Merge pull request #196 from syntasso/blog/378/debugging

Blog/378/debugging

Author: catmo-syntasso

assets/runtime-promise/.envrc

@@ -0,0 +1 @@
+export PATH="$(pwd)/internal/scripts:$PATH"

assets/runtime-promise/internal/configure-pipeline/resource-configure

@@ -21,25 +21,27 @@ if [ -n "${configMapDomain}" ]; then
     domainPort="${configMapDomainPort}"
 fi
 
+mkdir /kratix/output/${lifecycle}
+
 kubectl create deployment ${name} \
   --image=${image} --namespace=${namespace} \
   --replicas=${replicas} \
   --dry-run=client -o yaml > deployment.yaml
 
-yq '.spec.template.spec.containers[0].env = env(applicationEnv)' deployment.yaml > /kratix/output/deployment.yaml
+yq '.spec.template.spec.containers[0].env = env(applicationEnv)' deployment.yaml > /kratix/output/${lifecycle}/deployment.yaml
 
 kubectl create service nodeport ${name} \
     --namespace=${namespace} \
     --tcp=${service_port}\
     --dry-run=client \
-    --output yaml > /kratix/output/service.yaml
+    --output yaml > /kratix/output/${lifecycle}/service.yaml
 
 kubectl create ingress ${name} \
     --namespace=${namespace} \
     --class="nginx" \
     --rule="${name}.${namespace}.${domain}/*=${name}:${service_port}" \
     --dry-run=client \
-    --output yaml > /kratix/output/ingress.yaml
+    --output yaml > /kratix/output/${lifecycle}/ingress.yaml
 
 echo """
 - matchLabels:

assets/runtime-promise/promise-release.yaml

@@ -0,0 +1,9 @@
+apiVersion: platform.kratix.io/v1alpha1
+kind: PromiseRelease
+metadata:
+  name: runtime
+spec:
+  version: v1.0.0
+  sourceRef:
+    type: http
+    url: https://raw.githubusercontent.com/syntasso/kratix-marketplace/refs/heads/main/runtime/promise.yaml

assets/runtime-promise/promise.yaml

@@ -1,13 +1,10 @@
 apiVersion: platform.kratix.io/v1alpha1
 kind: Promise
 metadata:
-  name: runtime
   labels:
     kratix.io/promise-version: v1.0.0
+  name: runtime
 spec:
-  destinationSelectors:
-  - matchLabels:
-      environment: dev
   api:
     apiVersion: apiextensions.k8s.io/v1
     kind: CustomResourceDefinition
@@ -75,6 +72,9 @@ spec:
             type: object
         served: true
         storage: true
+  destinationSelectors:
+  - matchLabels:
+      environment: dev
   workflows:
     promise:
       configure:
@@ -91,19 +91,12 @@ spec:
       - apiVersion: platform.kratix.io/v1alpha1
         kind: Pipeline
         metadata:
+          creationTimestamp: null
           name: instance
         spec:
-          rbac:
-            permissions:
-            - apiGroups:
-              - ""
-              resources:
-              - configmaps
-              verbs:
-              - get
-              - list
-              resourceNames: [ runtime-domain ]
           containers:
-          - image: ghcr.io/syntasso/kratix-marketplace/runtime-configure-pipeline:v0.1.0
+          - command:
+            - resource-configure
+            image: ghcr.io/syntasso/kratix-docs/runtime-configure-pipeline:v0.1.0
             name: resource-configure
-            command: [ resource-configure ]
+status: {}

assets/runtime-promise/workflows/resource/configure/instance/security-scan/Dockerfile

@@ -0,0 +1,13 @@
+FROM "alpine"
+
+RUN apk update && apk add --no-cache yq curl
+
+RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.18.3
+
+ADD scripts/pipeline.sh /usr/bin/pipeline.sh
+ADD resources resources
+
+RUN chmod +x /usr/bin/pipeline.sh
+
+CMD [ "sh", "-c", "pipeline.sh" ]
+ENTRYPOINT []

assets/runtime-promise/workflows/resource/configure/instance/security-scan/scripts/pipeline.sh

@@ -0,0 +1,54 @@
+#!/usr/bin/env sh
+
+set -ex
+
+image="$(yq eval '.spec.image' /kratix/input/object.yaml)"
+
+echo "Scanning ${image}"
+
+if [ $DEBUG = "true" ]; then
+  DEBUG_MODE=true
+  echo "Running in debug mode"
+else 
+  DEBUG_MODE=false
+fi
+
+TRIVY_DEBUG=$DEBUG_MODE trivy image --format=json --output=results.json "${image}" > results.json
+
+health_state="healthy"
+
+if [ "$(jq '.[] | select(.Vulnerabilities != null) | length' results.json)" != "" ]; then
+  health_state="degraded"
+fi
+
+resource_name=$(yq '.metadata.name' /kratix/input/object.yaml)
+namespace="default"
+
+mkdir -p /kratix/output/platform/
+
+cat <<EOF > /kratix/output/platform/health-record.yaml
+apiVersion: platform.kratix.io/v1alpha1
+kind: HealthRecord
+metadata:
+  name: runtime-${resource_name}
+  namespace: ${namespace}
+data:
+  promiseRef:
+    name: runtime
+  resourceRef:
+    name: ${resource_name}
+    namespace: ${namespace}
+  state: ${health_state}
+  lastRun: $(date +%s)
+  details:
+    results: ""
+EOF
+
+cat results.json | yq -P > results.yaml
+yq e -i '.data.details.results = load("results.yaml")' /kratix/output/platform/health-record.yaml
+
+cat <<EOF > /kratix/metadata/destination-selectors.yaml
+- directory: platform
+  matchLabels:
+    environment: platform
+EOF