This is a Helm Chart to deploy the Snyk Broker
Clone this repository and navigate to the snyk-broker directory.
Then run the following commands based on the repository type.
Allowed values for scmType:
Github.com: github-com
Github Enterprise: github-enterprise
Bitbucket: bitbucket-server
Gitlab: gitlab
Azure Repos: azure-repos
Artifactory: artifactory
Jira: jira
Container Registry Agent: container-registry-agent
The following examples will create a namespace called snyk-broker. To deploy into an existing namespace, adjust the -n parameter and delete the --create-namespace parameter.
helm install snyk-broker-chart . \
--set scmType=github-com \
--set brokerToken=<ENTER_BROKER_TOKEN> \
--set scmToken=<ENTER_REPO_TOKEN> \
--set brokerClientUrl=<ENTER_BROKER_CLIENT_URL>:<ENTER_BROKER_CLIENT_PORT> \
-n snyk-broker --create-namespace
helm install snyk-broker-chart . \
--set scmType=github-enterprise \
--set brokerToken=<ENTER_BROKER_TOKEN> \
--set scmToken=<ENTER_REPO_TOKEN> \
--set github=<ENTER_GHE_ADDRESS> \
--set githubApi=<ENTER_GHE_API_ADDRESS> \
--set githubGraphQl=<ENTER_GRAPHQL_ADDRESS> \
--set brokerClientUrl=<ENTER_BROKER_CLIENT_URL>:<ENTER_BROKER_CLIENT_PORT> \
-n snyk-broker --create-namespace
helm install snyk-broker-chart . \
--set scmType=bitbucket-server \
--set brokerToken=<ENTER_BROKER_TOKEN> \
--set bitbucketUsername=<ENTER_USERNAME> \
--set bitbucketPassword=<ENTER_PASSWORD> \
--set bitbucket=<ENTER_BITBUCKET_URL> \
--set bitbucketApi=<ENTER_BITBUCKET_API_URL> \
--set brokerClientUrl=<ENTER_BROKER_CLIENT_URL>:<ENTER_BROKER_CLIENT_PORT> \
-n snyk-broker --create-namespace
Note: for gitlab value do not include https://
helm install snyk-broker-chart . \
--set scmType=gitlab \
--set brokerToken=<ENTER_BROKER_TOKEN> \
--set gitlab=<ENTER_GITLAB_URL> \
--set scmToken=<ENTER_GITLAB_TOKEN> \
--set brokerClientUrl=<ENTER_BROKER_CLIENT_URL>:<ENTER_BROKER_CLIENT_PORT> \
-n snyk-broker --create-namespace
helm install snyk-broker-chart . \
--set scmType=azure-repos \
--set brokerToken=<ENTER_BROKER_TOKEN> \
--set azureReposToken=<ENTER_REPO_TOKEN> \
--set azureReposOrg=<ENTER_REPO_ORG> \
--set azureReposHost<ENTER_REPO_HOST> \
--set brokerClientUrl=<ENTER_BROKER_CLIENT_URL>:<ENTER_BROKER_CLIENT_PORT> \
-n snyk-broker --create-namespace
helm install snyk-broker-chart . \
--set scmType=artifactory \
--set brokerToken=<ENTER_BROKER_TOKEN> \
--set artifactoryUrl=<ENTER_ARTIFACTORY_URL> \
-n snyk-broker --create-namespace
helm install snyk-broker-chart . \
--set scmType=jira \
--set brokerToken=<ENTER_BROKER_TOKEN> \
--set jiraUsername=<ENTER_JIRA_USERNAME> \
--set jiraPassword=<ENTER_JIRA_PASSWORD> \
--set jiraHostname<ENTER_JIRA_HOSTNAME> \
--set brokerClientUrl=<ENTER_BROKER_CLIENT_URL>:<ENTER_BROKER_CLIENT_PORT> \
-n snyk-broker --create-namespace
While the documentation for the Snyk Broker requires the parameter CR_AGENT_URL, it is not required in this case. You must also ensure that the brokerClientUrl value does NOT have a \.
Finally, you must include an accept.json file for this deployment. You must copy the new accept.json to the /snyk-broker folder
helm install snyk-broker-chart . \
--set scmType=container-registry-agent \
--set brokerClientUrl=<ENTER_BROKER_URL> \
--set crType=<ENTER_CR_TYPE>\
--set crBase=<ENTER_CR_BASE_URL> \
--set crUsername=<ENTER_CR_URSERNAME> \
--set crPassword=<ENTER_CR_PASSWORD> \
--set acceptJsonFile=accept.json \
-n snyk-broker --create-namespace
Allowed values for crType:
ArtifactoryCR
HarborCR
AzureCR
GoogleCR
DockerHub
QuayCR
nexus-cr
github-cr
To deploy the Snyk Code Agent, you must set the enableCodeAgent flag to true. See more information about the Snyk Code Agent. Ensure you have the proper entries in the accept.json file. Grab the example file for the appropriate SCM HERE. Ensure you have the additional entries as specified by the Snyk Code Agent documentation.
Here is an example command for GitLab:
helm install snyk-broker-chart . \
--set scmType=gitlab \
--set brokerToken=<ENTER_BROKER_TOKEN> \
--set scmToken=<ENTER_SCM_TOKEN> \
--set gitlab=<ENTER_GITLAB_URL> \
--set acceptJsonFile=accept.json \
--set brokerClientUrl=http://<ENTER_SCM_TYPE>-broker-service:8000 \
--set enableCodeAgent=true \
--set snykToken=<ENTER_SNYK_TOKEN> \
--set=gitClientUrl=http://code-agent-service:3000 \
-n snyk-broker --create-namespace
Note: Leave the brokerClientUrl and gitClientUrl values as they are. Also, the accept.json must be in the same directory as the helm chart
To add a custom accept.json, you must copy the new accept.json to the /snyk-broker folder
See example files HERE
Here is an example command:
helm install snyk-broker-chart . \
--set scmType=github-com \
--set brokerToken=<ENTER_BROKER_TOKEN> \
--set scmToken=<ENTER_REPO_TOKEN> \
--set brokerClientUrl=<ENTER_BROKER_CLIENT_URL>:<ENTER_BROKER_CLIENT_PORT> \
--set acceptJsonFile=accept.json \
-n snyk-broker --create-namespace
There are two options available for ingress traffic. By default, the pods are not accessible from outside the cluster.
To enable a load balancer, add the --set service.type=LoadBalancer
Example for Github:
helm install snyk-broker-chart . \
--set scmType=github-com \
--set brokerToken=<ENTER_BROKER_TOKEN> \
--set scmToken=<ENTER_REPO_TOKEN> \
--set brokerClientUrl=<ENTER_BROKER_CLIENT_URL>:<ENTER_BROKER_CLIENT_PORT> \
--set service.type=LoadBalancer \
-n snyk-broker --create-namespace
This chart can be used with an existing ingress controller. Add the --set enableIngress=true parameter to enable the feature and --set ingressHostname=<ENTER_INGRESS_HOSTNAME> to configure the host name.
Example command:
helm install snyk-broker-chart . \
--set scmType=github-com \
--set brokerToken=<ENTER_BROKER_TOKEN> \
--set scmToken=<ENTER_REPO_TOKEN> \
--set brokerClientUrl=<ENTER_BROKER_CLIENT_URL>:<ENTER_BROKER_CLIENT_PORT> \
--set enableIngress=true \
--set ingressHostname=<ENTER_INGRESS_HOSTNAME>
-n snyk-broker --create-namespace
API Tokens and or Passwords use Kubernetes Secrets. Existing secrets can be used, they just need to be created in the following formats.
apiVersion: v1
kind: Secret
metadata:
name: <ENTER_SCM_TYPE>-broker-token
labels:
app: <ENTER_SCM_TYPE>-broker-token
type: Opaque
data:
<ENTER_SCM_TYPE>-broker-token-key: <BASE64_ENCODED_SECRET>
apiVersion: v1
kind: Secret
metadata:
name: <ENTER_SCM_TYPE>-token
type: Opaque
data:
<ENTER_SCM_TYPE>-token-key: <BASE64_ENCODED_SECRET>
apiVersion: v1
kind: Secret
metadata:
name: bitbucketpassword
type: Opaque
data:
"bitbucketPassword": <BASE64_ENCODED_SECRET>
apiVersion: v1
kind: Secret
metadata:
name: jirapassword
type: Opaque
data:
"jiraPassword": <BASE64_ENCODED_SECRET>
apiVersion: v1
kind: Secret
metadata:
name: crpassword
type: Opaque
data:
"crPassword": <BASE64_ENCODED_SECRET>
To use an existing service account, add the following parameters to the install command:
--set serviceAccount.create=false \
--set serviceAccount.name=<ENTER_EXISTING_SERVICE_ACCOUNT> \
To deploy an additional broker into the same namespace as an existing broker, see the following example.
helm install <ENTER_UNIQUE_CHART_NAME> . \
--set scmType=github-com \
--set brokerToken=<ENTER_BROKER_TOKEN> \
--set scmToken=<ENTER_REPO_TOKEN> \
--set brokerClientUrl=<ENTER_BROKER_CLIENT_URL>:<ENTER_BROKER_CLIENT_PORT> \
--set serviceAccount.create=false \
--set serviceAccount.name=<EXISTING_SERVICE_ACCOUNT> \
-n <EXISTING_NAMESPACE>
helm install <ENTER_UNIQUE_CHART_NAME> . \
--set scmType=github-com \
--set brokerToken=<ENTER_BROKER_TOKEN> \
--set scmToken=<ENTER_REPO_TOKEN> \
--set brokerClientUrl=<ENTER_BROKER_CLIENT_URL>:<ENTER_BROKER_CLIENT_PORT> \
--set serviceAccount.name=<NEW_SERVICE_ACCOUNT_TO_BE_CREATED> \
-n <EXISTING_NAMESPACE>
| Parameter | Description | Default value |
|---|---|---|
brokerToken |
Snyk Broker Token | |
brokerClientUrl |
URL of Broker Client | |
scmType |
SCM Type - See above for allowed values | github-com |
scmToken |
API Token for SCM Provider (unless username/password require) | |
github |
URL for Github Enterprise | |
githubApi |
URL for Github Enterprise API endpoint | |
githubGraphQl |
URL for Github Enterprise GraphQL | |
bitbucketUsername |
Bitbucket Username | |
bitbucketPassword |
Bitbucket Password | |
bitbucket |
Bitbucket URL | |
bitbucketApi |
Bitbucket API URL | |
gitlab |
URL for Gitlab | |
azureReposOrg |
Azure Repos Org | |
azureReposHost |
Azure Repos URL | |
artifactoryUrl |
Artifactory URL | |
jiraUsername |
Jira Username | |
jiraPassword |
Jira Password | |
jiraHostname |
Jira Hostname | |
logLevel |
Log Verbosity | info |
logEnableBody |
Enable Log Body | false |
image.repository |
Broker Image | snyk/broker |
deployment.container.containerPort |
Container Port (Back End) | 8000 |
serviceAccount.name |
Name of service account to be created | snyk-broker |
service.port |
Front End Port for broker client | 8000 |
crImage |
Image Tag | latest |
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent