From 33454ebfce115727798a5612d52df283d61634ff Mon Sep 17 00:00:00 2001 From: Thomas Way Date: Tue, 30 Jul 2024 17:14:03 +0100 Subject: [PATCH] feat(k8s/amour/default): monitor kube-apiserver --- .../external-dns/endpoint/BUILD.bazel | 15 +++++++ k8s/amour/BUILD.bazel | 1 + k8s/amour/default/BUILD.bazel | 13 ++++++ k8s/amour/default/list.cue | 22 ++++++++++ k8s/amour/default/namespace_list.cue | 14 +++++++ k8s/amour/default/vm_service_scrape_list.cue | 35 ++++++++++++++++ k8s/amour/kube_system/service_list.cue | 40 +++++++++++++++++++ k8s/amour/list.cue | 2 + 8 files changed, 142 insertions(+) create mode 100644 cue.mod/gen/sigs.k8s.io/external-dns/endpoint/BUILD.bazel create mode 100644 k8s/amour/default/BUILD.bazel create mode 100644 k8s/amour/default/list.cue create mode 100644 k8s/amour/default/namespace_list.cue create mode 100644 k8s/amour/default/vm_service_scrape_list.cue create mode 100644 k8s/amour/kube_system/service_list.cue diff --git a/cue.mod/gen/sigs.k8s.io/external-dns/endpoint/BUILD.bazel b/cue.mod/gen/sigs.k8s.io/external-dns/endpoint/BUILD.bazel new file mode 100644 index 000000000..3a4e861c0 --- /dev/null +++ b/cue.mod/gen/sigs.k8s.io/external-dns/endpoint/BUILD.bazel @@ -0,0 +1,15 @@ +load("@com_github_tnarg_rules_cue//cue:cue.bzl", "cue_library") + +cue_library( + name = "cue_endpoint_library", + srcs = [ + "crypto_go_gen.cue", + "domain_filter_go_gen.cue", + "endpoint_go_gen.cue", + "labels_go_gen.cue", + "target_filter_go_gen.cue", + ], + importpath = "sigs.k8s.io/external-dns/endpoint", + visibility = ["//visibility:public"], + deps = ["//cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1:cue_v1_library"], +) diff --git a/k8s/amour/BUILD.bazel b/k8s/amour/BUILD.bazel index a9440a806..48011952c 100644 --- a/k8s/amour/BUILD.bazel +++ b/k8s/amour/BUILD.bazel @@ -27,6 +27,7 @@ cue_export( "//k8s/amour/cert_manager_csi_driver:cue_cert_manager_csi_driver_library", "//k8s/amour/cilium:cue_cilium_library", "//k8s/amour/dcgm_exporter:cue_dcgm_exporter_library", + "//k8s/amour/default:cue_default_library", "//k8s/amour/emqx:cue_emqx_library", "//k8s/amour/emqx_exporter:cue_emqx_exporter_library", "//k8s/amour/external_dns:cue_external_dns_library", diff --git a/k8s/amour/default/BUILD.bazel b/k8s/amour/default/BUILD.bazel new file mode 100644 index 000000000..361a7d20a --- /dev/null +++ b/k8s/amour/default/BUILD.bazel @@ -0,0 +1,13 @@ +load("@com_github_tnarg_rules_cue//cue:cue.bzl", "cue_library") + +cue_library( + name = "cue_default_library", + srcs = [ + "list.cue", + "namespace_list.cue", + "vm_service_scrape_list.cue", + ], + importpath = "github.com/uhthomas/automata/k8s/amour/default", + visibility = ["//visibility:public"], + deps = ["//cue.mod/gen/k8s.io/api/core/v1:cue_v1_library"], +) diff --git a/k8s/amour/default/list.cue b/k8s/amour/default/list.cue new file mode 100644 index 000000000..1ecebb955 --- /dev/null +++ b/k8s/amour/default/list.cue @@ -0,0 +1,22 @@ +package default + +import ( + "list" + + "k8s.io/api/core/v1" +) + +#Namespace: "default" + +#List: v1.#List & { + apiVersion: "v1" + kind: "List" + items: [...{metadata: namespace: #Namespace}] +} + +#List: items: list.Concat(_items) + +_items: [ + #NamespaceList.items, + #VMServiceScrapeList.items, +] diff --git a/k8s/amour/default/namespace_list.cue b/k8s/amour/default/namespace_list.cue new file mode 100644 index 000000000..d6d415b38 --- /dev/null +++ b/k8s/amour/default/namespace_list.cue @@ -0,0 +1,14 @@ +package default + +import "k8s.io/api/core/v1" + +#NamespaceList: v1.#NamespaceList & { + apiVersion: "v1" + kind: "NamespaceList" + items: [...{ + apiVersion: "v1" + kind: "Namespace" + }] +} + +#NamespaceList: items: [{metadata: name: #Namespace}] diff --git a/k8s/amour/default/vm_service_scrape_list.cue b/k8s/amour/default/vm_service_scrape_list.cue new file mode 100644 index 000000000..5d4ef6062 --- /dev/null +++ b/k8s/amour/default/vm_service_scrape_list.cue @@ -0,0 +1,35 @@ +package default + +import "k8s.io/api/core/v1" + +// TODO: Use generated types. +// +// https://github.com/cue-lang/cue/issues/2466 +#VMServiceScrapeList: v1.#List & { + apiVersion: "operator.victoriametrics.com/v1beta1" + kind: "VMServiceScrapeList" + items: [...{ + apiVersion: "operator.victoriametrics.com/v1beta1" + kind: "VMServiceScrape" + }] +} + +#VMServiceScrapeList: items: [{ + metadata: name: "kube-api-server" + spec: { + jobLabel: "component" + endpoints: [{ + port: "https" + scheme: "https" + tlsConfig: { + caFile: "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" + serverName: "kubernetes" + } + bearerTokenFile: "/var/run/secrets/kubernetes.io/serviceaccount/token" + }] + selector: matchLabels: { + component: "apiserver" + provider: "kubernetes" + } + } +}] diff --git a/k8s/amour/kube_system/service_list.cue b/k8s/amour/kube_system/service_list.cue new file mode 100644 index 000000000..77d1aa940 --- /dev/null +++ b/k8s/amour/kube_system/service_list.cue @@ -0,0 +1,40 @@ +package kube_system + +import "k8s.io/api/core/v1" + +#ServiceList: v1.#ServiceList & { + apiVersion: "v1" + kind: "ServiceList" + items: [...{ + apiVersion: "v1" + kind: "Service" + }] +} + +#ServiceList: items: [{ + metadata: { + name: "kube-controller-manager" + labels: "app.kubernetes.io/name": name + } + spec: { + ports: [{ + name: "metrics" + port: 10257 + }] + selector: "k8s-app": "kube-controller-manager" + clusterIP: v1.#ClusterIPNone + } +}, { + metadata: { + name: "kube-scheduler" + labels: "app.kubernetes.io/name": name + } + spec: { + ports: [{ + name: "metrics" + port: 10259 + }] + selector: "k8s-app": "kube-scheduler" + clusterIP: v1.#ClusterIPNone + } +}] diff --git a/k8s/amour/list.cue b/k8s/amour/list.cue index 127d18932..b465fa322 100644 --- a/k8s/amour/list.cue +++ b/k8s/amour/list.cue @@ -7,6 +7,7 @@ import ( "github.com/uhthomas/automata/k8s/amour/cert_manager" "github.com/uhthomas/automata/k8s/amour/cilium" "github.com/uhthomas/automata/k8s/amour/dcgm_exporter" + "github.com/uhthomas/automata/k8s/amour/default" "github.com/uhthomas/automata/k8s/amour/emqx" "github.com/uhthomas/automata/k8s/amour/emqx_exporter" "github.com/uhthomas/automata/k8s/amour/external_dns" @@ -75,6 +76,7 @@ _items: [ cert_manager.#List.items, cilium.#List.items, dcgm_exporter.#List.items, + default.#List.items, emqx.#List.items, emqx_exporter.#List.items, external_dns.#List.items,