roachprod: fetch secrets from cloud store #124099
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nameisbhaskar
requested review from
srosenberg and
vidit-bhat
and removed request for
a team
|
This change is |
nameisbhaskar
force-pushed
the
user/bhaskar/use-store-secrets
branch
12 times, most recently
from
988c747 to
9587ca8
Compare
srosenberg
approved these changes
May 15, 2024
|
Thanks Stan for reviewing this! |
Due to the complexity of fetching the secrets from the secrets manager, the secrets are now maintained in cloud storage. Fixes: cockroachdb#117125 Epic: none
nameisbhaskar
force-pushed
the
user/bhaskar/use-store-secrets
branch
from
9587ca8 to
473f257
Compare
|
bors r=@srosenberg |
DarrylWong
added a commit
to DarrylWong/fork
that referenced
this pull request
Jun 13, 2024
As of cockroachdb#124099 we now store the service account creds in cloud storage. We already use this to access prometheus when generating dynamic configs. This change does the same for Grafana annotations by extracting the common logic into a helper. This will allow users to have access to Grafana annotations out of the box locally, and limit the amount of benign but potentially confusing warnings about invalid credentials. Epic: none Fixes: none Release note: none
DarrylWong
added a commit
to DarrylWong/fork
that referenced
this pull request
Jun 24, 2024
As of cockroachdb#124099 we now store the service account creds in cloud storage. We already use this to access prometheus when generating dynamic configs. This change does the same for Grafana annotations by extracting the common logic into a helper. This will allow users to have access to Grafana annotations out of the box locally, and limit the amount of benign but potentially confusing warnings about invalid credentials. Epic: none Fixes: none Release note: none
craig bot
pushed a commit
that referenced
this pull request
Jun 24, 2024
125571: roachtest: grafana annotations read creds from cloud storage r=herkolategan,renatolabs a=DarrylWong As of #124099 we now store the service account creds in cloud storage. We already use this to access prometheus when generating dynamic configs. This change does the same for Grafana annotations by extracting the common logic into a helper. This will allow users to have access to Grafana annotations out of the box locally, and limit the amount of benign but potentially confusing warnings about invalid credentials. Release note: none Fixes: none Epic: none 126084: jobs: limit number of retained dsp-diag-url info rows r=dt a=dt Fixes #126083. 126109: kvserver: deflake `WALBytesWritten` metric r=raduberinde a=aadityasondhi There is a race condition in Pebble metrics where sometimes the WAL is rotated prior to updated the BytesIn metric to account for the previous WAL. The metrics collection call happens async so it can sometimes cause this metric to decrease for a scrape window. Fixes: #125736. Release note: None 126114: sql: avoid slow lock verification in TestSchemaChangeAfterCreateInTxn r=rafiss a=rafiss The addition of test-only verification pushed this test over the timeout sometimes, such that running it under the deadlock detector would cause spurious failures. We avoid this by making the test smaller under deadlock, like we do for race builds. fixes #126075 Release justification: test only change Release note: None Co-authored-by: DarrylWong <[email protected]> Co-authored-by: David Taylor <[email protected]> Co-authored-by: Aaditya Sondhi <[email protected]> Co-authored-by: Rafi Shamim <[email protected]>
asg0451
pushed a commit
to asg0451/cockroach
that referenced
this pull request
Jun 25, 2024
As of cockroachdb#124099 we now store the service account creds in cloud storage. We already use this to access prometheus when generating dynamic configs. This change does the same for Grafana annotations by extracting the common logic into a helper. This will allow users to have access to Grafana annotations out of the box locally, and limit the amount of benign but potentially confusing warnings about invalid credentials. Epic: none Fixes: none Release note: none
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Due to the complexity of fetching the secrets from the secrets manager, the secrets are now maintained in cloud storage.
Fixes: #117125
Epic: none