Merge pull request #49 from ropable/master

Update project dependency versions, update Kustomize resource definitions
dbca-wa · Jun 11, 2024 · 31fb9fb · 31fb9fb
2 parents 1371b19 + ffca076
commit 31fb9fb
Show file tree

Hide file tree

Showing 12 changed files with 306 additions and 81 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,11 @@
+repos:
+- repo: local
+  hooks:
+    - id: trufflehog
+      name: TruffleHog
+      description: Detect secrets in your data.
+      entry: bash -c 'trufflehog git file://. --since-commit HEAD --only-verified --fail --no-update'
+      # For running trufflehog in docker, use the following entry instead:
+      # entry: bash -c 'docker run --rm -v "$(pwd):/workdir" -i --rm trufflesecurity/trufflehog:latest git file:///workdir --since-commit HEAD --only-verified --fail'
+      language: system
+      stages: ["commit", "push"]
diff --git a/Dockerfile b/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1
 # Prepare the base environment.
-FROM python:3.10.13-slim as builder_base_healthcheck
+FROM python:3.11.8-slim as builder_base_healthcheck
 MAINTAINER [email protected]
 LABEL org.opencontainers.image.source https://github.com/dbca-wa/healthcheck
 

diff --git a/README.md b/README.md
@@ -41,3 +41,16 @@ To build a new Docker image from the `Dockerfile`:
 To run a Docker container locally, publishing container port 8080 to a local port:
 
     docker container run --rm --publish 8080:8080 --env-file .env ghcr.io/dbca-wa/healthcheck
+
+# Pre-commit hooks
+
+This project includes the following pre-commit hooks:
+
+- TruffleHog (credential scanning): https://github.com/marketplace/actions/trufflehog-oss
+
+Pre-commit hooks may have additional system dependencies to run. Optionally
+install pre-commit hooks locally like so:
+
+    poetry run pre-commit install
+
+Reference: https://pre-commit.com/
diff --git a/kustomize/base/deployment.yaml b/kustomize/base/deployment.yaml
@@ -3,7 +3,6 @@ kind: Deployment
 metadata:
   name: healthcheck-deployment
 spec:
-  replicas: 2
   strategy:
     type: RollingUpdate
   template:

diff --git a/kustomize/base/deployment_hpa.yaml b/kustomize/base/deployment_hpa.yaml
@@ -0,0 +1,17 @@
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: healthcheck-deployment-hpa
+spec:
+  minReplicas: 1
+  maxReplicas: 3
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+  metrics:
+    - resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: 500
+      type: Resource
diff --git a/kustomize/base/kustomization.yaml b/kustomize/base/kustomization.yaml
@@ -1,3 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
 resources:
-- deployment.yaml
-- service.yaml
+  - deployment.yaml
+  - deployment_hpa.yaml
+  - service.yaml
diff --git a/kustomize/overlays/prod/deployment_hpa_patch.yaml b/kustomize/overlays/prod/deployment_hpa_patch.yaml
@@ -0,0 +1,7 @@
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: healthcheck-deployment-hpa
+spec:
+  scaleTargetRef:
+    name: healthcheck-deployment-prod
diff --git a/kustomize/overlays/prod/kustomization.yaml b/kustomize/overlays/prod/kustomization.yaml
@@ -16,7 +16,8 @@ labels:
       variant: prod
 patches:
   - path: deployment_patch.yaml
+  - path: deployment_hpa_patch.yaml
   - path: service_patch.yaml
 images:
   - name: ghcr.io/dbca-wa/healthcheck
-    newTag: 1.1.17
+    newTag: 1.1.18
diff --git a/kustomize/overlays/uat/deployment_hpa_patch.yaml b/kustomize/overlays/uat/deployment_hpa_patch.yaml
@@ -0,0 +1,7 @@
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: healthcheck-deployment-hpa
+spec:
+  scaleTargetRef:
+    name: healthcheck-deployment-uat
diff --git a/kustomize/overlays/uat/kustomization.yaml b/kustomize/overlays/uat/kustomization.yaml
@@ -16,4 +16,5 @@ labels:
       variant: uat
 patches:
   - path: deployment_patch.yaml
+  - path: deployment_hpa_patch.yaml
   - path: service_patch.yaml