Release radix-cost-allocation

.github/workflows/build-push.yml

@@ -4,6 +4,7 @@ on:
     branches:
       - master
       - release
+  workflow_dispatch:
 permissions:
   id-token: write
   contents: read
@@ -18,25 +19,25 @@ jobs:
           - name: "dev"
             ref: "refs/heads/master"
             acr-name: "radixdev"
-            client-id: "6e96429a-3ad5-40ee-b961-6de864d878fc"
+            client-id: "64b117a6-dc1c-4697-a000-ef251333bdc4"
             subscription-id: "16ede44b-1f74-40a5-b428-46cca9a5741b"
 
           - name: "playground"
             ref: "refs/heads/release"
             acr-name: "radixdev"
-            client-id: "6e96429a-3ad5-40ee-b961-6de864d878fc"
+            client-id: "4b607a0a-b4f7-4918-8586-0f1ee8a69d5b"
             subscription-id: "16ede44b-1f74-40a5-b428-46cca9a5741b"
 
           - name: "platform"
             ref: "refs/heads/release"
             acr-name: "radixprod"
-            client-id: "9304412c-98e6-414c-bde4-c5d5047add70"
+            client-id: "e7b711a6-8b96-4d19-b9d4-35e260af7e65"
             subscription-id: "ded7ca41-37c8-4085-862f-b11d21ab341a"
 
           - name: "c2"
             ref: "refs/heads/release"
             acr-name: "radixc2prod"
-            client-id: "9304412c-98e6-414c-bde4-c5d5047add70"
+            client-id: "03efd84e-6142-48e3-97cd-6d49e6aa3f93"
             subscription-id: "ded7ca41-37c8-4085-862f-b11d21ab341a"
 
     steps:
@@ -50,6 +51,19 @@ jobs:
           tenant-id: "3aa4a235-b6e2-48d5-9195-7fcf05b459b0"
           subscription-id: ${{matrix.target.subscription-id}}
 
+      - name: Get GitHub Public IP
+        if: matrix.target.ref == github.ref
+        id: github_public_ip
+        run: echo "ipv4=$(curl 'https://ifconfig.me/ip')" >> $GITHUB_OUTPUT
+
+      - name: Add GitHub IP to ACR
+        if: matrix.target.ref == github.ref
+        id: update_firewall
+        run: az acr network-rule add
+          --name ${{matrix.target.acr-name}}
+          --subscription ${{matrix.target.subscription-id}}
+          --ip-address ${{ steps.github_public_ip.outputs.ipv4 }}
+
       - name: Generate image tag
         if: matrix.target.ref == github.ref
         id: tag
@@ -80,4 +94,10 @@ jobs:
              --set REPOSITORY_NAME=${IMAGE_NAME} \
              --set CACHE="" \
              --set CACHE_TO_OPTIONS="--cache-to=type=registry,ref=${ACR_NAME}.azurecr.io/${IMAGE_NAME}:radix-cache-${GITHUB_REF_NAME},mode=max"
-
+
+      - name: Revoke GitHub IP on ACR
+        if: ${{ steps.update_firewall.outcome == 'success' && !cancelled()}} # Always run this step even if previous step failed
+        run: az acr network-rule remove
+          --name ${{matrix.target.acr-name}}
+          --subscription ${{matrix.target.subscription-id}}
+          --ip-address ${{ steps.github_public_ip.outputs.ipv4 }}

.github/workflows/deploy-database.yml

@@ -3,6 +3,8 @@ name: Deploy Database
 on:
   push:
     branches: [master, release]
+  workflow_dispatch:
+
 permissions:
   id-token: write
 
@@ -27,12 +29,12 @@ jobs:
           - name: "platform"
             ref: "refs/heads/release"
             client-id: "5dd06410-a4dd-4616-8fda-090d23b1528c"
-            server: "sql-radix-cost-allocation-prod.database.windows.net"
+            server: "sql-radix-cost-allocation-platform.database.windows.net"
 
           - name: "c2"
             ref: "refs/heads/release"
             client-id: "820a9ea1-9d2f-4056-9271-d2865cc70fb6"
-            server: "sql-radix-cost-allocation-c2-prod.database.windows.net"
+            server: "sql-radix-cost-allocation-c2.database.windows.net"
 
     env:
       connection: >-

Makefile

@@ -18,9 +18,25 @@ test:
 lint: bootstrap
 	golangci-lint run --max-same-issues 0
 
+.PHONY: mocks
+mocks: bootstrap
+	mockgen -source ./pkg/repository/repository.go -destination ./pkg/repository/mock/repository.go -package mock
+	mockgen -source ./pkg/listers/limitrange.go -destination ./pkg/listers/mock/limitrange.go -package mock
+	mockgen -source ./pkg/listers/node.go -destination ./pkg/listers/mock/node.go -package mock
+	mockgen -source ./pkg/listers/pod.go -destination ./pkg/listers/mock/pod.go -package mock
+	mockgen -source ./pkg/listers/radixregistration.go -destination ./pkg/listers/mock/radixregistration.go -package mock
+	mockgen -source ./pkg/listers/containerbulkdto.go -destination ./pkg/listers/mock/containerbulkdto.go -package mock
+	mockgen -source ./pkg/listers/nodebulkdto.go -destination ./pkg/listers/mock/nodebulkdto.go -package mock
+
+
+
 HAS_GOLANGCI_LINT := $(shell command -v golangci-lint;)
+HAS_MOCKGEN       := $(shell command -v mockgen;)
 
 bootstrap:
 ifndef HAS_GOLANGCI_LINT
 	curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.55.2
 endif
+ifndef HAS_MOCKGEN
+	go install github.com/golang/mock/mockgen@v1.6.0
+endif

README.md

@@ -20,15 +20,13 @@ sqlcmd -S ${SERVER_NAME}.database.windows.net -d ${DATABASE_NAME} -G --variables
 
 ## Deploy to cluster
 
-Installation on cluster is handled by flux through [flux repo](https://github.com/equinor/radix-flux). Before being installed, it requires that there exist a namespace called `radix-cost-allocation`. In that namespace there must be a secret called `cost-db-secret` that contains the database password. This is handled through the setup script in [radix-platform](https://github.com/equinor/radix-platform)
+Installation on cluster is handled by flux through [flux repo](https://github.com/equinor/radix-flux). 
 
-tag in git repository (in master branch) - matching to the version of Version in docs/docs.go
+tag in git repository (in master branch) - matching to the version of Version in charts/Chart.yaml
 
 ## Developing
 
-You need Go installed. Make sure `GOPATH` and `GOROOT` are properly set up.
-
-Also needed:
+You need:
 
 - [`gomock`](https://github.com/golang/mock) (GO111MODULE=on go get github.com/golang/mock/mockgen@v1.5.0)
 
@@ -42,18 +40,8 @@ Want to contribute? Read our [contributing guidelines](./CONTRIBUTING.md)
 We use gomock to generate mocks used in unit test.
 You need to regenerate mocks if you make changes to any of the interface types used by the application; **Repository**
 
-Repository:
-```
-$ mockgen -source ./pkg/repository/repository.go -destination ./pkg/repository/mock/repository.go -package mock
-```
-listers:
 ```
-$ mockgen -source ./pkg/listers/limitrange.go -destination ./pkg/listers/mock/limitrange.go -package mock
-$ mockgen -source ./pkg/listers/node.go -destination ./pkg/listers/mock/node.go -package mock
-$ mockgen -source ./pkg/listers/pod.go -destination ./pkg/listers/mock/pod.go -package mock
-$ mockgen -source ./pkg/listers/radixregistration.go -destination ./pkg/listers/mock/radixregistration.go -package mock
-$ mockgen -source ./pkg/listers/containerbulkdto.go -destination ./pkg/listers/mock/containerbulkdto.go -package mock
-$ mockgen -source ./pkg/listers/nodebulkdto.go -destination ./pkg/listers/mock/nodebulkdto.go -package mock
+make mocks
 ```
 
 ## Update version

charts/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v1
-appVersion: 1.0.0
-version: 1.0.0
+appVersion: 1.1.0
+version: 1.1.0
 description: Pull cost data from containers and push to sql server
 name: radix-cost-allocation

charts/templates/deployment.yaml

@@ -23,17 +23,18 @@ spec:
       {{- end }}
     spec:
       serviceAccount: {{ include "cost-allocation.serviceAccountName" . }}
+      {{- with .Values.podSecurityContext }}
       securityContext:
-        runAsNonRoot: true
-        runAsUser: 1000
-        runAsGroup: 1000
-        fsGroup: 1000
-        supplementalGroups:
-          - 1000
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       containers:
         - name: {{ .Chart.Name }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
+          {{- with .Values.securityContext }}
+          securityContext:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
           env:
             - name: CRON_SCHEDULE
               value: {{ .Values.cronSchedule | quote }}
@@ -53,7 +54,12 @@ spec:
               value: {{ .Values.appNameExcludeList }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
-          securityContext:
-            privileged: false
-            readOnlyRootFilesystem: false
-            allowPrivilegeEscalation: false
+          {{- with .Values.volumeMounts }}
+          volumeMounts:
+          {{- toYaml . | nindent 12 }}
+          {{- end }}
+      {{- with .Values.volumes }}
+      volumes:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}          
+

charts/values.yaml

@@ -49,3 +49,22 @@ resources:
   requests:
     cpu: 50m
     memory: 100Mi
+
+podSecurityContext:
+  runAsNonRoot: true
+  runAsUser: 1000
+  runAsGroup: 1000
+  fsGroup: 1000
+  supplementalGroups:
+    - 1000
+
+securityContext:
+  privileged: false
+  readOnlyRootFilesystem: false
+  allowPrivilegeEscalation: false
+
+# Additional volumes to add to the radix-cost-allocation pod.
+volumes: []
+
+# Additional volume mounts to add to the radix-cost-allocation container.
+volumeMounts: []