Skip to content

ZupIT/horusec-operator

Repository files navigation

logo_header

Horusec-Operator

Table of contents

About

Horusec-operator performs management between horus web services and its Kubernetes cluster. It was created based on the community's idea and it can have a simpler way to install the services in an environment using Kubernetes.

This is the Kubernetes operator that enhances the Horusec-Platform installation system in a unified way.

Usage

Requirements

See below the requirements to install and configure Horusec-Operator:

  • Kubectl and connection with your cluster
  • Connection with a database:
  • Connection with a message broker:
    • You can upload a pod from a RabbitMQ message broker or you can create secrets of connection with your message broker.
  • Other necessary secrets:

Installation

Install Horusec-Operator on your cluster, see an example below:

  1. Run the command:
kubectl apply -k "https://github.com/ZupIT/horusec-operator/config/default?ref=v2.3.0"
  1. Check if the resource was installed:
kubectl api-resources | grep horus
  1. You may see an output like this:
$ kubectl api-resources | grep horus                                                           
horusecplatforms                  horus        install.horusec.io             true         HorusecPlatform

Configuration

After installing, you need to send the changes you want to Kubenernetes.

apiVersion: install.horusec.io/v2alpha1
kind: HorusecPlatform
metadata:
  name: horusecplatform-sample
spec: {}
  • Apply your changes:
kubectl apply -f "https://raw.githubusercontent.com/ZupIT/horusec-operator/main/config/samples/install_v2alpha1_horusecplatform.yaml"
  • You can see all Horusec web services upload in your cluster, like the example below:
$ kubectl get pods
NAME                                                    READY   STATUS      RESTARTS   AGE
analytic-6f6bffb5d6-f8pl9                               1/1     Running     0          74s
api-5cc5b7545-km925                                     1/1     Running     0          73s
auth-8fbc876d9-62r6d                                    1/1     Running     0          73s
core-6bf7f9c9fc-fdv5c                                   1/1     Running     0          73s
horusecplatform-sample-analytic-migration-wwdzc-r9th2   0/1     Completed   0          74s
horusecplatform-sample-analytic-v1-2-v2-8zchl-445mz     0/1     Completed   2          74s
horusecplatform-sample-api-v1-2-v2-5lndp-w2rbd          0/1     Completed   3          74s
horusecplatform-sample-platform-migration-8g5ml-zmntl   0/1     Completed   0          74s
manager-c959f4f67-fz7r4                                 1/1     Running     0          74s
postgresql-postgresql-0                                 1/1     Running     0          7m54s
rabbitmq-0                                              1/1     Running     0          7m54s
vulnerability-7d789fd655-tpjp8                          1/1     Running     0          74s
webhook-7b5c45c859-cq4nf                                1/1     Running     0          73s

Development Environment

This is a development environment example on how to use Horusec-Operator.

You will need to install:

Now, you can run the commands and see horusec-operator up all horusec web services. See the steps below:

Step 1. Clone this project:

git clone https://github.com/ZupIT/horusec-operator.git && cd horusec-operator

Step 2. Up kubernetes cluster with all dependencies and wait finish:

make up-sample

If you see this message:

Creating horusec_analytic_db...
If you don't see a command prompt, try pressing enter.
psql: could not connect to server: Connection refused
        Is the server running on host "postgresql" (10.96.182.42) and accepting
        TCP/IP connections on port 5432?
pod "postgresql-client" deleted
pod default/postgresql-client terminated (Error)

Don't worry, this is normal because the script is trying to create new database, but the pod of the postgresql is not ready, it will run again until create new database.

Step 3. After the script finishes, install Horusec-Operator:

kubectl apply -k "https://github.com/ZupIT/horusec-operator/config/default?ref=v2.3.0"

Step 4. Check if the resource was installed:

kubectl api-resources | grep horus

You can see an output like this:

$ kubectl api-resources | grep horus                                                           
horusecplatforms                  horus        install.horusec.io             true         HorusecPlatform

And you can see the pod manager by the resource below:

$ kubectl get pods -n horusec-operator-system
NAME                                                   READY   STATUS              RESTARTS   AGE
horusec-operator-controller-manager-7b9696d4c4-t7w2q   2/2     Running             0          2m10s

Step 5. And now, pass the yaml with your configuration to upload in your Kubernetes cluster. See the example:

kubectl apply -f ./config/samples/install_v2alpha1_horusecplatform.yaml

You can see all horusec web services uploaded in your cluster, like this:

$ kubectl get pods
NAME                                                    READY   STATUS      RESTARTS   AGE
analytic-6f6bffb5d6-f8pl9                               1/1     Running     0          74s
api-5cc5b7545-km925                                     1/1     Running     0          73s
auth-8fbc876d9-62r6d                                    1/1     Running     0          73s
core-6bf7f9c9fc-fdv5c                                   1/1     Running     0          73s
horusecplatform-sample-analytic-migration-wwdzc-r9th2   0/1     Completed   0          74s
horusecplatform-sample-analytic-v1-2-v2-8zchl-445mz     0/1     Completed   2          74s
horusecplatform-sample-api-v1-2-v2-5lndp-w2rbd          0/1     Completed   3          74s
horusecplatform-sample-platform-migration-8g5ml-zmntl   0/1     Completed   0          74s
manager-c959f4f67-fz7r4                                 1/1     Running     0          74s
postgresql-postgresql-0                                 1/1     Running     0          7m54s
rabbitmq-0                                              1/1     Running     0          7m54s
vulnerability-7d789fd655-tpjp8                          1/1     Running     0          74s
webhook-7b5c45c859-cq4nf                                1/1     Running     0          73s

Documentation

For more information about Horusec, please check out the documentation.

Issues

To open or track an issue for this project, in order to better coordinate your discussions, we recommend that you use the Issues tab in the main Horusec repository.

Contributing

If you want to contribute to this repository, access our Contributing Guide.

Developer Certificate of Origin - DCO

This is a security layer for the project and for the developers. It is mandatory.

Follow one of these two methods to add DCO to your commits:

1. Command line Follow the steps: Step 1: Configure your local git environment adding the same name and e-mail configured at your GitHub account. It helps to sign commits manually during reviews and suggestions.

git config --global user.name “Name”
git config --global user.email “email@domain.com.br”

Step 2: Add the Signed-off-by line with the '-s' flag in the git commit command:

$ git commit -s -m "This is my commit message"

2. GitHub website You can also manually sign your commits during GitHub reviews and suggestions, follow the steps below:

Step 1: When the commit changes box opens, manually type or paste your signature in the comment box, see the example:

Signed-off-by: Name < e-mail address >

For this method, your name and e-mail must be the same registered on your GitHub account.

License

Apache License 2.0.

Community

Do you have any question about Horusec? Let's chat in our forum.

This project exists thanks to all the contributors. You rock! ❤️🚀