Merge branch 'main' into update-required-configuration

Dockerfile

@@ -11,3 +11,4 @@ COPY --from=contrast/agent-java:latest /contrast/contrast-agent.jar /opt/contras
 COPY config/contrast_security.yaml /opt/contrast/contrast_security.yaml
 ENV JAVA_TOOL_OPTIONS "-javaagent:/opt/contrast/contrast.jar -Dcontrast.config.path=/opt/contrast/contrast_security.yaml"
 ENTRYPOINT exec java ${JAVA_OPTS} -jar app.jar
+

Makefile

@@ -0,0 +1,51 @@
+.SILENT: validate docker cluster
+validate:
+	test -n "$$EMAIL" || (echo "EMAIL is not set. Please set it first."; exit 1)
+	if ! command which envsubst &> /dev/null; then \
+		echo "gettext is not installed. Please install it first."; \
+		exit 1; \
+	fi
+	if ! command which minikube &> /dev/null; then \
+		echo "minikube is not installed. Please install it first."; \
+		exit 1; \
+	fi
+	if ! command which kubectl &> /dev/null; then \
+		echo "kubectl is not installed. Please install it first."; \
+		exit 1; \
+	fi
+	if ! command which docker &> /dev/null; then \
+		echo "docker is not installed. Please install it first."; \
+		exit 1; \
+	fi
+	if ! command which md5sum &> /dev/null; then \
+		echo "md5sum is not installed. Please install it first."; \
+		exit 1; \
+	fi
+	if ! command which mvn &> /dev/null; then \
+		echo "maven is not installed. Please install it first."; \
+		exit 1; \
+	fi
+
+docker: validate
+	if ! command docker info &> /dev/null; then \
+		echo "docker is not running. Please make sure docker is running."; \
+		exit 1; \
+	fi
+
+cluster: docker
+	if ! command minikube status &> /dev/null; then \
+		minikube config set memory 4096; \
+		minikube start --driver=docker; \
+	fi \
+
+build: cluster
+	mvn install
+	minikube image build -t petclinic:latest .
+
+deploy: build
+	export RANDOM_PART=${EMAIL}_$$(hostname | md5sum | cut -c1-30) && \
+	minikube kubectl -- apply -f kube/postgresql.yaml && \
+	envsubst < kube/petclinic.yaml | minikube kubectl -- apply -f -
+
+undeploy:
+	minikube kubectl -- delete -f kube/

kube/petclinic.yaml

@@ -0,0 +1,60 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: petclinic
+spec:
+  selector:
+    app: petclinic
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8080
+  type: LoadBalancer
+
+---
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: petclinic
+  labels:
+    app: petclinic
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: petclinic
+  template:
+    metadata:
+      labels:
+        app: petclinic
+    spec:
+      containers:
+        - name: app
+          image: docker.io/library/petclinic:latest
+          resources:
+            limits:
+              memory: "512Mi"
+              cpu: "500m"
+          ports:
+            - containerPort: 8080
+          env:
+            - name: CONTRAST__APPLICATION__NAME
+              value: "petclinic_$RANDOM_PART"
+            - name: CONTRAST__APPLICATION__LANGUAGE
+              value: "java"
+            - name: CONTRAST__API__URL
+              value: "https://intuit.contrastsecurity.com/Contrast"
+            - name: CONTRAST__API__API_KEY
+              value: "$CONTRAST__API__API_KEY"
+            - name: CONTRAST__API__SERVICE_KEY
+              value: "$CONTRAST__API__SERVICE_KEY"
+            - name: CONTRAST__API__USER_NAME
+              value: "$CONTRAST__API__USER_NAME"
+            - name: POSTGRES_URL
+              value: "jdbc:postgresql://postgresql/petclinic"
+            - name: POSTGRES_USER
+              value: "petclinic"
+            - name: POSTGRES_PASSWORD
+              value: "petclinic"
+          imagePullPolicy: IfNotPresent

kube/postgresql.yaml

@@ -0,0 +1,66 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: postgresql-pvc
+spec:
+  resources:
+    requests:
+      storage: 256Mi
+  accessModes:
+    - ReadWriteOnce
+
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: postgresql
+spec:
+  selector:
+    app: postgresql
+  ports:
+    - protocol: TCP
+      port: 5432
+      targetPort: 5432
+  type: ClusterIP
+
+---
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: postgresql
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: postgresql
+  template:
+    metadata:
+      labels:
+        app: postgresql
+    spec:
+      containers:
+        - name: postgres
+          image: postgres:15.2
+          resources:
+            limits:
+              memory: "512Mi"
+              cpu: "500m"
+          env:
+            - name: POSTGRES_DB
+              value: "petclinic"
+            - name: POSTGRES_USER
+              value: "petclinic"
+            - name: POSTGRES_PASSWORD
+              value: "petclinic"
+          ports:
+            - containerPort: 5432
+          volumeMounts:
+            - name: storage
+              mountPath: /data/db
+          imagePullPolicy: Always
+      volumes:
+        - name: storage
+          persistentVolumeClaim:
+            claimName: postgresql-pvc