Creating grafana dashboards using terraform/cdktf - grafana

I can create influxdb datasources and alerts using cdktf for grafana.
The only thing missing are the actual dashboards.
So far I have been using grafonnet, which appears to be deprecated.
Is it possible to create dashboards and panels using cdktf yet, if so, how?


You can use the grafana_dashboard resource from the grafana provider. For this you have to add the provider if you haven't already, e.g. by running cdktf provider add grafana.
Your code could look like this
import { Dashboard } from "./.gen/providers/grafana/lib/dashboard";
import { TerraformAsset } from "cdktf";
import * as path from "path";
// in your stack
new Dashboard(this, "metrics", {
config: Fn.file(
// Copies the file so that it can be used in the context of the
// Stack deployment
new TerraformAsset(this, "metrics-file", {
path: path.resolve(__dirname, "config.json")
}).path
)
})

Related

How do I deploy the AWS EFS CSI Driver Helm chart from https://kubernetes-sigs.github.io/aws-efs-csi-driver/ using Pulimi

I would like to be able to deploy the AWS EFS CSI Driver Helm chart hosted at AWS EFS SIG Repo using Pulumi. With Source from AWS EFS CSI Driver Github Source. I would like to avoid having almost everything managed with Pulumi except this one part of my infrastructure.
Below is the TypeScript class I created to manage interacting with the k8s.helm.v3.Release class:
import * as k8s from '#pulumi/kubernetes';
import * as eks from '#pulumi/eks';
export default class AwsEfsCsiDriverHelmRepo extends k8s.helm.v3.Release {
constructor(cluster: eks.Cluster) {
super(`aws-efs-csi-driver`, {
chart: `aws-efs-csi-driver`,
version: `1.3.6`,
repositoryOpts: {
repo: `https://kubernetes-sigs.github.io/aws-efs-csi-driver/`,
},
namespace: `kube-system`,
}, { provider: cluster.provider });
}
}
I've tried several variations on the above code, chopping of the -driver in the name, removing aws-cfs-csi-driver from the repo property, changing to latest for the version.
When I do a pulumi up I get: failed to pull chart: chart "aws-efs-csi-driver" version "1.3.6" not found in https://kubernetes-sigs.github.io/aws-efs-csi-driver/ repository
$ helm version
version.BuildInfo{Version:"v3.7.0", GitCommit:"eeac83883cb4014fe60267ec6373570374ce770b", GitTreeState:"clean", GoVersion:"go1.16.8"}
$ pulumi version
v3.24.1

You're using the wrong version in your chart invocation.
The version you're selecting is the application version, ie the release version of the underlying application. You need to set the Chart version, see here which is defined here
the following works:
const csiDrive = new kubernetes.helm.v3.Release("csi", {
chart: `aws-efs-csi-driver`,
version: `2.2.3`,
repositoryOpts: {
repo: `https://kubernetes-sigs.github.io/aws-efs-csi-driver/`,
},
namespace: `kube-system`,
});
If you want to use the existing code you have, try this:
import * as k8s from '#pulumi/kubernetes';
import * as eks from '#pulumi/eks';
export default class AwsEfsCsiDriverHelmRepo extends k8s.helm.v3.Release {
constructor(cluster: eks.Cluster) {
super(`aws-efs-csi-driver`, {
chart: `aws-efs-csi-driver`,
version: `2.2.3`,
repositoryOpts: {
repo: `https://kubernetes-sigs.github.io/aws-efs-csi-driver/`,
},
namespace: `kube-system`,
}, { provider: cluster.provider });
}
}

Pulumi - How do we patch a deployment created with helm chart, when values do not contain the property to be updated

I've code to deploy a helm chart using pulumi kubernetes.
I would like to patch the StatefulSet (change serviceAccountName) after deploying the chart. Chart doesn't come with an option to specify service account for StatefulSet.
here's my code
// install psmdb database chart
const psmdbChart = new k8s.helm.v3.Chart(psmdbChartName, {
namespace: namespace.metadata.name,
path: './percona-helm-charts/charts/psmdb-db',
// chart: 'psmdb-db',
// version: '1.7.0',
// fetchOpts: {
// repo: 'https://percona.github.io/percona-helm-charts/'
// },
values: psmdbChartValues
}, {
dependsOn: psmdbOperator
})
const set = psmdbChart.getResource('apps/v1/StatefulSet', `${psmdbChartName}-${psmdbChartValues.replsets[0].name}`);
I'm using Percona Server for MongoDB Operator helm charts. It uses Operator to manage StatefulSet, which also defines CRDs.
I've tried pulumi transformations. In my case Chart doesn't contain a StatefulSet resource instead a CRD.
If it's not possible to update ServiceAccountName on StatefulSet using transformations, is there any other way I can override it?
any help is appreciated.
Thanks,

Pulumi has a powerful feature called Transformations which is exactly what you need here(Example). A transformation is a callback that gets invoked by the Pulumi runtime and can be used to modify resource input properties before the resource is created.
I've not tested the code but you should get the idea:
import * as k8s from "#pulumi/kubernetes";
// install psmdb database chart
const psmdbChart = new k8s.helm.v3.Chart(psmdbChartName, {
namespace: namespace.metadata.name,
path: './percona-helm-charts/charts/psmdb-db',
// chart: 'psmdb-db',
// version: '1.7.0',
// fetchOpts: {
// repo: 'https://percona.github.io/percona-helm-charts/'
// },
values: psmdbChartValues,
transformations: [
// Set name of StatefulSet
(obj: any, opts: pulumi.CustomResourceOptions) => {
if (obj.kind === "StatefulSet" && obj.metadata.name === `${psmdbChartName}-${psmdbChartValues.replsets[0].name}`) {
obj.spec.template.spec.serviceAccountName = "customServiceAccount"
}
},
],
}, {
dependsOn: psmdbOperator
})

Seems Pulumi doesn't have straight forward way to patch the existing kubernetes resource. Though this is still possible with multiple steps.
From Github Comment
Import existing resource
pulumi up to import
Make desired changes to imported resource
pulumi up to apply changes
It seems they plan on supporting functionality similar to kubectl apply -f for patching resources.

how I can use chef-google-sql for create a postgresql instance

I'm trying to use chef-google-sql for create a postgresql instance, but seems to be impossible. then, anyone uses this cookbook?. because seems no one use it.
If anyone just did it, please let me know how to make it
this was what I tried:
gsql_instance "sql-test-postgre" do
action :create
backend_type 'SECOND_GEN'
database_version 'POSTGRESQL_9_6'
instance_type 'CLOUD_SQL_INSTANCE'
settings({
tier: 'db-n1-standard-1',
ip_configuration: {
authorized_networks: [
{
name: 'google dns server',
value: '8.8.8.8/32'
}
]
}
})
region 'us-east1-b'
project 'XXXX'
credential 'mycred'
end

It appears that your recipe is still under a testing phase. If you have a look at this page, recipes starting with tests~ are not fully compatible with GCP resources yet.
This is your deployment tests~instance.rb.

Configuring Spring Cloud Vault Config to pull from a location other than /secret

I am currently integrating Spring Cloud Vault Config into a Spring Boot application. From the home page:
Spring Cloud Vault Config reads config properties from Vaults using the application name and active profiles:
/secret/{application}/{profile}
/secret/{application}
/secret/{default-context}/{profile}
/secret/{default-context}
I would like to instead provide my own location from which to pull properties from Vault which does not start with /secret (e.g. /deployments/prod). I've been looking through the reference documentation but I haven't found anyway to specify this -- is it possible?

I was able to use the Generic Backend properties to massage the paths into what I was looking for. Something like:
spring.cloud.vault:
generic:
enabled: true
backend: deployments
profile-separator: '/'
default-context: prod
application-name: my-app
This will also unfortunately pickup Vault locations like deployments/my-app and deployments/prod/activeProfile so be careful not to have any properties in these locations that you don't want to be picked up.
It looks like there is a desire (and an implementation) to allow for these paths to be specified more programmatically.

It should be done this way.
Have a Configuration class
#Configuration
public class VaultConfiguration {
#Bean
public VaultConfigurer configurer() {
return new VaultConfigurer() {
#Override
public void addSecretBackends(SecretBackendConfigurer configurer) {
configurer.add("secret/my-app/path-1");
configurer.add("secret/my-app/path-2");
configurer.registerDefaultGenericSecretBackends(false);
}
};
}
}
This way you can scan your secrets placed in custom path
Regards
Arun

I solved the same problem in my Kotlin project. But it works in Java too.
Problem
I wanted to specify vault paths in yaml config, so i ended up with the following solution, that allows you to specify paths directly in bootstrap.yml using clear syntax, as:
spring:
cloud:
vault:
paths: "secret/your-app"
Solution:
Create VaultConfig class in your project, with the following content:
package com.your.app.configuration
import org.springframework.beans.factory.annotation.Value
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty
import org.springframework.cloud.vault.config.VaultConfigurer
import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
#Configuration
#ConditionalOnProperty(
prefix = "spring.cloud.vault", value = ["paths"],
matchIfMissing = false
)
class VaultConfig {
#Value("\${spring.cloud.vault.paths}")
private lateinit var paths: List<String>
#Bean
fun configurer(): VaultConfigurer {
return VaultConfigurer { configurer ->
paths.forEach {
configurer.add(it)
}
configurer.registerDefaultGenericSecretBackends(false)
configurer.registerDefaultDiscoveredSecretBackends(false)
}
}
}
Create spring.factories file in src/main/resources/META-INF/spring.factories with a content:
org.springframework.cloud.bootstrap.BootstrapConfiguration=com.your.app.configuration.VaultConfig
Don't forget to specify valid reference to your config instead of
com.your.app.configuration.VaultConfig
spring.factories allows your VaultConfig
happen in the bootstrap context, as documentation says.
Now you can specify desired paths in your bootstrap.yml, as follows:
spring:
cloud:
vault:
paths:
- "secret/application"
- "secret/your-app"
And it should work.

Environment-based host in Ember CLI app

I'm trying to configure the adapter in my Ember CLI app to use a different host based on the environment. In dev, I want it to be the default current host (letting me customize it via the --proxy option, but in production I know it will be http://some.url.
I tried importing my ENV into my application adapter:
// adapters/application.js
import DS from "ember-data";
import ENV from "../../config/environment";
export default DS.ActiveModelAdapter.extend({
host: ENV.host
});
but I'm getting an error that tmp/tree_merger../config/environment.js doesn't exist.

You are pretty close. You should only going up one step in the directory tree (when you are in a route, controller, etc you need to go up two).
// adapters/application.js
import DS from "ember-data";
import ENV from "../config/environment";
export default DS.ActiveModelAdapter.extend({
host: ENV.host
});
The documentation is here.
Note you probably shouldn't be defining your own variables directly on ENV. Use ENV.APP in config/environment.js
var ENV = {
...
APP: {
// Here you can pass flags/options to your application instance
// when it is created
host: 'some_host'
}
};
And access it the same way
import ENV from '../config/environment';
export default DS.ActiveModelAdapter.extend({
host: ENV.APP.host
});

This seems to work
// adapters/application.js
import DS from "ember-data";
export default DS.ActiveModelAdapter.extend({
host: window.MyAppENV.host
});
though I'm not sure if it's the best method.