From d4f7b39f92841cb7bf5868e1e85c9f5342e71d0b Mon Sep 17 00:00:00 2001 From: Nitish Tiwari Date: Tue, 28 Feb 2023 11:46:21 +0530 Subject: [PATCH 1/2] Add sh in Dockerfile Also remove runAsUser, it is no longer needed. --- Dockerfile | 2 ++ helm/values.yaml | 1 - server/src/main.rs | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 0df5b133f..029dd4434 100644 --- a/Dockerfile +++ b/Dockerfile @@ -29,6 +29,8 @@ RUN cargo build --release FROM gcr.io/distroless/cc-debian11:nonroot WORKDIR /parseable + +COPY --from=busybox:1.35.0-uclibc /bin/sh /bin/sh COPY --from=builder /parseable/target/release/parseable /usr/bin/parseable CMD ["parseable"] diff --git a/helm/values.yaml b/helm/values.yaml index 21280e357..03b093210 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -52,7 +52,6 @@ parseable: cpu: 500m memory: 1Gi securityContext: - runAsUser: 10001 allowPrivilegeEscalation: false podAnnotations: {} podSecurityContext: {} diff --git a/server/src/main.rs b/server/src/main.rs index f5904e166..d59c49dd4 100644 --- a/server/src/main.rs +++ b/server/src/main.rs @@ -105,7 +105,7 @@ async fn main() -> anyhow::Result<()> { _ = &mut localsync_outbox => { // crash the server if localsync fails for any reason // panic!("Local Sync thread died. Server will fail now!") - return Err(anyhow::Error::msg("Failed to sync local data to disc. This can happen due to critical error in disc or environment. Please restart the Parseable server.\n\nJoin us on Parseable Slack if the issue persists after restart : https://launchpass.com/parseable")) + return Err(anyhow::Error::msg("Failed to sync local data to drive. Please restart the Parseable server.\n\nJoin us on Parseable Slack if the issue persists after restart : https://launchpass.com/parseable")) }, _ = &mut remote_sync_outbox => { // remote_sync failed, this is recoverable by just starting remote_sync thread again From b4193040fd0d5ca515c3e284b274b5abbcce947f Mon Sep 17 00:00:00 2001 From: Nitish Tiwari Date: Tue, 28 Feb 2023 12:40:54 +0530 Subject: [PATCH 2/2] Separate secret for local and s3 mode for simpler usage --- helm/templates/deployment.yaml | 16 +++++++++++++++- helm/values.yaml | 12 +++++++++++- 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml index 7bc043e62..3aa592843 100644 --- a/helm/templates/deployment.yaml +++ b/helm/templates/deployment.yaml @@ -43,7 +43,8 @@ spec: - name: {{ $key }} value: {{ tpl $value $ | quote }} {{- end }} - {{- range $secret := .Values.parseable.secrets }} + {{- if .Values.parseable.local }} + {{- range $secret := .Values.parseable.localModeSecret }} {{- range $key := $secret.keys }} {{- $envPrefix := $secret.prefix | default "" | upper }} {{- $envKey := $key | upper | replace "." "_" | replace "-" "_" }} @@ -54,6 +55,19 @@ spec: key: {{ $key }} {{- end }} {{- end }} + {{- else}} + {{- range $secret := .Values.parseable.s3ModeSecret }} + {{- range $key := $secret.keys }} + {{- $envPrefix := $secret.prefix | default "" | upper }} + {{- $envKey := $key | upper | replace "." "_" | replace "-" "_" }} + - name: {{ $envPrefix }}{{ $envKey }} + valueFrom: + secretKeyRef: + name: {{ $secret.name }} + key: {{ $key }} + {{- end }} + {{- end }} + {{- end }} ports: - containerPort: 8000 resources: diff --git a/helm/values.yaml b/helm/values.yaml index 03b093210..03857bc88 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -15,7 +15,17 @@ parseable: storageClass: "" accessMode: ReadWriteOnce size: 1Gi - secrets: + localModeSecret: + - type: env + name: parseable-env-secret + prefix: P_ + keys: + - addr + - username + - password + - staging.dir + - fs.dir + s3ModeSecret: - type: env name: parseable-env-secret prefix: P_