From f85b3710fa6d86101d7177ed349bfdfcd3bd46e5 Mon Sep 17 00:00:00 2001 From: Stephan Feurer Date: Wed, 30 Aug 2023 08:48:10 +0200 Subject: [PATCH] Support using external secret for database connection --- component/Makefile.vars.mk | 2 +- component/class/defaults.yml | 8 ++- component/component/main.jsonnet | 63 ++++++++++++------- .../tests/billing-collector-cloudservices.yml | 23 +++++-- .../tests/cloudscale-metrics-collector.yml | 46 ++++++++++++-- .../tests/collector-cloudscale-lpg-2.yml | 21 +++++-- .../tests/exoscale-metrics-collector.yml | 46 ++++++++++++-- .../apps/billing-collector-cloudservices.yaml | 0 .../dbaasCronjob.yaml | 60 ++++++++++++++++++ .../objectStorageCronjob.yaml | 60 ++++++++++++++++++ .../secrets.yaml | 15 +++++ .../objectStorageCronjob.yaml | 40 +++++++++--- .../objectStorageCronjob.yaml | 27 ++++++-- .../dbaasCronjob.yaml | 40 +++++++++--- .../objectStorageCronjob.yaml | 40 +++++++++--- .../ROOT/pages/references/parameters.adoc | 51 ++++++++++++--- 16 files changed, 459 insertions(+), 83 deletions(-) create mode 100644 component/tests/golden/billing-collector-cloudservices/billing-collector-cloudservices/apps/billing-collector-cloudservices.yaml create mode 100644 component/tests/golden/billing-collector-cloudservices/billing-collector-cloudservices/billing-collector-cloudservices/dbaasCronjob.yaml create mode 100644 component/tests/golden/billing-collector-cloudservices/billing-collector-cloudservices/billing-collector-cloudservices/objectStorageCronjob.yaml create mode 100644 component/tests/golden/billing-collector-cloudservices/billing-collector-cloudservices/billing-collector-cloudservices/secrets.yaml diff --git a/component/Makefile.vars.mk b/component/Makefile.vars.mk index a4e597e..72f6a2a 100644 --- a/component/Makefile.vars.mk +++ b/component/Makefile.vars.mk @@ -44,4 +44,4 @@ KUBENT_IMAGE ?= docker.io/projectsyn/kubent:latest KUBENT_DOCKER ?= $(DOCKER_CMD) $(DOCKER_ARGS) $(root_volume) --entrypoint=/app/kubent $(KUBENT_IMAGE) instance ?= billing-collector-cloudservices -test_instances = tests/exoscale-metrics-collector.yml tests/collector-cloudscale-lpg-2.yml tests/cloudscale-metrics-collector.yml +test_instances = tests/billing-collector-cloudservices.yml tests/exoscale-metrics-collector.yml tests/collector-cloudscale-lpg-2.yml tests/cloudscale-metrics-collector.yml diff --git a/component/class/defaults.yml b/component/class/defaults.yml index 9a02121..93e0bb8 100644 --- a/component/class/defaults.yml +++ b/component/class/defaults.yml @@ -4,7 +4,13 @@ parameters: multi_instance: true namespace: appuio-cloud-reporting - database: {} + + database: ${appuio_cloud_reporting:database} + database_secret: ${appuio_cloud_reporting:database_secret} + database_env: ${appuio_cloud_reporting:database_env} + extra_volumes: ${appuio_cloud_reporting:extra_volumes} + + cloud_reporting_dbsecret_name: reporting-db secrets: exoscale: diff --git a/component/component/main.jsonnet b/component/component/main.jsonnet index 2fb381b..535f6d0 100644 --- a/component/component/main.jsonnet +++ b/component/component/main.jsonnet @@ -9,6 +9,7 @@ local alias_suffix = '-' + alias; local credentials_secret_name = 'credentials' + alias_suffix; local component_name = 'billing-collector-cloudservices'; +assert std.member(inv.applications, 'appuio-cloud-reporting') : 'Component appuio-cloud-reporting must be installed'; local labels = { 'app.kubernetes.io/name': component_name, @@ -27,6 +28,35 @@ local secret(key) = [ for s in std.objectFields(params.secrets[key]) ]; +local dbEnv = [ + { + name: name, + valueFrom: { + secretKeyRef: { + name: params.cloud_reporting_dbsecret_name, + key: name, + }, + }, + } + for name in std.objectFields(params.database_secret) +] + [ + { + name: name, + [if std.type(params.database_env[name]) == 'string' then 'value' else 'valueFrom']: params.database_env[name], + } + for name in std.objectFields(params.database_env) +] + [ + assert params.database.url != null : 'database.url must be set.'; + { + name: 'DB_PARAMS', + value: params.database.parameters, + }, + { + name: 'ACR_DB_URL', + value: params.database.url, + }, +]; + local cronjob(name, args, schedule) = { kind: 'CronJob', apiVersion: 'batch/v1', @@ -55,33 +85,18 @@ local cronjob(name, args, schedule) = { }, }, ], - env: [ - { - name: 'password', - valueFrom: { - secretKeyRef: { - key: 'password', - name: 'reporting-db', - }, - }, - }, - { - name: 'username', - valueFrom: { - secretKeyRef: { - key: 'username', - name: 'reporting-db', - }, - }, - }, - { - name: 'ACR_DB_URL', - value: 'postgres://$(username):$(password)@%(host)s:%(port)s/%(name)s?%(parameters)s' % params.database, - }, - ], + env: dbEnv, resources: {}, + [if std.length(params.extra_volumes) > 0 then 'volumeMounts']: [ + { name: name } + params.extra_volumes[name].mount_spec + for name in std.objectFields(params.extra_volumes) + ], }, ], + [if std.length(params.extra_volumes) > 0 then 'volumes']: [ + { name: name } + params.extra_volumes[name].volume_spec + for name in std.objectFields(params.extra_volumes) + ], }, }, }, diff --git a/component/tests/billing-collector-cloudservices.yml b/component/tests/billing-collector-cloudservices.yml index efbe0ed..d03688b 100644 --- a/component/tests/billing-collector-cloudservices.yml +++ b/component/tests/billing-collector-cloudservices.yml @@ -1,11 +1,22 @@ +applications: + - appuio-cloud-reporting + parameters: - billing_collector_cloudservices: + appuio_cloud_reporting: database: - name: 'reporting' - host: 'reporting-db.appuio-reporting.svc' - parameters: 'sslmode=disable' - password: 'passw0rd' - port: 5432 + url: postgres://$(DB_USER):$(DB_PASSWORD)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?$(DB_PARAMS) + parameters: '' + database_secret: + DB_USER: appuio-cloud-reporting + DB_PASSWORD: letmein + DB_HOST: db.example.com + DB_PORT: 5432 + DB_NAME: appuio-cloud-reporting + database_env: {} + + extra_volumes: {} + + billing_collector_cloudservices: exoscale: enabled: true dbaas: diff --git a/component/tests/cloudscale-metrics-collector.yml b/component/tests/cloudscale-metrics-collector.yml index df72ba1..e0dfc9e 100644 --- a/component/tests/cloudscale-metrics-collector.yml +++ b/component/tests/cloudscale-metrics-collector.yml @@ -1,11 +1,45 @@ +applications: + - appuio-cloud-reporting + parameters: - billing_collector_cloudservices: + appuio_cloud_reporting: database: - name: 'reporting' - host: 'reporting-db.appuio-reporting.svc' - parameters: 'sslmode=disable' - password: 'passw0rd' - port: 5432 + url: postgres://$(DB_USER):$(DB_PASSWORD)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?$(DB_PARAMS) + parameters: '' + database_secret: {} + database_env: + DB_USER: + secretKeyRef: + name: reporting-db-prod-cred + key: POSTGRESQL_USER + DB_PASSWORD: + secretKeyRef: + name: reporting-db-prod-cred + key: POSTGRESQL_PASSWORD + DB_HOST: + secretKeyRef: + name: reporting-db-prod-cred + key: POSTGRESQL_HOST + DB_PORT: + secretKeyRef: + name: reporting-db-prod-cred + key: POSTGRESQL_PORT + DB_NAME: + secretKeyRef: + name: reporting-db-prod-cred + key: POSTGRESQL_DB + + extra_volumes: + dbsecret: + mount_spec: + readOnly: true + mountPath: /secrets/database + volume_spec: + secret: + secretName: reporting-db-prod-cred + defaultMode: 0600 + + billing_collector_cloudservices: cloudscale: enabled: true objectStorage: diff --git a/component/tests/collector-cloudscale-lpg-2.yml b/component/tests/collector-cloudscale-lpg-2.yml index 2c2b7d7..f31d0fd 100644 --- a/component/tests/collector-cloudscale-lpg-2.yml +++ b/component/tests/collector-cloudscale-lpg-2.yml @@ -1,13 +1,22 @@ applications: - metrics-collector as collector-cloudscale-lpg-2 + - appuio-cloud-reporting parameters: - billing_collector_cloudservices: + appuio_cloud_reporting: database: - name: 'reporting' - host: 'reporting-db.appuio-reporting.svc' - parameters: 'sslmode=disable' - password: 'passw0rd' - port: 5432 + url: postgres://$(DB_USER):$(DB_PASSWORD)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?$(DB_PARAMS) + parameters: '' + database_secret: + DB_USER: appuio-cloud-reporting + DB_PASSWORD: letmein + DB_HOST: db.example.com + DB_PORT: 5432 + DB_NAME: appuio-cloud-reporting + database_env: {} + + extra_volumes: {} + + billing_collector_cloudservices: exoscale: enabled: true diff --git a/component/tests/exoscale-metrics-collector.yml b/component/tests/exoscale-metrics-collector.yml index efbe0ed..66831c6 100644 --- a/component/tests/exoscale-metrics-collector.yml +++ b/component/tests/exoscale-metrics-collector.yml @@ -1,11 +1,45 @@ +applications: + - appuio-cloud-reporting + parameters: - billing_collector_cloudservices: + appuio_cloud_reporting: database: - name: 'reporting' - host: 'reporting-db.appuio-reporting.svc' - parameters: 'sslmode=disable' - password: 'passw0rd' - port: 5432 + url: postgres://$(DB_USER):$(DB_PASSWORD)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?$(DB_PARAMS) + parameters: '' + database_secret: {} + database_env: + DB_USER: + secretKeyRef: + name: reporting-db-prod-cred + key: POSTGRESQL_USER + DB_PASSWORD: + secretKeyRef: + name: reporting-db-prod-cred + key: POSTGRESQL_PASSWORD + DB_HOST: + secretKeyRef: + name: reporting-db-prod-cred + key: POSTGRESQL_HOST + DB_PORT: + secretKeyRef: + name: reporting-db-prod-cred + key: POSTGRESQL_PORT + DB_NAME: + secretKeyRef: + name: reporting-db-prod-cred + key: POSTGRESQL_DB + + extra_volumes: + dbsecret: + mount_spec: + readOnly: true + mountPath: /secrets/database + volume_spec: + secret: + secretName: reporting-db-prod-cred + defaultMode: 0600 + + billing_collector_cloudservices: exoscale: enabled: true dbaas: diff --git a/component/tests/golden/billing-collector-cloudservices/billing-collector-cloudservices/apps/billing-collector-cloudservices.yaml b/component/tests/golden/billing-collector-cloudservices/billing-collector-cloudservices/apps/billing-collector-cloudservices.yaml new file mode 100644 index 0000000..e69de29 diff --git a/component/tests/golden/billing-collector-cloudservices/billing-collector-cloudservices/billing-collector-cloudservices/dbaasCronjob.yaml b/component/tests/golden/billing-collector-cloudservices/billing-collector-cloudservices/billing-collector-cloudservices/dbaasCronjob.yaml new file mode 100644 index 0000000..57c1dcc --- /dev/null +++ b/component/tests/golden/billing-collector-cloudservices/billing-collector-cloudservices/billing-collector-cloudservices/dbaasCronjob.yaml @@ -0,0 +1,60 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + labels: + app.kubernetes.io/component: billing-collector-cloudservices + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: billing-collector-cloudservices + app.kubernetes.io/part-of: appuio-cloud-reporting + name: billing-collector-cloudservices-dbaas + namespace: appuio-cloud-reporting +spec: + concurrencyPolicy: Forbid + failedJobsHistoryLimit: 5 + jobTemplate: + spec: + template: + spec: + containers: + - args: + - exoscale + - dbaas + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + key: DB_HOST + name: reporting-db + - name: DB_NAME + valueFrom: + secretKeyRef: + key: DB_NAME + name: reporting-db + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + key: DB_PASSWORD + name: reporting-db + - name: DB_PORT + valueFrom: + secretKeyRef: + key: DB_PORT + name: reporting-db + - name: DB_USER + valueFrom: + secretKeyRef: + key: DB_USER + name: reporting-db + - name: DB_PARAMS + value: '' + - name: ACR_DB_URL + value: postgres://$(DB_USER):$(DB_PASSWORD)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?$(DB_PARAMS) + envFrom: + - secretRef: + name: credentials-billing-collector-cloudservices + image: ghcr.io/vshn/billing-collector-cloudservices:v1.0.3 + name: billing-collector-cloudservices-backfill + resources: {} + restartPolicy: OnFailure + schedule: '*/15 * * * *' + successfulJobsHistoryLimit: 3 diff --git a/component/tests/golden/billing-collector-cloudservices/billing-collector-cloudservices/billing-collector-cloudservices/objectStorageCronjob.yaml b/component/tests/golden/billing-collector-cloudservices/billing-collector-cloudservices/billing-collector-cloudservices/objectStorageCronjob.yaml new file mode 100644 index 0000000..a447de2 --- /dev/null +++ b/component/tests/golden/billing-collector-cloudservices/billing-collector-cloudservices/billing-collector-cloudservices/objectStorageCronjob.yaml @@ -0,0 +1,60 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + labels: + app.kubernetes.io/component: billing-collector-cloudservices + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: billing-collector-cloudservices + app.kubernetes.io/part-of: appuio-cloud-reporting + name: billing-collector-cloudservices-objectstorage + namespace: appuio-cloud-reporting +spec: + concurrencyPolicy: Forbid + failedJobsHistoryLimit: 5 + jobTemplate: + spec: + template: + spec: + containers: + - args: + - exoscale + - objectstorage + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + key: DB_HOST + name: reporting-db + - name: DB_NAME + valueFrom: + secretKeyRef: + key: DB_NAME + name: reporting-db + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + key: DB_PASSWORD + name: reporting-db + - name: DB_PORT + valueFrom: + secretKeyRef: + key: DB_PORT + name: reporting-db + - name: DB_USER + valueFrom: + secretKeyRef: + key: DB_USER + name: reporting-db + - name: DB_PARAMS + value: '' + - name: ACR_DB_URL + value: postgres://$(DB_USER):$(DB_PASSWORD)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?$(DB_PARAMS) + envFrom: + - secretRef: + name: credentials-billing-collector-cloudservices + image: ghcr.io/vshn/billing-collector-cloudservices:v1.0.3 + name: billing-collector-cloudservices-backfill + resources: {} + restartPolicy: OnFailure + schedule: 10 10,16,20 * * * + successfulJobsHistoryLimit: 3 diff --git a/component/tests/golden/billing-collector-cloudservices/billing-collector-cloudservices/billing-collector-cloudservices/secrets.yaml b/component/tests/golden/billing-collector-cloudservices/billing-collector-cloudservices/billing-collector-cloudservices/secrets.yaml new file mode 100644 index 0000000..d3eaf10 --- /dev/null +++ b/component/tests/golden/billing-collector-cloudservices/billing-collector-cloudservices/billing-collector-cloudservices/secrets.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +data: {} +kind: Secret +metadata: + annotations: {} + labels: + name: credentials-billing-collector-cloudservices + name: credentials-billing-collector-cloudservices + namespace: appuio-cloud-reporting +stringData: + EXOSCALE_API_KEY: t-silent-test-1234/c-green-test-1234/billing-collector-cloudservices/billing-collector-cloudservices/exoscale-key + EXOSCALE_API_SECRET: t-silent-test-1234/c-green-test-1234/billing-collector-cloudservices/billing-collector-cloudservices/exoscale-secret + KUBERNETES_SERVER_TOKEN: t-silent-test-1234/c-green-test-1234/billing-collector-cloudservices/billing-collector-cloudservices/cluster-token + KUBERNETES_SERVER_URL: t-silent-test-1234/c-green-test-1234/billing-collector-cloudservices/billing-collector-cloudservices/cluster-server +type: Opaque diff --git a/component/tests/golden/cloudscale-metrics-collector/cloudscale-metrics-collector/cloudscale-metrics-collector/objectStorageCronjob.yaml b/component/tests/golden/cloudscale-metrics-collector/cloudscale-metrics-collector/cloudscale-metrics-collector/objectStorageCronjob.yaml index e063618..570ff2c 100644 --- a/component/tests/golden/cloudscale-metrics-collector/cloudscale-metrics-collector/cloudscale-metrics-collector/objectStorageCronjob.yaml +++ b/component/tests/golden/cloudscale-metrics-collector/cloudscale-metrics-collector/cloudscale-metrics-collector/objectStorageCronjob.yaml @@ -20,24 +20,50 @@ spec: - cloudscale - objectstorage env: - - name: password + - name: DB_HOST valueFrom: secretKeyRef: - key: password - name: reporting-db - - name: username + key: POSTGRESQL_HOST + name: reporting-db-prod-cred + - name: DB_NAME valueFrom: secretKeyRef: - key: username - name: reporting-db + key: POSTGRESQL_DB + name: reporting-db-prod-cred + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + key: POSTGRESQL_PASSWORD + name: reporting-db-prod-cred + - name: DB_PORT + valueFrom: + secretKeyRef: + key: POSTGRESQL_PORT + name: reporting-db-prod-cred + - name: DB_USER + valueFrom: + secretKeyRef: + key: POSTGRESQL_USER + name: reporting-db-prod-cred + - name: DB_PARAMS + value: '' - name: ACR_DB_URL - value: postgres://$(username):$(password)@reporting-db.appuio-reporting.svc:5432/reporting?sslmode=disable + value: postgres://$(DB_USER):$(DB_PASSWORD)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?$(DB_PARAMS) envFrom: - secretRef: name: credentials-cloudscale-metrics-collector image: ghcr.io/vshn/billing-collector-cloudservices:v1.0.3 name: billing-collector-cloudservices-backfill resources: {} + volumeMounts: + - mountPath: /secrets/database + name: dbsecret + readOnly: true restartPolicy: OnFailure + volumes: + - name: dbsecret + secret: + defaultMode: 384 + secretName: reporting-db-prod-cred schedule: 10 4,10,16 * * * successfulJobsHistoryLimit: 3 diff --git a/component/tests/golden/collector-cloudscale-lpg-2/collector-cloudscale-lpg-2/collector-cloudscale-lpg-2/objectStorageCronjob.yaml b/component/tests/golden/collector-cloudscale-lpg-2/collector-cloudscale-lpg-2/collector-cloudscale-lpg-2/objectStorageCronjob.yaml index 0b03c46..d3b98a8 100644 --- a/component/tests/golden/collector-cloudscale-lpg-2/collector-cloudscale-lpg-2/collector-cloudscale-lpg-2/objectStorageCronjob.yaml +++ b/component/tests/golden/collector-cloudscale-lpg-2/collector-cloudscale-lpg-2/collector-cloudscale-lpg-2/objectStorageCronjob.yaml @@ -20,18 +20,35 @@ spec: - exoscale - objectstorage env: - - name: password + - name: DB_HOST valueFrom: secretKeyRef: - key: password + key: DB_HOST name: reporting-db - - name: username + - name: DB_NAME valueFrom: secretKeyRef: - key: username + key: DB_NAME name: reporting-db + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + key: DB_PASSWORD + name: reporting-db + - name: DB_PORT + valueFrom: + secretKeyRef: + key: DB_PORT + name: reporting-db + - name: DB_USER + valueFrom: + secretKeyRef: + key: DB_USER + name: reporting-db + - name: DB_PARAMS + value: '' - name: ACR_DB_URL - value: postgres://$(username):$(password)@reporting-db.appuio-reporting.svc:5432/reporting?sslmode=disable + value: postgres://$(DB_USER):$(DB_PASSWORD)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?$(DB_PARAMS) envFrom: - secretRef: name: credentials-collector-cloudscale-lpg-2 diff --git a/component/tests/golden/exoscale-metrics-collector/exoscale-metrics-collector/exoscale-metrics-collector/dbaasCronjob.yaml b/component/tests/golden/exoscale-metrics-collector/exoscale-metrics-collector/exoscale-metrics-collector/dbaasCronjob.yaml index 6477de2..0d81508 100644 --- a/component/tests/golden/exoscale-metrics-collector/exoscale-metrics-collector/exoscale-metrics-collector/dbaasCronjob.yaml +++ b/component/tests/golden/exoscale-metrics-collector/exoscale-metrics-collector/exoscale-metrics-collector/dbaasCronjob.yaml @@ -20,24 +20,50 @@ spec: - exoscale - dbaas env: - - name: password + - name: DB_HOST valueFrom: secretKeyRef: - key: password - name: reporting-db - - name: username + key: POSTGRESQL_HOST + name: reporting-db-prod-cred + - name: DB_NAME valueFrom: secretKeyRef: - key: username - name: reporting-db + key: POSTGRESQL_DB + name: reporting-db-prod-cred + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + key: POSTGRESQL_PASSWORD + name: reporting-db-prod-cred + - name: DB_PORT + valueFrom: + secretKeyRef: + key: POSTGRESQL_PORT + name: reporting-db-prod-cred + - name: DB_USER + valueFrom: + secretKeyRef: + key: POSTGRESQL_USER + name: reporting-db-prod-cred + - name: DB_PARAMS + value: '' - name: ACR_DB_URL - value: postgres://$(username):$(password)@reporting-db.appuio-reporting.svc:5432/reporting?sslmode=disable + value: postgres://$(DB_USER):$(DB_PASSWORD)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?$(DB_PARAMS) envFrom: - secretRef: name: credentials-exoscale-metrics-collector image: ghcr.io/vshn/billing-collector-cloudservices:v1.0.3 name: billing-collector-cloudservices-backfill resources: {} + volumeMounts: + - mountPath: /secrets/database + name: dbsecret + readOnly: true restartPolicy: OnFailure + volumes: + - name: dbsecret + secret: + defaultMode: 384 + secretName: reporting-db-prod-cred schedule: '*/15 * * * *' successfulJobsHistoryLimit: 3 diff --git a/component/tests/golden/exoscale-metrics-collector/exoscale-metrics-collector/exoscale-metrics-collector/objectStorageCronjob.yaml b/component/tests/golden/exoscale-metrics-collector/exoscale-metrics-collector/exoscale-metrics-collector/objectStorageCronjob.yaml index 47c48d4..c86b47f 100644 --- a/component/tests/golden/exoscale-metrics-collector/exoscale-metrics-collector/exoscale-metrics-collector/objectStorageCronjob.yaml +++ b/component/tests/golden/exoscale-metrics-collector/exoscale-metrics-collector/exoscale-metrics-collector/objectStorageCronjob.yaml @@ -20,24 +20,50 @@ spec: - exoscale - objectstorage env: - - name: password + - name: DB_HOST valueFrom: secretKeyRef: - key: password - name: reporting-db - - name: username + key: POSTGRESQL_HOST + name: reporting-db-prod-cred + - name: DB_NAME valueFrom: secretKeyRef: - key: username - name: reporting-db + key: POSTGRESQL_DB + name: reporting-db-prod-cred + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + key: POSTGRESQL_PASSWORD + name: reporting-db-prod-cred + - name: DB_PORT + valueFrom: + secretKeyRef: + key: POSTGRESQL_PORT + name: reporting-db-prod-cred + - name: DB_USER + valueFrom: + secretKeyRef: + key: POSTGRESQL_USER + name: reporting-db-prod-cred + - name: DB_PARAMS + value: '' - name: ACR_DB_URL - value: postgres://$(username):$(password)@reporting-db.appuio-reporting.svc:5432/reporting?sslmode=disable + value: postgres://$(DB_USER):$(DB_PASSWORD)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?$(DB_PARAMS) envFrom: - secretRef: name: credentials-exoscale-metrics-collector image: ghcr.io/vshn/billing-collector-cloudservices:v1.0.3 name: billing-collector-cloudservices-backfill resources: {} + volumeMounts: + - mountPath: /secrets/database + name: dbsecret + readOnly: true restartPolicy: OnFailure + volumes: + - name: dbsecret + secret: + defaultMode: 384 + secretName: reporting-db-prod-cred schedule: 10 10,16,20 * * * successfulJobsHistoryLimit: 3 diff --git a/docs/modules/ROOT/pages/references/parameters.adoc b/docs/modules/ROOT/pages/references/parameters.adoc index 907de67..f777453 100644 --- a/docs/modules/ROOT/pages/references/parameters.adoc +++ b/docs/modules/ROOT/pages/references/parameters.adoc @@ -27,15 +27,52 @@ default:: + [source,yaml] ---- -host: null -port: 5432 -name: appuio-cloud-reporting -username: appuio-cloud-reporting -password: null -parameters: '' +database: ${appuio_cloud_reporting:database} ---- -Dictionary managing the connection to the reporting database. +See https://hub.syn.tools/appuio-cloud-reporting/references/parameters.html#_database[appuio-cloud-reporting docs] for reference. + + +== `database_secret` + +[horizontal] +type:: dictionary +default:: ++ +[source,yaml] +---- +database_secret: ${appuio_cloud_reporting:database_secret} +---- + +See https://hub.syn.tools/appuio-cloud-reporting/references/parameters.html#_database_secret[appuio-cloud-reporting docs] for reference. + +== `database_env` + +[horizontal] +type:: dictionary +default:: ++ +[source,yaml] +---- +database_env: ${appuio_cloud_reporting:database_env} +---- + +See https://hub.syn.tools/appuio-cloud-reporting/references/parameters.html#_database_env[appuio-cloud-reporting docs] for reference. + + +== `extra_volumes` + +[horizontal] +type:: dictionary +default:: ++ +[source,yaml] +---- +extra_volumes: ${appuio_cloud_reporting:extra_volumes} +---- + +See https://hub.syn.tools/appuio-cloud-reporting/references/parameters.html#_extra_volumes[appuio-cloud-reporting docs] for reference. + == `images`