Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add mysql backend #13

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Add mysql backend #13

wants to merge 2 commits into from

Conversation

fydai
Copy link

@fydai fydai commented Apr 7, 2020

We also move the secrets from files to environment variables so the mysql backend can access it.

type: Opaque
stringData:
username: ocfgrafana
password: "<%= prometheus_pass %>"
GF_SERVER_ROOT_URL: "https://grafana.ocf.berkeley.edu"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know what the established convention is here, though I have assumed Kubernetes secrets should be reserved for... things that are actually secret.

Grafana makes this even easier for us-- we don't have to use Kubernetes "Secrets" at all, since we can place passwords in individual files in the Puppet private share and point to them with GF_SETTINGNAME__FILE options (see GF_DATABASE_PASSWORD__FILE above for an example). I slightly prefer this because I think our templating code for secrets is a little weird (I don't like how it passes through Jenkins).

It's probably not a huge deal either way, though I'd recommend consolidating on one way instead of the awkward hybrid we have now.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

agree that non-secrets should just be specified in a configmap or directly in the pod template, not in a Secret resource. I don't think there is a problem with templates over files (in fact I like the templating system better, it's more clear what's going on).

Copy link
Member

@cg505 cg505 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You need to fix the grafana.yml in the private share to use the correct variables names before merging this. The changes to that file were breaking deploys for prod. https://irclogs.ocf.berkeley.edu/rebuild-spam/2020-04-22#454679;

type: Opaque
stringData:
username: ocfgrafana
password: "<%= prometheus_pass %>"
GF_SERVER_ROOT_URL: "https://grafana.ocf.berkeley.edu"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

agree that non-secrets should just be specified in a configmap or directly in the pod template, not in a Secret resource. I don't think there is a problem with templates over files (in fact I like the templating system better, it's more clear what's going on).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants