Skip to content

Commit

Permalink
chore(RHTAPWATCH-568): Add authentication to Service and ServiceMonitor
Browse files Browse the repository at this point in the history
Signed-off-by: Kousalya Lakshmanan <[email protected]>
  • Loading branch information
klakshma21 committed Feb 28, 2024
1 parent b9e9508 commit f84ec63
Show file tree
Hide file tree
Showing 6 changed files with 126 additions and 35 deletions.
3 changes: 1 addition & 2 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,7 @@ RUN CGO_ENABLED=0 GOOS=linux go build -o /bin/exporters .
EXPOSE 8090


FROM registry.access.redhat.com/ubi9/ubi-minimal:9.3-1361.1699548032
RUN microdnf update --setopt=install_weak_deps=0 -y && microdnf install -y libcurl-minimal libcurl-devel
FROM registry.access.redhat.com/ubi9/ubi-micro:9.3-9

COPY --from=builder /bin/exporters /bin/exporters

Expand Down
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- prometheus-exporter-service-monitor.yaml
- prometheus-exporter-service.yaml
images:
- name: exporter
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: metrics-reader
namespace: appstudio-grafana-datasource-exporter
---
apiVersion: v1
kind: Secret
metadata:
name: metrics-reader
namespace: appstudio-grafana-datasource-exporter
annotations:
kubernetes.io/service-account.name: metrics-reader
type: kubernetes.io/service-account-token
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: exporter-role-metrics-reader
rules:
- nonResourceURLs:
- /metrics
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: exporter-role-binding-metrics-reader
namespace: appstudio-grafana-datasource-exporter
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: exporter-role-metrics-reader
subjects:
- kind: ServiceAccount
name: metrics-reader
namespace: appstudio-grafana-datasource-exporter
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: o11y-servicemonitor
namespace: appstudio-grafana-datasource-exporter
spec:
endpoints:
- path: /metrics
port: https
scheme: https
bearerTokenSecret:
name: "metrics-reader"
key: token
tlsConfig:
insecureSkipVerify: true
selector:
matchLabels:
app: grafana-datasource-exporter
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
# Example metrics-generating service for showcasing service monitor generation. Based on:
# https://github.com/brancz/kube-rbac-proxy/tree/master/examples/non-resource-url
apiVersion: v1
kind: Namespace
metadata:
Expand Down Expand Up @@ -32,18 +34,45 @@ roleRef:
kind: ClusterRole
name: exporter-cluster-role
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kube-rbac-proxy
rules:
- apiGroups: ["authentication.k8s.io"]
resources:
- tokenreviews
verbs: ["create"]
- apiGroups: ["authorization.k8s.io"]
resources:
- subjectaccessreviews
verbs: ["create"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: exporter-role-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kube-rbac-proxy
subjects:
- kind: ServiceAccount
name: exporter-sa
namespace: appstudio-grafana-datasource-exporter
---
apiVersion: v1
kind: Service
metadata:
name: exporter-service
namespace: appstudio-grafana-datasource-exporter
labels:
app: grafana-datasource-exporter
name: exporter-service
namespace: appstudio-grafana-datasource-exporter
spec:
ports:
- name: http
port: 8090
targetPort: http
- name: https
port: 8443
targetPort: https
selector:
app: grafana-datasource-exporter
---
Expand All @@ -64,32 +93,36 @@ spec:
spec:
serviceAccountName: exporter-sa
containers:
- name: grafana-datasource-exporter
image: exporter:latest
- name: kube-rbac-proxy
image: quay.io/brancz/kube-rbac-proxy:v0.14.0
args:
- "--secure-listen-address=0.0.0.0:8443"
- "--upstream=http://127.0.0.1:8090/"
- "--logtostderr=true"
- "--v=10"
ports:
- containerPort: 8090
name: http
- containerPort: 8443
name: https
resources:
limits:
cpu: 100m
memory: 100Mi
memory: 200Mi
requests:
cpu: 100m
memory: 10Mi
memory: 200Mi
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: true
- name: exporters
image: quay.io/redhat-user-workloads/rhtap-o11y-tenant/o11y/o11y:on-pr-4f111b4877bfa8aecfd7e9de7e8d8dadc70eccdc
resources:
limits:
cpu: 100m
memory: 200Mi
requests:
cpu: 100m
memory: 200Mi
securityContext:
readOnlyRootFilesystem: true
runAsNonRoot: true
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: metrics-reader-test
namespace: appstudio-grafana-datasource-exporter
spec:
endpoints:
- path: /metrics
port: http
scheme: http
selector:
matchLabels:
app: grafana-datasource-exporter
7 changes: 4 additions & 3 deletions exporters/dsexporter/dsexporter.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,10 @@ package main
import (
"context"
"encoding/json"
"errors"
"fmt"
"net/http"
"strings"
"errors"

"github.com/prometheus/client_golang/prometheus"
"github.com/prometheus/client_golang/prometheus/promhttp"
Expand All @@ -15,6 +15,7 @@ import (
)

const check = "prometheus-appstudio-ds"

var allDataSources = GetDataSources

type CustomCollector struct {
Expand All @@ -28,7 +29,7 @@ func NewCustomCollector() *CustomCollector {
Name: "grafana_ds_up",
Help: "Availability of the Konflux default grafana datasource",
},
[]string{"check"}),
[]string{"check"}),
}
}

Expand Down Expand Up @@ -82,7 +83,7 @@ func GetDataSources(grafanaResource map[string]interface{}) ([]string, error) {
return []string{}, nil
}
} else {
return nil, errors.New("Error retrieving status key")
return nil, errors.New("Error retrieving status key")
}
datasourcesIfc := grafanaResource["status"].(map[string]any)["datasources"].([]interface{})
datasources := make([]string, len(datasourcesIfc))
Expand Down
10 changes: 5 additions & 5 deletions exporters/dsexporter/dsexporter_test.go
Original file line number Diff line number Diff line change
@@ -1,15 +1,15 @@
package main

import (
"testing"
"reflect"
"net/http"
"net/http/httptest"
"reflect"
"testing"

"github.com/stretchr/testify/assert"
"github.com/prometheus/client_golang/prometheus"
"github.com/prometheus/client_golang/prometheus/promhttp"
"github.com/prometheus/client_golang/prometheus/testutil"
"github.com/stretchr/testify/assert"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/rest"
)
Expand Down Expand Up @@ -45,7 +45,7 @@ func TestGetGrafanaResource(t *testing.T) {
Host: server.URL,
}
clientset, err := kubernetes.NewForConfig(config)
if(err != nil) {
if err != nil {
t.Fatalf("Error: %v", err)
}
result, errB := GetGrafanaResource(clientset)
Expand Down Expand Up @@ -87,7 +87,7 @@ func TestGetDataSources(t *testing.T) {

expectedResult = []string{}
result, _ = GetDataSources(grafanaRes)

if !reflect.DeepEqual(result, expectedResult) {
t.Errorf("Test-2 failed, Expected %v, but got %v", expectedResult, result)
}
Expand Down

0 comments on commit f84ec63

Please sign in to comment.