diff --git a/component/Makefile.vars.mk b/component/Makefile.vars.mk index 343c86e..2539b01 100644 --- a/component/Makefile.vars.mk +++ b/component/Makefile.vars.mk @@ -5,7 +5,7 @@ COMPONENT_SUBDIR ?= $(shell basename ${PWD}) compiled_path ?= compiled/$(COMPONENT_NAME)/$(COMPONENT_NAME) root_volume ?= -v "$${PWD}/../:/$(COMPONENT_NAME)" compiled_volume ?= -v "$${PWD}/$(compiled_path):/$(COMPONENT_NAME)" -commodore_args ?= --search-paths . -n $(COMPONENT_NAME) +commodore_args ?= --search-paths . -n $(COMPONENT_NAME) --alias $(instance) ifneq "$(shell which docker 2>/dev/null)" "" DOCKER_CMD ?= $(shell which docker) @@ -43,5 +43,5 @@ KUBENT_ARGS ?= -c=false --helm2=false --helm3=false -e KUBENT_IMAGE ?= docker.io/projectsyn/kubent:latest KUBENT_DOCKER ?= $(DOCKER_CMD) $(DOCKER_ARGS) $(root_volume) --entrypoint=/app/kubent $(KUBENT_IMAGE) -instance ?= defaults -test_instances = tests/defaults.yml +instance ?= cloudscale-metrics-collector +test_instances = tests/cloudscale-metrics-collector.yml tests/collector-exoscale-ch-gva-2-0.yml diff --git a/component/class/cloudscale-metrics-collector.yml b/component/class/cloudscale-metrics-collector.yml index b4a252d..355d9ab 100644 --- a/component/class/cloudscale-metrics-collector.yml +++ b/component/class/cloudscale-metrics-collector.yml @@ -5,7 +5,9 @@ parameters: - ${_base_directory}/component/app.jsonnet input_type: jsonnet output_path: apps/ + output_type: yaml - input_paths: - ${_base_directory}/component/main.jsonnet input_type: jsonnet - output_path: cloudscale-metrics-collector/ + output_type: yaml + output_path: ${_instance} diff --git a/component/class/defaults.yml b/component/class/defaults.yml index eb147c5..3adc8ec 100644 --- a/component/class/defaults.yml +++ b/component/class/defaults.yml @@ -1,11 +1,17 @@ parameters: cloudscale_metrics_collector: + =_metadata: + multi_instance: true secrets: - cloudscale: + credentials: stringData: - token: "?{vaultkv:${cluster:tenant}/${cluster:name}/cloudscale-metrics-collector/token}" + CLOUDSCALE_API_TOKEN: "?{vaultkv:${cluster:tenant}/${cluster:name}/cloudscale-metrics-collector/${_instance}/token}" + KUBERNETES_SERVER_URL: "?{vaultkv:${cluster:tenant}/${cluster:name}/cloudscale-metrics-collector/${_instance}/cluster-server}" + KUBERNETES_SERVER_TOKEN: "?{vaultkv:${cluster:tenant}/${cluster:name}/cloudscale-metrics-collector/${_instance}/cluster-token}" images: collector: registry: 'ghcr.io' repository: 'vshn/cloudscale-metrics-collector' tag: 'v0.4.1' + # Times in UTC! Don't run job around midnight as exoscale API may return incomplete data + schedule: '10 4,10,16 * * *' diff --git a/component/component/app.jsonnet b/component/component/app.jsonnet index 3179140..4420ae1 100644 --- a/component/component/app.jsonnet +++ b/component/component/app.jsonnet @@ -1,11 +1,11 @@ local kap = import 'lib/kapitan.libjsonnet'; local inv = kap.inventory(); -local params = inv.parameters.cloudscale_metrics_collector; local paramsACR = inv.parameters.appuio_cloud_reporting; local argocd = import 'lib/argocd.libjsonnet'; -local app = argocd.App('cloudscale-metrics-collector', paramsACR.namespace); +local instance = inv.parameters._instance; +local app = argocd.App(instance, paramsACR.namespace); { - 'cloudscale-metrics-collector': app, + [instance]: app, } diff --git a/component/component/main.jsonnet b/component/component/main.jsonnet index 9840f49..222a052 100644 --- a/component/component/main.jsonnet +++ b/component/component/main.jsonnet @@ -5,36 +5,42 @@ local paramsACR = inv.parameters.appuio_cloud_reporting; local kube = import 'lib/kube.libjsonnet'; local com = import 'lib/commodore.libjsonnet'; local collectorImage = '%(registry)s/%(repository)s:%(tag)s' % params.images.collector; - +local alias = inv.parameters._instance; +local alias_suffix = '-' + alias; +local credentials_secret_name = 'credentials' + alias_suffix; +local component_name = 'cloudscale-metrics-collector'; local labels = { - 'app.kubernetes.io/name': 'appuio-cloud-reporting', + 'app.kubernetes.io/name': component_name, 'app.kubernetes.io/managed-by': 'commodore', - 'app.kubernetes.io/part-of': 'syn', + 'app.kubernetes.io/part-of': 'appuio-cloud-reporting', + 'app.kubernetes.io/component': component_name, }; local secrets = [ if params.secrets[s] != null then - kube.Secret(s) { + kube.Secret(s + alias_suffix) { metadata+: { namespace: paramsACR.namespace, - } + }, } + com.makeMergeable(params.secrets[s]) for s in std.objectFields(params.secrets) ]; { assert params.secrets != null : 'secrets must be set.', - assert params.secrets.cloudscale != null : 'secrets.cloudscale must be set.', - assert params.secrets.cloudscale.stringData != null : 'secrets.cloudscale.stringData must be set.', - assert params.secrets.cloudscale.stringData.token != null : 'secrets.cloudscale.stringData.token must be set.', + assert params.secrets.credentials != null : 'secrets.credentials must be set.', + assert params.secrets.credentials.stringData != null : 'secrets.credentials.stringData must be set.', + assert params.secrets.credentials.stringData.CLOUDSCALE_API_TOKEN != null : 'secrets.credentials.stringData.CLOUDSCALE_API_TOKEN must be set.', + assert params.secrets.credentials.stringData.KUBERNETES_SERVER_URL != null : 'secrets.credentials.stringData.KUBERNETES_SERVER_URL must be set.', + assert params.secrets.credentials.stringData.KUBERNETES_SERVER_TOKEN != null : 'secrets.credentials.stringData.KUBERNETES_SERVER_TOKEN must be set.', secrets: std.filter(function(it) it != null, secrets), cronjob: { kind: 'CronJob', apiVersion: 'batch/v1', metadata: { - name: 'cloudscale-metrics-collector', + name: alias, namespace: paramsACR.namespace, labels+: labels, }, @@ -51,7 +57,14 @@ local secrets = [ args: [ 'cloudscale-metrics-collector', ], - command: ['sh', '-c'], + command: [ 'sh', '-c' ], + envFrom: [ + { + secretRef: { + name: credentials_secret_name, + }, + }, + ], env: [ { name: 'password', @@ -75,15 +88,6 @@ local secrets = [ name: 'ACR_DB_URL', value: 'postgres://$(username):$(password)@%(host)s:%(port)s/%(name)s?%(parameters)s' % paramsACR.database, }, - { - name: 'CLOUDSCALE_API_TOKEN', - valueFrom: { - secretKeyRef: { - key: 'token', - name: 'cloudscale', - }, - }, - }, ], image: collectorImage, name: 'cloudscale-metrics-collector-backfill', @@ -94,7 +98,7 @@ local secrets = [ }, }, }, - schedule: '10 4,10,16 * * *', # Times in UTC! Don't run job around midnight as cloudscale API may return incomplete data + schedule: params.schedule, successfulJobsHistoryLimit: 3, }, }, diff --git a/component/tests/defaults.yml b/component/tests/cloudscale-metrics-collector.yml similarity index 100% rename from component/tests/defaults.yml rename to component/tests/cloudscale-metrics-collector.yml diff --git a/component/tests/collector-exoscale-ch-gva-2-0.yml b/component/tests/collector-exoscale-ch-gva-2-0.yml new file mode 100644 index 0000000..57cfbc5 --- /dev/null +++ b/component/tests/collector-exoscale-ch-gva-2-0.yml @@ -0,0 +1,12 @@ +applications: + - cloudscale-metrics-collector as collector-exoscale-ch-gva-2-0 + +parameters: + appuio_cloud_reporting: + namespace: 'appuio-cloud-reporting' + database: + name: 'reporting' + host: 'reporting-db.appuio-reporting.svc' + parameters: 'sslmode=disable' + password: 'passw0rd' + port: 5432 diff --git a/component/tests/golden/defaults/cloudscale-metrics-collector/apps/cloudscale-metrics-collector.yaml b/component/tests/golden/cloudscale-metrics-collector/cloudscale-metrics-collector/apps/cloudscale-metrics-collector.yaml similarity index 100% rename from component/tests/golden/defaults/cloudscale-metrics-collector/apps/cloudscale-metrics-collector.yaml rename to component/tests/golden/cloudscale-metrics-collector/cloudscale-metrics-collector/apps/cloudscale-metrics-collector.yaml diff --git a/component/tests/golden/defaults/cloudscale-metrics-collector/cloudscale-metrics-collector/cronjob.yaml b/component/tests/golden/cloudscale-metrics-collector/cloudscale-metrics-collector/cloudscale-metrics-collector/cronjob.yaml similarity index 80% rename from component/tests/golden/defaults/cloudscale-metrics-collector/cloudscale-metrics-collector/cronjob.yaml rename to component/tests/golden/cloudscale-metrics-collector/cloudscale-metrics-collector/cloudscale-metrics-collector/cronjob.yaml index 2d81e36..191e903 100644 --- a/component/tests/golden/defaults/cloudscale-metrics-collector/cloudscale-metrics-collector/cronjob.yaml +++ b/component/tests/golden/cloudscale-metrics-collector/cloudscale-metrics-collector/cloudscale-metrics-collector/cronjob.yaml @@ -2,9 +2,10 @@ apiVersion: batch/v1 kind: CronJob metadata: labels: + app.kubernetes.io/component: cloudscale-metrics-collector app.kubernetes.io/managed-by: commodore - app.kubernetes.io/name: appuio-cloud-reporting - app.kubernetes.io/part-of: syn + app.kubernetes.io/name: cloudscale-metrics-collector + app.kubernetes.io/part-of: appuio-cloud-reporting name: cloudscale-metrics-collector namespace: appuio-cloud-reporting spec: @@ -33,11 +34,9 @@ spec: name: reporting-db - name: ACR_DB_URL value: postgres://$(username):$(password)@reporting-db.appuio-reporting.svc:5432/reporting?sslmode=disable - - name: CLOUDSCALE_API_TOKEN - valueFrom: - secretKeyRef: - key: token - name: cloudscale + envFrom: + - secretRef: + name: credentials-cloudscale-metrics-collector image: ghcr.io/vshn/cloudscale-metrics-collector:v0.4.1 name: cloudscale-metrics-collector-backfill resources: {} diff --git a/component/tests/golden/cloudscale-metrics-collector/cloudscale-metrics-collector/cloudscale-metrics-collector/secrets.yaml b/component/tests/golden/cloudscale-metrics-collector/cloudscale-metrics-collector/cloudscale-metrics-collector/secrets.yaml new file mode 100644 index 0000000..3326c39 --- /dev/null +++ b/component/tests/golden/cloudscale-metrics-collector/cloudscale-metrics-collector/cloudscale-metrics-collector/secrets.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +data: {} +kind: Secret +metadata: + annotations: {} + labels: + name: credentials-cloudscale-metrics-collector + name: credentials-cloudscale-metrics-collector + namespace: appuio-cloud-reporting +stringData: + CLOUDSCALE_API_TOKEN: t-silent-test-1234/c-green-test-1234/cloudscale-metrics-collector/cloudscale-metrics-collector/token + KUBERNETES_SERVER_TOKEN: t-silent-test-1234/c-green-test-1234/cloudscale-metrics-collector/cloudscale-metrics-collector/cluster-token + KUBERNETES_SERVER_URL: t-silent-test-1234/c-green-test-1234/cloudscale-metrics-collector/cloudscale-metrics-collector/cluster-server +type: Opaque diff --git a/component/tests/golden/collector-exoscale-ch-gva-2-0/collector-exoscale-ch-gva-2-0/apps/collector-exoscale-ch-gva-2-0.yaml b/component/tests/golden/collector-exoscale-ch-gva-2-0/collector-exoscale-ch-gva-2-0/apps/collector-exoscale-ch-gva-2-0.yaml new file mode 100644 index 0000000..e69de29 diff --git a/component/tests/golden/collector-exoscale-ch-gva-2-0/collector-exoscale-ch-gva-2-0/collector-exoscale-ch-gva-2-0/cronjob.yaml b/component/tests/golden/collector-exoscale-ch-gva-2-0/collector-exoscale-ch-gva-2-0/collector-exoscale-ch-gva-2-0/cronjob.yaml new file mode 100644 index 0000000..b53f423 --- /dev/null +++ b/component/tests/golden/collector-exoscale-ch-gva-2-0/collector-exoscale-ch-gva-2-0/collector-exoscale-ch-gva-2-0/cronjob.yaml @@ -0,0 +1,45 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + labels: + app.kubernetes.io/component: cloudscale-metrics-collector + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: cloudscale-metrics-collector + app.kubernetes.io/part-of: appuio-cloud-reporting + name: collector-exoscale-ch-gva-2-0 + namespace: appuio-cloud-reporting +spec: + concurrencyPolicy: Forbid + failedJobsHistoryLimit: 5 + jobTemplate: + spec: + template: + spec: + containers: + - args: + - cloudscale-metrics-collector + command: + - sh + - -c + env: + - name: password + valueFrom: + secretKeyRef: + key: password + name: reporting-db + - name: username + valueFrom: + secretKeyRef: + key: username + name: reporting-db + - name: ACR_DB_URL + value: postgres://$(username):$(password)@reporting-db.appuio-reporting.svc:5432/reporting?sslmode=disable + envFrom: + - secretRef: + name: credentials-collector-exoscale-ch-gva-2-0 + image: ghcr.io/vshn/cloudscale-metrics-collector:v0.4.1 + name: cloudscale-metrics-collector-backfill + resources: {} + restartPolicy: OnFailure + schedule: 10 4,10,16 * * * + successfulJobsHistoryLimit: 3 diff --git a/component/tests/golden/collector-exoscale-ch-gva-2-0/collector-exoscale-ch-gva-2-0/collector-exoscale-ch-gva-2-0/secrets.yaml b/component/tests/golden/collector-exoscale-ch-gva-2-0/collector-exoscale-ch-gva-2-0/collector-exoscale-ch-gva-2-0/secrets.yaml new file mode 100644 index 0000000..dad72e4 --- /dev/null +++ b/component/tests/golden/collector-exoscale-ch-gva-2-0/collector-exoscale-ch-gva-2-0/collector-exoscale-ch-gva-2-0/secrets.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +data: {} +kind: Secret +metadata: + annotations: {} + labels: + name: credentials-collector-exoscale-ch-gva-2-0 + name: credentials-collector-exoscale-ch-gva-2-0 + namespace: appuio-cloud-reporting +stringData: + CLOUDSCALE_API_TOKEN: t-silent-test-1234/c-green-test-1234/cloudscale-metrics-collector/collector-exoscale-ch-gva-2-0/token + KUBERNETES_SERVER_TOKEN: t-silent-test-1234/c-green-test-1234/cloudscale-metrics-collector/collector-exoscale-ch-gva-2-0/cluster-token + KUBERNETES_SERVER_URL: t-silent-test-1234/c-green-test-1234/cloudscale-metrics-collector/collector-exoscale-ch-gva-2-0/cluster-server +type: Opaque diff --git a/component/tests/golden/defaults/cloudscale-metrics-collector/cloudscale-metrics-collector/secrets.yaml b/component/tests/golden/defaults/cloudscale-metrics-collector/cloudscale-metrics-collector/secrets.yaml deleted file mode 100644 index 0e65edc..0000000 --- a/component/tests/golden/defaults/cloudscale-metrics-collector/cloudscale-metrics-collector/secrets.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -data: {} -kind: Secret -metadata: - annotations: {} - labels: - name: cloudscale - name: cloudscale - namespace: appuio-cloud-reporting -stringData: - token: t-silent-test-1234/c-green-test-1234/cloudscale-metrics-collector/token -type: Opaque diff --git a/docs/modules/ROOT/pages/how-tos/installation.adoc b/docs/modules/ROOT/pages/how-tos/installation.adoc index 4be4fb3..4533101 100644 --- a/docs/modules/ROOT/pages/how-tos/installation.adoc +++ b/docs/modules/ROOT/pages/how-tos/installation.adoc @@ -16,9 +16,11 @@ parameters: cloudscale_metrics_collector: namespace: 'appuio-cloud-reporting' secrets: - cloudscale: + credentials: stringData: - token:"?{vaultkv:${cluster:tenant}/${cluster:name}/cloudscale-metrics-collector/token}" + CLOUDSCALE_API_TOKEN: "?{vaultkv:${cluster:tenant}/${cluster:name}/cloudscale-metrics-collector/${_instance}/token}" + KUBERNETES_SERVER_URL: "?{vaultkv:${cluster:tenant}/${cluster:name}/cloudscale-metrics-collector/${_instance}/cluster-server}" + KUBERNETES_SERVER_TOKEN: "?{vaultkv:${cluster:tenant}/${cluster:name}/cloudscale-metrics-collector/${_instance}/cluster-token}" ---- See the xref:references/parameters.adoc[parameters] reference for a full list of parameters. diff --git a/docs/modules/ROOT/pages/references/parameters.adoc b/docs/modules/ROOT/pages/references/parameters.adoc index 822b87c..4ff4993 100644 --- a/docs/modules/ROOT/pages/references/parameters.adoc +++ b/docs/modules/ROOT/pages/references/parameters.adoc @@ -19,8 +19,7 @@ default:: https://github.com/vshn/cloudscale-metrics-collector/blob/master/compo Dictionary containing the container images used by this component. - -== `secrets.cloudscale.stringData.token` +== `secrets.credentials.stringData.CLOUDSCALE_API_TOKEN` [horizontal] type:: string @@ -30,3 +29,21 @@ The cloudscale API token. You need to get the token from the https://control.cloudscale.ch[Cloudscale Control Panel]. You need to select the correct Project (token is limited to one project), choose "API Tokens" in the menu and generate a new one. + +== `secrets.credentials.stringData.KUBERNETES_SERVER_URL` + +[horizontal] +type:: string +default:: Required. + +The Kubernetes server URL. + +== `secrets.credentials.stringData.KUBERNETES_SERVER_TOKEN` + +[horizontal] +type:: string +default:: Required. + +The token to connect to a Kubernetes cluster. + +The Service Account connected to this token should have `get` and `list` permissions to `buckets.cloudscale.crossplane.io` managed resource, and `get` and `list` permissions for namespaces.