controller: When a given credential or exporter config is created/upd…

…ated/deleted in GraphQL, the controller will automatically apply that change to Kubernetes. Credentials are converted to Kubernetes `Secret`s, while exporters are converted to Kubernetes `Deployment`s (which may link to the `Secret`s referenced by the exporter config). The synchronization itself works against the existing Kubernetes reconciliation loop in the Controller. The main addition is that the reconciliation state now includes entries originating from GraphQL, but the reconciliation flow itself remains the same structurally and ends up being pretty straightforward. This structure would potentially be extendable to other state retrieved from GraphQL in the future. Summary: - Add GraphQL queries for dumping a "snapshot" of credentials and exporters when starting the sync, in addition to the existing subscription queries. - Add subscription client to controller, largely copied from app. - Implement `informers` for fetching and subscribing to the GraphQL credentials and exporters, and applying this data to the Redux state object. - Implement `resources` for converting the Redux state to Kubernetes objects, with type-specific logic for how to deploy each credential and exporter type. I've so far tested this by hand by creating credentials/exporters via `curl` against the go graphql `config` service (which is due to get moved/renamed), and was able to verify that actual metrics successfully appeared in prometheus/cortex from each of the current two types of exporters. As such this should complete issue #312 and epic #310 . There remains some doc work via #358 which in turn depends on the graphql config API naming that's being updated via #379 . Signed-off-by: Nick Parker <nick@opstrace.com>
opstrace · Feb 23, 2021 · 98f2e77 · 98f2e77
1 parent a0f2818
commit 98f2e77
Show file tree

Hide file tree

Showing 24 changed files with 1,154 additions and 16 deletions.
diff --git a/go/pkg/graphql/client_generated.go b/go/pkg/graphql/client_generated.go
diff --git a/packages/app/src/state/credential/queries/getCredential.gql b/packages/app/src/state/credential/queries/getCredential.gql
@@ -1,3 +1,4 @@
+// Returns credential information (but not the secret value) for a single entry.
 query GetCredential($tenant: String!, $name: String!) {
   credential_by_pk(tenant: $tenant, name: $name) {
     tenant

diff --git a/packages/app/src/state/credential/queries/getCredentials.gql b/packages/app/src/state/credential/queries/getCredentials.gql
@@ -1,3 +1,4 @@
+// Returns credential information (but not the secret values) for a single tenant.
 query GetCredentials($tenant: String!) {
   credential(where: {tenant: {_eq: $tenant}}) {
     tenant

diff --git a/packages/app/src/state/credential/queries/getCredentialsDump.gql b/packages/app/src/state/credential/queries/getCredentialsDump.gql
@@ -0,0 +1,13 @@
+// Returns credentials, INCLUDING SECRET VALUES, across all tenants.
+// Used for initial sync of credential secrets to Kubernetes.
+// TODO: ability to restrict access to this API to just the controller?
+query GetCredentialsDump {
+  credential {
+    tenant
+    name
+    type
+    value
+    created_at
+    updated_at
+  }
+}
diff --git a/packages/app/src/state/credential/queries/subscribeToCredentialList.gql b/packages/app/src/state/credential/queries/subscribeToCredentialList.gql
@@ -1,8 +1,13 @@
+// Subscribes to credential updates, INCLUDING SECRET VALUES, across all tenants.
+// Used for syncing credential secrets to Kubernetes.
+// TODO: ability to restrict access to this API to just the controller?
 subscription SubscribeToCredentialList {
   credential {
     name
     tenant
     type
     value
+    created_at
+    updated_at
   }
 }
diff --git a/packages/app/src/state/exporter/queries/getExporter.gql b/packages/app/src/state/exporter/queries/getExporter.gql
@@ -1,3 +1,4 @@
+// Returns exporter configuration for a single entry.
 query GetExporter($tenant: String!, $name: String!) {
   exporter_by_pk(tenant: $tenant, name: $name) {
     tenant

diff --git a/packages/app/src/state/exporter/queries/getExporters.gql b/packages/app/src/state/exporter/queries/getExporters.gql
@@ -1,3 +1,4 @@
+// Returns exporter configurations for a single tenant.
 query GetExporters($tenant: String!) {
   exporter(where: {tenant: {_eq: $tenant}}) {
     tenant

diff --git a/packages/app/src/state/exporter/queries/getExportersDump.gql b/packages/app/src/state/exporter/queries/getExportersDump.gql
@@ -0,0 +1,13 @@
+// Returns exporter configurations across all tenants at once.
+// Used for initial sync of exporter deployments to Kubernetes.
+query GetExportersDump {
+  exporter {
+    tenant
+    name
+    type
+    credential
+    config
+    created_at
+    updated_at
+  }
+}
diff --git a/packages/app/src/state/graphql-api-types.ts b/packages/app/src/state/graphql-api-types.ts
@@ -3232,12 +3232,28 @@ export type GetCredentialsQuery = {
   >;
 };
 
+export type GetCredentialsDumpQueryVariables = Exact<{ [key: string]: never }>;
+
+export type GetCredentialsDumpQuery = {
+  credential: Array<
+    Pick<
+      Credential,
+      "tenant" | "name" | "type" | "value" | "created_at" | "updated_at"
+    >
+  >;
+};
+
 export type SubscribeToCredentialListSubscriptionVariables = Exact<{
   [key: string]: never;
 }>;
 
 export type SubscribeToCredentialListSubscription = {
-  credential: Array<Pick<Credential, "name" | "tenant" | "type" | "value">>;
+  credential: Array<
+    Pick<
+      Credential,
+      "name" | "tenant" | "type" | "value" | "created_at" | "updated_at"
+    >
+  >;
 };
 
 export type UpdateCredentialMutationVariables = Exact<{
@@ -3309,6 +3325,23 @@ export type GetExportersQuery = {
   >;
 };
 
+export type GetExportersDumpQueryVariables = Exact<{ [key: string]: never }>;
+
+export type GetExportersDumpQuery = {
+  exporter: Array<
+    Pick<
+      Exporter,
+      | "tenant"
+      | "name"
+      | "type"
+      | "credential"
+      | "config"
+      | "created_at"
+      | "updated_at"
+    >
+  >;
+};
+
 export type SubscribeToExporterListSubscriptionVariables = Exact<{
   [key: string]: never;
 }>;
@@ -3674,13 +3707,27 @@ export const GetCredentialsDocument = gql`
     }
   }
 `;
+export const GetCredentialsDumpDocument = gql`
+  query GetCredentialsDump {
+    credential {
+      tenant
+      name
+      type
+      value
+      created_at
+      updated_at
+    }
+  }
+`;
 export const SubscribeToCredentialListDocument = gql`
   subscription SubscribeToCredentialList {
     credential {
       name
       tenant
       type
       value
+      created_at
+      updated_at
     }
   }
 `;
@@ -3744,6 +3791,19 @@ export const GetExportersDocument = gql`
     }
   }
 `;
+export const GetExportersDumpDocument = gql`
+  query GetExportersDump {
+    exporter {
+      tenant
+      name
+      type
+      credential
+      config
+      created_at
+      updated_at
+    }
+  }
+`;
 export const SubscribeToExporterListDocument = gql`
   subscription SubscribeToExporterList {
     exporter {
@@ -4277,6 +4337,22 @@ export function getSdk(
         )
       );
     },
+    GetCredentialsDump(
+      variables?: GetCredentialsDumpQueryVariables
+    ): Promise<{
+      data?: GetCredentialsDumpQuery | undefined;
+      extensions?: any;
+      headers: Headers;
+      status: number;
+      errors?: GraphQLError[] | undefined;
+    }> {
+      return withWrapper(() =>
+        client.rawRequest<GetCredentialsDumpQuery>(
+          print(GetCredentialsDumpDocument),
+          variables
+        )
+      );
+    },
     SubscribeToCredentialList(
       variables?: SubscribeToCredentialListSubscriptionVariables
     ): Promise<{
@@ -4373,6 +4449,22 @@ export function getSdk(
         )
       );
     },
+    GetExportersDump(
+      variables?: GetExportersDumpQueryVariables
+    ): Promise<{
+      data?: GetExportersDumpQuery | undefined;
+      extensions?: any;
+      headers: Headers;
+      status: number;
+      errors?: GraphQLError[] | undefined;
+    }> {
+      return withWrapper(() =>
+        client.rawRequest<GetExportersDumpQuery>(
+          print(GetExportersDumpDocument),
+          variables
+        )
+      );
+    },
     SubscribeToExporterList(
       variables?: SubscribeToExporterListSubscriptionVariables
     ): Promise<{

diff --git a/packages/controller-config/src/docker-images.json b/packages/controller-config/src/docker-images.json
@@ -6,6 +6,8 @@
   "cortex": "cortexproject/cortex:v1.7.0-rc.2",
   "cortexApiProxy": "opstrace/cortex-api:f04cb9669fb32561f81b56a7b0dd864b",
   "ddApi": "opstrace/ddapi:fd813ccbf9a09d32c4c57cb0fac6b7949be71a92",
+  "exporterCloudwatch": "prom/cloudwatch-exporter:cloudwatch_exporter-0.10.0",
+  "exporterStackdriver": "prometheuscommunity/stackdriver-exporter:v0.11.0",
   "externalDNS": "k8s.gcr.io/external-dns/external-dns:v0.7.4",
   "systemlogFluentd": "opstrace/systemlog-fluentd:fe6d0d84-dev",
   "grafana": "grafana/grafana:7.3.4-ubuntu",
@@ -21,7 +23,7 @@
   "nodeExporter": "quay.io/prometheus/node-exporter:v0.18.1",
   "prometheusAdapter": "quay.io/coreos/k8s-prometheus-adapter-amd64:v0.4.1",
   "prometheusOperator": "quay.io/prometheus-operator/prometheus-operator:v0.42.1",
-  "graphqlEngine": "opstrace/graphql:7232833b5b41ed1793caff32ca128926",
+  "graphqlEngine": "opstrace/graphql:03c7137f0baa0dac3565a398426d3026",
   "app": "opstrace/app:7232833b5b41ed1793caff32ca128926",
   "redis": "bitnami/redis:6.0.9",
   "postgresClient": "tmaier/postgresql-client@sha256:3702d3bff09b18e1d173cdf5887d6e4fea5feac0a521becf4a27559992e44ff3"

diff --git a/packages/controller/src/cmd.ts b/packages/controller/src/cmd.ts
@@ -83,7 +83,7 @@ function* core() {
   log.info(`fetching tenants`);
   yield call(fetchTenants, kubeConfig);
 
-  log.info(`starting kubernetes informers`);
+  log.info(`starting kubernetes and graphql informers`);
   yield fork(runInformers, kubeConfig);
 
   yield call(blockUntilCacheHydrated);