Skip to content

Commit

Permalink
feat(shield): allow custom env vars and volume mounts (#1974)
Browse files Browse the repository at this point in the history
  • Loading branch information
@aroberts87
aroberts87 authored Oct 14, 2024
1 parent 4c61500 commit af7d38c
Show file tree
Hide file tree
Showing 10 changed files with 476 additions and 1 deletion.
2 changes: 1 addition & 1 deletion charts/shield/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,5 +13,5 @@ maintainers:
- name: mavimo
email: [email protected]
type: application
version: 0.1.5
version: 0.1.6
appVersion: "1.0.0"
9 changes: 9 additions & 0 deletions charts/shield/README.md
View file

Large diffs are not rendered by default.

21 changes: 21 additions & 0 deletions charts/shield/templates/cluster/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,3 +101,24 @@ If release name contains chart name it will be used as a full name.
0
{{- end -}}
{{- end -}}

{{- define "cluster.env" -}}
{{- $env := concat (default (list) .Values.env) (default (list) .Values.cluster.env) -}}
{{- with $env -}}
{{- . | toYaml -}}
{{- end -}}
{{- end -}}

{{- define "cluster.volumes" -}}
{{- $volumes := concat (default (list) .Values.volumes) (default (list) .Values.cluster.volumes) -}}
{{- with $volumes -}}
{{- . | toYaml -}}
{{- end -}}
{{- end -}}

{{- define "cluster.volume_mounts" -}}
{{- $volumeMounts := concat (default (list) .Values.volume_mounts) (default (list) .Values.cluster.volume_mounts) -}}
{{- with $volumeMounts -}}
{{- . | toYaml -}}
{{- end -}}
{{- end -}}
3 changes: 3 additions & 0 deletions charts/shield/templates/cluster/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,7 @@ spec:
{{- if $customCAEnvs }}
{{- $customCAEnvs | nindent 12 }}
{{- end }}
{{- include "cluster.env" . | nindent 12 }}
resources:
{{- toYaml .Values.cluster.resources | nindent 12 }}
livenessProbe:
Expand Down Expand Up @@ -146,6 +147,7 @@ spec:
- mountPath: {{ include "cluster.tls_certificates.mount_path" (merge . (dict "CACertsPath" "/etc/sysdig/ca-certs/")) }}
name: cluster-shield-tls-certificates-secret
{{- end }}
{{- include "cluster.volume_mounts" . | nindent 12 }}
volumes:
{{- $customCAVolume := (include "common.custom_ca.volume" .) }}
{{- if $customCAVolume }}
Expand All @@ -164,3 +166,4 @@ spec:
secret:
secretName: {{ include "cluster.tls_certificates.secret_name" . }}
{{- end }}
{{- include "cluster.volumes" . | nindent 8 }}
21 changes: 21 additions & 0 deletions charts/shield/templates/host/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,3 +113,24 @@ true
{{- true -}}
{{- end }}
{{- end }}

{{- define "host.env" -}}
{{- $env := concat (default (list) .Values.env) (default (list) .Values.host.env) -}}
{{- with $env -}}
{{- . | toYaml -}}
{{- end -}}
{{- end -}}

{{- define "host.volumes" -}}
{{- $volumes := concat (default (list) .Values.volumes) (default (list) .Values.host.volumes) -}}
{{- with $volumes -}}
{{- . | toYaml -}}
{{- end -}}
{{- end -}}

{{- define "host.volume_mounts" -}}
{{- $volumeMounts := concat (default (list) .Values.volume_mounts) (default (list) .Values.host.volume_mounts) -}}
{{- with $volumeMounts -}}
{{- . | toYaml -}}
{{- end -}}
{{- end -}}
3 changes: 3 additions & 0 deletions charts/shield/templates/host/daemonset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -157,6 +157,7 @@ spec:
name: {{ include "host.rapid_response_secret" . }}
key: password
{{- end }}
{{- include "host.env" . | nindent 12 }}
readinessProbe:
httpGet:
host: 127.0.0.1
Expand Down Expand Up @@ -232,6 +233,7 @@ spec:
name: host-tmp
{{- end }}
{{- end }}
{{- include "host.volume_mounts" . | nindent 12 }}
volumes:
{{- /* Always requested */}}
- name: dev-vol
Expand Down Expand Up @@ -337,3 +339,4 @@ spec:
path: /tmp
{{- end }}
{{- end }}
{{- include "host.volumes" . | nindent 8 }}
150 changes: 150 additions & 0 deletions charts/shield/tests/cluster/deployment_test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1176,3 +1176,153 @@ tests:
- equal:
path: spec.replicas
value: 5

- it: Common custom env vars
set:
env:
- name: MY_ENV_VAR
value: my-value
asserts:
- contains:
path: spec.template.spec.containers[?(@.name == "cluster-shield")].env
content:
name: MY_ENV_VAR
value: my-value

- it: Common and Cluster specific custom env vars
set:
env:
- name: MY_ENV_VAR
value: my-value
cluster:
env:
- name: MY_CLUSTER_ENV_VAR
value: my-cluster-value
asserts:
- contains:
path: spec.template.spec.containers[?(@.name == "cluster-shield")].env
content:
name: MY_ENV_VAR
value: my-value
- contains:
path: spec.template.spec.containers[?(@.name == "cluster-shield")].env
content:
name: MY_CLUSTER_ENV_VAR
value: my-cluster-value

- it: Ensure host specific env vars not present
set:
cluster:
env:
- name: MY_CLUSTER_ENV_VAR
value: my-cluster-value
host:
env:
- name: MY_HOST_ENV_VAR
value: my-host-value
asserts:
- notContains:
path: spec.template.spec.containers[?(@.name == "cluster-shield")].env
content:
name: MY_HOST_ENV_VAR
value: my-host-value
- contains:
path: spec.template.spec.containers[?(@.name == "cluster-shield")].env
content:
name: MY_CLUSTER_ENV_VAR
value: my-cluster-value

- it: Common volumes and volume mounts
set:
volumes:
- name: my-volume
emptyDir: {}
volume_mounts:
- name: my-volume
mountPath: /host/my-mount-path
asserts:
- contains:
path: spec.template.spec.volumes
content:
name: my-volume
emptyDir: {}
- contains:
path: spec.template.spec.containers[?(@.name == "cluster-shield")].volumeMounts
content:
name: my-volume
mountPath: /host/my-mount-path

- it: Common and Cluster specific volumes and volume mounts
set:
volumes:
- name: my-volume
emptyDir: {}
volume_mounts:
- name: my-volume
mountPath: /host/my-mount-path
cluster:
volumes:
- name: my-cluster-volume
emptyDir: {}
volume_mounts:
- name: my-cluster-volume
mountPath: /host/my-cluster-mount-path
asserts:
- contains:
path: spec.template.spec.volumes
content:
name: my-volume
emptyDir: {}
- contains:
path: spec.template.spec.volumes
content:
name: my-cluster-volume
emptyDir: {}
- contains:
path: spec.template.spec.containers[?(@.name == "cluster-shield")].volumeMounts
content:
name: my-volume
mountPath: /host/my-mount-path
- contains:
path: spec.template.spec.containers[?(@.name == "cluster-shield")].volumeMounts
content:
name: my-cluster-volume
mountPath: /host/my-cluster-mount-path

- it: Ensure host specific volumes and volume mounts not present
set:
cluster:
volumes:
- name: my-cluster-volume
emptyDir: {}
volume_mounts:
- name: my-cluster-volume
mountPath: /host/my-cluster-mount-path
host:
volumes:
- name: my-host-volume
emptyDir: {}
volume_mounts:
- name: my-host-volume
mountPath: /host/my-host-mount-path
asserts:
- notContains:
path: spec.template.spec.volumes
content:
name: my-host-volume
emptyDir: {}
- notContains:
path: spec.template.spec.containers[?(@.name == "cluster-shield")].volumeMounts
content:
name: my-host-volume
mountPath: /host/my-host-mount-path
- contains:
path: spec.template.spec.volumes
content:
name: my-cluster-volume
emptyDir: {}
- contains:
path: spec.template.spec.containers[?(@.name == "cluster-shield")].volumeMounts
content:
name: my-cluster-volume
mountPath: /host/my-cluster-mount-path
Loading

0 comments on commit af7d38c

Please sign in to comment.