This is an automated email from the ASF dual-hosted git repository.
jedcunningham pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push:
new 2c0fa0c93e Chart: Add existing secret support for PGBouncer metrics
exporter (#32724)
2c0fa0c93e is described below
commit 2c0fa0c93e550e74f91e7faf45b3d481e179c9e7
Author: Mikaƫl Ducharme <[email protected]>
AuthorDate: Fri Aug 18 14:46:43 2023 -0400
Chart: Add existing secret support for PGBouncer metrics exporter (#32724)
---
chart/templates/_helpers.yaml | 2 +-
.../templates/pgbouncer/pgbouncer-deployment.yaml | 6 +-
.../templates/secrets/pgbouncer-stats-secret.yaml | 2 +-
chart/values.schema.json | 16 +++++
chart/values.yaml | 18 ++++++
helm_tests/other/test_pgbouncer.py | 72 ++++++++++++++++++++++
6 files changed, 113 insertions(+), 3 deletions(-)
diff --git a/chart/templates/_helpers.yaml b/chart/templates/_helpers.yaml
index 0269f03aa1..44b55c7868 100644
--- a/chart/templates/_helpers.yaml
+++ b/chart/templates/_helpers.yaml
@@ -363,7 +363,7 @@ If release name contains chart name it will be used as a
full name.
{{- end }}
{{- define "pgbouncer_stats_secret" -}}
- {{- printf "%s-pgbouncer-stats" (include "airflow.fullname" .) }}
+ {{- default (printf "%s-pgbouncer-stats" (include "airflow.fullname" .))
.Values.pgbouncer.metricsExporterSidecar.statsSecretName }}
{{- end }}
{{- define "registry_secret" -}}
diff --git a/chart/templates/pgbouncer/pgbouncer-deployment.yaml
b/chart/templates/pgbouncer/pgbouncer-deployment.yaml
index 8b6ae051da..5af4a2f0a2 100644
--- a/chart/templates/pgbouncer/pgbouncer-deployment.yaml
+++ b/chart/templates/pgbouncer/pgbouncer-deployment.yaml
@@ -158,7 +158,11 @@ spec:
valueFrom:
secretKeyRef:
name: {{ template "pgbouncer_stats_secret" . }}
- key: connection
+ {{- if (and
.Values.pgbouncer.metricsExporterSidecar.statsSecretName
.Values.pgbouncer.metricsExporterSidecar.statsSecretKey) }}
+ key: {{
.Values.pgbouncer.metricsExporterSidecar.statsSecretKey }}
+ {{- else }}
+ key: "connection"
+ {{- end }}
ports:
- name: metrics
containerPort: {{ .Values.ports.pgbouncerScrape }}
diff --git a/chart/templates/secrets/pgbouncer-stats-secret.yaml
b/chart/templates/secrets/pgbouncer-stats-secret.yaml
index 378b632571..298bc7b2b7 100644
--- a/chart/templates/secrets/pgbouncer-stats-secret.yaml
+++ b/chart/templates/secrets/pgbouncer-stats-secret.yaml
@@ -20,7 +20,7 @@
################################
## Pgbouncer Stats Secret
#################################
-{{- if .Values.pgbouncer.enabled }}
+{{- if (and .Values.pgbouncer.enabled (not
.Values.pgbouncer.metricsExporterSidecar.statsSecretName)) }}
apiVersion: v1
kind: Secret
metadata:
diff --git a/chart/values.schema.json b/chart/values.schema.json
index bfe33730eb..462907d9ec 100644
--- a/chart/values.schema.json
+++ b/chart/values.schema.json
@@ -5496,6 +5496,22 @@
],
"$ref":
"#/definitions/io.k8s.api.core.v1.ResourceRequirements"
},
+ "statsSecretName": {
+ "description": "Name of an existing Secrets object
containing PgBouncer Metrics secrets.",
+ "type": [
+ "string",
+ "null"
+ ],
+ "default": null
+ },
+ "statsSecretKey": {
+ "description": "Key referencing the PGBouncer
Metrics connection URI within an existing Secrets object. Defaults to
`connection` if left null.",
+ "type": [
+ "string",
+ "null"
+ ],
+ "default": null
+ },
"sslmode": {
"description": "SSL mode for
``metricsExporterSidecar``",
"type": "string",
diff --git a/chart/values.yaml b/chart/values.yaml
index eeddec2e3c..7c5356c5cb 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -1912,6 +1912,24 @@ pgbouncer:
# memory: 128Mi
sslmode: "disable"
+ # supply the name of existing secret with PGBouncer connection URI
containing
+ # stats user and password.
+ # you can load them to a k8s secret like the one below
+ # apiVersion: v1
+ # kind: Secret
+ # metadata:
+ # name: pgbouncer-stats-secret
+ # data:
+ # connection: postgresql://<stats
user>:<password>@127.0.0.1:6543/pgbouncer?<connection params>
+ # type: Opaque
+ #
+ # statsSecretName: pgbouncer-stats-secret
+ #
+ statsSecretName: ~
+
+ # Key containing the PGBouncer connection URI, defaults to `connection` if
not defined
+ statsSecretKey: ~
+
# Detailed default security context for metricsExporterSidecar for
container level
securityContexts:
container: {}
diff --git a/helm_tests/other/test_pgbouncer.py
b/helm_tests/other/test_pgbouncer.py
index 454912b4fb..f90be0251e 100644
--- a/helm_tests/other/test_pgbouncer.py
+++ b/helm_tests/other/test_pgbouncer.py
@@ -568,6 +568,78 @@ class TestPgbouncerExporter:
"/pgbouncer?sslmode=require" == connection
)
+ def test_no_existing_secret(self):
+ docs = render_chart(
+ "test-pgbouncer-stats",
+ values={
+ "pgbouncer": {"enabled": True},
+ },
+ show_only=["templates/pgbouncer/pgbouncer-deployment.yaml"],
+ )
+
+ assert {
+ "name": "test-pgbouncer-stats-pgbouncer-stats",
+ "key": "connection",
+ } ==
jmespath.search("spec.template.spec.containers[1].env[0].valueFrom.secretKeyRef",
docs[0])
+
+ def test_existing_secret(self):
+ docs = render_chart(
+ "test-pgbouncer-stats",
+ values={
+ "pgbouncer": {
+ "enabled": True,
+ "metricsExporterSidecar": {
+ "statsSecretName": "existing-stats-secret",
+ },
+ },
+ },
+ show_only=["templates/pgbouncer/pgbouncer-deployment.yaml"],
+ )
+
+ assert {
+ "name": "existing-stats-secret",
+ "key": "connection",
+ } ==
jmespath.search("spec.template.spec.containers[1].env[0].valueFrom.secretKeyRef",
docs[0])
+
+ def test_existing_secret_existing_key(self):
+ docs = render_chart(
+ "test-pgbouncer-stats",
+ values={
+ "pgbouncer": {
+ "enabled": True,
+ "metricsExporterSidecar": {
+ "statsSecretName": "existing-stats-secret",
+ "statsSecretKey": "exisiting-stats-secret-key",
+ },
+ },
+ },
+ show_only=["templates/pgbouncer/pgbouncer-deployment.yaml"],
+ )
+
+ assert {
+ "name": "existing-stats-secret",
+ "key": "exisiting-stats-secret-key",
+ } ==
jmespath.search("spec.template.spec.containers[1].env[0].valueFrom.secretKeyRef",
docs[0])
+
+ def test_unused_secret_key(self):
+ docs = render_chart(
+ "test-pgbouncer-stats",
+ values={
+ "pgbouncer": {
+ "enabled": True,
+ "metricsExporterSidecar": {
+ "statsSecretKey": "unused",
+ },
+ },
+ },
+ show_only=["templates/pgbouncer/pgbouncer-deployment.yaml"],
+ )
+
+ assert {
+ "name": "test-pgbouncer-stats-pgbouncer-stats",
+ "key": "connection",
+ } ==
jmespath.search("spec.template.spec.containers[1].env[0].valueFrom.secretKeyRef",
docs[0])
+
class TestPgBouncerServiceAccount:
"""Tests PgBouncer Service Account."""
