README
¶
sensu-operator
Sensu Operator is a open-source project based on Sensu Go using operator-sdk framework. It exposes Sensu API in Kubernetes as K8S objects, like sensuBackend or sensuCheck.
In these implementation it uses 2 credentials:
- default admin user: only used with sensuBackend object;
- operator-user: used for all objects to access Sensu Backend API.
NOTE: This sensu-operator only works with sensu backend with ssl enabled.
Operational Modes
There are 2 operational modes weather you want to run the sensu backend on the same kubernetes cluster or just use the remote backend which is already running. If you choose to run the dedicated sensu backend on the cluster order sensu-operator to create your own.
Owner's Sensu Backend API
By default, sensu-operator running inside Kubernetes creates it own Sensu Backend Deployment and keeps polling it. It also checks if sensu backend api always running and responsive, if not, it will kill and recreate.
Remote Sensu Backend API
Using sensu-operator user, it access a remote Sensu Backend API to create all objects from Kubernetes.
If you want to deploy Sensu Backend separetely, look into these 2 repositories as starting point:
Environment variables
SENSU_BACKEND_CLUSTER_ADMIN_USERNAME: default value "admin". Only used in sensuBackend object.
SENSU_BACKEND_CLUSTER_ADMIN_PASSWORD: default value "P@ssw0rd!2GO". Only used in sensuBackend object.
OPERATOR_SENSU_USER: default value "sensu-operator". All Kubernetes objects.
OPERATOR_SENSU_PASSWORD: default value "P@ssw0rd!2GO". All Kubernetes objects.
Custom Resource Definition
| NAME | SHORTNAMES | APIGROUP | NAMESPACED | KIND | Example |
|---|---|---|---|---|---|
| sensuagents | sensu.k8s.sensu.io | true | SensuAgent | agent | |
| sensuassets | sensu.k8s.sensu.io | true | SensuAsset | asset | |
| sensubackends | sensu.k8s.sensu.io | true | SensuBackend | backend | |
| sensuchecks | sensu.k8s.sensu.io | true | SensuCheck | check | |
| sensufilters | sensu.k8s.sensu.io | true | SensuFilter | filter | |
| sensuhandlers | sensu.k8s.sensu.io | true | SensuHandler | handler | |
| sensumutators | sensu.k8s.sensu.io | true | SensuMutator | mutator | |
| sensunamespaces | sensu.k8s.sensu.io | true | SensuNamespace | namespace |
Development
More information in operator guide.
Scripts: run.sh (regenerate crds and k8s apis, deploy all CRDs and run operator locally using kubectl configuration) and remove.sh (removes everything).
Order:
- Install operator-sdk and golang.
- Generate all secrets using bellow instructions.
- You must have kubectl and kubectx (or commented out kubectx lines)
- Execute:
bash run.sh
After any code changes execute again bash run.sh.
Build and run
Install operator-sdk and run:
operator-sdk build repository/sensu-operator:version
Push it to your docker repository:
docker push repository/sensu-operator:version
Modify operator.yaml to use your own image.
Deployment
Create Sensu Certificates using cfssl
More information in Sensu Secure.
cd sensu-certs/
cfssl gencert -initca sensu-ca.json | cfssljson -bare ca
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=sensu-ca.json -profile=server sensu-backend.json | cfssljson -bare sensu-backend
Create secrets from Certificates
kubectl create secret generic sensu-backend-pem --from-file=sensu-backend.pem=sensu-backend.pem \
--from-file=sensu-backend-key.pem=sensu-backend-key.pem -n sensu --dry-run -o yaml > ../sensu-backend-secrets.yaml
kubectl create secret generic sensu-ca-pem --from-file=sensu-ca.pem=ca.pem -n sensu \
--dry-run -o yaml > ../sensu-ca-secrets.yaml
Create secret to keep admin and operator passwords
kubectl create secret generic sensu-operator --from-literal=adminpassword='P@ssw0rd!2GO' \
--from-literal=operatorpassword='P@ssw0rd!2GO' \
-n sensu --dry-run -o yaml > sensuoperator-secret.yaml
To Deploy it in Kubernetes
Deploy all CRD's
kubectl apply -f deploy/crds/sensu.k8s.sensu.io_sensuagents_crd.yaml
kubectl apply -f deploy/crds/sensu.k8s.sensu.io_sensuassets_crd.yaml
kubectl apply -f deploy/crds/sensu.k8s.sensu.io_sensubackends_crd.yaml
kubectl apply -f deploy/crds/sensu.k8s.sensu.io_sensuchecks_crd.yaml
kubectl apply -f deploy/crds/sensu.k8s.sensu.io_sensufilters_crd.yaml
kubectl apply -f deploy/crds/sensu.k8s.sensu.io_sensuhandlers_crd.yaml
kubectl apply -f deploy/crds/sensu.k8s.sensu.io_sensumutators_crd.yaml
kubectl apply -f deploy/crds/sensu.k8s.sensu.io_sensunamespaces_crd.yaml
Deploy Operator
kubectl create -f k8s-namespace.yaml
kubectl create -f deploy/service_account.yaml -n sensu
kubectl create -f deploy/role.yaml -n sensu
kubectl create -f deploy/role_binding.yaml -n sensu
kubectl create -f deploy/operator.yaml -n sensu
Contributing
Any help are welcome!
Directories
¶
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
pkg
|
|
|
apis/sensu
Package sensu contains sensu API versions.
|
Package sensu contains sensu API versions. |
|
apis/sensu/v1alpha1
Package v1alpha1 contains API Schema definitions for the sensu v1alpha1 API group +k8s:deepcopy-gen=package,register +groupName=sensu.k8s.sensu.io Package v1alpha1 contains API Schema definitions for the sensu v1alpha1 API group +k8s:deepcopy-gen=package,register +groupName=sensu.k8s.sensu.io
|
Package v1alpha1 contains API Schema definitions for the sensu v1alpha1 API group +k8s:deepcopy-gen=package,register +groupName=sensu.k8s.sensu.io Package v1alpha1 contains API Schema definitions for the sensu v1alpha1 API group +k8s:deepcopy-gen=package,register +groupName=sensu.k8s.sensu.io |