Skip to content

Commit a1c8051

Browse files
nimeshjmnimeshjm
committed
cp-2881 setting to non root, bumping to latest iamge tag,
wip - need to make runAsUser: 1001 conditional for AKS only
1 parent 571fe25 commit a1c8051

File tree

2 files changed

+21
-5
lines changed

2 files changed

+21
-5
lines changed

README.md

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -121,3 +121,17 @@ helm upgrade cloudbolt-collector cloudbolt-collector/cloudbolt-collector \
121121
--set IMAGE_VERSION=$IMAGE_VERSION \
122122
--set INGESTION_API_URL=$INGESTION_API_URL
123123
```
124+
125+
126+
127+
128+
export PROMETHEUS_BASE_URL="http://prometheus-kube-prometheus-prometheus.monitoring.svc.cluster.local:9090"
129+
export COREAPI_BASE_URL="https://kubernetes.default.svc"
130+
export INGESTION_API_URL="https://gn36i03mq1.execute-api.eu-west-2.amazonaws.com/v1/data/ingest"
131+
kubectl create secret generic cb-ingestion-token \
132+
--from-literal=INGESTION_API_TOKEN=hahaha \
133+
-n cloudbolt-collector
134+
135+
helm upgrade --install cloudbolt-collector ./ -f values.yaml --namespace cloudbolt-collector --create-namespace --set INGESTION_API_URL=$INGESTION_API_URL --set prometheusBaseUrl=$PROMETHEUS_BASE_URL --set coreapiBaseUrl=$COREAPI_BASE_URL --set DEBUG=true
136+
137+
helm upgrade --install cloudbolt-collector ./ -f values.yaml --namespace cloudbolt-collector --create-namespace --set INGESTION_API_URL="https://c1i3z7ha68.execute-api.us-west-2.amazonaws.com/v1/data-ingest-api-dev-v1" --set DEBUG=true

values.yaml

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
# Declare variables to be passed into your templates.
44
replicaCount: 1
55
DEBUG: ""
6-
IMAGE_VERSION: "aks"
6+
IMAGE_VERSION: ""
77
INGESTION_API_URL: ""
88

99
# Optional: Base URL for Prometheus and CoreAPI (e.g. "http://prometheus.monitoring.svc.cluster.local:9090")
@@ -13,7 +13,7 @@ coreapiBaseUrl: ""
1313
image:
1414
repository: cloudboltsoftware/cloudbolt-collector
1515
pullPolicy: Always
16-
tag: aks
16+
tag: v0.46.0
1717
imagePullSecrets: []
1818
nameOverride: ""
1919
fullnameOverride: ""
@@ -26,15 +26,17 @@ serviceAccount:
2626
podAnnotations: {}
2727
podLabels: {}
2828
podSecurityContext:
29-
runAsNonRoot: false
30-
runAsUser: 0
29+
runAsNonRoot: true
3130
seccompProfile:
3231
type: "RuntimeDefault"
3332
securityContext:
3433
allowPrivilegeEscalation: false
3534
capabilities:
3635
drop: ["ALL"]
37-
runAsNonRoot: false
36+
runAsNonRoot: true
37+
# only for AKS
38+
runAsUser: 1001
39+
# endonly
3840
seccompProfile:
3941
type: "RuntimeDefault"
4042
service:

0 commit comments

Comments
 (0)