v2.3.0
New Features
SecretsStore support for Vault CSI
Note for reddit devs: this requires some infrastructural components that will be rolling out in the near future. Hold tight!
The SecretsStore now supports the Vault CSI secret provider as an alternative to the secrets fetcher sidecar, reducing deployment complexity.
When it comes time to make the swap, change your application configuration to use the new provider and point it at the directory the secrets are written into:
[app:main]
...
secrets.provider = vault_csi
secrets.path = /var/lib/secrets
...You will also need to update the names of secrets in your application to match the output of the CSI provider.
See #625.
Prometheus exporter in baseplate-serve
If the prometheus-client package is installed, running baseplate-serve will now also start up a Prometheus HTTP exporter listening on port 6060. This does not affect any statsd metrics you are emitting.
You can generate Prometheus metrics using prometheus-client's metrics classes:
from prometheus_client import Counter
c = Counter("sheep_counted", "Description of metric")
c.inc()and they will be automatically available in the exporter's HTTP endpoint. Baseplate.py does not currently emit any standard span-based metrics via Prometheus but we will be building this in the near future.
The exporter is multiprocess-aware. If your application runs under Einhorn, any given worker process will report metrics registered by all of its local peers as well.
See #632.
Changes
- sqlalchemy: limit statement tag length (#615)
Bug Fixes
- Fix syntax error in shell logging (also in v2.2.1, #621)
- Fix healthcheck failure message (also in v2.2.2, #623)
- Add a timeout to fix hung requests to vault (also in v2.2.2, #624)
- Don't show confusing IPython exception context in shell tracebacks (#630)
- Don't show confusing BatchFull exception context on event publisher errors (#631)