Hi guys I m trying to use the helm chart for self hosted API Infracost Community #general

$https://infracost.io logo$

Hi guys, I'm trying to use the helm chart for self...

brash-musician-72826

09/14/2022, 5:25 PM

Hi guys, I'm trying to use the helm chart for self-hosted API. I was able to use it by passing the --set postgresql.postgresqlPassword in the helm install command. My problem is when I'm trying to use an existing secret it log the following: Error: couldn't find key postgresql-postgres-password in Secret monitoring/infracost-secret Here's my secret manifest:

Copy code

apiVersion: v1
kind: Secret
metadata:  
  name: infracost-secret
type: Opaque
data:
  infracost-api-key: 
  self-hosted-infracost-api-key: 
  postgresql-password:

am I missing something?

little-author-61621

09/14/2022, 5:29 PM

Hi @brash-musician-72826 I think the bitnami postgresql chart that the helm chart uses needs both

postgresql-password

and

postgresql-postgres-password

(this one being the admin ‘postgres’ user password).

brash-musician-72826

09/14/2022, 5:32 PM

Hi Alistair, thank you for your reply. I tried to add it also to my secret and instead of the error above I was getting an authentication error. I will dig more on that then. Thank you and if you have an idea please let me know.

little-author-61621

09/14/2022, 5:35 PM

Is it an error connecting to postgresql or an error connecting to the cloud pricing API?

little-author-61621

09/14/2022, 5:36 PM

We have a guide here for checking the connection between infracost CLI and the API https://www.infracost.io/docs/cloud_pricing_api/self_hosted/#troubleshooting

brash-musician-72826

09/14/2022, 5:38 PM

When checking the logs for the cloud-pricing-api pod (not the init job nor the postgresql) I got this: {"level":50,"time":1663177026230,"pid":18,"hostname":"cloud-pricing-api-64444cc95b-cv4f7","msg":"Could not connect to database: error: password authentication failed for user \"cloudpricingapi\""}

brash-musician-72826

09/14/2022, 5:44 PM

Since the api pod is not starting at all because it failed to connect to postgresql I can troubleshoot as describe in your previous message. The health is showing this:

Copy code

<html>
<head><title>503 Service Temporarily Unavailable</title></head>
<body>
<center><h1>503 Service Temporarily Unavailable</h1></center>
<hr><center>nginx/1.17.8</center>
</body>
</html>

little-author-61621

09/14/2022, 5:44 PM

hmm does the yaml of the cloud-pricing-api pod show it pulling the expected key for the password from the expected secret?

brash-musician-72826

09/14/2022, 5:44 PM

Let me check

brash-musician-72826

09/14/2022, 5:47 PM

It seems yes:

Copy code

- name: POSTGRES_PASSWORD
      valueFrom:
        secretKeyRef:
          key: postgresql-password
          name: infracost-secret

little-author-61621

09/14/2022, 5:49 PM

You could try running a psql client in a pod and seeing if the DB’s username and password are set up correctly. Something like this:

Copy code

kubectl run postgresql-client --rm --tty -i --restart='Never' --image bitnami/postgresql /bin/bash

psql -h <host> -U <user>

brash-musician-72826

09/14/2022, 5:54 PM

I will try that. If I look at the yaml of the postgresql pod it seems checking for the good key

Copy code

- name: POSTGRES_POSTGRES_PASSWORD
      valueFrom:
        secretKeyRef:
          key: postgresql-postgres-password
          name: infracost-secret
    - name: POSTGRES_USER
      value: cloudpricingapi
    - name: POSTGRES_PASSWORD
      valueFrom:
        secretKeyRef:
          key: postgresql-password
          name: infracost-secret

brash-musician-72826

09/14/2022, 5:54 PM

I'm wondering if it has something to do with the base64 encoding.

brash-musician-72826

09/14/2022, 6:01 PM

If I'm using your command above I can connect using the password define in the secret.

little-author-61621

09/14/2022, 6:02 PM

Ok that's odd, how did you generate the secret?

brash-musician-72826

09/14/2022, 6:04 PM

I apply the secret in k8s with the kubectl apply -f command. The password in it have been encoded on my mac with: echo ********** | base64. I can decode it using the base64 --decode

little-author-61621

09/14/2022, 6:07 PM

Okay, yeah it's probably a base64 issue, adding a new line to the end. Maybe

echo -n

would work

little-author-61621

09/14/2022, 6:07 PM

But you might also need

base64 -w 0

brash-musician-72826

09/14/2022, 6:08 PM

Not sure what those parameter do, but I'll try!

brash-musician-72826

09/14/2022, 6:12 PM

It worked! Now I have issue with api key but I guess it's for the same reason!

brash-musician-72826

09/14/2022, 6:22 PM

I was not able to retreive the key with the suggested command:

Copy code

export INFRACOST_API_KEY=$(kubectl get secret --namespace monitoring cloud-pricing-api --template="{{ index .data \"self-hosted-infracost-api-key\" }}" | base64 -d)
error: error executing template "{{ index .data \"self-hosted-infracost-api-key\" }}": template: output:1:3: executing "output" at <index .data "self-hosted-infracost-api-key">: error calling index: index of untyped nil
base64: invalid input

And using base64 -D I got this:

Copy code

base64: invalid option -- 'D'
Try 'base64 --help' for more information

I had to replace -D by -d.

brash-musician-72826

09/14/2022, 6:23 PM

I know the api key so I exported it my self and it worked.

little-author-61621

09/14/2022, 6:59 PM

Awesome, I'll check those commands in the troubleshooting. Is that it all working now?

brash-musician-72826

09/14/2022, 6:59 PM

Yes, thank you very much!

7 Views

Open in Slack

Previous Next