fix(api): Project Module: using kubeview service account to enable k8…

…s queries

.deploy/api/README.md

@@ -6,7 +6,7 @@ Build and Deploy NgxApi
 
 ```bash
 # build, optionally use `--no-cache`
-export VERSION=2.0.3-SNAPSHOT
+export VERSION=2.0.4-SNAPSHOT
 export DOCKER_BUILDKIT=1
 docker build \
 --build-arg VERSION=$VERSION \
@@ -56,4 +56,10 @@ curl -v -X GET \
 
 ### Deploy
 
-Follow instructions from [manual](./manual) or [helm](./helm)
+1.  Create `kubeview` Service Account
+
+```bash
+kubectl create -f kubeview-service-account.yaml
+```
+
+2. Follow instructions from [manual](./manual) or [helm](./helm)

.deploy/api/helm/GCLOUD.md

@@ -5,14 +5,15 @@ Deploying `NgxApi` to `Google Kubernetes Engine` via `Helm`
 ## Set Env
 ```bash
 export PROJECT_ID=ngx-starter-kit
+export BUILD_VERSION=2.0.4-SNAPSHOT
 ```
 
 ## Push NgxApi to GCR
 ```bash
 # Authenticate to the Google Container Registry (first time)
 gcloud auth configure-docker
-docker tag xmlking/ngxapi:2.0.3-SNAPSHOT gcr.io/${PROJECT_ID}/ngxapi:2.0.3-SNAPSHOT
-docker push gcr.io/${PROJECT_ID}/ngxapi:2.0.3-SNAPSHOT
+docker tag xmlking/ngxapi:${BUILD_VERSION} gcr.io/${PROJECT_ID}/ngxapi:${BUILD_VERSION}
+docker push gcr.io/${PROJECT_ID}/ngxapi:${BUILD_VERSION}
 ```
 
 ## Deploy

.deploy/api/helm/nodeapp/templates/deployment.yaml

@@ -32,6 +32,9 @@ spec:
     {{- with .Values.initContainers }}
       initContainers:
       {{- toYaml . | nindent 8 }}
+    {{- end }}
+    {{- if .Values.serviceAccountName }}
+      serviceAccountName: {{ .Values.serviceAccountName }}
     {{- end }}
       containers:
         - name: {{ .Chart.Name }}

.deploy/api/helm/nodeapp/values.yaml

@@ -147,3 +147,6 @@ metrics:
 managedcertificate:
   enabled: false
 #  host: api.mydomain.com
+
+## Add serviceAccount
+serviceAccountName:

.deploy/api/helm/values-dev.yaml

@@ -3,7 +3,7 @@ test:
 
 image:
   repository: xmlking/ngxapi
-  tag: 2.0.3-SNAPSHOT
+  tag: 2.0.4-SNAPSHOT
   pullPolicy: IfNotPresent
 
 securityContext:

.deploy/api/helm/values-gke.yaml

@@ -9,7 +9,7 @@ resources:
 
 image:
   repository: gcr.io/ngx-starter-kit/ngxapi
-  tag: 2.0.3-SNAPSHOT
+  tag: 2.0.4-SNAPSHOT
   pullPolicy: IfNotPresent
 
 securityContext:
@@ -94,3 +94,5 @@ ingress:
 managedcertificate:
   enabled: true
   host: api.kashmora.com
+
+serviceAccountName: kubeview

.deploy/api/helm/values-prod.yaml

@@ -11,7 +11,7 @@ resources:
 
 image:
   repository: xmlking/ngxapi
-  tag: 2.0.3-SNAPSHOT
+  tag: 2.0.4-SNAPSHOT
   pullPolicy: IfNotPresent
 
 securityContext:

.deploy/api/kubeview-service-account.yaml

@@ -0,0 +1,54 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: kubeview
+  namespace: default
+
+---
+
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: kubeview-role
+rules:
+  - apiGroups: ["extensions"]
+    resources:
+      - ingresses
+    verbs: ["get", "list"]
+  - apiGroups: ["apps"]
+    resources:
+      - deployments
+      - replicasets
+      - daemonsets
+      - statefulsets
+    verbs: ["get", "list"]
+  - apiGroups: [""]
+    resources:
+      - pods
+      - ingresses
+      - events
+      - endpoints
+      - namespaces
+      - nodes
+      - persistentvolumes
+      - persistentvolumeclaims
+      - resourcequotas
+      - services
+    verbs: ["get", "list"]
+  - nonResourceURLs: ["*"]
+    verbs: ["get", "list"]
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: kubeview
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: kubeview-role
+subjects:
+  - kind: ServiceAccount
+    name: kubeview
+    namespace: default

.deploy/webapp/README.md

@@ -6,7 +6,7 @@ Build and Deploy NgxWeb webapp.
 
 ```bash
 # build, optionally use `--no-cache`
-export VERSION=2.0.3-SNAPSHOT
+export VERSION=2.0.4-SNAPSHOT
 export DOCKER_BUILDKIT=1
 docker build \
 --build-arg VERSION=$VERSION \
@@ -15,7 +15,7 @@ docker build \
 
 # if you need more memory for build
 export NODE_OPTIONS=--max-old-space-size=4096
-export VERSION=2.0.3-SNAPSHOT
+export VERSION=2.0.4-SNAPSHOT
 export DOCKER_BUILDKIT=1
 docker build \
 --build-arg VERSION=$VERSION \

.deploy/webapp/helm/GCLOUD.md

@@ -5,14 +5,15 @@ Deploying `WebApp` to `Google Kubernetes Engine` via `Helm`
 ## Set Env
 ```bash
 export PROJECT_ID=ngx-starter-kit
+export BUILD_VERSION=2.0.4-SNAPSHOT
 ```
 
 ## Push NgxApi to GCR
 ```bash
 # Authenticate to the Google Container Registry (first time)
 gcloud auth configure-docker
-docker tag xmlking/ngxweb:2.0.3-SNAPSHOT gcr.io/${PROJECT_ID}/ngxweb:2.0.3-SNAPSHOT
-docker push gcr.io/${PROJECT_ID}/ngxweb:2.0.3-SNAPSHOT
+docker tag xmlking/ngxweb:${BUILD_VERSION} gcr.io/${PROJECT_ID}/ngxweb:${BUILD_VERSION}
+docker push gcr.io/${PROJECT_ID}/ngxweb:${BUILD_VERSION}
 ```
 
 ## Deploy

.deploy/webapp/helm/values-dev.yaml

@@ -11,7 +11,7 @@ resources:
 
 image:
   repository: xmlking/ngxweb
-  tag: 2.0.3-SNAPSHOT
+  tag: 2.0.4-SNAPSHOT
   pullPolicy: IfNotPresent
 
 securityContext:

.deploy/webapp/helm/values-gke.yaml

@@ -9,7 +9,7 @@ resources:
 
 image:
   repository: gcr.io/ngx-starter-kit/ngxweb
-  tag: 2.0.3-SNAPSHOT
+  tag: 2.0.4-SNAPSHOT
   pullPolicy: IfNotPresent
 
 securityContext:

.deploy/webapp/helm/values-prod.yaml

@@ -11,7 +11,7 @@ resources:
 
 image:
   repository: xmlking/ngxweb
-  tag: 2.0.3-SNAPSHOT
+  tag: 2.0.4-SNAPSHOT
   pullPolicy: IfNotPresent
 
 securityContext:

PLAYBOOK.md

@@ -252,6 +252,8 @@ yarn workspace @ngx-starter-kit/tools add cpx --dev
 
 > update 3rd party modules/schematics
 
+> use `--allow-dirty` `--next` --force` flags as needed
+
 ```bash
 ng update
 # ng update --next
@@ -261,7 +263,7 @@ ng update @angular/material --force
 ng update @angular/pwa --next
 ng update @ngx-formly/schematics --ui-theme=material
 ng update @nrwl/workspace --next --force
-ng update @nrwl/angular --next --force
+ng update @nrwl/angular --allow-dirty
 ng update @nrwl/nest --next
 ```
 

apps/api/README.md

@@ -135,6 +135,12 @@ ng e2e api --watch
 ng e2e api --forceExit --detectOpenHandles
 ```
 
+### Health
+> check API App health 
+
+https://api.kashmora.com/live
+https://api.kashmora.com/ready
+
 ### Reference
 
 - Awesome Nest

apps/api/package.json

@@ -21,8 +21,8 @@
     "@nestjs/platform-express": "^6.2.4",
     "@nestjs/platform-socket.io": "^6.2.4",
     "@nestjs/swagger": "^3.0.0",
-    "@nestjs/terminus": "^6.2.0-rc.0",
-    "@nestjs/typeorm": "^6.1.0",
+    "@nestjs/terminus": "^6.2.0",
+    "@nestjs/typeorm": "^6.1.2",
     "@nestjs/websockets": "^6.2.4",
     "@nestjsx/crud": "^3.2.0",
     "@xmlking/jwks-rsa": "^1.4.3",
@@ -43,7 +43,7 @@
     "rxjs": "^6.5.2",
     "sharp": "^0.22.1",
     "swagger-ui-express": "^4.0.5",
-    "typeorm": "^0.2.17",
+    "typeorm": "^0.2.18",
     "typeorm-express-query-builder": "^1.1.1",
     "web-push": "^3.3.5"
   },

apps/api/src/app/project/README.md

@@ -8,14 +8,31 @@ A **Project** represent a *Cluster, Namespace, User Account, Resource Quotas, Bi
 ### Setup
 Setup your [Docker for Mac](https://gist.github.com/xmlking/62ab53753c0f0f5247d0e174b31dab21) for local development.
 Create a cluster via [Swagger API](http://localhost:3000/docs/#/Cluster/post_api_cluster) 
-> `YOUR_KUBERNETES_TOKEN` can be retrieved from kubernetes dashboard
+
+1. k8s baseUrl with in pod:  `https://kubernetes`, for local development with `Docker for Mac`, use `https://localhost:6443`
+  ```bash
+  kubectl get endpoints | grep kubernetes
+  ```
+
+2. Create `kubeview` Service Account: [Instructions](../../../../../.deploy/api/README.md#Deploy)
+
+3. `YOUR_KUBEVIEW_TOKEN` for `kubeview` Service Account can be retrieved from kubernetes via cli:
+  ```bash
+  kubectl get secret | grep kubeview
+  kubectl get secrets <name-of-the-secret> -o json | jq -Mr '.data.token' | base64 -D
+  ```
+
+3. from Pod, you should be able to test
+  ```bash
+  curl -k  https://kubernetes/api/v1/namespaces -H "Authorization: Bearer  $TOKEN"
+  ```
 
 ```json
 {
   "name": "LOC",
   "ver": "1.13",
   "baseUrl": "https://localhost:6443",
-  "token": "YOUR_KUBERNETES_TOKEN"
+  "token": "YOUR_KUBEVIEW_TOKEN"
 }
 ```
 
@@ -31,3 +48,8 @@ curl -X GET "http://localhost:3000/api/kubernetes/LOC/kube-system" \
 -H "accept: application/json" \
 -H "authorization: Bearer YOUR_OIDC_ACCESS_TOKEN"
 ``` 
+
+### TODO
+
+Implement [kubeview](https://github.com/benc-uk/kubeview) with Angular
+

apps/api/src/app/project/kubernetes/kubernetes.controller.ts

@@ -40,4 +40,12 @@ export class KubernetesController {
   getNamespace(@Param('cluster') cluster: string, @Param('namespace') namespace: string): Promise<any> {
     return this.kubernetesService.getNamespace({ cluster, namespace });
   }
+
+  @ApiOperation({ title: 'Scrape all data in a cluster by namespace name' })
+  @ApiResponse({ status: HttpStatus.OK, description: 'Found one record' /*, type: T*/ })
+  @ApiResponse({ status: HttpStatus.NOT_FOUND, description: 'Record not found' })
+  @Get('scrape/:cluster/:namespace')
+  scrape(@Param('cluster') cluster: string, @Param('namespace') namespace: string): Promise<any> {
+    return this.kubernetesService.scrape({ cluster, namespace });
+  }
 }