wip: cdk8s event-exporter

linz · Nov 1, 2023 · b608ebf · b608ebf
1 parent 06b32db
commit b608ebf
Show file tree

Hide file tree

Showing 6 changed files with 111 additions and 27,048 deletions.
diff --git a/cdk8s.yaml b/cdk8s.yaml
@@ -3,5 +3,3 @@ language: typescript
 imports:
   - https://raw.githubusercontent.com/aws/karpenter/main/pkg/apis/crds/karpenter.sh_provisioners.yaml
   - https://raw.githubusercontent.com/aws/karpenter/main/pkg/apis/crds/karpenter.k8s.aws_awsnodetemplates.yaml
-  - https://raw.githubusercontent.com/resmoio/kubernetes-event-exporter/master/deploy/00-roles.yaml
-  - k8s
diff --git a/infra/cdk8s.ts b/infra/cdk8s.ts
@@ -3,6 +3,7 @@ import { App } from 'cdk8s';
 import { ArgoSemaphore } from './charts/argo.semaphores';
 import { ArgoWorkflows } from './charts/argo.workflows';
 import { Cloudflared } from './charts/cloudflared';
+import { EventExporter } from './charts/event.exporter';
 import { FluentBit } from './charts/fluentbit';
 import { Karpenter, KarpenterProvisioner } from './charts/karpenter';
 import { CoreDns } from './charts/kube-system.coredns';
@@ -13,7 +14,7 @@ import { fetchSsmParameters } from './util/ssm';
 const app = new App();
 
 async function main(): Promise<void> {
-  // Get cloudformation outputs
+  //Get cloudformation outputs
   const cfnOutputs = await getCfnOutputs(ClusterName);
   const missingKeys = [
     ...Object.values(CfnOutputKeys.Karpenter),
@@ -74,6 +75,8 @@ async function main(): Promise<void> {
     accountId: ssmConfig.accountId,
   });
 
+  new EventExporter(app, 'event-exporter', {});
+
   app.synth();
 }
 

diff --git a/infra/charts/event.exporter.ts b/infra/charts/event.exporter.ts
@@ -1,44 +1,71 @@
 import { Chart, ChartProps } from 'cdk8s';
+import {
+  ApiResource,
+  ClusterRole,
+  ConfigMap,
+  Deployment,
+  ImagePullPolicy,
+  ServiceAccount,
+  Volume,
+} from 'cdk8s-plus-27';
 import { Construct } from 'constructs';
 
-import { KubeClusterRole, KubeClusterRoleBinding, KubeServiceAccount } from '../imports/k8s';
 import { applyDefaultLabels } from '../util/labels.js';
 
 export class EventExporter extends Chart {
   constructor(scope: Construct, id: string, props: ChartProps) {
-    super(scope, id, applyDefaultLabels(props, 'coredns', 'v1', 'kube-dns', 'kube-dns'));
+    super(scope, id, applyDefaultLabels(props, 'event-exporter', 'v1', 'event-exporter', 'event-exporter'));
 
-    const serviceAccount = new KubeServiceAccount(this, 'event-exporter-sa', {
+    const serviceAccount = new ServiceAccount(this, 'event-exporter-sa', {
       metadata: { name: 'event-exporter', namespace: 'monitoring' },
+      // This is the kubernetes default value? and it is not specified here: https://github.com/resmoio/kubernetes-event-exporter/blob/master/deploy/00-roles.yaml
+      automountToken: true,
     });
 
-    const clusterRole = new KubeClusterRole(this, 'event-exporter-cr', {
+    // https://cdk8s.io/docs/latest/plus/cdk8s-plus-27/rbac/#role
+    const clusterRole = new ClusterRole(this, 'event-exporter-cr', {
       metadata: { name: 'event-exporter' },
-      rules: [
-        {
-          apiGroups: ['*'],
-          resources: ['*'],
-          verbs: ['get', 'watch', 'list'],
-        },
-      ],
     });
+    clusterRole.allowRead(ApiResource.custom({ apiGroup: '*', resourceType: '*' }));
+    // create a ClusterRoleBinding
+    clusterRole.bind(serviceAccount);
 
-    new KubeClusterRoleBinding(this, 'event-exporter-crb', {
-      metadata: {
-        name: 'event-exporter',
+    const cm = new ConfigMap(this, 'event-exporter-cfg', {
+      metadata: { name: 'event-exporter-cfg', namespace: 'monitoring' },
+      data: {
+        //FIXME do like cloudflared
+        'config.yaml': `logLevel: warn
+    logFormat: json
+    metricsNamePrefix: event_exporter_
+    route:
+      routes:
+        - match:
+          - receiver: "dump"
+    receivers:
+      - name: "dump"
+        stdout: {}`,
       },
-      roleRef: {
-        apiGroup: 'rbac.authorization.k8s.io',
-        kind: clusterRole.kind,
-        name: clusterRole.name,
+    });
+
+    new Deployment(this, 'event-exporter', {
+      metadata: { name: 'event-exporter', namespace: 'monitoring' },
+      replicas: 1,
+      podMetadata: {
+        labels: { app: 'event-exporter', version: 'v1' },
+        annotations: { 'prometheus.io/scrape': 'true', 'prometheus.io/port': '2112', 'prometheus.io/path': '/metrics' },
       },
-      subjects: [
+      containers: [
         {
-          kind: serviceAccount.kind,
-          name: serviceAccount.name,
-          namespace: 'monitoring',
+          image: 'ghcr.io/resmoio/kubernetes-event-exporter:latest',
+          imagePullPolicy: ImagePullPolicy.IF_NOT_PRESENT,
+          args: ['conf=/data/config.yaml'],
+          name: 'event-exporter',
+          volumeMounts: [{ path: '/data', volume: Volume.fromConfigMap(this, 'cfg', cm, { name: 'cfg' }) }],
+          securityContext: { allowPrivilegeEscalation: false },
         },
       ],
+      serviceAccount: serviceAccount,
+      securityContext: { ensureNonRoot: true },
     });
   }
 }