huanld/speckle-server
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
ae79a48eb018d2f1fe0fb271bf2d340ba398fcaf
speckle-server/utils/helm/Makefile
T
Iain Sproat 65a00dca2e feat(helm chart): add SecurityContext to pods and containers (#917) 
* feat(helm chart): add SecurityContext to pods and containers

Speckle pods should run with minimal privileges and capabilities to function.

Fix https://github.com/specklesystems/speckle-server/issues/857

* Update securityContext for all pods

* frontend runs as nonroot and readonly root filesystem

- set fsgroup for all pods with volumes

* Frontend requires write directory at /etc/nginx/conf.d

* Allow openresty log directory to be writable

* feat(helm local test): add test container into the make script

Co-authored-by: Gergő Jedlicska <gergo@jedlicska.com>
2022-08-15 14:20:19 +02:00

53 lines
2.7 KiB
Makefile
Raw Blame History

# This file is only useful to test the helm chart locally with minikube before committing changes
build:
cd ../.. && docker build -t speckle/speckle-frontend:local -f packages/frontend/Dockerfile .
cd ../.. && docker build -t speckle/speckle-server:local -f packages/server/Dockerfile .
cd ../.. && docker build -t speckle/speckle-preview-service:local -f packages/preview-service/Dockerfile .
cd ../.. && docker build -t speckle/speckle-webhook-service:local -f packages/webhook-service/Dockerfile .
cd ../.. && docker build -t speckle/speckle-fileimport-service:local -f packages/fileimport-service/Dockerfile .
cd ../.. && docker build -t speckle/speckle-monitor-deployment:local -f utils/monitor-deployment/Dockerfile .
cd ../.. && docker build -t speckle/speckle-test-deployment:local -f utils/test-deployment/Dockerfile .
echo "Making locally built images available inside minikube cluster. This takes a bit to copy, unfortunately..."
minikube image load speckle/speckle-frontend:local
minikube image load speckle/speckle-server:local
minikube image load speckle/speckle-preview-service:local
minikube image load speckle/speckle-webhook-service:local
minikube image load speckle/speckle-fileimport-service:local
minikube image load speckle/speckle-monitor-deployment:local
minikube image load speckle/speckle-test-deployment:local
install:
helm uninstall speckle-test 2>/dev/null || true
helm install -f test-values.yml speckle-test ./speckle-server
@echo Make sure you add these lines in /etc/hosts:
@echo \# ---------------------
@echo `minikube ip` speckle.minikube
@echo `minikube ip` grafana.minikube
@echo `minikube ip` prometheus.minikube
@echo \# ---------------------
@echo Installed successfully.
@echo You can access the prometheus server at http://prometheus.minikube/
@echo You can access grafana at http://grafana.minikube/ \(user: admin, password: prom-operator\)
@echo You can access the Speckle server at http://speckle.minikube/
# If you have an existing minikube, you can `minikube delete` and `minikube start` to start a fresh cluster
# This "make target" will install all requirements in a fresh cluster
init-local-minikube:
@(kubectl config current-context | grep -q minikube) || (echo "ERROR: Minikube is not the current kubectl context. Temporarily modify the makefile if you really want to use the current configured kubectl context" && exit 1)
@echo "Enabling nginx ingress minikube plugin..."
minikube addons enable ingress
@echo "Installing kube-prometheus-stack"
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo update
helm install kube-prometheus-stack prometheus-community/kube-prometheus-stack
kubectl apply -f test-init.yml
Reference in New Issue View Git Blame Copy Permalink