Merge branch 'main' into feat/issue-170/add-appsec

crowdsecurity · Sep 24, 2024 · d26c57c · d26c57c
2 parents 7851d05 + 48da43d
commit d26c57c
Show file tree

Hide file tree

Showing 5 changed files with 44 additions and 13 deletions.
diff --git a/charts/crowdsec/Chart.yaml b/charts/crowdsec/Chart.yaml
@@ -87,9 +87,9 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.11.1
+version: 0.13.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: v1.6.2
+appVersion: v1.6.3
diff --git a/charts/crowdsec/README.md b/charts/crowdsec/README.md
@@ -1,6 +1,6 @@
 # crowdsec
 
-![Version: 0.11.1](https://img.shields.io/badge/Version-0.11.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.6.2](https://img.shields.io/badge/AppVersion-v1.6.2-informational?style=flat-square)
+![Version: 0.13.0](https://img.shields.io/badge/Version-0.13.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.6.3](https://img.shields.io/badge/AppVersion-v1.6.3-informational?style=flat-square)
 
 Crowdsec helm chart is an open-source, lightweight agent to detect and respond to bad behaviours.
 
@@ -204,6 +204,8 @@ spec:
 | lapi.podAnnotations | object | `{}` | Annotations to be added to lapi pods, if global podAnnotations are not set |
 | lapi.podLabels | object | `{}` | Labels to be added to lapi pods, if global podLabels are not set |
 | lapi.extraInitContainers | list | `[]` | Extra init containers to be added to lapi pods |
+| lapi.extraVolumes | list | `[]` | Extra volumes to be added to lapi pods |
+| lapi.extraVolumeMounts | list | `[]` | Extra volumeMounts to be added to lapi pods |
 | lapi.resources | object | `{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}}` | resources for lapi |
 | lapi.dashboard.enabled | bool | `false` | Enable Metabase Dashboard (by default disabled) |
 | lapi.dashboard.env | list | `[]` | see https://www.metabase.com/docs/latest/configuring-metabase/environment-variables |
@@ -244,6 +246,8 @@ spec:
 | agent.podAnnotations | object | `{}` | Annotations to be added to agent pods, if global podAnnotations are not set |
 | agent.podLabels | object | `{}` | Labels to be added to agent pods, if global podLabels are not set |
 | agent.extraInitContainers | list | `[]` | Extra init containers to be added to agent pods |
+| agent.extraVolumes | list | `[]` | Extra volumes to be added to agent pods |
+| agent.extraVolumeMounts | list | `[]` | Extra volumeMounts to be added to agent pods |
 | agent.resources.limits.memory | string | `"250Mi"` |  |
 | agent.resources.limits.cpu | string | `"500m"` |  |
 | agent.resources.requests.cpu | string | `"500m"` |  |

diff --git a/charts/crowdsec/templates/agent-daemonSet.yaml b/charts/crowdsec/templates/agent-daemonSet.yaml
@@ -11,7 +11,7 @@ metadata:
     version: v1
   {{- if .Values.agent.daemonsetAnnotations }}
   annotations:
-  {{ toYaml .Values.agent.daemonsetAnnotations | trim | indent 4 }}
+{{ toYaml .Values.agent.daemonsetAnnotations | trim | indent 4 }}
   {{- end }}
 spec:
   selector:
@@ -25,10 +25,10 @@ spec:
         checksum/agent-configmap: {{ include (print $.Template.BasePath "/agent-configmap.yaml") . | sha256sum }}
         checksum/acquis-configmap: {{ include (print $.Template.BasePath "/acquis-configmap.yaml") . | sha256sum }}
         {{- if .Values.podAnnotations }}
-        {{- toYaml .Values.podAnnotations | trim | indent 8 }}
+{{ toYaml .Values.podAnnotations | trim | indent 8 }}
         {{- end }}
         {{- if .Values.agent.podAnnotations }}
-        {{- toYaml .Values.agent.podAnnotations | trim | indent 8 }}
+{{ toYaml .Values.agent.podAnnotations | trim | indent 8 }}
         {{- end }}
       labels:
         k8s-app: {{ .Release.Name }}
@@ -206,6 +206,9 @@ spec:
           - name: crowdsec-agent-tls
             mountPath: /etc/ssl/crowdsec-agent
           {{- end }}
+          {{- if .Values.agent.extraVolumeMounts }}
+          {{ toYaml .Values.agent.extraVolumeMounts | nindent 10 }}
+          {{- end }}
       terminationGracePeriodSeconds: 30
       volumes:
       - name: acquis-config-volume
@@ -278,6 +281,9 @@ spec:
         secret:
           secretName: {{ .Release.Name }}-agent-tls
       {{- end }}
+      {{- if .Values.agent.extraVolumes }}
+      {{ toYaml .Values.agent.extraVolumes | nindent 6 }}
+      {{- end }}
       {{- with .Values.agent.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

diff --git a/charts/crowdsec/templates/lapi-deployment.yaml b/charts/crowdsec/templates/lapi-deployment.yaml
@@ -11,7 +11,7 @@ metadata:
     version: v1
   {{- if .Values.lapi.deployAnnotations }}
   annotations:
-  {{ toYaml .Values.lapi.deployAnnotations | trim | indent 4 }}
+{{ toYaml .Values.lapi.deployAnnotations | trim | indent 4 }}
   {{- end }}
 spec:
   replicas: {{ .Values.lapi.replicas }}
@@ -27,10 +27,10 @@ spec:
         checksum/lapi-secret: {{ include (print $.Template.BasePath "/lapi-secrets.yaml") . | sha256sum }}
         checksum/lapi-configmap: {{ include (print $.Template.BasePath "/lapi-configmap.yaml") . | sha256sum }}
         {{- if .Values.podAnnotations }}
-        {{- toYaml .Values.podAnnotations | trim | indent 8 }}
+{{ toYaml .Values.podAnnotations | trim | indent 8 }}
         {{- end }}
         {{- if .Values.lapi.podAnnotations }}
-        {{- toYaml .Values.lapi.podAnnotations | trim | indent 8 }}
+{{ toYaml .Values.lapi.podAnnotations | trim | indent 8 }}
         {{- end }}
       labels:
         k8s-app: {{ .Release.Name }}
@@ -52,7 +52,7 @@ spec:
       - name: fetch-metabase-config
         image: busybox:1.28
         imagePullPolicy: IfNotPresent
-        command: ['sh', '-c', 'if [ -f /metabase-data/metabase.db/metabase.db.mv.db ]; then echo "Metabase database file already exists, skipping download and unzip"; else wget {{ .Values.lapi.dashboard.assetURL }} && unzip metabase_sqlite.zip -d /metabase-data/; fi']
+        command: ['sh', '-c', 'if [ -f /metabase-data/metabase.db/metabase.db.mv.db ]; then echo "Metabase database file already exists, skipping download and unzip"; else wget {{ .Values.lapi.dashboard.assetURL }} && unzip metabase_sqlite.zip -nd /metabase-data/; fi']
         volumeMounts:
         - name: crowdsec-db
           mountPath: /metabase-data
@@ -130,7 +130,10 @@ spec:
               secretKeyRef:
                 name: crowdsec-lapi-secrets
                 key: registrationToken
-
+          - name: CUSTOM_HOSTNAME
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.name
         {{- with .Values.lapi.env }}
           {{- toYaml . | nindent 10 }}
         {{- end }}
@@ -197,7 +200,7 @@ spec:
         lifecycle:
           {{- toYaml .Values.lapi.lifecycle | nindent 10 }}
         {{- end }}
-        {{- if or (.Values.tls.enabled) (.Values.lapi.persistentVolume.data.enabled) (.Values.lapi.persistentVolume.config.enabled) (.Values.lapi.dashboard.enabled) (include "lapiCustomConfigIsNotEmpty" .) }}
+        {{- if or (.Values.tls.enabled) (.Values.lapi.persistentVolume.data.enabled) (.Values.lapi.persistentVolume.config.enabled) (.Values.lapi.dashboard.enabled) (include "lapiCustomConfigIsNotEmpty" .) (.Values.lapi.extraVolumeMounts) }}
         volumeMounts:
           {{- if .Values.tls.enabled }}
           - name: crowdsec-lapi-tls
@@ -245,6 +248,9 @@ spec:
           {{- end }}
           {{- end }}
           {{- end }}
+          {{- if .Values.lapi.extraVolumeMounts }}
+          {{ toYaml .Values.lapi.extraVolumeMounts | nindent 10 }}
+          {{- end }}
           {{- end }}
       {{- if .Values.lapi.dashboard.enabled }}
       - name: dashboard
@@ -311,7 +317,7 @@ spec:
 
       {{- end }}
       terminationGracePeriodSeconds: 30
-      {{- if or (.Values.tls.enabled) (.Values.lapi.persistentVolume.data.enabled) (.Values.lapi.persistentVolume.config.enabled) (.Values.lapi.dashboard.enabled) (include "lapiCustomConfigIsNotEmpty" .) }}
+      {{- if or (.Values.tls.enabled) (.Values.lapi.persistentVolume.data.enabled) (.Values.lapi.persistentVolume.config.enabled) (.Values.lapi.dashboard.enabled) (include "lapiCustomConfigIsNotEmpty" .) (.Values.lapi.extraVolumes) }}
       volumes:
       {{- if .Values.lapi.persistentVolume.data.enabled }}
       - name: crowdsec-db
@@ -374,6 +380,9 @@ spec:
         secret:
           secretName: {{ .Release.Name }}-agent-tls
       {{- end }}
+      {{- if .Values.lapi.extraVolumes }}
+      {{ toYaml .Values.lapi.extraVolumes | nindent 6 }}
+      {{- end }}
       {{- end }}
       {{- with .Values.lapi.tolerations }}
       tolerations:

diff --git a/charts/crowdsec/values.yaml b/charts/crowdsec/values.yaml
@@ -182,6 +182,12 @@ lapi:
   # -- Extra init containers to be added to lapi pods
   extraInitContainers: []
 
+  # -- Extra volumes to be added to lapi pods
+  extraVolumes: []
+
+  # -- Extra volumeMounts to be added to lapi pods
+  extraVolumeMounts: []
+
   # -- resources for lapi
   resources:
     limits:
@@ -333,6 +339,12 @@ agent:
   # -- Extra init containers to be added to agent pods
   extraInitContainers: []
 
+  # -- Extra volumes to be added to agent pods
+  extraVolumes: []
+
+  # -- Extra volumeMounts to be added to agent pods
+  extraVolumeMounts: []
+
   resources:
     limits:
       memory: 250Mi