Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Introduce Beat CRD #3041

Merged
merged 82 commits into from
Jun 8, 2020
Merged

Introduce Beat CRD #3041

Show file tree
Hide file tree
Changes from 41 commits
Commits
Show all changes
82 commits
Select commit Hold shift + click to select a range
8a72b79
Introduce Beat CRD
May 12, 2020
b8ee209
Exclude BeatList from doc generation
May 12, 2020
c68cfed
Add autodiscovery rbac flag to manager cmd, fix rbac for the operator
May 12, 2020
3f0f842
Change autodiscover RBAC flag from disable... to enable...
May 14, 2020
69184cc
Improve godoc wording
May 14, 2020
b538333
Rename beat_controller.go to controller.go
May 14, 2020
9ae99a4
Fix comment wording
May 14, 2020
98745b4
Fix update path for autodiscover resources
May 14, 2020
b2f898e
Add image validation if Beat type is not well known
May 14, 2020
469f67c
Regenerate CRDs and api docs
May 14, 2020
be128a2
Add metricbeat driver
May 13, 2020
40a35c5
Expand and improve Beat samples
May 20, 2020
4305780
Refactor config and pod vehicle reconcilation
May 20, 2020
d4c538e
Make new linter happy
May 21, 2020
e88b8c1
Add e2e tests, update smoke test
May 23, 2020
20f2af3
Add UTs
May 23, 2020
df0357c
Move writing derefed secret to hash to common
May 23, 2020
566feb8
Split config.go file
May 24, 2020
897bbfb
Set default replica count for unknown beats
May 24, 2020
66e29ae
Fix setting labels on daemonset
May 24, 2020
fcb8002
Fix not returning error when association secret key isn't found
May 24, 2020
b45481f
Add UTs for beat common and config
May 24, 2020
b2760b1
Fix imports
May 24, 2020
b1c2f96
Make config file mount path the same for all Beats
May 24, 2020
fc9c766
Fix some comments
May 24, 2020
f882293
Make path strings const
May 24, 2020
1b22437
Remove pv for now
May 24, 2020
0c6a132
Fix permissions for the operator
May 24, 2020
e10b7e9
Apply suggestions from code review
david-kow May 24, 2020
df85085
Fix builder security context setting
May 25, 2020
984e9db
Fix syntax errors
May 25, 2020
fb9d5c4
Adhere to testing conventions
May 25, 2020
0493d62
Fix redundant syntax
May 25, 2020
eeefc99
Regenerate docs
May 25, 2020
7d49cd3
Remove unnecessary comment from beat sample
May 25, 2020
c79d07a
Move validation to DriverParams
May 25, 2020
3b4a5be
Fix flag name and value
May 25, 2020
e145e10
Move setting default vehicle to driver constructor
May 25, 2020
728c6a5
Remove unused otherbeat type name
May 25, 2020
586fdd9
Expand comments and rename func for modifying pod template
May 25, 2020
9fe7974
Fix e2e permissions
May 25, 2020
c2c37e0
Support Beat Builder in samples test
May 26, 2020
fc852c3
Add SecurityContext to log generating pod
May 31, 2020
593e282
Fix permissions for the operator, create autodiscover role
May 31, 2020
8fc44d9
Fix Metricbeat e2e test
May 31, 2020
30fe136
PR fixes
Jun 1, 2020
85c0b60
Fix autodiscover cluster role name
Jun 1, 2020
a6d5262
Use empty dict instead of null for values
Jun 3, 2020
6644c7a
Clean up comments
Jun 3, 2020
a45e752
Fix Beat sample
Jun 3, 2020
750d84f
Filter events so that controller sees only the ones relevant for Beats
Jun 3, 2020
286f0c0
Remove watching dynamic secrets as there are none atm
Jun 3, 2020
61035a9
Clean up autodiscover ClusterRoleBinding on delete
Jun 3, 2020
8afb965
Rename default Beat Service Account
Jun 3, 2020
8bb0d21
Change min supported Beat version to 7.0.0
Jun 3, 2020
c454f80
move
Jun 4, 2020
4b832cc
refactor
Jun 4, 2020
0efdd62
Merge branch 'master' into beat_crd
Jun 4, 2020
770579a
Post merge fixes
Jun 4, 2020
dcd3dc4
Add/fix comments
Jun 4, 2020
262cadb
Fix removing comments from yamls
Jun 4, 2020
d1dcf39
Revert accidental comment
Jun 4, 2020
90e37a8
Renames and comments around autodiscover
Jun 4, 2020
ea46765
Refactor to avoid passing state around unnecessarily
Jun 4, 2020
4d303fd
Set security context on pod instead of on container
Jun 4, 2020
2911537
Loosen beat psp
Jun 4, 2020
bdb67b4
Fix adding beats to v1beta1 scheme
Jun 4, 2020
ac1ff77
Clean up comments on Beat type
Jun 4, 2020
328a833
Generated files
Jun 4, 2020
9133ecd
Fixes for OpenShift E2E tests
Jun 5, 2020
ae69269
Set template hash label to ClusterRoleBinding
Jun 5, 2020
ad6f674
Rename roles.yaml to beat-roles.yaml, common.go to driver.go
Jun 5, 2020
8941ce8
Conditionally add empty namespace to cached namespaces
Jun 5, 2020
22b940b
Reword comments, logs
Jun 5, 2020
595610a
Fix comments
Jun 5, 2020
ea57b80
Drop 'operator' from autodiscover resource names
Jun 5, 2020
ae1e37e
Move validating Beat spec to a separate func
Jun 5, 2020
84a6345
Tighten beat PSP, fix comments, regenerate
Jun 6, 2020
eca6654
Unit test derefing secret for config hash
Jun 6, 2020
d793e62
Fix beat-roles.yaml file name in Makefile
Jun 6, 2020
0ce0903
Remove some metricsets from default metricbeat cfg
Jun 6, 2020
4a679c7
PR fixes
Jun 8, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 24 additions & 2 deletions cmd/manager/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,8 @@ import (
"github.com/elastic/cloud-on-k8s/pkg/controller/apmserver"
"github.com/elastic/cloud-on-k8s/pkg/controller/association"
associationctl "github.com/elastic/cloud-on-k8s/pkg/controller/association/controller"
"github.com/elastic/cloud-on-k8s/pkg/controller/beat"
commonbeat "github.com/elastic/cloud-on-k8s/pkg/controller/common/beat"
"github.com/elastic/cloud-on-k8s/pkg/controller/common/certificates"
"github.com/elastic/cloud-on-k8s/pkg/controller/common/container"
"github.com/elastic/cloud-on-k8s/pkg/controller/common/operator"
Expand Down Expand Up @@ -166,6 +168,11 @@ func init() {
"",
fmt.Sprintf("K8s secret mounted into the path designated by %s to be used for webhook certificates", operator.WebhookCertDirFlag),
)
Cmd.Flags().Bool(
operator.EnableAutodiscoverRBACSetupFlag,
true,
"Determines whether the operator should set up role, binding and service account for the Beats autodiscover feature",
)

// enable using dashed notation in flags and underscores in env
viper.SetEnvKeyReplacer(strings.NewReplacer("-", "_"))
Expand Down Expand Up @@ -260,8 +267,10 @@ func execute() {
opts.Namespace = managedNamespaces[0]
default:
log.Info("Operator configured to manage multiple namespaces", "namespaces", managedNamespaces, "operator_namespace", operatorNamespace)
// always include the operator namespace into the manager cache so that we can work with operator-internal resources in there
opts.NewCache = cache.MultiNamespacedCacheBuilder(append(managedNamespaces, operatorNamespace))
// always include:
// 1. the operator namespace into the manager cache so that we can work with operator-internal resources in there
// 2. empty namespace for non-namespaced resources
opts.NewCache = cache.MultiNamespacedCacheBuilder(append(managedNamespaces, operatorNamespace, ""))
}

// only expose prometheus metrics if provided a non-zero port
Expand Down Expand Up @@ -330,6 +339,10 @@ func execute() {
accessReviewer = rbac.NewPermissiveAccessReviewer()
}

if viper.GetBool(operator.EnableAutodiscoverRBACSetupFlag) {
commonbeat.EnableAutodiscoverRBACSetup()
}

if err = apmserver.Add(mgr, params); err != nil {
log.Error(err, "unable to create controller", "controller", "ApmServer")
os.Exit(1)
Expand All @@ -346,6 +359,10 @@ func execute() {
log.Error(err, "unable to create controller", "controller", "EnterpriseSearch")
os.Exit(1)
}
if err = beat.Add(mgr, params); err != nil {
log.Error(err, "unable to create controller", "controller", "Beat")
os.Exit(1)
}
if err = associationctl.AddApmES(mgr, accessReviewer, params); err != nil {
log.Error(err, "unable to create controller", "controller", "apm-es-association")
os.Exit(1)
Expand All @@ -358,6 +375,11 @@ func execute() {
log.Error(err, "unable to create controller", "controller", "ent-es-association")
os.Exit(1)
}
if err = associationctl.AddBeatES(mgr, accessReviewer, params); err != nil {
log.Error(err, "unable to create controller", "controller", "beat-es-association")
os.Exit(1)
}

if err = remoteca.Add(mgr, accessReviewer, params); err != nil {
log.Error(err, "unable to create controller", "controller", "RemoteClusterCertificateAuthorites")
os.Exit(1)
Expand Down
147 changes: 147 additions & 0 deletions config/crds/all-crds.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -438,6 +438,153 @@ status:
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.2.5
creationTimestamp: null
name: beats.beat.k8s.elastic.co
spec:
additionalPrinterColumns:
- JSONPath: .status.health
name: health
type: string
- JSONPath: .status.availableNodes
description: Available nodes
name: available
type: integer
- JSONPath: .status.expectedNodes
description: Expected nodes
name: expected
type: integer
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we have a single nodes (corresponding to available nodes) instead of expectedNodes and availableNodes in other CRDs. Let's be consistent?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we did want to change that in the past (#1786). I'd be for keeping both and improving the status on other resources. It's following the pattern of built-in resources, gives the users more information and it comes free. I'd leave it as is unless you feel strongly about it. (I'm open to naming changes.)

- JSONPath: .spec.type
description: Beat type
name: type
type: string
- JSONPath: .spec.version
description: Beat version
name: version
type: string
- JSONPath: .metadata.creationTimestamp
name: age
type: date
group: beat.k8s.elastic.co
names:
categories:
- elastic
kind: Beat
listKind: BeatList
plural: beats
shortNames:
- beat
singular: beat
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
description: Beat is the Schema for the Beats API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: BeatSpec defines the desired state of a Beat.
properties:
config:
description: Config holds the Beat configuration. If provided, it will
override the default configuration.
type: object
daemonSet:
description: 'DaemonSet allows to: 1. Indicate whether the Beat should
be deployed as DaemonSet or Deployment, if both are absent, a default
for the Type is used 2. Provide a spec for the DaemonSet At most
one of DaemonSet and Deployment can be used.'
properties: {}
type: object
deployment:
description: 'Deployment allows to: 1. Indicate whether the Beat should
be deployed as DaemonSet or Deployment, if both are absent, a default
for the Type is used 2. Provide a spec for the Deployment At most
one of DaemonSet and Deployment can be used.'
properties:
replicas:
format: int32
type: integer
type: object
elasticsearchRef:
description: ElasticsearchRef is a reference to an Elasticsearch cluster
running in the same Kubernetes cluster.
properties:
name:
description: Name of the Kubernetes object.
type: string
namespace:
description: Namespace of the Kubernetes object. If empty, defaults
to the current namespace.
type: string
required:
- name
type: object
image:
description: Image is the Beat Docker image to deploy. Version has to
match the Beat in the image.
type: string
serviceAccountName:
description: ServiceAccountName is used to check access from the current
resource to Elasticsearch resource in a different namespace. Can only
be used if ECK is enforcing RBAC on references.
type: string
type:
description: Type is the type of the Beat to deploy. Any string can
be used, but well-known types will be recognized and will allow to
provide sane default configurations.
maxLength: 20
type: string
version:
description: Version of the Beat.
type: string
required:
- type
- version
type: object
status:
description: BeatStatus defines the observed state of Beat
properties:
associationStatus:
description: AssociationStatus is the status of an association resource.
type: string
availableNodes:
format: int32
type: integer
expectedNodes:
format: int32
type: integer
health:
type: string
type: object
version: v1beta1
versions:
- name: v1beta1
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.2.5
Expand Down
Loading