crowdsecurity
Intended purpose of extraInitContainers in helm chart or possible indentation bug
Description
I want to add an extraInitContainer to the LAPI pod to execute a script found in a configmap. As far as I understood I can use extraInitContainers as described in the default values.yaml file. Further I added the according yaml section in my values.yaml, but when parsing the chart using helm I encounter a mismatching indentation, my yaml section is added to the bottom of default initContainer "fetch-metabase-config" instead of being an own element in the list of initContainers. Is the intended behaviour of the chart to add fields to the default initContainer or might this be an indentation bug?
Yaml input
Snippet of my values.yaml defining an extraInitContainer mounting a configmap:
lapi:
extraInitContainers:
- name: init-something
image: alpine:3.19
command: ["/bin/sh", "/scripts/init-something.sh"]
volumeMounts:
- name: init-something
mountPath: /scripts
readOnly: true
extraVolumes:
- name: init-something
configMap:
name: init-something
defaultMode: 0755
Expected behavior
I expected that my extraInitContainer will be the second initContainer with a parsed yaml like the following:
spec:
initContainers:
- name: fetch-metabase-config
image: busybox:1.28
imagePullPolicy: IfNotPresent
command: ['sh', '-c', 'if [ -f /metabase-data/metabase.db/metabase.db.mv.db ]; then echo "Metabase database file already exists, skipping download and unzip"; else wget https://crowdsec-statics-assets.s3-eu-west-1.amazonaws.com/metabase_sqlite.zip && unzip metabase_sqlite.zip -nd /metabase-data/; fi']
volumeMounts:
- name: crowdsec-db
mountPath: /metabase-data
subPath: dashboard
- command:
- /bin/sh
- /scripts/init-something.sh
image: alpine:3.19
name: init-something
volumeMounts:
- mountPath: /scripts
name: init-something
readOnly: true
Actual behavior
The extraInitContainer was inserted under the key volumeMounts of the default initContainer:
spec:
initContainers:
- name: fetch-metabase-config
image: busybox:1.28
imagePullPolicy: IfNotPresent
command: ['sh', '-c', 'if [ -f /metabase-data/metabase.db/metabase.db.mv.db ]; then echo "Metabase database file already exists, skipping download and unzip"; else wget https://crowdsec-statics-assets.s3-eu-west-1.amazonaws.com/metabase_sqlite.zip && unzip metabase_sqlite.zip -nd /metabase-data/; fi']
volumeMounts:
- name: crowdsec-db
mountPath: /metabase-data
subPath: dashboard
- command:
- /bin/sh
- /scripts/init-something.sh
image: alpine:3.19
name: init-something
volumeMounts:
- mountPath: /scripts
name: init-something
readOnly: true
Steps to Reproduce
Add an extraInitContainer to the values.yaml and proceed with helm template.
Suggested fix
When having a look at the template of the deployment for LAPI it's visible that the nindent shows 8 which is the reason why this occurs. As seen in the snippet from this file the first element of initContainers is introduced by "- name: fetch-metabase-config" with an indentation of 6 spaces until the -. For the next element which is coming from extraInitContainers there will be an indentation of 8 spaces (nindent 8) which leads to the inserted yaml being part of the previous list element instead of a new one.
initContainers:
{{- if .Values.lapi.dashboard.enabled }}
- name: fetch-metabase-config
image: busybox:1.28
imagePullPolicy: IfNotPresent
command: ['sh', '-c', 'if [ -f /metabase-data/metabase.db/metabase.db.mv.db ]; then echo "Metabase database file already exists, skipping download and unzip"; else wget {{ .Values.lapi.dashboard.assetURL }} && unzip metabase_sqlite.zip -nd /metabase-data/; fi']
volumeMounts:
- name: crowdsec-db
mountPath: /metabase-data
subPath: dashboard
{{- end }}
{{- if .Values.lapi.extraInitContainers }}
{{- toYaml .Values.lapi.extraInitContainers | nindent 8 }}
{{- end }}
{{- end }}
When changing {{- toYaml .Values.lapi.extraInitContainers | nindent 8 }} to {{- toYaml .Values.lapi.extraInitContainers | nindent 6 }} it should be fixed.
@schnurrro: Thanks for opening an issue, it is currently awaiting triage.
If you haven't already, please provide the following information:
- kind :
bug,enhancementordocumentation - area :
agent,appsec,configuration,cscli,local-api
In the meantime, you can:
- Check Crowdsec Documentation to see if your issue can be self resolved.
- You can also join our Discord.
- Check Releases to make sure your agent is on the latest version.
Details
I am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the forked project rr404/oss-governance-bot repository.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
@schnurrro: There are no 'kind' label on this issue. You need a 'kind' label to start the triage process.
/kind bug/kind documentation/kind enhancement
Details
I am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the forked project rr404/oss-governance-bot repository.