mirror of
https://github.com/jangraefen/hcloud-pricing-exporter
synced 2024-12-05 01:29:36 +00:00
feat: read HCLOUD_TOKEN from file (#142)
* feat: read HCLOUD_TOKEN from file * feat(helm): add serviceaccount, role and rolebinding * fix(helm): add serviceaccount to pod * fix(helm): remove apiGroup from RoleBinding subject
This commit is contained in:
parent
a7db29dc1d
commit
091c0dc5f7
7 changed files with 100 additions and 0 deletions
|
@ -49,3 +49,15 @@ Selector labels
|
||||||
app.kubernetes.io/name: {{ include "hcloud-pricing-exporter.name" . }}
|
app.kubernetes.io/name: {{ include "hcloud-pricing-exporter.name" . }}
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create the name of the service account to use
|
||||||
|
*/}}
|
||||||
|
{{- define "hcloud-pricing-exporter.serviceAccountName" -}}
|
||||||
|
{{- if .Values.serviceAccount.create }}
|
||||||
|
{{- default (include "hcloud-pricing-exporter.fullname" .) .Values.serviceAccount.name }}
|
||||||
|
{{- else }}
|
||||||
|
{{- default "default" .Values.serviceAccount.name }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
|
|
@ -17,7 +17,13 @@ spec:
|
||||||
{{- end }}
|
{{- end }}
|
||||||
labels:
|
labels:
|
||||||
{{- include "hcloud-pricing-exporter.selectorLabels" . | nindent 8 }}
|
{{- include "hcloud-pricing-exporter.selectorLabels" . | nindent 8 }}
|
||||||
|
{{- with .Values.podLabels }}
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
spec:
|
spec:
|
||||||
|
{{- if .Values.serviceAccount.create }}
|
||||||
|
serviceAccountName: {{ include "hcloud-pricing-exporter.serviceAccountName" . }}
|
||||||
|
{{- end }}
|
||||||
{{- with .Values.imagePullSecrets }}
|
{{- with .Values.imagePullSecrets }}
|
||||||
imagePullSecrets:
|
imagePullSecrets:
|
||||||
{{- toYaml . | nindent 8 }}
|
{{- toYaml . | nindent 8 }}
|
||||||
|
@ -33,6 +39,8 @@ spec:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: {{ include "hcloud-pricing-exporter.fullname" . }}
|
name: {{ include "hcloud-pricing-exporter.fullname" . }}
|
||||||
key: token
|
key: token
|
||||||
|
{{- else if .Values.secret.file }}
|
||||||
|
value: {{ printf "file:%s" .Values.secret.file }}
|
||||||
{{- else }}
|
{{- else }}
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
|
|
18
helm/hcloud-pricing-exporter/templates/role-binding.yaml
Normal file
18
helm/hcloud-pricing-exporter/templates/role-binding.yaml
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
{{- if .Values.rbac.create -}}
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: {{ printf "%sBinding" .Values.rbac.kind }}
|
||||||
|
metadata:
|
||||||
|
name: {{ include "hcloud-pricing-exporter.fullname" . }}
|
||||||
|
labels:
|
||||||
|
{{- include "hcloud-pricing-exporter.labels" . | nindent 4 }}
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: {{ include "hcloud-pricing-exporter.serviceAccountName" . }}
|
||||||
|
{{- if eq .Values.rbac.kind "ClusterRole" }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
{{- end }}
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: {{ .Values.rbac.kind }}
|
||||||
|
name: {{ include "hcloud-pricing-exporter.fullname" . }}
|
||||||
|
{{- end }}
|
12
helm/hcloud-pricing-exporter/templates/role.yaml
Normal file
12
helm/hcloud-pricing-exporter/templates/role.yaml
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
{{- if .Values.rbac.create -}}
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: {{ .Values.rbac.kind }}
|
||||||
|
metadata:
|
||||||
|
name: {{ include "hcloud-pricing-exporter.fullname" . }}
|
||||||
|
labels:
|
||||||
|
{{- include "hcloud-pricing-exporter.labels" . | nindent 4 }}
|
||||||
|
{{- with .Values.rbac.rules }}
|
||||||
|
rules:
|
||||||
|
{{- toYaml . | nindent 2 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
12
helm/hcloud-pricing-exporter/templates/serviceaccount.yaml
Normal file
12
helm/hcloud-pricing-exporter/templates/serviceaccount.yaml
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
{{- if .Values.serviceAccount.create -}}
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: {{ include "hcloud-pricing-exporter.serviceAccountName" . }}
|
||||||
|
labels:
|
||||||
|
{{- include "hcloud-pricing-exporter.labels" . | nindent 4 }}
|
||||||
|
{{- with .Values.serviceAccount.annotations }}
|
||||||
|
annotations:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
|
@ -9,6 +9,8 @@ imagePullSecrets: [ ]
|
||||||
nameOverride: ""
|
nameOverride: ""
|
||||||
fullnameOverride: ""
|
fullnameOverride: ""
|
||||||
|
|
||||||
|
podLabels: { }
|
||||||
|
|
||||||
podAnnotations: { }
|
podAnnotations: { }
|
||||||
|
|
||||||
service:
|
service:
|
||||||
|
@ -28,6 +30,9 @@ secret:
|
||||||
reference:
|
reference:
|
||||||
name:
|
name:
|
||||||
key:
|
key:
|
||||||
|
# to read HCLOUD_TOKEN from file, set file to your file path (e.g. /secrets/token)
|
||||||
|
# the file must be provided manually (e.g. via secret injection)
|
||||||
|
file: ""
|
||||||
|
|
||||||
serviceMonitor:
|
serviceMonitor:
|
||||||
create: false
|
create: false
|
||||||
|
@ -42,3 +47,26 @@ nodeSelector: { }
|
||||||
tolerations: [ ]
|
tolerations: [ ]
|
||||||
|
|
||||||
affinity: { }
|
affinity: { }
|
||||||
|
|
||||||
|
serviceAccount:
|
||||||
|
create: false
|
||||||
|
name: ""
|
||||||
|
annotations: { }
|
||||||
|
|
||||||
|
rbac:
|
||||||
|
create: false
|
||||||
|
# can be set to ClusterRole or Role
|
||||||
|
kind: ClusterRole
|
||||||
|
rules: [ ]
|
||||||
|
# - apiGroups:
|
||||||
|
# - authorization.k8s.io
|
||||||
|
# resources:
|
||||||
|
# - subjectaccessreviews
|
||||||
|
# verbs:
|
||||||
|
# - create
|
||||||
|
# - apiGroups:
|
||||||
|
# - authentication.k8s.io
|
||||||
|
# resources:
|
||||||
|
# - tokenreviews
|
||||||
|
# verbs:
|
||||||
|
# - create
|
||||||
|
|
10
main.go
10
main.go
|
@ -44,6 +44,16 @@ func handleFlags() {
|
||||||
if hcloudAPIToken == "" {
|
if hcloudAPIToken == "" {
|
||||||
panic(fmt.Errorf("no API token for HCloud specified, but required"))
|
panic(fmt.Errorf("no API token for HCloud specified, but required"))
|
||||||
}
|
}
|
||||||
|
if strings.HasPrefix(hcloudAPIToken, "file:") {
|
||||||
|
hcloudAPITokenBytes, err := os.ReadFile(strings.TrimPrefix(hcloudAPIToken, "file:"))
|
||||||
|
if err != nil {
|
||||||
|
panic(fmt.Errorf("failed to read HCLOUD_TOKEN from file: %s", err.Error()))
|
||||||
|
}
|
||||||
|
hcloudAPIToken = strings.TrimSpace(string(hcloudAPITokenBytes))
|
||||||
|
}
|
||||||
|
if len(hcloudAPIToken) != 64 {
|
||||||
|
panic(fmt.Errorf("invalid API token for HCloud specified, must be 64 characters long"))
|
||||||
|
}
|
||||||
|
|
||||||
additionalLabelsFlag = strings.TrimSpace(strings.ReplaceAll(additionalLabelsFlag, " ", ""))
|
additionalLabelsFlag = strings.TrimSpace(strings.ReplaceAll(additionalLabelsFlag, " ", ""))
|
||||||
additionalLabelsSlice := strings.Split(additionalLabelsFlag, ",")
|
additionalLabelsSlice := strings.Split(additionalLabelsFlag, ",")
|
||||||
|
|
Loading…
Reference in a new issue