From 961c3e9551bac7ea2117931f7b08de630b90672a Mon Sep 17 00:00:00 2001 From: Pete Wall Date: Mon, 5 Jun 2023 20:49:26 -0500 Subject: [PATCH] Add some options for the prometheus secret so you can use an existing secret (#76) * Add some options for the prometheus secret so you can use an existing secret Signed-off-by: Pete Wall * Bump chart version --------- Signed-off-by: Pete Wall --- charts/opencost/Chart.yaml | 2 +- charts/opencost/templates/_helpers.tpl | 12 ++++++++++++ charts/opencost/templates/deployment.yaml | 22 +++++++++++----------- charts/opencost/templates/secret.yaml | 8 ++++---- charts/opencost/values.yaml | 7 +++++++ 5 files changed, 35 insertions(+), 16 deletions(-) diff --git a/charts/opencost/Chart.yaml b/charts/opencost/Chart.yaml index 70771f0..1b72bdb 100755 --- a/charts/opencost/Chart.yaml +++ b/charts/opencost/Chart.yaml @@ -9,7 +9,7 @@ keywords: - kubecost - opencost - monitoring -version: 1.14.3 +version: 1.14.4 maintainers: - name: mattray url: https://mattray.dev diff --git a/charts/opencost/templates/_helpers.tpl b/charts/opencost/templates/_helpers.tpl index 3a0dce0..1070c8f 100644 --- a/charts/opencost/templates/_helpers.tpl +++ b/charts/opencost/templates/_helpers.tpl @@ -30,6 +30,18 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- end -}} {{- end -}} +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "opencost.prometheus.secretname" -}} +{{- if .Values.opencost.prometheus.secret_name -}} +{{- .Values.opencost.prometheus.secret_name -}} +{{- else -}} +{{- include "opencost.fullname" . -}} +{{- end -}} +{{- end -}} + {{/* Common labels */}} diff --git a/charts/opencost/templates/deployment.yaml b/charts/opencost/templates/deployment.yaml index 460b3bc..4071a20 100644 --- a/charts/opencost/templates/deployment.yaml +++ b/charts/opencost/templates/deployment.yaml @@ -110,36 +110,36 @@ spec: - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: - name: {{ include "opencost.fullname" . }} + name: {{ include "opencost.prometheus.secretname" . }} key: AWS_ACCESS_KEY_ID {{- end }} {{- if .Values.opencost.exporter.aws.secret_access_key }} - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: - name: {{ include "opencost.fullname" . }} + name: {{ include "opencost.prometheus.secretname" . }} key: AWS_SECRET_ACCESS_KEY {{- end }} # If username, password or bearer_token are defined, pull from secrets - {{- if .Values.opencost.prometheus.username }} + {{- if or .Values.opencost.prometheus.username (and .Values.opencost.prometheus.secret_name .Values.opencost.prometheus.username_key) }} - name: DB_BASIC_AUTH_USERNAME valueFrom: secretKeyRef: - name: {{ include "opencost.fullname" . }} - key: DB_BASIC_AUTH_USERNAME + name: {{ include "opencost.prometheus.secretname" . }} + key: {{ .Values.opencost.prometheus.username_key }} {{- end }} - {{- if .Values.opencost.prometheus.password }} + {{- if or .Values.opencost.prometheus.password (and .Values.opencost.prometheus.secret_name .Values.opencost.prometheus.password_key) }} - name: DB_BASIC_AUTH_PW valueFrom: secretKeyRef: - name: {{ include "opencost.fullname" . }} - key: DB_BASIC_AUTH_PW - {{- else if .Values.opencost.prometheus.bearer_token }} + name: {{ include "opencost.prometheus.secretname" . }} + key: {{ .Values.opencost.prometheus.password_key }} + {{- else if or .Values.opencost.prometheus.bearer_token (and .Values.opencost.prometheus.secret_name .Values.opencost.prometheus.bearer_token_key) }} - name: DB_BEARER_TOKEN valueFrom: secretKeyRef: - name: {{ include "opencost.fullname" . }} - key: DB_BEARER_TOKEN + name: {{ include "opencost.prometheus.secretname" . }} + key: {{ .Values.opencost.prometheus.bearer_token_key }} {{- end }} {{- if and .Values.opencost.exporter.persistence.enabled .Values.opencost.exporter.csv_path }} - name: EXPORT_CSV_FILE diff --git a/charts/opencost/templates/secret.yaml b/charts/opencost/templates/secret.yaml index 444b274..d6854d4 100644 --- a/charts/opencost/templates/secret.yaml +++ b/charts/opencost/templates/secret.yaml @@ -4,7 +4,7 @@ kind: Secret metadata: labels: {{- include "opencost.labels" . | nindent 4 }} - name: {{ include "opencost.fullname" . }} + name: {{ include "opencost.prometheus.secretname" . }} namespace: {{ .Release.Namespace }} {{- with .Values.secretAnnotations }} annotations: @@ -12,13 +12,13 @@ metadata: {{- end }} data: {{- if .Values.opencost.prometheus.username }} - DB_BASIC_AUTH_USERNAME: {{ .Values.opencost.prometheus.username | b64enc | quote }} + {{ .Values.opencost.prometheus.username_key }}: {{ .Values.opencost.prometheus.username | b64enc | quote }} {{- end }} {{- if .Values.opencost.prometheus.password }} - DB_BASIC_AUTH_PW: {{ .Values.opencost.prometheus.password | b64enc | quote }} + {{ .Values.opencost.prometheus.password_key }}: {{ .Values.opencost.prometheus.password | b64enc | quote }} {{- end }} {{- if .Values.opencost.prometheus.bearer_token }} - DB_BEARER_TOKEN: {{ .Values.opencost.prometheus.bearer_token | b64enc | quote }} + {{ .Values.opencost.prometheus.bearer_token_key }}: {{ .Values.opencost.prometheus.bearer_token | b64enc | quote }} {{- end }} {{- if .Values.opencost.exporter.aws.access_key_id }} AWS_ACCESS_KEY_ID: {{ .Values.opencost.exporter.aws.access_key_id | b64enc | quote }} diff --git a/charts/opencost/values.yaml b/charts/opencost/values.yaml index 194b7aa..4878f99 100644 --- a/charts/opencost/values.yaml +++ b/charts/opencost/values.yaml @@ -139,12 +139,19 @@ opencost: metricRelabelings: [] prometheus: + # -- Secret name that contains credentials for Prometheus + secret_name: null # -- Prometheus Basic auth username username: "" + # -- Key in the secret that references the username + username_key: DB_BASIC_AUTH_USERNAME # -- Prometheus Basic auth password password: "" + # -- Key in the secret that references the password + password_key: DB_BASIC_AUTH_PW # -- Prometheus Bearer token bearer_token: "" + bearer_token_key: DB_BEARER_TOKEN external: # -- Use external Prometheus (eg. Grafana Cloud) enabled: false