Hi everyone I tried self hosting the cloud pricing API in K8 Infracost Community #help

$https://infracost.io logo$

Hi everyone, I tried self-hosting the cloud pricin...

ambitious-student-88371

06/28/2023, 4:14 PM

Hi everyone, I tried self-hosting the cloud pricing API in K8s by installing your helm chart. I am facing an issue, the db download job completes correctly but when I query http://localhost:4000 it shows the home page of the cloud pricing API, when I enter the self-hosted-api-key it returns a 403 error and an Invalid API key response. Although the self-hosted API key is the same as listed in the secret of the pod.

little-author-61621

06/28/2023, 4:29 PM

Hi @ambitious-student-88371, I’ve not been able to reproduce. If you curl it with that API key as per below does that work? https://www.infracost.io/docs/cloud_pricing_api/self_hosted/#cli-fails-to-connect-to-your-cloud-pricing-api

ambitious-student-88371

06/28/2023, 4:51 PM

ss.png

little-author-61621

06/28/2023, 4:54 PM

Thanks @ambitious-student-88371, can you confirm if the pod has the

SELF_HOSTED_INFRACOST_API_KEY

var specified and the corresponding secret has the correct value?

ambitious-student-88371

06/28/2023, 4:58 PM

aa (1).png

little-author-61621

06/28/2023, 5:06 PM

@ambitious-student-88371 is that a screenshot of the secret? Can you also confirmed what is being passed into

SELF_HOSTED_INFRACOST_API_KEY

for the pod?

ambitious-student-88371

06/28/2023, 5:19 PM

Yes, also the environment variable does has

SELF_HOSTED_INFRACOST_API_KEY

set with that value only.

little-author-61621

06/28/2023, 5:24 PM

Okay, that seems odd. This error should only be returned if the configured API key doesn’t match the passed one. What happens if you curl it without passing an API key.

ambitious-student-88371

06/28/2023, 5:26 PM

only this:

curl -i <http://localhost>:port/graphql

? It still returns invalid Api Key similar output as before.

little-author-61621

06/28/2023, 5:30 PM

Hmm, ok so the app at least thinks an API key has been set, but for some reason it doesn’t think it’s the one you’re passing. Have you tried running

echo $SELF_HOSTED_INFRACOST_API_KEY

inside the pod?

ambitious-student-88371

06/28/2023, 5:34 PM

I just ran this and i got a diff key and this returns 200 from the endpont

little-author-61621

06/28/2023, 5:37 PM

Okay, so somehow a different value is being passed in 😕. Do you a

existingSecretSelfHostedAPIKey

value set in the helm chart?

ambitious-student-88371

06/28/2023, 5:38 PM

Copy code

echo "Your self-hosted Infracost API key is $(kubectl get secret --namespace $NAMESPACE cloud-pricing-api --template="{{ index .data \"self-hosted-infracost-api-key\" }}" | base64 -D)"

this returns a different key though, which is invalid

little-author-61621

06/28/2023, 5:39 PM

What does the YAML for the API deployment look like?

ambitious-student-88371

06/28/2023, 5:45 PM

What exactly to look for?

Copy code

apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    <http://deployment.kubernetes.io/revision|deployment.kubernetes.io/revision>: "1"
    <http://meta.helm.sh/release-name|meta.helm.sh/release-name>: cloud-pricing-api
    <http://meta.helm.sh/release-namespace|meta.helm.sh/release-namespace>: default
  creationTimestamp: "2023-06-28T13:02:03Z"
  generation: 1
  labels:
    <http://app.kubernetes.io/instance|app.kubernetes.io/instance>: cloud-pricing-api
    <http://app.kubernetes.io/managed-by|app.kubernetes.io/managed-by>: Helm
    <http://app.kubernetes.io/name|app.kubernetes.io/name>: cloud-pricing-api
    <http://app.kubernetes.io/version|app.kubernetes.io/version>: 0.3.16
    <http://helm.sh/chart|helm.sh/chart>: cloud-pricing-api-0.6.9
  name: cloud-pricing-api
  namespace: default
  resourceVersion: "683"
  uid: 4aea41d5-85bb-4bd9-b029-07b04f1f518a
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      <http://app.kubernetes.io/instance|app.kubernetes.io/instance>: cloud-pricing-api
      <http://app.kubernetes.io/name|app.kubernetes.io/name>: cloud-pricing-api
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      creationTimestamp: null
      labels:
        <http://app.kubernetes.io/instance|app.kubernetes.io/instance>: cloud-pricing-api
        <http://app.kubernetes.io/name|app.kubernetes.io/name>: cloud-pricing-api
    spec:
      containers:
      - env:
        - name: POSTGRES_HOST
          value: cloud-pricing-api-postgresql
        - name: POSTGRES_PORT
          value: "5432"
        - name: POSTGRES_DB
          value: cloudpricingapi
        - name: POSTGRES_USER
          value: cloudpricingapi
        - name: POSTGRES_PASSWORD
          valueFrom:
            secretKeyRef:
              key: password
              name: cloud-pricing-api-postgresql
        - name: INFRACOST_API_KEY
          valueFrom:
            secretKeyRef:
              key: infracost-api-key
              name: cloud-pricing-api
        - name: SELF_HOSTED_INFRACOST_API_KEY
          valueFrom:
            secretKeyRef:
              key: self-hosted-infracost-api-key
              name: cloud-pricing-api
        - name: LOG_LEVEL
          value: info
        - name: DISABLE_TELEMETRY
          value: "false"
        image: infracost/cloud-pricing-api:0.3.16
        imagePullPolicy: Always
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /health
            port: http
            scheme: HTTP
          initialDelaySeconds: 5
          periodSeconds: 5
          successThreshold: 1
          timeoutSeconds: 2
        name: cloud-pricing-api
        ports:
        - containerPort: 4000
          name: http
          protocol: TCP
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /health
            port: http
            scheme: HTTP
          initialDelaySeconds: 5
          periodSeconds: 5
          successThreshold: 1
          timeoutSeconds: 2
        resources:
          limits:
            cpu: "1"
            memory: 512Mi
          requests:
            cpu: 50m
            memory: 64Mi
        securityContext: {}
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      serviceAccount: cloud-pricing-api
      serviceAccountName: cloud-pricing-api
      terminationGracePeriodSeconds: 30
status:
  availableReplicas: 1
  conditions:
  - lastTransitionTime: "2023-06-28T13:02:38Z"
    lastUpdateTime: "2023-06-28T13:02:38Z"
    message: Deployment has minimum availability.
    reason: MinimumReplicasAvailable
    status: "True"
    type: Available
  - lastTransitionTime: "2023-06-28T13:02:03Z"
    lastUpdateTime: "2023-06-28T13:02:38Z"
    message: ReplicaSet "cloud-pricing-api-5b94ff9c46" has successfully progressed.
    reason: NewReplicaSetAvailable
    status: "True"
    type: Progressing
  observedGeneration: 1
  readyReplicas: 1
  replicas: 1
  updatedReplicas: 1

little-author-61621

06/28/2023, 5:48 PM

Thanks, if you restart the deployment does it still use that same API key?

ambitious-student-88371

06/28/2023, 5:59 PM

Yeah, now it's the same at every place

little-author-61621

06/28/2023, 6:47 PM

Ah ok that's good to know, thanks.

2 Views

Open in Slack

Previous Next