fix deployment for cloudscale-metrics-collector

component/class/cloudscale-metrics-collector.yml

@@ -5,7 +5,9 @@ parameters:
           - ${_base_directory}/component/app.jsonnet
         input_type: jsonnet
         output_path: apps/
+        output_type: yaml
       - input_paths:
           - ${_base_directory}/component/main.jsonnet
         input_type: jsonnet
-        output_path: cloudscale-metrics-collector/
+        output_path: ${_instance}
+        output_type: yaml

component/class/defaults.yml

@@ -1,11 +1,17 @@
 parameters:
   cloudscale_metrics_collector:
+    =_metadata:
+      multi_instance: true
     secrets:
-      cloudscale:
+      credentials:
         stringData:
-          token: "?{vaultkv:${cluster:tenant}/${cluster:name}/cloudscale-metrics-collector/token}"
+          CLOUDSCALE_API_TOKEN: "?{vaultkv:${cluster:tenant}/${cluster:name}/cloudscale-metrics-collector/token}"
+          KUBERNETES_SERVER_URL: "?{vaultkv:${cluster:tenant}/${cluster:name}/cloudscale-metrics-collector/${_instance}/cluster-server}"
+          KUBERNETES_SERVER_TOKEN: "?{vaultkv:${cluster:tenant}/${cluster:name}/cloudscale-metrics-collector/${_instance}/cluster-token}"
     images:
       collector:
         registry: 'ghcr.io'
         repository: 'vshn/cloudscale-metrics-collector'
-        tag: 'v0.4.1'
+        tag: 'v0.5.0'
+    # Times in UTC! Don't run job around midnight as exoscale API may return incomplete data
+    schedule: '10 4,10,16 * * *'

component/component/app.jsonnet

@@ -1,11 +1,11 @@
 local kap = import 'lib/kapitan.libjsonnet';
 local inv = kap.inventory();
-local params = inv.parameters.cloudscale_metrics_collector;
 local paramsACR = inv.parameters.appuio_cloud_reporting;
 local argocd = import 'lib/argocd.libjsonnet';
 
-local app = argocd.App('cloudscale-metrics-collector', paramsACR.namespace);
+local instance = inv.parameters._instance;
+local app = argocd.App(instance, paramsACR.namespace);
 
 {
-  'cloudscale-metrics-collector': app,
+  [instance]: app,
 }

component/component/main.jsonnet

@@ -5,36 +5,42 @@ local paramsACR = inv.parameters.appuio_cloud_reporting;
 local kube = import 'lib/kube.libjsonnet';
 local com = import 'lib/commodore.libjsonnet';
 local collectorImage = '%(registry)s/%(repository)s:%(tag)s' % params.images.collector;
-
+local alias = inv.parameters._instance;
+local alias_suffix = '-' + alias;
+local credentials_secret_name = 'credentials' + alias_suffix;
+local component_name = 'cloudscale-metrics-collector';
 
 local labels = {
-  'app.kubernetes.io/name': 'appuio-cloud-reporting',
+  'app.kubernetes.io/name': component_name,
   'app.kubernetes.io/managed-by': 'commodore',
-  'app.kubernetes.io/part-of': 'syn',
+  'app.kubernetes.io/part-of': 'appuio-cloud-reporting',
+  'app.kubernetes.io/component': component_name,
 };
 
 local secrets = [
   if params.secrets[s] != null then
-    kube.Secret(s) {
+    kube.Secret(s + alias_suffix) {
       metadata+: {
         namespace: paramsACR.namespace,
-      }
+      },
     } + com.makeMergeable(params.secrets[s])
   for s in std.objectFields(params.secrets)
 ];
 
 {
   assert params.secrets != null : 'secrets must be set.',
-  assert params.secrets.cloudscale != null : 'secrets.cloudscale must be set.',
-  assert params.secrets.cloudscale.stringData != null : 'secrets.cloudscale.stringData must be set.',
-  assert params.secrets.cloudscale.stringData.token != null : 'secrets.cloudscale.stringData.token must be set.',
+  assert params.secrets.credentials != null : 'secrets.credentials must be set.',
+  assert params.secrets.credentials.stringData != null : 'secrets.credentials.stringData must be set.',
+  assert params.secrets.credentials.stringData.CLOUDSCALE_API_TOKEN != null : 'secrets.credentials.stringData.CLOUDSCALE_API_TOKEN must be set.',
+  assert params.secrets.credentials.stringData.KUBERNETES_SERVER_URL != null : 'secrets.credentials.stringData.KUBERNETES_SERVER_URL must be set.',
+  assert params.secrets.credentials.stringData.KUBERNETES_SERVER_TOKEN != null : 'secrets.credentials.stringData.KUBERNETES_SERVER_TOKEN must be set.',
   secrets: std.filter(function(it) it != null, secrets),
 
   cronjob: {
     kind: 'CronJob',
     apiVersion: 'batch/v1',
     metadata: {
-      name: 'cloudscale-metrics-collector',
+      name: alias,
       namespace: paramsACR.namespace,
       labels+: labels,
     },
@@ -51,7 +57,14 @@ local secrets = [
                   args: [
                     'cloudscale-metrics-collector',
                   ],
-                  command: ['sh', '-c'],
+                  command: [ 'sh', '-c' ],
+                  envFrom: [
+                    {
+                      secretRef: {
+                        name: credentials_secret_name,
+                      },
+                    },
+                  ],
                   env: [
                     {
                       name: 'password',
@@ -75,15 +88,6 @@ local secrets = [
                       name: 'ACR_DB_URL',
                       value: 'postgres://$(username):$(password)@%(host)s:%(port)s/%(name)s?%(parameters)s' % paramsACR.database,
                     },
-                    {
-                      name: 'CLOUDSCALE_API_TOKEN',
-                      valueFrom: {
-                        secretKeyRef: {
-                          key: 'token',
-                          name: 'cloudscale',
-                        },
-                      },
-                    },
                   ],
                   image: collectorImage,
                   name: 'cloudscale-metrics-collector-backfill',
@@ -94,7 +98,7 @@ local secrets = [
           },
         },
       },
-      schedule: '10 4,10,16 * * *', # Times in UTC! Don't run job around midnight as cloudscale API may return incomplete data
+      schedule: params.schedule,
       successfulJobsHistoryLimit: 3,
     },
   },

component/tests/golden/defaults/cloudscale-metrics-collector/cloudscale-metrics-collector/cronjob.yaml

@@ -2,9 +2,10 @@ apiVersion: batch/v1
 kind: CronJob
 metadata:
   labels:
+    app.kubernetes.io/component: cloudscale-metrics-collector
     app.kubernetes.io/managed-by: commodore
-    app.kubernetes.io/name: appuio-cloud-reporting
-    app.kubernetes.io/part-of: syn
+    app.kubernetes.io/name: cloudscale-metrics-collector
+    app.kubernetes.io/part-of: appuio-cloud-reporting
   name: cloudscale-metrics-collector
   namespace: appuio-cloud-reporting
 spec:
@@ -33,12 +34,10 @@ spec:
                       name: reporting-db
                 - name: ACR_DB_URL
                   value: postgres://$(username):$(password)@reporting-db.appuio-reporting.svc:5432/reporting?sslmode=disable
-                - name: CLOUDSCALE_API_TOKEN
-                  valueFrom:
-                    secretKeyRef:
-                      key: token
-                      name: cloudscale
-              image: ghcr.io/vshn/cloudscale-metrics-collector:v0.4.1
+              envFrom:
+                - secretRef:
+                    name: credentials-cloudscale-metrics-collector
+              image: ghcr.io/vshn/cloudscale-metrics-collector:v0.5.0
               name: cloudscale-metrics-collector-backfill
               resources: {}
           restartPolicy: OnFailure

component/tests/golden/defaults/cloudscale-metrics-collector/cloudscale-metrics-collector/secrets.yaml

@@ -4,9 +4,11 @@ kind: Secret
 metadata:
   annotations: {}
   labels:
-    name: cloudscale
-  name: cloudscale
+    name: credentials-cloudscale-metrics-collector
+  name: credentials-cloudscale-metrics-collector
   namespace: appuio-cloud-reporting
 stringData:
-  token: t-silent-test-1234/c-green-test-1234/cloudscale-metrics-collector/token
+  CLOUDSCALE_API_TOKEN: t-silent-test-1234/c-green-test-1234/cloudscale-metrics-collector/token
+  KUBERNETES_SERVER_TOKEN: t-silent-test-1234/c-green-test-1234/cloudscale-metrics-collector/cloudscale-metrics-collector/cluster-token
+  KUBERNETES_SERVER_URL: t-silent-test-1234/c-green-test-1234/cloudscale-metrics-collector/cloudscale-metrics-collector/cluster-server
 type: Opaque

docs/modules/ROOT/pages/how-tos/installation.adoc

@@ -16,9 +16,11 @@ parameters:
   cloudscale_metrics_collector:
     namespace: 'appuio-cloud-reporting'
     secrets:
-      cloudscale:
+      credentials:
         stringData:
-          token:"?{vaultkv:${cluster:tenant}/${cluster:name}/cloudscale-metrics-collector/token}"
+          CLOUDSCALE_API_TOKEN: "?{vaultkv:${cluster:tenant}/${cluster:name}/cloudscale-metrics-collector/token}"
+          KUBERNETES_SERVER_URL: "?{vaultkv:${cluster:tenant}/${cluster:name}/cloudscale-metrics-collector/${_instance}/cluster-server}"
+          KUBERNETES_SERVER_TOKEN: "?{vaultkv:${cluster:tenant}/${cluster:name}/cloudscale-metrics-collector/${_instance}/cluster-token}"
 ----
 
 See the xref:references/parameters.adoc[parameters] reference for a full list of parameters.

docs/modules/ROOT/pages/references/parameters.adoc

@@ -19,8 +19,7 @@ default:: https://github.com/vshn/cloudscale-metrics-collector/blob/master/compo
 
 Dictionary containing the container images used by this component.
 
-
-== `secrets.cloudscale.stringData.token`
+== `secrets.credentials.stringData.CLOUDSCALE_API_TOKEN`
 
 [horizontal]
 type:: string
@@ -30,3 +29,21 @@ The cloudscale API token.
 
 You need to get the token from the https://control.cloudscale.ch[Cloudscale Control Panel].
 You need to select the correct Project (token is limited to one project), choose "API Tokens" in the menu and generate a new one.
+
+== `secrets.credentials.stringData.KUBERNETES_SERVER_URL`
+
+[horizontal]
+type:: string
+default:: Required.
+
+The Kubernetes server URL.
+
+== `secrets.credentials.stringData.KUBERNETES_SERVER_TOKEN`
+
+[horizontal]
+type:: string
+default:: Required.
+
+The token to connect to a Kubernetes cluster.
+
+The Service Account connected to this token should have `get` and `list` permissions to `buckets.cloudscale.crossplane.io` managed resource, and `get` and `list` permissions for namespaces.