diff --git a/README.md b/README.md index de6e9c0..a1df0b9 100644 --- a/README.md +++ b/README.md @@ -20,10 +20,16 @@ This project or repository is in no way affiliated with DataLust or Seq. 1. You will require [Helm](https://helm.sh/docs/intro/install/) and access to a [Kubernetes](https://kubernetes.io/) cluster to which you have appropriate permissions to deploy resources. 1. Clone this repository and in a shell terminal, `cd` in to the root directory of the cloned repository. +1. Create a namespace to deploy into: + + ```shell + kubectl create namespace seq-input-gelf + ``` + 1. Run the following command to create a secret containing your deployment key, replacing `YOURAPIKEY` with an [API key generated by your Seq instance](https://docs.datalust.co/docs/api-keys): ```shell - kubectl create secret generic seq-api-key --from-value=api-key=YOURAPIKEY --namespace seq-input-gelf + kubectl create secret generic seq-api-key --from-literal=api-key=YOURAPIKEY --namespace seq-input-gelf ``` 1. Add the helm repository for this Helm Chart @@ -38,8 +44,7 @@ This project or repository is in no way affiliated with DataLust or Seq. ```shell helm upgrade seq-input-gelf \ - seq-input-gelf/seq-input-gelf \ - --create-namespace \ + seq-input-gelf \ --namespace seq-input-gelf \ --install \ --values ./examples/values.yaml diff --git a/charts/seq-input-gelf/templates/_helpers.tpl b/charts/seq-input-gelf/templates/_helpers.tpl index 7e70176..866d890 100644 --- a/charts/seq-input-gelf/templates/_helpers.tpl +++ b/charts/seq-input-gelf/templates/_helpers.tpl @@ -23,6 +23,12 @@ If release name contains chart name it will be used as a full name. {{- end }} {{- end }} +{{/* +*/}} +{{- define "seq-input-gelf.testname" -}} +{{- printf "%s-test" ( include "seq-input-gelf.fullname" . ) }} +{{- end }} + {{/* Create chart name and version as used by the chart label. */}} diff --git a/charts/seq-input-gelf/templates/deployment.yaml b/charts/seq-input-gelf/templates/deployment.yaml index 408ac69..abad735 100644 --- a/charts/seq-input-gelf/templates/deployment.yaml +++ b/charts/seq-input-gelf/templates/deployment.yaml @@ -24,7 +24,10 @@ spec: {{- end }} serviceAccountName: {{ include "seq-input-gelf.serviceAccountName" . }} securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} + fsGroup: 2000 + runAsUser: 1000 + runAsGroup: 3000 + runAsNonRoot: true containers: - name: {{ .Chart.Name }} securityContext: @@ -32,10 +35,6 @@ spec: drop: - ALL readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - runAsGroup: 3000 - fsGroup: 2000 allowPrivilegeEscalation: false image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} diff --git a/charts/seq-input-gelf/templates/tests/test.job.yaml b/charts/seq-input-gelf/templates/tests/test.job.yaml new file mode 100644 index 0000000..c403bf8 --- /dev/null +++ b/charts/seq-input-gelf/templates/tests/test.job.yaml @@ -0,0 +1,36 @@ +kind: Job +apiVersion: batch/v1 +metadata: + name: {{ include "seq-input-gelf.testname" . }} + labels: + {{- include "seq-input-gelf.labels" . | nindent 4 }} +spec: + backoffLimit: 5 + activeDeadlineSeconds: 60 + ttlSecondsAfterFinished: 600 #automatically deleted 10 minutes after completion + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "seq-input-gelf.selectorLabels" . | nindent 8 }} + spec: + securityContext: + fsGroup: 2000 + runAsUser: 1000 + runAsGroup: 3000 + runAsNonRoot: true + containers: + - name: tcp-connection-is-alive + image: alpine + command: ["/bin/sh"] + args: ["-c", "nc -z {{ printf "%s.%s.svc.cluster.local" ( include "seq-input-gelf.fullname" . ) .Release.Namespace }} {{ .Values.service.port }}"] + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + restartPolicy: Never