Fix support for existing plugin secret #3409
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Sean Pomeroy <sean.pomeroy@gmail.com>
|
How I am testing... # Single Pod
## Customer Managed Secret
helm template ./cost-analyzer \
--set=kubecostAggregator.deployMethod=singlepod \
--set=prometheus.server.global.external_labels.cluster_id=some-cluster \
--set=kubecostModel.plugins.enabled=true \
--set=kubecostModel.plugins.existingCustomSecret.enabled=true \
--set=kubecostModel.plugins.existingCustomSecret.name=custom-plugin-secret
## Kubecost Managed Secret
helm template ./cost-analyzer \
--set=kubecostAggregator.deployMethod=singlepod \
--set=prometheus.server.global.external_labels.cluster_id=some-cluster \
--set=kubecostModel.plugins.enabled=true
# Stateful Set
## Customer Managed Secret
helm template ./cost-analyzer \
--set=kubecostAggregator.deployMethod=statefulset \
--set=kubecostModel.federatedStorageConfigSecret=some-secret \
--set=prometheus.server.global.external_labels.cluster_id=some-cluster \
--set=kubecostModel.plugins.enabled=true \
--set=kubecostModel.plugins.existingCustomSecret.enabled=true \
--set=kubecostModel.plugins.existingCustomSecret.name=custom-plugin-secret
## Kubecost Managed Secret
helm template ./cost-analyzer \
--set=kubecostAggregator.deployMethod=statefulset \
--set=kubecostModel.federatedStorageConfigSecret=some-secret \
--set=prometheus.server.global.external_labels.cluster_id=some-cluster \
--set=kubecostModel.plugins.enabled=true |
|
Using the above commands to test, here is the rendered manifest output for each. Single Pod - Customer Managed Secret---
# Source: cost-analyzer/templates/cost-analyzer-deployment-template.yaml
...
volumes:
- name: plugins-dir
emptyDir: {}
- name: plugins-config
secret:
secretName: custom-plugin-secret
items:
- key: datadog_config.json
path: datadog_config.json
- name: tmp
emptyDir: {}
...Single Pod - Kubecost Managed Secret---
# Source: cost-analyzer/templates/plugins-config.yaml
apiVersion: v1
kind: Secret
metadata:
name: kubecost-plugin-secret
labels:
app.kubernetes.io/name: cost-analyzer
helm.sh/chart: cost-analyzer-2.2.2
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app: cost-analyzer
data: ...
---
# Source: cost-analyzer/templates/cost-analyzer-deployment-template.yaml
...
volumes:
- name: plugins-dir
emptyDir: {}
- name: plugins-config
secret:
secretName: kubecost-plugin-secret
items:
- key: datadog_config.json
path: datadog_config.json
- name: tmp
emptyDir: {}
...StatefulSet - Customer Managed Secret---
# Source: cost-analyzer/templates/aggregator-cloud-cost-deployment.yaml
...
volumes:
- name: federated-storage-config
secret:
defaultMode: 420
secretName: some-secret
- name: persistent-configs
emptyDir: {}
- name: plugins-dir
emptyDir: {}
- name: plugins-config
secret:
secretName: custom-plugin-secret
items:
- key: datadog_config.json
path: datadog_config.json
- name: tmp
emptyDir: {}
...
---
# Source: cost-analyzer/templates/cost-analyzer-deployment-template.yaml
...
volumes:
- name: plugins-dir
emptyDir: {}
- name: plugins-config
secret:
secretName: custom-plugin-secret
items:
- key: datadog_config.json
path: datadog_config.json
- name: tmp
emptyDir: {}
...StatefulSet - Kubecost Managed Secret---
# Source: cost-analyzer/templates/plugins-config.yaml
apiVersion: v1
kind: Secret
metadata:
name: kubecost-plugin-secret
labels:
app.kubernetes.io/name: cost-analyzer
helm.sh/chart: cost-analyzer-2.2.2
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app: cost-analyzer
data:
---
# Source: cost-analyzer/templates/aggregator-cloud-cost-deployment.yaml
...
volumes:
- name: federated-storage-config
secret:
defaultMode: 420
secretName: some-secret
- name: persistent-configs
emptyDir: {}
- name: plugins-dir
emptyDir: {}
- name: plugins-config
secret:
secretName: kubecost-plugin-secret
items:
- key: datadog_config.json
path: datadog_config.json
- name: tmp
emptyDir: {}
...
---
# Source: cost-analyzer/templates/cost-analyzer-deployment-template.yaml
...
volumes:
- name: plugins-dir
emptyDir: {}
- name: plugins-config
secret:
secretName: kubecost-plugin-secret
items:
- key: datadog_config.json
path: datadog_config.json
- name: tmp
emptyDir: {}
... |
Signed-off-by: Sean Pomeroy <sean.pomeroy@gmail.com>
Signed-off-by: Sean Pomeroy <sean.pomeroy@gmail.com>
Signed-off-by: Sean Pomeroy <sean.pomeroy@gmail.com>
thomasvn
reviewed
Jun 6, 2024
| enabled: false | ||
| name: "" # name of the secret containing plugin config | ||
|
|
||
| secretName: kubecost-plugin-secret |
There was a problem hiding this comment.
Do you think we need to build any backwards compatibility here? Since we are changing value configSecret to secretName?
thomasvn
approved these changes
Jun 6, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR change?
It provides the ability to reference a plugin secret managed outside of the helm chart by implementing a pattern we have used before.
Does this PR rely on any other PRs?
No
How does this PR impact users? (This is the kind of thing that goes in release notes!)
Fixes the ability to define an existing secret
Links to Issues or tickets this PR addresses or fixes
N/A
What risks are associated with merging this PR? What is required to fully test this PR?
Changes some of the helm values associated with plugins. Specifically,
kubecostModel.plugins.configSecretis removed.How was this PR tested?
Helm template against local copy of current develop branch
Have you made an update to documentation? If so, please provide the corresponding PR.
No. We do not cover custom secrets for plugins in our documentation. It is documented in the chart.