X-Git-Url: https://osm.etsi.org/gitweb/?a=blobdiff_plain;f=installers%2Fcharm%2Fmongodb-exporter%2Fsrc%2Fcharm.py;h=500a1e3d9753a84aa631791abedc0bbad23c7ad3;hb=499b442f67119589220a1ff144e3b26a9b7714ed;hp=f4c232a9610493745043351ee11bba4a66e577a1;hpb=3ddbbd1f6c70306d13db0976e1e6b3bda0c69abd;p=osm%2Fdevops.git diff --git a/installers/charm/mongodb-exporter/src/charm.py b/installers/charm/mongodb-exporter/src/charm.py index f4c232a9..500a1e3d 100755 --- a/installers/charm/mongodb-exporter/src/charm.py +++ b/installers/charm/mongodb-exporter/src/charm.py @@ -36,6 +36,7 @@ from opslib.osm.interfaces.prometheus import PrometheusScrapeTarget from opslib.osm.pod import ( ContainerV3Builder, IngressResourceV3Builder, + PodRestartPolicy, PodSpecV3Builder, ) from opslib.osm.validator import ModelValidator, validator @@ -53,7 +54,8 @@ class ConfigModel(ModelValidator): ingress_whitelist_source_range: Optional[str] tls_secret_name: Optional[str] mongodb_uri: Optional[str] - image_pull_policy: Optional[str] + image_pull_policy: str + security_context: bool @validator("site_url") def validate_site_url(cls, v): @@ -144,7 +146,7 @@ class MongodbExporterCharm(CharmedOsmBase): if self.unit.is_leader(): self.dashboard_target.publish_info( name="osm-mongodb", - dashboard=Path("files/mongodb_exporter_dashboard.json").read_text(), + dashboard=Path("templates/mongodb_exporter_dashboard.json").read_text(), ) def _check_missing_dependencies(self, config: ConfigModel): @@ -182,12 +184,31 @@ class MongodbExporterCharm(CharmedOsmBase): # Check relations self._check_missing_dependencies(config) + unparsed = ( + config.mongodb_uri + if config.mongodb_uri + else self.mongodb_client.connection_string + ) + parsed = urlparse(unparsed) + mongodb_uri = f"mongodb://{parsed.netloc.split(',')[0]}{parsed.path}" + if parsed.query: + mongodb_uri += f"?{parsed.query}" + # Create Builder for the PodSpec - pod_spec_builder = PodSpecV3Builder() + pod_spec_builder = PodSpecV3Builder( + enable_security_context=config.security_context + ) + + # Add secrets to the pod + mongodb_secret_name = f"{self.app.name}-mongodb-secret" + pod_spec_builder.add_secret(mongodb_secret_name, {"uri": mongodb_uri}) # Build container container_builder = ContainerV3Builder( - self.app.name, image_info, config.image_pull_policy + self.app.name, + image_info, + config.image_pull_policy, + run_as_non_root=config.security_context, ) container_builder.add_port(name=self.app.name, port=PORT) container_builder.add_http_readiness_probe( @@ -207,26 +228,17 @@ class MongodbExporterCharm(CharmedOsmBase): failure_threshold=10, ) - unparsed = ( - config.mongodb_uri - if config.mongodb_uri - else self.mongodb_client.connection_string - ) - parsed = urlparse(unparsed) - mongodb_uri = f"mongodb://{parsed.netloc.split(',')[0]}{parsed.path}" - if parsed.query: - mongodb_uri += f"?{parsed.query}" - - container_builder.add_envs( - { - "MONGODB_URI": mongodb_uri, - } - ) + container_builder.add_secret_envs(mongodb_secret_name, {"MONGODB_URI": "uri"}) container = container_builder.build() # Add container to PodSpec pod_spec_builder.add_container(container) + # Add Pod restart policy + restart_policy = PodRestartPolicy() + restart_policy.add_secrets(secret_names=(mongodb_secret_name,)) + pod_spec_builder.set_restart_policy(restart_policy) + # Add ingress resources to PodSpec if site url exists if config.site_url: parsed = urlparse(config.site_url) @@ -256,8 +268,6 @@ class MongodbExporterCharm(CharmedOsmBase): ingress_resource = ingress_resource_builder.build() pod_spec_builder.add_ingress_resource(ingress_resource) - logger.debug(pod_spec_builder.build()) - return pod_spec_builder.build()