-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcontext7.json
More file actions
30 lines (30 loc) · 3.48 KB
/
context7.json
File metadata and controls
30 lines (30 loc) · 3.48 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
{
"$schema": "https://context7.com/schema/context7.json",
"url": "https://context7.com/devops-ia/steampipe",
"public_key": "pk_poNqP0E20Jn62M589pdY6",
"projectTitle": "Steampipe + Powerpipe Helm Chart",
"description": "Helm chart for deploying Steampipe (PostgreSQL-compatible cloud query API, port 9193) and optionally Powerpipe (compliance dashboards and benchmarks, port 9033) on Kubernetes. Supports 140+ cloud provider plugins (AWS, GCP, Azure, Kubernetes, GitHub, etc.), automatic plugin and mod installation via init containers, workload identity integration, and a full-stack mode where both services run in a single Helm release.",
"folders": ["charts/steampipe", "docs"],
"excludeFolders": [".github", "node_modules", "charts/steampipe/tests", "charts/steampipe/__snapshot__"],
"excludeFiles": ["Chart.lock", "cli-snapshot.json", "artifacthub-repo.yml", ".helmignore", "package.json", "TESTING.md", "CODEOWNERS"],
"rules": [
"Always set bbdd.enabled: true to create the PostgreSQL service — without it no Service resource is created and the endpoint is unreachable",
"Always set bbdd.listen: network (not 'local') when you need connections from outside the pod",
"The PostgreSQL service is always named <release-name>-psql, not <release-name> — use this name for psql, Grafana, and other clients",
"Plugins are declared in initContainer.plugins[] as a list of plugin names (e.g. 'aws', 'gcp') — no version suffix unless pinning",
"The init container uses the SAME image as the main container (ghcr.io/devops-ia/steampipe) — do NOT specify a separate initContainer.image",
"Plugin .spc config files must be mounted into /home/steampipe/.steampipe/config/ — use extraVolumes and extraVolumeMount, NOT configMap.data directly on the deployment",
"Steampipe runs as UID 9193 / GID 0 — this is OpenShift-compatible; do NOT change runAsUser or runAsGroup unless absolutely necessary",
"Always set STEAMPIPE_DATABASE_PASSWORD via a Kubernetes Secret to avoid the random password changing on every pod restart",
"Set STEAMPIPE_UPDATE_CHECK=false and STEAMPIPE_TELEMETRY=none in production Kubernetes deployments",
"For workload identity (AWS IRSA, GCP Workload Identity, Azure WI), annotate the ServiceAccount — the plugins auto-detect credentials; no keys needed in .spc files",
"The Steampipe image is ghcr.io/devops-ia/steampipe (NOT ghcr.io/turbot/steampipe — Turbot stopped publishing images after v0.22.0)",
"Plugins are stored in an emptyDir and reinstalled on every pod start by the init container — this is by design for version freshness",
"To enable Powerpipe dashboards alongside Steampipe, set powerpipe.enabled: true — Powerpipe requires Steampipe as its database backend",
"Always set powerpipe.database to the Steampipe connection string (postgresql://steampipe:<password>@<release>-psql:9193/steampipe) — Powerpipe cannot start without POWERPIPE_DATABASE",
"Powerpipe serves HTTP dashboards on port 9033 — a standard Kubernetes HTTP Ingress works here (unlike Steampipe's TCP-only port 9193)",
"Powerpipe mods are declared in powerpipe.initContainer.mods[] as full Go module URLs (e.g. 'github.com/turbot/steampipe-mod-aws-compliance')",
"The Powerpipe image tag (powerpipe.image.tag) is managed independently of Chart.appVersion — updatecli updates only values.yaml for Powerpipe releases",
"The Powerpipe service is named <release-name>-powerpipe — use this name when configuring ingress backends or port-forwarding"
]
}