diff --git a/CHANGELOG.md b/CHANGELOG.md index c95d40f79..aa22cc6cb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Changed + +- Support flux-managed clusters. + ## [4.47.0] - 2023-09-14 ### Changed diff --git a/files/templates/scrapeconfigs/_apiserver.yaml b/files/templates/scrapeconfigs/_apiserver.yaml index 1cd89ad49..fadc8a5c4 100644 --- a/files/templates/scrapeconfigs/_apiserver.yaml +++ b/files/templates/scrapeconfigs/_apiserver.yaml @@ -1,10 +1,15 @@ [[- define "_apiserver" -]] [[- if ne .ClusterType "management_cluster" ]] api_server: https://[[ .APIServerURL ]] +[[- if eq .AuthenticationType "token" ]] + bearer_token_file: /etc/prometheus/secrets/[[ .SecretName ]]/token +[[- end ]] tls_config: ca_file: /etc/prometheus/secrets/[[ .SecretName ]]/ca +[[- if eq .AuthenticationType "certificates" ]] cert_file: /etc/prometheus/secrets/[[ .SecretName ]]/crt key_file: /etc/prometheus/secrets/[[ .SecretName ]]/key +[[- end ]] insecure_skip_verify: false [[- end -]] [[- end -]] diff --git a/files/templates/scrapeconfigs/_tlsconfig.yaml b/files/templates/scrapeconfigs/_tlsconfig.yaml index b02ce770c..0693617fa 100644 --- a/files/templates/scrapeconfigs/_tlsconfig.yaml +++ b/files/templates/scrapeconfigs/_tlsconfig.yaml @@ -1,14 +1,19 @@ [[- define "_tlsconfig" -]] [[- if ne .ClusterType "management_cluster" -]] -tls_config: - ca_file: /etc/prometheus/secrets/[[ .SecretName ]]/ca - cert_file: /etc/prometheus/secrets/[[ .SecretName ]]/crt - key_file: /etc/prometheus/secrets/[[ .SecretName ]]/key - insecure_skip_verify: false -[[- else -]] -bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token -tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - insecure_skip_verify: true + [[- if eq .AuthenticationType "token" ]] + bearer_token_file: /etc/prometheus/secrets/[[ .SecretName ]]/token + [[- end ]] + tls_config: + ca_file: /etc/prometheus/secrets/[[ .SecretName ]]/ca + [[- if eq .AuthenticationType "certificates" ]] + cert_file: /etc/prometheus/secrets/[[ .SecretName ]]/crt + key_file: /etc/prometheus/secrets/[[ .SecretName ]]/key + [[- end ]] + insecure_skip_verify: false +[[- else ]] + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + insecure_skip_verify: true [[- end -]] [[- end -]] diff --git a/files/templates/scrapeconfigs/_tlsconfig_skip.yaml b/files/templates/scrapeconfigs/_tlsconfig_skip.yaml index 0f8165e68..7bafaadc2 100644 --- a/files/templates/scrapeconfigs/_tlsconfig_skip.yaml +++ b/files/templates/scrapeconfigs/_tlsconfig_skip.yaml @@ -1,14 +1,19 @@ [[- define "_tlsconfig_skip" -]] [[- if ne .ClusterType "management_cluster" -]] -tls_config: - ca_file: /etc/prometheus/secrets/[[ .SecretName ]]/ca - cert_file: /etc/prometheus/secrets/[[ .SecretName ]]/crt - key_file: /etc/prometheus/secrets/[[ .SecretName ]]/key - insecure_skip_verify: true -[[- else -]] -bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token -tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - insecure_skip_verify: true + [[- if eq .AuthenticationType "token" ]] + bearer_token_file: /etc/prometheus/secrets/[[ .SecretName ]]/token + [[- end ]] + tls_config: + ca_file: /etc/prometheus/secrets/[[ .SecretName ]]/ca + [[- if eq .AuthenticationType "certificates" ]] + cert_file: /etc/prometheus/secrets/[[ .SecretName ]]/crt + key_file: /etc/prometheus/secrets/[[ .SecretName ]]/key + [[- end ]] + insecure_skip_verify: true +[[- else ]] + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + insecure_skip_verify: true [[- end -]] [[- end -]] diff --git a/files/templates/scrapeconfigs/additional-scrape-configs.template.yaml b/files/templates/scrapeconfigs/additional-scrape-configs.template.yaml index 6c411ce56..04171904a 100644 --- a/files/templates/scrapeconfigs/additional-scrape-configs.template.yaml +++ b/files/templates/scrapeconfigs/additional-scrape-configs.template.yaml @@ -5,7 +5,7 @@ kubernetes_sd_configs: - role: endpoints [[- include "_apiserver" . ]] -[[ include "_tlsconfig_skip" . | indent 2 ]] +[[- include "_tlsconfig_skip" . ]] relabel_configs: - source_labels: [__meta_kubernetes_service_label_component] regex: apiserver @@ -26,7 +26,7 @@ kubernetes_sd_configs: - role: node [[- include "_apiserver" . ]] -[[ include "_tlsconfig" . | indent 2 ]] +[[- include "_tlsconfig" . ]] relabel_configs: - target_label: __address__ replacement: [[ .APIServerURL ]] @@ -56,7 +56,7 @@ names: - giantswarm [[- include "_apiserver" . ]] -[[ include "_tlsconfig_skip" . | indent 2 ]] +[[- include "_tlsconfig_skip" . ]] relabel_configs: - source_labels: [__meta_kubernetes_service_label_app_kubernetes_io_name] regex: falco-exporter @@ -74,7 +74,7 @@ kubernetes_sd_configs: - role: node [[- include "_apiserver" . ]] -[[ include "_tlsconfig_skip" . | indent 2 ]] +[[- include "_tlsconfig_skip" . ]] relabel_configs: - target_label: app replacement: kubelet @@ -104,7 +104,7 @@ kubernetes_sd_configs: - role: node [[- include "_apiserver" . ]] -[[ include "_tlsconfig" . | indent 2 ]] +[[- include "_tlsconfig" . ]] relabel_configs: - source_labels: [__address__] target_label: instance @@ -145,7 +145,7 @@ kubernetes_sd_configs: - role: pod [[- include "_apiserver" . ]] -[[ include "_tlsconfig" . | indent 2 ]] +[[- include "_tlsconfig" . ]] relabel_configs: - source_labels: [__address__] replacement: ${1}:9091 @@ -177,14 +177,8 @@ [[- else ]] - role: node [[- end ]] -[[- if ne .ClusterType "management_cluster" ]] - api_server: https://[[ .APIServerURL ]] - tls_config: - ca_file: /etc/prometheus/secrets/[[ .SecretName ]]/ca - cert_file: /etc/prometheus/secrets/[[ .SecretName ]]/crt - key_file: /etc/prometheus/secrets/[[ .SecretName ]]/key - insecure_skip_verify: false -[[- else ]] +[[- include "_apiserver" . ]] +[[- if eq .ClusterType "management_cluster" ]] bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token [[- end ]] tls_config: @@ -215,20 +209,20 @@ target_label: __address__ replacement: ${1}:2379 action: replace -[[- if eq .ClusterType "management_cluster" ]] + [[- if eq .ClusterType "management_cluster" ]] # if the 'ip' label is present, use the value - source_labels: [__meta_kubernetes_node_label_ip] regex: (.+) target_label: __address__ replacement: ${1}:2379 action: replace -[[- end ]] -[[- if and (eq .ClusterType "workload_cluster") (.WorkloadClusterETCDDomain) ]] + [[- end ]] + [[- if and (eq .ClusterType "workload_cluster") (.WorkloadClusterETCDDomain) ]] - source_labels: [__address__] target_label: __address__ replacement: [[ .WorkloadClusterETCDDomain ]] action: replace -[[- end ]] + [[- end ]] [[- end ]] - target_label: app replacement: etcd @@ -251,7 +245,7 @@ names: - kube-system [[- include "_apiserver" . ]] -[[ include "_tlsconfig_skip" . | indent 2 ]] +[[- include "_tlsconfig_skip" . ]] relabel_configs: - source_labels: [__address__] [[- if or .CAPIManagementCluster (eq .ClusterType "management_cluster") ]] @@ -303,7 +297,7 @@ names: - kube-system [[- include "_apiserver" . ]] -[[ include "_tlsconfig_skip" . | indent 2 ]] +[[- include "_tlsconfig_skip" . ]] relabel_configs: - source_labels: [__address__] [[- if or .CAPIManagementCluster (eq .ClusterType "management_cluster") ]] @@ -354,7 +348,7 @@ names: - kube-system [[- include "_apiserver" . ]] -[[ include "_tlsconfig_skip" . | indent 2 ]] +[[- include "_tlsconfig_skip" . ]] relabel_configs: - source_labels: [__address__] replacement: $1:10249 @@ -388,7 +382,7 @@ names: - kube-system [[- include "_apiserver" . ]] -[[ include "_tlsconfig_skip" . | indent 2 ]] +[[- include "_tlsconfig_skip" . ]] relabel_configs: - source_labels: [__address__] target_label: instance @@ -428,7 +422,7 @@ - kube-system [[- end ]] [[- include "_apiserver" . ]] -[[ include "_tlsconfig_skip" . | indent 2 ]] +[[- include "_tlsconfig_skip" . ]] relabel_configs: - source_labels: [__address__] target_label: instance @@ -456,7 +450,7 @@ kubernetes_sd_configs: - role: pod [[- include "_apiserver" . ]] -[[ include "_tlsconfig_skip" . | indent 2 ]] +[[- include "_tlsconfig_skip" . ]] relabel_configs: - target_label: __address__ replacement: [[ .APIServerURL ]] @@ -487,7 +481,7 @@ kubernetes_sd_configs: - role: endpoints [[- include "_apiserver" . ]] -[[ include "_tlsconfig_skip" . | indent 2 ]] +[[- include "_tlsconfig_skip" . ]] relabel_configs: - source_labels: [__meta_kubernetes_service_annotationpresent_giantswarm_io_monitoring, __meta_kubernetes_service_labelpresent_giantswarm_io_monitoring] regex: .*(true).* @@ -825,7 +819,7 @@ names: - kube-system [[- include "_apiserver" . ]] -[[ include "_tlsconfig" . | indent 2 ]] +[[- include "_tlsconfig" . ]] relabel_configs: - source_labels: [__meta_kubernetes_service_annotationpresent_giantswarm_io_monitoring, __meta_kubernetes_service_labelpresent_giantswarm_io_monitoring] regex: .*(true).* @@ -876,7 +870,7 @@ names: - kube-system [[- include "_apiserver" . ]] -[[ include "_tlsconfig_skip" . | indent 2 ]] +[[- include "_tlsconfig_skip" . ]] relabel_configs: - replacement: http target_label: __scheme__ diff --git a/helm/prometheus-meta-operator/templates/alertmanager/alertmanager-psp.yaml b/helm/prometheus-meta-operator/templates/alertmanager/alertmanager-psp.yaml index 292656403..0ab446594 100644 --- a/helm/prometheus-meta-operator/templates/alertmanager/alertmanager-psp.yaml +++ b/helm/prometheus-meta-operator/templates/alertmanager/alertmanager-psp.yaml @@ -5,6 +5,8 @@ metadata: labels: {{- include "labels.common" . | nindent 4 }} name: alertmanager-psp + annotations: + seccomp.security.alpha.kubernetes.io/allowedProfileNames: runtime/default spec: allowPrivilegeEscalation: false hostNetwork: false diff --git a/service/controller/managementcluster/resource.go b/service/controller/managementcluster/resource.go index c8ce2100c..605909606 100644 --- a/service/controller/managementcluster/resource.go +++ b/service/controller/managementcluster/resource.go @@ -175,6 +175,7 @@ func newResources(config resourcesConfig) ([]resource.Interface, error) { c := prometheus.Config{ Address: config.PrometheusAddress, PrometheusClient: config.PrometheusClient, + K8sClient: config.K8sClient, Logger: config.Logger, Customer: config.Customer, Installation: config.Installation, diff --git a/service/controller/resource/certificates/resource.go b/service/controller/resource/certificates/resource.go index 02d99f616..29cca9700 100644 --- a/service/controller/resource/certificates/resource.go +++ b/service/controller/resource/certificates/resource.go @@ -115,10 +115,14 @@ func (r *Resource) getDesiredObject(ctx context.Context, v interface{}) (*v1.Sec return nil, microerror.Mask(err) } kubeconfigAdminUser := fmt.Sprintf("%s-admin", cluster.GetName()) + kubeconfigFluxCustomerUser := fmt.Sprintf("%s-capi-admin", cluster.GetName()) + secretData["ca"] = capiKubeconfig.Clusters[cluster.GetName()].CertificateAuthorityData if _, ok := capiKubeconfig.AuthInfos[kubeconfigAdminUser]; ok { secretData["crt"] = capiKubeconfig.AuthInfos[kubeconfigAdminUser].ClientCertificateData secretData["key"] = capiKubeconfig.AuthInfos[kubeconfigAdminUser].ClientKeyData + } else if _, ok := capiKubeconfig.AuthInfos[kubeconfigFluxCustomerUser]; ok { + secretData["token"] = []byte(capiKubeconfig.AuthInfos[kubeconfigFluxCustomerUser].Token) } else { return nil, errors.New("no supported user found in the CAPI secret") } diff --git a/service/controller/resource/monitoring/prometheus/resource.go b/service/controller/resource/monitoring/prometheus/resource.go index dbf6630e5..625b21ece 100644 --- a/service/controller/resource/monitoring/prometheus/resource.go +++ b/service/controller/resource/monitoring/prometheus/resource.go @@ -4,6 +4,7 @@ import ( "fmt" "net/url" + "github.com/giantswarm/k8sclient/v7/pkg/k8sclient" "github.com/giantswarm/microerror" "github.com/giantswarm/micrologger" "github.com/google/go-cmp/cmp" @@ -27,6 +28,7 @@ const ( type Config struct { PrometheusClient promclient.Interface + K8sClient k8sclient.Interface Logger micrologger.Logger Address string @@ -262,12 +264,21 @@ func toPrometheus(ctx context.Context, v interface{}, config Config) (metav1.Obj prometheus.Spec.APIServerConfig = &promv1.APIServerConfig{ Host: fmt.Sprintf("https://%s", key.APIUrl(cluster)), TLSConfig: &promv1.TLSConfig{ - CAFile: fmt.Sprintf("/etc/prometheus/secrets/%s/ca", key.APIServerCertificatesSecretName), - CertFile: fmt.Sprintf("/etc/prometheus/secrets/%s/crt", key.APIServerCertificatesSecretName), - KeyFile: fmt.Sprintf("/etc/prometheus/secrets/%s/key", key.APIServerCertificatesSecretName), + CAFile: fmt.Sprintf("/etc/prometheus/secrets/%s/ca", key.APIServerCertificatesSecretName), }, } + authenticationType, err := key.ApiServerAuthenticationType(ctx, config.K8sClient, key.Namespace(cluster)) + if err != nil { + return nil, microerror.Mask(err) + } + if authenticationType == "token" { + prometheus.Spec.APIServerConfig.BearerTokenFile = fmt.Sprintf("/etc/prometheus/secrets/%s/token", key.APIServerCertificatesSecretName) + } else if authenticationType == "certificates" { + prometheus.Spec.APIServerConfig.TLSConfig.CertFile = fmt.Sprintf("/etc/prometheus/secrets/%s/crt", key.APIServerCertificatesSecretName) + prometheus.Spec.APIServerConfig.TLSConfig.KeyFile = fmt.Sprintf("/etc/prometheus/secrets/%s/key", key.APIServerCertificatesSecretName) + } + prometheus.Spec.Secrets = []string{ key.APIServerCertificatesSecretName, } diff --git a/service/controller/resource/monitoring/prometheus/resource_test.go b/service/controller/resource/monitoring/prometheus/resource_test.go index 35ab78921..0e1a01108 100644 --- a/service/controller/resource/monitoring/prometheus/resource_test.go +++ b/service/controller/resource/monitoring/prometheus/resource_test.go @@ -6,7 +6,15 @@ import ( "path/filepath" "testing" + "github.com/giantswarm/k8sclient/v7/pkg/k8sclient" + "github.com/giantswarm/k8sclient/v7/pkg/k8sclient/fake" + "github.com/giantswarm/micrologger" + v1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "github.com/giantswarm/prometheus-meta-operator/v2/pkg/unittest" + "github.com/giantswarm/prometheus-meta-operator/v2/service/key" ) var update = flag.Bool("update", false, "update the ouput file") @@ -17,26 +25,66 @@ func TestPrometheus(t *testing.T) { t.Fatal(err) } - config := Config{ - Address: "http://prometheus/cluster", - Customer: "Giant Swarm", - EvaluationInterval: "60s", - Installation: "test-installation", - Pipeline: "testing", - Provider: "provider", - Region: "onprem", - ImageRepository: "giantswarm/prometheus", - LogLevel: "debug", - Registry: "quay.io", - RetentionDuration: "2w", - ScrapeInterval: "60s", - Version: "v2.28.1", + var logger micrologger.Logger + { + c := micrologger.Config{} + + logger, err = micrologger.New(c) + if err != nil { + t.Fatal(err) + } } c := unittest.Config{ OutputDir: outputDir, T: t, TestFunc: func(v interface{}) (interface{}, error) { + cluster, err := key.ToCluster(v) + if err != nil { + t.Fatal(err) + } + var secret runtime.Object + { + secret = &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "cluster-certificates", + Namespace: key.Namespace(cluster), + }, + Data: map[string][]byte{ + "token": []byte("my-token"), + }, + } + } + + var k8sClient k8sclient.Interface + { + c := k8sclient.ClientsConfig{ + Logger: logger, + SchemeBuilder: k8sclient.SchemeBuilder(v1.SchemeBuilder), + } + k8sClient, err = fake.NewClients(c, secret) + if err != nil { + t.Fatal(err) + } + } + + config := Config{ + Address: "http://prometheus/cluster", + Customer: "Giant Swarm", + EvaluationInterval: "60s", + Installation: "test-installation", + Pipeline: "testing", + K8sClient: k8sClient, + Provider: "provider", + Region: "onprem", + ImageRepository: "giantswarm/prometheus", + LogLevel: "debug", + Registry: "quay.io", + RetentionDuration: "2w", + ScrapeInterval: "60s", + Version: "v2.28.1", + } + return toPrometheus(context.Background(), v, config) }, Update: *update, diff --git a/service/controller/resource/monitoring/prometheus/test/case-1-awsconfig.golden b/service/controller/resource/monitoring/prometheus/test/case-1-awsconfig.golden index b1f1a1784..0bcd35d8e 100644 --- a/service/controller/resource/monitoring/prometheus/test/case-1-awsconfig.golden +++ b/service/controller/resource/monitoring/prometheus/test/case-1-awsconfig.golden @@ -22,13 +22,12 @@ spec: - key: node-role.kubernetes.io/control-plane operator: DoesNotExist apiserverConfig: + bearerTokenFile: /etc/prometheus/secrets/cluster-certificates/token host: https://master.alice:443 tlsConfig: ca: {} caFile: /etc/prometheus/secrets/cluster-certificates/ca cert: {} - certFile: /etc/prometheus/secrets/cluster-certificates/crt - keyFile: /etc/prometheus/secrets/cluster-certificates/key arbitraryFSAccessThroughSMs: {} enableFeatures: - remote-write-receiver diff --git a/service/controller/resource/monitoring/prometheus/test/case-2-azureconfig.golden b/service/controller/resource/monitoring/prometheus/test/case-2-azureconfig.golden index 904431f91..1ef3f9844 100644 --- a/service/controller/resource/monitoring/prometheus/test/case-2-azureconfig.golden +++ b/service/controller/resource/monitoring/prometheus/test/case-2-azureconfig.golden @@ -22,13 +22,12 @@ spec: - key: node-role.kubernetes.io/control-plane operator: DoesNotExist apiserverConfig: + bearerTokenFile: /etc/prometheus/secrets/cluster-certificates/token host: https://master.foo:443 tlsConfig: ca: {} caFile: /etc/prometheus/secrets/cluster-certificates/ca cert: {} - certFile: /etc/prometheus/secrets/cluster-certificates/crt - keyFile: /etc/prometheus/secrets/cluster-certificates/key arbitraryFSAccessThroughSMs: {} enableFeatures: - remote-write-receiver diff --git a/service/controller/resource/monitoring/prometheus/test/case-3-kvmconfig.golden b/service/controller/resource/monitoring/prometheus/test/case-3-kvmconfig.golden index 6cc17746f..de442d78e 100644 --- a/service/controller/resource/monitoring/prometheus/test/case-3-kvmconfig.golden +++ b/service/controller/resource/monitoring/prometheus/test/case-3-kvmconfig.golden @@ -22,13 +22,12 @@ spec: - key: node-role.kubernetes.io/control-plane operator: DoesNotExist apiserverConfig: + bearerTokenFile: /etc/prometheus/secrets/cluster-certificates/token host: https://master.bar:443 tlsConfig: ca: {} caFile: /etc/prometheus/secrets/cluster-certificates/ca cert: {} - certFile: /etc/prometheus/secrets/cluster-certificates/crt - keyFile: /etc/prometheus/secrets/cluster-certificates/key arbitraryFSAccessThroughSMs: {} enableFeatures: - remote-write-receiver diff --git a/service/controller/resource/monitoring/prometheus/test/case-5-cluster-api-v1alpha3.golden b/service/controller/resource/monitoring/prometheus/test/case-5-cluster-api-v1alpha3.golden index bd2b57229..ce9072fb0 100644 --- a/service/controller/resource/monitoring/prometheus/test/case-5-cluster-api-v1alpha3.golden +++ b/service/controller/resource/monitoring/prometheus/test/case-5-cluster-api-v1alpha3.golden @@ -22,13 +22,12 @@ spec: - key: node-role.kubernetes.io/control-plane operator: DoesNotExist apiserverConfig: + bearerTokenFile: /etc/prometheus/secrets/cluster-certificates/token host: https://master.baz:443 tlsConfig: ca: {} caFile: /etc/prometheus/secrets/cluster-certificates/ca cert: {} - certFile: /etc/prometheus/secrets/cluster-certificates/crt - keyFile: /etc/prometheus/secrets/cluster-certificates/key arbitraryFSAccessThroughSMs: {} enableFeatures: - remote-write-receiver diff --git a/service/controller/resource/monitoring/scrapeconfigs/resource.go b/service/controller/resource/monitoring/scrapeconfigs/resource.go index df3cb867d..cdf40c554 100644 --- a/service/controller/resource/monitoring/scrapeconfigs/resource.go +++ b/service/controller/resource/monitoring/scrapeconfigs/resource.go @@ -50,6 +50,7 @@ type Config struct { type TemplateData struct { AdditionalScrapeConfigs string APIServerURL string + AuthenticationType string Bastions []string Provider string ClusterID string @@ -193,9 +194,18 @@ func getTemplateData(ctx context.Context, ctrlClient client.Client, cluster meta return nil, microerror.Mask(err) } + var authenticationType = "" + if !key.IsManagementCluster(config.Installation, cluster) { + authenticationType, err = key.ApiServerAuthenticationType(ctx, config.K8sClient, key.Namespace(cluster)) + if err != nil { + return nil, microerror.Mask(err) + } + } + d := &TemplateData{ AdditionalScrapeConfigs: config.AdditionalScrapeConfigs, APIServerURL: key.APIUrl(cluster), + AuthenticationType: authenticationType, Bastions: config.Bastions, ClusterID: key.ClusterID(cluster), ClusterType: key.ClusterType(config.Installation, cluster), diff --git a/service/controller/resource/monitoring/scrapeconfigs/resource_test.go b/service/controller/resource/monitoring/scrapeconfigs/resource_test.go index cc4b06aa2..f84ce2973 100644 --- a/service/controller/resource/monitoring/scrapeconfigs/resource_test.go +++ b/service/controller/resource/monitoring/scrapeconfigs/resource_test.go @@ -9,6 +9,9 @@ import ( appsv1alpha1 "github.com/giantswarm/apiextensions-application/api/v1alpha1" "github.com/giantswarm/k8sclient/v7/pkg/k8sclient" + fakek8sclient "github.com/giantswarm/k8sclient/v7/pkg/k8sclient/fake" + "github.com/giantswarm/micrologger" + corev1 "k8s.io/api/core/v1" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -18,6 +21,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client/fake" "github.com/giantswarm/prometheus-meta-operator/v2/pkg/unittest" + "github.com/giantswarm/prometheus-meta-operator/v2/service/key" ) var update = flag.Bool("update", false, "update the ouput file") @@ -44,6 +48,17 @@ func (r FakeReader) Read(ctx context.Context, cluster metav1.Object) (string, er } func TestAWSScrapeconfigs(t *testing.T) { + var err error + var logger micrologger.Logger + { + c := micrologger.Config{} + + logger, err = micrologger.New(c) + if err != nil { + t.Fatal(err) + } + } + var testFunc unittest.TestFunc { path := path.Join(unittest.ProjectRoot(), templatePath) @@ -66,15 +81,45 @@ func TestAWSScrapeconfigs(t *testing.T) { Build() } - config := Config{ - TemplatePath: path, - OrganizationReader: FakeReader{}, - Provider: "aws", - Customer: "pmo", - Vault: "vault1.some-installation.test", - Installation: "test-installation", - } testFunc = func(v interface{}) (interface{}, error) { + cluster, err := key.ToCluster(v) + if err != nil { + t.Fatal(err) + } + var secret runtime.Object + { + secret = &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "cluster-certificates", + Namespace: key.Namespace(cluster), + }, + Data: map[string][]byte{ + "token": []byte("token"), + }, + } + } + + var k8sClient k8sclient.Interface + { + c := k8sclient.ClientsConfig{ + Logger: logger, + SchemeBuilder: k8sclient.SchemeBuilder(corev1.SchemeBuilder), + } + k8sClient, err = fakek8sclient.NewClients(c, secret) + if err != nil { + t.Fatal(err) + } + } + + config := Config{ + TemplatePath: path, + OrganizationReader: FakeReader{}, + Provider: "aws", + Customer: "pmo", + K8sClient: k8sClient, + Vault: "vault1.some-installation.test", + Installation: "test-installation", + } return toData(context.Background(), client, v, config) } } @@ -103,6 +148,17 @@ func TestAWSScrapeconfigs(t *testing.T) { } func TestAzureScrapeconfigs(t *testing.T) { + var err error + var logger micrologger.Logger + { + c := micrologger.Config{} + + logger, err = micrologger.New(c) + if err != nil { + t.Fatal(err) + } + } + var testFunc unittest.TestFunc { path := path.Join(unittest.ProjectRoot(), templatePath) @@ -125,15 +181,46 @@ func TestAzureScrapeconfigs(t *testing.T) { Build() } - config := Config{ - TemplatePath: path, - OrganizationReader: FakeReader{}, - Provider: "azure", - Customer: "pmo", - Vault: "vault1.some-installation.test", - Installation: "test-installation", - } testFunc = func(v interface{}) (interface{}, error) { + cluster, err := key.ToCluster(v) + if err != nil { + t.Fatal(err) + } + var secret runtime.Object + { + secret = &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "cluster-certificates", + Namespace: key.Namespace(cluster), + }, + Data: map[string][]byte{ + "crt": []byte("crt"), + "key": []byte("key"), + }, + } + } + + var k8sClient k8sclient.Interface + { + c := k8sclient.ClientsConfig{ + Logger: logger, + SchemeBuilder: k8sclient.SchemeBuilder(corev1.SchemeBuilder), + } + k8sClient, err = fakek8sclient.NewClients(c, secret) + if err != nil { + t.Fatal(err) + } + } + + config := Config{ + TemplatePath: path, + OrganizationReader: FakeReader{}, + Provider: "azure", + Customer: "pmo", + K8sClient: k8sClient, + Vault: "vault1.some-installation.test", + Installation: "test-installation", + } return toData(context.Background(), client, v, config) } } @@ -162,6 +249,17 @@ func TestAzureScrapeconfigs(t *testing.T) { } func TestKVMScrapeconfigs(t *testing.T) { + var err error + var logger micrologger.Logger + { + c := micrologger.Config{} + + logger, err = micrologger.New(c) + if err != nil { + t.Fatal(err) + } + } + var testFunc unittest.TestFunc { path := path.Join(unittest.ProjectRoot(), templatePath) @@ -184,16 +282,47 @@ func TestKVMScrapeconfigs(t *testing.T) { Build() } - config := Config{ - AdditionalScrapeConfigs: additionalScrapeConfigs, - OrganizationReader: FakeReader{}, - TemplatePath: path, - Provider: "kvm", - Customer: "pmo", - Vault: "vault1.some-installation.test", - Installation: "test-installation", - } testFunc = func(v interface{}) (interface{}, error) { + cluster, err := key.ToCluster(v) + if err != nil { + t.Fatal(err) + } + var secret runtime.Object + { + secret = &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "cluster-certificates", + Namespace: key.Namespace(cluster), + }, + Data: map[string][]byte{ + "crt": []byte("crt"), + "key": []byte("key"), + }, + } + } + + var k8sClient k8sclient.Interface + { + c := k8sclient.ClientsConfig{ + Logger: logger, + SchemeBuilder: k8sclient.SchemeBuilder(corev1.SchemeBuilder), + } + k8sClient, err = fakek8sclient.NewClients(c, secret) + if err != nil { + t.Fatal(err) + } + } + + config := Config{ + AdditionalScrapeConfigs: additionalScrapeConfigs, + TemplatePath: path, + OrganizationReader: FakeReader{}, + Provider: "kvm", + Customer: "pmo", + K8sClient: k8sClient, + Vault: "vault1.some-installation.test", + Installation: "test-installation", + } return toData(context.Background(), client, v, config) } } @@ -223,6 +352,15 @@ func TestKVMScrapeconfigs(t *testing.T) { func TestOpenStackScrapeconfigs(t *testing.T) { var err error + var logger micrologger.Logger + { + c := micrologger.Config{} + + logger, err = micrologger.New(c) + if err != nil { + t.Fatal(err) + } + } var apps = []runtime.Object{ &appsv1alpha1.App{ @@ -266,17 +404,47 @@ func TestOpenStackScrapeconfigs(t *testing.T) { var testFunc unittest.TestFunc { path := path.Join(unittest.ProjectRoot(), templatePath) - - config := Config{ - AdditionalScrapeConfigs: additionalScrapeConfigs, - OrganizationReader: FakeReader{}, - TemplatePath: path, - Provider: "openstack", - Customer: "pmo", - Vault: "vault1.some-installation.test", - Installation: "test-installation", - } testFunc = func(v interface{}) (interface{}, error) { + cluster, err := key.ToCluster(v) + if err != nil { + t.Fatal(err) + } + var secret runtime.Object + { + secret = &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "cluster-certificates", + Namespace: key.Namespace(cluster), + }, + Data: map[string][]byte{ + "crt": []byte("crt"), + "key": []byte("key"), + }, + } + } + + var k8sClient k8sclient.Interface + { + c := k8sclient.ClientsConfig{ + Logger: logger, + SchemeBuilder: k8sclient.SchemeBuilder(corev1.SchemeBuilder), + } + k8sClient, err = fakek8sclient.NewClients(c, secret) + if err != nil { + t.Fatal(err) + } + } + + config := Config{ + AdditionalScrapeConfigs: additionalScrapeConfigs, + TemplatePath: path, + OrganizationReader: FakeReader{}, + Provider: "openstack", + Customer: "pmo", + K8sClient: k8sClient, + Vault: "vault1.some-installation.test", + Installation: "test-installation", + } return toData(context.Background(), client, v, config) } } @@ -306,6 +474,15 @@ func TestOpenStackScrapeconfigs(t *testing.T) { func TestGCPScrapeconfigs(t *testing.T) { var err error + var logger micrologger.Logger + { + c := micrologger.Config{} + + logger, err = micrologger.New(c) + if err != nil { + t.Fatal(err) + } + } var apps = []runtime.Object{ &appsv1alpha1.App{ @@ -349,17 +526,47 @@ func TestGCPScrapeconfigs(t *testing.T) { var testFunc unittest.TestFunc { path := path.Join(unittest.ProjectRoot(), templatePath) - - config := Config{ - AdditionalScrapeConfigs: additionalScrapeConfigs, - OrganizationReader: FakeReader{}, - TemplatePath: path, - Provider: "gcp", - Customer: "pmo", - Vault: "vault1.some-installation.test", - Installation: "test-installation", - } testFunc = func(v interface{}) (interface{}, error) { + cluster, err := key.ToCluster(v) + if err != nil { + t.Fatal(err) + } + var secret runtime.Object + { + secret = &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "cluster-certificates", + Namespace: key.Namespace(cluster), + }, + Data: map[string][]byte{ + "crt": []byte("crt"), + "key": []byte("key"), + }, + } + } + + var k8sClient k8sclient.Interface + { + c := k8sclient.ClientsConfig{ + Logger: logger, + SchemeBuilder: k8sclient.SchemeBuilder(corev1.SchemeBuilder), + } + k8sClient, err = fakek8sclient.NewClients(c, secret) + if err != nil { + t.Fatal(err) + } + } + + config := Config{ + AdditionalScrapeConfigs: additionalScrapeConfigs, + TemplatePath: path, + OrganizationReader: FakeReader{}, + Provider: "gcp", + Customer: "pmo", + K8sClient: k8sClient, + Vault: "vault1.some-installation.test", + Installation: "test-installation", + } return toData(context.Background(), client, v, config) } } @@ -389,6 +596,15 @@ func TestGCPScrapeconfigs(t *testing.T) { func TestCAPAScrapeconfigs(t *testing.T) { var err error + var logger micrologger.Logger + { + c := micrologger.Config{} + + logger, err = micrologger.New(c) + if err != nil { + t.Fatal(err) + } + } var apps = []runtime.Object{ &appsv1alpha1.App{ @@ -432,17 +648,47 @@ func TestCAPAScrapeconfigs(t *testing.T) { var testFunc unittest.TestFunc { path := path.Join(unittest.ProjectRoot(), templatePath) - - config := Config{ - AdditionalScrapeConfigs: additionalScrapeConfigs, - OrganizationReader: FakeReader{}, - TemplatePath: path, - Provider: "capa", - Customer: "pmo", - Vault: "vault1.some-installation.test", - Installation: "test-installation", - } testFunc = func(v interface{}) (interface{}, error) { + cluster, err := key.ToCluster(v) + if err != nil { + t.Fatal(err) + } + var secret runtime.Object + { + secret = &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "cluster-certificates", + Namespace: key.Namespace(cluster), + }, + Data: map[string][]byte{ + "crt": []byte("crt"), + "key": []byte("key"), + }, + } + } + + var k8sClient k8sclient.Interface + { + c := k8sclient.ClientsConfig{ + Logger: logger, + SchemeBuilder: k8sclient.SchemeBuilder(corev1.SchemeBuilder), + } + k8sClient, err = fakek8sclient.NewClients(c, secret) + if err != nil { + t.Fatal(err) + } + } + + config := Config{ + AdditionalScrapeConfigs: additionalScrapeConfigs, + TemplatePath: path, + OrganizationReader: FakeReader{}, + Provider: "capa", + Customer: "pmo", + K8sClient: k8sClient, + Vault: "vault1.some-installation.test", + Installation: "test-installation", + } return toData(context.Background(), client, v, config) } } diff --git a/service/controller/resource/monitoring/scrapeconfigs/test/aws/case-1-awsconfig.golden b/service/controller/resource/monitoring/scrapeconfigs/test/aws/case-1-awsconfig.golden index 6366825ab..fc6791242 100644 --- a/service/controller/resource/monitoring/scrapeconfigs/test/aws/case-1-awsconfig.golden +++ b/service/controller/resource/monitoring/scrapeconfigs/test/aws/case-1-awsconfig.golden @@ -4,15 +4,13 @@ kubernetes_sd_configs: - role: endpoints api_server: https://master.alice:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: true relabel_configs: - source_labels: [__meta_kubernetes_service_label_component] @@ -54,15 +52,13 @@ kubernetes_sd_configs: - role: node api_server: https://master.alice:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false relabel_configs: - target_label: __address__ @@ -110,15 +106,13 @@ kubernetes_sd_configs: - role: node api_server: https://master.alice:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: true relabel_configs: - target_label: app @@ -171,15 +165,13 @@ kubernetes_sd_configs: - role: node api_server: https://master.alice:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false relabel_configs: - source_labels: [__address__] @@ -236,15 +228,13 @@ kubernetes_sd_configs: - role: pod api_server: https://master.alice:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false relabel_configs: - source_labels: [__address__] @@ -304,10 +294,9 @@ kubernetes_sd_configs: - role: node api_server: https://master.alice:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca @@ -365,15 +354,13 @@ names: - kube-system api_server: https://master.alice:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: true relabel_configs: - source_labels: [__address__] @@ -450,15 +437,13 @@ names: - kube-system api_server: https://master.alice:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: true relabel_configs: - source_labels: [__address__] @@ -535,15 +520,13 @@ names: - kube-system api_server: https://master.alice:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: true relabel_configs: - source_labels: [__address__] @@ -611,15 +594,13 @@ names: - kube-system api_server: https://master.alice:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: true relabel_configs: - source_labels: [__address__] @@ -689,15 +670,13 @@ names: - kube-system api_server: https://master.alice:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: true relabel_configs: - source_labels: [__address__] @@ -759,15 +738,13 @@ kubernetes_sd_configs: - role: pod api_server: https://master.alice:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: true relabel_configs: - target_label: __address__ @@ -818,15 +795,13 @@ kubernetes_sd_configs: - role: endpoints api_server: https://master.alice:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: true relabel_configs: - source_labels: [__meta_kubernetes_service_annotationpresent_giantswarm_io_monitoring, __meta_kubernetes_service_labelpresent_giantswarm_io_monitoring] diff --git a/service/controller/resource/monitoring/scrapeconfigs/test/aws/case-2-azureconfig.golden b/service/controller/resource/monitoring/scrapeconfigs/test/aws/case-2-azureconfig.golden index ea8eb40f3..764568a55 100644 --- a/service/controller/resource/monitoring/scrapeconfigs/test/aws/case-2-azureconfig.golden +++ b/service/controller/resource/monitoring/scrapeconfigs/test/aws/case-2-azureconfig.golden @@ -4,15 +4,13 @@ kubernetes_sd_configs: - role: endpoints api_server: https://master.foo:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: true relabel_configs: - source_labels: [__meta_kubernetes_service_label_component] @@ -54,15 +52,13 @@ kubernetes_sd_configs: - role: node api_server: https://master.foo:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false relabel_configs: - target_label: __address__ @@ -110,15 +106,13 @@ kubernetes_sd_configs: - role: node api_server: https://master.foo:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: true relabel_configs: - target_label: app @@ -171,15 +165,13 @@ kubernetes_sd_configs: - role: node api_server: https://master.foo:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false relabel_configs: - source_labels: [__address__] @@ -236,15 +228,13 @@ kubernetes_sd_configs: - role: pod api_server: https://master.foo:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false relabel_configs: - source_labels: [__address__] @@ -304,10 +294,9 @@ kubernetes_sd_configs: - role: node api_server: https://master.foo:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca @@ -365,15 +354,13 @@ names: - kube-system api_server: https://master.foo:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: true relabel_configs: - source_labels: [__address__] @@ -441,15 +428,13 @@ names: - kube-system api_server: https://master.foo:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: true relabel_configs: - source_labels: [__address__] @@ -519,15 +504,13 @@ names: - kube-system api_server: https://master.foo:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: true relabel_configs: - source_labels: [__address__] @@ -589,15 +572,13 @@ kubernetes_sd_configs: - role: pod api_server: https://master.foo:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: true relabel_configs: - target_label: __address__ @@ -648,15 +629,13 @@ kubernetes_sd_configs: - role: endpoints api_server: https://master.foo:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: true relabel_configs: - source_labels: [__meta_kubernetes_service_annotationpresent_giantswarm_io_monitoring, __meta_kubernetes_service_labelpresent_giantswarm_io_monitoring] diff --git a/service/controller/resource/monitoring/scrapeconfigs/test/aws/case-3-kvmconfig.golden b/service/controller/resource/monitoring/scrapeconfigs/test/aws/case-3-kvmconfig.golden index dfafebf37..2d40f76c7 100644 --- a/service/controller/resource/monitoring/scrapeconfigs/test/aws/case-3-kvmconfig.golden +++ b/service/controller/resource/monitoring/scrapeconfigs/test/aws/case-3-kvmconfig.golden @@ -4,15 +4,13 @@ kubernetes_sd_configs: - role: endpoints api_server: https://master.bar:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: true relabel_configs: - source_labels: [__meta_kubernetes_service_label_component] @@ -54,15 +52,13 @@ kubernetes_sd_configs: - role: node api_server: https://master.bar:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false relabel_configs: - target_label: __address__ @@ -110,15 +106,13 @@ kubernetes_sd_configs: - role: node api_server: https://master.bar:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: true relabel_configs: - target_label: app @@ -171,15 +165,13 @@ kubernetes_sd_configs: - role: node api_server: https://master.bar:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false relabel_configs: - source_labels: [__address__] @@ -236,15 +228,13 @@ kubernetes_sd_configs: - role: pod api_server: https://master.bar:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false relabel_configs: - source_labels: [__address__] @@ -304,10 +294,9 @@ kubernetes_sd_configs: - role: node api_server: https://master.bar:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca @@ -365,15 +354,13 @@ names: - kube-system api_server: https://master.bar:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: true relabel_configs: - source_labels: [__address__] @@ -450,15 +437,13 @@ names: - kube-system api_server: https://master.bar:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: true relabel_configs: - source_labels: [__address__] @@ -535,15 +520,13 @@ names: - kube-system api_server: https://master.bar:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: true relabel_configs: - source_labels: [__address__] @@ -611,15 +594,13 @@ names: - kube-system api_server: https://master.bar:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: true relabel_configs: - source_labels: [__address__] @@ -689,15 +670,13 @@ names: - kube-system api_server: https://master.bar:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: true relabel_configs: - source_labels: [__address__] @@ -759,15 +738,13 @@ kubernetes_sd_configs: - role: pod api_server: https://master.bar:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: true relabel_configs: - target_label: __address__ @@ -818,15 +795,13 @@ kubernetes_sd_configs: - role: endpoints api_server: https://master.bar:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: true relabel_configs: - source_labels: [__meta_kubernetes_service_annotationpresent_giantswarm_io_monitoring, __meta_kubernetes_service_labelpresent_giantswarm_io_monitoring] diff --git a/service/controller/resource/monitoring/scrapeconfigs/test/aws/case-5-cluster-api-v1alpha3.golden b/service/controller/resource/monitoring/scrapeconfigs/test/aws/case-5-cluster-api-v1alpha3.golden index 19a82eb3e..c193d2cb8 100644 --- a/service/controller/resource/monitoring/scrapeconfigs/test/aws/case-5-cluster-api-v1alpha3.golden +++ b/service/controller/resource/monitoring/scrapeconfigs/test/aws/case-5-cluster-api-v1alpha3.golden @@ -4,15 +4,13 @@ kubernetes_sd_configs: - role: endpoints api_server: https://master.baz:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: true relabel_configs: - source_labels: [__meta_kubernetes_service_label_component] @@ -54,15 +52,13 @@ kubernetes_sd_configs: - role: node api_server: https://master.baz:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false relabel_configs: - target_label: __address__ @@ -110,15 +106,13 @@ kubernetes_sd_configs: - role: node api_server: https://master.baz:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: true relabel_configs: - target_label: app @@ -171,15 +165,13 @@ kubernetes_sd_configs: - role: node api_server: https://master.baz:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false relabel_configs: - source_labels: [__address__] @@ -236,15 +228,13 @@ kubernetes_sd_configs: - role: pod api_server: https://master.baz:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false relabel_configs: - source_labels: [__address__] @@ -304,10 +294,9 @@ kubernetes_sd_configs: - role: node api_server: https://master.baz:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca @@ -365,15 +354,13 @@ names: - kube-system api_server: https://master.baz:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: true relabel_configs: - source_labels: [__address__] @@ -441,15 +428,13 @@ names: - kube-system api_server: https://master.baz:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: true relabel_configs: - source_labels: [__address__] @@ -519,15 +504,13 @@ names: - kube-system api_server: https://master.baz:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: true relabel_configs: - source_labels: [__address__] @@ -589,15 +572,13 @@ kubernetes_sd_configs: - role: pod api_server: https://master.baz:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: true relabel_configs: - target_label: __address__ @@ -648,15 +629,13 @@ kubernetes_sd_configs: - role: endpoints api_server: https://master.baz:443 + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: false + bearer_token_file: /etc/prometheus/secrets/cluster-certificates/token tls_config: ca_file: /etc/prometheus/secrets/cluster-certificates/ca - cert_file: /etc/prometheus/secrets/cluster-certificates/crt - key_file: /etc/prometheus/secrets/cluster-certificates/key insecure_skip_verify: true relabel_configs: - source_labels: [__meta_kubernetes_service_annotationpresent_giantswarm_io_monitoring, __meta_kubernetes_service_labelpresent_giantswarm_io_monitoring] diff --git a/service/controller/resource/resource.go b/service/controller/resource/resource.go index 04121064a..0ce23313b 100644 --- a/service/controller/resource/resource.go +++ b/service/controller/resource/resource.go @@ -242,6 +242,7 @@ func New(config Config) ([]resource.Interface, error) { { c := prometheus.Config{ Address: config.PrometheusAddress, + K8sClient: config.K8sClient, PrometheusClient: config.PrometheusClient, Logger: config.Logger, Customer: config.Customer, diff --git a/service/key/key.go b/service/key/key.go index fd85d18ec..743cbed29 100644 --- a/service/key/key.go +++ b/service/key/key.go @@ -1,9 +1,12 @@ package key import ( + "context" + "errors" "fmt" "math" + "github.com/giantswarm/k8sclient/v7/pkg/k8sclient" "github.com/giantswarm/microerror" v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" @@ -298,3 +301,17 @@ func ClusterType(installation string, obj interface{}) string { return "workload_cluster" } + +func ApiServerAuthenticationType(ctx context.Context, k8sClient k8sclient.Interface, clusterNamespace string) (string, error) { + secret, err := k8sClient.K8sClient().CoreV1().Secrets(clusterNamespace).Get(ctx, APIServerCertificatesSecretName, metav1.GetOptions{}) + if err != nil { + return "", err + } + + if secret.Data["token"] != nil && len(secret.Data["token"]) > 0 { + return "token", nil + } else if (secret.Data["crt"] != nil && len(secret.Data["crt"]) > 0) && (secret.Data["key"] != nil && len(secret.Data["key"]) > 0) { + return "certificates", nil + } + return "", errors.New("no authentication found") +}