From c6ba424c4d5717179c0695d752f9e80529ae79d9 Mon Sep 17 00:00:00 2001 From: Daniel Reuter Date: Fri, 12 May 2023 11:04:18 +0200 Subject: [PATCH] feat: added extraEnv and extraEnvFrom to helm chart, readonly-fs --- Dockerfile | 2 +- charts/steadybit-extension-datadog/Chart.yaml | 2 +- .../templates/deployment.yaml | 12 +++ .../__snapshot__/deployment_test.yaml.snap | 93 +++++++++++++++++++ .../tests/deployment_test.yaml | 12 +++ .../steadybit-extension-datadog/values.yaml | 16 ++++ 6 files changed, 135 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 22124ca..053a5f0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -31,7 +31,7 @@ RUN go build \ FROM alpine:3.16 ARG USERNAME=steadybit -ARG USER_UID=1000 +ARG USER_UID=10000 RUN adduser -u $USER_UID -D $USERNAME diff --git a/charts/steadybit-extension-datadog/Chart.yaml b/charts/steadybit-extension-datadog/Chart.yaml index 0f2b476..bf6d94b 100644 --- a/charts/steadybit-extension-datadog/Chart.yaml +++ b/charts/steadybit-extension-datadog/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: steadybit-extension-datadog description: Steadybit Kubernetes extension Helm chart for Datadog. -version: 1.4.7 +version: 1.4.8 appVersion: latest home: https://www.steadybit.com/ icon: https://steadybit-website-assets.s3.amazonaws.com/logo-symbol-transparent.png diff --git a/charts/steadybit-extension-datadog/templates/deployment.yaml b/charts/steadybit-extension-datadog/templates/deployment.yaml index 7e49c9f..0ba970c 100644 --- a/charts/steadybit-extension-datadog/templates/deployment.yaml +++ b/charts/steadybit-extension-datadog/templates/deployment.yaml @@ -52,6 +52,13 @@ spec: secretKeyRef: name: {{ include "datadog.secret.name" . }} key: site-url + {{- with .Values.extraEnv }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.extraEnvFrom }} + envFrom: + {{- toYaml . | nindent 12 }} + {{- end }} volumeMounts: {{- include "extensionlib.deployment.volumeMounts" (list .) | nindent 12 }} livenessProbe: @@ -62,6 +69,11 @@ spec: httpGet: path: /health/readiness port: 8091 + securityContext: + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 10000 + runAsGroup: 10000 volumes: {{- include "extensionlib.deployment.volumes" (list .) | nindent 8 }} {{- with .Values.nodeSelector }} diff --git a/charts/steadybit-extension-datadog/tests/__snapshot__/deployment_test.yaml.snap b/charts/steadybit-extension-datadog/tests/__snapshot__/deployment_test.yaml.snap index 97ca82b..365ea68 100644 --- a/charts/steadybit-extension-datadog/tests/__snapshot__/deployment_test.yaml.snap +++ b/charts/steadybit-extension-datadog/tests/__snapshot__/deployment_test.yaml.snap @@ -66,6 +66,11 @@ manifest should match snapshot with TLS: requests: cpu: 50m memory: 64Mi + securityContext: + readOnlyRootFilesystem: true + runAsGroup: 10000 + runAsNonRoot: true + runAsUser: 10000 volumeMounts: - mountPath: /etc/extension/certificates/server-cert name: certificate-server-cert @@ -75,6 +80,84 @@ manifest should match snapshot with TLS: secret: optional: false secretName: server-cert +manifest should match snapshot with extra env vars: + 1: | + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: null + name: RELEASE-NAME-steadybit-extension-datadog + namespace: NAMESPACE + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: steadybit-extension-datadog + template: + metadata: + labels: + app.kubernetes.io/name: steadybit-extension-datadog + spec: + containers: + - env: + - name: STEADYBIT_LOG_LEVEL + value: INFO + - name: STEADYBIT_LOG_FORMAT + value: text + - name: STEADYBIT_EXTENSION_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: steadybit-extension-datadog + - name: STEADYBIT_EXTENSION_APPLICATION_KEY + valueFrom: + secretKeyRef: + key: application-key + name: steadybit-extension-datadog + - name: STEADYBIT_EXTENSION_SITE_PARAMETER + valueFrom: + secretKeyRef: + key: site-parameter + name: steadybit-extension-datadog + - name: STEADYBIT_EXTENSION_SITE_URL + valueFrom: + secretKeyRef: + key: site-url + name: steadybit-extension-datadog + - name: FOO + value: bar + envFrom: + - configMapRef: null + name: env-configmap + - name: env-secrets + secretRef: null + image: ghcr.io/steadybit/extension-datadog:latest + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /health/liveness + port: 8091 + name: extension + ports: + - containerPort: 8090 + readinessProbe: + httpGet: + path: /health/readiness + port: 8091 + resources: + limits: + cpu: 200m + memory: 128Mi + requests: + cpu: 50m + memory: 64Mi + securityContext: + readOnlyRootFilesystem: true + runAsGroup: 10000 + runAsNonRoot: true + runAsUser: 10000 + volumeMounts: null + volumes: null manifest should match snapshot with mutual TLS: 1: | apiVersion: apps/v1 @@ -145,6 +228,11 @@ manifest should match snapshot with mutual TLS: requests: cpu: 50m memory: 64Mi + securityContext: + readOnlyRootFilesystem: true + runAsGroup: 10000 + runAsNonRoot: true + runAsUser: 10000 volumeMounts: - mountPath: /etc/extension/certificates/client-cert-a name: certificate-client-cert-a @@ -225,5 +313,10 @@ manifest should match snapshot without TLS: requests: cpu: 50m memory: 64Mi + securityContext: + readOnlyRootFilesystem: true + runAsGroup: 10000 + runAsNonRoot: true + runAsUser: 10000 volumeMounts: null volumes: null diff --git a/charts/steadybit-extension-datadog/tests/deployment_test.yaml b/charts/steadybit-extension-datadog/tests/deployment_test.yaml index 453c68c..08d9525 100644 --- a/charts/steadybit-extension-datadog/tests/deployment_test.yaml +++ b/charts/steadybit-extension-datadog/tests/deployment_test.yaml @@ -25,3 +25,15 @@ tests: - client-cert-a asserts: - matchSnapshot: {} + - it: manifest should match snapshot with extra env vars + set: + extraEnv: + - name: FOO + value: "bar" + extraEnvFrom: + - configMapRef: + name: env-configmap + - secretRef: + name: env-secrets + asserts: + - matchSnapshot: {} diff --git a/charts/steadybit-extension-datadog/values.yaml b/charts/steadybit-extension-datadog/values.yaml index 82601ba..4cb1653 100644 --- a/charts/steadybit-extension-datadog/values.yaml +++ b/charts/steadybit-extension-datadog/values.yaml @@ -68,3 +68,19 @@ topologySpreadConstraints: [] # affinity -- Affinities to influence pod assignment. affinity: {} + +# extraEnv -- Array with extra environment variables to add to the container +# e.g: +# extraEnv: +# - name: FOO +# value: "bar" +extraEnv: [] + +# extraEnvFrom -- Array with extra environment variables sources to add to the container +# e.g: +# extraEnvFrom: +# - configMapRef: +# name: env-configmap +# - secretRef: +# name: env-secrets +extraEnvFrom: []