├── .gitignore
├── AUTHORS
├── CONTRIBUTING.md
├── Dockerfile
├── LICENSE
├── Makefile
├── README.md
├── cmd
└── opencensus-operator
│ └── main.go
├── deploy
├── deploy.sh
├── deployment.yaml
├── mutatingwebhook.yaml
├── service.yaml
└── test-pods.yaml
├── go.mod
├── go.sum
└── third_party
└── kube-mutating-webhook-tutorial
├── LICENSE
└── create-signed-cert.sh
/.gitignore:
--------------------------------------------------------------------------------
1 | _tmp/
2 | opencensus-operator
3 |
--------------------------------------------------------------------------------
/AUTHORS:
--------------------------------------------------------------------------------
1 | Google Inc.
2 |
--------------------------------------------------------------------------------
/CONTRIBUTING.md:
--------------------------------------------------------------------------------
1 | # How to contribute
2 |
3 | We'd love to accept your patches and contributions to this project. There are
4 | just a few small guidelines you need to follow.
5 |
6 | ## Contributor License Agreement
7 |
8 | Contributions to this project must be accompanied by a Contributor License
9 | Agreement. You (or your employer) retain the copyright to your contribution,
10 | this simply gives us permission to use and redistribute your contributions as
11 | part of the project. Head over to to see
12 | your current agreements on file or to sign a new one.
13 |
14 | You generally only need to submit a CLA once, so if you've already submitted one
15 | (even if it was for a different project), you probably don't need to do it
16 | again.
17 |
18 | ## Code reviews
19 |
20 | All submissions, including submissions by project members, require review. We
21 | use GitHub pull requests for this purpose. Consult [GitHub Help] for more
22 | information on using pull requests.
23 |
24 | [GitHub Help]: https://help.github.com/articles/about-pull-requests/
25 |
--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM gcr.io/distroless/static:latest
2 | LABEL maintainer "Stackdriver Engineering "
3 |
4 | COPY opencensus-operator /bin/opencensus-operator
5 |
6 | EXPOSE 9091
7 | ENTRYPOINT [ "/bin/opencensus-operator" ]
8 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | Apache License
2 | Version 2.0, January 2004
3 | http://www.apache.org/licenses/
4 |
5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
6 |
7 | 1. Definitions.
8 |
9 | "License" shall mean the terms and conditions for use, reproduction,
10 | and distribution as defined by Sections 1 through 9 of this document.
11 |
12 | "Licensor" shall mean the copyright owner or entity authorized by
13 | the copyright owner that is granting the License.
14 |
15 | "Legal Entity" shall mean the union of the acting entity and all
16 | other entities that control, are controlled by, or are under common
17 | control with that entity. For the purposes of this definition,
18 | "control" means (i) the power, direct or indirect, to cause the
19 | direction or management of such entity, whether by contract or
20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the
21 | outstanding shares, or (iii) beneficial ownership of such entity.
22 |
23 | "You" (or "Your") shall mean an individual or Legal Entity
24 | exercising permissions granted by this License.
25 |
26 | "Source" form shall mean the preferred form for making modifications,
27 | including but not limited to software source code, documentation
28 | source, and configuration files.
29 |
30 | "Object" form shall mean any form resulting from mechanical
31 | transformation or translation of a Source form, including but
32 | not limited to compiled object code, generated documentation,
33 | and conversions to other media types.
34 |
35 | "Work" shall mean the work of authorship, whether in Source or
36 | Object form, made available under the License, as indicated by a
37 | copyright notice that is included in or attached to the work
38 | (an example is provided in the Appendix below).
39 |
40 | "Derivative Works" shall mean any work, whether in Source or Object
41 | form, that is based on (or derived from) the Work and for which the
42 | editorial revisions, annotations, elaborations, or other modifications
43 | represent, as a whole, an original work of authorship. For the purposes
44 | of this License, Derivative Works shall not include works that remain
45 | separable from, or merely link (or bind by name) to the interfaces of,
46 | the Work and Derivative Works thereof.
47 |
48 | "Contribution" shall mean any work of authorship, including
49 | the original version of the Work and any modifications or additions
50 | to that Work or Derivative Works thereof, that is intentionally
51 | submitted to Licensor for inclusion in the Work by the copyright owner
52 | or by an individual or Legal Entity authorized to submit on behalf of
53 | the copyright owner. For the purposes of this definition, "submitted"
54 | means any form of electronic, verbal, or written communication sent
55 | to the Licensor or its representatives, including but not limited to
56 | communication on electronic mailing lists, source code control systems,
57 | and issue tracking systems that are managed by, or on behalf of, the
58 | Licensor for the purpose of discussing and improving the Work, but
59 | excluding communication that is conspicuously marked or otherwise
60 | designated in writing by the copyright owner as "Not a Contribution."
61 |
62 | "Contributor" shall mean Licensor and any individual or Legal Entity
63 | on behalf of whom a Contribution has been received by Licensor and
64 | subsequently incorporated within the Work.
65 |
66 | 2. Grant of Copyright License. Subject to the terms and conditions of
67 | this License, each Contributor hereby grants to You a perpetual,
68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
69 | copyright license to reproduce, prepare Derivative Works of,
70 | publicly display, publicly perform, sublicense, and distribute the
71 | Work and such Derivative Works in Source or Object form.
72 |
73 | 3. Grant of Patent License. Subject to the terms and conditions of
74 | this License, each Contributor hereby grants to You a perpetual,
75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
76 | (except as stated in this section) patent license to make, have made,
77 | use, offer to sell, sell, import, and otherwise transfer the Work,
78 | where such license applies only to those patent claims licensable
79 | by such Contributor that are necessarily infringed by their
80 | Contribution(s) alone or by combination of their Contribution(s)
81 | with the Work to which such Contribution(s) was submitted. If You
82 | institute patent litigation against any entity (including a
83 | cross-claim or counterclaim in a lawsuit) alleging that the Work
84 | or a Contribution incorporated within the Work constitutes direct
85 | or contributory patent infringement, then any patent licenses
86 | granted to You under this License for that Work shall terminate
87 | as of the date such litigation is filed.
88 |
89 | 4. Redistribution. You may reproduce and distribute copies of the
90 | Work or Derivative Works thereof in any medium, with or without
91 | modifications, and in Source or Object form, provided that You
92 | meet the following conditions:
93 |
94 | (a) You must give any other recipients of the Work or
95 | Derivative Works a copy of this License; and
96 |
97 | (b) You must cause any modified files to carry prominent notices
98 | stating that You changed the files; and
99 |
100 | (c) You must retain, in the Source form of any Derivative Works
101 | that You distribute, all copyright, patent, trademark, and
102 | attribution notices from the Source form of the Work,
103 | excluding those notices that do not pertain to any part of
104 | the Derivative Works; and
105 |
106 | (d) If the Work includes a "NOTICE" text file as part of its
107 | distribution, then any Derivative Works that You distribute must
108 | include a readable copy of the attribution notices contained
109 | within such NOTICE file, excluding those notices that do not
110 | pertain to any part of the Derivative Works, in at least one
111 | of the following places: within a NOTICE text file distributed
112 | as part of the Derivative Works; within the Source form or
113 | documentation, if provided along with the Derivative Works; or,
114 | within a display generated by the Derivative Works, if and
115 | wherever such third-party notices normally appear. The contents
116 | of the NOTICE file are for informational purposes only and
117 | do not modify the License. You may add Your own attribution
118 | notices within Derivative Works that You distribute, alongside
119 | or as an addendum to the NOTICE text from the Work, provided
120 | that such additional attribution notices cannot be construed
121 | as modifying the License.
122 |
123 | You may add Your own copyright statement to Your modifications and
124 | may provide additional or different license terms and conditions
125 | for use, reproduction, or distribution of Your modifications, or
126 | for any such Derivative Works as a whole, provided Your use,
127 | reproduction, and distribution of the Work otherwise complies with
128 | the conditions stated in this License.
129 |
130 | 5. Submission of Contributions. Unless You explicitly state otherwise,
131 | any Contribution intentionally submitted for inclusion in the Work
132 | by You to the Licensor shall be under the terms and conditions of
133 | this License, without any additional terms or conditions.
134 | Notwithstanding the above, nothing herein shall supersede or modify
135 | the terms of any separate license agreement you may have executed
136 | with Licensor regarding such Contributions.
137 |
138 | 6. Trademarks. This License does not grant permission to use the trade
139 | names, trademarks, service marks, or product names of the Licensor,
140 | except as required for reasonable and customary use in describing the
141 | origin of the Work and reproducing the content of the NOTICE file.
142 |
143 | 7. Disclaimer of Warranty. Unless required by applicable law or
144 | agreed to in writing, Licensor provides the Work (and each
145 | Contributor provides its Contributions) on an "AS IS" BASIS,
146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147 | implied, including, without limitation, any warranties or conditions
148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149 | PARTICULAR PURPOSE. You are solely responsible for determining the
150 | appropriateness of using or redistributing the Work and assume any
151 | risks associated with Your exercise of permissions under this License.
152 |
153 | 8. Limitation of Liability. In no event and under no legal theory,
154 | whether in tort (including negligence), contract, or otherwise,
155 | unless required by applicable law (such as deliberate and grossly
156 | negligent acts) or agreed to in writing, shall any Contributor be
157 | liable to You for damages, including any direct, indirect, special,
158 | incidental, or consequential damages of any character arising as a
159 | result of this License or out of the use or inability to use the
160 | Work (including but not limited to damages for loss of goodwill,
161 | work stoppage, computer failure or malfunction, or any and all
162 | other commercial damages or losses), even if such Contributor
163 | has been advised of the possibility of such damages.
164 |
165 | 9. Accepting Warranty or Additional Liability. While redistributing
166 | the Work or Derivative Works thereof, You may choose to offer,
167 | and charge a fee for, acceptance of support, warranty, indemnity,
168 | or other liability obligations and/or rights consistent with this
169 | License. However, in accepting such obligations, You may act only
170 | on Your own behalf and on Your sole responsibility, not on behalf
171 | of any other Contributor, and only if You agree to indemnify,
172 | defend, and hold each Contributor harmless for any liability
173 | incurred by, or claims asserted against, such Contributor by reason
174 | of your accepting any such warranty or additional liability.
175 |
176 | END OF TERMS AND CONDITIONS
177 |
178 | APPENDIX: How to apply the Apache License to your work.
179 |
180 | To apply the Apache License to your work, attach the following
181 | boilerplate notice, with the fields enclosed by brackets "[]"
182 | replaced with your own identifying information. (Don't include
183 | the brackets!) The text should be enclosed in the appropriate
184 | comment syntax for the file format. We also recommend that a
185 | file or class name and description of purpose be included on the
186 | same "printed page" as the copyright notice for easier
187 | identification within third-party archives.
188 |
189 | Copyright [yyyy] [name of copyright owner]
190 |
191 | Licensed under the Apache License, Version 2.0 (the "License");
192 | you may not use this file except in compliance with the License.
193 | You may obtain a copy of the License at
194 |
195 | http://www.apache.org/licenses/LICENSE-2.0
196 |
197 | Unless required by applicable law or agreed to in writing, software
198 | distributed under the License is distributed on an "AS IS" BASIS,
199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200 | See the License for the specific language governing permissions and
201 | limitations under the License.
202 |
--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
1 | GO ?= GO111MODULE=on go
2 | REPO ?= contrib.go.opencensus.io/kubernetes-operator
3 | IMAGE ?= opencensus-operator
4 | GIT_REV := $(shell git log -n1 --pretty='%h')
5 | VERSION ?= $(GIT_REV)
6 |
7 | build:
8 | $(GO) build $(REPO)/...
9 |
10 | container:
11 | CGO_ENABLED=0 GOOS=linux GOARCH=amd64 $(GO) build $(REPO)/...
12 | docker build -t $(IMAGE):$(VERSION) .
13 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | > **Warning**
2 | >
3 | > OpenCensus and OpenTracing have merged to form [OpenTelemetry](https://opentelemetry.io), which serves as the next major version of OpenCensus and OpenTracing.
4 | >
5 | > OpenTelemetry has now reached feature parity with OpenCensus, with tracing and metrics SDKs available in .NET, Golang, Java, NodeJS, and Python. **All OpenCensus Github repositories, except [census-instrumentation/opencensus-python](https://github.com/census-instrumentation/opencensus-python), will be archived on July 31st, 2023**. We encourage users to migrate to OpenTelemetry by this date.
6 | >
7 | > To help you gradually migrate your instrumentation to OpenTelemetry, bridges are available in Java, Go, Python, and JS. [**Read the full blog post to learn more**](https://opentelemetry.io/blog/2023/sunsetting-opencensus/).
8 |
9 | # OpenCensus Kubernetes Operator
10 |
11 | This operator provides automated configuration of Kubernetes container resource for OpenCensus
12 | through an admission webhook.
13 |
14 | It is required to run the webhook before any application that uses OpenCensus library.
15 |
16 | ## Before you begin
17 | Make sure that you have:
18 |
19 | * Installed golang (Recommended version 1.11.2)
20 | * Installed Docker
21 | * Installed kubectl
22 | * (Optional) Installed gcloud (if running on GKE)
23 |
24 | ## Build locally (optional)
25 |
26 | 1. Install make, see more instruction on how to install make [here](https://www.gnu.org/software/make/).
27 |
28 | 2. Build container
29 | ```bash
30 | make container
31 | ```
32 |
33 | ## Deploy
34 | To deploy the standard webhook into a cluster (by default this will be deployed in the default
35 | namespace), run:
36 |
37 | ```bash
38 | CLUSTER_NAME=target_cluster deploy/deploy.sh
39 | ```
40 |
41 | (Optional) You can deploy the webhook in a specific NAMESPACE and using a specific IMAGE:
42 | ```bash
43 | CLUSTER_NAME=target_cluster NAMESPACE=target_namespace IMAGE=image_name deploy/deploy.sh
44 | ```
45 |
46 | ## Testing (optional)
47 | To deploy three test pods, each respectively opting in, out, and for the operator's default
48 | configuration mode, run:
49 |
50 | ```bash
51 | kubectl apply -f deploy/test-pods.yaml
52 | ```
53 |
--------------------------------------------------------------------------------
/cmd/opencensus-operator/main.go:
--------------------------------------------------------------------------------
1 | // Copyright 2018, OpenCensus Authors
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | package main
16 |
17 | import (
18 | "encoding/json"
19 | "errors"
20 | "fmt"
21 | "io/ioutil"
22 | "log"
23 | "net/http"
24 | "os"
25 | "path"
26 | "regexp"
27 | "strconv"
28 |
29 | "go.opencensus.io/resource/resourcekeys"
30 | "go.opencensus.io/resource"
31 | "gopkg.in/alecthomas/kingpin.v2"
32 | admission "k8s.io/api/admission/v1beta1"
33 | corev1 "k8s.io/api/core/v1"
34 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
35 | "k8s.io/apimachinery/pkg/runtime"
36 | "k8s.io/apimachinery/pkg/runtime/serializer"
37 | "k8s.io/apiserver/pkg/storage/names"
38 | )
39 |
40 | const version = "0.0.1"
41 |
42 | var (
43 | runtimeScheme = runtime.NewScheme()
44 | codecs = serializer.NewCodecFactory(runtimeScheme)
45 | deserializer = codecs.UniversalDeserializer()
46 |
47 | // Annotation set on pods by the operator once we have configured them.
48 | // The value is the operator's own version.
49 | annotationConfigured = "opencensus.io/configured/version"
50 | // Annotation set by the cluster user to explicitly enable or disable
51 | // configuration by the operator.
52 | // The default is determined by the operators flag. Further, the admission
53 | // webhook can be controlled at a namespace level directly in the
54 | // MutatingWebhookConfiguration resource.
55 | annotationConfigure = "opencensus.io/configure"
56 | )
57 |
58 | func main() {
59 | a := kingpin.New(path.Base(os.Args[0]), "OpenCensus Operator")
60 | a.HelpFlag.Short('h')
61 |
62 | var acCmd autoconfCmd
63 | autoconf := a.Command("autoconf", "Admission webhook that automatically configures pods")
64 |
65 | autoconf.Flag("listen-address", "Listen address for the webhook.").Default(":8443").StringVar(&acCmd.addr)
66 |
67 | autoconf.Flag("tls.cert-file", "File containing the x509 certificate for the webhook.").
68 | Default("/etc/tls/cert.pem").StringVar(&acCmd.certFile)
69 |
70 | autoconf.Flag("tls.key-file", "File containing the x509 private key for the webhook.").
71 | Default("/etc/tls/key.pem").StringVar(&acCmd.keyFile)
72 |
73 | autoconf.Flag("cluster-name", "Name of the Kubernetes cluster.").StringVar(&acCmd.clusterName)
74 |
75 | autoconf.Flag("configure-default", "Whether pods with an explicit annotation will be auto-configured.").BoolVar(&acCmd.configureDefault)
76 |
77 | cmd, err := a.Parse(os.Args[1:])
78 | if err != nil {
79 | fmt.Fprintln(os.Stderr, "Parsing command line failed: %s", err)
80 | a.Usage(os.Args[1:])
81 | os.Exit(2)
82 | }
83 |
84 | switch cmd {
85 | case "autoconf":
86 | err = acCmd.run()
87 | default:
88 | panic("unreachable")
89 | }
90 | if err != nil {
91 | fmt.Fprintln(os.Stderr, "Command failed:", err)
92 | os.Exit(1)
93 | }
94 | }
95 |
96 | type autoconfCmd struct {
97 | addr string
98 | certFile, keyFile string
99 | clusterName string
100 | configureDefault bool
101 | }
102 |
103 | func (cmd *autoconfCmd) run() error {
104 | http.HandleFunc("/autoconf", cmd.handle)
105 | return http.ListenAndServeTLS(cmd.addr, cmd.certFile, cmd.keyFile, nil)
106 | }
107 |
108 | func (cmd *autoconfCmd) handle(w http.ResponseWriter, r *http.Request) {
109 | b, err := ioutil.ReadAll(r.Body)
110 | if err != nil {
111 | http.Error(w, fmt.Sprintf("reading request failed: %s", err), http.StatusBadRequest)
112 | }
113 |
114 | var resp *admission.AdmissionResponse
115 | var review admission.AdmissionReview
116 |
117 | if _, _, err := deserializer.Decode(b, nil, &review); err != nil {
118 | resp = &admission.AdmissionResponse{
119 | Result: &metav1.Status{Message: err.Error()},
120 | }
121 | } else {
122 | resp = cmd.autoconf(review.Request)
123 | }
124 | resp.UID = review.Request.UID
125 |
126 | if err := json.NewEncoder(w).Encode(&admission.AdmissionReview{
127 | Response: resp,
128 | }); err != nil {
129 | fmt.Fprintln(os.Stderr, "Sending response failed:", err)
130 | }
131 | }
132 |
133 | func (cmd *autoconfCmd) autoconf(req *admission.AdmissionRequest) *admission.AdmissionResponse {
134 | var pod corev1.Pod
135 | if err := json.Unmarshal(req.Object.Raw, &pod); err != nil {
136 | return &admission.AdmissionResponse{
137 | Result: &metav1.Status{Message: err.Error()},
138 | }
139 | }
140 | namespace := req.Namespace
141 | if pod.Namespace != "" {
142 | namespace = pod.Namespace
143 | }
144 | name := req.Name
145 | if pod.Name != "" {
146 | name = pod.Name
147 | }
148 | shouldConfigure := cmd.configureDefault
149 | if b, err := strconv.ParseBool(pod.Annotations[annotationConfigure]); err == nil {
150 | shouldConfigure = b
151 | } else {
152 | log.Printf("Invalid value %q for annotation %s on pod %s/%s, continuing with default",
153 | pod.Annotations[annotationConfigure], annotationConfigure, namespace, name)
154 | }
155 | if !shouldConfigure {
156 | return &admission.AdmissionResponse{Allowed: true}
157 | }
158 |
159 | log.Printf("configuring pod %s/%s", namespace, name)
160 |
161 | patch, err := createPatch(cmd.clusterName, namespace, name, &pod)
162 | if err != nil {
163 | return &admission.AdmissionResponse{
164 | Result: &metav1.Status{Message: err.Error()},
165 | }
166 | }
167 | return &admission.AdmissionResponse{
168 | Allowed: true,
169 | Patch: patch,
170 | PatchType: func() *admission.PatchType {
171 | p := admission.PatchTypeJSONPatch
172 | return &p
173 | }(),
174 | }
175 | }
176 |
177 | type patchOperation struct {
178 | Op string `json:"op"`
179 | Path string `json:"path"`
180 | Value interface{} `json:"value,omitempty"`
181 | }
182 |
183 | func createPatch(clusterName, namespace, podName string, pod *corev1.Pod) ([]byte, error) {
184 | var patch []patchOperation
185 | dName := ""
186 |
187 | // If no pod name is known yet, we set it ourselves based on the generate name.
188 | // The API server applies exactly the same logic otherwise.
189 | if len(podName) == 0 {
190 | if len(pod.GenerateName) > 0 {
191 | podName = names.SimpleNameGenerator.GenerateName(pod.GenerateName)
192 |
193 | patch = append(patch, patchOperation{
194 | Op: "add",
195 | Path: "/metadata/name",
196 | Value: podName,
197 | })
198 | } else {
199 | return nil, errors.New("unable to configure pod without name or generate name")
200 | }
201 | }
202 | // Extract deployment name from the pod name. Pod name is created using
203 | // format: [deployment-name]-[Random-String-For-ReplicaSet]-[Random-String-For-Pod]
204 | dRegex, _ := regexp.Compile(`^(.*)-([0-9a-zA-Z]*)-([0-9a-zA-Z]*)$`)
205 | parts := dRegex.FindStringSubmatch(podName)
206 | if len(parts) == 4 {
207 | dName = parts[1]
208 | }
209 |
210 | // Set the OpenCensus resource environment variables for each container.
211 | for i, c := range pod.Spec.Containers {
212 | path := fmt.Sprintf("/spec/containers/%d", i)
213 |
214 | // If the environment variable list is unset, we've to create it first.
215 | if c.Env == nil {
216 | patch = append(patch, patchOperation{
217 | Op: "add",
218 | Path: path + "/env",
219 | Value: []corev1.EnvVar{},
220 | })
221 | }
222 | // If the user manually set those envvars before, they'll effectively
223 | // get overwritten here. The annotation should be used to be
224 | // explicit about providing custom configuration.
225 | patch = append(patch,
226 | patchOperation{
227 | Op: "add",
228 | Path: path + "/env/-",
229 | Value: corev1.EnvVar{
230 | Name: resource.EnvVarType,
231 | Value: resourcekeys.ContainerType,
232 | },
233 | },
234 | patchOperation{
235 | Op: "add",
236 | Path: path + "/env/-",
237 | Value: corev1.EnvVar{
238 | Name: resource.EnvVarLabels,
239 | Value: buildResourceTags(clusterName, namespace, podName, c.Name, dName),
240 | },
241 | },
242 | )
243 | }
244 | return json.Marshal(patch)
245 | }
246 |
247 | func buildResourceTags(cluster, namespace, pod, container, dName string) string {
248 | labels := map[string]string{
249 | resourcekeys.K8SKeyClusterName: cluster,
250 | resourcekeys.K8SKeyNamespaceName: namespace,
251 | resourcekeys.K8SKeyPodName: pod,
252 | resourcekeys.ContainerKeyName: container,
253 | }
254 | if dName != "" {
255 | labels[resourcekeys.K8SKeyDeploymentName] = dName
256 | }
257 | return resource.EncodeLabels(labels)
258 | }
259 |
--------------------------------------------------------------------------------
/deploy/deploy.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #
3 | # Copyright 2018, OpenCensus Authors
4 | #
5 | # Licensed under the Apache License, Version 2.0 (the "License");
6 | # you may not use this file except in compliance with the License.
7 | # You may obtain a copy of the License at
8 | #
9 | # http:#www.apache.org/licenses/LICENSE-2.0
10 | #
11 | # Unless required by applicable law or agreed to in writing, software
12 | # distributed under the License is distributed on an "AS IS" BASIS,
13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | # See the License for the specific language governing permissions and
15 | # limitations under the License.
16 |
17 | [ -z ${CLUSTER_NAME} ] && CLUSTER_NAME=""
18 | [ -z ${IMAGE} ] && IMAGE=gcr.io/opencensus/operator:0.2
19 | [ -z ${NAMESPACE} ] && NAMESPACE=default
20 |
21 | export CLUSTER_NAME
22 | export IMAGE
23 | export NAMESPACE
24 |
25 | set -e
26 | set -u
27 |
28 | dir="$( dirname "${BASH_SOURCE[0]}" )"
29 | tmpdir="${dir}/_tmp"
30 |
31 | rm -rf "${tmpdir}"
32 | mkdir "${tmpdir}"
33 |
34 | ${dir}/../third_party/kube-mutating-webhook-tutorial/create-signed-cert.sh \
35 | --service opencensus-pod-autoconf \
36 | --namespace "${NAMESPACE}" \
37 | --secret opencensus-pod-autoconf
38 |
39 | # We have to provide the certificate authority in the webhook configuration. Since we create a cert
40 | # signed by the Kubernetes cluster, we include the CA used in the process.
41 | export CA_BUNDLE=$(kubectl get cm -n kube-system extension-apiserver-authentication \
42 | -o=jsonpath='{.data.client-ca-file}' | base64 | tr -d '\n')
43 |
44 |
45 | envsubst < "${dir}/mutatingwebhook.yaml" > "${tmpdir}/mutatingwebhook.yaml"
46 | envsubst < "${dir}/deployment.yaml" > "${tmpdir}/deployment.yaml"
47 | envsubst < "${dir}/service.yaml" > "${tmpdir}/service.yaml"
48 |
49 | kubectl apply -f "${tmpdir}"
50 |
--------------------------------------------------------------------------------
/deploy/deployment.yaml:
--------------------------------------------------------------------------------
1 | # Copyright 2018, OpenCensus Authors
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http:#www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | apiVersion: extensions/v1beta1
15 | kind: Deployment
16 | metadata:
17 | name: opencensus-pod-autoconf
18 | namespace: ${NAMESPACE}
19 | labels:
20 | app: opencensus-pod-autoconf
21 | spec:
22 | replicas: 1
23 | template:
24 | metadata:
25 | labels:
26 | app: opencensus-pod-autoconf
27 | spec:
28 | containers:
29 | - name: autoconf
30 | image: ${IMAGE}
31 | imagePullPolicy: IfNotPresent
32 | args:
33 | - 'autoconf'
34 | - '--tls.cert-file=/etc/tls/cert.pem'
35 | - '--tls.key-file=/etc/tls/key.pem'
36 | - '--configure-default'
37 | - "--cluster-name=${CLUSTER_NAME}"
38 | ports:
39 | - name: webhook
40 | containerPort: 8443
41 | volumeMounts:
42 | - name: tls-certs
43 | mountPath: /etc/tls
44 | readOnly: true
45 | volumes:
46 | - name: tls-certs
47 | secret:
48 | secretName: opencensus-pod-autoconf
49 |
--------------------------------------------------------------------------------
/deploy/mutatingwebhook.yaml:
--------------------------------------------------------------------------------
1 | # Copyright 2018, OpenCensus Authors
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http:#www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | apiVersion: admissionregistration.k8s.io/v1beta1
15 | kind: MutatingWebhookConfiguration
16 | metadata:
17 | name: opencensus-pod-autoconf
18 | labels:
19 | app: opencensus-pod-autoconf
20 | webhooks:
21 | - name: pod-autoconf.opencensus.io
22 | clientConfig:
23 | service:
24 | name: opencensus-pod-autoconf
25 | namespace: ${NAMESPACE}
26 | path: "/autoconf"
27 | caBundle: ${CA_BUNDLE}
28 | # We are not doing anything security sensitive. In case our webhook has a bug
29 | # or is otherwise unavailable, it's better to keep operations going as usual.
30 | failurePolicy: Ignore
31 | # The sideEffects field is not available on older clusters.
32 | #sideEffects: None
33 | rules:
34 | # We only intercept pod creations. For other updates that might touch fields
35 | # we generally control, it is most likely for debugging purposes.
36 | - operations: [ "CREATE" ]
37 | apiGroups: [""]
38 | apiVersions: ["v1"]
39 | resources: ["pods"]
40 |
--------------------------------------------------------------------------------
/deploy/service.yaml:
--------------------------------------------------------------------------------
1 | # Copyright 2018, OpenCensus Authors
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http:#www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | apiVersion: v1
15 | kind: Service
16 | metadata:
17 | namespace: ${NAMESPACE}
18 | name: opencensus-pod-autoconf
19 | labels:
20 | app: opencensus-pod-autoconf
21 | spec:
22 | ports:
23 | - port: 443
24 | targetPort: webhook
25 | selector:
26 | app: opencensus-pod-autoconf
27 |
--------------------------------------------------------------------------------
/deploy/test-pods.yaml:
--------------------------------------------------------------------------------
1 | # Copyright 2018, OpenCensus Authors
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http:#www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | apiVersion: v1
15 | kind: Pod
16 | metadata:
17 | name: echo-envvar
18 | spec:
19 | containers:
20 | - name: test-container
21 | image: k8s.gcr.io/busybox
22 | command: [ "sh", "-c"]
23 | args:
24 | - while true; do
25 | echo -en '\n';
26 | printenv OPENCENSUS_SOURCE;
27 | sleep 3;
28 | done;
29 | ---
30 | apiVersion: v1
31 | kind: Pod
32 | metadata:
33 | name: echo-envvar-optout
34 | annotations:
35 | opencensus.io/configure: "false"
36 | spec:
37 | containers:
38 | - name: test-container
39 | image: k8s.gcr.io/busybox
40 | command: [ "sh", "-c"]
41 | args:
42 | - while true; do
43 | echo -en '\n';
44 | printenv OPENCENSUS_SOURCE;
45 | sleep 3;
46 | done;
47 | ---
48 | apiVersion: v1
49 | kind: Pod
50 | metadata:
51 | name: echo-envvar-optin
52 | annotations:
53 | opencensus.io/configure: "true"
54 | spec:
55 | containers:
56 | - name: test-container
57 | image: k8s.gcr.io/busybox
58 | command: [ "sh", "-c"]
59 | args:
60 | - while true; do
61 | echo -en '\n';
62 | printenv OPENCENSUS_SOURCE;
63 | sleep 3;
64 | done;
65 |
--------------------------------------------------------------------------------
/go.mod:
--------------------------------------------------------------------------------
1 | module contrib.go.opencensus.io/kubernetes-operator
2 |
3 | require (
4 | github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc // indirect
5 | github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf // indirect
6 | github.com/davecgh/go-spew v1.1.1 // indirect
7 | github.com/gogo/protobuf v1.2.0 // indirect
8 | github.com/google/gofuzz v0.0.0-20170612174753-24818f796faf // indirect
9 | github.com/json-iterator/go v1.1.5 // indirect
10 | github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
11 | github.com/modern-go/reflect2 v1.0.1 // indirect
12 | github.com/spf13/pflag v1.0.3 // indirect
13 | github.com/stretchr/testify v1.3.0 // indirect
14 | go.opencensus.io v0.22.1-0.20190619184131-df42942ad08f
15 | gopkg.in/alecthomas/kingpin.v2 v2.2.6
16 | gopkg.in/inf.v0 v0.9.1 // indirect
17 | gopkg.in/yaml.v2 v2.2.2 // indirect
18 | k8s.io/api v0.0.0-20190126160303-ccdd560a045f
19 | k8s.io/apimachinery v0.0.0-20190126155707-0e6dcdd1b5ce
20 | k8s.io/apiserver v0.0.0-20190126163141-df67e6c3edfa
21 | k8s.io/klog v0.1.0 // indirect
22 | sigs.k8s.io/yaml v1.1.0 // indirect
23 | )
24 |
--------------------------------------------------------------------------------
/go.sum:
--------------------------------------------------------------------------------
1 | cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
2 | github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
3 | github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc h1:cAKDfWh5VpdgMhJosfJnn5/FoN2SRZ4p7fJNX58YPaU=
4 | github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
5 | github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf h1:qet1QNfXsQxTZqLG4oE62mJzwPIB8+Tee4RNCL9ulrY=
6 | github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
7 | github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
8 | github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
9 | github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
10 | github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
11 | github.com/gogo/protobuf v1.2.0 h1:xU6/SpYbvkNYiptHJYEDRseDLvYE7wSqhYYNy0QSUzI=
12 | github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
13 | github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
14 | github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
15 | github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
16 | github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
17 | github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
18 | github.com/google/gofuzz v0.0.0-20170612174753-24818f796faf h1:+RRA9JqSOZFfKrOeqr2z77+8R2RKyh8PG66dcu1V0ck=
19 | github.com/google/gofuzz v0.0.0-20170612174753-24818f796faf/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI=
20 | github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
21 | github.com/json-iterator/go v1.1.5 h1:gL2yXlmiIo4+t+y32d4WGwOjKGYcGOuyrg46vadswDE=
22 | github.com/json-iterator/go v1.1.5/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
23 | github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
24 | github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
25 | github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI=
26 | github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
27 | github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
28 | github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
29 | github.com/spf13/pflag v1.0.3 h1:zPAT6CGy6wXeQ7NtTnaTerfKOsV6V6F8agHXFiazDkg=
30 | github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
31 | github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
32 | github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q=
33 | github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
34 | go.opencensus.io v0.22.1-0.20190619184131-df42942ad08f h1:2BylqR1hTQ5EyJh5qkVmD4fH8daS+/iH4TR9zIBHnqM=
35 | go.opencensus.io v0.22.1-0.20190619184131-df42942ad08f/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
36 | golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
37 | golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
38 | golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
39 | golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
40 | golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
41 | golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
42 | golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
43 | golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
44 | golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
45 | golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09 h1:KaQtG+aDELoNmXYas3TVkGNYRuq8JQ1aa7LJt8EXVyo=
46 | golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
47 | golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
48 | golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
49 | golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
50 | golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
51 | golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
52 | golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
53 | golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
54 | golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
55 | golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
56 | golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
57 | golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
58 | golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
59 | golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
60 | golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
61 | golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
62 | google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
63 | google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
64 | google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
65 | google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
66 | google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
67 | google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
68 | gopkg.in/alecthomas/kingpin.v2 v2.2.6 h1:jMFz6MfLP0/4fUyZle81rXUoxOBFi19VUFKVDOQfozc=
69 | gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
70 | gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
71 | gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
72 | gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
73 | gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
74 | gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
75 | gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
76 | honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
77 | k8s.io/api v0.0.0-20190126160303-ccdd560a045f h1:CgbcfvEnFr7J/BeUgOeg2c1FCdhMfv3MZkPGu/3e7GI=
78 | k8s.io/api v0.0.0-20190126160303-ccdd560a045f/go.mod h1:iuAfoD4hCxJ8Onx9kaTIt30j7jUFS00AXQi6QMi99vA=
79 | k8s.io/apimachinery v0.0.0-20190126155707-0e6dcdd1b5ce h1:CzCioXa348Dzt9UuYrvxRrLGpL1ZV50QpyBHt01SYj4=
80 | k8s.io/apimachinery v0.0.0-20190126155707-0e6dcdd1b5ce/go.mod h1:ccL7Eh7zubPUSh9A3USN90/OzHNSVN6zxzde07TDCL0=
81 | k8s.io/apiserver v0.0.0-20190126163141-df67e6c3edfa h1:EswS3DhK5W4h1DwA0Negc4WMZqDDZm3Mfp5dDVgTx7g=
82 | k8s.io/apiserver v0.0.0-20190126163141-df67e6c3edfa/go.mod h1:6bqaTSOSJavUIXUtfaR9Os9JtTCm8ZqH2SUl2S60C4w=
83 | k8s.io/klog v0.1.0 h1:I5HMfc/DtuVaGR1KPwUrTc476K8NCqNBldC7H4dYEzk=
84 | k8s.io/klog v0.1.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
85 | sigs.k8s.io/yaml v1.1.0 h1:4A07+ZFc2wgJwo8YNlQpr1rVlgUDlxXHhPJciaPY5gs=
86 | sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
87 |
--------------------------------------------------------------------------------
/third_party/kube-mutating-webhook-tutorial/LICENSE:
--------------------------------------------------------------------------------
1 | Apache License
2 | Version 2.0, January 2004
3 | http://www.apache.org/licenses/
4 |
5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
6 |
7 | 1. Definitions.
8 |
9 | "License" shall mean the terms and conditions for use, reproduction,
10 | and distribution as defined by Sections 1 through 9 of this document.
11 |
12 | "Licensor" shall mean the copyright owner or entity authorized by
13 | the copyright owner that is granting the License.
14 |
15 | "Legal Entity" shall mean the union of the acting entity and all
16 | other entities that control, are controlled by, or are under common
17 | control with that entity. For the purposes of this definition,
18 | "control" means (i) the power, direct or indirect, to cause the
19 | direction or management of such entity, whether by contract or
20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the
21 | outstanding shares, or (iii) beneficial ownership of such entity.
22 |
23 | "You" (or "Your") shall mean an individual or Legal Entity
24 | exercising permissions granted by this License.
25 |
26 | "Source" form shall mean the preferred form for making modifications,
27 | including but not limited to software source code, documentation
28 | source, and configuration files.
29 |
30 | "Object" form shall mean any form resulting from mechanical
31 | transformation or translation of a Source form, including but
32 | not limited to compiled object code, generated documentation,
33 | and conversions to other media types.
34 |
35 | "Work" shall mean the work of authorship, whether in Source or
36 | Object form, made available under the License, as indicated by a
37 | copyright notice that is included in or attached to the work
38 | (an example is provided in the Appendix below).
39 |
40 | "Derivative Works" shall mean any work, whether in Source or Object
41 | form, that is based on (or derived from) the Work and for which the
42 | editorial revisions, annotations, elaborations, or other modifications
43 | represent, as a whole, an original work of authorship. For the purposes
44 | of this License, Derivative Works shall not include works that remain
45 | separable from, or merely link (or bind by name) to the interfaces of,
46 | the Work and Derivative Works thereof.
47 |
48 | "Contribution" shall mean any work of authorship, including
49 | the original version of the Work and any modifications or additions
50 | to that Work or Derivative Works thereof, that is intentionally
51 | submitted to Licensor for inclusion in the Work by the copyright owner
52 | or by an individual or Legal Entity authorized to submit on behalf of
53 | the copyright owner. For the purposes of this definition, "submitted"
54 | means any form of electronic, verbal, or written communication sent
55 | to the Licensor or its representatives, including but not limited to
56 | communication on electronic mailing lists, source code control systems,
57 | and issue tracking systems that are managed by, or on behalf of, the
58 | Licensor for the purpose of discussing and improving the Work, but
59 | excluding communication that is conspicuously marked or otherwise
60 | designated in writing by the copyright owner as "Not a Contribution."
61 |
62 | "Contributor" shall mean Licensor and any individual or Legal Entity
63 | on behalf of whom a Contribution has been received by Licensor and
64 | subsequently incorporated within the Work.
65 |
66 | 2. Grant of Copyright License. Subject to the terms and conditions of
67 | this License, each Contributor hereby grants to You a perpetual,
68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
69 | copyright license to reproduce, prepare Derivative Works of,
70 | publicly display, publicly perform, sublicense, and distribute the
71 | Work and such Derivative Works in Source or Object form.
72 |
73 | 3. Grant of Patent License. Subject to the terms and conditions of
74 | this License, each Contributor hereby grants to You a perpetual,
75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
76 | (except as stated in this section) patent license to make, have made,
77 | use, offer to sell, sell, import, and otherwise transfer the Work,
78 | where such license applies only to those patent claims licensable
79 | by such Contributor that are necessarily infringed by their
80 | Contribution(s) alone or by combination of their Contribution(s)
81 | with the Work to which such Contribution(s) was submitted. If You
82 | institute patent litigation against any entity (including a
83 | cross-claim or counterclaim in a lawsuit) alleging that the Work
84 | or a Contribution incorporated within the Work constitutes direct
85 | or contributory patent infringement, then any patent licenses
86 | granted to You under this License for that Work shall terminate
87 | as of the date such litigation is filed.
88 |
89 | 4. Redistribution. You may reproduce and distribute copies of the
90 | Work or Derivative Works thereof in any medium, with or without
91 | modifications, and in Source or Object form, provided that You
92 | meet the following conditions:
93 |
94 | (a) You must give any other recipients of the Work or
95 | Derivative Works a copy of this License; and
96 |
97 | (b) You must cause any modified files to carry prominent notices
98 | stating that You changed the files; and
99 |
100 | (c) You must retain, in the Source form of any Derivative Works
101 | that You distribute, all copyright, patent, trademark, and
102 | attribution notices from the Source form of the Work,
103 | excluding those notices that do not pertain to any part of
104 | the Derivative Works; and
105 |
106 | (d) If the Work includes a "NOTICE" text file as part of its
107 | distribution, then any Derivative Works that You distribute must
108 | include a readable copy of the attribution notices contained
109 | within such NOTICE file, excluding those notices that do not
110 | pertain to any part of the Derivative Works, in at least one
111 | of the following places: within a NOTICE text file distributed
112 | as part of the Derivative Works; within the Source form or
113 | documentation, if provided along with the Derivative Works; or,
114 | within a display generated by the Derivative Works, if and
115 | wherever such third-party notices normally appear. The contents
116 | of the NOTICE file are for informational purposes only and
117 | do not modify the License. You may add Your own attribution
118 | notices within Derivative Works that You distribute, alongside
119 | or as an addendum to the NOTICE text from the Work, provided
120 | that such additional attribution notices cannot be construed
121 | as modifying the License.
122 |
123 | You may add Your own copyright statement to Your modifications and
124 | may provide additional or different license terms and conditions
125 | for use, reproduction, or distribution of Your modifications, or
126 | for any such Derivative Works as a whole, provided Your use,
127 | reproduction, and distribution of the Work otherwise complies with
128 | the conditions stated in this License.
129 |
130 | 5. Submission of Contributions. Unless You explicitly state otherwise,
131 | any Contribution intentionally submitted for inclusion in the Work
132 | by You to the Licensor shall be under the terms and conditions of
133 | this License, without any additional terms or conditions.
134 | Notwithstanding the above, nothing herein shall supersede or modify
135 | the terms of any separate license agreement you may have executed
136 | with Licensor regarding such Contributions.
137 |
138 | 6. Trademarks. This License does not grant permission to use the trade
139 | names, trademarks, service marks, or product names of the Licensor,
140 | except as required for reasonable and customary use in describing the
141 | origin of the Work and reproducing the content of the NOTICE file.
142 |
143 | 7. Disclaimer of Warranty. Unless required by applicable law or
144 | agreed to in writing, Licensor provides the Work (and each
145 | Contributor provides its Contributions) on an "AS IS" BASIS,
146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147 | implied, including, without limitation, any warranties or conditions
148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149 | PARTICULAR PURPOSE. You are solely responsible for determining the
150 | appropriateness of using or redistributing the Work and assume any
151 | risks associated with Your exercise of permissions under this License.
152 |
153 | 8. Limitation of Liability. In no event and under no legal theory,
154 | whether in tort (including negligence), contract, or otherwise,
155 | unless required by applicable law (such as deliberate and grossly
156 | negligent acts) or agreed to in writing, shall any Contributor be
157 | liable to You for damages, including any direct, indirect, special,
158 | incidental, or consequential damages of any character arising as a
159 | result of this License or out of the use or inability to use the
160 | Work (including but not limited to damages for loss of goodwill,
161 | work stoppage, computer failure or malfunction, or any and all
162 | other commercial damages or losses), even if such Contributor
163 | has been advised of the possibility of such damages.
164 |
165 | 9. Accepting Warranty or Additional Liability. While redistributing
166 | the Work or Derivative Works thereof, You may choose to offer,
167 | and charge a fee for, acceptance of support, warranty, indemnity,
168 | or other liability obligations and/or rights consistent with this
169 | License. However, in accepting such obligations, You may act only
170 | on Your own behalf and on Your sole responsibility, not on behalf
171 | of any other Contributor, and only if You agree to indemnify,
172 | defend, and hold each Contributor harmless for any liability
173 | incurred by, or claims asserted against, such Contributor by reason
174 | of your accepting any such warranty or additional liability.
175 |
176 | END OF TERMS AND CONDITIONS
177 |
178 | APPENDIX: How to apply the Apache License to your work.
179 |
180 | To apply the Apache License to your work, attach the following
181 | boilerplate notice, with the fields enclosed by brackets "[]"
182 | replaced with your own identifying information. (Don't include
183 | the brackets!) The text should be enclosed in the appropriate
184 | comment syntax for the file format. We also recommend that a
185 | file or class name and description of purpose be included on the
186 | same "printed page" as the copyright notice for easier
187 | identification within third-party archives.
188 |
189 | Copyright [yyyy] [name of copyright owner]
190 |
191 | Licensed under the Apache License, Version 2.0 (the "License");
192 | you may not use this file except in compliance with the License.
193 | You may obtain a copy of the License at
194 |
195 | http://www.apache.org/licenses/LICENSE-2.0
196 |
197 | Unless required by applicable law or agreed to in writing, software
198 | distributed under the License is distributed on an "AS IS" BASIS,
199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200 | See the License for the specific language governing permissions and
201 | limitations under the License.
202 |
--------------------------------------------------------------------------------
/third_party/kube-mutating-webhook-tutorial/create-signed-cert.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # NOTICE: This Apache 2.0 licensed script was taken from https://github.com/morvencao/kube-mutating-webhook-tutorial/blob/34685e078ee93f1e12b30e0ce08e747928d6645d/deployment/webhook-create-signed-cert.sh with minor modifications.
4 |
5 | set -e
6 |
7 | usage() {
8 | cat <> ${tmpdir}/csr.conf
65 | [req]
66 | req_extensions = v3_req
67 | distinguished_name = req_distinguished_name
68 | [req_distinguished_name]
69 | [ v3_req ]
70 | basicConstraints = CA:FALSE
71 | keyUsage = nonRepudiation, digitalSignature, keyEncipherment
72 | extendedKeyUsage = serverAuth
73 | subjectAltName = @alt_names
74 | [alt_names]
75 | DNS.1 = ${service}
76 | DNS.2 = ${service}.${namespace}
77 | DNS.3 = ${service}.${namespace}.svc
78 | EOF
79 |
80 | openssl genrsa -out ${tmpdir}/server-key.pem 2048
81 | openssl req -new -key ${tmpdir}/server-key.pem -subj "/CN=${service}.${namespace}.svc" -out ${tmpdir}/server.csr -config ${tmpdir}/csr.conf
82 |
83 | # clean-up any previously created CSR for our service. Ignore errors if not present.
84 | kubectl delete csr ${csrName} 2>/dev/null || true
85 |
86 | # create server cert/key CSR and send to k8s API
87 | cat <&2
122 | exit 1
123 | fi
124 | echo ${serverCert} | openssl base64 -d -A -out ${tmpdir}/server-cert.pem
125 |
126 |
127 | # create the secret with CA cert and server cert/key
128 | kubectl create secret generic ${secret} \
129 | --from-file=key.pem=${tmpdir}/server-key.pem \
130 | --from-file=cert.pem=${tmpdir}/server-cert.pem \
131 | --dry-run -o yaml |
132 | kubectl -n ${namespace} apply -f -
133 |
--------------------------------------------------------------------------------