From a392d4174df22b40eb46f7e948968f4fe931b178 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adri=C3=A1n=20Mart=C3=ADn=20Garc=C3=ADa?= Date: Thu, 28 Sep 2023 13:26:49 +0200 Subject: [PATCH 1/3] fix: steampipe manifest --- charts/steampipe/templates/deployment.yaml | 20 ++++++++++++++++++++ charts/steampipe/templates/secret.yaml | 2 +- charts/steampipe/templates/service.yaml | 2 +- 3 files changed, 22 insertions(+), 2 deletions(-) diff --git a/charts/steampipe/templates/deployment.yaml b/charts/steampipe/templates/deployment.yaml index 4fca3bc..5641f9d 100644 --- a/charts/steampipe/templates/deployment.yaml +++ b/charts/steampipe/templates/deployment.yaml @@ -145,6 +145,16 @@ spec: - name: workspace mountPath: /workspace {{- end }} + {{- if .Values.extraConfig.secrets.enabled }} + - name: secrets + mountPath: /home/steampipe/.steampipe/config/azure.spc + subPath: azure.spc + {{- end }} + {{- if .Values.extraConfig.configMaps.enabled }} + - name: configmaps + mountPath: /home/steampipe/.steampipe/config/azure.spc + subPath: azure.spc + {{- end }} {{- with .Values.extraVolumeMount }} {{- toYaml . | nindent 12 }} {{- end }} @@ -185,6 +195,16 @@ spec: - name: workspace emptyDir: {} {{- end }} + {{- if .Values.extraConfig.secrets.enabled }} + - name: secrets + secret: + secretName: {{ template "steampipe.fullname" . }}-secrets + {{- end }} + {{- if .Values.extraConfig.configMaps.enabled }} + - name: configmaps + configMap: + name: {{ template "steampipe.fullname" . }}-config + {{- end }} {{- with .Values.extraVolumes }} {{- toYaml . | nindent 8 }} {{- end }} \ No newline at end of file diff --git a/charts/steampipe/templates/secret.yaml b/charts/steampipe/templates/secret.yaml index 59f20b5..3c0fa9d 100644 --- a/charts/steampipe/templates/secret.yaml +++ b/charts/steampipe/templates/secret.yaml @@ -9,7 +9,7 @@ metadata: data: {{- range $key, $value := .Values.extraConfig.secrets.data }} {{ $key }}: |- -{{ tpl $value $| indent 4 }} +{{ tpl $value $ | b64enc | indent 4 }} {{- end }} {{- end }} \ No newline at end of file diff --git a/charts/steampipe/templates/service.yaml b/charts/steampipe/templates/service.yaml index 86a98a5..a4fb4ec 100644 --- a/charts/steampipe/templates/service.yaml +++ b/charts/steampipe/templates/service.yaml @@ -1,4 +1,4 @@ -{{- if or (.Values.db.enabled) (.Values.db.enabled) }} +{{- if or (.Values.db.enabled) (.Values.dashboard.enabled) }} apiVersion: v1 kind: Service metadata: From ff617041c2e0493170064c1aa00a7f3c8b6e62df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adri=C3=A1n=20Mart=C3=ADn=20Garc=C3=ADa?= Date: Thu, 28 Sep 2023 13:28:27 +0200 Subject: [PATCH 2/3] upgrade version --- charts/steampipe/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/steampipe/Chart.yaml b/charts/steampipe/Chart.yaml index 565d078..de298b4 100644 --- a/charts/steampipe/Chart.yaml +++ b/charts/steampipe/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: steampipe description: A Helm chart for Kubernetes to deploy Steampipe type: application -version: 1.0.0 -appVersion: "0.20.2" +version: 1.0.1 +appVersion: "0.20.12" home: https://github.com/devops-ia/helm-charts/tree/main/charts/steampipe sources: - https://github.com/turbot/steampipe From f92c0b8e364fac164e83246d938b348d8e27ec10 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adri=C3=A1n=20Mart=C3=ADn=20Garc=C3=ADa?= Date: Thu, 28 Sep 2023 14:06:47 +0200 Subject: [PATCH 3/3] upgrade version --- charts/steampipe/Chart.yaml | 2 +- charts/steampipe/values.yaml | 28 +++++++++++----------------- 2 files changed, 12 insertions(+), 18 deletions(-) diff --git a/charts/steampipe/Chart.yaml b/charts/steampipe/Chart.yaml index de298b4..47ca03f 100644 --- a/charts/steampipe/Chart.yaml +++ b/charts/steampipe/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: steampipe description: A Helm chart for Kubernetes to deploy Steampipe type: application -version: 1.0.1 +version: 1.1.0 appVersion: "0.20.12" home: https://github.com/devops-ia/helm-charts/tree/main/charts/steampipe sources: diff --git a/charts/steampipe/values.yaml b/charts/steampipe/values.yaml index 19eae5b..68ef63f 100644 --- a/charts/steampipe/values.yaml +++ b/charts/steampipe/values.yaml @@ -25,16 +25,14 @@ serviceAccount: podAnnotations: {} -podSecurityContext: {} - # fsGroup: 2000 +podSecurityContext: + fsGroup: 9193 + runAsGroup: 65534 + runAsUser: 9193 -securityContext: {} -# capabilities: -# drop: -# - ALL -# readOnlyRootFilesystem: true -# runAsNonRoot: true -# runAsUser: 1000 +securityContext: + runAsNonRoot: true + runAsUser: 9193 command: [] # - "steampipe" @@ -80,7 +78,7 @@ configProbe: {} db: enabled: false port: 9193 - listen: "local" + listen: "network" dashboard: enabled: false @@ -179,13 +177,9 @@ initContainer: # Overrides the image tag whose default is the chart appVersion. tag: "" - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 + securityContext: + runAsNonRoot: true + runAsUser: 9193 # Ref: https://hub.steampipe.io/plugins plugins: []