diff --git a/.gitignore b/.gitignore index 14b2bb3..e6777ff 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -kube-policy-semaphore +semaphore-policy diff --git a/Dockerfile b/Dockerfile index addd2b7..7f54dbf 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,14 +1,14 @@ FROM golang:1.16-alpine AS build -WORKDIR /go/src/github.com/utilitywarehouse/kube-policy-semaphore -COPY . /go/src/github.com/utilitywarehouse/kube-policy-semaphore +WORKDIR /go/src/github.com/utilitywarehouse/semaphore-policy +COPY . /go/src/github.com/utilitywarehouse/semaphore-policy ENV CGO_ENABLED=0 RUN \ apk --no-cache add git upx \ && go get -t ./... \ && go test -v \ - && go build -ldflags='-s -w' -o /kube-policy-semaphore . \ - && upx /kube-policy-semaphore + && go build -ldflags='-s -w' -o /semaphore-policy . \ + && upx /semaphore-policy FROM alpine:3.13 -COPY --from=build /kube-policy-semaphore /kube-policy-semaphore -ENTRYPOINT [ "/kube-policy-semaphore" ] +COPY --from=build /semaphore-policy /semaphore-policy +ENTRYPOINT [ "/semaphore-policy" ] diff --git a/README.md b/README.md index 7d7eea5..5cadb4a 100644 --- a/README.md +++ b/README.md @@ -1,17 +1,17 @@ -# kube-policy-semaphore +# semaphore-policy This is an kubernetes operator that watches pods on a remote cluster based on -a label and an annotation, and creates and manages local calico -GlobalNetworkSets resources that contain the watched pods' ip addresses. As a -result, we can use the produced sets of ips to create local NetworkPolicies for -kubernetes cross cluster pod to pod communication. +a label and creates and manages local calico GlobalNetworkSets resources that +contain the watched pods' ip addresses. As a result, we can use the produced +sets of ips to create local NetworkPolicies for kubernetes cross cluster pod to +pod communication. # Usage ## Flags ``` -Usage of ./kube-policy-semaphore: +Usage of ./semaphore-policy: -full-store-resync-period duration Frequency to perform a full network set store resync from cache to calico GlocalNetworkPolicies (default 1h0m0s) -local-kube-config string @@ -34,7 +34,7 @@ Usage of ./kube-policy-semaphore: ## Operator - Kube-policy-semaphore will watch the target cluster pods which are labelled + The policy operator will watch the target cluster pods which are labelled with: `semaphore.uw.systems/name`. For these pods it will extract a name from the label and will use it along with the namespace of the pod and the cluster it resides to create a GlobalNetworkSet resource (or amend an existing one) on the @@ -102,7 +102,7 @@ is able to bind to GlobalNetworkSets. # Deploy -In order to deploy kube-policy-semaphore, first we need to deploy a service +In order to deploy semaphore-policy, first we need to deploy a service account to the remote target cluster and grant it the required permissions to be able to watch pods. For that one could use our kustomize [base](./deploy/kustomize/remote/) directly. diff --git a/calico/calico.go b/calico/calico.go index cb15f96..b6e5856 100644 --- a/calico/calico.go +++ b/calico/calico.go @@ -9,7 +9,7 @@ import ( calicoOptions "github.com/projectcalico/libcalico-go/lib/options" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "github.com/utilitywarehouse/kube-policy-semaphore/metrics" + "github.com/utilitywarehouse/semaphore-policy/metrics" ) // NewClient return a calico client diff --git a/deploy/example/deployment.yaml b/deploy/example/deployment.yaml index 4dd9b40..234fa36 100644 --- a/deploy/example/deployment.yaml +++ b/deploy/example/deployment.yaml @@ -1,27 +1,27 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: kube-policy-semaphore + name: semaphore-policy labels: - app: kube-policy-semaphore + app: semaphore-policy spec: replicas: 1 selector: matchLabels: - app: kube-policy-semaphore + app: semaphore-policy template: metadata: labels: - app: kube-policy-semaphore + app: semaphore-policy annotations: prometheus.io/scrape: 'true' prometheus.io/path: /metrics prometheus.io/port: '8080' spec: - serviceAccountName: kube-policy-semaphore + serviceAccountName: semaphore-policy containers: - - name: kube-policy-semaphore - image: kube-policy-semaphore + - name: semaphore-policy + image: semaphore-policy env: - name: KPS_REMOTE_SERVICE_ACCOUNT_TOKEN valueFrom: diff --git a/deploy/example/kustomization.yaml b/deploy/example/kustomization.yaml index 55ecd5b..bf33402 100644 --- a/deploy/example/kustomization.yaml +++ b/deploy/example/kustomization.yaml @@ -9,6 +9,6 @@ secretGenerator: files: - token=secrets/target-kube-token images: - - name: kube-policy-semaphore - newName: quay.io/utilitywarehouse/kube-policy-semaphore + - name: semaphore-policy + newName: quay.io/utilitywarehouse/semaphore-policy newTag: latest diff --git a/deploy/example/rbac.yaml b/deploy/example/rbac.yaml index 24508f0..a2b8387 100644 --- a/deploy/example/rbac.yaml +++ b/deploy/example/rbac.yaml @@ -1,7 +1,7 @@ kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: kube-policy-semaphore + name: semaphore-policy rules: - apiGroups: ['crd.projectcalico.org'] resources: @@ -16,17 +16,17 @@ rules: kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: kube-policy-semaphore + name: semaphore-policy subjects: - kind: ServiceAccount - name: kube-policy-semaphore + name: semaphore-policy namespace: kube-system roleRef: kind: ClusterRole - name: kube-policy-semaphore + name: semaphore-policy apiGroup: rbac.authorization.k8s.io --- apiVersion: v1 kind: ServiceAccount metadata: - name: kube-policy-semaphore + name: semaphore-policy diff --git a/deploy/kustomize/remote/rbac.yaml b/deploy/kustomize/remote/rbac.yaml index c32f8cf..48e0feb 100644 --- a/deploy/kustomize/remote/rbac.yaml +++ b/deploy/kustomize/remote/rbac.yaml @@ -1,7 +1,7 @@ kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: kube-policy-semaphore-watcher + name: semaphore-policy-watcher rules: - apiGroups: [''] resources: @@ -11,18 +11,18 @@ rules: kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: kube-policy-semaphore-watcher + name: semaphore-policy-watcher subjects: - kind: ServiceAccount - name: kube-policy-semaphore-watcher + name: semaphore-policy-watcher namespace: kube-system roleRef: kind: ClusterRole - name: kube-policy-semaphore-watcher + name: semaphore-policy-watcher apiGroup: rbac.authorization.k8s.io --- apiVersion: v1 kind: ServiceAccount metadata: - name: kube-policy-semaphore-watcher + name: semaphore-policy-watcher namespace: kube-system diff --git a/go.mod b/go.mod index 438c3b8..8552537 100644 --- a/go.mod +++ b/go.mod @@ -1,4 +1,4 @@ -module github.com/utilitywarehouse/kube-policy-semaphore +module github.com/utilitywarehouse/semaphore-policy go 1.16 diff --git a/kube/client.go b/kube/client.go index c035e4c..d3dfd45 100644 --- a/kube/client.go +++ b/kube/client.go @@ -17,7 +17,7 @@ import ( // in case of local kube config _ "k8s.io/client-go/plugin/pkg/client/auth/oidc" - "github.com/utilitywarehouse/kube-policy-semaphore/log" + "github.com/utilitywarehouse/semaphore-policy/log" ) type certMan struct { diff --git a/kube/pod_watcher.go b/kube/pod_watcher.go index d84fe2a..44b272b 100644 --- a/kube/pod_watcher.go +++ b/kube/pod_watcher.go @@ -12,8 +12,8 @@ import ( "k8s.io/client-go/kubernetes" "k8s.io/client-go/tools/cache" - "github.com/utilitywarehouse/kube-policy-semaphore/log" - "github.com/utilitywarehouse/kube-policy-semaphore/metrics" + "github.com/utilitywarehouse/semaphore-policy/log" + "github.com/utilitywarehouse/semaphore-policy/metrics" ) // PodEventHandler is the function to handle new events diff --git a/main.go b/main.go index 5a92b36..163359b 100644 --- a/main.go +++ b/main.go @@ -11,32 +11,32 @@ import ( "time" "github.com/prometheus/client_golang/prometheus/promhttp" - "github.com/utilitywarehouse/kube-policy-semaphore/calico" - "github.com/utilitywarehouse/kube-policy-semaphore/kube" - "github.com/utilitywarehouse/kube-policy-semaphore/log" + "github.com/utilitywarehouse/semaphore-policy/calico" + "github.com/utilitywarehouse/semaphore-policy/kube" + "github.com/utilitywarehouse/semaphore-policy/log" "k8s.io/client-go/kubernetes" ) const ( labelManagedBy = "managed-by" - valueManagedBy = "kube-policy-semaphore" + valueManagedBy = "semaphore-policy" labelNetSetCluster = "semaphore.uw.systems/cluster" labelNetSetName = "semaphore.uw.systems/name" labelNetSetNamespace = "semaphore.uw.systems/namespace" ) var ( - flagKubeConfigPath = flag.String("local-kube-config", getEnv("KPS_LOCAL_KUBE_CONFIG", ""), "Path of the local kube cluster config file, if not provided the app will try to get in cluster config") - flagTargetKubeConfigPath = flag.String("target-kube-config", getEnv("KPS_TARGET_KUBE_CONFIG", ""), "(Required) Path of the target cluster kube config file to watch pods") - flagLogLevel = flag.String("log-level", getEnv("KPS_LOG_LEVEL", "info"), "Log level") - flagRemoteAPIURL = flag.String("remote-api-url", getEnv("KPS_REMOTE_API_URL", ""), "Remote Kubernetes API server URL") - flagRemoteCAURL = flag.String("remote-ca-url", getEnv("KPS_REMOTE_CA_URL", ""), "Remote Kubernetes CA certificate URL") - flagRemoteSATokenPath = flag.String("remote-sa-token-path", getEnv("KPS_REMOTE_SERVICE_ACCOUNT_TOKEN_PATH", ""), "Remote Kubernetes cluster token path") + flagKubeConfigPath = flag.String("local-kube-config", getEnv("SP_LOCAL_KUBE_CONFIG", ""), "Path of the local kube cluster config file, if not provided the app will try to get in cluster config") + flagTargetKubeConfigPath = flag.String("target-kube-config", getEnv("SP_TARGET_KUBE_CONFIG", ""), "(Required) Path of the target cluster kube config file to watch pods") + flagLogLevel = flag.String("log-level", getEnv("SP_LOG_LEVEL", "info"), "Log level") + flagRemoteAPIURL = flag.String("remote-api-url", getEnv("SP_REMOTE_API_URL", ""), "Remote Kubernetes API server URL") + flagRemoteCAURL = flag.String("remote-ca-url", getEnv("SP_REMOTE_CA_URL", ""), "Remote Kubernetes CA certificate URL") + flagRemoteSATokenPath = flag.String("remote-sa-token-path", getEnv("SP_REMOTE_SERVICE_ACCOUNT_TOKEN_PATH", ""), "Remote Kubernetes cluster token path") flagFullStoreResyncPeriod = flag.Duration("full-store-resync-period", 60*time.Minute, "Frequency to perform a full network set store resync from cache to calico GlocalNetworkPolicies") flagPodResyncPeriod = flag.Duration("pod-resync-period", 60*time.Minute, "Pod watcher cache resync period") - flagTargetCluster = flag.String("target-cluster-name", getEnv("KPS_TARGET_CLUSTER_NAME", ""), "(required) The name of the cluster from which pods are synced as networksets. It will also be used as a prefix used when creating network sets.") + flagTargetCluster = flag.String("target-cluster-name", getEnv("SP_TARGET_CLUSTER_NAME", ""), "(required) The name of the cluster from which pods are synced as networksets. It will also be used as a prefix used when creating network sets.") - saToken = os.Getenv("KPS_REMOTE_SERVICE_ACCOUNT_TOKEN") + saToken = os.Getenv("SP_REMOTE_SERVICE_ACCOUNT_TOKEN") bearerRe = regexp.MustCompile(`[A-Z|a-z0-9\-\._~\+\/]+=*`) ) @@ -55,7 +55,7 @@ func getEnv(key, defaultValue string) string { func main() { flag.Parse() - log.InitLogger("kube-policy-semaphore", *flagLogLevel) + log.InitLogger("semaphore-policy", *flagLogLevel) if *flagTargetCluster == "" { log.Logger.Error("Must specify non-empty target cluster naeme for the created globalnetworksets") usage() diff --git a/metrics/prometheus.go b/metrics/prometheus.go index 6f12ebf..9726881 100644 --- a/metrics/prometheus.go +++ b/metrics/prometheus.go @@ -1,5 +1,5 @@ // Package metrics contains global structures for capturing -// kube-policy-semaphore metrics. The following metrics are implemented: +// semaphore-policy metrics. The following metrics are implemented: // // - kube_policy_semaphore_calico_client_request{"type", "success"} // - kube_policy_semaphore_pod_watcher_failures{"type"} diff --git a/networksets.go b/networksets.go index 34686bf..7b03b22 100644 --- a/networksets.go +++ b/networksets.go @@ -6,9 +6,9 @@ import ( calicoClient "github.com/projectcalico/libcalico-go/lib/clientv3" - "github.com/utilitywarehouse/kube-policy-semaphore/calico" - "github.com/utilitywarehouse/kube-policy-semaphore/log" - "github.com/utilitywarehouse/kube-policy-semaphore/metrics" + "github.com/utilitywarehouse/semaphore-policy/calico" + "github.com/utilitywarehouse/semaphore-policy/log" + "github.com/utilitywarehouse/semaphore-policy/metrics" ) type NetworkSet struct { diff --git a/networksets_test.go b/networksets_test.go index 1af78f8..cfd99d3 100644 --- a/networksets_test.go +++ b/networksets_test.go @@ -5,7 +5,7 @@ import ( "github.com/stretchr/testify/assert" - "github.com/utilitywarehouse/kube-policy-semaphore/log" + "github.com/utilitywarehouse/semaphore-policy/log" ) func TestNetworkSets(t *testing.T) { diff --git a/runner.go b/runner.go index 3062f62..fc2a1ba 100644 --- a/runner.go +++ b/runner.go @@ -10,8 +10,8 @@ import ( "k8s.io/client-go/kubernetes" "k8s.io/client-go/tools/cache" - "github.com/utilitywarehouse/kube-policy-semaphore/kube" - "github.com/utilitywarehouse/kube-policy-semaphore/log" + "github.com/utilitywarehouse/semaphore-policy/kube" + "github.com/utilitywarehouse/semaphore-policy/log" ) type Runner struct {