Add sanity check for cloudIntegrationSecret (#3048)

* add sanity check for cloud integration secret and key Signed-off-by: chipzoller <chipzoller@gmail.com> * use printf Signed-off-by: chipzoller <chipzoller@gmail.com> * fix name of cloud-integration to be hardcoded Signed-off-by: chipzoller <chipzoller@gmail.com> * try Capabilities Signed-off-by: chipzoller <chipzoller@gmail.com> --------- Signed-off-by: chipzoller <chipzoller@gmail.com>
kubecost · Feb 1, 2024 · f5d3299 · f5d3299
1 parent a5fbefe
commit f5d3299
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 1 deletion.
diff --git a/cost-analyzer/templates/NOTES.txt b/cost-analyzer/templates/NOTES.txt
@@ -1,6 +1,7 @@
 --------------------------------------------------
 {{- include "kubecostV2-preconditions" . -}}
 {{- include "eksCheck" . -}}
+{{- include "cloudIntegrationSecretCheck" . -}}
 {{- $servicePort := .Values.service.port | default 9090 }}
 Kubecost {{ .Chart.Version }} has been successfully installed.
 

diff --git a/cost-analyzer/templates/_helpers.tpl b/cost-analyzer/templates/_helpers.tpl
@@ -108,6 +108,20 @@ ERROR: MISSING EBS-CSI DRIVER WHICH IS REQUIRED ON EKS v1.23+ TO MANAGE PERSISTE
 {{- end -}}
 {{- end -}}
 
+{{/*
+Verify the cloud integration secret exists with the expected key when cloud integration is enabled.
+*/}}
+{{- define "cloudIntegrationSecretCheck" -}}
+{{- if (.Values.kubecostProductConfigs).cloudIntegrationSecret }}
+{{-  if .Capabilities.APIVersions.Has "v1/Secret" }}
+  {{- $secret := lookup "v1" "Secret" .Release.Namespace .Values.kubecostProductConfigs.cloudIntegrationSecret }}
+  {{- if or (not $secret) (not (index $secret.data "cloud-integration.json")) }}
+    {{- fail (printf "The cloud integration secret '%s' does not exist or does not contain the expected key 'cloud-integration.json'" .Values.kubecostProductConfigs.cloudIntegrationSecret) }}
+  {{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
 {{/*
 Expand the name of the chart.
 */}}
@@ -992,7 +1006,7 @@ Begin Kubecost 2.0 templates
       readOnly: true
   {{- end }}
   {{- if (.Values.kubecostProductConfigs).cloudIntegrationSecret }}
-    - name: {{ .Values.kubecostProductConfigs.cloudIntegrationSecret }}
+    - name: cloud-integration
       mountPath: /var/configs/cloud-integration
   {{- end }}
   env: