Skip to content

Commit

Permalink
support flux-managed clusters
Browse files Browse the repository at this point in the history 
Signed-off-by: QuentinBisson <[email protected]>
  • Loading branch information
@QuentinBisson
QuentinBisson committed Aug 30, 2023
1 parent 18f6962 commit b8050cb
Show file tree
Hide file tree
Showing 32 changed files with 500 additions and 0 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

## [Unreleased]

### Changed

- Support flux-managed clusters.

## [4.46.0] - 2023-08-21

### Added
Expand Down
2 changes: 2 additions & 0 deletions files/templates/scrapeconfigs/_apiserver.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
[[- define "_apiserver" -]]
[[- if ne .ClusterType "management_cluster" ]]
api_server: https://[[ .APIServerURL ]]
authorization:
credentials_file: /etc/prometheus/secrets/[[ .SecretName ]]/token
tls_config:
ca_file: /etc/prometheus/secrets/[[ .SecretName ]]/ca
cert_file: /etc/prometheus/secrets/[[ .SecretName ]]/crt
Expand Down
3 changes: 3 additions & 0 deletions service/controller/resource/certificates/resource.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -115,10 +115,13 @@ func (r *Resource) getDesiredObject(ctx context.Context, v interface{}) (*v1.Sec
return nil, microerror.Mask(err)
}
kubeconfigAdminUser := fmt.Sprintf("%s-admin", cluster.GetName())
kubeconfigFluxCustomerUser := fmt.Sprintf("flux-customer@%s", cluster.GetName())
secretData["ca"] = capiKubeconfig.Clusters[cluster.GetName()].CertificateAuthorityData
if _, ok := capiKubeconfig.AuthInfos[kubeconfigAdminUser]; ok {
secretData["crt"] = capiKubeconfig.AuthInfos[kubeconfigAdminUser].ClientCertificateData
secretData["key"] = capiKubeconfig.AuthInfos[kubeconfigAdminUser].ClientKeyData
} else if _, ok := capiKubeconfig.AuthInfos[kubeconfigFluxCustomerUser]; ok {
secretData["token"] = []byte(capiKubeconfig.AuthInfos[kubeconfigAdminUser].Token)
} else {
return nil, errors.New("no supported user found in the CAPI secret")
}
Expand Down
3 changes: 3 additions & 0 deletions service/controller/resource/monitoring/prometheus/resource.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -261,6 +261,9 @@ func toPrometheus(ctx context.Context, v interface{}, config Config) (metav1.Obj
// Workload cluster
prometheus.Spec.APIServerConfig = &promv1.APIServerConfig{
Host: fmt.Sprintf("https://%s", key.APIUrl(cluster)),
Authorization: &promv1.Authorization{
CredentialsFile: fmt.Sprintf("/etc/prometheus/secrets/%s/token", key.Secret()),
},
TLSConfig: &promv1.TLSConfig{
CAFile: fmt.Sprintf("/etc/prometheus/secrets/%s/ca", key.APIServerCertificatesSecretName),
CertFile: fmt.Sprintf("/etc/prometheus/secrets/%s/crt", key.APIServerCertificatesSecretName),
Expand Down
2 changes: 2 additions & 0 deletions service/controller/resource/monitoring/prometheus/test/case-1-awsconfig.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@ spec:
- key: node-role.kubernetes.io/control-plane
operator: DoesNotExist
apiserverConfig:
authorization:
credentialsFile: /etc/prometheus/secrets/cluster-certificates/token
host: https://master.alice:443
tlsConfig:
ca: {}
Expand Down
2 changes: 2 additions & 0 deletions service/controller/resource/monitoring/prometheus/test/case-2-azureconfig.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@ spec:
- key: node-role.kubernetes.io/control-plane
operator: DoesNotExist
apiserverConfig:
authorization:
credentialsFile: /etc/prometheus/secrets/cluster-certificates/token
host: https://master.foo:443
tlsConfig:
ca: {}
Expand Down
2 changes: 2 additions & 0 deletions service/controller/resource/monitoring/prometheus/test/case-3-kvmconfig.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@ spec:
- key: node-role.kubernetes.io/control-plane
operator: DoesNotExist
apiserverConfig:
authorization:
credentialsFile: /etc/prometheus/secrets/cluster-certificates/token
host: https://master.bar:443
tlsConfig:
ca: {}
Expand Down
2 changes: 2 additions & 0 deletions service/controller/resource/monitoring/prometheus/test/case-5-cluster-api-v1alpha3.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@ spec:
- key: node-role.kubernetes.io/control-plane
operator: DoesNotExist
apiserverConfig:
authorization:
credentialsFile: /etc/prometheus/secrets/cluster-certificates/token
host: https://master.baz:443
tlsConfig:
ca: {}
Expand Down
22 changes: 22 additions & 0 deletions service/controller/resource/monitoring/scrapeconfigs/test/aws/case-1-awsconfig.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@
- role: endpoints

api_server: https://master.alice:443
authorization:
credentials_file: /etc/prometheus/secrets/cluster-certificates/token
tls_config:
ca_file: /etc/prometheus/secrets/cluster-certificates/ca
cert_file: /etc/prometheus/secrets/cluster-certificates/crt
Expand Down Expand Up @@ -114,6 +116,8 @@
- role: node

api_server: https://master.alice:443
authorization:
credentials_file: /etc/prometheus/secrets/cluster-certificates/token
tls_config:
ca_file: /etc/prometheus/secrets/cluster-certificates/ca
cert_file: /etc/prometheus/secrets/cluster-certificates/crt
Expand Down Expand Up @@ -176,6 +180,8 @@
- role: node

api_server: https://master.alice:443
authorization:
credentials_file: /etc/prometheus/secrets/cluster-certificates/token
tls_config:
ca_file: /etc/prometheus/secrets/cluster-certificates/ca
cert_file: /etc/prometheus/secrets/cluster-certificates/crt
Expand Down Expand Up @@ -242,6 +248,8 @@
- role: pod

api_server: https://master.alice:443
authorization:
credentials_file: /etc/prometheus/secrets/cluster-certificates/token
tls_config:
ca_file: /etc/prometheus/secrets/cluster-certificates/ca
cert_file: /etc/prometheus/secrets/cluster-certificates/crt
Expand Down Expand Up @@ -377,6 +385,8 @@
- kube-system

api_server: https://master.alice:443
authorization:
credentials_file: /etc/prometheus/secrets/cluster-certificates/token
tls_config:
ca_file: /etc/prometheus/secrets/cluster-certificates/ca
cert_file: /etc/prometheus/secrets/cluster-certificates/crt
Expand Down Expand Up @@ -463,6 +473,8 @@
- kube-system

api_server: https://master.alice:443
authorization:
credentials_file: /etc/prometheus/secrets/cluster-certificates/token
tls_config:
ca_file: /etc/prometheus/secrets/cluster-certificates/ca
cert_file: /etc/prometheus/secrets/cluster-certificates/crt
Expand Down Expand Up @@ -549,6 +561,8 @@
- kube-system

api_server: https://master.alice:443
authorization:
credentials_file: /etc/prometheus/secrets/cluster-certificates/token
tls_config:
ca_file: /etc/prometheus/secrets/cluster-certificates/ca
cert_file: /etc/prometheus/secrets/cluster-certificates/crt
Expand Down Expand Up @@ -626,6 +640,8 @@
- kube-system

api_server: https://master.alice:443
authorization:
credentials_file: /etc/prometheus/secrets/cluster-certificates/token
tls_config:
ca_file: /etc/prometheus/secrets/cluster-certificates/ca
cert_file: /etc/prometheus/secrets/cluster-certificates/crt
Expand Down Expand Up @@ -707,6 +723,8 @@


api_server: https://master.alice:443
authorization:
credentials_file: /etc/prometheus/secrets/cluster-certificates/token
tls_config:
ca_file: /etc/prometheus/secrets/cluster-certificates/ca
cert_file: /etc/prometheus/secrets/cluster-certificates/crt
Expand Down Expand Up @@ -778,6 +796,8 @@
- role: pod

api_server: https://master.alice:443
authorization:
credentials_file: /etc/prometheus/secrets/cluster-certificates/token
tls_config:
ca_file: /etc/prometheus/secrets/cluster-certificates/ca
cert_file: /etc/prometheus/secrets/cluster-certificates/crt
Expand Down Expand Up @@ -838,6 +858,8 @@
- role: endpoints

api_server: https://master.alice:443
authorization:
credentials_file: /etc/prometheus/secrets/cluster-certificates/token
tls_config:
ca_file: /etc/prometheus/secrets/cluster-certificates/ca
cert_file: /etc/prometheus/secrets/cluster-certificates/crt
Expand Down
18 changes: 18 additions & 0 deletions service/controller/resource/monitoring/scrapeconfigs/test/aws/case-2-azureconfig.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@
- role: endpoints

api_server: https://master.foo:443
authorization:
credentials_file: /etc/prometheus/secrets/cluster-certificates/token
tls_config:
ca_file: /etc/prometheus/secrets/cluster-certificates/ca
cert_file: /etc/prometheus/secrets/cluster-certificates/crt
Expand Down Expand Up @@ -114,6 +116,8 @@
- role: node

api_server: https://master.foo:443
authorization:
credentials_file: /etc/prometheus/secrets/cluster-certificates/token
tls_config:
ca_file: /etc/prometheus/secrets/cluster-certificates/ca
cert_file: /etc/prometheus/secrets/cluster-certificates/crt
Expand Down Expand Up @@ -176,6 +180,8 @@
- role: node

api_server: https://master.foo:443
authorization:
credentials_file: /etc/prometheus/secrets/cluster-certificates/token
tls_config:
ca_file: /etc/prometheus/secrets/cluster-certificates/ca
cert_file: /etc/prometheus/secrets/cluster-certificates/crt
Expand Down Expand Up @@ -242,6 +248,8 @@
- role: pod

api_server: https://master.foo:443
authorization:
credentials_file: /etc/prometheus/secrets/cluster-certificates/token
tls_config:
ca_file: /etc/prometheus/secrets/cluster-certificates/ca
cert_file: /etc/prometheus/secrets/cluster-certificates/crt
Expand Down Expand Up @@ -377,6 +385,8 @@
- kube-system

api_server: https://master.foo:443
authorization:
credentials_file: /etc/prometheus/secrets/cluster-certificates/token
tls_config:
ca_file: /etc/prometheus/secrets/cluster-certificates/ca
cert_file: /etc/prometheus/secrets/cluster-certificates/crt
Expand Down Expand Up @@ -454,6 +464,8 @@
- kube-system

api_server: https://master.foo:443
authorization:
credentials_file: /etc/prometheus/secrets/cluster-certificates/token
tls_config:
ca_file: /etc/prometheus/secrets/cluster-certificates/ca
cert_file: /etc/prometheus/secrets/cluster-certificates/crt
Expand Down Expand Up @@ -535,6 +547,8 @@


api_server: https://master.foo:443
authorization:
credentials_file: /etc/prometheus/secrets/cluster-certificates/token
tls_config:
ca_file: /etc/prometheus/secrets/cluster-certificates/ca
cert_file: /etc/prometheus/secrets/cluster-certificates/crt
Expand Down Expand Up @@ -606,6 +620,8 @@
- role: pod

api_server: https://master.foo:443
authorization:
credentials_file: /etc/prometheus/secrets/cluster-certificates/token
tls_config:
ca_file: /etc/prometheus/secrets/cluster-certificates/ca
cert_file: /etc/prometheus/secrets/cluster-certificates/crt
Expand Down Expand Up @@ -666,6 +682,8 @@
- role: endpoints

api_server: https://master.foo:443
authorization:
credentials_file: /etc/prometheus/secrets/cluster-certificates/token
tls_config:
ca_file: /etc/prometheus/secrets/cluster-certificates/ca
cert_file: /etc/prometheus/secrets/cluster-certificates/crt
Expand Down
22 changes: 22 additions & 0 deletions service/controller/resource/monitoring/scrapeconfigs/test/aws/case-3-kvmconfig.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@
- role: endpoints

api_server: https://master.bar:443
authorization:
credentials_file: /etc/prometheus/secrets/cluster-certificates/token
tls_config:
ca_file: /etc/prometheus/secrets/cluster-certificates/ca
cert_file: /etc/prometheus/secrets/cluster-certificates/crt
Expand Down Expand Up @@ -114,6 +116,8 @@
- role: node

api_server: https://master.bar:443
authorization:
credentials_file: /etc/prometheus/secrets/cluster-certificates/token
tls_config:
ca_file: /etc/prometheus/secrets/cluster-certificates/ca
cert_file: /etc/prometheus/secrets/cluster-certificates/crt
Expand Down Expand Up @@ -176,6 +180,8 @@
- role: node

api_server: https://master.bar:443
authorization:
credentials_file: /etc/prometheus/secrets/cluster-certificates/token
tls_config:
ca_file: /etc/prometheus/secrets/cluster-certificates/ca
cert_file: /etc/prometheus/secrets/cluster-certificates/crt
Expand Down Expand Up @@ -242,6 +248,8 @@
- role: pod

api_server: https://master.bar:443
authorization:
credentials_file: /etc/prometheus/secrets/cluster-certificates/token
tls_config:
ca_file: /etc/prometheus/secrets/cluster-certificates/ca
cert_file: /etc/prometheus/secrets/cluster-certificates/crt
Expand Down Expand Up @@ -377,6 +385,8 @@
- kube-system

api_server: https://master.bar:443
authorization:
credentials_file: /etc/prometheus/secrets/cluster-certificates/token
tls_config:
ca_file: /etc/prometheus/secrets/cluster-certificates/ca
cert_file: /etc/prometheus/secrets/cluster-certificates/crt
Expand Down Expand Up @@ -463,6 +473,8 @@
- kube-system

api_server: https://master.bar:443
authorization:
credentials_file: /etc/prometheus/secrets/cluster-certificates/token
tls_config:
ca_file: /etc/prometheus/secrets/cluster-certificates/ca
cert_file: /etc/prometheus/secrets/cluster-certificates/crt
Expand Down Expand Up @@ -549,6 +561,8 @@
- kube-system

api_server: https://master.bar:443
authorization:
credentials_file: /etc/prometheus/secrets/cluster-certificates/token
tls_config:
ca_file: /etc/prometheus/secrets/cluster-certificates/ca
cert_file: /etc/prometheus/secrets/cluster-certificates/crt
Expand Down Expand Up @@ -626,6 +640,8 @@
- kube-system

api_server: https://master.bar:443
authorization:
credentials_file: /etc/prometheus/secrets/cluster-certificates/token
tls_config:
ca_file: /etc/prometheus/secrets/cluster-certificates/ca
cert_file: /etc/prometheus/secrets/cluster-certificates/crt
Expand Down Expand Up @@ -707,6 +723,8 @@


api_server: https://master.bar:443
authorization:
credentials_file: /etc/prometheus/secrets/cluster-certificates/token
tls_config:
ca_file: /etc/prometheus/secrets/cluster-certificates/ca
cert_file: /etc/prometheus/secrets/cluster-certificates/crt
Expand Down Expand Up @@ -778,6 +796,8 @@
- role: pod

api_server: https://master.bar:443
authorization:
credentials_file: /etc/prometheus/secrets/cluster-certificates/token
tls_config:
ca_file: /etc/prometheus/secrets/cluster-certificates/ca
cert_file: /etc/prometheus/secrets/cluster-certificates/crt
Expand Down Expand Up @@ -838,6 +858,8 @@
- role: endpoints

api_server: https://master.bar:443
authorization:
credentials_file: /etc/prometheus/secrets/cluster-certificates/token
tls_config:
ca_file: /etc/prometheus/secrets/cluster-certificates/ca
cert_file: /etc/prometheus/secrets/cluster-certificates/crt
Expand Down
Loading

0 comments on commit b8050cb

Please sign in to comment.