Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(shield): allow custom env vars and volume mounts #1974

Merged
merged 2 commits into from
Oct 14, 2024
Merged

feat(shield): allow custom env vars and volume mounts #1974

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
08a462f
feat(shield): allow custom env vars and volume mounts
aroberts87 Oct 9, 2024
bfddfc9
fix: address '--reuse-values' upgrade issue
aroberts87 Oct 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion charts/shield/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,5 +13,5 @@ maintainers:
- name: mavimo
email: [email protected]
type: application
version: 0.1.5
version: 0.1.6
appVersion: "1.0.0"
9 changes: 9 additions & 0 deletions charts/shield/README.md
View file
Open in desktop

Large diffs are not rendered by default.

21 changes: 21 additions & 0 deletions charts/shield/templates/cluster/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -101,3 +101,24 @@ If release name contains chart name it will be used as a full name.
0
{{- end -}}
{{- end -}}

{{- define "cluster.env" -}}
{{- $env := concat (default (list) .Values.env) (default (list) .Values.cluster.env) -}}
{{- with $env -}}
{{- . | toYaml -}}
{{- end -}}
{{- end -}}

{{- define "cluster.volumes" -}}
{{- $volumes := concat (default (list) .Values.volumes) (default (list) .Values.cluster.volumes) -}}
{{- with $volumes -}}
{{- . | toYaml -}}
{{- end -}}
{{- end -}}

{{- define "cluster.volume_mounts" -}}
{{- $volumeMounts := concat (default (list) .Values.volume_mounts) (default (list) .Values.cluster.volume_mounts) -}}
{{- with $volumeMounts -}}
{{- . | toYaml -}}
{{- end -}}
{{- end -}}
3 changes: 3 additions & 0 deletions charts/shield/templates/cluster/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,7 @@ spec:
{{- if $customCAEnvs }}
{{- $customCAEnvs | nindent 12 }}
{{- end }}
{{- include "cluster.env" . | nindent 12 }}
resources:
{{- toYaml .Values.cluster.resources | nindent 12 }}
livenessProbe:
Expand Down Expand Up @@ -146,6 +147,7 @@ spec:
- mountPath: {{ include "cluster.tls_certificates.mount_path" (merge . (dict "CACertsPath" "/etc/sysdig/ca-certs/")) }}
name: cluster-shield-tls-certificates-secret
{{- end }}
{{- include "cluster.volume_mounts" . | nindent 12 }}
volumes:
{{- $customCAVolume := (include "common.custom_ca.volume" .) }}
{{- if $customCAVolume }}
Expand All @@ -164,3 +166,4 @@ spec:
secret:
secretName: {{ include "cluster.tls_certificates.secret_name" . }}
{{- end }}
{{- include "cluster.volumes" . | nindent 8 }}
21 changes: 21 additions & 0 deletions charts/shield/templates/host/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -113,3 +113,24 @@ true
{{- true -}}
{{- end }}
{{- end }}

{{- define "host.env" -}}
{{- $env := concat (default (list) .Values.env) (default (list) .Values.host.env) -}}
{{- with $env -}}
{{- . | toYaml -}}
{{- end -}}
{{- end -}}

{{- define "host.volumes" -}}
{{- $volumes := concat (default (list) .Values.volumes) (default (list) .Values.host.volumes) -}}
{{- with $volumes -}}
{{- . | toYaml -}}
{{- end -}}
{{- end -}}

{{- define "host.volume_mounts" -}}
{{- $volumeMounts := concat (default (list) .Values.volume_mounts) (default (list) .Values.host.volume_mounts) -}}
{{- with $volumeMounts -}}
{{- . | toYaml -}}
{{- end -}}
{{- end -}}
3 changes: 3 additions & 0 deletions charts/shield/templates/host/daemonset.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -157,6 +157,7 @@ spec:
name: {{ include "host.rapid_response_secret" . }}
key: password
{{- end }}
{{- include "host.env" . | nindent 12 }}
readinessProbe:
httpGet:
host: 127.0.0.1
Expand Down Expand Up @@ -232,6 +233,7 @@ spec:
name: host-tmp
{{- end }}
{{- end }}
{{- include "host.volume_mounts" . | nindent 12 }}
volumes:
{{- /* Always requested */}}
- name: dev-vol
Expand Down Expand Up @@ -337,3 +339,4 @@ spec:
path: /tmp
{{- end }}
{{- end }}
{{- include "host.volumes" . | nindent 8 }}
150 changes: 150 additions & 0 deletions charts/shield/tests/cluster/deployment_test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1176,3 +1176,153 @@ tests:
- equal:
path: spec.replicas
value: 5

- it: Common custom env vars
set:
env:
- name: MY_ENV_VAR
value: my-value
asserts:
- contains:
path: spec.template.spec.containers[?(@.name == "cluster-shield")].env
content:
name: MY_ENV_VAR
value: my-value

- it: Common and Cluster specific custom env vars
set:
env:
- name: MY_ENV_VAR
value: my-value
cluster:
env:
- name: MY_CLUSTER_ENV_VAR
value: my-cluster-value
asserts:
- contains:
path: spec.template.spec.containers[?(@.name == "cluster-shield")].env
content:
name: MY_ENV_VAR
value: my-value
- contains:
path: spec.template.spec.containers[?(@.name == "cluster-shield")].env
content:
name: MY_CLUSTER_ENV_VAR
value: my-cluster-value

- it: Ensure host specific env vars not present
set:
cluster:
env:
- name: MY_CLUSTER_ENV_VAR
value: my-cluster-value
host:
env:
- name: MY_HOST_ENV_VAR
value: my-host-value
asserts:
- notContains:
path: spec.template.spec.containers[?(@.name == "cluster-shield")].env
content:
name: MY_HOST_ENV_VAR
value: my-host-value
- contains:
path: spec.template.spec.containers[?(@.name == "cluster-shield")].env
content:
name: MY_CLUSTER_ENV_VAR
value: my-cluster-value

- it: Common volumes and volume mounts
set:
volumes:
- name: my-volume
emptyDir: {}
volume_mounts:
- name: my-volume
mountPath: /host/my-mount-path
asserts:
- contains:
path: spec.template.spec.volumes
content:
name: my-volume
emptyDir: {}
- contains:
path: spec.template.spec.containers[?(@.name == "cluster-shield")].volumeMounts
content:
name: my-volume
mountPath: /host/my-mount-path

- it: Common and Cluster specific volumes and volume mounts
set:
volumes:
- name: my-volume
emptyDir: {}
volume_mounts:
- name: my-volume
mountPath: /host/my-mount-path
cluster:
volumes:
- name: my-cluster-volume
emptyDir: {}
volume_mounts:
- name: my-cluster-volume
mountPath: /host/my-cluster-mount-path
asserts:
- contains:
path: spec.template.spec.volumes
content:
name: my-volume
emptyDir: {}
- contains:
path: spec.template.spec.volumes
content:
name: my-cluster-volume
emptyDir: {}
- contains:
path: spec.template.spec.containers[?(@.name == "cluster-shield")].volumeMounts
content:
name: my-volume
mountPath: /host/my-mount-path
- contains:
path: spec.template.spec.containers[?(@.name == "cluster-shield")].volumeMounts
content:
name: my-cluster-volume
mountPath: /host/my-cluster-mount-path

- it: Ensure host specific volumes and volume mounts not present
set:
cluster:
volumes:
- name: my-cluster-volume
emptyDir: {}
volume_mounts:
- name: my-cluster-volume
mountPath: /host/my-cluster-mount-path
host:
volumes:
- name: my-host-volume
emptyDir: {}
volume_mounts:
- name: my-host-volume
mountPath: /host/my-host-mount-path
asserts:
- notContains:
path: spec.template.spec.volumes
content:
name: my-host-volume
emptyDir: {}
- notContains:
path: spec.template.spec.containers[?(@.name == "cluster-shield")].volumeMounts
content:
name: my-host-volume
mountPath: /host/my-host-mount-path
- contains:
path: spec.template.spec.volumes
content:
name: my-cluster-volume
emptyDir: {}
- contains:
path: spec.template.spec.containers[?(@.name == "cluster-shield")].volumeMounts
content:
name: my-cluster-volume
mountPath: /host/my-cluster-mount-path
Loading
Loading