diff --git a/Dockerfile b/Dockerfile index 101fade6..372a6532 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,6 +7,8 @@ RUN go build -o /go/bin/icinga-kubernetes ./cmd/icinga-kubernetes/main.go FROM scratch -COPY --from=builder /go/bin/icinga-kubernetes /go/bin/icinga-kubernetes -EXPOSE 8080 -ENTRYPOINT ["/go/bin/icinga-kubernetes"] +WORKDIR /go/bin/ +COPY --from=alpine /tmp /tmp +COPY --from=builder /go/bin/icinga-kubernetes ./icinga-kubernetes + +ENTRYPOINT ["./icinga-kubernetes"] diff --git a/cmd/icinga-kubernetes/main.go b/cmd/icinga-kubernetes/main.go index 90924229..818919e7 100644 --- a/cmd/icinga-kubernetes/main.go +++ b/cmd/icinga-kubernetes/main.go @@ -15,6 +15,7 @@ import ( kinformers "k8s.io/client-go/informers" "k8s.io/client-go/kubernetes" kclientcmd "k8s.io/client-go/tools/clientcmd" + "os" ) func main() { @@ -34,7 +35,29 @@ func main() { logging.Fatal(errors.Wrap(err, "can't parse flags")) } - cfg, err := config.FromYAMLFile[internal.Config](flags.Config) + cfg := &internal.Config{} + configFile := flags.Config + + if ikConfig, inCluster := os.LookupEnv("ICINGA_KUBERNETES_CONFIG"); inCluster { + file, err := os.CreateTemp("", "yaml-config-") + if err != nil { + logging.Fatal(errors.Wrap(err, "can't create temporary yaml config")) + } + defer func() { + err := os.Remove(file.Name()) + if err != nil { + logging.Fatal(errors.Wrap(err, "can't remove temporary yaml config")) + } + }() + + if _, err = file.Write([]byte(ikConfig)); err != nil { + logging.Fatal(errors.Wrap(err, "can't write to temporary yaml config")) + } + + configFile = file.Name() + } + + cfg, err = config.FromYAMLFile[internal.Config](configFile) if err != nil { logging.Fatal(errors.Wrap(err, "can't create configuration")) } diff --git a/icinga-kubernetes-expose-8080.yml b/icinga-kubernetes-expose-8080.yml deleted file mode 100644 index 7243e663..00000000 --- a/icinga-kubernetes-expose-8080.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: icinga-kubernetes - labels: - app: icinga-kubernetes -spec: - type: NodePort - ports: - - port: 8080 - protocol: TCP - targetPort: 8080 - selector: - app: icinga-kubernetes diff --git a/icinga-kubernetes.example.yml b/icinga-kubernetes.example.yml new file mode 100644 index 00000000..29e8aea4 --- /dev/null +++ b/icinga-kubernetes.example.yml @@ -0,0 +1,110 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: icinga-kubernetes + labels: + app: icinga-kubernetes + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: icinga-kubernetes-config + namespace: icinga-kubernetes +data: + config: | + # This is the configuration file for Icinga Kubernetes. + # + # Connection configuration for the database to which Icinga Kubernetes synchronizes Kubernetes data. + # This is also the database used in Icinga Kubernetes Web to view and work with the data. + database: + # Database type. Either 'mysql' for MySQL or 'pgsql' for PostgreSQL. + # Defaults to 'mysql'. + # type: mysql + + # Database host or absolute Unix socket path. + host: 10.96.0.2 + + # Database port. By default, the MySQL or PostgreSQL port, depending on the database type. + # port: + + # Database name. + database: kubernetes + + # Database user. + user: kubernetes + + # Database password. + password: kubernetes + + # Icinga Kubernetes logs its activities at various severity levels and any errors that occur either + # on the console or in systemd's journal. The latter is used automatically when running under systemd. + # In any case, the default log level is 'info'. + logging: + # Default logging level. Can be set to 'fatal', 'error', 'warn', 'info' or 'debug'. + # If not set, defaults to 'info'. + level: info + + # Logging output. Can be set to 'console' (stderr) or 'systemd-journald'. + # If not set, logs to systemd-journald when running under systemd, otherwise stderr. + # output: + + # Interval for periodic logging defined as duration string. + # A duration string is a sequence of decimal numbers and a unit suffix, such as "20s". + # Valid units are "ms", "s", "m", "h". + # Defaults to "20s". + # interval: 20s + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: icinga-kubernetes + namespace: icinga-kubernetes + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + namespace: icinga-kubernetes + name: resource-reader +rules: + - apiGroups: [ "" ] + resources: [ "*" ] + verbs: [ "get", "watch", "list" ] + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: read-resources + namespace: icinga-kubernetes +subjects: + - kind: ServiceAccount + name: icinga-kubernetes + namespace: icinga-kubernetes +roleRef: + kind: ClusterRole + name: resource-reader + apiGroup: "rbac.authorization.k8s.io" + +--- +apiVersion: v1 +kind: Pod +metadata: + name: icinga-kubernetes + labels: + app: icinga-kubernetes + namespace: icinga-kubernetes +spec: + serviceAccountName: icinga-kubernetes + containers: + - name: icinga-kubernetes + image: icinga-kubernetes + imagePullPolicy: Never + env: + - name: ICINGA_KUBERNETES_CONFIG + valueFrom: + configMapKeyRef: + name: icinga-kubernetes-config + key: config diff --git a/icinga-kubernetes.yml b/icinga-kubernetes.yml deleted file mode 100644 index 822ed850..00000000 --- a/icinga-kubernetes.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: v1 -kind: Pod -metadata: - name: icinga-kubernetes - labels: - app: icinga-kubernetes -spec: - containers: - - name: icinga-kubernetes - image: icinga-kubernetes - imagePullPolicy: Never - ports: - - containerPort: 8080