operator

README

Operator

See the binary documentation for deployment instructions.

Testing

The operator has an end-to-end test suite to run functional tests against a real Kubernetes cluster.

To run the tests a kubeconfig pointing to a GKE cluster is required. This is generally already taken care of while setting up a GKE cluster (instructions). Use kubectl config {current,set}-context to verify or change which cluster the tests will execute against.

The tests require that the CRD definition and ClusterRole gpe-system:collector already exist in the cluster. (They are part of deploying the operator itself, we make this manual for tests to not unknowingly deploy resources with cluster-wide effects.) All other resources are created and cleaned up by the test suite. To setup the resources:

kubectl apply -f ../../cmd/operator/deploy/operator/crds.yaml
kubectl apply -f ../../cmd/operator/deploy/operator/clusterrole.yaml
kubectl apply -f ../../cmd/operator/deploy/operator/priority_class.yaml

The tests verify the metric data written into GCM, for which information about the GKE cluster must be provided. Execute the tests with:

go test ./e2e/ \
    --project-id=$PROJECT_ID --cluster=$CLUSTER_NAME

Code Generation

To update generated code when changes to Custom Resource Definitions are made run:

hack/update-codegen.sh

Documentation

Index

• Constants
• func CreateSignedKeyPair(ctx context.Context, client kubernetes.Interface, fqdn string) ([]byte, []byte, error)
• func UpsertValidatingWebhookConfig(ctx context.Context, api v1.ValidatingWebhookConfigurationInterface, ...) (*arv1.ValidatingWebhookConfiguration, error)
• func ValidatingWebhookConfig(name, namespace string, caBundle []byte, endpoints []string, ...) *arv1.ValidatingWebhookConfiguration
• type AdmissionServer
  • func NewAdmissionServer(logger log.Logger) *AdmissionServer
• type CRDStatusState
  • func NewCRDStatusState(now func() metav1.Time) *CRDStatusState
  • func (c *CRDStatusState) PodMonitorings() []monitoringv1alpha1.PodMonitoring
  • func (c *CRDStatusState) Reset()
  • func (c *CRDStatusState) SetPodMonitoringCondition(pm *monitoringv1alpha1.PodMonitoring, ...) error
• type Operator
  • func New(logger log.Logger, clientConfig *rest.Config, registry prometheus.Registerer, ...) (*Operator, error)
  • func (o *Operator) InitAdmissionResources(ctx context.Context, ors ...metav1.OwnerReference) (*http.Server, error)
  • func (o *Operator) Run(ctx context.Context) error
• type Options

Constants

const (
	// DefaultOperatorNamespace is the namespace in which all resources owned by the operator are installed.
	DefaultOperatorNamespace = "gpe-system"

	// Fixed names used in various resources managed by the operator.
	NameOperator = "gpe-operator"

	// The official images to be used with this version of the operator. For debugging
	// and emergency use cases they may be overwritten through options.
	// TODO(freinartz): start setting official versioned images once we start releases.
	ImageCollector      = "gcr.io/gke-release-staging/prometheus-engine/prometheus:v2.26.1-gpe.2-gke.0"
	ImageConfigReloader = "gcr.io/gke-release-staging/prometheus-engine/gpe-config-reloader:v0.0.0.gke.0"
)

const (
	// CollectorName is the base name of the collector used across various resources. Must match with
	// the static resources installed during the operator's base setup.
	CollectorName = "collector"

	// The well-known app name label.
	LabelAppName = "app.kubernetes.io/name"
)

Various constants generating resources.

Functions

func CreateSignedKeyPair

func CreateSignedKeyPair(ctx context.Context, client kubernetes.Interface, fqdn string) ([]byte, []byte, error)

CreateSignedKeyPair provisions and returns a kube-apiserver-signed certificate, PEM-encoded private RSA key, and any encountered errors.

func UpsertValidatingWebhookConfig

func UpsertValidatingWebhookConfig(ctx context.Context, api v1.ValidatingWebhookConfigurationInterface, in *arv1.ValidatingWebhookConfiguration) (*arv1.ValidatingWebhookConfiguration, error)

UpsertValidatingWebhookConfig attempts to create or update a validatingwebhookconfiguration resource if one exists.

func ValidatingWebhookConfig

func ValidatingWebhookConfig(name, namespace string, caBundle []byte, endpoints []string, ors ...metav1.OwnerReference) *arv1.ValidatingWebhookConfiguration

ValidatingWebhookConfig returns a config for a webhook that listens for CREATE and UPDATE on GPE resources. The resource kind is pulled from the basename of any given endpoint, and must be the plural, e.g. `/validate/podmonitorings`. The default policy for any failed resource admission is to Ignore.

Types

type AdmissionServer

type AdmissionServer struct {
	// contains filtered or unexported fields
}

AdmissionServer serves Kubernetes resource admission requests.

func NewAdmissionServer

func NewAdmissionServer(logger log.Logger) *AdmissionServer

NewAdmissionServer returns a new AdmissionServer with the provided logger.

type CRDStatusState

type CRDStatusState struct {
	// contains filtered or unexported fields
}

CRDStatusState maintains state of the statuses of CRDs the operator manages.

func NewCRDStatusState

func NewCRDStatusState(now func() metav1.Time) *CRDStatusState

NewCRDStatusState returns a CRDStatusState instance with the specified conditions length enforcement.

func (*CRDStatusState) PodMonitorings

func (c *CRDStatusState) PodMonitorings() []monitoringv1alpha1.PodMonitoring

PodMonitorings only returns podmonitoring resources where a status update was significant.

func (*CRDStatusState) Reset

func (c *CRDStatusState) Reset()

Reset clears all state.

func (*CRDStatusState) SetPodMonitoringCondition

func (c *CRDStatusState) SetPodMonitoringCondition(pm *monitoringv1alpha1.PodMonitoring, cond *monitoringv1alpha1.MonitoringCondition) error

SetPodMonitoringCondition adds the provided PodMonitoring resource to the managed state along with the provided condition iff the resource generation has changed or there is a status condition state transition.

type Operator

type Operator struct {
	// contains filtered or unexported fields
}

Operator to implement managed collection for Google Prometheus Engine.

func New

func New(logger log.Logger, clientConfig *rest.Config, registry prometheus.Registerer, opts Options) (*Operator, error)

New instantiates a new Operator.

func (*Operator) InitAdmissionResources

func (o *Operator) InitAdmissionResources(ctx context.Context, ors ...metav1.OwnerReference) (*http.Server, error)

InitAdmissionResources sets state for the operator before monitoring for resources. It returns a web server for handling Kubernetes admission controller webhooks.

func (*Operator) Run

func (o *Operator) Run(ctx context.Context) error

Run the reconciliation loop of the operator.

type Options

type Options struct {
	// ID of the project of the cluster.
	ProjectID string
	// Name of the cluster the operator acts on.
	Cluster string
	// Namespace to which the operator deploys any associated resources.
	OperatorNamespace string
	// Listening port of the collector. Configurable to allow multiple
	// simultanious collector deployments for testing purposes while each
	// collector runs on the host network.
	CollectorPort int32
	// Image for the Prometheus collector container.
	ImageCollector string
	// Image for the Prometheus config reloader.
	ImageConfigReloader string
	// Priority class for the collector pods.
	PriorityClass string
	// Endpoint of the Cloud Monitoring API to be used by all collectors.
	CloudMonitoringEndpoint string
	// Self-sign or solicit kube-apiserver as CA to sign TLS certificate.
	CASelfSign bool
	// Webhook serving address.
	ListenAddr string
}

Options for the Operator.