Configuration for Privileged vs Non-Privileged services

[eljeffeg]

Is your feature request related to a problem? Please describe. Our Elastic instance requires a pod label to access it. I am unable to configure a label privileged services in order to access these resources without granting similar access to non-privileged services.

Describe the solution you'd like Please provide a configuration for adding labels to privileged vs non services. Perhaps a section similar to config.scaler.additional_labels

Additional context These are the update services that I need to provide access to Elastic for function, which in my environment, requires a pod label.

alsvc-apivector-updates
alsvc-configextractor-updates
alsvc-safelist-updates
alsvc-sigma-updates
alsvc-suricata-updates
alsvc-tagcheck-updates

[cccs-douglass]

The current release of Assemblyline lets you add labels on a per-container basis in the service settings.

This wouldn't let you blanket apply the label without some scripting on your end, but does give you the specificity to avoid applying the label were you don't want it. Feedback?

[eljeffeg]

Might you be able to provide an example of how you might apply a label, for example role: backend, in the helm chart for container sigma-updates? I didn't see anything in https://cybercentrecanada.github.io/assemblyline4_docs/installation/configuration/services/

Also, perhaps another ticket, but might we be able to use this service section to define a service's imagePullSecret? I tried to add it in general, but then it seems to try and pull all services from my internal repository instead of DockerHub.

[cccs-kevin]

+1 for documentation update :)