diff --git a/Dockerfile b/Dockerfile index 02f8ce87..23345dd3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,8 +14,7 @@ RUN CGO_ENABLED=0 GOOS=linux go build -o /bin/exporters . EXPOSE 8090 -FROM registry.access.redhat.com/ubi9/ubi-minimal:9.3-1361.1699548032 -RUN microdnf update --setopt=install_weak_deps=0 -y && microdnf install -y libcurl-minimal libcurl-devel +FROM registry.access.redhat.com/ubi9/ubi-micro:9.3-9 COPY --from=builder /bin/exporters /bin/exporters diff --git a/config/exporters/monitoring/grafana/base/kustomization.yaml b/config/exporters/monitoring/grafana/base/kustomization.yaml index 42d0e8eb..f64d8c23 100644 --- a/config/exporters/monitoring/grafana/base/kustomization.yaml +++ b/config/exporters/monitoring/grafana/base/kustomization.yaml @@ -1,6 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: +- prometheus-exporter-service-monitor.yaml - prometheus-exporter-service.yaml images: - name: exporter diff --git a/config/exporters/monitoring/grafana/base/prometheus-exporter-service-monitor.yaml b/config/exporters/monitoring/grafana/base/prometheus-exporter-service-monitor.yaml new file mode 100644 index 00000000..71d217ac --- /dev/null +++ b/config/exporters/monitoring/grafana/base/prometheus-exporter-service-monitor.yaml @@ -0,0 +1,57 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: metrics-reader + namespace: appstudio-grafana-datasource-exporter +--- +apiVersion: v1 +kind: Secret +metadata: + name: metrics-reader + namespace: appstudio-grafana-datasource-exporter + annotations: + kubernetes.io/service-account.name: metrics-reader +type: kubernetes.io/service-account-token +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: exporter-role-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: exporter-role-binding-metrics-reader + namespace: appstudio-grafana-datasource-exporter +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: exporter-role-metrics-reader +subjects: +- kind: ServiceAccount + name: metrics-reader + namespace: appstudio-grafana-datasource-exporter +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: o11y-servicemonitor + namespace: appstudio-grafana-datasource-exporter +spec: + endpoints: + - path: /metrics + port: https + scheme: https + bearerTokenSecret: + name: "metrics-reader" + key: token + tlsConfig: + insecureSkipVerify: true + selector: + matchLabels: + app: grafana-datasource-exporter diff --git a/config/exporters/monitoring/grafana/base/prometheus-exporter-service.yaml b/config/exporters/monitoring/grafana/base/prometheus-exporter-service.yaml index d776ab46..c67ba58d 100644 --- a/config/exporters/monitoring/grafana/base/prometheus-exporter-service.yaml +++ b/config/exporters/monitoring/grafana/base/prometheus-exporter-service.yaml @@ -32,18 +32,45 @@ roleRef: kind: ClusterRole name: exporter-cluster-role --- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kube-rbac-proxy +rules: +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: ["create"] +- apiGroups: ["authorization.k8s.io"] + resources: + - subjectaccessreviews + verbs: ["create"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: exporter-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kube-rbac-proxy +subjects: +- kind: ServiceAccount + name: exporter-sa + namespace: appstudio-grafana-datasource-exporter +--- apiVersion: v1 kind: Service metadata: - name: exporter-service - namespace: appstudio-grafana-datasource-exporter labels: app: grafana-datasource-exporter + name: exporter-service + namespace: appstudio-grafana-datasource-exporter spec: ports: - - name: http - port: 8090 - targetPort: http + - name: https + port: 8443 + targetPort: https selector: app: grafana-datasource-exporter --- @@ -64,32 +91,36 @@ spec: spec: serviceAccountName: exporter-sa containers: - - name: grafana-datasource-exporter - image: exporter:latest + - name: kube-rbac-proxy + image: quay.io/brancz/kube-rbac-proxy:v0.14.0 + args: + - "--secure-listen-address=0.0.0.0:8443" + - "--upstream=http://127.0.0.1:8090/" + - "--logtostderr=true" + - "--v=10" ports: - - containerPort: 8090 - name: http + - containerPort: 8443 + name: https resources: limits: cpu: 100m - memory: 100Mi + memory: 200Mi requests: cpu: 100m - memory: 10Mi + memory: 200Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + - name: exporters + image: exporter:latest + resources: + limits: + cpu: 100m + memory: 200Mi + requests: + cpu: 100m + memory: 200Mi securityContext: readOnlyRootFilesystem: true runAsNonRoot: true ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: metrics-reader-test - namespace: appstudio-grafana-datasource-exporter -spec: - endpoints: - - path: /metrics - port: http - scheme: http - selector: - matchLabels: - app: grafana-datasource-exporter diff --git a/exporters/dsexporter/dsexporter.go b/exporters/dsexporter/dsexporter.go index 4491f3f5..f16e517d 100644 --- a/exporters/dsexporter/dsexporter.go +++ b/exporters/dsexporter/dsexporter.go @@ -3,10 +3,10 @@ package main import ( "context" "encoding/json" + "errors" "fmt" "net/http" "strings" - "errors" "github.com/prometheus/client_golang/prometheus" "github.com/prometheus/client_golang/prometheus/promhttp" @@ -15,6 +15,7 @@ import ( ) const check = "prometheus-appstudio-ds" + var allDataSources = GetDataSources type CustomCollector struct { @@ -28,7 +29,7 @@ func NewCustomCollector() *CustomCollector { Name: "grafana_ds_up", Help: "Availability of the Konflux default grafana datasource", }, - []string{"check"}), + []string{"check"}), } } @@ -82,7 +83,7 @@ func GetDataSources(grafanaResource map[string]interface{}) ([]string, error) { return []string{}, nil } } else { - return nil, errors.New("Error retrieving status key") + return nil, errors.New("Error retrieving status key") } datasourcesIfc := grafanaResource["status"].(map[string]any)["datasources"].([]interface{}) datasources := make([]string, len(datasourcesIfc)) diff --git a/exporters/dsexporter/dsexporter_test.go b/exporters/dsexporter/dsexporter_test.go index 07ecb35b..385ba2c3 100644 --- a/exporters/dsexporter/dsexporter_test.go +++ b/exporters/dsexporter/dsexporter_test.go @@ -1,15 +1,15 @@ package main import ( - "testing" - "reflect" "net/http" "net/http/httptest" + "reflect" + "testing" - "github.com/stretchr/testify/assert" "github.com/prometheus/client_golang/prometheus" "github.com/prometheus/client_golang/prometheus/promhttp" "github.com/prometheus/client_golang/prometheus/testutil" + "github.com/stretchr/testify/assert" "k8s.io/client-go/kubernetes" "k8s.io/client-go/rest" ) @@ -45,7 +45,7 @@ func TestGetGrafanaResource(t *testing.T) { Host: server.URL, } clientset, err := kubernetes.NewForConfig(config) - if(err != nil) { + if err != nil { t.Fatalf("Error: %v", err) } result, errB := GetGrafanaResource(clientset) @@ -87,7 +87,7 @@ func TestGetDataSources(t *testing.T) { expectedResult = []string{} result, _ = GetDataSources(grafanaRes) - + if !reflect.DeepEqual(result, expectedResult) { t.Errorf("Test-2 failed, Expected %v, but got %v", expectedResult, result) }