alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 3 Actions Activity

feat: add dep-track #5554

Merged
alexlebens merged 2 commits from tmp/dep-track into main 2026-04-05 22:46:25 +00:00
Conversation 0 Commits 2 Files Changed 9 +195
9 changed files with 195 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
clusters/cl01tl/helm/blocky/values.yaml
View File

@@ -109,6 +109,7 @@ blocky:
bazarr IN CNAME traefik-cl01tl
ceph IN CNAME traefik-cl01tl
dawarich IN CNAME traefik-cl01tl
dependency-track IN CNAME traefik-cl01tl
directus IN CNAME traefik-cl01tl
excalidraw IN CNAME traefik-cl01tl
feishin IN CNAME traefik-cl01tl

9
clusters/cl01tl/helm/dependency-track/Chart.lock Normal file
View File

@@ -0,0 +1,9 @@
dependencies:
- name: dependency-track
repository: https://dependencytrack.github.io/helm-charts
version: 0.44.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
digest: sha256:6ea7e8066cce675a02ce76393ee2b0e23300d2f5c72ae64946ae667fc12fde1f
generated: "2026-04-05T17:32:11.221935-05:00"

26
clusters/cl01tl/helm/dependency-track/Chart.yaml Normal file
View File

@@ -0,0 +1,26 @@
apiVersion: v2
name: dependency-track
version: 1.0.0
description: Dependency Track
keywords:
- dependency-track
- vulnerability-scanner
home: https://docs.alexlebens.dev/applications/dependency-track/
sources:
- https://github.com/DependencyTrack/dependency-track
- https://hub.docker.com/r/dependencytrack/apiserver
- https://hub.docker.com/r/dependencytrack/frontend
- https://github.com/DependencyTrack/helm-charts/tree/main/charts/dependency-track
maintainers:
- name: alexlebens
dependencies:
- name: dependency-track
version: 0.44.0
repository: https://dependencytrack.github.io/helm-charts
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://avatars.githubusercontent.com/u/40258585
# renovate: datasource=github-releases depName=dependency-track
appVersion: 4.14.1

42
clusters/cl01tl/helm/dependency-track/templates/external-secret.yaml Normal file
View File

@@ -0,0 +1,42 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: dependency-track-key-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: dependency-track-key-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: secret.key
remoteRef:
key: /cl01tl/dependency-track/key
property: key
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: dependency-track-oidc-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: dependency-track-oidc-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: client
remoteRef:
key: /authentik/oidc/dependency-track
property: client
- secretKey: secret
remoteRef:
key: /authentik/oidc/dependency-track
property: secret

106
clusters/cl01tl/helm/dependency-track/values.yaml Normal file
View File

@@ -0,0 +1,106 @@
dependency-track:
common:
secretKey:
createSecret: false
existingSecretName: dependency-track-key-secret
apiServer:
image:
repository: dependencytrack/apiserver
tag: 4.14.1@sha256:2d8813e1ba4ada4aa23087d908c1b5a3ffce39261ead5555c397a1d67c7cbe9d
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
memory: null
persistentVolume:
enabled: true
className: ceph-block
size: 5Gi
extraEnv:
- name: ALPINE_DATABASE_MODE
value: external
- name: ALPINE_DATABASE_MODE
value: org.postgresql.Driver
- name: ALPINE_DATABASE_URL
valueFrom:
secretKeyRef:
name: dependency-track-postgresql-18-cluster-app
key: jdbc-uri
- name: ALPINE_DATABASE_USERNAME
valueFrom:
secretKeyRef:
name: dependency-track-postgresql-18-cluster-app
key: user
- name: ALPINE_DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: dependency-track-postgresql-18-cluster-app
key: password
- name: ALPINE_OIDC_ENABLED
value: "true"
- name: ALPINE_OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: dependency-track-oidc-secret
key: client
- name: ALPINE_OIDC_ISSUER
value: https://authentik.alexlebens.net/application/o/dependency-track/
- name: ALPINE_OIDC_USERNAME_CLAIM
value: preferred_username
- name: ALPINE_OIDC_TEAMS_CLAIM
value: groups
- name: ALPINE_OIDC_USER_PROVISIONING
value: "true"
- name: ALPINE_OIDC_TEAM_SYNCHRONIZATION
value: "true"
- name: ALPINE_CORS_ENABLED
value: "true"
- name: ALPINE_CORS_ALLOW_ORIGIN
value: dependency-track.alexlebens.net, dependency-track.dependency-track
serviceMonitor:
enabled: true
namespace: dependency-track
frontend:
image:
repository: dependencytrack/frontend
tag: 4.14.1@sha256:8217737050b26ea69a6ddd6fe2cb419531a0bae0b903a87a04077a2415fc9f35
resources:
requests:
cpu: 10m
memory: 60Mi
limits:
memory: null
apiBaseUrl: dependency-track.alexlebens.net
httpRoute:
enabled: true
hostnames:
- dependency-track.alexlebens.net
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
postgres-18-cluster:
mode: standalone
cluster:
initdb:
postInitSQL:
- ALTER DATABASE app SET READ_COMMITTED_SNAPSHOT ON;
recovery:
method: objectStore
objectStore:
index: 1
backup:
objectStore:
- name: garage-local
index: 1
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 10 14 * * *"
backupName: garage-local

3
clusters/cl01tl/helm/gatus/values.yaml
View File

@@ -179,6 +179,9 @@ gatus:
- name: komodo
url: https://komodo.alexlebens.net
<<: *defaults
- name: dependency-track
url: https://dependency-track.alexlebens.net
<<: *defaults
- name: omni-tools
url: https://omni-tools.alexlebens.net
<<: *defaults

6
clusters/cl01tl/helm/homepage/values.yaml
View File

@@ -375,6 +375,12 @@ homepage:
secret: {{ "{{HOMEPAGE_VAR_KOMODO_API_SECRET}}" }}
showStacks: true
fields: ["running", "down", "unhealthy", "unknown"]
- Vulnerability Scanning:
icon: https://avatars.githubusercontent.com/u/40258585
description: Dependency Track
href: https://dependency-track.alexlebens.net
siteMonitor: http://dependency-track.dependency-track:8080
statusStyle: dot
- Uptime:
icon: sh-gatus.webp
description: Gatus

1
hosts/ps08rp/blocky/config.yml
View File

@@ -86,6 +86,7 @@ customDNS:
bazarr IN CNAME traefik-cl01tl
ceph IN CNAME traefik-cl01tl
dawarich IN CNAME traefik-cl01tl
dependency-track IN CNAME traefik-cl01tl
directus IN CNAME traefik-cl01tl
excalidraw IN CNAME traefik-cl01tl
feishin IN CNAME traefik-cl01tl

1
hosts/ps09rp/blocky/config.yml
View File

@@ -107,6 +107,7 @@ customDNS:
bazarr IN CNAME traefik-cl01tl
ceph IN CNAME traefik-cl01tl
dawarich IN CNAME traefik-cl01tl
dependency-track IN CNAME traefik-cl01tl
directus IN CNAME traefik-cl01tl
excalidraw IN CNAME traefik-cl01tl
feishin IN CNAME traefik-cl01tl