Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[prometheus-rabbitmq-exporter] Create secret to store credentials when provided #5099

Merged
merged 1 commit into from
Dec 28, 2024
Merged

[prometheus-rabbitmq-exporter] Create secret to store credentials when provided #5099

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion charts/prometheus-rabbitmq-exporter/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: v1
description: Rabbitmq metrics exporter for prometheus
name: prometheus-rabbitmq-exporter
version: 1.12.1
version: 1.13.0
appVersion: v0.29.0
home: https://github.com/kbudde/rabbitmq_exporter
sources:
Expand Down
10 changes: 8 additions & 2 deletions charts/prometheus-rabbitmq-exporter/templates/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,10 @@ spec:
key: "{{ .Values.rabbitmq.existingPasswordSecretKey }}"
{{- else if .Values.rabbitmq.password }}
- name: RABBIT_PASSWORD
value: {{ .Values.rabbitmq.password }}
valueFrom:
secretKeyRef:
name: {{ template "prometheus-rabbitmq-exporter.fullname" . }}
key: RABBIT_PASSWORD
{{- end }}
{{- if .Values.rabbitmq.existingUserSecret }}
- name: RABBIT_USER
Expand All @@ -67,7 +70,10 @@ spec:
key: "{{ .Values.rabbitmq.existingUserSecretKey }}"
{{- else if .Values.rabbitmq.user }}
- name: RABBIT_USER
value: {{ .Values.rabbitmq.user }}
valueFrom:
secretKeyRef:
name: {{ template "prometheus-rabbitmq-exporter.fullname" . }}
key: RABBIT_USER
{{- end }}
{{- if .Values.rabbitmq.url }}
- name: RABBIT_URL
Expand Down
22 changes: 22 additions & 0 deletions charts/prometheus-rabbitmq-exporter/templates/secret.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
{{- if or (and (.Values.rabbitmq.password) (not .Values.rabbitmq.existingPasswordSecret)) (and (.Values.rabbitmq.user) (not .Values.rabbitmq.existingUserSecret)) }}
Copy link
Member

@desaintmartin desaintmartin Dec 26, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If .Values.rabbitmq.password is set but .Values.rabbitmq.existingPasswordSecret is set as well, secret will not be created and Pod will never start. We should have a solution. Maybe we should prevent the two being set at the same time, or we align the condition in the two files, or we simply "ignore" the latter like it's done before this PR.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi!

Yes, you're right. If existing password secret is set, then we don't need to create the secret, as we'll be using the one provided in the values.

On that case, the secret where we're reading the value for the env is also the one provided, so I think the pod will be created and running.

This is an example of the env for the deployment on that case:

          env:
            - name: RABBIT_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: "existingsecret"
                  key: "password"
            - name: RABBIT_USER
              valueFrom:
                secretKeyRef:
                  name: "existingsecret"
                  key: "username"
            - name: RABBIT_URL
              value: my-url.com

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

About the options you mentioned, I followed what it was done before. If the existing secret is given, the password or user is ignored and the secret used.

Copy link
Member

@desaintmartin desaintmartin Dec 28, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am sorry, the diff bugged me, you are right!

apiVersion: v1
kind: Secret
metadata:
name: {{ template "prometheus-rabbitmq-exporter.fullname" . }}
labels:
app: {{ template "prometheus-rabbitmq-exporter.name" . }}
chart: {{ template "prometheus-rabbitmq-exporter.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.additionalLabels }}
{{ toYaml .Values.additionalLabels | indent 4 }}
{{- end }}
type: Opaque
data:
{{- if and (.Values.rabbitmq.password) (not .Values.rabbitmq.existingPasswordSecret) }}
RABBIT_PASSWORD: {{ .Values.rabbitmq.password | b64enc }}
{{- end }}
{{- if and (.Values.rabbitmq.user) (not .Values.rabbitmq.existingUserSecret) }}
RABBIT_USER: {{ .Values.rabbitmq.user | b64enc }}
{{- end }}
{{- end }}
Loading