stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 12 Releases Wiki Activity
Files
98e6b7658467263a0ca078806871631b5e9ecc83
git.stella-ops.org/ops/devops/findings-ledger/helm/templates/deployment.yaml
StellaOps Bot 98e6b76584
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Details
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Details
wine-csp-build / Build Wine CSP Image (push) Has been cancelled
Details
Add post-quantum cryptography support with PqSoftCryptoProvider 
- Implemented PqSoftCryptoProvider for software-only post-quantum algorithms (Dilithium3, Falcon512) using BouncyCastle.
- Added PqSoftProviderOptions and PqSoftKeyOptions for configuration.
- Created unit tests for Dilithium3 and Falcon512 signing and verification.
- Introduced EcdsaPolicyCryptoProvider for compliance profiles (FIPS/eIDAS) with explicit allow-lists.
- Added KcmvpHashOnlyProvider for KCMVP baseline compliance.
- Updated project files and dependencies for new libraries and testing frameworks.
2025-12-07 15:04:19 +02:00

123 lines
4.8 KiB
YAML
Raw Blame History

apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "findings-ledger.fullname" . }}
labels:
{{- include "findings-ledger.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "findings-ledger.selectorLabels" . | nindent 6 }}
template:
metadata:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
labels:
{{- include "findings-ledger.selectorLabels" . | nindent 8 }}
spec:
serviceAccountName: {{ include "findings-ledger.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: ledger
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: {{ .Values.service.port }}
protocol: TCP
{{- if .Values.observability.metricsEnabled }}
- name: metrics
containerPort: {{ .Values.service.metricsPort }}
protocol: TCP
{{- end }}
env:
- name: ASPNETCORE_URLS
value: "http://0.0.0.0:{{ .Values.service.port }}"
- name: ASPNETCORE_ENVIRONMENT
value: "Production"
# Database
- name: LEDGER__DB__CONNECTIONSTRING
{{- include "findings-ledger.databaseConnectionString" . | nindent 14 }}
# Observability
- name: LEDGER__OBSERVABILITY__ENABLED
value: {{ .Values.observability.enabled | quote }}
- name: LEDGER__OBSERVABILITY__OTLPENDPOINT
value: {{ .Values.observability.otlpEndpoint | quote }}
# Merkle anchoring
- name: LEDGER__MERKLE__ANCHORINTERVAL
value: {{ .Values.merkle.anchorInterval | quote }}
- name: LEDGER__MERKLE__EXTERNALIZE
value: {{ .Values.merkle.externalize | quote }}
# Attachments
- name: LEDGER__ATTACHMENTS__MAXSIZEBYTES
value: {{ .Values.attachments.maxSizeBytes | quote }}
- name: LEDGER__ATTACHMENTS__ALLOWEGRESS
value: {{ .Values.attachments.allowEgress | quote }}
- name: LEDGER__ATTACHMENTS__ENCRYPTIONKEY
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.name }}
key: LEDGER__ATTACHMENTS__ENCRYPTIONKEY
# Authority
- name: LEDGER__AUTHORITY__BASEURL
value: {{ .Values.authority.baseUrl | quote }}
# Air-gap thresholds
- name: LEDGER__AIRGAP__ADVISORYSTALETHRESHOLD
value: {{ .Values.airgap.advisoryStaleThreshold | quote }}
- name: LEDGER__AIRGAP__VEXSTALETHRESHOLD
value: {{ .Values.airgap.vexStaleThreshold | quote }}
- name: LEDGER__AIRGAP__POLICYSTALETHRESHOLD
value: {{ .Values.airgap.policyStaleThreshold | quote }}
# Features
- name: LEDGER__FEATURES__ENABLEATTACHMENTS
value: {{ .Values.features.enableAttachments | quote }}
- name: LEDGER__FEATURES__ENABLEAUDITLOG
value: {{ .Values.features.enableAuditLog | quote }}
{{- with .Values.extraEnv }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.extraEnvFrom }}
envFrom:
{{- toYaml . | nindent 12 }}
{{- end }}
readinessProbe:
httpGet:
path: {{ .Values.probes.readiness.path }}
port: http
initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.probes.readiness.periodSeconds }}
livenessProbe:
httpGet:
path: {{ .Values.probes.liveness.path }}
port: http
initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.probes.liveness.periodSeconds }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
- name: tmp
mountPath: /tmp
- name: data
mountPath: /app/data
volumes:
- name: tmp
emptyDir: {}
- name: data
emptyDir: {}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
Reference in New Issue View Git Blame Copy Permalink