fix deployment for cloudscale-metrics-collector

component/Makefile.vars.mk

@@ -5,7 +5,7 @@ COMPONENT_SUBDIR ?= $(shell basename ${PWD})
 compiled_path   ?= compiled/$(COMPONENT_NAME)/$(COMPONENT_NAME)
 root_volume     ?= -v "$${PWD}/../:/$(COMPONENT_NAME)"
 compiled_volume ?= -v "$${PWD}/$(compiled_path):/$(COMPONENT_NAME)"
-commodore_args  ?= --search-paths . -n $(COMPONENT_NAME)
+commodore_args  ?= --search-paths . -n $(COMPONENT_NAME) --alias $(instance)
 
 ifneq "$(shell which docker 2>/dev/null)" ""
 	DOCKER_CMD    ?= $(shell which docker)
@@ -43,5 +43,5 @@ KUBENT_ARGS     ?= -c=false --helm2=false --helm3=false -e
 KUBENT_IMAGE    ?= docker.io/projectsyn/kubent:latest
 KUBENT_DOCKER   ?= $(DOCKER_CMD) $(DOCKER_ARGS) $(root_volume) --entrypoint=/app/kubent $(KUBENT_IMAGE)
 
-instance ?= defaults
-test_instances = tests/defaults.yml
+instance ?= cloudscale-metrics-collector
+test_instances = tests/cloudscale-metrics-collector.yml tests/collector-exoscale-ch-gva-2-0.yml

component/class/cloudscale-metrics-collector.yml

@@ -5,7 +5,9 @@ parameters:
           - ${_base_directory}/component/app.jsonnet
         input_type: jsonnet
         output_path: apps/
+        output_type: yaml
       - input_paths:
           - ${_base_directory}/component/main.jsonnet
         input_type: jsonnet
-        output_path: cloudscale-metrics-collector/
+        output_type: yaml
+        output_path: ${_instance}

component/class/defaults.yml

@@ -1,11 +1,17 @@
 parameters:
   cloudscale_metrics_collector:
+    =_metadata:
+      multi_instance: true
     secrets:
-      cloudscale:
+      credentials:
         stringData:
-          token: "?{vaultkv:${cluster:tenant}/${cluster:name}/cloudscale-metrics-collector/token}"
+          CLOUDSCALE_API_TOKEN: "?{vaultkv:${cluster:tenant}/${cluster:name}/cloudscale-metrics-collector/${_instance}/token}"
+          KUBERNETES_SERVER_URL: "?{vaultkv:${cluster:tenant}/${cluster:name}/cloudscale-metrics-collector/${_instance}/cluster-server}"
+          KUBERNETES_SERVER_TOKEN: "?{vaultkv:${cluster:tenant}/${cluster:name}/cloudscale-metrics-collector/${_instance}/cluster-token}"
     images:
       collector:
         registry: 'ghcr.io'
         repository: 'vshn/cloudscale-metrics-collector'
         tag: 'v0.4.1'
+    # Times in UTC! Don't run job around midnight as exoscale API may return incomplete data
+    schedule: '10 4,10,16 * * *'

component/component/app.jsonnet

@@ -1,11 +1,11 @@
 local kap = import 'lib/kapitan.libjsonnet';
 local inv = kap.inventory();
-local params = inv.parameters.cloudscale_metrics_collector;
 local paramsACR = inv.parameters.appuio_cloud_reporting;
 local argocd = import 'lib/argocd.libjsonnet';
 
-local app = argocd.App('cloudscale-metrics-collector', paramsACR.namespace);
+local instance = inv.parameters._instance;
+local app = argocd.App(instance, paramsACR.namespace);
 
 {
-  'cloudscale-metrics-collector': app,
+  [instance]: app,
 }

component/component/main.jsonnet

@@ -5,36 +5,42 @@ local paramsACR = inv.parameters.appuio_cloud_reporting;
 local kube = import 'lib/kube.libjsonnet';
 local com = import 'lib/commodore.libjsonnet';
 local collectorImage = '%(registry)s/%(repository)s:%(tag)s' % params.images.collector;
-
+local alias = inv.parameters._instance;
+local alias_suffix = '-' + alias;
+local credentials_secret_name = 'credentials' + alias_suffix;
+local component_name = 'cloudscale-metrics-collector';
 
 local labels = {
-  'app.kubernetes.io/name': 'appuio-cloud-reporting',
+  'app.kubernetes.io/name': component_name,
   'app.kubernetes.io/managed-by': 'commodore',
-  'app.kubernetes.io/part-of': 'syn',
+  'app.kubernetes.io/part-of': 'appuio-cloud-reporting',
+  'app.kubernetes.io/component': component_name,
 };
 
 local secrets = [
   if params.secrets[s] != null then
-    kube.Secret(s) {
+    kube.Secret(s + alias_suffix) {
       metadata+: {
         namespace: paramsACR.namespace,
-      }
+      },
     } + com.makeMergeable(params.secrets[s])
   for s in std.objectFields(params.secrets)
 ];
 
 {
   assert params.secrets != null : 'secrets must be set.',
-  assert params.secrets.cloudscale != null : 'secrets.cloudscale must be set.',
-  assert params.secrets.cloudscale.stringData != null : 'secrets.cloudscale.stringData must be set.',
-  assert params.secrets.cloudscale.stringData.token != null : 'secrets.cloudscale.stringData.token must be set.',
+  assert params.secrets.credentials != null : 'secrets.credentials must be set.',
+  assert params.secrets.credentials.stringData != null : 'secrets.credentials.stringData must be set.',
+  assert params.secrets.credentials.stringData.CLOUDSCALE_API_TOKEN != null : 'secrets.credentials.stringData.CLOUDSCALE_API_TOKEN must be set.',
+  assert params.secrets.credentials.stringData.KUBERNETES_SERVER_URL != null : 'secrets.credentials.stringData.KUBERNETES_SERVER_URL must be set.',
+  assert params.secrets.credentials.stringData.KUBERNETES_SERVER_TOKEN != null : 'secrets.credentials.stringData.KUBERNETES_SERVER_TOKEN must be set.',
   secrets: std.filter(function(it) it != null, secrets),
 
   cronjob: {
     kind: 'CronJob',
     apiVersion: 'batch/v1',
     metadata: {
-      name: 'cloudscale-metrics-collector',
+      name: alias,
       namespace: paramsACR.namespace,
       labels+: labels,
     },
@@ -51,7 +57,14 @@ local secrets = [
                   args: [
                     'cloudscale-metrics-collector',
                   ],
-                  command: ['sh', '-c'],
+                  command: [ 'sh', '-c' ],
+                  envFrom: [
+                    {
+                      secretRef: {
+                        name: credentials_secret_name,
+                      },
+                    },
+                  ],
                   env: [
                     {
                       name: 'password',
@@ -75,15 +88,6 @@ local secrets = [
                       name: 'ACR_DB_URL',
                       value: 'postgres://$(username):$(password)@%(host)s:%(port)s/%(name)s?%(parameters)s' % paramsACR.database,
                     },
-                    {
-                      name: 'CLOUDSCALE_API_TOKEN',
-                      valueFrom: {
-                        secretKeyRef: {
-                          key: 'token',
-                          name: 'cloudscale',
-                        },
-                      },
-                    },
                   ],
                   image: collectorImage,
                   name: 'cloudscale-metrics-collector-backfill',
@@ -94,7 +98,7 @@ local secrets = [
           },
         },
       },
-      schedule: '10 4,10,16 * * *', # Times in UTC! Don't run job around midnight as cloudscale API may return incomplete data
+      schedule: params.schedule,
       successfulJobsHistoryLimit: 3,
     },
   },

component/tests/collector-exoscale-ch-gva-2-0.yml

@@ -0,0 +1,12 @@
+applications:
+  - cloudscale-metrics-collector as collector-exoscale-ch-gva-2-0
+
+parameters:
+  appuio_cloud_reporting:
+    namespace: 'appuio-cloud-reporting'
+    database:
+      name: 'reporting'
+      host: 'reporting-db.appuio-reporting.svc'
+      parameters: 'sslmode=disable'
+      password: 'passw0rd'
+      port: 5432

component/tests/golden/defaults/cloudscale-metrics-collector/cloudscale-metrics-collector/cronjob.yaml → component/tests/golden/cloudscale-metrics-collector/cloudscale-metrics-collector/cloudscale-metrics-collector/cronjob.yaml

@@ -2,9 +2,10 @@ apiVersion: batch/v1
 kind: CronJob
 metadata:
   labels:
+    app.kubernetes.io/component: cloudscale-metrics-collector
     app.kubernetes.io/managed-by: commodore
-    app.kubernetes.io/name: appuio-cloud-reporting
-    app.kubernetes.io/part-of: syn
+    app.kubernetes.io/name: cloudscale-metrics-collector
+    app.kubernetes.io/part-of: appuio-cloud-reporting
   name: cloudscale-metrics-collector
   namespace: appuio-cloud-reporting
 spec:
@@ -33,11 +34,9 @@ spec:
                       name: reporting-db
                 - name: ACR_DB_URL
                   value: postgres://$(username):$(password)@reporting-db.appuio-reporting.svc:5432/reporting?sslmode=disable
-                - name: CLOUDSCALE_API_TOKEN
-                  valueFrom:
-                    secretKeyRef:
-                      key: token
-                      name: cloudscale
+              envFrom:
+                - secretRef:
+                    name: credentials-cloudscale-metrics-collector
               image: ghcr.io/vshn/cloudscale-metrics-collector:v0.4.1
               name: cloudscale-metrics-collector-backfill
               resources: {}

component/tests/golden/cloudscale-metrics-collector/cloudscale-metrics-collector/cloudscale-metrics-collector/secrets.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+data: {}
+kind: Secret
+metadata:
+  annotations: {}
+  labels:
+    name: credentials-cloudscale-metrics-collector
+  name: credentials-cloudscale-metrics-collector
+  namespace: appuio-cloud-reporting
+stringData:
+  CLOUDSCALE_API_TOKEN: t-silent-test-1234/c-green-test-1234/cloudscale-metrics-collector/cloudscale-metrics-collector/token
+  KUBERNETES_SERVER_TOKEN: t-silent-test-1234/c-green-test-1234/cloudscale-metrics-collector/cloudscale-metrics-collector/cluster-token
+  KUBERNETES_SERVER_URL: t-silent-test-1234/c-green-test-1234/cloudscale-metrics-collector/cloudscale-metrics-collector/cluster-server
+type: Opaque

component/tests/golden/collector-exoscale-ch-gva-2-0/collector-exoscale-ch-gva-2-0/collector-exoscale-ch-gva-2-0/cronjob.yaml

@@ -0,0 +1,45 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  labels:
+    app.kubernetes.io/component: cloudscale-metrics-collector
+    app.kubernetes.io/managed-by: commodore
+    app.kubernetes.io/name: cloudscale-metrics-collector
+    app.kubernetes.io/part-of: appuio-cloud-reporting
+  name: collector-exoscale-ch-gva-2-0
+  namespace: appuio-cloud-reporting
+spec:
+  concurrencyPolicy: Forbid
+  failedJobsHistoryLimit: 5
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+            - args:
+                - cloudscale-metrics-collector
+              command:
+                - sh
+                - -c
+              env:
+                - name: password
+                  valueFrom:
+                    secretKeyRef:
+                      key: password
+                      name: reporting-db
+                - name: username
+                  valueFrom:
+                    secretKeyRef:
+                      key: username
+                      name: reporting-db
+                - name: ACR_DB_URL
+                  value: postgres://$(username):$(password)@reporting-db.appuio-reporting.svc:5432/reporting?sslmode=disable
+              envFrom:
+                - secretRef:
+                    name: credentials-collector-exoscale-ch-gva-2-0
+              image: ghcr.io/vshn/cloudscale-metrics-collector:v0.4.1
+              name: cloudscale-metrics-collector-backfill
+              resources: {}
+          restartPolicy: OnFailure
+  schedule: 10 4,10,16 * * *
+  successfulJobsHistoryLimit: 3

component/tests/golden/collector-exoscale-ch-gva-2-0/collector-exoscale-ch-gva-2-0/collector-exoscale-ch-gva-2-0/secrets.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+data: {}
+kind: Secret
+metadata:
+  annotations: {}
+  labels:
+    name: credentials-collector-exoscale-ch-gva-2-0
+  name: credentials-collector-exoscale-ch-gva-2-0
+  namespace: appuio-cloud-reporting
+stringData:
+  CLOUDSCALE_API_TOKEN: t-silent-test-1234/c-green-test-1234/cloudscale-metrics-collector/collector-exoscale-ch-gva-2-0/token
+  KUBERNETES_SERVER_TOKEN: t-silent-test-1234/c-green-test-1234/cloudscale-metrics-collector/collector-exoscale-ch-gva-2-0/cluster-token
+  KUBERNETES_SERVER_URL: t-silent-test-1234/c-green-test-1234/cloudscale-metrics-collector/collector-exoscale-ch-gva-2-0/cluster-server
+type: Opaque

docs/modules/ROOT/pages/how-tos/installation.adoc

@@ -16,9 +16,11 @@ parameters:
   cloudscale_metrics_collector:
     namespace: 'appuio-cloud-reporting'
     secrets:
-      cloudscale:
+      credentials:
         stringData:
-          token:"?{vaultkv:${cluster:tenant}/${cluster:name}/cloudscale-metrics-collector/token}"
+          CLOUDSCALE_API_TOKEN: "?{vaultkv:${cluster:tenant}/${cluster:name}/cloudscale-metrics-collector/${_instance}/token}"
+          KUBERNETES_SERVER_URL: "?{vaultkv:${cluster:tenant}/${cluster:name}/cloudscale-metrics-collector/${_instance}/cluster-server}"
+          KUBERNETES_SERVER_TOKEN: "?{vaultkv:${cluster:tenant}/${cluster:name}/cloudscale-metrics-collector/${_instance}/cluster-token}"
 ----
 
 See the xref:references/parameters.adoc[parameters] reference for a full list of parameters.

docs/modules/ROOT/pages/references/parameters.adoc

@@ -19,8 +19,7 @@ default:: https://github.com/vshn/cloudscale-metrics-collector/blob/master/compo
 
 Dictionary containing the container images used by this component.
 
-
-== `secrets.cloudscale.stringData.token`
+== `secrets.credentials.stringData.CLOUDSCALE_API_TOKEN`
 
 [horizontal]
 type:: string
@@ -30,3 +29,21 @@ The cloudscale API token.
 
 You need to get the token from the https://control.cloudscale.ch[Cloudscale Control Panel].
 You need to select the correct Project (token is limited to one project), choose "API Tokens" in the menu and generate a new one.
+
+== `secrets.credentials.stringData.KUBERNETES_SERVER_URL`
+
+[horizontal]
+type:: string
+default:: Required.
+
+The Kubernetes server URL.
+
+== `secrets.credentials.stringData.KUBERNETES_SERVER_TOKEN`
+
+[horizontal]
+type:: string
+default:: Required.
+
+The token to connect to a Kubernetes cluster.
+
+The Service Account connected to this token should have `get` and `list` permissions to `buckets.cloudscale.crossplane.io` managed resource, and `get` and `list` permissions for namespaces.