Mirrors/hcloud-pricing-exporter
2
0
Fork 0
mirror of https://github.com/jangraefen/hcloud-pricing-exporter synced 2024-11-10 05:54:15 +00:00
Code Issues Projects Releases Packages Wiki Activity

feat: read HCLOUD_TOKEN from file (#142)

Browse source 
* feat: read HCLOUD_TOKEN from file

* feat(helm): add serviceaccount, role and rolebinding

* fix(helm): add serviceaccount to pod

* fix(helm): remove apiGroup from RoleBinding subject
This commit is contained in:
Simon Ostendorf 2024-05-29 20:15:53 +02:00 committed by GitHub
parent a7db29dc1d
commit 091c0dc5f7
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
7 changed files with 100 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
helm/hcloud-pricing-exporter/templates/_helpers.tpl
View file

@ -49,3 +49,15 @@ Selector labels
app.kubernetes.io/name: {{ include "hcloud-pricing-exporter.name" . }} app.kubernetes.io/name: {{ include "hcloud-pricing-exporter.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }} {{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "hcloud-pricing-exporter.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "hcloud-pricing-exporter.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

8
helm/hcloud-pricing-exporter/templates/deployment.yaml
View file

@ -17,7 +17,13 @@ spec:
{{- end }} {{- end }}
labels: labels:
{{- include "hcloud-pricing-exporter.selectorLabels" . | nindent 8 }} {{- include "hcloud-pricing-exporter.selectorLabels" . | nindent 8 }}
{{- with .Values.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec: spec:
{{- if .Values.serviceAccount.create }}
serviceAccountName: {{ include "hcloud-pricing-exporter.serviceAccountName" . }}
{{- end }}
{{- with .Values.imagePullSecrets }} {{- with .Values.imagePullSecrets }}
imagePullSecrets: imagePullSecrets:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
@ -33,6 +39,8 @@ spec:
secretKeyRef: secretKeyRef:
name: {{ include "hcloud-pricing-exporter.fullname" . }} name: {{ include "hcloud-pricing-exporter.fullname" . }}
key: token key: token
{{- else if .Values.secret.file }}
value: {{ printf "file:%s" .Values.secret.file }}
{{- else }} {{- else }}
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:

18
helm/hcloud-pricing-exporter/templates/role-binding.yaml Normal file
View file

@ -0,0 +1,18 @@
{{- if .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: {{ printf "%sBinding" .Values.rbac.kind }}
metadata:
name: {{ include "hcloud-pricing-exporter.fullname" . }}
labels:
{{- include "hcloud-pricing-exporter.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ include "hcloud-pricing-exporter.serviceAccountName" . }}
{{- if eq .Values.rbac.kind "ClusterRole" }}
namespace: {{ .Release.Namespace }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: {{ .Values.rbac.kind }}
name: {{ include "hcloud-pricing-exporter.fullname" . }}
{{- end }}

12
helm/hcloud-pricing-exporter/templates/role.yaml Normal file
View file

@ -0,0 +1,12 @@
{{- if .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: {{ .Values.rbac.kind }}
metadata:
name: {{ include "hcloud-pricing-exporter.fullname" . }}
labels:
{{- include "hcloud-pricing-exporter.labels" . | nindent 4 }}
{{- with .Values.rbac.rules }}
rules:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}

12
helm/hcloud-pricing-exporter/templates/serviceaccount.yaml Normal file
View file

@ -0,0 +1,12 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "hcloud-pricing-exporter.serviceAccountName" . }}
labels:
{{- include "hcloud-pricing-exporter.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

28
helm/hcloud-pricing-exporter/values.yaml
View file

@ -9,6 +9,8 @@ imagePullSecrets: [ ]
nameOverride: "" nameOverride: ""
fullnameOverride: "" fullnameOverride: ""
podLabels: { }
podAnnotations: { } podAnnotations: { }
service: service:
@ -28,6 +30,9 @@ secret:
reference: reference:
name: name:
key: key:
# to read HCLOUD_TOKEN from file, set file to your file path (e.g. /secrets/token)
# the file must be provided manually (e.g. via secret injection)
file: ""
serviceMonitor: serviceMonitor:
create: false create: false
@ -42,3 +47,26 @@ nodeSelector: { }
tolerations: [ ] tolerations: [ ]
affinity: { } affinity: { }
serviceAccount:
create: false
name: ""
annotations: { }
rbac:
create: false
# can be set to ClusterRole or Role
kind: ClusterRole
rules: [ ]
# - apiGroups:
# - authorization.k8s.io
# resources:
# - subjectaccessreviews
# verbs:
# - create
# - apiGroups:
# - authentication.k8s.io
# resources:
# - tokenreviews
# verbs:
# - create

10
main.go
View file

@ -44,6 +44,16 @@ func handleFlags() {
if hcloudAPIToken == "" { if hcloudAPIToken == "" {
panic(fmt.Errorf("no API token for HCloud specified, but required")) panic(fmt.Errorf("no API token for HCloud specified, but required"))
} }
if strings.HasPrefix(hcloudAPIToken, "file:") {
hcloudAPITokenBytes, err := os.ReadFile(strings.TrimPrefix(hcloudAPIToken, "file:"))
if err != nil {
panic(fmt.Errorf("failed to read HCLOUD_TOKEN from file: %s", err.Error()))
}
hcloudAPIToken = strings.TrimSpace(string(hcloudAPITokenBytes))
}
if len(hcloudAPIToken) != 64 {
panic(fmt.Errorf("invalid API token for HCloud specified, must be 64 characters long"))
}
additionalLabelsFlag = strings.TrimSpace(strings.ReplaceAll(additionalLabelsFlag, " ", "")) additionalLabelsFlag = strings.TrimSpace(strings.ReplaceAll(additionalLabelsFlag, " ", ""))
additionalLabelsSlice := strings.Split(additionalLabelsFlag, ",") additionalLabelsSlice := strings.Split(additionalLabelsFlag, ",")