent-values.yaml +``` + +The `multi-agent-values.yaml` is configured to pull the ArmorCode Web Agent image from Docker Hub: + +```yaml +image: + repository: docker.io/armorcode/armorcode-web-agent + tag: latest + pullPolicy: IfNotPresent +``` + +You can modify these values to use your preferred container registry or image version. + +## Configuration + +### Common Parameters + +| Parameter | Description | Default | +|-----------|-------------|---------| +| `image.repository` | Image repository | `armorcode/armorcode-web-agent` | +| `image.tag` | Image tag | `latest` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `persistence.enabled` | Enable persistence | `true` | +| `persistence.size` | PVC size | `1Gi` | +| `persistence.accessMode` | PVC access mode | `ReadWriteOnce` | +| `networkPolicy.enabled` | Enable network policy | `true` | + +### Agent Configuration + +| Parameter | Description | Default | +|-----------|-------------|---------| +| `agentDefaults.serverUrl` | ArmorCode server URL | `https://app.armorcode.com` | +| `agentDefaults.debugMode` | Enable debug mode | `false` | +| `agentDefaults.envName` | Environment name | `""` | +| `agentDefaults.index` | Agent index | `_prod` | +| `agentDefaults.timeout` | Request timeout (seconds) | `30` | +| `agentDefaults.verify` | Verify SSL certificates | `false` | +| `agentDefaults.poolSize` | Thread pool size | `5` | +| `agentDefaults.uploadToAc` | Upload to ArmorCode | `true` | + +### Single Deployment + +| Parameter | Description | Default | +|-----------|-------------|---------| +| `singleDeployment.enabled` | Enable single deployment | `true` | +| `singleDeployment.replicaCount` | Number of replicas | `1` | +| `singleDeployment.apiKey` | API key | `""` | + +### Multiple Deployments + +| Parameter | Description | Default | +|-----------|-------------|---------| +| `multipleDeployments.enabled` | Enable multiple deployments | `false` | +| `multipleDeployments.instances` | List of instances with name and API key | `[]` | + +Example of instances configuration: + +```yaml +multipleDeployments: + enabled: true + instances: + - name: prod + apiKey: api-key-1 + envName: production + - name: staging + apiKey: api-key-2 + envName: staging +``` + +## Uninstallation + +```bash +helm uninstall armorcode-web-agent +``` + +## Persistence and Logging + +This chart uses a ReadWriteMany (RWX) persistent volume to centralize logs from all agent pods, even when they run on different nodes. Each agent writes to its own subdirectory within the volume, using its instance name (e.g., "prod", "staging", "dev"). + +### Storage Classes + +You'll need to configure an appropriate ReadWriteMany storage class based on your Kubernetes cluster environment: + +```yaml +persistence: + enabled: true + accessMode: ReadWriteMany + storageClassName: "storage-class-name" + size: 5Gi +``` + +Recommended storage classes by platform: +- AWS: "efs" +- GCP: "filestore" +- Azure: "azurefile" +- On-premises: "nfs" + +### Accessing Logs + +Logs are stored in `/tmp/armorcode/log` within each agent's subdirectory on the persistent volume. You can access them through: + +1. Using `kubectl exec` to connect to any pod and view logs across all agents +```bash +kubectl exec -it -- ls -la /tmp/armorcode/*/log +``` + +2. Mounting the PVC to a dedicated logging pod +```bash +kubectl apply -f - < Date: Mon, 1 Sep 2025 13:27:22 +0530 Subject: [PATCH 03/19] edits in helm chart --- .../helm-chart/templates/deployment.yaml | 2 +- web-agent/helm-chart/templates/pvc.yaml | 12 ++--- .../helm-chart/templates/storageclass.yaml | 20 ++++++++ web-agent/helm-chart/values.yaml | 50 +++++++++++++++---- 4 files changed, 66 insertions(+), 18 deletions(-) create mode 100644 web-agent/helm-chart/templates/storageclass.yaml diff --git a/web-agent/helm-chart/templates/deployment.yaml b/web-agent/helm-chart/templates/deployment.yaml index ceff083..91b95cd 100644 --- a/web-agent/helm-chart/templates/deployment.yaml +++ b/web-agent/helm-chart/templates/deployment.yaml @@ -95,7 +95,7 @@ spec: {{- end }} volumes: - name: armorcode-data - {{- if $root.Values.persistence.enabled }} + {{- if $root.Values.efs.persistence.enabled }} persistentVolumeClaim: claimName: {{ .volumeClaimName }} {{- else }} diff --git a/web-agent/helm-chart/templates/pvc.yaml b/web-agent/helm-chart/templates/pvc.yaml index ef57303..6d80bbc 100644 --- a/web-agent/helm-chart/templates/pvc.yaml +++ b/web-agent/helm-chart/templates/pvc.yaml @@ -13,23 +13,23 @@ metadata: {{- end }} spec: accessModes: - - {{ $root.Values.persistence.accessMode }} - {{- if $root.Values.persistence.storageClassName }} - storageClassName: {{ $root.Values.persistence.storageClassName }} + - {{ $root.Values.efs.persistence.accessMode }} + {{- if $root.Values.efs.persistence.storageClassName }} + storageClassName: {{ $root.Values.efs.persistence.storageClassName }} {{- end }} resources: requests: - storage: {{ $root.Values.persistence.size }} + storage: {{ $root.Values.efs.persistence.size }} {{- end }} {{/* Create a PVC for single deployment */}} -{{- if and .Values.persistence.enabled .Values.singleDeployment.enabled }} +{{- if and .Values.efs.persistence.enabled .Values.singleDeployment.enabled }} {{- $context := dict "root" . "name" (include "armorcode-web-agent.fullname" .) }} {{- include "armorcode-web-agent.persistentVolumeClaimTemplate" $context }} {{- end }} {{/* Create PVCs for multiple deployments */}} -{{- if and .Values.persistence.enabled .Values.multipleDeployments.enabled }} +{{- if and .Values.efs.persistence.enabled .Values.multipleDeployments.enabled }} {{- range .Values.multipleDeployments.instances }} {{- $deploymentName := printf "%s-%s" (include "armorcode-web-agent.fullname" $) .name }} {{- $context := dict "root" $ "name" $deploymentName "instanceName" .name }} diff --git a/web-agent/helm-chart/templates/storageclass.yaml b/web-agent/helm-chart/templates/storageclass.yaml new file mode 100644 index 0000000..7dbfabb --- /dev/null +++ b/web-agent/helm-chart/templates/storageclass.yaml @@ -0,0 +1,20 @@ +{{- if .Values.efs.enabled }} +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: {{ .Values.efs.storageClass.name }} + labels: + {{- include "nginx-efs.labels" . | nindent 4 }} +provisioner: {{ .Values.efs.storageClass.provisioner }} +parameters: + {{- with .Values.efs.storageClass.parameters }} + {{- toYaml . | nindent 2 }} + {{- end }} + fileSystemId: {{ .Values.efs.fileSystemId }} + {{- if .Values.efs.accessPointId }} + accessPointId: {{ .Values.efs.accessPointId }} + {{- end }} +reclaimPolicy: {{ .Values.efs.storageClass.reclaimPolicy }} +allowVolumeExpansion: {{ .Values.efs.storageClass.allowVolumeExpansion }} +volumeBindingMode: {{ .Values.efs.storageClass.volumeBindingMode }} +{{- end }} \ No newline at end of file diff --git a/web-agent/helm-chart/values.yaml b/web-agent/helm-chart/values.yaml index b9338af..f4b4e5f 100644 --- a/web-agent/helm-chart/values.yaml +++ b/web-agent/helm-chart/values.yaml @@ -53,18 +53,44 @@ image: pullPolicy: Never # Never pull from registry, use local image only # Persistence configuration for logs and agent data -persistence: + +efs: enabled: true - # ReadWriteMany allows pods on different nodes to access the same volume - accessMode: ReadWriteMany - # Empty storageClassName uses the cluster's default - # Recommended classes by platform: - # - AWS: "efs" - # - GCP: "filestore" - # - Azure: "azurefile" - # - On-prem: "nfs" - storageClassName: "" - size: 5Gi + fileSystemId: "" # Replace with your EFS ID + region: "us-east-1" + accessPointId: "" # Optional: Use existing access point + + # Storage Class Configuration + storageClass: + name: "efs-sc" + provisioner: "efs.csi.aws.com" + parameters: + provisioningMode: "efs-ap" + directoryPerms: "0755" + # basePath: "/tmp/armorcode" + # subPathExpr: "${.PVC.namespace}/${.PVC.name}" + reclaimPolicy: "Retain" + allowVolumeExpansion: true + volumeBindingMode: "Immediate" + + # PVC Configuration + persistence: + enabled: true + storageClassName: "efs-sc" + accessMode: ReadWriteMany + size: 5Gi +# persistence: +# enabled: true +# # ReadWriteMany allows pods on different nodes to access the same volume +# accessMode: ReadWriteMany +# # Empty storageClassName uses the cluster's default +# # Recommended classes by platform: +# # - AWS: "efs" +# # - GCP: "filestore" +# # - Azure: "azurefile" +# # - On-prem: "nfs" +# storageClassName: "" +# size: 5Gi # Network policy configuration networkPolicy: @@ -95,3 +121,5 @@ networkPolicy: ports: - port: 443 protocol: TCP +serviceAccount: + create: true \ No newline at end of file From 3720c8e27f6f2aad38339e95df40c3502fddf3f4 Mon Sep 17 00:00:00 2001 From: Hardik Agarwal Date: Mon, 1 Sep 2025 15:41:22 +0530 Subject: [PATCH 04/19] edits in helm chart --- web-agent/helm-chart/templates/storageclass.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web-agent/helm-chart/templates/storageclass.yaml b/web-agent/helm-chart/templates/storageclass.yaml index 7dbfabb..592c5bf 100644 --- a/web-agent/helm-chart/templates/storageclass.yaml +++ b/web-agent/helm-chart/templates/storageclass.yaml @@ -4,7 +4,7 @@ kind: StorageClass metadata: name: {{ .Values.efs.storageClass.name }} labels: - {{- include "nginx-efs.labels" . | nindent 4 }} + {{- include "armorcode-web-agent.labels" . | nindent 4 }} provisioner: {{ .Values.efs.storageClass.provisioner }} parameters: {{- with .Values.efs.storageClass.parameters }} From 9d0329448056b09e56c0c71bb161ea976ae5d02e Mon Sep 17 00:00:00 2001 From: Hardik Agarwal Date: Mon, 1 Sep 2025 16:04:23 +0530 Subject: [PATCH 05/19] edits in helm chart --- web-agent/helm-chart/templates/deployment.yaml | 8 ++++---- web-agent/multi-agent-values.yaml | 6 +++--- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/web-agent/helm-chart/templates/deployment.yaml b/web-agent/helm-chart/templates/deployment.yaml index 91b95cd..84ec875 100644 --- a/web-agent/helm-chart/templates/deployment.yaml +++ b/web-agent/helm-chart/templates/deployment.yaml @@ -40,12 +40,12 @@ spec: {{- end }} spec: serviceAccountName: {{ include "armorcode-web-agent.serviceAccountName" $root }} - securityContext: - {{- toYaml $root.Values.podSecurityContext | nindent 8 }} + # securityContext: + # {{- toYaml $root.Values.podSecurityContext | nindent 8 }} containers: - name: {{ $root.Chart.Name }} - securityContext: - {{- toYaml $root.Values.securityContext | nindent 12 }} + # securityContext: + # {{- toYaml $root.Values.securityContext | nindent 12 }} image: "{{ $root.Values.image.repository }}:{{ $root.Values.image.tag | default $root.Chart.AppVersion }}" imagePullPolicy: {{ $root.Values.image.pullPolicy }} args: diff --git a/web-agent/multi-agent-values.yaml b/web-agent/multi-agent-values.yaml index 6826560..e46ccdc 100644 --- a/web-agent/multi-agent-values.yaml +++ b/web-agent/multi-agent-values.yaml @@ -111,9 +111,9 @@ securityContext: - ALL readOnlyRootFilesystem: false runAsNonRoot: true - runAsUser: 10001 - runAsGroup: 10001 + allowPrivilegeEscalation: false # Pod security context podSecurityContext: - fsGroup: 10001 + runAsNonRoot: true + allowPrivilegeEscalation: false From 68980cbbc1335b47618c31c0755e010493d99f20 Mon Sep 17 00:00:00 2001 From: Hardik Agarwal Date: Mon, 1 Sep 2025 17:10:11 +0530 Subject: [PATCH 06/19] edits in helm chart --- web-agent/helm-chart/templates/deployment.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/web-agent/helm-chart/templates/deployment.yaml b/web-agent/helm-chart/templates/deployment.yaml index 84ec875..91b95cd 100644 --- a/web-agent/helm-chart/templates/deployment.yaml +++ b/web-agent/helm-chart/templates/deployment.yaml @@ -40,12 +40,12 @@ spec: {{- end }} spec: serviceAccountName: {{ include "armorcode-web-agent.serviceAccountName" $root }} - # securityContext: - # {{- toYaml $root.Values.podSecurityContext | nindent 8 }} + securityContext: + {{- toYaml $root.Values.podSecurityContext | nindent 8 }} containers: - name: {{ $root.Chart.Name }} - # securityContext: - # {{- toYaml $root.Values.securityContext | nindent 12 }} + securityContext: + {{- toYaml $root.Values.securityContext | nindent 12 }} image: "{{ $root.Values.image.repository }}:{{ $root.Values.image.tag | default $root.Chart.AppVersion }}" imagePullPolicy: {{ $root.Values.image.pullPolicy }} args: From 0f0382f0232d659cdc99e03dd156fdd1883958d8 Mon Sep 17 00:00:00 2001 From: Hardik Agarwal Date: Mon, 1 Sep 2025 17:13:11 +0530 Subject: [PATCH 07/19] edits in helm chart --- web-agent/helm-chart/templates/storageclass.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/web-agent/helm-chart/templates/storageclass.yaml b/web-agent/helm-chart/templates/storageclass.yaml index 592c5bf..d830bae 100644 --- a/web-agent/helm-chart/templates/storageclass.yaml +++ b/web-agent/helm-chart/templates/storageclass.yaml @@ -3,8 +3,6 @@ apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: {{ .Values.efs.storageClass.name }} - labels: - {{- include "armorcode-web-agent.labels" . | nindent 4 }} provisioner: {{ .Values.efs.storageClass.provisioner }} parameters: {{- with .Values.efs.storageClass.parameters }} From 138c2a26e6bba8eebe56e88d72ba3a5cda666ed4 Mon Sep 17 00:00:00 2001 From: Hardik Agarwal Date: Mon, 1 Sep 2025 17:15:55 +0530 Subject: [PATCH 08/19] edits in helm chart --- web-agent/helm-chart/templates/deployment.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/web-agent/helm-chart/templates/deployment.yaml b/web-agent/helm-chart/templates/deployment.yaml index 91b95cd..c96824d 100644 --- a/web-agent/helm-chart/templates/deployment.yaml +++ b/web-agent/helm-chart/templates/deployment.yaml @@ -41,10 +41,12 @@ spec: spec: serviceAccountName: {{ include "armorcode-web-agent.serviceAccountName" $root }} securityContext: + privileged: false {{- toYaml $root.Values.podSecurityContext | nindent 8 }} containers: - name: {{ $root.Chart.Name }} securityContext: + privileged: false {{- toYaml $root.Values.securityContext | nindent 12 }} image: "{{ $root.Values.image.repository }}:{{ $root.Values.image.tag | default $root.Chart.AppVersion }}" imagePullPolicy: {{ $root.Values.image.pullPolicy }} From 68d09ad58fc5bb756676d4d9199693c11f813f79 Mon Sep 17 00:00:00 2001 From: Hardik Agarwal Date: Mon, 1 Sep 2025 17:18:01 +0530 Subject: [PATCH 09/19] edits in helm chart --- web-agent/helm-chart/templates/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web-agent/helm-chart/templates/deployment.yaml b/web-agent/helm-chart/templates/deployment.yaml index c96824d..9aeaee0 100644 --- a/web-agent/helm-chart/templates/deployment.yaml +++ b/web-agent/helm-chart/templates/deployment.yaml @@ -105,7 +105,7 @@ spec: {{- end }} {{- with $root.Values.nodeSelector }} nodeSelector: - {{- toYaml . | nindent 8 }} + eks.amazonaws.com/compute-type: ec2 {{- end }} {{- with $root.Values.affinity }} affinity: From 4b35af67458adb5fc6ac920f8b343a316759a788 Mon Sep 17 00:00:00 2001 From: Hardik Agarwal Date: Mon, 1 Sep 2025 17:18:23 +0530 Subject: [PATCH 10/19] edits in helm chart --- web-agent/helm-chart/templates/deployment.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/web-agent/helm-chart/templates/deployment.yaml b/web-agent/helm-chart/templates/deployment.yaml index 9aeaee0..e8a992f 100644 --- a/web-agent/helm-chart/templates/deployment.yaml +++ b/web-agent/helm-chart/templates/deployment.yaml @@ -41,12 +41,10 @@ spec: spec: serviceAccountName: {{ include "armorcode-web-agent.serviceAccountName" $root }} securityContext: - privileged: false {{- toYaml $root.Values.podSecurityContext | nindent 8 }} containers: - name: {{ $root.Chart.Name }} securityContext: - privileged: false {{- toYaml $root.Values.securityContext | nindent 12 }} image: "{{ $root.Values.image.repository }}:{{ $root.Values.image.tag | default $root.Chart.AppVersion }}" imagePullPolicy: {{ $root.Values.image.pullPolicy }} From c63c158fd70c01b9429a090d39962ef18dc68308 Mon Sep 17 00:00:00 2001 From: Hardik Agarwal Date: Mon, 1 Sep 2025 17:22:27 +0530 Subject: [PATCH 11/19] edits in helm chart --- web-agent/helm-chart/templates/deployment.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/web-agent/helm-chart/templates/deployment.yaml b/web-agent/helm-chart/templates/deployment.yaml index e8a992f..9ff79d5 100644 --- a/web-agent/helm-chart/templates/deployment.yaml +++ b/web-agent/helm-chart/templates/deployment.yaml @@ -103,7 +103,6 @@ spec: {{- end }} {{- with $root.Values.nodeSelector }} nodeSelector: - eks.amazonaws.com/compute-type: ec2 {{- end }} {{- with $root.Values.affinity }} affinity: From 116fda8d88c6401e1130374abf3daf6c9476b0c7 Mon Sep 17 00:00:00 2001 From: Hardik Agarwal Date: Mon, 1 Sep 2025 18:12:12 +0530 Subject: [PATCH 12/19] edits in helm chart --- web-agent/helm-chart/templates/storageclass.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/web-agent/helm-chart/templates/storageclass.yaml b/web-agent/helm-chart/templates/storageclass.yaml index d830bae..4fa3ee8 100644 --- a/web-agent/helm-chart/templates/storageclass.yaml +++ b/web-agent/helm-chart/templates/storageclass.yaml @@ -9,6 +9,7 @@ parameters: {{- toYaml . | nindent 2 }} {{- end }} fileSystemId: {{ .Values.efs.fileSystemId }} + region: {{ .Values.efs.region }} {{- if .Values.efs.accessPointId }} accessPointId: {{ .Values.efs.accessPointId }} {{- end }} From 2bebac0b581410cc1a26f768422171ceb9b23fa6 Mon Sep 17 00:00:00 2001 From: Hardik Agarwal Date: Mon, 1 Sep 2025 18:25:09 +0530 Subject: [PATCH 13/19] edits in helm chart --- web-agent/helm-chart/templates/storageclass.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/web-agent/helm-chart/templates/storageclass.yaml b/web-agent/helm-chart/templates/storageclass.yaml index 4fa3ee8..d830bae 100644 --- a/web-agent/helm-chart/templates/storageclass.yaml +++ b/web-agent/helm-chart/templates/storageclass.yaml @@ -9,7 +9,6 @@ parameters: {{- toYaml . | nindent 2 }} {{- end }} fileSystemId: {{ .Values.efs.fileSystemId }} - region: {{ .Values.efs.region }} {{- if .Values.efs.accessPointId }} accessPointId: {{ .Values.efs.accessPointId }} {{- end }} From 51a210e8905047a5d529ecaa14906a6f7d34f8ba Mon Sep 17 00:00:00 2001 From: Hardik Agarwal Date: Mon, 1 Sep 2025 18:34:04 +0530 Subject: [PATCH 14/19] edits in helm chart --- web-agent/helm-chart/templates/storageclass.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/web-agent/helm-chart/templates/storageclass.yaml b/web-agent/helm-chart/templates/storageclass.yaml index d830bae..7824585 100644 --- a/web-agent/helm-chart/templates/storageclass.yaml +++ b/web-agent/helm-chart/templates/storageclass.yaml @@ -11,6 +11,8 @@ parameters: fileSystemId: {{ .Values.efs.fileSystemId }} {{- if .Values.efs.accessPointId }} accessPointId: {{ .Values.efs.accessPointId }} + az: us-east-1a + directoryPerms: "755" {{- end }} reclaimPolicy: {{ .Values.efs.storageClass.reclaimPolicy }} allowVolumeExpansion: {{ .Values.efs.storageClass.allowVolumeExpansion }} From 37f601a48502a168ac062ca0e669ae2b1532fa33 Mon Sep 17 00:00:00 2001 From: Hardik Agarwal Date: Mon, 1 Sep 2025 18:46:10 +0530 Subject: [PATCH 15/19] edits in helm chart --- web-agent/helm-chart/templates/storageclass.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/web-agent/helm-chart/templates/storageclass.yaml b/web-agent/helm-chart/templates/storageclass.yaml index 7824585..d09459f 100644 --- a/web-agent/helm-chart/templates/storageclass.yaml +++ b/web-agent/helm-chart/templates/storageclass.yaml @@ -15,6 +15,6 @@ parameters: directoryPerms: "755" {{- end }} reclaimPolicy: {{ .Values.efs.storageClass.reclaimPolicy }} -allowVolumeExpansion: {{ .Values.efs.storageClass.allowVolumeExpansion }} -volumeBindingMode: {{ .Values.efs.storageClass.volumeBindingMode }} +allowVolumeExpansion: {{ .Values.efs.storageClass.allowVolumeExpansion }} # Reuse existing access points +volumeBindingMode: WaitForFirstConsumer {{- end }} \ No newline at end of file From 6d560e2d7b895173a173c39d9b7931264f9f1f14 Mon Sep 17 00:00:00 2001 From: Hardik Agarwal Date: Mon, 1 Sep 2025 18:55:56 +0530 Subject: [PATCH 16/19] edits in helm chart --- web-agent/helm-chart/templates/storageclass.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/web-agent/helm-chart/templates/storageclass.yaml b/web-agent/helm-chart/templates/storageclass.yaml index d09459f..95dc84c 100644 --- a/web-agent/helm-chart/templates/storageclass.yaml +++ b/web-agent/helm-chart/templates/storageclass.yaml @@ -11,10 +11,8 @@ parameters: fileSystemId: {{ .Values.efs.fileSystemId }} {{- if .Values.efs.accessPointId }} accessPointId: {{ .Values.efs.accessPointId }} - az: us-east-1a - directoryPerms: "755" {{- end }} reclaimPolicy: {{ .Values.efs.storageClass.reclaimPolicy }} -allowVolumeExpansion: {{ .Values.efs.storageClass.allowVolumeExpansion }} # Reuse existing access points +allowVolumeExpansion: {{ .Values.efs.storageClass.allowVolumeExpansion }} volumeBindingMode: WaitForFirstConsumer {{- end }} \ No newline at end of file From 44e6784edc50bd8af92348572a8f77fa6acf81fa Mon Sep 17 00:00:00 2001 From: Hardik Agarwal Date: Tue, 2 Sep 2025 11:44:54 +0530 Subject: [PATCH 17/19] edits in helm chart --- web-agent/helm-chart/templates/deployment.yaml | 2 +- web-agent/helm-chart/templates/pvc.yaml | 12 ++++++------ .../helm-chart/templates/storageclass.yaml | 18 +++++++----------- 3 files changed, 14 insertions(+), 18 deletions(-) diff --git a/web-agent/helm-chart/templates/deployment.yaml b/web-agent/helm-chart/templates/deployment.yaml index 9ff79d5..afeaae1 100644 --- a/web-agent/helm-chart/templates/deployment.yaml +++ b/web-agent/helm-chart/templates/deployment.yaml @@ -95,7 +95,7 @@ spec: {{- end }} volumes: - name: armorcode-data - {{- if $root.Values.efs.persistence.enabled }} + {{- if $root.Values.ebs.persistence.enabled }} persistentVolumeClaim: claimName: {{ .volumeClaimName }} {{- else }} diff --git a/web-agent/helm-chart/templates/pvc.yaml b/web-agent/helm-chart/templates/pvc.yaml index 6d80bbc..1d2061d 100644 --- a/web-agent/helm-chart/templates/pvc.yaml +++ b/web-agent/helm-chart/templates/pvc.yaml @@ -13,23 +13,23 @@ metadata: {{- end }} spec: accessModes: - - {{ $root.Values.efs.persistence.accessMode }} - {{- if $root.Values.efs.persistence.storageClassName }} - storageClassName: {{ $root.Values.efs.persistence.storageClassName }} + - {{ $root.Values.ebs.persistence.accessMode }} + {{- if $root.Values.ebs.persistence.storageClassName }} + storageClassName: {{ $root.Values.ebs.persistence.storageClassName }} {{- end }} resources: requests: - storage: {{ $root.Values.efs.persistence.size }} + storage: {{ $root.Values.ebs.persistence.size }} {{- end }} {{/* Create a PVC for single deployment */}} -{{- if and .Values.efs.persistence.enabled .Values.singleDeployment.enabled }} +{{- if and .Values.ebs.persistence.enabled .Values.singleDeployment.enabled }} {{- $context := dict "root" . "name" (include "armorcode-web-agent.fullname" .) }} {{- include "armorcode-web-agent.persistentVolumeClaimTemplate" $context }} {{- end }} {{/* Create PVCs for multiple deployments */}} -{{- if and .Values.efs.persistence.enabled .Values.multipleDeployments.enabled }} +{{- if and .Values.ebs.persistence.enabled .Values.multipleDeployments.enabled }} {{- range .Values.multipleDeployments.instances }} {{- $deploymentName := printf "%s-%s" (include "armorcode-web-agent.fullname" $) .name }} {{- $context := dict "root" $ "name" $deploymentName "instanceName" .name }} diff --git a/web-agent/helm-chart/templates/storageclass.yaml b/web-agent/helm-chart/templates/storageclass.yaml index 95dc84c..f8b7178 100644 --- a/web-agent/helm-chart/templates/storageclass.yaml +++ b/web-agent/helm-chart/templates/storageclass.yaml @@ -1,18 +1,14 @@ -{{- if .Values.efs.enabled }} +{{- if .Values.ebs.enabled }} apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: - name: {{ .Values.efs.storageClass.name }} -provisioner: {{ .Values.efs.storageClass.provisioner }} + name: {{ .Values.ebs.storageClass.name }} +provisioner: {{ .Values.ebs.storageClass.provisioner }} parameters: - {{- with .Values.efs.storageClass.parameters }} + {{- with .Values.ebs.storageClass.parameters }} {{- toYaml . | nindent 2 }} {{- end }} - fileSystemId: {{ .Values.efs.fileSystemId }} - {{- if .Values.efs.accessPointId }} - accessPointId: {{ .Values.efs.accessPointId }} - {{- end }} -reclaimPolicy: {{ .Values.efs.storageClass.reclaimPolicy }} -allowVolumeExpansion: {{ .Values.efs.storageClass.allowVolumeExpansion }} -volumeBindingMode: WaitForFirstConsumer +reclaimPolicy: {{ .Values.ebs.storageClass.reclaimPolicy }} +allowVolumeExpansion: {{ .Values.ebs.storageClass.allowVolumeExpansion }} +volumeBindingMode: {{ .Values.ebs.storageClass.volumeBindingMode }} {{- end }} \ No newline at end of file From 45f087fd9c13c653880a16f0c1b8689693a18da7 Mon Sep 17 00:00:00 2001 From: Hardik Agarwal Date: Tue, 2 Sep 2025 13:18:26 +0530 Subject: [PATCH 18/19] edits in helm chart --- web-agent/multi-agent-values.yaml | 68 +++++++++++++++---------------- 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/web-agent/multi-agent-values.yaml b/web-agent/multi-agent-values.yaml index e46ccdc..3012890 100644 --- a/web-agent/multi-agent-values.yaml +++ b/web-agent/multi-agent-values.yaml @@ -1,10 +1,7 @@ -# Example values file for deploying multiple ArmorCode Web Agents -# Using official images from registry - # Common configuration for all agents agentDefaults: # ArmorCode server URL - common for all agents - serverUrl: https://app.armorcode.com + serverUrl: https://qa.armorcode.ai # Enable debug mode debugMode: true @@ -20,6 +17,7 @@ agentDefaults: # Whether to upload directly to ArmorCode uploadToAc: true + envName: production # Turn off single deployment mode singleDeployment: @@ -33,41 +31,47 @@ multipleDeployments: instances: # First agent - Production environment - name: prod - apiKey: 82305e3a-cc44-4f17-ab51-638basdas - envName: production + apiKey: bdjhwbjhdb-dddd-dddd-ssss-bdcjhdbcjhdb # Second agent - Staging environment - name: staging - apiKey: asdasdasd2343q8732q312w - envName: staging + apiKey: bdjhwbjhdb-dddd-dddd-ssss-bdcjhdbcjhdb # Third agent - Development environment - name: dev - apiKey: asdasdas34392847238 - envName: development + apiKey: bdjhwbjhdb-dddd-dddd-ssss-bdcjhdbcjhdb -# Use official image from registry +# Use local built image image: repository: armorcode/armorcode-web-agent tag: latest pullPolicy: IfNotPresent -# Configure centralized persistence for logs and data -persistence: +# Persistence configuration for logs and agent data + +ebs: enabled: true - # ReadWriteMany allows pods on different nodes to access the same volume - accessMode: ReadWriteMany - # Recommended storage classes by platform: - # - AWS: "efs" - # - GCP: "filestore" - # - Azure: "azurefile" - # - On-prem: "nfs" - storageClassName: "" # Change to appropriate RWX storage class - size: 5Gi # Increased for multiple agents + storageClass: + name: "ebs-sc" + provisioner: "ebs.csi.aws.com" + parameters: + type: gp3 + fsType: ext4 + encrypted: "true" + reclaimPolicy: "Retain" + allowVolumeExpansion: true + volumeBindingMode: "Immediate" + + # PVC Configuration + persistence: + enabled: true + storageClassName: "ebs-sc" + accessMode: ReadWriteOnce + size: 5Gi # Network policy configuration networkPolicy: - enabled: false + enabled: true spec: podSelector: matchLabels: @@ -95,25 +99,21 @@ networkPolicy: - port: 443 protocol: TCP -# Resource requests and limits -resources: - limits: - cpu: 1000m - memory: 512Mi - requests: - cpu: 500m - memory: 512Mi +serviceAccount: + create: false -# Security context for the container securityContext: capabilities: drop: - ALL readOnlyRootFilesystem: false runAsNonRoot: true - allowPrivilegeEscalation: false + runAsUser: 1000 + runAsGroup: 1000 # Pod security context podSecurityContext: runAsNonRoot: true - allowPrivilegeEscalation: false + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 \ No newline at end of file From 458856af9ff53eb91b24a2d6f8e1b765740eba64 Mon Sep 17 00:00:00 2001 From: dmeenaarmorcode Date: Wed, 8 Oct 2025 16:47:55 +0530 Subject: [PATCH 19/19] updating helm chart readme --- web-agent/helm-chart/README.md | 9 +-- web-agent/helm-chart/values.yaml | 108 ++++++++++++++---------------- web-agent/multi-agent-values.yaml | 8 +-- 3 files changed, 55 insertions(+), 70 deletions(-) diff --git a/web-agent/helm-chart/README.md b/web-agent/helm-chart/README.md index 9f7b8b9..7f6084a 100644 --- a/web-agent/helm-chart/README.md +++ b/web-agent/helm-chart/README.md @@ -85,15 +85,10 @@ You can modify these values to use your preferred container registry or image ve | `agentDefaults.poolSize` | Thread pool size | `5` | | `agentDefaults.uploadToAc` | Upload to ArmorCode | `true` | -### Single Deployment - -| Parameter | Description | Default | -|-----------|-------------|---------| -| `singleDeployment.enabled` | Enable single deployment | `true` | -| `singleDeployment.replicaCount` | Number of replicas | `1` | -| `singleDeployment.apiKey` | API key | `""` | ### Multiple Deployments +Specifying how many containers we need to run +Each container MUST use unique apiKey | Parameter | Description | Default | |-----------|-------------|---------| diff --git a/web-agent/helm-chart/values.yaml b/web-agent/helm-chart/values.yaml index f4b4e5f..83ab745 100644 --- a/web-agent/helm-chart/values.yaml +++ b/web-agent/helm-chart/values.yaml @@ -1,26 +1,22 @@ -# Example values file for deploying multiple ArmorCode Web Agents -# Each agent will have its own API key - # Common configuration for all agents agentDefaults: # ArmorCode server URL - common for all agents - serverUrl: https://qa.armorcode.ai - - # Enable debug mode - debugMode: true - + serverUrl: https://web-agent.armorcode.ai + # Request timeout in seconds timeout: 30 - + # Whether to verify SSL certificates verify: false - + # Thread pool size poolSize: 5 - + # Whether to upload directly to ArmorCode uploadToAc: true + envName: production + # Turn off single deployment mode singleDeployment: enabled: false @@ -28,47 +24,38 @@ singleDeployment: # Enable multiple deployments mode multipleDeployments: enabled: true - + # List of deployments with unique names and API keys instances: # First agent - Production environment - name: prod - apiKey: 82305e3a-cc44-4f17-ab51-638b24d8bbe6 - envName: production - - # Second agent - Staging environment + apiKey: bdjhwbjhdb-dddd-dddd-ssss-bdcjhdbcjhdb + + # Second agent - Staging environment - name: staging - apiKey: 82305e3a-cc44-4f17-ab51-638b24d8bbe6 - envName: staging - + apiKey: bdjhwbjhdb-dddd-dddd-ssss-bdcjhdbcjhdb + # Third agent - Development environment - name: dev - apiKey: 82305e3a-cc44-4f17-ab51-638b24d8bbe6 - envName: development + apiKey: bdjhwbjhdb-dddd-dddd-ssss-bdcjhdbcjhdb # Use local built image image: - repository: armorcode-web-agent - tag: local - pullPolicy: Never # Never pull from registry, use local image only + repository: armorcode/armorcode-web-agent + tag: latest + pullPolicy: IfNotPresent # Persistence configuration for logs and agent data -efs: +ebs: enabled: true - fileSystemId: "" # Replace with your EFS ID - region: "us-east-1" - accessPointId: "" # Optional: Use existing access point - - # Storage Class Configuration storageClass: - name: "efs-sc" - provisioner: "efs.csi.aws.com" + name: "ebs-sc" + provisioner: "ebs.csi.aws.com" parameters: - provisioningMode: "efs-ap" - directoryPerms: "0755" - # basePath: "/tmp/armorcode" - # subPathExpr: "${.PVC.namespace}/${.PVC.name}" + type: gp3 + fsType: ext4 + encrypted: "true" reclaimPolicy: "Retain" allowVolumeExpansion: true volumeBindingMode: "Immediate" @@ -76,21 +63,9 @@ efs: # PVC Configuration persistence: enabled: true - storageClassName: "efs-sc" - accessMode: ReadWriteMany + storageClassName: "ebs-sc" + accessMode: ReadWriteOnce size: 5Gi -# persistence: -# enabled: true -# # ReadWriteMany allows pods on different nodes to access the same volume -# accessMode: ReadWriteMany -# # Empty storageClassName uses the cluster's default -# # Recommended classes by platform: -# # - AWS: "efs" -# # - GCP: "filestore" -# # - Azure: "azurefile" -# # - On-prem: "nfs" -# storageClassName: "" -# size: 5Gi # Network policy configuration networkPolicy: @@ -104,22 +79,39 @@ networkPolicy: egress: # Allow DNS resolution - to: - - namespaceSelector: {} - podSelector: - matchLabels: - k8s-app: kube-dns + - namespaceSelector: {} + podSelector: + matchLabels: + k8s-app: kube-dns ports: - port: 53 protocol: UDP - port: 53 protocol: TCP - + # Allow HTTPS to all external destinations - to: - - ipBlock: - cidr: 0.0.0.0/0 + - ipBlock: + cidr: 0.0.0.0/0 ports: - port: 443 protocol: TCP + serviceAccount: - create: true \ No newline at end of file + create: false + +securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: false + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 1000 + +# Pod security context +podSecurityContext: + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 \ No newline at end of file diff --git a/web-agent/multi-agent-values.yaml b/web-agent/multi-agent-values.yaml index 3012890..be00fba 100644 --- a/web-agent/multi-agent-values.yaml +++ b/web-agent/multi-agent-values.yaml @@ -1,11 +1,8 @@ # Common configuration for all agents agentDefaults: # ArmorCode server URL - common for all agents - serverUrl: https://qa.armorcode.ai - - # Enable debug mode - debugMode: true - + serverUrl: https://web-agent.armorcode.ai + # Request timeout in seconds timeout: 30 @@ -17,6 +14,7 @@ agentDefaults: # Whether to upload directly to ArmorCode uploadToAc: true + envName: production # Turn off single deployment mode