feat: added extraEnv and extraEnvFrom to helm chart, readonly-fs

steadybit · May 12, 2023 · c6ba424 · c6ba424
1 parent 4d3deee
commit c6ba424
Show file tree

Hide file tree

Showing 6 changed files with 135 additions and 2 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -31,7 +31,7 @@ RUN go build \
 FROM alpine:3.16
 
 ARG USERNAME=steadybit
-ARG USER_UID=1000
+ARG USER_UID=10000
 
 RUN adduser -u $USER_UID -D $USERNAME
 

diff --git a/charts/steadybit-extension-datadog/Chart.yaml b/charts/steadybit-extension-datadog/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: steadybit-extension-datadog
 description: Steadybit Kubernetes extension Helm chart for Datadog.
-version: 1.4.7
+version: 1.4.8
 appVersion: latest
 home: https://www.steadybit.com/
 icon: https://steadybit-website-assets.s3.amazonaws.com/logo-symbol-transparent.png

diff --git a/charts/steadybit-extension-datadog/templates/deployment.yaml b/charts/steadybit-extension-datadog/templates/deployment.yaml
@@ -52,6 +52,13 @@ spec:
                 secretKeyRef:
                   name: {{ include "datadog.secret.name" . }}
                   key: site-url
+            {{- with .Values.extraEnv }}
+              {{- toYaml . | nindent 12 }}
+            {{- end }}
+          {{- with .Values.extraEnvFrom }}
+          envFrom:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
           volumeMounts:
             {{- include "extensionlib.deployment.volumeMounts" (list .) | nindent 12 }}
           livenessProbe:
@@ -62,6 +69,11 @@ spec:
             httpGet:
               path: /health/readiness
               port: 8091
+          securityContext:
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 10000
+            runAsGroup: 10000
       volumes:
         {{- include "extensionlib.deployment.volumes" (list .) | nindent 8 }}
       {{- with .Values.nodeSelector }}

diff --git a/charts/steadybit-extension-datadog/tests/__snapshot__/deployment_test.yaml.snap b/charts/steadybit-extension-datadog/tests/__snapshot__/deployment_test.yaml.snap
@@ -66,6 +66,11 @@ manifest should match snapshot with TLS:
                 requests:
                   cpu: 50m
                   memory: 64Mi
+              securityContext:
+                readOnlyRootFilesystem: true
+                runAsGroup: 10000
+                runAsNonRoot: true
+                runAsUser: 10000
               volumeMounts:
                 - mountPath: /etc/extension/certificates/server-cert
                   name: certificate-server-cert
@@ -75,6 +80,84 @@ manifest should match snapshot with TLS:
               secret:
                 optional: false
                 secretName: server-cert
+manifest should match snapshot with extra env vars:
+  1: |
+    apiVersion: apps/v1
+    kind: Deployment
+    metadata:
+      labels: null
+      name: RELEASE-NAME-steadybit-extension-datadog
+      namespace: NAMESPACE
+    spec:
+      replicas: 1
+      selector:
+        matchLabels:
+          app.kubernetes.io/name: steadybit-extension-datadog
+      template:
+        metadata:
+          labels:
+            app.kubernetes.io/name: steadybit-extension-datadog
+        spec:
+          containers:
+            - env:
+                - name: STEADYBIT_LOG_LEVEL
+                  value: INFO
+                - name: STEADYBIT_LOG_FORMAT
+                  value: text
+                - name: STEADYBIT_EXTENSION_API_KEY
+                  valueFrom:
+                    secretKeyRef:
+                      key: api-key
+                      name: steadybit-extension-datadog
+                - name: STEADYBIT_EXTENSION_APPLICATION_KEY
+                  valueFrom:
+                    secretKeyRef:
+                      key: application-key
+                      name: steadybit-extension-datadog
+                - name: STEADYBIT_EXTENSION_SITE_PARAMETER
+                  valueFrom:
+                    secretKeyRef:
+                      key: site-parameter
+                      name: steadybit-extension-datadog
+                - name: STEADYBIT_EXTENSION_SITE_URL
+                  valueFrom:
+                    secretKeyRef:
+                      key: site-url
+                      name: steadybit-extension-datadog
+                - name: FOO
+                  value: bar
+              envFrom:
+                - configMapRef: null
+                  name: env-configmap
+                - name: env-secrets
+                  secretRef: null
+              image: ghcr.io/steadybit/extension-datadog:latest
+              imagePullPolicy: Always
+              livenessProbe:
+                httpGet:
+                  path: /health/liveness
+                  port: 8091
+              name: extension
+              ports:
+                - containerPort: 8090
+              readinessProbe:
+                httpGet:
+                  path: /health/readiness
+                  port: 8091
+              resources:
+                limits:
+                  cpu: 200m
+                  memory: 128Mi
+                requests:
+                  cpu: 50m
+                  memory: 64Mi
+              securityContext:
+                readOnlyRootFilesystem: true
+                runAsGroup: 10000
+                runAsNonRoot: true
+                runAsUser: 10000
+              volumeMounts: null
+          volumes: null
 manifest should match snapshot with mutual TLS:
   1: |
     apiVersion: apps/v1
@@ -145,6 +228,11 @@ manifest should match snapshot with mutual TLS:
                 requests:
                   cpu: 50m
                   memory: 64Mi
+              securityContext:
+                readOnlyRootFilesystem: true
+                runAsGroup: 10000
+                runAsNonRoot: true
+                runAsUser: 10000
               volumeMounts:
                 - mountPath: /etc/extension/certificates/client-cert-a
                   name: certificate-client-cert-a
@@ -225,5 +313,10 @@ manifest should match snapshot without TLS:
                 requests:
                   cpu: 50m
                   memory: 64Mi
+              securityContext:
+                readOnlyRootFilesystem: true
+                runAsGroup: 10000
+                runAsNonRoot: true
+                runAsUser: 10000
               volumeMounts: null
           volumes: null
diff --git a/charts/steadybit-extension-datadog/tests/deployment_test.yaml b/charts/steadybit-extension-datadog/tests/deployment_test.yaml
@@ -25,3 +25,15 @@ tests:
               - client-cert-a
     asserts:
       - matchSnapshot: {}
+  - it: manifest should match snapshot with extra env vars
+    set:
+      extraEnv:
+        - name: FOO
+          value: "bar"
+      extraEnvFrom:
+        - configMapRef:
+          name: env-configmap
+        - secretRef:
+          name: env-secrets
+    asserts:
+      - matchSnapshot: {}
diff --git a/charts/steadybit-extension-datadog/values.yaml b/charts/steadybit-extension-datadog/values.yaml
@@ -68,3 +68,19 @@ topologySpreadConstraints: []
 
 # affinity -- Affinities to influence pod assignment.
 affinity: {}
+
+# extraEnv -- Array with extra environment variables to add to the container
+# e.g:
+# extraEnv:
+#   - name: FOO
+#     value: "bar"
+extraEnv: []
+
+# extraEnvFrom -- Array with extra environment variables sources to add to the container
+# e.g:
+# extraEnvFrom:
+#  - configMapRef:
+#    name: env-configmap
+#  - secretRef:
+#    name: env-secrets
+extraEnvFrom: []