elastiflow · kgrubb · Apr 25, 2024 · Apr 18, 2024 · Apr 18, 2024 · Apr 18, 2024
diff --git a/charts/netobserv/Chart.yaml b/charts/netobserv/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: netobserv
 description: ElastiFlow NetObserv
 type: application
-version: 0.0.12
+version: 0.0.13
 appVersion: 6.4.3
 
 keywords:

diff --git a/charts/netobserv/templates/deployment.yaml b/charts/netobserv/templates/deployment.yaml
@@ -32,26 +32,32 @@ spec:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       {{- if or .Values.maxmind.asnEnabled .Values.maxmind.geoipEnabled }}
       initContainers:
-        {{- if .Values.maxmind.asnEnabled }}
-        - name: download-geolite2-asn
-          image: curlimages/curl
-          command: ["sh", "-c"]
-          args:
-            - "curl -o /data/GeoLite2-ASN.tar.gz https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-ASN&license_key={{ .Values.maxmind.licenseKey }}&suffix=tar.gz && tar -xzvf GeoLite2-ASN.tar.gz && rm GeoLite2-ASN.tar.gz"
-          volumeMounts:
-            - name: geolite2-data
-              mountPath: /data
-        {{- end }}
-        {{- if .Values.maxmind.geoipEnabled }}
-        - name: download-geolite2-city
-          image: curlimages/curl
-          command: ["sh", "-c"]
-          args:
-            - "curl -o /data/GeoLite2-City.tar.gz https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-City&license_key={{ .Values.maxmind.licenseKey }}&suffix=tar.gz && tar -xzvf GeoLite2-City.tar.gz && rm GeoLite2-City.tar.gz"
+        - name: maxmind-geoipupdate
+          image: maxmindinc/geoipupdate
+          workingDir: /data
+          env:
+            - name: GEOIPUPDATE_ACCOUNT_ID
+              value: {{ .Values.maxmind.accountId | quote }}
+            - name: GEOIPUPDATE_LICENSE_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.maxmind.secretRef }}
+                  key: license
+            - name: GEOIPUPDATE_EDITION_IDS
+              {{- if and .Values.maxmind.asnEnabled (not .Values.maxmind.geoipEnabled) }}
+              value: "GeoLite2-ASN"
+              {{- end }}
+              {{- if and .Values.maxmind.geoipEnabled (not .Values.maxmind.asnEnabled) }}
+              value: "GeoLite2-City"
+              {{- end }}
+              {{- if and .Values.maxmind.geoipEnabled .Values.maxmind.asnEnabled }}
+              value: "GeoLite2-ASN GeoLite2-City"
+              {{- end }}
+            - name: GEOIPUPDATE_DB_DIR
+              value: /data
           volumeMounts:
             - name: geolite2-data
               mountPath: /data
-        {{- end }}
       {{- end }}
       containers:
         - name: {{ .Chart.Name }}
@@ -89,6 +95,34 @@ spec:
             - name: geolite2-data
               mountPath: /etc/elastiflow/maxmind
           {{- end }}
+        {{- if or .Values.maxmind.asnEnabled .Values.maxmind.geoipEnabled }}
+        - name: maxmind-geoipupdate
+          image: maxmindinc/geoipupdate
+          workingDir: /data
+          env:
+            - name: GEOIPUPDATE_ACCOUNT_ID
+              value: {{ .Values.maxmind.accountId | quote }}
+            - name: GEOIPUPDATE_LICENSE_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.maxmind.secretRef }}
+                  key: license
+            - name: GEOIPUPDATE_EDITION_IDS
+              {{- if and .Values.maxmind.asnEnabled (not .Values.maxmind.geoipEnabled) }}
+              value: "GeoLite2-ASN"
+              {{- end }}
+              {{- if and .Values.maxmind.geoipEnabled (not .Values.maxmind.asnEnabled) }}
+              value: "GeoLite2-City"
+              {{- end }}
+              {{- if and .Values.maxmind.geoipEnabled .Values.maxmind.asnEnabled }}
+              value: "GeoLite2-ASN GeoLite2-City"
+              {{- end }}
+            - name: GEOIPUPDATE_DB_DIR
+              value: /data
+          volumeMounts:
+            - name: geolite2-data
+              mountPath: /data
+        {{- end }}
       {{- if or .Values.maxmind.asnEnabled .Values.maxmind.geoipEnabled }}
       volumes:
         - name: geolite2-data

diff --git a/charts/netobserv/templates/maxmind-secret.yaml b/charts/netobserv/templates/maxmind-secret.yaml
@@ -0,0 +1,9 @@
+{{- if .Values.maxmind.createSecret -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.maxmind.secretRef }}
+type: Opaque
+data:
+  license: {{ .Values.maxmind.licenseKey | b64enc }}
+{{- end }}
diff --git a/charts/netobserv/templates/secrets.yaml → ...netobserv/templates/netobserv-secret.yaml b/charts/netobserv/templates/secrets.yaml → ...netobserv/templates/netobserv-secret.yaml
@@ -2,7 +2,7 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ .Values.license.secretRef | default "netobserv-license" }}
+  name: {{ .Values.license.secretRef }}
   labels:
     {{- include "netobserv.labels" . | nindent 4 }}
 type: Opaque

diff --git a/charts/netobserv/values.yaml b/charts/netobserv/values.yaml
@@ -67,25 +67,31 @@ env:
   # EF_OUTPUT_GENERIC_HTTP_ADDRESSES: ''
   # EF_OUTPUT_RISKIQ_ENABLE: 'false'
 
+license:
+  # Specifies whether a secret should be created. If you don't have a license, no need to create a license secret.
+  createSecret: false
+  # Secret name to be used for the license. If empty, the secret name defaults to `netobserv-license`
+  # If no secret with a matching name exists, the value will be set from `licenseKey`.instead.
+  secretRef: "netobserv-license"
+  # Set license key, if not set, value from secret will be used
+  licenseKey: ""
+
 # If the EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_ASN_ENABLE or EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_GEOIP_ENABLE
-# environment variables are set to true, enable the corresponding service and provide a MaxMind license key:
+# environment variables are set to true, enable the corresponding service and provide a MaxMind acount id and license key:
 # https://dev.maxmind.com/geoip/geolite2-free-geolocation-data
 maxmind:
+  # Specifies whether a secret should be created for the maxmind license key.
+  createSecret: false
+  # Secret name to be used for the license. If empty, the secret name defaults to `maxmind-license`
+  # If no secret with a matching name exists, the value will be set from `licenseKey`.instead.
+  secretRef: "maxmind-license"
   # Enabling asn will look up the autonomous system number and autonomous system
   # organization associated with IPv4 and IPv6 addresses.
   asnEnabled: false
   # Enabling geoip will look up the country, subdivisions (regions), city, and
   # postal code associated with IPv4 and IPv6 addresses.
   geoipEnabled: false
-  licenseKey: ""
-
-license:
-  # Specifies whether a secret should be created. If you don't have a license, no need to create a license secret.
-  createSecret: false
-  # Secret name to be used for the license. If empty, the secret name defaults to `netobserv-license`
-  # If no secret with a matching name exists, the value will be set from `licenseKey`.instead.
-  secretRef: ""
-  # Set license key, if not set, value from secret will be used
+  accountId: ""
   licenseKey: ""
 
 imagePullSecrets: []