feat: support a single namespace deployment

Signed-off-by: Ricky Moorhouse <[email protected]>

Author: rickymoorhouse

deployment/config.yaml

@@ -7,6 +7,7 @@ logging:
 nets:
   apiconnect:
     enabled: true
+    namespace: apic-namespace
   analytics:
     enabled: true
     namespace: analytics-namespace
@@ -27,4 +28,4 @@ nets:
   manager:
     enabled: true
     process_org_metrics: false
-    namespace: manager-apic
+    namespace: manager-namespace

deployment/deployment.yaml

@@ -22,15 +22,15 @@ spec:
         - env:
           - name: MGMT_CREDS
             value: /app/management
+          - name: DP_CREDS
+            value: /app/datapower
           - name: ANALYTICS_CERTS
             value: /app/analytics
           - name: SECURE
             value: 'true'
           - name: CERT_PATH
             value: /app/certs
-          - name: CONFIG_PATH
-            value: /app/config/config.yaml
-          image: $IMAGE
+          image: ghcr.io/ibm/apiconnect-trawler/trawler:main
           imagePullPolicy: Always
           name: trawler
           ports:
@@ -49,10 +49,10 @@ spec:
             readOnlyRootFilesystem: true
             runAsNonRoot: true
           volumeMounts:
-            - mountPath: /app/config
+            - mountPath: /config
               name: trawler-config
             - mountPath: /app/management
-              name: trawler-creds
+              name: mgmt-creds
             - mountPath: /app/datapower
               name: datapower-creds              
 # Update the following for your analytics deployment (replace analytics with your subsystem name)
@@ -71,7 +71,7 @@ spec:
             name: trawler-config
             optional: true
           name: trawler-config
-        - name: trawler-creds
+        - name: mgmt-creds
           secret:
             optional: true
             secretName: trawler-mgmt-creds

deployment/kustomization.yaml

@@ -8,12 +8,15 @@ resources:
 - certificate.yaml
 - deployment.yaml
 - serviceaccount.yaml
-- clusterrole.yaml
-- clusterrolebinding.yaml
 - networkpolicy_trawler-a7s.yaml
 - networkpolicy_trawler.yaml
 - secret-mgmt.yaml
 - secret-dp.yaml
+# Uncomment cluster role and comment out role if you want to give cluster wide permissions
+- clusterrole.yaml
+- clusterrolebinding.yaml
+# - role.yaml
+# - rolebinding.yaml
 #  Uncomment the following if you are using prometheus-operator
 # - service.yaml
 # - servicemonitor.yaml

deployment/role.yaml

@@ -0,0 +1,28 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: trawler
+rules:
+  - apiGroups:
+      - ''
+    resources:
+      - pods
+      - services
+      - secrets
+    verbs:
+      - get
+      - list
+  - apiGroups:
+      - management.apiconnect.ibm.com
+      - portal.apiconnect.ibm.com
+      - gateway.apiconnect.ibm.com
+      - analytics.apiconnect.ibm.com
+    resources:
+      - managementclusters
+      - analyticsclusters
+      - portalclusters
+      - gatewayclusters
+    verbs:
+      - get
+      - list

deployment/rolebinding.yaml

@@ -0,0 +1,11 @@
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: trawler
+subjects:
+- kind: ServiceAccount
+  name: trawler
+roleRef:
+  kind: Role
+  name: trawler
+  apiGroup: rbac.authorization.k8s.io

nets/analytics/analytics.go

@@ -1,7 +1,6 @@
 package analytics
 
 import (
-	"context"
 	"encoding/json"
 	"fmt"
 	"nets"
@@ -12,8 +11,6 @@ import (
 	"github.com/IBM/alchemy-logging/src/go/alog"
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/prometheus/client_golang/prometheus/promauto"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/client-go/dynamic"
 )
 
@@ -26,6 +23,7 @@ type AnalyticsNetConfig struct {
 	Enabled   bool   `yaml:"enabled"`
 	Frequency int    `yaml:"frequency"`
 	Host      string `yaml:"host"`
+	Namespace string `yaml:"namespace"`
 }
 
 type ClusterHealth struct {
@@ -204,17 +202,8 @@ func (a *Analytics) ingestionStats(analytics_url string, analyticsName string, a
 }
 
 func (a *Analytics) findAnalytics(dynamicClient dynamic.DynamicClient) error {
-	a7s_gvr := schema.GroupVersionResource{
-		Group:    "analytics.apiconnect.ibm.com",
-		Version:  "v1beta1",
-		Resource: "analyticsclusters",
-	}
+	a7ss := nets.GetCustomResourceList("analytics.apiconnect.ibm.com", "v1beta1", "analyticsclusters", a.Config.Namespace)
 
-	a7ss, err := dynamicClient.Resource(a7s_gvr).List(context.Background(), v1.ListOptions{})
-	if err != nil {
-		log.Log(alog.ERROR, "error getting analyticscluster: %v\n", err)
-		return err
-	}
 	for _, a7s := range a7ss.Items {
 		analyticsName := a7s.Object["metadata"].(map[string]interface{})["name"].(string)
 		analyticsNamespace := a7s.Object["metadata"].(map[string]interface{})["namespace"].(string)

nets/apiconnect/apiconnect.go

@@ -1,7 +1,6 @@
 package apiconnect
 
 import (
-	"context"
 	"fmt"
 	"nets"
 	"strings"
@@ -10,9 +9,6 @@ import (
 	"github.com/IBM/alchemy-logging/src/go/alog"
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/prometheus/client_golang/prometheus/promauto"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime/schema"
-	"k8s.io/client-go/dynamic"
 )
 
 type APIConnect struct {
@@ -28,6 +24,7 @@ type APIConnectNetConfig struct {
 	Host         string      `yaml:"host"`
 	HealthPrefix string      `yaml:"health_prefix"`
 	HealthLabel  HealthLabel `yaml:"health_label"`
+	Namespace    string      `yaml:"namespace"`
 }
 type HealthLabel struct {
 	Name  string `yaml:"name"`
@@ -36,12 +33,8 @@ type HealthLabel struct {
 
 var log = alog.UseChannel("apic")
 
-func (a *APIConnect) crdStatusMetrics(dynamicClient dynamic.DynamicClient, gvr schema.GroupVersionResource, crdStatus prometheus.GaugeVec) {
-	subsystems, err := dynamicClient.Resource(gvr).List(context.Background(), v1.ListOptions{})
-	if err != nil {
-		log.Log(alog.ERROR, "error getting subsystems %v", err)
-		return
-	}
+func (a *APIConnect) crdStatusMetrics(group, version, resource string, crdStatus prometheus.GaugeVec) {
+	subsystems := nets.GetCustomResourceList(group, version, resource, a.Config.Namespace)
 
 	for _, subsystem := range subsystems.Items {
 		subsystemName := subsystem.Object["metadata"].(map[string]interface{})["name"].(string)
@@ -66,9 +59,9 @@ func (a *APIConnect) crdStatusMetrics(dynamicClient dynamic.DynamicClient, gvr s
 				}
 				if version != "" {
 					if a.Config.HealthLabel.Name != "" {
-						a.healthStatus.WithLabelValues(gvr.Resource+"_"+subsystemName, version, a.Config.HealthLabel.Value).Set(healthValue)
+						a.healthStatus.WithLabelValues(resource+"_"+subsystemName, version, a.Config.HealthLabel.Value).Set(healthValue)
 					} else {
-						a.healthStatus.WithLabelValues(gvr.Resource+"_"+subsystemName, version).Set(healthValue)
+						a.healthStatus.WithLabelValues(resource+"_"+subsystemName, version).Set(healthValue)
 					}
 				}
 			}
@@ -136,31 +129,8 @@ func (a *APIConnect) registerMetrics() {
 		[]string{"name", "namespace", "type"})
 }
 func (a *APIConnect) Fish() {
-	dynamicClient := nets.GetDynamicKubeClient()
-
-	var a7s_gvr = schema.GroupVersionResource{
-		Group:    "analytics.apiconnect.ibm.com",
-		Version:  "v1beta1",
-		Resource: "analyticsclusters",
-	}
-	var ptl_gvr = schema.GroupVersionResource{
-		Group:    "portal.apiconnect.ibm.com",
-		Version:  "v1beta1",
-		Resource: "portalclusters",
-	}
-	var mgmt_gvr = schema.GroupVersionResource{
-		Group:    "management.apiconnect.ibm.com",
-		Version:  "v1beta1",
-		Resource: "managementclusters",
-	}
-	var gw_gvr = schema.GroupVersionResource{
-		Group:    "gateway.apiconnect.ibm.com",
-		Version:  "v1beta1",
-		Resource: "gatewayclusters",
-	}
-
-	a.crdStatusMetrics(*dynamicClient, gw_gvr, *a.metrics["gwCrdStatus"])
-	a.crdStatusMetrics(*dynamicClient, mgmt_gvr, *a.metrics["mgmtCrdStatus"])
-	a.crdStatusMetrics(*dynamicClient, ptl_gvr, *a.metrics["ptlCrdStatus"])
-	a.crdStatusMetrics(*dynamicClient, a7s_gvr, *a.metrics["a7sCrdStatus"])
+	a.crdStatusMetrics("gateway.apiconnect.ibm.com", "v1beta1", "gatewayclusters", *a.metrics["gwCrdStatus"])
+	a.crdStatusMetrics("management.apiconnect.ibm.com", "v1beta1", "managementclusters", *a.metrics["mgmtCrdStatus"])
+	a.crdStatusMetrics("portal.apiconnect.ibm.com", "v1beta1", "portalclusters", *a.metrics["ptlCrdStatus"])
+	a.crdStatusMetrics("analytics.apiconnect.ibm.com", "v1beta1", "analyticsclusters", *a.metrics["a7sCrdStatus"])
 }

nets/main.go

@@ -163,15 +163,15 @@ func InvokeAPI(url string, certPath string, token string) (*http.Response, error
 
 }
 
-func GetCustomResourceList(group, version, resource string) *unstructured.UnstructuredList {
+func GetCustomResourceList(group, version, resource, namespace string) *unstructured.UnstructuredList {
 	dynamicClient := GetDynamicKubeClient()
 	gvr := schema.GroupVersionResource{
 		Group:    group,
 		Version:  version,
 		Resource: resource,
 	}
 
-	items, err := dynamicClient.Resource(gvr).List(context.Background(), v1.ListOptions{})
+	items, err := dynamicClient.Resource(gvr).Namespace(namespace).List(context.Background(), v1.ListOptions{})
 	if err != nil {
 		log.Log(alog.ERROR, "Failed to find %s: %v", resource, err)
 		return nil

nets/manager/manager.go

@@ -25,6 +25,7 @@ type ManagerNetConfig struct {
 	Host              string `yaml:"host"`
 	ProcessOrgMetrics bool   `yaml:"process_org_metrics"`
 	MoreStats         bool   `yaml:"more_stats"`
+	Namespace         string `yaml:"namespace"`
 }
 
 type CountStruct struct {
@@ -98,7 +99,6 @@ type ConfiguredGatewayService struct {
 
 var version string
 
-var crlList = nets.GetCustomResourceList
 var invokeAPI = nets.InvokeAPI
 var getToken = nets.GetToken
 
@@ -197,7 +197,7 @@ func (m *Manager) publishTopologyMetrics(topologyCount CountStruct, managementNa
 
 func (m *Manager) findAPIM() error {
 
-	apims := crlList("management.apiconnect.ibm.com", "v1beta1", "managementclusters")
+	apims := nets.GetCustomResourceList("management.apiconnect.ibm.com", "v1beta1", "managementclusters", m.Config.Namespace)
 	if apims != nil {
 		for _, apim := range apims.Items {
 			managementName := apim.Object["metadata"].(map[string]interface{})["name"].(string)