-
Notifications
You must be signed in to change notification settings - Fork 95
/
kubernetes.go
86 lines (74 loc) · 2.49 KB
/
kubernetes.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
package prober
import (
"context"
"fmt"
"strings"
"github.com/bmatcuk/doublestar/v2"
"github.com/go-kit/log"
"github.com/prometheus/client_golang/prometheus"
"github.com/ribbybibby/ssl_exporter/v2/config"
v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/tools/clientcmd"
// Support oidc in kube config files
_ "k8s.io/client-go/plugin/pkg/client/auth/oidc"
)
var (
// ErrKubeBadTarget is returned when the target doesn't match the
// expected form for the kubernetes prober
ErrKubeBadTarget = fmt.Errorf("Target secret must be provided in the form: <namespace>/<name>")
)
// ProbeKubernetes collects certificate metrics from kubernetes.io/tls Secrets
func ProbeKubernetes(ctx context.Context, logger log.Logger, target string, module config.Module, registry *prometheus.Registry) error {
client, err := newKubeClient(module.Kubernetes.Kubeconfig)
if err != nil {
return err
}
return probeKubernetes(ctx, target, module, registry, client)
}
func probeKubernetes(ctx context.Context, target string, module config.Module, registry *prometheus.Registry, client kubernetes.Interface) error {
parts := strings.Split(target, "/")
if len(parts) != 2 || parts[0] == "" || parts[1] == "" {
return ErrKubeBadTarget
}
ns := parts[0]
name := parts[1]
var tlsSecrets []v1.Secret
secrets, err := client.CoreV1().Secrets("").List(ctx, metav1.ListOptions{FieldSelector: "type=kubernetes.io/tls"})
if err != nil {
return err
}
for _, secret := range secrets.Items {
nMatch, err := doublestar.Match(ns, secret.Namespace)
if err != nil {
return err
}
sMatch, err := doublestar.Match(name, secret.Name)
if err != nil {
return err
}
if nMatch && sMatch {
tlsSecrets = append(tlsSecrets, secret)
}
}
return collectKubernetesSecretMetrics(tlsSecrets, registry)
}
// newKubeClient returns a Kubernetes client (clientset) from the supplied
// kubeconfig path, the KUBECONFIG environment variable, the default config file
// location ($HOME/.kube/config) or from the in-cluster service account environment.
func newKubeClient(path string) (*kubernetes.Clientset, error) {
loadingRules := clientcmd.NewDefaultClientConfigLoadingRules()
if path != "" {
loadingRules.ExplicitPath = path
}
kubeConfig := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(
loadingRules,
&clientcmd.ConfigOverrides{},
)
config, err := kubeConfig.ClientConfig()
if err != nil {
return nil, err
}
return kubernetes.NewForConfig(config)
}