Fix minor helm chart issues (#134)

Also update Dockerfile to use non root users Part of #96
parseablehq · May 29, 2022 · 058ceb1 · 058ceb1
1 parent a53c929
commit 058ceb1
Show file tree

Hide file tree

Showing 9 changed files with 45 additions and 14 deletions.
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -75,4 +75,4 @@ jobs:
       - uses: actions-rs/cargo@v1
         with:
           command: clippy
-          args: -- -D warnings
+          args: -- -D warnings
diff --git a/Dockerfile b/Dockerfile
@@ -18,9 +18,23 @@ FROM    rust:alpine3.14 AS compiler
 
 RUN     apk add -q --update-cache --no-cache build-base openssl-dev
 
+# Create appuser
+ENV USER=parseable
+ENV UID=10001
+
+RUN adduser \
+    --disabled-password \
+    --gecos "" \
+    --home "/nonexistent" \
+    --shell "/sbin/nologin" \
+    --no-create-home \
+    --uid "${UID}" \
+    "${USER}"
+
 WORKDIR /parseable
 
-COPY    . .
+COPY . .
+
 RUN     set -eux; \
         apkArch="$(apk --print-arch)"; \
         if [ "$apkArch" = "aarch64" ]; then \
@@ -36,11 +50,16 @@ RUN     apk update --quiet \
 
 # add parseable to the `/bin` so you can run it from anywhere and it's easy
 # to find.
-COPY    --from=compiler /parseable/target/release/parseable /bin/parseable
+COPY    --from=compiler /etc/passwd /etc/passwd
+COPY    --from=compiler /etc/group /etc/group
 
 # This directory should hold all the data related to parseable so we're going
 # to move our PWD in there.
-WORKDIR /parseable/data
+WORKDIR /parseable
+
+COPY    --from=compiler /parseable/target/release/parseable /bin/parseable
+
+USER parseable:parseable
 
 EXPOSE  5678/tcp
 

diff --git a/Makefile b/Makefile
@@ -6,3 +6,17 @@ fmt:
 # Run server
 run:
 	cd server && cargo run
+
+# Helm template
+template:
+	helm template parseable \
+	helm/parseable \
+	-f helm/parseable/values.yaml
+
+# Helm Upgrade
+upgrade:
+	helm upgrade --install \
+	parseable --namespace parseable \
+	--create-namespace \
+	helm/parseable \
+	-f helm/parseable/values.yaml
diff --git a/helm/Chart.yaml → helm/parseable/Chart.yaml b/helm/Chart.yaml → helm/parseable/Chart.yaml
@@ -4,6 +4,6 @@ description: A Helm chart for Kubernetes
 
 type: application
 
-version: 0.1.0
+version: "0.0.1"
 
-appVersion: "1.16.0"
+appVersion: "0.0.1"
diff --git a/helm/templates/_helpers.tpl → helm/parseable/templates/_helpers.tpl b/helm/templates/_helpers.tpl → helm/parseable/templates/_helpers.tpl
diff --git a/helm/templates/deployment.yaml → helm/parseable/templates/deployment.yaml b/helm/templates/deployment.yaml → helm/parseable/templates/deployment.yaml
diff --git a/helm/templates/service.yaml → helm/parseable/templates/service.yaml b/helm/templates/service.yaml → helm/parseable/templates/service.yaml
@@ -10,6 +10,6 @@ spec:
     - port: {{ .Values.service.port }}
       targetPort: 5678
       protocol: TCP
-      name: 5678
+      name: parseable
   selector:
     {{- include "parseable.selectorLabels" . | nindent 4 }}
diff --git a/helm/templates/serviceaccount.yaml → helm/parseable/templates/serviceaccount.yaml b/helm/templates/serviceaccount.yaml → helm/parseable/templates/serviceaccount.yaml
diff --git a/helm/values.yaml → helm/parseable/values.yaml b/helm/values.yaml → helm/parseable/values.yaml
@@ -1,5 +1,3 @@
-
-
 replicaCount: 1
 
 image:
@@ -14,11 +12,11 @@ parseable:
   P_S3_URL: ""
   P_S3_ACCESS_KEY: ""
   P_S3_SECRET_KEY: ""
-  P_S3_REGION: ""
-  P_STORAGE_SYNC_DURATION: ""
+  P_S3_REGION: "us-east-1"
+  P_STORAGE_SYNC_DURATION: "600"
   P_S3_BUCKET: ""
-  P_USERNAME: ""
-  P_PASSWORD: ""
+#  P_USERNAME: ""
+#  P_PASSWORD: ""
 
 imagePullSecrets: []
 nameOverride: ""
@@ -39,7 +37,7 @@ securityContext: {}
 
 service:
   type: ClusterIP
-  port: 5678
+  port: "5678"
 
 resources: {}
   #   cpu: 100m