From 05692d661f818f0b93dcfa1d1edffa15d2fbef46 Mon Sep 17 00:00:00 2001 From: CharlieC3 <2747302+CharlieC3@users.noreply.github.com> Date: Wed, 5 Oct 2022 10:29:09 -0400 Subject: [PATCH] [stacks-blockchain-api] set volume permissions security context, inital support for api v6 --- hirosystems/stacks-blockchain-api/Chart.lock | 8 ++++---- hirosystems/stacks-blockchain-api/Chart.yaml | 2 +- .../templates/api-writer/statefulset.yaml | 4 +++- hirosystems/stacks-blockchain-api/values.yaml | 1 + 4 files changed, 9 insertions(+), 6 deletions(-) diff --git a/hirosystems/stacks-blockchain-api/Chart.lock b/hirosystems/stacks-blockchain-api/Chart.lock index 027e50f..e2bb04d 100644 --- a/hirosystems/stacks-blockchain-api/Chart.lock +++ b/hirosystems/stacks-blockchain-api/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: stacks-blockchain repository: https://charts.hiro.so/hirosystems - version: 1.1.5 + version: 1.1.6 - name: postgresql repository: https://charts.bitnami.com/bitnami - version: 11.9.2 + version: 11.9.7 - name: common repository: https://charts.bitnami.com/bitnami version: 1.17.1 -digest: sha256:ba8466016c32d525b64b1707939de87d1bfbd24cb5f2b0a981f7e8ae2dbb2006 -generated: "2022-09-28T21:13:03.908325-04:00" +digest: sha256:75a859b539cbbcc754ac9ae00ec91979fc635d4f336c27eba950279531ee481d +generated: "2022-10-05T10:28:23.823053-04:00" diff --git a/hirosystems/stacks-blockchain-api/Chart.yaml b/hirosystems/stacks-blockchain-api/Chart.yaml index eafc690..4acb4c8 100644 --- a/hirosystems/stacks-blockchain-api/Chart.yaml +++ b/hirosystems/stacks-blockchain-api/Chart.yaml @@ -41,4 +41,4 @@ sources: - https://github.com/hirosystems/stacks-blockchain-api - https://docs.hiro.so/api - https://docs.hiro.so/get-started/stacks-blockchain-api -version: 1.1.5 +version: 1.1.6 diff --git a/hirosystems/stacks-blockchain-api/templates/api-writer/statefulset.yaml b/hirosystems/stacks-blockchain-api/templates/api-writer/statefulset.yaml index c275751..50d55a8 100644 --- a/hirosystems/stacks-blockchain-api/templates/api-writer/statefulset.yaml +++ b/hirosystems/stacks-blockchain-api/templates/api-writer/statefulset.yaml @@ -130,7 +130,7 @@ spec: - sh - -c - | - node ./lib/index.js export-events --file ${STACKS_EXPORT_EVENTS_FILE} + node ./lib/index.js export-events --file ${STACKS_EXPORT_EVENTS_FILE} --overwrite-file {{- if .Values.apiWriter.initContainerSecurityContext.enabled }} securityContext: {{- omit .Values.apiWriter.initContainerSecurityContext "enabled" | toYaml | nindent 12 }} {{- end }} @@ -274,8 +274,10 @@ spec: securityContext: {{- omit .Values.apiWriter.containerSecurityContext "enabled" | toYaml | nindent 12 }} {{- end }} env: + {{- if semverCompare "< 6.0.0" .Values.apiWriter.image.tag }} - name: STACKS_EXPORT_EVENTS_FILE value: {{ .Values.apiWriter.persistence.data.mountPath }}/stacks-node-events.tsv + {{- end }} - name: STACKS_API_LOG_LEVEL value: {{ ternary "debug" "info" (or .Values.apiWriter.image.debug .Values.diagnosticMode.enabled) | quote }} - name: STACKS_CHAIN_ID diff --git a/hirosystems/stacks-blockchain-api/values.yaml b/hirosystems/stacks-blockchain-api/values.yaml index c604292..3ac82e5 100644 --- a/hirosystems/stacks-blockchain-api/values.yaml +++ b/hirosystems/stacks-blockchain-api/values.yaml @@ -471,6 +471,7 @@ apiWriter: ## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed) ## containerSecurityContext: + enabled: true runAsUser: 0 ## Deploys a read-only API node which only reads from the PG DB, and does not accept