https://infracost.io logo
#help
Title
# help
a

ambitious-student-88371

06/28/2023, 4:14 PM
Hi everyone, I tried self-hosting the cloud pricing API in K8s by installing your helm chart. I am facing an issue, the db download job completes correctly but when I query http://localhost:4000 it shows the home page of the cloud pricing API, when I enter the self-hosted-api-key it returns a 403 error and an Invalid API key response. Although the self-hosted API key is the same as listed in the secret of the pod.
l

little-author-61621

06/28/2023, 4:29 PM
Hi @ambitious-student-88371, I’ve not been able to reproduce. If you curl it with that API key as per below does that work? https://www.infracost.io/docs/cloud_pricing_api/self_hosted/#cli-fails-to-connect-to-your-cloud-pricing-api
a

ambitious-student-88371

06/28/2023, 4:51 PM
ss.png
l

little-author-61621

06/28/2023, 4:54 PM
Thanks @ambitious-student-88371, can you confirm if the pod has the
SELF_HOSTED_INFRACOST_API_KEY
var specified and the corresponding secret has the correct value?
a

ambitious-student-88371

06/28/2023, 4:58 PM
aa (1).png
l

little-author-61621

06/28/2023, 5:06 PM
@ambitious-student-88371 is that a screenshot of the secret? Can you also confirmed what is being passed into
SELF_HOSTED_INFRACOST_API_KEY
for the pod?
a

ambitious-student-88371

06/28/2023, 5:19 PM
Yes, also the environment variable does has
SELF_HOSTED_INFRACOST_API_KEY
set with that value only.
l

little-author-61621

06/28/2023, 5:24 PM
Okay, that seems odd. This error should only be returned if the configured API key doesn’t match the passed one. What happens if you curl it without passing an API key.
a

ambitious-student-88371

06/28/2023, 5:26 PM
only this:
curl -i <http://localhost>:port/graphql
? It still returns invalid Api Key similar output as before.
l

little-author-61621

06/28/2023, 5:30 PM
Hmm, ok so the app at least thinks an API key has been set, but for some reason it doesn’t think it’s the one you’re passing. Have you tried running
echo $SELF_HOSTED_INFRACOST_API_KEY
inside the pod?
a

ambitious-student-88371

06/28/2023, 5:34 PM
I just ran this and i got a diff key and this returns 200 from the endpont
l

little-author-61621

06/28/2023, 5:37 PM
Okay, so somehow a different value is being passed in 😕. Do you a
existingSecretSelfHostedAPIKey
value set in the helm chart?
a

ambitious-student-88371

06/28/2023, 5:38 PM
Copy code
echo "Your self-hosted Infracost API key is $(kubectl get secret --namespace $NAMESPACE cloud-pricing-api --template="{{ index .data \"self-hosted-infracost-api-key\" }}" | base64 -D)"
this returns a different key though, which is invalid
l

little-author-61621

06/28/2023, 5:39 PM
What does the YAML for the API deployment look like?
a

ambitious-student-88371

06/28/2023, 5:45 PM
What exactly to look for?
Copy code
apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    <http://deployment.kubernetes.io/revision|deployment.kubernetes.io/revision>: "1"
    <http://meta.helm.sh/release-name|meta.helm.sh/release-name>: cloud-pricing-api
    <http://meta.helm.sh/release-namespace|meta.helm.sh/release-namespace>: default
  creationTimestamp: "2023-06-28T13:02:03Z"
  generation: 1
  labels:
    <http://app.kubernetes.io/instance|app.kubernetes.io/instance>: cloud-pricing-api
    <http://app.kubernetes.io/managed-by|app.kubernetes.io/managed-by>: Helm
    <http://app.kubernetes.io/name|app.kubernetes.io/name>: cloud-pricing-api
    <http://app.kubernetes.io/version|app.kubernetes.io/version>: 0.3.16
    <http://helm.sh/chart|helm.sh/chart>: cloud-pricing-api-0.6.9
  name: cloud-pricing-api
  namespace: default
  resourceVersion: "683"
  uid: 4aea41d5-85bb-4bd9-b029-07b04f1f518a
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      <http://app.kubernetes.io/instance|app.kubernetes.io/instance>: cloud-pricing-api
      <http://app.kubernetes.io/name|app.kubernetes.io/name>: cloud-pricing-api
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      creationTimestamp: null
      labels:
        <http://app.kubernetes.io/instance|app.kubernetes.io/instance>: cloud-pricing-api
        <http://app.kubernetes.io/name|app.kubernetes.io/name>: cloud-pricing-api
    spec:
      containers:
      - env:
        - name: POSTGRES_HOST
          value: cloud-pricing-api-postgresql
        - name: POSTGRES_PORT
          value: "5432"
        - name: POSTGRES_DB
          value: cloudpricingapi
        - name: POSTGRES_USER
          value: cloudpricingapi
        - name: POSTGRES_PASSWORD
          valueFrom:
            secretKeyRef:
              key: password
              name: cloud-pricing-api-postgresql
        - name: INFRACOST_API_KEY
          valueFrom:
            secretKeyRef:
              key: infracost-api-key
              name: cloud-pricing-api
        - name: SELF_HOSTED_INFRACOST_API_KEY
          valueFrom:
            secretKeyRef:
              key: self-hosted-infracost-api-key
              name: cloud-pricing-api
        - name: LOG_LEVEL
          value: info
        - name: DISABLE_TELEMETRY
          value: "false"
        image: infracost/cloud-pricing-api:0.3.16
        imagePullPolicy: Always
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /health
            port: http
            scheme: HTTP
          initialDelaySeconds: 5
          periodSeconds: 5
          successThreshold: 1
          timeoutSeconds: 2
        name: cloud-pricing-api
        ports:
        - containerPort: 4000
          name: http
          protocol: TCP
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /health
            port: http
            scheme: HTTP
          initialDelaySeconds: 5
          periodSeconds: 5
          successThreshold: 1
          timeoutSeconds: 2
        resources:
          limits:
            cpu: "1"
            memory: 512Mi
          requests:
            cpu: 50m
            memory: 64Mi
        securityContext: {}
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      serviceAccount: cloud-pricing-api
      serviceAccountName: cloud-pricing-api
      terminationGracePeriodSeconds: 30
status:
  availableReplicas: 1
  conditions:
  - lastTransitionTime: "2023-06-28T13:02:38Z"
    lastUpdateTime: "2023-06-28T13:02:38Z"
    message: Deployment has minimum availability.
    reason: MinimumReplicasAvailable
    status: "True"
    type: Available
  - lastTransitionTime: "2023-06-28T13:02:03Z"
    lastUpdateTime: "2023-06-28T13:02:38Z"
    message: ReplicaSet "cloud-pricing-api-5b94ff9c46" has successfully progressed.
    reason: NewReplicaSetAvailable
    status: "True"
    type: Progressing
  observedGeneration: 1
  readyReplicas: 1
  replicas: 1
  updatedReplicas: 1
l

little-author-61621

06/28/2023, 5:48 PM
Thanks, if you restart the deployment does it still use that same API key?
a

ambitious-student-88371

06/28/2023, 5:59 PM
Yeah, now it's the same at every place
l

little-author-61621

06/28/2023, 6:47 PM
Ah ok that's good to know, thanks.
2 Views