This repository contains microservices that observe Kubernetes clusters and process cluster data into a graph representation. The system consists of:
- Observer Agents: Collect resource data from a Kubernetes cluster and watches for events.
- Consumer Agents: Transform and enrich this data, then publish it to a graph database.
- Rust (latest stable, install via
rustup) - Access to a Kubernetes cluster
- A valid
KUBECONFIGfile or in-cluster access - mTLS certificates for secure service communication
- Running instance of the Cassini message broker - see cassini's README for details
The observer agents use the kube crate to authenticate and interact with the Kubernetes API. It will automatically detect configuration in the following order:
- The
KUBECONFIGenvironment variable (if set) $HOME/.kube/config- In-cluster configuration (if deployed as a pod)
If you're running locally, export your KUBECONFIG:
export KUBECONFIG=$HOME/.kube/configServices communicate over mutually authenticated TLS.
Each service instance (Observer, Consumer, Cassini) requires:
- A certificate (
cert.pem) - A private key (
key.pem) - A trusted CA certificate (
ca.pem)
NOTE: ALL must be base64 PEM encoded files!
See the workspace readme for details on generating your own using the nix flake!
Cassini is a part of the Polar workspace, so from the src/agents directory, you should be able to run the following to start it, provided your environment is set up properly.
cargo run -b cassini-serverEach observer monitors a specific cluster and publishes messages to Cassini.
cargo run -b kube-observerConsumers subscribe to messages from Cassini and process them into graph nodes/edges.
cargo run -p kube-consumer