-
Notifications
You must be signed in to change notification settings - Fork 407
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix support for existing plugin secret #3409
base: develop
Are you sure you want to change the base?
Conversation
Signed-off-by: Sean Pomeroy <sean.pomeroy@gmail.com>
How I am testing... # Single Pod
## Customer Managed Secret
helm template ./cost-analyzer \
--set=kubecostAggregator.deployMethod=singlepod \
--set=prometheus.server.global.external_labels.cluster_id=some-cluster \
--set=kubecostModel.plugins.enabled=true \
--set=kubecostModel.plugins.existingCustomSecret.enabled=true \
--set=kubecostModel.plugins.existingCustomSecret.name=custom-plugin-secret
## Kubecost Managed Secret
helm template ./cost-analyzer \
--set=kubecostAggregator.deployMethod=singlepod \
--set=prometheus.server.global.external_labels.cluster_id=some-cluster \
--set=kubecostModel.plugins.enabled=true
# Stateful Set
## Customer Managed Secret
helm template ./cost-analyzer \
--set=kubecostAggregator.deployMethod=statefulset \
--set=kubecostModel.federatedStorageConfigSecret=some-secret \
--set=prometheus.server.global.external_labels.cluster_id=some-cluster \
--set=kubecostModel.plugins.enabled=true \
--set=kubecostModel.plugins.existingCustomSecret.enabled=true \
--set=kubecostModel.plugins.existingCustomSecret.name=custom-plugin-secret
## Kubecost Managed Secret
helm template ./cost-analyzer \
--set=kubecostAggregator.deployMethod=statefulset \
--set=kubecostModel.federatedStorageConfigSecret=some-secret \
--set=prometheus.server.global.external_labels.cluster_id=some-cluster \
--set=kubecostModel.plugins.enabled=true |
Using the above commands to test, here is the rendered manifest output for each. Single Pod - Customer Managed Secret---
# Source: cost-analyzer/templates/cost-analyzer-deployment-template.yaml
...
volumes:
- name: plugins-dir
emptyDir: {}
- name: plugins-config
secret:
secretName: custom-plugin-secret
items:
- key: datadog_config.json
path: datadog_config.json
- name: tmp
emptyDir: {}
... Single Pod - Kubecost Managed Secret---
# Source: cost-analyzer/templates/plugins-config.yaml
apiVersion: v1
kind: Secret
metadata:
name: kubecost-plugin-secret
labels:
app.kubernetes.io/name: cost-analyzer
helm.sh/chart: cost-analyzer-2.2.2
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app: cost-analyzer
data: ...
---
# Source: cost-analyzer/templates/cost-analyzer-deployment-template.yaml
...
volumes:
- name: plugins-dir
emptyDir: {}
- name: plugins-config
secret:
secretName: kubecost-plugin-secret
items:
- key: datadog_config.json
path: datadog_config.json
- name: tmp
emptyDir: {}
... StatefulSet - Customer Managed Secret---
# Source: cost-analyzer/templates/aggregator-cloud-cost-deployment.yaml
...
volumes:
- name: federated-storage-config
secret:
defaultMode: 420
secretName: some-secret
- name: persistent-configs
emptyDir: {}
- name: plugins-dir
emptyDir: {}
- name: plugins-config
secret:
secretName: custom-plugin-secret
items:
- key: datadog_config.json
path: datadog_config.json
- name: tmp
emptyDir: {}
...
---
# Source: cost-analyzer/templates/cost-analyzer-deployment-template.yaml
...
volumes:
- name: plugins-dir
emptyDir: {}
- name: plugins-config
secret:
secretName: custom-plugin-secret
items:
- key: datadog_config.json
path: datadog_config.json
- name: tmp
emptyDir: {}
... StatefulSet - Kubecost Managed Secret---
# Source: cost-analyzer/templates/plugins-config.yaml
apiVersion: v1
kind: Secret
metadata:
name: kubecost-plugin-secret
labels:
app.kubernetes.io/name: cost-analyzer
helm.sh/chart: cost-analyzer-2.2.2
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app: cost-analyzer
data:
---
# Source: cost-analyzer/templates/aggregator-cloud-cost-deployment.yaml
...
volumes:
- name: federated-storage-config
secret:
defaultMode: 420
secretName: some-secret
- name: persistent-configs
emptyDir: {}
- name: plugins-dir
emptyDir: {}
- name: plugins-config
secret:
secretName: kubecost-plugin-secret
items:
- key: datadog_config.json
path: datadog_config.json
- name: tmp
emptyDir: {}
...
---
# Source: cost-analyzer/templates/cost-analyzer-deployment-template.yaml
...
volumes:
- name: plugins-dir
emptyDir: {}
- name: plugins-config
secret:
secretName: kubecost-plugin-secret
items:
- key: datadog_config.json
path: datadog_config.json
- name: tmp
emptyDir: {}
... |
Signed-off-by: Sean Pomeroy <sean.pomeroy@gmail.com>
Signed-off-by: Sean Pomeroy <sean.pomeroy@gmail.com>
Signed-off-by: Sean Pomeroy <sean.pomeroy@gmail.com>
enabled: false | ||
name: "" # name of the secret containing plugin config | ||
|
||
secretName: kubecost-plugin-secret |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you think we need to build any backwards compatibility here? Since we are changing value configSecret
to secretName
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice addition, and very thorough testing. Thank you! Left one comment about backwards compatibility. Besides that, this LGTM!
What does this PR change?
It provides the ability to reference a plugin secret managed outside of the helm chart by implementing a pattern we have used before.
Does this PR rely on any other PRs?
No
How does this PR impact users? (This is the kind of thing that goes in release notes!)
Fixes the ability to define an existing secret
Links to Issues or tickets this PR addresses or fixes
N/A
What risks are associated with merging this PR? What is required to fully test this PR?
Changes some of the helm values associated with plugins. Specifically,
kubecostModel.plugins.configSecret
is removed.How was this PR tested?
Helm template against local copy of current develop branch
Have you made an update to documentation? If so, please provide the corresponding PR.
No. We do not cover custom secrets for plugins in our documentation. It is documented in the chart.