Merge pull request #153 from michael-valdron/viewer-envfile

Registry Viewer envfile configmap
devfile · Dec 20, 2022 · cab341c · cab341c
2 parents 45fbba5 + da7dbee
commit cab341c
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 18 deletions.
diff --git a/deploy/chart/devfile-registry/templates/configmap.yaml b/deploy/chart/devfile-registry/templates/configmap.yaml
@@ -42,10 +42,6 @@ data:
         prometheus:
           enabled: true
           path: /metrics
-  devfile-registry-hosts.json: |
-    [
-      { 
-        "name": "Community", 
-        "url": "http://localhost:8080" 
-      }
-    ]
+  .env.registry-viewer: |
+    ANALYTICS_WRITE_KEY={{ .Values.telemetry.registryViewerWriteKey }}
+    DEVFILE_REGISTRIES=[{"name":"Community","url":"http://localhost:8080","fqdn":"http://{{ .Release.Name }}-{{ .Release.Namespace }}.{{ .Values.global.ingress.domain }}"}]
diff --git a/deploy/chart/devfile-registry/templates/deployment.yaml b/deploy/chart/devfile-registry/templates/deployment.yaml
@@ -52,7 +52,12 @@ spec:
             items:
               - key: registry-config.yml
                 path: config.yml
-
+        - name: viewer-env-file
+          configMap:
+            name: {{ template "devfileregistry.fullname" . }}
+            items:
+              - key: .env.registry-viewer
+                path: .env.local
       containers:
       - image: "{{ .Values.devfileIndex.image }}:{{ .Values.devfileIndex.tag }}"
         imagePullPolicy: {{ .Values.devfileIndex.imagePullPolicy }}
@@ -87,6 +92,13 @@ spec:
             value: {{ .Values.telemetry.key }}
           - name: REGISTRY_HEADLESS
             value: "{{ .Values.global.headless }}"
+        securityContext:
+          allowPrivilegeEscalation: false
+          runAsNonRoot: true
+          capabilities:
+            drop: ["ALL"]
+          seccompProfile:
+            type: "RuntimeDefault"
       {{- if not .Values.global.headless }}
       - image: "{{ .Values.registryViewer.image }}:{{ .Values.registryViewer.tag }}"
         imagePullPolicy: {{ .Values.registryViewer.imagePullPolicy }}
@@ -121,16 +133,18 @@ spec:
             memory: {{ .Values.registryViewer.memoryLimit }}
           requests:
             memory: 64Mi
-        env:
-          - name: NEXT_PUBLIC_BASE_PATH
-            value: /viewer
-          - name: NEXT_PUBLIC_DEVFILE_REGISTRIES
-            valueFrom:
-              configMapKeyRef:
-                name: {{ template "devfileregistry.fullname" . }}
-                key: devfile-registry-hosts.json
-          - name: NEXT_PUBLIC_ANALYTICS_WRITE_KEY
-            value: {{ .Values.telemetry.registryViewerWriteKey }}
+        volumeMounts:
+          - name: viewer-env-file
+            mountPath: /app/apps/registry-viewer/.env.local
+            subPath: .env.local
+            readOnly: true
+        securityContext:
+          allowPrivilegeEscalation: false
+          runAsNonRoot: true
+          capabilities:
+            drop: ["ALL"]
+          seccompProfile:
+            type: "RuntimeDefault"
       {{- end }}
       - image: "{{ .Values.ociRegistry.image }}:{{ .Values.ociRegistry.tag }}"
         imagePullPolicy: {{ .Values.ociRegistry.imagePullPolicy }}
@@ -157,6 +171,13 @@ spec:
             memory: {{ .Values.ociRegistry.memoryLimit }}
           requests:
             memory: 64Mi
+        securityContext:
+          allowPrivilegeEscalation: false
+          runAsNonRoot: true
+          capabilities:
+            drop: ["ALL"]
+          seccompProfile:
+            type: "RuntimeDefault"
         volumeMounts:
         - name: devfile-registry-storage
           mountPath: "/var/lib/registry"