helm-webapp-cve-processor
The cve-processor Helm chart deploys a Go-based application designed to fetch CVE data from the CVE repository and push it to Kafka for further processing. The chart includes configuration for running the application as a Kubernetes job, secured access via environment variables, and a robust scaling policy.
Helm CVE Processor
Helm Chart Summary for cve-processor Application
Description: The cve-processor Helm chart deploys a Go-based application designed to fetch CVE data from the CVE repository and push it to Kafka for further processing. The chart includes configuration for running the application as a Kubernetes job, secured access via environment variables, and a robust scaling policy.
Specifications:
- Kubernetes Job: Defines a one-time job to fetch CVE data and push it to Kafka.
- InitContainer: Ensures database schema migration using Flyway before the main job starts.
- RBAC Configuration: Includes a role and role binding that provides necessary permissions for jobs and secrets.
- Horizontal Pod Autoscaler (HPA): Automatically scales the application pods between 1 and 3 replicas based on CPU utilization.
- Pod Disruption Budget (PDB): Ensures at least one pod is available during disruptions.
- Service Account: Runs the job under a service account with no automounted tokens for added security.
- Resource Limits: Manages CPU and memory requests and limits for efficient resource usage.
- Liveness and Readiness Probes: Configured for health checks, ensuring the application is running and ready to serve requests.
- Secrets Management: Handles sensitive information such as database passwords and Kafka credentials using Kubernetes secrets.
- Image Pull Secrets: Securely pulls Docker images from Docker Hub using a personal access token (PAT).
Usage: To deploy the cve-processor application using Helm, run the following command:
helm install cve-processor ./cve-processor -n cve-processor
Replace -n cve-processor with your desired namespace.
This Helm chart provides a scalable, secure, and reliable solution for fetching CVE data and pushing it to Kafka in a Kubernetes environment.
