Skip to content

Commit

Permalink
Support using external secret for database connection
Browse files Browse the repository at this point in the history
  • Loading branch information
Stephan Feurer committed Aug 30, 2023
1 parent ae32180 commit f85b371
Show file tree
Hide file tree
Showing 16 changed files with 459 additions and 83 deletions.
2 changes: 1 addition & 1 deletion component/Makefile.vars.mk
Original file line number Diff line number Diff line change
Expand Up @@ -44,4 +44,4 @@ KUBENT_IMAGE ?= docker.io/projectsyn/kubent:latest
KUBENT_DOCKER ?= $(DOCKER_CMD) $(DOCKER_ARGS) $(root_volume) --entrypoint=/app/kubent $(KUBENT_IMAGE)

instance ?= billing-collector-cloudservices
test_instances = tests/exoscale-metrics-collector.yml tests/collector-cloudscale-lpg-2.yml tests/cloudscale-metrics-collector.yml
test_instances = tests/billing-collector-cloudservices.yml tests/exoscale-metrics-collector.yml tests/collector-cloudscale-lpg-2.yml tests/cloudscale-metrics-collector.yml
8 changes: 7 additions & 1 deletion component/class/defaults.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,13 @@ parameters:
multi_instance: true

namespace: appuio-cloud-reporting
database: {}

database: ${appuio_cloud_reporting:database}
database_secret: ${appuio_cloud_reporting:database_secret}
database_env: ${appuio_cloud_reporting:database_env}
extra_volumes: ${appuio_cloud_reporting:extra_volumes}

cloud_reporting_dbsecret_name: reporting-db

secrets:
exoscale:
Expand Down
63 changes: 39 additions & 24 deletions component/component/main.jsonnet
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ local alias_suffix = '-' + alias;
local credentials_secret_name = 'credentials' + alias_suffix;
local component_name = 'billing-collector-cloudservices';

assert std.member(inv.applications, 'appuio-cloud-reporting') : 'Component appuio-cloud-reporting must be installed';

local labels = {
'app.kubernetes.io/name': component_name,
Expand All @@ -27,6 +28,35 @@ local secret(key) = [
for s in std.objectFields(params.secrets[key])
];

local dbEnv = [
{
name: name,
valueFrom: {
secretKeyRef: {
name: params.cloud_reporting_dbsecret_name,
key: name,
},
},
}
for name in std.objectFields(params.database_secret)
] + [
{
name: name,
[if std.type(params.database_env[name]) == 'string' then 'value' else 'valueFrom']: params.database_env[name],
}
for name in std.objectFields(params.database_env)
] + [
assert params.database.url != null : 'database.url must be set.';
{
name: 'DB_PARAMS',
value: params.database.parameters,
},
{
name: 'ACR_DB_URL',
value: params.database.url,
},
];

local cronjob(name, args, schedule) = {
kind: 'CronJob',
apiVersion: 'batch/v1',
Expand Down Expand Up @@ -55,33 +85,18 @@ local cronjob(name, args, schedule) = {
},
},
],
env: [
{
name: 'password',
valueFrom: {
secretKeyRef: {
key: 'password',
name: 'reporting-db',
},
},
},
{
name: 'username',
valueFrom: {
secretKeyRef: {
key: 'username',
name: 'reporting-db',
},
},
},
{
name: 'ACR_DB_URL',
value: 'postgres://$(username):$(password)@%(host)s:%(port)s/%(name)s?%(parameters)s' % params.database,
},
],
env: dbEnv,
resources: {},
[if std.length(params.extra_volumes) > 0 then 'volumeMounts']: [
{ name: name } + params.extra_volumes[name].mount_spec
for name in std.objectFields(params.extra_volumes)
],
},
],
[if std.length(params.extra_volumes) > 0 then 'volumes']: [
{ name: name } + params.extra_volumes[name].volume_spec
for name in std.objectFields(params.extra_volumes)
],
},
},
},
Expand Down
23 changes: 17 additions & 6 deletions component/tests/billing-collector-cloudservices.yml
Original file line number Diff line number Diff line change
@@ -1,11 +1,22 @@
applications:
- appuio-cloud-reporting

parameters:
billing_collector_cloudservices:
appuio_cloud_reporting:
database:
name: 'reporting'
host: 'reporting-db.appuio-reporting.svc'
parameters: 'sslmode=disable'
password: 'passw0rd'
port: 5432
url: postgres://$(DB_USER):$(DB_PASSWORD)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?$(DB_PARAMS)
parameters: ''
database_secret:
DB_USER: appuio-cloud-reporting
DB_PASSWORD: letmein
DB_HOST: db.example.com
DB_PORT: 5432
DB_NAME: appuio-cloud-reporting
database_env: {}

extra_volumes: {}

billing_collector_cloudservices:
exoscale:
enabled: true
dbaas:
Expand Down
46 changes: 40 additions & 6 deletions component/tests/cloudscale-metrics-collector.yml
Original file line number Diff line number Diff line change
@@ -1,11 +1,45 @@
applications:
- appuio-cloud-reporting

parameters:
billing_collector_cloudservices:
appuio_cloud_reporting:
database:
name: 'reporting'
host: 'reporting-db.appuio-reporting.svc'
parameters: 'sslmode=disable'
password: 'passw0rd'
port: 5432
url: postgres://$(DB_USER):$(DB_PASSWORD)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?$(DB_PARAMS)
parameters: ''
database_secret: {}
database_env:
DB_USER:
secretKeyRef:
name: reporting-db-prod-cred
key: POSTGRESQL_USER
DB_PASSWORD:
secretKeyRef:
name: reporting-db-prod-cred
key: POSTGRESQL_PASSWORD
DB_HOST:
secretKeyRef:
name: reporting-db-prod-cred
key: POSTGRESQL_HOST
DB_PORT:
secretKeyRef:
name: reporting-db-prod-cred
key: POSTGRESQL_PORT
DB_NAME:
secretKeyRef:
name: reporting-db-prod-cred
key: POSTGRESQL_DB

extra_volumes:
dbsecret:
mount_spec:
readOnly: true
mountPath: /secrets/database
volume_spec:
secret:
secretName: reporting-db-prod-cred
defaultMode: 0600

billing_collector_cloudservices:
cloudscale:
enabled: true
objectStorage:
Expand Down
21 changes: 15 additions & 6 deletions component/tests/collector-cloudscale-lpg-2.yml
Original file line number Diff line number Diff line change
@@ -1,13 +1,22 @@
applications:
- metrics-collector as collector-cloudscale-lpg-2
- appuio-cloud-reporting

parameters:
billing_collector_cloudservices:
appuio_cloud_reporting:
database:
name: 'reporting'
host: 'reporting-db.appuio-reporting.svc'
parameters: 'sslmode=disable'
password: 'passw0rd'
port: 5432
url: postgres://$(DB_USER):$(DB_PASSWORD)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?$(DB_PARAMS)
parameters: ''
database_secret:
DB_USER: appuio-cloud-reporting
DB_PASSWORD: letmein
DB_HOST: db.example.com
DB_PORT: 5432
DB_NAME: appuio-cloud-reporting
database_env: {}

extra_volumes: {}

billing_collector_cloudservices:
exoscale:
enabled: true
46 changes: 40 additions & 6 deletions component/tests/exoscale-metrics-collector.yml
Original file line number Diff line number Diff line change
@@ -1,11 +1,45 @@
applications:
- appuio-cloud-reporting

parameters:
billing_collector_cloudservices:
appuio_cloud_reporting:
database:
name: 'reporting'
host: 'reporting-db.appuio-reporting.svc'
parameters: 'sslmode=disable'
password: 'passw0rd'
port: 5432
url: postgres://$(DB_USER):$(DB_PASSWORD)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?$(DB_PARAMS)
parameters: ''
database_secret: {}
database_env:
DB_USER:
secretKeyRef:
name: reporting-db-prod-cred
key: POSTGRESQL_USER
DB_PASSWORD:
secretKeyRef:
name: reporting-db-prod-cred
key: POSTGRESQL_PASSWORD
DB_HOST:
secretKeyRef:
name: reporting-db-prod-cred
key: POSTGRESQL_HOST
DB_PORT:
secretKeyRef:
name: reporting-db-prod-cred
key: POSTGRESQL_PORT
DB_NAME:
secretKeyRef:
name: reporting-db-prod-cred
key: POSTGRESQL_DB

extra_volumes:
dbsecret:
mount_spec:
readOnly: true
mountPath: /secrets/database
volume_spec:
secret:
secretName: reporting-db-prod-cred
defaultMode: 0600

billing_collector_cloudservices:
exoscale:
enabled: true
dbaas:
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
apiVersion: batch/v1
kind: CronJob
metadata:
labels:
app.kubernetes.io/component: billing-collector-cloudservices
app.kubernetes.io/managed-by: commodore
app.kubernetes.io/name: billing-collector-cloudservices
app.kubernetes.io/part-of: appuio-cloud-reporting
name: billing-collector-cloudservices-dbaas
namespace: appuio-cloud-reporting
spec:
concurrencyPolicy: Forbid
failedJobsHistoryLimit: 5
jobTemplate:
spec:
template:
spec:
containers:
- args:
- exoscale
- dbaas
env:
- name: DB_HOST
valueFrom:
secretKeyRef:
key: DB_HOST
name: reporting-db
- name: DB_NAME
valueFrom:
secretKeyRef:
key: DB_NAME
name: reporting-db
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
key: DB_PASSWORD
name: reporting-db
- name: DB_PORT
valueFrom:
secretKeyRef:
key: DB_PORT
name: reporting-db
- name: DB_USER
valueFrom:
secretKeyRef:
key: DB_USER
name: reporting-db
- name: DB_PARAMS
value: ''
- name: ACR_DB_URL
value: postgres://$(DB_USER):$(DB_PASSWORD)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?$(DB_PARAMS)
envFrom:
- secretRef:
name: credentials-billing-collector-cloudservices
image: ghcr.io/vshn/billing-collector-cloudservices:v1.0.3
name: billing-collector-cloudservices-backfill
resources: {}
restartPolicy: OnFailure
schedule: '*/15 * * * *'
successfulJobsHistoryLimit: 3
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
apiVersion: batch/v1
kind: CronJob
metadata:
labels:
app.kubernetes.io/component: billing-collector-cloudservices
app.kubernetes.io/managed-by: commodore
app.kubernetes.io/name: billing-collector-cloudservices
app.kubernetes.io/part-of: appuio-cloud-reporting
name: billing-collector-cloudservices-objectstorage
namespace: appuio-cloud-reporting
spec:
concurrencyPolicy: Forbid
failedJobsHistoryLimit: 5
jobTemplate:
spec:
template:
spec:
containers:
- args:
- exoscale
- objectstorage
env:
- name: DB_HOST
valueFrom:
secretKeyRef:
key: DB_HOST
name: reporting-db
- name: DB_NAME
valueFrom:
secretKeyRef:
key: DB_NAME
name: reporting-db
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
key: DB_PASSWORD
name: reporting-db
- name: DB_PORT
valueFrom:
secretKeyRef:
key: DB_PORT
name: reporting-db
- name: DB_USER
valueFrom:
secretKeyRef:
key: DB_USER
name: reporting-db
- name: DB_PARAMS
value: ''
- name: ACR_DB_URL
value: postgres://$(DB_USER):$(DB_PASSWORD)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?$(DB_PARAMS)
envFrom:
- secretRef:
name: credentials-billing-collector-cloudservices
image: ghcr.io/vshn/billing-collector-cloudservices:v1.0.3
name: billing-collector-cloudservices-backfill
resources: {}
restartPolicy: OnFailure
schedule: 10 10,16,20 * * *
successfulJobsHistoryLimit: 3
Loading

0 comments on commit f85b371

Please sign in to comment.