8000 [Feature] Add exporter by ajanikow · Pull Request #730 · arangodb/kube-arangodb · GitHub
[go: up one dir, main page]
Skip to content

[Feature] Add exporter #730

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
May 21, 2021
Merged

[Feature] Add exporter #730

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8e5a46d
Add exporter
ajanikow May 21, 2021
546f901
Review
ajanikow May 21, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
8000
Diff view
Diff view
192 changes: 192 additions & 0 deletions exporter.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,192 @@
//
// DISCLAIMER
//
// Copyright 2020 ArangoDB GmbH, Cologne, Germany
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// Copyright holder is ArangoDB GmbH, Cologne, Germany
//
// Author Adam Janikowski
//

package main

import (
"crypto/tls"
"fmt"
"io/ioutil"
"net/http"
"os"
"path"

"github.com/arangodb/go-driver/jwt"
"github.com/arangodb/kube-arangodb/pkg/deployment/pod"
"github.com/arangodb/kube-arangodb/pkg/util/constants"
"github.com/arangodb/kube-arangodb/pkg/util/k8sutil"
"github.com/pkg/errors"
"github.com/rs/zerolog/log"
"github.com/spf13/cobra"
)

var (
cmdLifecycleProbe = &cobra.Command{
Use: "probe",
Run: cmdLifecycleProbeCheck,
}

probeInput struct {
SSL bool
Auth bool
Endpoint string
JWTPath string
}
)

func init() {
f := cmdLifecycleProbe.PersistentFlags()

f.BoolVarP(&probeInput.SSL, "ssl", "", false, "Determines if SSL is enabled")
f.BoolVarP(&probeInput.Auth, "auth", "", false, "Determines if authentication is enabled")
f.StringVarP(&probeInput.Endpoint, "endpoint", "", "/_api/version", "Endpoint (path) to call for lifecycle probe")
f.StringVarP(&probeInput.JWTPath, "jwt", "", k8sutil.ClusterJWTSecretVolumeMountDir, "Path to the JWT tokens")
}

func probeClient() *http.Client {
tr := &http.Transport{}

if probeInput.SSL {
tr.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
}

client := &http.Client{
Transport: tr,
}

return client
}

func probeEndpoint(endpoint string) string {
proto := "http"
if probeInput.SSL {
proto = "https"
}

return fmt.Sprintf("%s://%s:%d%s", proto, "127.0.0.1", k8sutil.ArangoPort, endpoint)
}

func readJWTFile(file string) ([]byte, error) {
p := path.Join(probeInput.JWTPath, file)
log.Info().Str("path", p).Msgf("Try to use file")

f, err := os.Open(p)
if err != nil {
return nil, err
}

defer f.Close()
data, err := ioutil.ReadAll(f)
if err != nil {
return nil, err
}

return data, nil
}

func getJWTToken() ([]byte, error) {
// Try read default one
if token, err := readJWTFile(constants.SecretKeyToken); err == nil {
log.Info().Str("token", constants.SecretKeyToken).Msgf("Using JWT Token")
return token, nil
}

// Try read active one
if token, err := readJWTFile(pod.ActiveJWTKey); err == nil {
log.Info().Str("token", pod.ActiveJWTKey).Msgf("Using JWT Token")
return token, nil
}

if files, err := ioutil.ReadDir(probeInput.JWTPath); err == nil {
for _, file := range files {
if token, err := readJWTFile(file.Name()); err == nil {
log.Info().Str("token", file.Name()).Msgf("Using JWT Token")
return token, nil
}
}
}

return nil, errors.Errorf("Unable to find any token")
}

func addAuthHeader(req *http.Request) error {
if !probeInput.Auth {
return nil
}

token, err := getJWTToken()
if err != nil {
return err
}

header, err := jwt.CreateArangodJwtAuthorizationHeader(string(token), "probe")
if err != nil {
return err
}

req.Header.Add("Authorization", header)
return nil
}

func doRequest() (*http.Response, error) {
client := probeClient()

req, err := http.NewRequest(http.MethodGet, probeEndpoint(probeInput.Endpoint), nil)
if err != nil {
return nil, err
}

if err := addAuthHeader(req); err != nil {
return nil, err
}

return client.Do(req)
}

func cmdLifecycleProbeCheck(cmd *cobra.Command, args []string) {
if err := cmdLifecycleProbeCheckE(); err != nil {
log.Error().Err(err).Msgf("Fatal")
os.Exit(1)
}
}

func cmdLifecycleProbeCheckE() error {
resp, err := doRequest()
if err != nil {
return err
}

if resp.StatusCode != http.StatusOK {
if resp.Body != nil {
defer resp.Body.Close()
if data, err := ioutil.ReadAll(resp.Body); err == nil {
return errors.Errorf("Unexpected code: %d - %s", resp.StatusCode, string(data))
}
}

return errors.Errorf("Unexpected code: %d", resp.StatusCode)
}

log.Info().Msgf("Check passed")

return nil
}
39 changes: 39 additions & 0 deletions pkg/deployment/features/metrics.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
//
// DISCLAIMER
//
// Copyright 2020 ArangoDB GmbH, Cologne, Germany
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// Copyright holder is ArangoDB GmbH, Cologne, Germany
//
// Author Adam Janikowski
//

package features

func init() {
registerFeature(jwtRotation)
}

var jwtRotation = &feature{
name: "jwt-rotation",
description: "JWT Token rotation in runtime",
version: "3.7.0",
enterpriseRequired: true,
enabledByDefault: true,
}

func JWTRotation() Feature {
return jwtRotation
}
98 changes: 98 additions & 0 deletions pkg/deployment/resources/internal_exporter.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,98 @@
//
// Copyright 2020 ArangoDB GmbH, Cologne, Germany
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// Copyright holder is ArangoDB GmbH, Cologne, Germany
//
// Author Tomasz Mielech <tomasz@arangodb.com>
//

package resources

import (
"path/filepath"

api "github.com/arangodb/kube-arangodb/pkg/apis/deployment/v1"
"github.com/arangodb/kube-arangodb/pkg/util/k8sutil/probes"

"github.com/arangodb/kube-arangodb/pkg/util/constants"
"github.com/arangodb/kube-arangodb/pkg/util/k8sutil"
v1 "k8s.io/api/core/v1"
)

// ArangodbExporterContainer creates metrics container
func ArangodbExporterContainer(image string, args []string, livenessProbe *probes.HTTPProbeConfig,
resources v1.ResourceRequirements, securityContext *v1.SecurityContext,
spec api.DeploymentSpec) v1.Container {

c := v1.Container{
Name: k8sutil.ExporterContainerName,
Image: image,
Command: append([]string{"/app/arangodb-exporter"}, args...),
Ports: []v1.ContainerPort{
{
Name: "exporter",
ContainerPort: int32(spec.Metrics.GetPort()),
Protocol: v1.ProtocolTCP,
},
},
Resources: k8sutil.ExtractPodResourceRequirement(resources),
ImagePullPolicy: v1.PullIfNotPresent,
SecurityContext: securityContext,
}

if livenessProbe != nil {
c.LivenessProbe = livenessProbe.Create()
}

return c
}

func createExporterArgs(spec api.DeploymentSpec, groupSpec api.ServerGroupSpec) []string {
tokenpath := filepath.Join(k8sutil.ExporterJWTVolumeMountDir, constants.SecretKeyToken)
options := k8sutil.CreateOptionPairs(64)

options.Add("--arangodb.jwt-file", tokenpath)

if port := groupSpec.InternalPort; port == nil {
scheme := "http"
if spec.IsSecure() {
scheme = "https"
}
options.Addf("--arangodb.endpoint", "%s://localhost:%d", scheme, k8sutil.ArangoPort)
} else {
options.Addf("--arangodb.endpoint", "http://localhost:%d", *port)
}

keyPath := filepath.Join(k8sutil.TLSKeyfileVolumeMountDir, constants.SecretTLSKeyfile)
if spec.IsSecure() && spec.Metrics.IsTLS() {
options.Add("--ssl.keyfile", keyPath)
}

if port := spec.Metrics.GetPort(); port != k8sutil.ArangoExporterPort {
options.Addf("--server.address", ":%d", port)
}

return options.Sort().AsArgs()
}

func createExporterLivenessProbe(isSecure bool) *probes.HTTPProbeConfig {
probeCfg := &probes.HTTPProbeConfig{
LocalPath: "/",
Port: k8sutil.ArangoExporterPort,
Secure: isSecure,
}

return probeCfg
}
48 changes: 48 additions & 0 deletions pkg/exporter/exporter.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
//
// DISCLAIMER
//
// Copyright 2018 ArangoDB GmbH, Cologne, Germany
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// Copyright holder is ArangoDB GmbH, Cologne, Germany
//
// Author Adam Janikowski
//

package exporter

import (
"fmt"
"net/http"
)

type Authentication func() (string, error)

// CreateArangodJwtAuthorizationHeader calculates a JWT authorization header, for authorization
// of a request to an arangod server, based on the given secret.
// If the secret is empty, nothing is done.
func CreateArangodJwtAuthorizationHeader(jwt string) (string, error) {
return "bearer " + jwt, nil
}

func NewExporter(endpoint string, port int, url string, handler http.Handler) http.Server {
s := http.NewServeMux()

s.Handle(url, handler)

return http.Server{
Addr: fmt.Sprintf("%s:%d", endpoint, port),
Handler: s,
}
}
1 change: 1 addition & 0 deletions pkg/exporter/passthru.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
package exporter
1 change: 1 addition & 0 deletions pkg/util/http/server.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
package http
0