├── .github
├── ISSUE_TEMPLATE
│ ├── bug-report.md
│ ├── enhancement.md
│ └── question.md
├── OWNERS
├── dependabot.yml
├── release-drafter.yml
├── settings.yml
└── workflows
│ ├── release-drafter.yml
│ ├── release.yaml
│ └── release_dev.yaml
├── .gitignore
├── .goreleaser.yaml
├── CONTRIBUTING.md
├── LICENSE
├── Makefile
├── OWNERS
├── PROJECT
├── README.md
├── README_zh.md
├── apis
└── kubeeye
│ ├── options
│ └── InspectInterface.go
│ └── v1alpha2
│ ├── groupversion_info.go
│ ├── inspectplan_types.go
│ ├── inspectresult_types.go
│ ├── inspectrule_types.go
│ ├── inspecttask_types.go
│ ├── register.go
│ └── zz_generated.deepcopy.go
├── bin
├── controller-gen
└── kustomize
├── build
├── apiserver
│ └── Dockerfile
├── controller
│ └── Dockerfile
└── job
│ └── Dockerfile
├── chart
└── kubeeye
│ ├── .helmignore
│ ├── Chart.yaml
│ ├── crds
│ ├── kubeeye.kubesphere.io_inspectplans.yaml
│ ├── kubeeye.kubesphere.io_inspectresults.yaml
│ ├── kubeeye.kubesphere.io_inspectrules.yaml
│ └── kubeeye.kubesphere.io_inspecttasks.yaml
│ ├── templates
│ ├── _helpers.tpl
│ ├── apiserver.yaml
│ ├── config.yaml
│ ├── deployment.yaml
│ ├── images.tpl
│ ├── leader-election-rbac.yaml
│ ├── manager-config.yaml
│ ├── manager-rbac.yaml
│ ├── metrics-reader-rbac.yaml
│ ├── metrics-service.yaml
│ ├── proxy-rbac.yaml
│ ├── pvc.yaml
│ └── serviceaccount.yaml
│ └── values.yaml
├── clients
├── applyconfiguration
│ ├── internal
│ │ └── internal.go
│ ├── kubeeye
│ │ └── v1alpha2
│ │ │ ├── baseresult.go
│ │ │ ├── cluster.go
│ │ │ ├── clusterinfo.go
│ │ │ ├── commandresultitem.go
│ │ │ ├── componentresultitem.go
│ │ │ ├── customcommandrule.go
│ │ │ ├── extrainfo.go
│ │ │ ├── filechangeresultitem.go
│ │ │ ├── filechangerule.go
│ │ │ ├── filefilterrule.go
│ │ │ ├── inspectplan.go
│ │ │ ├── inspectplanspec.go
│ │ │ ├── inspectplanstatus.go
│ │ │ ├── inspectresult.go
│ │ │ ├── inspectresultspec.go
│ │ │ ├── inspectresultstatus.go
│ │ │ ├── inspectrule.go
│ │ │ ├── inspectrulenames.go
│ │ │ ├── inspectrulespec.go
│ │ │ ├── inspectrulestatus.go
│ │ │ ├── inspecttask.go
│ │ │ ├── inspecttaskspec.go
│ │ │ ├── inspecttaskstatus.go
│ │ │ ├── jobphase.go
│ │ │ ├── kubeeyeoparesult.go
│ │ │ ├── node.go
│ │ │ ├── nodeinforesultitem.go
│ │ │ ├── nodeinforule.go
│ │ │ ├── nodemetricsresultitem.go
│ │ │ ├── oparule.go
│ │ │ ├── prometheusconfig.go
│ │ │ ├── prometheusresult.go
│ │ │ ├── prometheusrule.go
│ │ │ ├── resourceresult.go
│ │ │ ├── resourcestype.go
│ │ │ ├── resultitem.go
│ │ │ ├── ruleitembases.go
│ │ │ ├── scoreinfo.go
│ │ │ ├── serviceconnectresultitem.go
│ │ │ ├── serviceconnectrule.go
│ │ │ ├── sysrule.go
│ │ │ └── tasknames.go
│ └── utils.go
├── clientset
│ └── versioned
│ │ ├── clientset.go
│ │ ├── fake
│ │ ├── clientset_generated.go
│ │ ├── doc.go
│ │ └── register.go
│ │ ├── scheme
│ │ ├── doc.go
│ │ └── register.go
│ │ └── typed
│ │ └── kubeeye
│ │ └── v1alpha2
│ │ ├── doc.go
│ │ ├── fake
│ │ ├── doc.go
│ │ ├── fake_inspectplan.go
│ │ ├── fake_inspectresult.go
│ │ ├── fake_inspectrule.go
│ │ ├── fake_inspecttask.go
│ │ └── fake_kubeeye_client.go
│ │ ├── generated_expansion.go
│ │ ├── inspectplan.go
│ │ ├── inspectresult.go
│ │ ├── inspectrule.go
│ │ ├── inspecttask.go
│ │ └── kubeeye_client.go
├── informers
│ └── externalversions
│ │ ├── factory.go
│ │ ├── generic.go
│ │ ├── internalinterfaces
│ │ └── factory_interfaces.go
│ │ └── kubeeye
│ │ ├── interface.go
│ │ └── v1alpha2
│ │ ├── inspectplan.go
│ │ ├── inspectresult.go
│ │ ├── inspectrule.go
│ │ ├── inspecttask.go
│ │ └── interface.go
└── listers
│ └── kubeeye
│ └── v1alpha2
│ ├── expansion_generated.go
│ ├── inspectplan.go
│ ├── inspectresult.go
│ ├── inspectrule.go
│ └── inspecttask.go
├── cmd
├── apiserver
│ └── main.go
├── ke-manager
│ └── main.go
└── ke
│ ├── ctl
│ ├── create
│ │ ├── config.go
│ │ ├── create.go
│ │ └── job.go
│ └── inspect.go
│ └── main.go
├── config
├── crd
│ ├── bases
│ │ ├── kubeeye.kubesphere.io_inspectplans.yaml
│ │ ├── kubeeye.kubesphere.io_inspectresults.yaml
│ │ ├── kubeeye.kubesphere.io_inspectrules.yaml
│ │ └── kubeeye.kubesphere.io_inspecttasks.yaml
│ ├── kustomization.yaml
│ ├── kustomizeconfig.yaml
│ └── patches
│ │ ├── cainjection_in_inspectplans.yaml
│ │ ├── cainjection_in_inspectresults.yaml
│ │ ├── cainjection_in_inspectrules.yaml
│ │ ├── cainjection_in_inspecttasks.yaml
│ │ ├── webhook_in_inspectplans.yaml
│ │ ├── webhook_in_inspectresults.yaml
│ │ ├── webhook_in_inspectrules.yaml
│ │ └── webhook_in_inspecttasks.yaml
├── default
│ ├── kustomization.yaml
│ ├── manager_auth_proxy_patch.yaml
│ └── manager_config_patch.yaml
├── manager
│ ├── apiserver.yaml
│ ├── controller_manager_config.yaml
│ ├── kubeeye-config.yaml
│ ├── kustomization.yaml
│ └── manager.yaml
├── prometheus
│ ├── kustomization.yaml
│ └── monitor.yaml
├── rbac
│ ├── auth_proxy_client_clusterrole.yaml
│ ├── auth_proxy_role.yaml
│ ├── auth_proxy_role_binding.yaml
│ ├── auth_proxy_service.yaml
│ ├── inspect_editor_role.yaml
│ ├── inspect_viewer_role.yaml
│ ├── inspectplan_editor_role.yaml
│ ├── inspectplan_viewer_role.yaml
│ ├── inspectresult_editor_role.yaml
│ ├── inspectresult_viewer_role.yaml
│ ├── inspecttask_editor_role.yaml
│ ├── inspecttask_viewer_role.yaml
│ ├── kustomization.yaml
│ ├── leader_election_role.yaml
│ ├── leader_election_role_binding.yaml
│ ├── role.yaml
│ ├── role_binding.yaml
│ └── service_account.yaml
├── samples
│ └── kubeeye_v1alpha2_inspectresult.yaml
└── storage
│ ├── inspect-result.yaml
│ └── kustomization.yaml
├── cover.out
├── docs
├── FAQ.md
├── check-content_zh-CN.md
├── images
│ ├── KubeEye-O.jpg
│ ├── KubeEye-O.svg
│ ├── KubeEye.jpg
│ ├── KubeEye.svg
│ ├── kubeeye-architecture-new.png
│ ├── kubeeye-architecture-new.svg
│ ├── kubeeye-architecture.png
│ ├── kubeeye-architecture.svg
│ ├── kubeeye-logo-vertical.jpg
│ └── kubeeye-logo.png
└── roadmap.md
├── examples
├── test
│ └── main.go
└── tmp
│ └── imageRegistryRule.rego
├── go.mod
├── go.sum
├── hack
├── boilerplate.go.txt
├── docker_build_multiarch.sh
├── generate_client.sh
├── generate_group.sh
├── lib
│ ├── golang.sh
│ ├── init.sh
│ ├── logging.sh
│ ├── util.sh
│ └── version.sh
├── tools.go
├── update-codegen.sh
└── verify-codegen.sh
├── pkg
├── collectors
│ └── opa
│ │ ├── checker.go
│ │ ├── node_stats_summary.go
│ │ ├── opa.go
│ │ └── resources.go
├── conf
│ └── conf.go
├── constant
│ └── constant.go
├── controllers
│ ├── inspectplan_controller.go
│ ├── inspectresult_controller.go
│ ├── inspectrules_controller.go
│ ├── inspecttask_controller.go
│ └── suite_test.go
├── informers
│ ├── informers.go
│ └── informers_resources.go
├── inspect
│ ├── command_inspect.go
│ ├── component_inspect.go
│ ├── file_change_Inspect.go
│ ├── file_filter_inspect.go
│ ├── kubeeyeinspect.go
│ ├── nodeinfo_inspect.go
│ ├── opa_inspect.go
│ ├── prometheus_inspect.go
│ ├── resources.go
│ ├── service_connect_inspect.go
│ ├── sysctl_inspect.go
│ └── systemd_inspect.go
├── kube
│ ├── getresources.go
│ ├── kubeconfig.go
│ └── resources.go
├── message
│ ├── alarm_message.go
│ ├── email_message.go
│ └── message.go
├── output
│ ├── csv.go
│ ├── excel.go
│ ├── html.go
│ ├── json.go
│ └── output.go
├── rules
│ └── rules.go
├── server
│ ├── api
│ │ ├── inspectPlan.go
│ │ ├── inspectResult.go
│ │ ├── inspectRule.go
│ │ ├── inspectTask.go
│ │ └── utils.go
│ ├── query
│ │ └── query.go
│ └── router
│ │ └── router.go
├── suggests
│ ├── en
│ │ └── modifysuggests.json
│ └── zh
│ │ └── modifysuggests.json
├── template
│ ├── config_map_template.go
│ ├── inspect_template.go
│ ├── job_template.go
│ ├── role_template.go
│ └── template_options.go
└── utils
│ └── utils.go
├── sample
└── rules
│ ├── kubeeye_filechange_inspect.yaml
│ ├── kubeeye_filterrule_inspect.yaml
│ ├── kubeeye_nodeInfo_inspect.yaml
│ ├── kubeeye_opa_configmap_inspect.yaml
│ ├── kubeeye_opa_cronjob_inspect.yaml
│ ├── kubeeye_opa_daemonset_inspect.yaml
│ ├── kubeeye_opa_deployment_inspect.yaml
│ ├── kubeeye_opa_event_inspect.yaml
│ ├── kubeeye_opa_job_inspect.yaml
│ ├── kubeeye_opa_node_inspect.yaml
│ ├── kubeeye_opa_node_stats_summary_inspect.yaml
│ ├── kubeeye_opa_pod_inspect.yaml
│ ├── kubeeye_opa_pod_state_inspect.yaml
│ ├── kubeeye_opa_statefulset_inspect.yaml
│ ├── kubeeye_promql_inspect.yaml
│ ├── kubeeye_services_connect_inspect.yaml
│ ├── kubeeye_sysctlrule_inspect.yaml
│ └── kubeeye_systemd_inspect.yaml
└── swaggerDocs
├── docs.go
├── swagger.json
└── swagger.yaml
/.github/ISSUE_TEMPLATE/bug-report.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: Bug Report
3 | about: Report a bug encountered while using KubeEye.
4 | labels: kind/bug
5 |
6 | ---
7 |
8 |
10 |
11 |
12 | **What happened**:
13 |
14 | **What you expected to happen**:
15 |
16 | **How to reproduce it (as minimally and precisely as possible)**:
17 |
18 | **Anything else we need to know?**:
19 |
20 | **Environment**:
21 | - Kubeeye version:
22 | - Others:
23 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/enhancement.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: Enhancement Request
3 | about: Suggest an enhancement to the project
4 | labels: kind/feature
5 |
6 | ---
7 |
8 |
9 | **What would you like to be added**:
10 |
11 | **Why is this needed**:
12 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/question.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: Question
3 | about: Question relating to KubeEye.
4 | labels: kind/question
5 |
6 | ---
7 |
8 | **Please provide an in-depth description of the question you have**:
9 |
10 | **What do you think about this question?**:
11 |
12 | **Environment**:
13 | - KubeEye version:
14 | - Others:
--------------------------------------------------------------------------------
/.github/OWNERS:
--------------------------------------------------------------------------------
1 | approvers:
2 | - pixiake
3 | - zheng1
4 | - rayzhou2017
5 | - LinuxSuRen
6 |
7 | reviewers:
8 | - pixiake
9 | - zheng1
10 | - rayzhou2017
11 | - zryfish
12 | - benjaminhuo
13 | - calvinyv
14 | - FeynmanZhou
15 | - wansir
16 | - LinuxSuRen
17 |
--------------------------------------------------------------------------------
/.github/dependabot.yml:
--------------------------------------------------------------------------------
1 | version: 2
2 | updates:
3 | - package-ecosystem: "github-actions"
4 | directory: "/"
5 | schedule:
6 | interval: "daily"
7 | pull-request-branch-name:
8 | separator: "-"
9 | - package-ecosystem: "gomod"
10 | directory: "/"
11 | schedule:
12 | interval: "daily"
13 | pull-request-branch-name:
14 | separator: "-"
15 |
--------------------------------------------------------------------------------
/.github/release-drafter.yml:
--------------------------------------------------------------------------------
1 | # Configuration for Release Drafter: https://github.com/toolmantim/release-drafter
2 | name-template: 'v$NEXT_PATCH_VERSION 🌈'
3 | tag-template: 'v$NEXT_PATCH_VERSION'
4 | version-template: $MAJOR.$MINOR.$PATCH
5 | # Emoji reference: https://gitmoji.carloscuesta.me/
6 | categories:
7 | - title: '🚀 Features'
8 | labels:
9 | - 'feature'
10 | - 'enhancement'
11 | - 'kind/feature'
12 | - title: '🐛 Bug Fixes'
13 | labels:
14 | - 'fix'
15 | - 'bugfix'
16 | - 'bug'
17 | - 'regression'
18 | - 'kind/bug'
19 | - title: 📝 Documentation updates
20 | labels:
21 | - 'documentation'
22 | - 'kind/documentation'
23 | - title: 👻 Maintenance
24 | labels:
25 | - chore
26 | - dependencies
27 | - 'kind/cleanup'
28 | - title: 🚦 Tests
29 | labels:
30 | - test
31 | - tests
32 | exclude-labels:
33 | - reverted
34 | - no-changelog
35 | - skip-changelog
36 | - invalid
37 | change-template: '* $TITLE (#$NUMBER) @$AUTHOR'
38 | template: |
39 | ## What’s Changed
40 |
41 | $CHANGES
42 |
--------------------------------------------------------------------------------
/.github/settings.yml:
--------------------------------------------------------------------------------
1 | repository:
2 | name: kubeeye
3 | description: "KubeEye aims to find various problems on Kubernetes, such as application misconfiguration, unhealthy cluster components and node problems."
4 | homepage: https://kubesphere.io/
5 | private: false
6 | has_issues: true
7 | has_wiki: false
8 | has_downloads: false
9 | default_branch: main
10 | allow_squash_merge: true
11 | allow_merge_commit: true
12 | allow_rebase_merge: true
13 | branches:
14 | - name: main
15 | protection:
16 | required_pull_request_reviews:
17 | required_approving_review_count: 1
18 | dismiss_stale_reviews: true
19 | require_code_owner_reviews: true
20 | dismissal_restrictions:
21 | users: []
22 | teams: []
23 | required_status_checks:
24 | strict: true
25 | contexts: []
26 | enforce_admins: false
27 | restrictions:
28 | users: []
29 | teams: []
30 |
--------------------------------------------------------------------------------
/.github/workflows/release-drafter.yml:
--------------------------------------------------------------------------------
1 | name: Release Drafter
2 |
3 | on:
4 | push:
5 | branches:
6 | - 'main'
7 |
8 | jobs:
9 | update_release_draft:
10 | runs-on: ubuntu-latest
11 | steps:
12 | - uses: release-drafter/release-drafter@v5
13 | env:
14 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | # OSX leaves these everywhere on SMB shares
2 | ._*
3 |
4 | # OSX trash
5 | .DS_Store
6 |
7 | # Eclipse files
8 | .classpath
9 | .project
10 | .settings/**
11 |
12 | # Files generated by JetBrains IDEs, e.g. IntelliJ IDEA
13 | .idea/
14 | *.iml
15 | .bin/
16 |
17 | # Vscode files
18 | .vscode
19 |
20 | # This is where the result of the go build goes
21 | /output*/
22 | /_output*/
23 | /_output
24 |
25 | # Emacs save files
26 | *~
27 | \#*\#
28 | .\#*
29 |
30 | # Vim-related files
31 | [._]*.s[a-w][a-z]
32 | [._]s[a-w][a-z]
33 | *.un~
34 | Session.vim
35 | .netrwhist
36 |
37 | # Generate by makefile
38 | vendor
39 | kubeEyeAuditResult.csv
40 | !go.mod
41 | !.gitignore
42 | !cover.out
43 | !go.sum
--------------------------------------------------------------------------------
/.goreleaser.yaml:
--------------------------------------------------------------------------------
1 | # Official documentation at http://goreleaser.com
2 | project_name: kubeeye
3 | builds:
4 | - env:
5 | - CGO_ENABLED=0
6 | main: ./cmd/ke/main.go
7 | binary: ke
8 | goarch:
9 | - amd64
10 | - arm64
11 | goos:
12 | - linux
13 | - windows
14 | - darwin
15 | dist: bin
16 | archives:
17 | - name_template: "kubeeye-v{{ .Version }}-{{ .Os }}-{{ .Arch }}"
18 | replacements:
19 | linux: linux
20 | amd64: amd64
21 | arm64: arm64
22 | darwin: darwin
23 | windows: windows
24 | files:
25 | - none*
26 | checksum:
27 | name_template: 'checksums.txt'
28 | snapshot:
29 | name_template: "{{ .Version }}-next-{{.ShortCommit}}"
30 | changelog:
31 | skip: true
32 | sort: asc
33 | filters:
34 | exclude:
35 | - '^docs:'
36 | - '^test:'
37 | nfpms:
38 | - file_name_template: "kubeeye-v{{ .Version }}-{{.Os}}-{{.Arch}}"
39 | homepage: https://github.com/kubesphere/kubeeye
40 | description: "KubeEye aims to find various problems on Kubernetes, such as application misconfiguration, unhealthy cluster components and node problems."
41 | maintainer: kubesphere authors
42 | license: Apache-2.0
43 | vendor: Kubesphere
44 | formats:
45 | - deb
46 | - rpm
47 | bindir: /usr/bin
48 | replacements:
49 | amd64: 64bit
50 | arm64: arm64
51 | linux: linux
--------------------------------------------------------------------------------
/CONTRIBUTING.md:
--------------------------------------------------------------------------------
1 | ## Guide
2 |
3 | This [document](https://github.com/kubesphere/community) walks you through how to get started contributing KubeSphere.
4 |
--------------------------------------------------------------------------------
/OWNERS:
--------------------------------------------------------------------------------
1 | approvers:
2 | - zheng1
3 | - ruiyaoOps
4 | - pixiake
5 | - zryfish
6 | - rayzhou2017
7 |
8 | reviewers:
9 | - zheng1
10 | - ruiyaoOps
11 | - pixiake
12 | - rayzhou2017
13 | - zryfish
14 | - benjaminhuo
15 | - calvinyv
16 | - FeynmanZhou
17 | - wansir
18 | - LinuxSuRen
19 |
--------------------------------------------------------------------------------
/PROJECT:
--------------------------------------------------------------------------------
1 | # Code generated by tool. DO NOT EDIT.
2 | # This file is used to track the info used to scaffold your project
3 | # and allow the plugins properly work.
4 | # More info: https://book.kubebuilder.io/reference/project-config.html
5 | domain: kubesphere.io
6 | layout:
7 | - go.kubebuilder.io/v3
8 | projectName: kubeeye
9 | repo: github.com/kubesphere/kubeeye
10 | resources:
11 | - api:
12 | crdVersion: v1
13 | namespaced: true
14 | controller: true
15 | domain: kubesphere.io
16 | group: kubeeye
17 | kind: InspectPlan
18 | path: github.com/kubesphere/kubeeye/apis/kubeeye/v1alpha2
19 | version: v1alpha2
20 | - api:
21 | crdVersion: v1
22 | namespaced: true
23 | controller: true
24 | domain: kubesphere.io
25 | group: kubeeye
26 | kind: InspectTask
27 | path: github.com/kubesphere/kubeeye/apis/kubeeye/v1alpha2
28 | version: v1alpha2
29 | - api:
30 | crdVersion: v1
31 | namespaced: true
32 | controller: true
33 | domain: kubesphere.io
34 | group: kubeeye
35 | kind: InspectRules
36 | path: github.com/kubesphere/kubeeye/apis/kubeeye/v1alpha2
37 | version: v1alpha2
38 | - api:
39 | crdVersion: v1
40 | namespaced: true
41 | controller: true
42 | domain: kubesphere.io
43 | group: kubeeye
44 | kind: InspectResult
45 | path: github.com/kubesphere/kubeeye/apis/kubeeye/v1alpha2
46 | version: v1alpha2
47 | version: "3"
48 |
--------------------------------------------------------------------------------
/apis/kubeeye/options/InspectInterface.go:
--------------------------------------------------------------------------------
1 | package options
2 |
3 | import (
4 | "context"
5 | kubeeyev1alpha2 "github.com/kubesphere/kubeeye/apis/kubeeye/v1alpha2"
6 | "github.com/kubesphere/kubeeye/pkg/kube"
7 | v12 "k8s.io/api/batch/v1"
8 | corev1 "k8s.io/api/core/v1"
9 | v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
10 | "k8s.io/client-go/informers"
11 | )
12 |
13 | type InspectInterface interface {
14 | RunInspect(ctx context.Context, rules []kubeeyev1alpha2.JobRule, clients *kube.KubernetesClient, currentJobName string, informers informers.SharedInformerFactory, ownerRef ...v1.OwnerReference) ([]byte, error)
15 | GetResult(runNodeName string, resultCm *corev1.ConfigMap, resultCr *kubeeyev1alpha2.InspectResult) (*kubeeyev1alpha2.InspectResult, error)
16 | }
17 |
18 | type InspectType struct {
19 | Clients *kube.KubernetesClient
20 | JobRule *kubeeyev1alpha2.JobRule
21 | Task *kubeeyev1alpha2.InspectTask
22 | CurrentJobName string
23 | Jobs *v12.Job
24 | Result *corev1.ConfigMap
25 | OwnerRef []v1.OwnerReference
26 | }
27 |
--------------------------------------------------------------------------------
/apis/kubeeye/v1alpha2/groupversion_info.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2022.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | // Package v1alpha2 contains API Schema definitions for the kubeeye v1alpha2 API group
18 | // +kubebuilder:object:generate=true
19 | // +groupName=kubeeye.kubesphere.io
20 | package v1alpha2
21 |
22 | import (
23 | "k8s.io/apimachinery/pkg/runtime/schema"
24 | "sigs.k8s.io/controller-runtime/pkg/scheme"
25 | )
26 |
27 | var (
28 | // GroupVersion is group version used to register these objects
29 | GroupVersion = schema.GroupVersion{Group: "kubeeye.kubesphere.io", Version: "v1alpha2"}
30 |
31 | // SchemeBuilder is used to add go types to the GroupVersionKind scheme
32 | SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}
33 |
34 | // AddToScheme adds the types in this group-version to the given scheme.
35 | AddToScheme = SchemeBuilder.AddToScheme
36 | )
37 |
--------------------------------------------------------------------------------
/apis/kubeeye/v1alpha2/register.go:
--------------------------------------------------------------------------------
1 | package v1alpha2
2 |
3 | import "k8s.io/apimachinery/pkg/runtime/schema"
4 |
5 | // SchemeGroupVersion is group version used to register these objects.
6 | var SchemeGroupVersion = GroupVersion
7 |
8 | // Resource takes an unqualified resource and returns a Group qualified GroupResource
9 | func Resource(resource string) schema.GroupResource {
10 | return SchemeGroupVersion.WithResource(resource).GroupResource()
11 | }
12 |
--------------------------------------------------------------------------------
/bin/controller-gen:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kubesphere/kubeeye/6ebcd03de9d343e2451047ab2bfe1967ef341871/bin/controller-gen
--------------------------------------------------------------------------------
/bin/kustomize:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kubesphere/kubeeye/6ebcd03de9d343e2451047ab2bfe1967ef341871/bin/kustomize
--------------------------------------------------------------------------------
/build/apiserver/Dockerfile:
--------------------------------------------------------------------------------
1 |
2 | # Build the manager binary
3 | FROM golang:1.23 AS builder
4 |
5 | #RUN #go env -w GOPROXY=https://goproxy.cn,direct
6 | # Run this with docker build --build_arg $(go env GOPROXY) to override the goproxy
7 | #ARG goproxy=https://goproxy.cn,direct
8 | #ENV GOPROXY=$goproxy
9 |
10 |
11 | WORKDIR /workspace
12 |
13 | COPY ../../apis apis/
14 | COPY ../../clients clients/
15 | COPY ../../cmd cmd/
16 | COPY ../../pkg/controllers controllers/
17 | COPY ../../pkg pkg/
18 | COPY ../../pkg/constant constant/
19 | COPY ../../swaggerDocs swaggerDocs/
20 |
21 |
22 |
23 | COPY ../../go.mod go.mod
24 | COPY ../../go.sum go.sum
25 |
26 | RUN go mod tidy && go mod vendor
27 |
28 | # Do not force rebuild of up-to-date packages (do not use -a) and use the compiler cache folder
29 |
30 | RUN CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETPLATFORM} go build -o /workspace/apiserver ./cmd/apiserver
31 |
32 |
33 | FROM alpine:3.21
34 |
35 | WORKDIR /
36 |
37 | COPY --from=builder /workspace/apiserver /kubeeye/apiserver
38 |
39 |
40 | RUN addgroup -S kubeeye -g 1000 && adduser -S kubeeye -G kubeeye -u 1000
41 |
42 | RUN chown kubeeye:kubeeye /kubeeye
43 |
44 | USER 1000:1000
45 |
46 | ENTRYPOINT ["/kubeeye/apiserver"]
47 |
--------------------------------------------------------------------------------
/build/controller/Dockerfile:
--------------------------------------------------------------------------------
1 | # Build the manager binary
2 | FROM golang:1.23 AS builder
3 |
4 | #ARG goproxy=https://goproxy.cn,direct
5 | #ENV GOPROXY=$goproxy
6 |
7 |
8 | WORKDIR /workspace
9 |
10 | COPY ../../apis apis/
11 | COPY ../../clients clients/
12 | COPY ../../cmd cmd/
13 | COPY ../../pkg/controllers controllers/
14 | COPY ../../pkg pkg/
15 | COPY ../../pkg/constant constant/
16 | COPY ../../swaggerDocs swaggerDocs/
17 |
18 | # Copy the Go Modules manifests
19 | COPY ../../go.mod go.mod
20 | COPY ../../go.sum go.sum
21 |
22 | RUN go mod tidy && go mod vendor
23 |
24 | ENV CGO_ENABLED=0
25 |
26 | # Build
27 | RUN CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETPLATFORM} go build -o /workspace/controller ./cmd/ke-manager/main.go
28 |
29 | FROM alpine:3.21 AS ke-manager
30 |
31 | WORKDIR /kubeeye
32 |
33 | COPY --from=builder /workspace/controller /kubeeye
34 |
35 | RUN addgroup -S kubeeye -g 1000 && adduser -S kubeeye -G kubeeye -u 1000
36 |
37 | RUN chown kubeeye:kubeeye /kubeeye
38 |
39 | USER 1000:1000
40 |
41 | ENTRYPOINT ["/kubeeye/controller"]
42 |
--------------------------------------------------------------------------------
/build/job/Dockerfile:
--------------------------------------------------------------------------------
1 |
2 | # Build the manager binary
3 | FROM golang:1.23 AS builder
4 |
5 | #RUN #go env -w GOPROXY=https://goproxy.cn,direct
6 | # Run this with docker build --build_arg $(go env GOPROXY) to override the goproxy
7 | #ARG goproxy=https://goproxy.cn,direct
8 | #ENV GOPROXY=$goproxy
9 |
10 |
11 | WORKDIR /workspace
12 |
13 | COPY ../../apis apis/
14 | COPY ../../clients clients/
15 | COPY ../../cmd cmd/
16 | COPY ../../pkg/controllers controllers/
17 | COPY ../../pkg pkg/
18 | COPY ../../pkg/constant constant/
19 | COPY ../../swaggerDocs swaggerDocs/
20 |
21 |
22 |
23 | COPY ../../go.mod go.mod
24 | COPY ../../go.sum go.sum
25 |
26 | RUN go mod tidy && go mod vendor
27 |
28 | # Do not force rebuild of up-to-date packages (do not use -a) and use the compiler cache folder
29 |
30 | RUN CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETPLATFORM} go build -o /workspace/ke ./cmd/ke
31 |
32 |
33 | FROM alpine:3.21
34 |
35 | WORKDIR /
36 |
37 | COPY --from=builder /workspace/ke /bin/ke
38 |
39 | ENTRYPOINT ["/bin/ke"]
40 |
--------------------------------------------------------------------------------
/chart/kubeeye/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *.orig
18 | *~
19 | # Various IDEs
20 | .project
21 | .idea/
22 | *.tmproj
23 | .vscode/
24 |
--------------------------------------------------------------------------------
/chart/kubeeye/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v2
2 | name: kubeeye
3 | description: A Helm chart for KubeEye
4 | # A chart can be either an 'application' or a 'library' chart.
5 | #
6 | # Application charts are a collection of templates that can be packaged into versioned archives
7 | # to be deployed.
8 | #
9 | # Library charts provide useful utilities or functions for the chart developer. They're included as
10 | # a dependency of application charts to inject those utilities and functions into the rendering
11 | # pipeline. Library charts do not define any templates and therefore cannot be deployed.
12 | type: application
13 | # This is the chart version. This version number should be incremented each time you make changes
14 | # to the chart and its templates, including the app version.
15 | # Versions are expected to follow Semantic Versioning (https://semver.org/)
16 | version: 1.0.2
17 | # This is the version number of the application being deployed. This version number should be
18 | # incremented each time you make changes to the application. Versions are not expected to
19 | # follow Semantic Versioning. They should reflect the version the application is using.
20 | # It is recommended to use it with quotes.
21 | appVersion: "v1.0.5"
22 |
--------------------------------------------------------------------------------
/chart/kubeeye/templates/_helpers.tpl:
--------------------------------------------------------------------------------
1 | {{/*
2 | Expand the name of the chart.
3 | */}}
4 | {{- define "kubeeye.name" -}}
5 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
6 | {{- end }}
7 |
8 | {{/*
9 | Create a default fully qualified app name.
10 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
11 | If release name contains chart name it will be used as a full name.
12 | */}}
13 | {{- define "kubeeye.fullname" -}}
14 | {{- if .Values.fullnameOverride }}
15 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
16 | {{- else }}
17 | {{- $name := default .Chart.Name .Values.nameOverride }}
18 | {{- if contains $name .Release.Name }}
19 | {{- .Release.Name | trunc 63 | trimSuffix "-" }}
20 | {{- else }}
21 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
22 | {{- end }}
23 | {{- end }}
24 | {{- end }}
25 |
26 | {{/*
27 | Create chart name and version as used by the chart label.
28 | */}}
29 | {{- define "kubeeye.chart" -}}
30 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
31 | {{- end }}
32 |
33 | {{/*
34 | Common labels
35 | */}}
36 | {{- define "kubeeye.labels" -}}
37 | helm.sh/chart: {{ include "kubeeye.chart" . }}
38 | {{ include "kubeeye.selectorLabels" . }}
39 | {{- if .Chart.AppVersion }}
40 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
41 | {{- end }}
42 | app.kubernetes.io/managed-by: {{ .Release.Service }}
43 | {{- end }}
44 |
45 | {{/*
46 | Selector labels
47 | */}}
48 | {{- define "kubeeye.selectorLabels" -}}
49 | app.kubernetes.io/name: {{ include "kubeeye.name" . }}
50 | app.kubernetes.io/instance: {{ .Release.Name }}
51 | {{- end }}
52 |
53 | {{/*
54 | Create the name of the service account to use
55 | */}}
56 | {{- define "kubeeye.serviceAccountName" -}}
57 | {{- if .Values.serviceAccount.create }}
58 | {{- default (include "kubeeye.fullname" .) .Values.serviceAccount.name }}
59 | {{- else }}
60 | {{- default "default" .Values.serviceAccount.name }}
61 | {{- end }}
62 | {{- end }}
63 |
--------------------------------------------------------------------------------
/chart/kubeeye/templates/apiserver.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: {{ include "kubeeye.fullname" . }}-apiserver
5 | labels:
6 | {{- include "kubeeye.labels" . | nindent 4 }}
7 | spec:
8 | type: {{ .Values.apiserver.type }}
9 | selector:
10 | control-plane: kubeeye-controller-manager
11 | {{- include "kubeeye.selectorLabels" . | nindent 4 }}
12 | ports:
13 | {{- .Values.apiserver.ports | toYaml | nindent 2 }}
--------------------------------------------------------------------------------
/chart/kubeeye/templates/config.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ConfigMap
3 | metadata:
4 | name: {{ include "kubeeye.fullname" . }}-config
5 | labels:
6 | {{- include "kubeeye.labels" . | nindent 4 }}
7 | data:
8 | config: |-
9 | job:
10 | autoDelTime: 30
11 | backLimit: 5
12 | image: {{ template "config.job.image" . }}
13 | imagePullPolicy: {{ .Values.config.job.image.pullPolicy }}
14 | resources:
15 | limits:
16 | cpu: 1000m
17 | memory: 512Mi
18 | requests:
19 | cpu: 50m
20 | memory: 256Mi
21 | multiCluster:
22 | member1:
23 | image: {{ template "config.job.image" . }}
24 | imagePullPolicy: {{ .Values.config.job.image.pullPolicy }}
25 |
--------------------------------------------------------------------------------
/chart/kubeeye/templates/images.tpl:
--------------------------------------------------------------------------------
1 | {{/*
2 | Return the proper image name
3 | */}}
4 | {{- define "controllerManager.kubeRbacProxy.image" -}}
5 | {{ include "common.images.image" (dict "imageRoot" .Values.controllerManager.kubeRbacProxy.image "global" .Values.global) }}
6 | {{- end -}}
7 |
8 | {{- define "controllerManager.kubeeyeApiserver.image" -}}
9 | {{ include "common.images.image" (dict "imageRoot" .Values.controllerManager.kubeeyeApiserver.image "global" .Values.global) }}
10 | {{- end -}}
11 |
12 | {{- define "controllerManager.manager.image" -}}
13 | {{ include "common.images.image" (dict "imageRoot" .Values.controllerManager.manager.image "global" .Values.global) }}
14 | {{- end -}}
15 |
16 | {{- define "config.job.image" -}}
17 | {{ include "common.images.image" (dict "imageRoot" .Values.config.job.image "global" .Values.global) }}
18 | {{- end -}}
19 |
20 | {{- define "common.images.image" -}}
21 | {{- $registryName := .global.imageRegistry -}}
22 | {{- $repositoryName := .imageRoot.repository -}}
23 | {{- $separator := ":" -}}
24 | {{- $termination := .global.tag | toString -}}
25 | {{- if .imageRoot.registry }}
26 | {{- $registryName = .imageRoot.registry -}}
27 | {{- end -}}
28 | {{- if .imageRoot.tag }}
29 | {{- $termination = .imageRoot.tag | toString -}}
30 | {{- end -}}
31 | {{- if .imageRoot.digest }}
32 | {{- $separator = "@" -}}
33 | {{- $termination = .imageRoot.digest | toString -}}
34 | {{- end -}}
35 | {{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}}
36 | {{- end -}}
37 |
38 |
39 | {{/*
40 | Return the proper Docker Image Registry Secret Names
41 | */}}
42 | {{- define "backend.imagePullSecrets" -}}
43 | {{- include "common.images.pullSecrets" (dict "pullSecrets" .Values.imagePullSecrets "global" .Values.global) -}}
44 | {{- end -}}
45 |
46 | {{- define "common.images.pullSecrets" -}}
47 | {{- $pullSecrets := list }}
48 |
49 | {{- if .global }}
50 | {{- range .global.imagePullSecrets -}}
51 | {{- $pullSecrets = append $pullSecrets . -}}
52 | {{- end -}}
53 | {{- end -}}
54 |
55 | {{- range .pullSecrets -}}
56 | {{- $pullSecrets = append $pullSecrets . -}}
57 | {{- end -}}
58 |
59 | {{- if (not (empty $pullSecrets)) }}
60 | imagePullSecrets:
61 | {{- range $pullSecrets }}
62 | - name: {{ . }}
63 | {{- end }}
64 | {{- end }}
65 | {{- end -}}
66 |
--------------------------------------------------------------------------------
/chart/kubeeye/templates/leader-election-rbac.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: rbac.authorization.k8s.io/v1
2 | kind: Role
3 | metadata:
4 | name: {{ include "kubeeye.fullname" . }}-leader-election-role
5 | labels:
6 | {{- include "kubeeye.labels" . | nindent 4 }}
7 | rules:
8 | - apiGroups:
9 | - ""
10 | resources:
11 | - configmaps
12 | verbs:
13 | - get
14 | - list
15 | - watch
16 | - create
17 | - update
18 | - patch
19 | - delete
20 | - apiGroups:
21 | - coordination.k8s.io
22 | resources:
23 | - leases
24 | verbs:
25 | - get
26 | - list
27 | - watch
28 | - create
29 | - update
30 | - patch
31 | - delete
32 | - apiGroups:
33 | - ""
34 | resources:
35 | - events
36 | verbs:
37 | - create
38 | - patch
39 | ---
40 | apiVersion: rbac.authorization.k8s.io/v1
41 | kind: RoleBinding
42 | metadata:
43 | name: {{ include "kubeeye.fullname" . }}-leader-election-rolebinding
44 | labels:
45 | {{- include "kubeeye.labels" . | nindent 4 }}
46 | roleRef:
47 | apiGroup: rbac.authorization.k8s.io
48 | kind: Role
49 | name: '{{ include "kubeeye.fullname" . }}-leader-election-role'
50 | subjects:
51 | - kind: ServiceAccount
52 | name: '{{ include "kubeeye.fullname" . }}-controller-manager'
53 | namespace: '{{ .Release.Namespace }}'
--------------------------------------------------------------------------------
/chart/kubeeye/templates/manager-config.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ConfigMap
3 | metadata:
4 | name: {{ include "kubeeye.fullname" . }}-manager-config
5 | labels:
6 | {{- include "kubeeye.labels" . | nindent 4 }}
7 | data:
8 | controller_manager_config.yaml: {{ .Values.managerConfig.controllerManagerConfigYaml
9 | | toYaml | indent 1 }}
--------------------------------------------------------------------------------
/chart/kubeeye/templates/manager-rbac.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: rbac.authorization.k8s.io/v1
2 | kind: ClusterRole
3 | metadata:
4 | name: {{ include "kubeeye.fullname" . }}-manager-role
5 | labels:
6 | {{- include "kubeeye.labels" . | nindent 4 }}
7 | rules:
8 | - apiGroups:
9 | - ""
10 | resources:
11 | - configmaps
12 | verbs:
13 | - deletecollection
14 | - get
15 | - list
16 | - watch
17 | - apiGroups:
18 | - ""
19 | resources:
20 | - namespaces
21 | verbs:
22 | - create
23 | - get
24 | - list
25 | - watch
26 | - apiGroups:
27 | - ""
28 | resources:
29 | - nodes
30 | - pods
31 | - secrets
32 | - services
33 | verbs:
34 | - get
35 | - list
36 | - watch
37 | - apiGroups:
38 | - ""
39 | resources:
40 | - serviceaccounts
41 | verbs:
42 | - create
43 | - delete
44 | - apiGroups:
45 | - batch
46 | resources:
47 | - jobs
48 | verbs:
49 | - create
50 | - delete
51 | - get
52 | - apiGroups:
53 | - cluster.kubesphere.io
54 | resources:
55 | - clusters
56 | verbs:
57 | - get
58 | - apiGroups:
59 | - kubeeye.kubesphere.io
60 | resources:
61 | - inspectplans
62 | - inspectresults
63 | - inspectrules
64 | - inspecttasks
65 | verbs:
66 | - create
67 | - delete
68 | - get
69 | - list
70 | - patch
71 | - update
72 | - watch
73 | - apiGroups:
74 | - kubeeye.kubesphere.io
75 | resources:
76 | - inspectplans/finalizers
77 | - inspectresults/finalizers
78 | - inspectrules/finalizers
79 | - inspecttasks/finalizers
80 | verbs:
81 | - update
82 | - apiGroups:
83 | - kubeeye.kubesphere.io
84 | resources:
85 | - inspectplans/status
86 | - inspectresults/status
87 | - inspectrules/status
88 | - inspecttasks/status
89 | verbs:
90 | - get
91 | - patch
92 | - update
93 | - apiGroups:
94 | - rbac.authorization.k8s.io
95 | resources:
96 | - clusterrolebindings
97 | - clusterroles
98 | verbs:
99 | - '*'
100 | ---
101 | apiVersion: rbac.authorization.k8s.io/v1
102 | kind: ClusterRoleBinding
103 | metadata:
104 | name: {{ include "kubeeye.fullname" . }}-manager-rolebinding
105 | labels:
106 | {{- include "kubeeye.labels" . | nindent 4 }}
107 | roleRef:
108 | apiGroup: rbac.authorization.k8s.io
109 | kind: ClusterRole
110 | name: '{{ include "kubeeye.fullname" . }}-manager-role'
111 | subjects:
112 | - kind: ServiceAccount
113 | name: '{{ include "kubeeye.fullname" . }}-controller-manager'
114 | namespace: '{{ .Release.Namespace }}'
--------------------------------------------------------------------------------
/chart/kubeeye/templates/metrics-reader-rbac.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: rbac.authorization.k8s.io/v1
2 | kind: ClusterRole
3 | metadata:
4 | name: {{ include "kubeeye.fullname" . }}-metrics-reader
5 | labels:
6 | {{- include "kubeeye.labels" . | nindent 4 }}
7 | rules:
8 | - nonResourceURLs:
9 | - /metrics
10 | verbs:
11 | - get
--------------------------------------------------------------------------------
/chart/kubeeye/templates/metrics-service.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: {{ include "kubeeye.fullname" . }}-controller-manager-metrics-service
5 | labels:
6 | control-plane: kubeeye-controller-manager
7 | {{- include "kubeeye.labels" . | nindent 4 }}
8 | spec:
9 | type: {{ .Values.metricsService.type }}
10 | selector:
11 | control-plane: kubeeye-controller-manager
12 | {{- include "kubeeye.selectorLabels" . | nindent 4 }}
13 | ports:
14 | {{- .Values.metricsService.ports | toYaml | nindent 2 }}
--------------------------------------------------------------------------------
/chart/kubeeye/templates/proxy-rbac.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: rbac.authorization.k8s.io/v1
2 | kind: ClusterRole
3 | metadata:
4 | name: {{ include "kubeeye.fullname" . }}-proxy-role
5 | labels:
6 | {{- include "kubeeye.labels" . | nindent 4 }}
7 | rules:
8 | - apiGroups:
9 | - authentication.k8s.io
10 | resources:
11 | - tokenreviews
12 | verbs:
13 | - create
14 | - apiGroups:
15 | - authorization.k8s.io
16 | resources:
17 | - subjectaccessreviews
18 | verbs:
19 | - create
20 | ---
21 | apiVersion: rbac.authorization.k8s.io/v1
22 | kind: ClusterRoleBinding
23 | metadata:
24 | name: {{ include "kubeeye.fullname" . }}-proxy-rolebinding
25 | labels:
26 | {{- include "kubeeye.labels" . | nindent 4 }}
27 | roleRef:
28 | apiGroup: rbac.authorization.k8s.io
29 | kind: ClusterRole
30 | name: '{{ include "kubeeye.fullname" . }}-proxy-role'
31 | subjects:
32 | - kind: ServiceAccount
33 | name: '{{ include "kubeeye.fullname" . }}-controller-manager'
34 | namespace: '{{ .Release.Namespace }}'
--------------------------------------------------------------------------------
/chart/kubeeye/templates/pvc.yaml:
--------------------------------------------------------------------------------
1 | {{ if .Values.persistence.enabled }}
2 | apiVersion: v1
3 | kind: PersistentVolumeClaim
4 | metadata:
5 | annotations:
6 | "helm.sh/resource-policy": keep
7 | name: {{ include "kubeeye.fullname" . }}-inspect-result
8 | labels:
9 | {{- include "kubeeye.labels" . | nindent 4 }}
10 | spec:
11 | {{- if .Values.persistence.storageClass }}
12 | storageClassName: {{ .Values.persistence.storageClass | quote }}
13 | {{- end }}
14 | accessModes:
15 | - {{ .Values.persistence.accessMode | quote }}
16 | resources:
17 | requests:
18 | storage: {{ .Values.persistence.size | quote }}
19 | {{- end }}
20 |
--------------------------------------------------------------------------------
/chart/kubeeye/templates/serviceaccount.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ServiceAccount
3 | metadata:
4 | name: {{ include "kubeeye.fullname" . }}-controller-manager
5 | labels:
6 | {{- include "kubeeye.labels" . | nindent 4 }}
7 | annotations:
8 | {{- toYaml .Values.controllerManager.serviceAccount.annotations | nindent 4 }}
--------------------------------------------------------------------------------
/chart/kubeeye/values.yaml:
--------------------------------------------------------------------------------
1 | global:
2 | imageRegistry: docker.io
3 |
4 | apiserver:
5 | ports:
6 | - port: 9090
7 | protocol: TCP
8 | targetPort: 9090
9 | type: ClusterIP
10 | config:
11 | job:
12 | image:
13 | repository: kubespheredev/kubeeye-job
14 | tag: v1.0.5
15 | pullPolicy: IfNotPresent
16 | controllerManager:
17 | kubeRbacProxy:
18 | args:
19 | - --secure-listen-address=0.0.0.0:8443
20 | - --upstream=http://127.0.0.1:8080/
21 | - --logtostderr=true
22 | - --v=0
23 | image:
24 | repository: kubesphere/kube-rbac-proxy
25 | tag: v0.11.0
26 | resources:
27 | limits:
28 | cpu: 500m
29 | memory: 128Mi
30 | requests:
31 | cpu: 5m
32 | memory: 64Mi
33 | kubeeyeApiserver:
34 | env:
35 | disableOverview: "true"
36 | disableSystemComponent: "true"
37 | ginMode: release
38 | image:
39 | repository: kubespheredev/kubeeye-apiserver
40 | tag: v1.0.5
41 | imagePullPolicy: IfNotPresent
42 | resources:
43 | limits:
44 | cpu: 500m
45 | memory: 256Mi
46 | requests:
47 | cpu: 100m
48 | memory: 128Mi
49 | manager:
50 | args:
51 | - --health-probe-bind-address=:8081
52 | - --metrics-bind-address=127.0.0.1:8080
53 | - --leader-elect
54 | containerSecurityContext:
55 | allowPrivilegeEscalation: false
56 | image:
57 | repository: kubespheredev/kubeeye-controller
58 | tag: v1.0.5
59 | imagePullPolicy: IfNotPresent
60 | resources:
61 | limits:
62 | cpu: 1500m
63 | memory: 2Gi
64 | requests:
65 | cpu: 200m
66 | memory: 256Mi
67 | replicas: 1
68 | serviceAccount:
69 | annotations: {}
70 | kubernetesClusterDomain: cluster.local
71 | managerConfig:
72 | controllerManagerConfigYaml: |-
73 | apiVersion: controller-runtime.sigs.k8s.io/v1alpha1
74 | kind: ControllerManagerConfig
75 | health:
76 | healthProbeBindAddress: :8081
77 | metrics:
78 | bindAddress: 127.0.0.1:8080
79 | webhook:
80 | port: 9443
81 | leaderElection:
82 | leaderElect: true
83 | resourceName: fa68b2a3.kubesphere.io
84 | metricsService:
85 | ports:
86 | - name: https
87 | port: 8443
88 | protocol: TCP
89 | targetPort: https
90 | type: ClusterIP
91 |
92 | persistence:
93 | enabled: true
94 | storageClass: ""
95 | accessMode: ReadWriteOnce
96 | size: 10Gi
97 |
98 |
--------------------------------------------------------------------------------
/clients/applyconfiguration/internal/internal.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2022.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 | // Code generated by applyconfiguration-gen. DO NOT EDIT.
17 |
18 | package internal
19 |
20 | import (
21 | fmt "fmt"
22 | sync "sync"
23 |
24 | typed "sigs.k8s.io/structured-merge-diff/v4/typed"
25 | )
26 |
27 | func Parser() *typed.Parser {
28 | parserOnce.Do(func() {
29 | var err error
30 | parser, err = typed.NewParser(schemaYAML)
31 | if err != nil {
32 | panic(fmt.Sprintf("Failed to parse schema: %v", err))
33 | }
34 | })
35 | return parser
36 | }
37 |
38 | var parserOnce sync.Once
39 | var parser *typed.Parser
40 | var schemaYAML = typed.YAMLObject(`types:
41 | - name: __untyped_atomic_
42 | scalar: untyped
43 | list:
44 | elementType:
45 | namedType: __untyped_atomic_
46 | elementRelationship: atomic
47 | map:
48 | elementType:
49 | namedType: __untyped_atomic_
50 | elementRelationship: atomic
51 | - name: __untyped_deduced_
52 | scalar: untyped
53 | list:
54 | elementType:
55 | namedType: __untyped_atomic_
56 | elementRelationship: atomic
57 | map:
58 | elementType:
59 | namedType: __untyped_deduced_
60 | elementRelationship: separable
61 | `)
62 |
--------------------------------------------------------------------------------
/clients/applyconfiguration/kubeeye/v1alpha2/baseresult.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2022.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 | // Code generated by applyconfiguration-gen. DO NOT EDIT.
17 |
18 | package v1alpha2
19 |
20 | import (
21 | kubeeyev1alpha2 "github.com/kubesphere/kubeeye/apis/kubeeye/v1alpha2"
22 | )
23 |
24 | // BaseResultApplyConfiguration represents a declarative configuration of the BaseResult type for use
25 | // with apply.
26 | type BaseResultApplyConfiguration struct {
27 | Name *string `json:"name,omitempty"`
28 | Assert *bool `json:"assert,omitempty"`
29 | Level *kubeeyev1alpha2.Level `json:"level,omitempty"`
30 | }
31 |
32 | // BaseResultApplyConfiguration constructs a declarative configuration of the BaseResult type for use with
33 | // apply.
34 | func BaseResult() *BaseResultApplyConfiguration {
35 | return &BaseResultApplyConfiguration{}
36 | }
37 |
38 | // WithName sets the Name field in the declarative configuration to the given value
39 | // and returns the receiver, so that objects can be built by chaining "With" function invocations.
40 | // If called multiple times, the Name field is set to the value of the last call.
41 | func (b *BaseResultApplyConfiguration) WithName(value string) *BaseResultApplyConfiguration {
42 | b.Name = &value
43 | return b
44 | }
45 |
46 | // WithAssert sets the Assert field in the declarative configuration to the given value
47 | // and returns the receiver, so that objects can be built by chaining "With" function invocations.
48 | // If called multiple times, the Assert field is set to the value of the last call.
49 | func (b *BaseResultApplyConfiguration) WithAssert(value bool) *BaseResultApplyConfiguration {
50 | b.Assert = &value
51 | return b
52 | }
53 |
54 | // WithLevel sets the Level field in the declarative configuration to the given value
55 | // and returns the receiver, so that objects can be built by chaining "With" function invocations.
56 | // If called multiple times, the Level field is set to the value of the last call.
57 | func (b *BaseResultApplyConfiguration) WithLevel(value kubeeyev1alpha2.Level) *BaseResultApplyConfiguration {
58 | b.Level = &value
59 | return b
60 | }
61 |
--------------------------------------------------------------------------------
/clients/applyconfiguration/kubeeye/v1alpha2/cluster.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2022.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 | // Code generated by applyconfiguration-gen. DO NOT EDIT.
17 |
18 | package v1alpha2
19 |
20 | // ClusterApplyConfiguration represents a declarative configuration of the Cluster type for use
21 | // with apply.
22 | type ClusterApplyConfiguration struct {
23 | Name *string `json:"name,omitempty"`
24 | Provider *string `json:"provider,omitempty"`
25 | }
26 |
27 | // ClusterApplyConfiguration constructs a declarative configuration of the Cluster type for use with
28 | // apply.
29 | func Cluster() *ClusterApplyConfiguration {
30 | return &ClusterApplyConfiguration{}
31 | }
32 |
33 | // WithName sets the Name field in the declarative configuration to the given value
34 | // and returns the receiver, so that objects can be built by chaining "With" function invocations.
35 | // If called multiple times, the Name field is set to the value of the last call.
36 | func (b *ClusterApplyConfiguration) WithName(value string) *ClusterApplyConfiguration {
37 | b.Name = &value
38 | return b
39 | }
40 |
41 | // WithProvider sets the Provider field in the declarative configuration to the given value
42 | // and returns the receiver, so that objects can be built by chaining "With" function invocations.
43 | // If called multiple times, the Provider field is set to the value of the last call.
44 | func (b *ClusterApplyConfiguration) WithProvider(value string) *ClusterApplyConfiguration {
45 | b.Provider = &value
46 | return b
47 | }
48 |
--------------------------------------------------------------------------------
/clients/applyconfiguration/kubeeye/v1alpha2/clusterinfo.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2022.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 | // Code generated by applyconfiguration-gen. DO NOT EDIT.
17 |
18 | package v1alpha2
19 |
20 | // ClusterInfoApplyConfiguration represents a declarative configuration of the ClusterInfo type for use
21 | // with apply.
22 | type ClusterInfoApplyConfiguration struct {
23 | ClusterVersion *string `json:"version,omitempty"`
24 | NodesCount *int `json:"nodesCount,omitempty"`
25 | NamespacesCount *int `json:"namespacesCount,omitempty"`
26 | }
27 |
28 | // ClusterInfoApplyConfiguration constructs a declarative configuration of the ClusterInfo type for use with
29 | // apply.
30 | func ClusterInfo() *ClusterInfoApplyConfiguration {
31 | return &ClusterInfoApplyConfiguration{}
32 | }
33 |
34 | // WithClusterVersion sets the ClusterVersion field in the declarative configuration to the given value
35 | // and returns the receiver, so that objects can be built by chaining "With" function invocations.
36 | // If called multiple times, the ClusterVersion field is set to the value of the last call.
37 | func (b *ClusterInfoApplyConfiguration) WithClusterVersion(value string) *ClusterInfoApplyConfiguration {
38 | b.ClusterVersion = &value
39 | return b
40 | }
41 |
42 | // WithNodesCount sets the NodesCount field in the declarative configuration to the given value
43 | // and returns the receiver, so that objects can be built by chaining "With" function invocations.
44 | // If called multiple times, the NodesCount field is set to the value of the last call.
45 | func (b *ClusterInfoApplyConfiguration) WithNodesCount(value int) *ClusterInfoApplyConfiguration {
46 | b.NodesCount = &value
47 | return b
48 | }
49 |
50 | // WithNamespacesCount sets the NamespacesCount field in the declarative configuration to the given value
51 | // and returns the receiver, so that objects can be built by chaining "With" function invocations.
52 | // If called multiple times, the NamespacesCount field is set to the value of the last call.
53 | func (b *ClusterInfoApplyConfiguration) WithNamespacesCount(value int) *ClusterInfoApplyConfiguration {
54 | b.NamespacesCount = &value
55 | return b
56 | }
57 |
--------------------------------------------------------------------------------
/clients/applyconfiguration/kubeeye/v1alpha2/componentresultitem.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2022.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 | // Code generated by applyconfiguration-gen. DO NOT EDIT.
17 |
18 | package v1alpha2
19 |
20 | import (
21 | kubeeyev1alpha2 "github.com/kubesphere/kubeeye/apis/kubeeye/v1alpha2"
22 | )
23 |
24 | // ComponentResultItemApplyConfiguration represents a declarative configuration of the ComponentResultItem type for use
25 | // with apply.
26 | type ComponentResultItemApplyConfiguration struct {
27 | BaseResultApplyConfiguration `json:",inline"`
28 | }
29 |
30 | // ComponentResultItemApplyConfiguration constructs a declarative configuration of the ComponentResultItem type for use with
31 | // apply.
32 | func ComponentResultItem() *ComponentResultItemApplyConfiguration {
33 | return &ComponentResultItemApplyConfiguration{}
34 | }
35 |
36 | // WithName sets the Name field in the declarative configuration to the given value
37 | // and returns the receiver, so that objects can be built by chaining "With" function invocations.
38 | // If called multiple times, the Name field is set to the value of the last call.
39 | func (b *ComponentResultItemApplyConfiguration) WithName(value string) *ComponentResultItemApplyConfiguration {
40 | b.BaseResultApplyConfiguration.Name = &value
41 | return b
42 | }
43 |
44 | // WithAssert sets the Assert field in the declarative configuration to the given value
45 | // and returns the receiver, so that objects can be built by chaining "With" function invocations.
46 | // If called multiple times, the Assert field is set to the value of the last call.
47 | func (b *ComponentResultItemApplyConfiguration) WithAssert(value bool) *ComponentResultItemApplyConfiguration {
48 | b.BaseResultApplyConfiguration.Assert = &value
49 | return b
50 | }
51 |
52 | // WithLevel sets the Level field in the declarative configuration to the given value
53 | // and returns the receiver, so that objects can be built by chaining "With" function invocations.
54 | // If called multiple times, the Level field is set to the value of the last call.
55 | func (b *ComponentResultItemApplyConfiguration) WithLevel(value kubeeyev1alpha2.Level) *ComponentResultItemApplyConfiguration {
56 | b.BaseResultApplyConfiguration.Level = &value
57 | return b
58 | }
59 |
--------------------------------------------------------------------------------
/clients/applyconfiguration/kubeeye/v1alpha2/extrainfo.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2022.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 | // Code generated by applyconfiguration-gen. DO NOT EDIT.
17 |
18 | package v1alpha2
19 |
20 | // ExtraInfoApplyConfiguration represents a declarative configuration of the ExtraInfo type for use
21 | // with apply.
22 | type ExtraInfoApplyConfiguration struct {
23 | WorkloadsCount *int `json:"workloadsCount,omitempty"`
24 | NamespacesList []string `json:"namespacesList,omitempty"`
25 | }
26 |
27 | // ExtraInfoApplyConfiguration constructs a declarative configuration of the ExtraInfo type for use with
28 | // apply.
29 | func ExtraInfo() *ExtraInfoApplyConfiguration {
30 | return &ExtraInfoApplyConfiguration{}
31 | }
32 |
33 | // WithWorkloadsCount sets the WorkloadsCount field in the declarative configuration to the given value
34 | // and returns the receiver, so that objects can be built by chaining "With" function invocations.
35 | // If called multiple times, the WorkloadsCount field is set to the value of the last call.
36 | func (b *ExtraInfoApplyConfiguration) WithWorkloadsCount(value int) *ExtraInfoApplyConfiguration {
37 | b.WorkloadsCount = &value
38 | return b
39 | }
40 |
41 | // WithNamespacesList adds the given value to the NamespacesList field in the declarative configuration
42 | // and returns the receiver, so that objects can be build by chaining "With" function invocations.
43 | // If called multiple times, values provided by each call will be appended to the NamespacesList field.
44 | func (b *ExtraInfoApplyConfiguration) WithNamespacesList(values ...string) *ExtraInfoApplyConfiguration {
45 | for i := range values {
46 | b.NamespacesList = append(b.NamespacesList, values[i])
47 | }
48 | return b
49 | }
50 |
--------------------------------------------------------------------------------
/clients/applyconfiguration/kubeeye/v1alpha2/inspectrulenames.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2022.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 | // Code generated by applyconfiguration-gen. DO NOT EDIT.
17 |
18 | package v1alpha2
19 |
20 | // InspectRuleNamesApplyConfiguration represents a declarative configuration of the InspectRuleNames type for use
21 | // with apply.
22 | type InspectRuleNamesApplyConfiguration struct {
23 | Name *string `json:"name,omitempty"`
24 | NodeName *string `json:"nodeName,omitempty"`
25 | NodeSelector map[string]string `json:"nodeSelector,omitempty"`
26 | }
27 |
28 | // InspectRuleNamesApplyConfiguration constructs a declarative configuration of the InspectRuleNames type for use with
29 | // apply.
30 | func InspectRuleNames() *InspectRuleNamesApplyConfiguration {
31 | return &InspectRuleNamesApplyConfiguration{}
32 | }
33 |
34 | // WithName sets the Name field in the declarative configuration to the given value
35 | // and returns the receiver, so that objects can be built by chaining "With" function invocations.
36 | // If called multiple times, the Name field is set to the value of the last call.
37 | func (b *InspectRuleNamesApplyConfiguration) WithName(value string) *InspectRuleNamesApplyConfiguration {
38 | b.Name = &value
39 | return b
40 | }
41 |
42 | // WithNodeName sets the NodeName field in the declarative configuration to the given value
43 | // and returns the receiver, so that objects can be built by chaining "With" function invocations.
44 | // If called multiple times, the NodeName field is set to the value of the last call.
45 | func (b *InspectRuleNamesApplyConfiguration) WithNodeName(value string) *InspectRuleNamesApplyConfiguration {
46 | b.NodeName = &value
47 | return b
48 | }
49 |
50 | // WithNodeSelector puts the entries into the NodeSelector field in the declarative configuration
51 | // and returns the receiver, so that objects can be build by chaining "With" function invocations.
52 | // If called multiple times, the entries provided by each call will be put on the NodeSelector field,
53 | // overwriting an existing map entries in NodeSelector field with the same key.
54 | func (b *InspectRuleNamesApplyConfiguration) WithNodeSelector(entries map[string]string) *InspectRuleNamesApplyConfiguration {
55 | if b.NodeSelector == nil && len(entries) > 0 {
56 | b.NodeSelector = make(map[string]string, len(entries))
57 | }
58 | for k, v := range entries {
59 | b.NodeSelector[k] = v
60 | }
61 | return b
62 | }
63 |
--------------------------------------------------------------------------------
/clients/applyconfiguration/kubeeye/v1alpha2/jobphase.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2022.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 | // Code generated by applyconfiguration-gen. DO NOT EDIT.
17 |
18 | package v1alpha2
19 |
20 | import (
21 | kubeeyev1alpha2 "github.com/kubesphere/kubeeye/apis/kubeeye/v1alpha2"
22 | )
23 |
24 | // JobPhaseApplyConfiguration represents a declarative configuration of the JobPhase type for use
25 | // with apply.
26 | type JobPhaseApplyConfiguration struct {
27 | JobName *string `json:"jobName,omitempty"`
28 | Phase *kubeeyev1alpha2.Phase `json:"phase,omitempty"`
29 | }
30 |
31 | // JobPhaseApplyConfiguration constructs a declarative configuration of the JobPhase type for use with
32 | // apply.
33 | func JobPhase() *JobPhaseApplyConfiguration {
34 | return &JobPhaseApplyConfiguration{}
35 | }
36 |
37 | // WithJobName sets the JobName field in the declarative configuration to the given value
38 | // and returns the receiver, so that objects can be built by chaining "With" function invocations.
39 | // If called multiple times, the JobName field is set to the value of the last call.
40 | func (b *JobPhaseApplyConfiguration) WithJobName(value string) *JobPhaseApplyConfiguration {
41 | b.JobName = &value
42 | return b
43 | }
44 |
45 | // WithPhase sets the Phase field in the declarative configuration to the given value
46 | // and returns the receiver, so that objects can be built by chaining "With" function invocations.
47 | // If called multiple times, the Phase field is set to the value of the last call.
48 | func (b *JobPhaseApplyConfiguration) WithPhase(value kubeeyev1alpha2.Phase) *JobPhaseApplyConfiguration {
49 | b.Phase = &value
50 | return b
51 | }
52 |
--------------------------------------------------------------------------------
/clients/applyconfiguration/kubeeye/v1alpha2/node.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2022.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 | // Code generated by applyconfiguration-gen. DO NOT EDIT.
17 |
18 | package v1alpha2
19 |
20 | // NodeApplyConfiguration represents a declarative configuration of the Node type for use
21 | // with apply.
22 | type NodeApplyConfiguration struct {
23 | NodeName *string `json:"nodeName,omitempty"`
24 | NodeSelector map[string]string `json:"nodeSelector,omitempty"`
25 | }
26 |
27 | // NodeApplyConfiguration constructs a declarative configuration of the Node type for use with
28 | // apply.
29 | func Node() *NodeApplyConfiguration {
30 | return &NodeApplyConfiguration{}
31 | }
32 |
33 | // WithNodeName sets the NodeName field in the declarative configuration to the given value
34 | // and returns the receiver, so that objects can be built by chaining "With" function invocations.
35 | // If called multiple times, the NodeName field is set to the value of the last call.
36 | func (b *NodeApplyConfiguration) WithNodeName(value string) *NodeApplyConfiguration {
37 | b.NodeName = &value
38 | return b
39 | }
40 |
41 | // WithNodeSelector puts the entries into the NodeSelector field in the declarative configuration
42 | // and returns the receiver, so that objects can be build by chaining "With" function invocations.
43 | // If called multiple times, the entries provided by each call will be put on the NodeSelector field,
44 | // overwriting an existing map entries in NodeSelector field with the same key.
45 | func (b *NodeApplyConfiguration) WithNodeSelector(entries map[string]string) *NodeApplyConfiguration {
46 | if b.NodeSelector == nil && len(entries) > 0 {
47 | b.NodeSelector = make(map[string]string, len(entries))
48 | }
49 | for k, v := range entries {
50 | b.NodeSelector[k] = v
51 | }
52 | return b
53 | }
54 |
--------------------------------------------------------------------------------
/clients/applyconfiguration/kubeeye/v1alpha2/prometheusconfig.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2022.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 | // Code generated by applyconfiguration-gen. DO NOT EDIT.
17 |
18 | package v1alpha2
19 |
20 | // PrometheusConfigApplyConfiguration represents a declarative configuration of the PrometheusConfig type for use
21 | // with apply.
22 | type PrometheusConfigApplyConfiguration struct {
23 | Endpoint *string `json:"endpoint,omitempty"`
24 | BasicToken *string `json:"basicToken,omitempty"`
25 | BearerToken *string `json:"bearerToken,omitempty"`
26 | InsecureSkipVerify *bool `json:"insecureSkipVerify,omitempty"`
27 | }
28 |
29 | // PrometheusConfigApplyConfiguration constructs a declarative configuration of the PrometheusConfig type for use with
30 | // apply.
31 | func PrometheusConfig() *PrometheusConfigApplyConfiguration {
32 | return &PrometheusConfigApplyConfiguration{}
33 | }
34 |
35 | // WithEndpoint sets the Endpoint field in the declarative configuration to the given value
36 | // and returns the receiver, so that objects can be built by chaining "With" function invocations.
37 | // If called multiple times, the Endpoint field is set to the value of the last call.
38 | func (b *PrometheusConfigApplyConfiguration) WithEndpoint(value string) *PrometheusConfigApplyConfiguration {
39 | b.Endpoint = &value
40 | return b
41 | }
42 |
43 | // WithBasicToken sets the BasicToken field in the declarative configuration to the given value
44 | // and returns the receiver, so that objects can be built by chaining "With" function invocations.
45 | // If called multiple times, the BasicToken field is set to the value of the last call.
46 | func (b *PrometheusConfigApplyConfiguration) WithBasicToken(value string) *PrometheusConfigApplyConfiguration {
47 | b.BasicToken = &value
48 | return b
49 | }
50 |
51 | // WithBearerToken sets the BearerToken field in the declarative configuration to the given value
52 | // and returns the receiver, so that objects can be built by chaining "With" function invocations.
53 | // If called multiple times, the BearerToken field is set to the value of the last call.
54 | func (b *PrometheusConfigApplyConfiguration) WithBearerToken(value string) *PrometheusConfigApplyConfiguration {
55 | b.BearerToken = &value
56 | return b
57 | }
58 |
59 | // WithInsecureSkipVerify sets the InsecureSkipVerify field in the declarative configuration to the given value
60 | // and returns the receiver, so that objects can be built by chaining "With" function invocations.
61 | // If called multiple times, the InsecureSkipVerify field is set to the value of the last call.
62 | func (b *PrometheusConfigApplyConfiguration) WithInsecureSkipVerify(value bool) *PrometheusConfigApplyConfiguration {
63 | b.InsecureSkipVerify = &value
64 | return b
65 | }
66 |
--------------------------------------------------------------------------------
/clients/applyconfiguration/kubeeye/v1alpha2/resourceresult.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2022.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 | // Code generated by applyconfiguration-gen. DO NOT EDIT.
17 |
18 | package v1alpha2
19 |
20 | // ResourceResultApplyConfiguration represents a declarative configuration of the ResourceResult type for use
21 | // with apply.
22 | type ResourceResultApplyConfiguration struct {
23 | NameSpace *string `json:"namespace,omitempty"`
24 | ResourceType *string `json:"resourceType,omitempty"`
25 | Name *string `json:"name,omitempty"`
26 | ResultItems []ResultItemApplyConfiguration `json:"resultItems,omitempty"`
27 | }
28 |
29 | // ResourceResultApplyConfiguration constructs a declarative configuration of the ResourceResult type for use with
30 | // apply.
31 | func ResourceResult() *ResourceResultApplyConfiguration {
32 | return &ResourceResultApplyConfiguration{}
33 | }
34 |
35 | // WithNameSpace sets the NameSpace field in the declarative configuration to the given value
36 | // and returns the receiver, so that objects can be built by chaining "With" function invocations.
37 | // If called multiple times, the NameSpace field is set to the value of the last call.
38 | func (b *ResourceResultApplyConfiguration) WithNameSpace(value string) *ResourceResultApplyConfiguration {
39 | b.NameSpace = &value
40 | return b
41 | }
42 |
43 | // WithResourceType sets the ResourceType field in the declarative configuration to the given value
44 | // and returns the receiver, so that objects can be built by chaining "With" function invocations.
45 | // If called multiple times, the ResourceType field is set to the value of the last call.
46 | func (b *ResourceResultApplyConfiguration) WithResourceType(value string) *ResourceResultApplyConfiguration {
47 | b.ResourceType = &value
48 | return b
49 | }
50 |
51 | // WithName sets the Name field in the declarative configuration to the given value
52 | // and returns the receiver, so that objects can be built by chaining "With" function invocations.
53 | // If called multiple times, the Name field is set to the value of the last call.
54 | func (b *ResourceResultApplyConfiguration) WithName(value string) *ResourceResultApplyConfiguration {
55 | b.Name = &value
56 | return b
57 | }
58 |
59 | // WithResultItems adds the given value to the ResultItems field in the declarative configuration
60 | // and returns the receiver, so that objects can be build by chaining "With" function invocations.
61 | // If called multiple times, values provided by each call will be appended to the ResultItems field.
62 | func (b *ResourceResultApplyConfiguration) WithResultItems(values ...*ResultItemApplyConfiguration) *ResourceResultApplyConfiguration {
63 | for i := range values {
64 | if values[i] == nil {
65 | panic("nil value passed to WithResultItems")
66 | }
67 | b.ResultItems = append(b.ResultItems, *values[i])
68 | }
69 | return b
70 | }
71 |
--------------------------------------------------------------------------------
/clients/applyconfiguration/kubeeye/v1alpha2/resourcestype.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2022.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 | // Code generated by applyconfiguration-gen. DO NOT EDIT.
17 |
18 | package v1alpha2
19 |
20 | // ResourcesTypeApplyConfiguration represents a declarative configuration of the ResourcesType type for use
21 | // with apply.
22 | type ResourcesTypeApplyConfiguration struct {
23 | Mount *string `json:"mount,omitempty"`
24 | Type *string `json:"type,omitempty"`
25 | }
26 |
27 | // ResourcesTypeApplyConfiguration constructs a declarative configuration of the ResourcesType type for use with
28 | // apply.
29 | func ResourcesType() *ResourcesTypeApplyConfiguration {
30 | return &ResourcesTypeApplyConfiguration{}
31 | }
32 |
33 | // WithMount sets the Mount field in the declarative configuration to the given value
34 | // and returns the receiver, so that objects can be built by chaining "With" function invocations.
35 | // If called multiple times, the Mount field is set to the value of the last call.
36 | func (b *ResourcesTypeApplyConfiguration) WithMount(value string) *ResourcesTypeApplyConfiguration {
37 | b.Mount = &value
38 | return b
39 | }
40 |
41 | // WithType sets the Type field in the declarative configuration to the given value
42 | // and returns the receiver, so that objects can be built by chaining "With" function invocations.
43 | // If called multiple times, the Type field is set to the value of the last call.
44 | func (b *ResourcesTypeApplyConfiguration) WithType(value string) *ResourcesTypeApplyConfiguration {
45 | b.Type = &value
46 | return b
47 | }
48 |
--------------------------------------------------------------------------------
/clients/applyconfiguration/kubeeye/v1alpha2/resultitem.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2022.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 | // Code generated by applyconfiguration-gen. DO NOT EDIT.
17 |
18 | package v1alpha2
19 |
20 | // ResultItemApplyConfiguration represents a declarative configuration of the ResultItem type for use
21 | // with apply.
22 | type ResultItemApplyConfiguration struct {
23 | Level *string `json:"level,omitempty"`
24 | Message *string `json:"message,omitempty"`
25 | Reason *string `json:"reason,omitempty"`
26 | }
27 |
28 | // ResultItemApplyConfiguration constructs a declarative configuration of the ResultItem type for use with
29 | // apply.
30 | func ResultItem() *ResultItemApplyConfiguration {
31 | return &ResultItemApplyConfiguration{}
32 | }
33 |
34 | // WithLevel sets the Level field in the declarative configuration to the given value
35 | // and returns the receiver, so that objects can be built by chaining "With" function invocations.
36 | // If called multiple times, the Level field is set to the value of the last call.
37 | func (b *ResultItemApplyConfiguration) WithLevel(value string) *ResultItemApplyConfiguration {
38 | b.Level = &value
39 | return b
40 | }
41 |
42 | // WithMessage sets the Message field in the declarative configuration to the given value
43 | // and returns the receiver, so that objects can be built by chaining "With" function invocations.
44 | // If called multiple times, the Message field is set to the value of the last call.
45 | func (b *ResultItemApplyConfiguration) WithMessage(value string) *ResultItemApplyConfiguration {
46 | b.Message = &value
47 | return b
48 | }
49 |
50 | // WithReason sets the Reason field in the declarative configuration to the given value
51 | // and returns the receiver, so that objects can be built by chaining "With" function invocations.
52 | // If called multiple times, the Reason field is set to the value of the last call.
53 | func (b *ResultItemApplyConfiguration) WithReason(value string) *ResultItemApplyConfiguration {
54 | b.Reason = &value
55 | return b
56 | }
57 |
--------------------------------------------------------------------------------
/clients/applyconfiguration/kubeeye/v1alpha2/ruleitembases.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2022.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 | // Code generated by applyconfiguration-gen. DO NOT EDIT.
17 |
18 | package v1alpha2
19 |
20 | import (
21 | kubeeyev1alpha2 "github.com/kubesphere/kubeeye/apis/kubeeye/v1alpha2"
22 | )
23 |
24 | // RuleItemBasesApplyConfiguration represents a declarative configuration of the RuleItemBases type for use
25 | // with apply.
26 | type RuleItemBasesApplyConfiguration struct {
27 | Name *string `json:"name,omitempty"`
28 | Rule *string `json:"rule,omitempty"`
29 | Desc *string `json:"desc,omitempty"`
30 | Level *kubeeyev1alpha2.Level `json:"level,omitempty"`
31 | }
32 |
33 | // RuleItemBasesApplyConfiguration constructs a declarative configuration of the RuleItemBases type for use with
34 | // apply.
35 | func RuleItemBases() *RuleItemBasesApplyConfiguration {
36 | return &RuleItemBasesApplyConfiguration{}
37 | }
38 |
39 | // WithName sets the Name field in the declarative configuration to the given value
40 | // and returns the receiver, so that objects can be built by chaining "With" function invocations.
41 | // If called multiple times, the Name field is set to the value of the last call.
42 | func (b *RuleItemBasesApplyConfiguration) WithName(value string) *RuleItemBasesApplyConfiguration {
43 | b.Name = &value
44 | return b
45 | }
46 |
47 | // WithRule sets the Rule field in the declarative configuration to the given value
48 | // and returns the receiver, so that objects can be built by chaining "With" function invocations.
49 | // If called multiple times, the Rule field is set to the value of the last call.
50 | func (b *RuleItemBasesApplyConfiguration) WithRule(value string) *RuleItemBasesApplyConfiguration {
51 | b.Rule = &value
52 | return b
53 | }
54 |
55 | // WithDesc sets the Desc field in the declarative configuration to the given value
56 | // and returns the receiver, so that objects can be built by chaining "With" function invocations.
57 | // If called multiple times, the Desc field is set to the value of the last call.
58 | func (b *RuleItemBasesApplyConfiguration) WithDesc(value string) *RuleItemBasesApplyConfiguration {
59 | b.Desc = &value
60 | return b
61 | }
62 |
63 | // WithLevel sets the Level field in the declarative configuration to the given value
64 | // and returns the receiver, so that objects can be built by chaining "With" function invocations.
65 | // If called multiple times, the Level field is set to the value of the last call.
66 | func (b *RuleItemBasesApplyConfiguration) WithLevel(value kubeeyev1alpha2.Level) *RuleItemBasesApplyConfiguration {
67 | b.Level = &value
68 | return b
69 | }
70 |
--------------------------------------------------------------------------------
/clients/applyconfiguration/kubeeye/v1alpha2/tasknames.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2022.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 | // Code generated by applyconfiguration-gen. DO NOT EDIT.
17 |
18 | package v1alpha2
19 |
20 | import (
21 | kubeeyev1alpha2 "github.com/kubesphere/kubeeye/apis/kubeeye/v1alpha2"
22 | )
23 |
24 | // TaskNamesApplyConfiguration represents a declarative configuration of the TaskNames type for use
25 | // with apply.
26 | type TaskNamesApplyConfiguration struct {
27 | Name *string `json:"name,omitempty"`
28 | TaskStatus *kubeeyev1alpha2.Phase `json:"taskStatus,omitempty"`
29 | }
30 |
31 | // TaskNamesApplyConfiguration constructs a declarative configuration of the TaskNames type for use with
32 | // apply.
33 | func TaskNames() *TaskNamesApplyConfiguration {
34 | return &TaskNamesApplyConfiguration{}
35 | }
36 |
37 | // WithName sets the Name field in the declarative configuration to the given value
38 | // and returns the receiver, so that objects can be built by chaining "With" function invocations.
39 | // If called multiple times, the Name field is set to the value of the last call.
40 | func (b *TaskNamesApplyConfiguration) WithName(value string) *TaskNamesApplyConfiguration {
41 | b.Name = &value
42 | return b
43 | }
44 |
45 | // WithTaskStatus sets the TaskStatus field in the declarative configuration to the given value
46 | // and returns the receiver, so that objects can be built by chaining "With" function invocations.
47 | // If called multiple times, the TaskStatus field is set to the value of the last call.
48 | func (b *TaskNamesApplyConfiguration) WithTaskStatus(value kubeeyev1alpha2.Phase) *TaskNamesApplyConfiguration {
49 | b.TaskStatus = &value
50 | return b
51 | }
52 |
--------------------------------------------------------------------------------
/clients/clientset/versioned/fake/doc.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2022.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 | // Code generated by client-gen. DO NOT EDIT.
17 |
18 | // This package has the automatically generated fake clientset.
19 | package fake
20 |
--------------------------------------------------------------------------------
/clients/clientset/versioned/fake/register.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2022.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 | // Code generated by client-gen. DO NOT EDIT.
17 |
18 | package fake
19 |
20 | import (
21 | kubeeyev1alpha2 "github.com/kubesphere/kubeeye/apis/kubeeye/v1alpha2"
22 | v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
23 | runtime "k8s.io/apimachinery/pkg/runtime"
24 | schema "k8s.io/apimachinery/pkg/runtime/schema"
25 | serializer "k8s.io/apimachinery/pkg/runtime/serializer"
26 | utilruntime "k8s.io/apimachinery/pkg/util/runtime"
27 | )
28 |
29 | var scheme = runtime.NewScheme()
30 | var codecs = serializer.NewCodecFactory(scheme)
31 |
32 | var localSchemeBuilder = runtime.SchemeBuilder{
33 | kubeeyev1alpha2.AddToScheme,
34 | }
35 |
36 | // AddToScheme adds all types of this clientset into the given scheme. This allows composition
37 | // of clientsets, like in:
38 | //
39 | // import (
40 | // "k8s.io/client-go/kubernetes"
41 | // clientsetscheme "k8s.io/client-go/kubernetes/scheme"
42 | // aggregatorclientsetscheme "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/scheme"
43 | // )
44 | //
45 | // kclientset, _ := kubernetes.NewForConfig(c)
46 | // _ = aggregatorclientsetscheme.AddToScheme(clientsetscheme.Scheme)
47 | //
48 | // After this, RawExtensions in Kubernetes types will serialize kube-aggregator types
49 | // correctly.
50 | var AddToScheme = localSchemeBuilder.AddToScheme
51 |
52 | func init() {
53 | v1.AddToGroupVersion(scheme, schema.GroupVersion{Version: "v1"})
54 | utilruntime.Must(AddToScheme(scheme))
55 | }
56 |
--------------------------------------------------------------------------------
/clients/clientset/versioned/scheme/doc.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2022.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 | // Code generated by client-gen. DO NOT EDIT.
17 |
18 | // This package contains the scheme of the automatically generated clientset.
19 | package scheme
20 |
--------------------------------------------------------------------------------
/clients/clientset/versioned/scheme/register.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2022.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 | // Code generated by client-gen. DO NOT EDIT.
17 |
18 | package scheme
19 |
20 | import (
21 | kubeeyev1alpha2 "github.com/kubesphere/kubeeye/apis/kubeeye/v1alpha2"
22 | v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
23 | runtime "k8s.io/apimachinery/pkg/runtime"
24 | schema "k8s.io/apimachinery/pkg/runtime/schema"
25 | serializer "k8s.io/apimachinery/pkg/runtime/serializer"
26 | utilruntime "k8s.io/apimachinery/pkg/util/runtime"
27 | )
28 |
29 | var Scheme = runtime.NewScheme()
30 | var Codecs = serializer.NewCodecFactory(Scheme)
31 | var ParameterCodec = runtime.NewParameterCodec(Scheme)
32 | var localSchemeBuilder = runtime.SchemeBuilder{
33 | kubeeyev1alpha2.AddToScheme,
34 | }
35 |
36 | // AddToScheme adds all types of this clientset into the given scheme. This allows composition
37 | // of clientsets, like in:
38 | //
39 | // import (
40 | // "k8s.io/client-go/kubernetes"
41 | // clientsetscheme "k8s.io/client-go/kubernetes/scheme"
42 | // aggregatorclientsetscheme "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/scheme"
43 | // )
44 | //
45 | // kclientset, _ := kubernetes.NewForConfig(c)
46 | // _ = aggregatorclientsetscheme.AddToScheme(clientsetscheme.Scheme)
47 | //
48 | // After this, RawExtensions in Kubernetes types will serialize kube-aggregator types
49 | // correctly.
50 | var AddToScheme = localSchemeBuilder.AddToScheme
51 |
52 | func init() {
53 | v1.AddToGroupVersion(Scheme, schema.GroupVersion{Version: "v1"})
54 | utilruntime.Must(AddToScheme(Scheme))
55 | }
56 |
--------------------------------------------------------------------------------
/clients/clientset/versioned/typed/kubeeye/v1alpha2/doc.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2022.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 | // Code generated by client-gen. DO NOT EDIT.
17 |
18 | // This package has the automatically generated typed clients.
19 | package v1alpha2
20 |
--------------------------------------------------------------------------------
/clients/clientset/versioned/typed/kubeeye/v1alpha2/fake/doc.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2022.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 | // Code generated by client-gen. DO NOT EDIT.
17 |
18 | // Package fake has the automatically generated clients.
19 | package fake
20 |
--------------------------------------------------------------------------------
/clients/clientset/versioned/typed/kubeeye/v1alpha2/fake/fake_inspectplan.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2022.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 | // Code generated by client-gen. DO NOT EDIT.
17 |
18 | package fake
19 |
20 | import (
21 | v1alpha2 "github.com/kubesphere/kubeeye/apis/kubeeye/v1alpha2"
22 | kubeeyev1alpha2 "github.com/kubesphere/kubeeye/clients/applyconfiguration/kubeeye/v1alpha2"
23 | typedkubeeyev1alpha2 "github.com/kubesphere/kubeeye/clients/clientset/versioned/typed/kubeeye/v1alpha2"
24 | gentype "k8s.io/client-go/gentype"
25 | )
26 |
27 | // fakeInspectPlans implements InspectPlanInterface
28 | type fakeInspectPlans struct {
29 | *gentype.FakeClientWithListAndApply[*v1alpha2.InspectPlan, *v1alpha2.InspectPlanList, *kubeeyev1alpha2.InspectPlanApplyConfiguration]
30 | Fake *FakeKubeeyeV1alpha2
31 | }
32 |
33 | func newFakeInspectPlans(fake *FakeKubeeyeV1alpha2) typedkubeeyev1alpha2.InspectPlanInterface {
34 | return &fakeInspectPlans{
35 | gentype.NewFakeClientWithListAndApply[*v1alpha2.InspectPlan, *v1alpha2.InspectPlanList, *kubeeyev1alpha2.InspectPlanApplyConfiguration](
36 | fake.Fake,
37 | "",
38 | v1alpha2.SchemeGroupVersion.WithResource("inspectplans"),
39 | v1alpha2.SchemeGroupVersion.WithKind("InspectPlan"),
40 | func() *v1alpha2.InspectPlan { return &v1alpha2.InspectPlan{} },
41 | func() *v1alpha2.InspectPlanList { return &v1alpha2.InspectPlanList{} },
42 | func(dst, src *v1alpha2.InspectPlanList) { dst.ListMeta = src.ListMeta },
43 | func(list *v1alpha2.InspectPlanList) []*v1alpha2.InspectPlan {
44 | return gentype.ToPointerSlice(list.Items)
45 | },
46 | func(list *v1alpha2.InspectPlanList, items []*v1alpha2.InspectPlan) {
47 | list.Items = gentype.FromPointerSlice(items)
48 | },
49 | ),
50 | fake,
51 | }
52 | }
53 |
--------------------------------------------------------------------------------
/clients/clientset/versioned/typed/kubeeye/v1alpha2/fake/fake_inspectresult.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2022.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 | // Code generated by client-gen. DO NOT EDIT.
17 |
18 | package fake
19 |
20 | import (
21 | v1alpha2 "github.com/kubesphere/kubeeye/apis/kubeeye/v1alpha2"
22 | kubeeyev1alpha2 "github.com/kubesphere/kubeeye/clients/applyconfiguration/kubeeye/v1alpha2"
23 | typedkubeeyev1alpha2 "github.com/kubesphere/kubeeye/clients/clientset/versioned/typed/kubeeye/v1alpha2"
24 | gentype "k8s.io/client-go/gentype"
25 | )
26 |
27 | // fakeInspectResults implements InspectResultInterface
28 | type fakeInspectResults struct {
29 | *gentype.FakeClientWithListAndApply[*v1alpha2.InspectResult, *v1alpha2.InspectResultList, *kubeeyev1alpha2.InspectResultApplyConfiguration]
30 | Fake *FakeKubeeyeV1alpha2
31 | }
32 |
33 | func newFakeInspectResults(fake *FakeKubeeyeV1alpha2) typedkubeeyev1alpha2.InspectResultInterface {
34 | return &fakeInspectResults{
35 | gentype.NewFakeClientWithListAndApply[*v1alpha2.InspectResult, *v1alpha2.InspectResultList, *kubeeyev1alpha2.InspectResultApplyConfiguration](
36 | fake.Fake,
37 | "",
38 | v1alpha2.SchemeGroupVersion.WithResource("inspectresults"),
39 | v1alpha2.SchemeGroupVersion.WithKind("InspectResult"),
40 | func() *v1alpha2.InspectResult { return &v1alpha2.InspectResult{} },
41 | func() *v1alpha2.InspectResultList { return &v1alpha2.InspectResultList{} },
42 | func(dst, src *v1alpha2.InspectResultList) { dst.ListMeta = src.ListMeta },
43 | func(list *v1alpha2.InspectResultList) []*v1alpha2.InspectResult {
44 | return gentype.ToPointerSlice(list.Items)
45 | },
46 | func(list *v1alpha2.InspectResultList, items []*v1alpha2.InspectResult) {
47 | list.Items = gentype.FromPointerSlice(items)
48 | },
49 | ),
50 | fake,
51 | }
52 | }
53 |
--------------------------------------------------------------------------------
/clients/clientset/versioned/typed/kubeeye/v1alpha2/fake/fake_inspectrule.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2022.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 | // Code generated by client-gen. DO NOT EDIT.
17 |
18 | package fake
19 |
20 | import (
21 | v1alpha2 "github.com/kubesphere/kubeeye/apis/kubeeye/v1alpha2"
22 | kubeeyev1alpha2 "github.com/kubesphere/kubeeye/clients/applyconfiguration/kubeeye/v1alpha2"
23 | typedkubeeyev1alpha2 "github.com/kubesphere/kubeeye/clients/clientset/versioned/typed/kubeeye/v1alpha2"
24 | gentype "k8s.io/client-go/gentype"
25 | )
26 |
27 | // fakeInspectRules implements InspectRuleInterface
28 | type fakeInspectRules struct {
29 | *gentype.FakeClientWithListAndApply[*v1alpha2.InspectRule, *v1alpha2.InspectRuleList, *kubeeyev1alpha2.InspectRuleApplyConfiguration]
30 | Fake *FakeKubeeyeV1alpha2
31 | }
32 |
33 | func newFakeInspectRules(fake *FakeKubeeyeV1alpha2) typedkubeeyev1alpha2.InspectRuleInterface {
34 | return &fakeInspectRules{
35 | gentype.NewFakeClientWithListAndApply[*v1alpha2.InspectRule, *v1alpha2.InspectRuleList, *kubeeyev1alpha2.InspectRuleApplyConfiguration](
36 | fake.Fake,
37 | "",
38 | v1alpha2.SchemeGroupVersion.WithResource("inspectrules"),
39 | v1alpha2.SchemeGroupVersion.WithKind("InspectRule"),
40 | func() *v1alpha2.InspectRule { return &v1alpha2.InspectRule{} },
41 | func() *v1alpha2.InspectRuleList { return &v1alpha2.InspectRuleList{} },
42 | func(dst, src *v1alpha2.InspectRuleList) { dst.ListMeta = src.ListMeta },
43 | func(list *v1alpha2.InspectRuleList) []*v1alpha2.InspectRule {
44 | return gentype.ToPointerSlice(list.Items)
45 | },
46 | func(list *v1alpha2.InspectRuleList, items []*v1alpha2.InspectRule) {
47 | list.Items = gentype.FromPointerSlice(items)
48 | },
49 | ),
50 | fake,
51 | }
52 | }
53 |
--------------------------------------------------------------------------------
/clients/clientset/versioned/typed/kubeeye/v1alpha2/fake/fake_inspecttask.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2022.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 | // Code generated by client-gen. DO NOT EDIT.
17 |
18 | package fake
19 |
20 | import (
21 | v1alpha2 "github.com/kubesphere/kubeeye/apis/kubeeye/v1alpha2"
22 | kubeeyev1alpha2 "github.com/kubesphere/kubeeye/clients/applyconfiguration/kubeeye/v1alpha2"
23 | typedkubeeyev1alpha2 "github.com/kubesphere/kubeeye/clients/clientset/versioned/typed/kubeeye/v1alpha2"
24 | gentype "k8s.io/client-go/gentype"
25 | )
26 |
27 | // fakeInspectTasks implements InspectTaskInterface
28 | type fakeInspectTasks struct {
29 | *gentype.FakeClientWithListAndApply[*v1alpha2.InspectTask, *v1alpha2.InspectTaskList, *kubeeyev1alpha2.InspectTaskApplyConfiguration]
30 | Fake *FakeKubeeyeV1alpha2
31 | }
32 |
33 | func newFakeInspectTasks(fake *FakeKubeeyeV1alpha2) typedkubeeyev1alpha2.InspectTaskInterface {
34 | return &fakeInspectTasks{
35 | gentype.NewFakeClientWithListAndApply[*v1alpha2.InspectTask, *v1alpha2.InspectTaskList, *kubeeyev1alpha2.InspectTaskApplyConfiguration](
36 | fake.Fake,
37 | "",
38 | v1alpha2.SchemeGroupVersion.WithResource("inspecttasks"),
39 | v1alpha2.SchemeGroupVersion.WithKind("InspectTask"),
40 | func() *v1alpha2.InspectTask { return &v1alpha2.InspectTask{} },
41 | func() *v1alpha2.InspectTaskList { return &v1alpha2.InspectTaskList{} },
42 | func(dst, src *v1alpha2.InspectTaskList) { dst.ListMeta = src.ListMeta },
43 | func(list *v1alpha2.InspectTaskList) []*v1alpha2.InspectTask {
44 | return gentype.ToPointerSlice(list.Items)
45 | },
46 | func(list *v1alpha2.InspectTaskList, items []*v1alpha2.InspectTask) {
47 | list.Items = gentype.FromPointerSlice(items)
48 | },
49 | ),
50 | fake,
51 | }
52 | }
53 |
--------------------------------------------------------------------------------
/clients/clientset/versioned/typed/kubeeye/v1alpha2/fake/fake_kubeeye_client.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2022.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 | // Code generated by client-gen. DO NOT EDIT.
17 |
18 | package fake
19 |
20 | import (
21 | v1alpha2 "github.com/kubesphere/kubeeye/clients/clientset/versioned/typed/kubeeye/v1alpha2"
22 | rest "k8s.io/client-go/rest"
23 | testing "k8s.io/client-go/testing"
24 | )
25 |
26 | type FakeKubeeyeV1alpha2 struct {
27 | *testing.Fake
28 | }
29 |
30 | func (c *FakeKubeeyeV1alpha2) InspectPlans() v1alpha2.InspectPlanInterface {
31 | return newFakeInspectPlans(c)
32 | }
33 |
34 | func (c *FakeKubeeyeV1alpha2) InspectResults() v1alpha2.InspectResultInterface {
35 | return newFakeInspectResults(c)
36 | }
37 |
38 | func (c *FakeKubeeyeV1alpha2) InspectRules() v1alpha2.InspectRuleInterface {
39 | return newFakeInspectRules(c)
40 | }
41 |
42 | func (c *FakeKubeeyeV1alpha2) InspectTasks() v1alpha2.InspectTaskInterface {
43 | return newFakeInspectTasks(c)
44 | }
45 |
46 | // RESTClient returns a RESTClient that is used to communicate
47 | // with API server by this client implementation.
48 | func (c *FakeKubeeyeV1alpha2) RESTClient() rest.Interface {
49 | var ret *rest.RESTClient
50 | return ret
51 | }
52 |
--------------------------------------------------------------------------------
/clients/clientset/versioned/typed/kubeeye/v1alpha2/generated_expansion.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2022.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 | // Code generated by client-gen. DO NOT EDIT.
17 |
18 | package v1alpha2
19 |
20 | type InspectPlanExpansion interface{}
21 |
22 | type InspectResultExpansion interface{}
23 |
24 | type InspectRuleExpansion interface{}
25 |
26 | type InspectTaskExpansion interface{}
27 |
--------------------------------------------------------------------------------
/clients/informers/externalversions/generic.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2022.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 | // Code generated by informer-gen. DO NOT EDIT.
17 |
18 | package externalversions
19 |
20 | import (
21 | fmt "fmt"
22 |
23 | v1alpha2 "github.com/kubesphere/kubeeye/apis/kubeeye/v1alpha2"
24 | schema "k8s.io/apimachinery/pkg/runtime/schema"
25 | cache "k8s.io/client-go/tools/cache"
26 | )
27 |
28 | // GenericInformer is type of SharedIndexInformer which will locate and delegate to other
29 | // sharedInformers based on type
30 | type GenericInformer interface {
31 | Informer() cache.SharedIndexInformer
32 | Lister() cache.GenericLister
33 | }
34 |
35 | type genericInformer struct {
36 | informer cache.SharedIndexInformer
37 | resource schema.GroupResource
38 | }
39 |
40 | // Informer returns the SharedIndexInformer.
41 | func (f *genericInformer) Informer() cache.SharedIndexInformer {
42 | return f.informer
43 | }
44 |
45 | // Lister returns the GenericLister.
46 | func (f *genericInformer) Lister() cache.GenericLister {
47 | return cache.NewGenericLister(f.Informer().GetIndexer(), f.resource)
48 | }
49 |
50 | // ForResource gives generic access to a shared informer of the matching type
51 | // TODO extend this to unknown resources with a client pool
52 | func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource) (GenericInformer, error) {
53 | switch resource {
54 | // Group=kubeeye, Version=v1alpha2
55 | case v1alpha2.SchemeGroupVersion.WithResource("inspectplans"):
56 | return &genericInformer{resource: resource.GroupResource(), informer: f.Kubeeye().V1alpha2().InspectPlans().Informer()}, nil
57 | case v1alpha2.SchemeGroupVersion.WithResource("inspectresults"):
58 | return &genericInformer{resource: resource.GroupResource(), informer: f.Kubeeye().V1alpha2().InspectResults().Informer()}, nil
59 | case v1alpha2.SchemeGroupVersion.WithResource("inspectrules"):
60 | return &genericInformer{resource: resource.GroupResource(), informer: f.Kubeeye().V1alpha2().InspectRules().Informer()}, nil
61 | case v1alpha2.SchemeGroupVersion.WithResource("inspecttasks"):
62 | return &genericInformer{resource: resource.GroupResource(), informer: f.Kubeeye().V1alpha2().InspectTasks().Informer()}, nil
63 |
64 | }
65 |
66 | return nil, fmt.Errorf("no informer found for %v", resource)
67 | }
68 |
--------------------------------------------------------------------------------
/clients/informers/externalversions/internalinterfaces/factory_interfaces.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2022.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 | // Code generated by informer-gen. DO NOT EDIT.
17 |
18 | package internalinterfaces
19 |
20 | import (
21 | time "time"
22 |
23 | versioned "github.com/kubesphere/kubeeye/clients/clientset/versioned"
24 | v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
25 | runtime "k8s.io/apimachinery/pkg/runtime"
26 | cache "k8s.io/client-go/tools/cache"
27 | )
28 |
29 | // NewInformerFunc takes versioned.Interface and time.Duration to return a SharedIndexInformer.
30 | type NewInformerFunc func(versioned.Interface, time.Duration) cache.SharedIndexInformer
31 |
32 | // SharedInformerFactory a small interface to allow for adding an informer without an import cycle
33 | type SharedInformerFactory interface {
34 | Start(stopCh <-chan struct{})
35 | InformerFor(obj runtime.Object, newFunc NewInformerFunc) cache.SharedIndexInformer
36 | }
37 |
38 | // TweakListOptionsFunc is a function that transforms a v1.ListOptions.
39 | type TweakListOptionsFunc func(*v1.ListOptions)
40 |
--------------------------------------------------------------------------------
/clients/informers/externalversions/kubeeye/interface.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2022.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 | // Code generated by informer-gen. DO NOT EDIT.
17 |
18 | package kubeeye
19 |
20 | import (
21 | internalinterfaces "github.com/kubesphere/kubeeye/clients/informers/externalversions/internalinterfaces"
22 | v1alpha2 "github.com/kubesphere/kubeeye/clients/informers/externalversions/kubeeye/v1alpha2"
23 | )
24 |
25 | // Interface provides access to each of this group's versions.
26 | type Interface interface {
27 | // V1alpha2 provides access to shared informers for resources in V1alpha2.
28 | V1alpha2() v1alpha2.Interface
29 | }
30 |
31 | type group struct {
32 | factory internalinterfaces.SharedInformerFactory
33 | namespace string
34 | tweakListOptions internalinterfaces.TweakListOptionsFunc
35 | }
36 |
37 | // New returns a new Interface.
38 | func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
39 | return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
40 | }
41 |
42 | // V1alpha2 returns a new v1alpha2.Interface.
43 | func (g *group) V1alpha2() v1alpha2.Interface {
44 | return v1alpha2.New(g.factory, g.namespace, g.tweakListOptions)
45 | }
46 |
--------------------------------------------------------------------------------
/clients/informers/externalversions/kubeeye/v1alpha2/interface.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2022.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 | // Code generated by informer-gen. DO NOT EDIT.
17 |
18 | package v1alpha2
19 |
20 | import (
21 | internalinterfaces "github.com/kubesphere/kubeeye/clients/informers/externalversions/internalinterfaces"
22 | )
23 |
24 | // Interface provides access to all the informers in this group version.
25 | type Interface interface {
26 | // InspectPlans returns a InspectPlanInformer.
27 | InspectPlans() InspectPlanInformer
28 | // InspectResults returns a InspectResultInformer.
29 | InspectResults() InspectResultInformer
30 | // InspectRules returns a InspectRuleInformer.
31 | InspectRules() InspectRuleInformer
32 | // InspectTasks returns a InspectTaskInformer.
33 | InspectTasks() InspectTaskInformer
34 | }
35 |
36 | type version struct {
37 | factory internalinterfaces.SharedInformerFactory
38 | namespace string
39 | tweakListOptions internalinterfaces.TweakListOptionsFunc
40 | }
41 |
42 | // New returns a new Interface.
43 | func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
44 | return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
45 | }
46 |
47 | // InspectPlans returns a InspectPlanInformer.
48 | func (v *version) InspectPlans() InspectPlanInformer {
49 | return &inspectPlanInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
50 | }
51 |
52 | // InspectResults returns a InspectResultInformer.
53 | func (v *version) InspectResults() InspectResultInformer {
54 | return &inspectResultInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
55 | }
56 |
57 | // InspectRules returns a InspectRuleInformer.
58 | func (v *version) InspectRules() InspectRuleInformer {
59 | return &inspectRuleInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
60 | }
61 |
62 | // InspectTasks returns a InspectTaskInformer.
63 | func (v *version) InspectTasks() InspectTaskInformer {
64 | return &inspectTaskInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
65 | }
66 |
--------------------------------------------------------------------------------
/clients/listers/kubeeye/v1alpha2/expansion_generated.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2022.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 | // Code generated by lister-gen. DO NOT EDIT.
17 |
18 | package v1alpha2
19 |
20 | // InspectPlanListerExpansion allows custom methods to be added to
21 | // InspectPlanLister.
22 | type InspectPlanListerExpansion interface{}
23 |
24 | // InspectResultListerExpansion allows custom methods to be added to
25 | // InspectResultLister.
26 | type InspectResultListerExpansion interface{}
27 |
28 | // InspectRuleListerExpansion allows custom methods to be added to
29 | // InspectRuleLister.
30 | type InspectRuleListerExpansion interface{}
31 |
32 | // InspectTaskListerExpansion allows custom methods to be added to
33 | // InspectTaskLister.
34 | type InspectTaskListerExpansion interface{}
35 |
--------------------------------------------------------------------------------
/clients/listers/kubeeye/v1alpha2/inspectplan.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2022.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 | // Code generated by lister-gen. DO NOT EDIT.
17 |
18 | package v1alpha2
19 |
20 | import (
21 | kubeeyev1alpha2 "github.com/kubesphere/kubeeye/apis/kubeeye/v1alpha2"
22 | labels "k8s.io/apimachinery/pkg/labels"
23 | listers "k8s.io/client-go/listers"
24 | cache "k8s.io/client-go/tools/cache"
25 | )
26 |
27 | // InspectPlanLister helps list InspectPlans.
28 | // All objects returned here must be treated as read-only.
29 | type InspectPlanLister interface {
30 | // List lists all InspectPlans in the indexer.
31 | // Objects returned here must be treated as read-only.
32 | List(selector labels.Selector) (ret []*kubeeyev1alpha2.InspectPlan, err error)
33 | // Get retrieves the InspectPlan from the index for a given name.
34 | // Objects returned here must be treated as read-only.
35 | Get(name string) (*kubeeyev1alpha2.InspectPlan, error)
36 | InspectPlanListerExpansion
37 | }
38 |
39 | // inspectPlanLister implements the InspectPlanLister interface.
40 | type inspectPlanLister struct {
41 | listers.ResourceIndexer[*kubeeyev1alpha2.InspectPlan]
42 | }
43 |
44 | // NewInspectPlanLister returns a new InspectPlanLister.
45 | func NewInspectPlanLister(indexer cache.Indexer) InspectPlanLister {
46 | return &inspectPlanLister{listers.New[*kubeeyev1alpha2.InspectPlan](indexer, kubeeyev1alpha2.Resource("inspectplan"))}
47 | }
48 |
--------------------------------------------------------------------------------
/clients/listers/kubeeye/v1alpha2/inspectresult.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2022.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 | // Code generated by lister-gen. DO NOT EDIT.
17 |
18 | package v1alpha2
19 |
20 | import (
21 | kubeeyev1alpha2 "github.com/kubesphere/kubeeye/apis/kubeeye/v1alpha2"
22 | labels "k8s.io/apimachinery/pkg/labels"
23 | listers "k8s.io/client-go/listers"
24 | cache "k8s.io/client-go/tools/cache"
25 | )
26 |
27 | // InspectResultLister helps list InspectResults.
28 | // All objects returned here must be treated as read-only.
29 | type InspectResultLister interface {
30 | // List lists all InspectResults in the indexer.
31 | // Objects returned here must be treated as read-only.
32 | List(selector labels.Selector) (ret []*kubeeyev1alpha2.InspectResult, err error)
33 | // Get retrieves the InspectResult from the index for a given name.
34 | // Objects returned here must be treated as read-only.
35 | Get(name string) (*kubeeyev1alpha2.InspectResult, error)
36 | InspectResultListerExpansion
37 | }
38 |
39 | // inspectResultLister implements the InspectResultLister interface.
40 | type inspectResultLister struct {
41 | listers.ResourceIndexer[*kubeeyev1alpha2.InspectResult]
42 | }
43 |
44 | // NewInspectResultLister returns a new InspectResultLister.
45 | func NewInspectResultLister(indexer cache.Indexer) InspectResultLister {
46 | return &inspectResultLister{listers.New[*kubeeyev1alpha2.InspectResult](indexer, kubeeyev1alpha2.Resource("inspectresult"))}
47 | }
48 |
--------------------------------------------------------------------------------
/clients/listers/kubeeye/v1alpha2/inspectrule.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2022.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 | // Code generated by lister-gen. DO NOT EDIT.
17 |
18 | package v1alpha2
19 |
20 | import (
21 | kubeeyev1alpha2 "github.com/kubesphere/kubeeye/apis/kubeeye/v1alpha2"
22 | labels "k8s.io/apimachinery/pkg/labels"
23 | listers "k8s.io/client-go/listers"
24 | cache "k8s.io/client-go/tools/cache"
25 | )
26 |
27 | // InspectRuleLister helps list InspectRules.
28 | // All objects returned here must be treated as read-only.
29 | type InspectRuleLister interface {
30 | // List lists all InspectRules in the indexer.
31 | // Objects returned here must be treated as read-only.
32 | List(selector labels.Selector) (ret []*kubeeyev1alpha2.InspectRule, err error)
33 | // Get retrieves the InspectRule from the index for a given name.
34 | // Objects returned here must be treated as read-only.
35 | Get(name string) (*kubeeyev1alpha2.InspectRule, error)
36 | InspectRuleListerExpansion
37 | }
38 |
39 | // inspectRuleLister implements the InspectRuleLister interface.
40 | type inspectRuleLister struct {
41 | listers.ResourceIndexer[*kubeeyev1alpha2.InspectRule]
42 | }
43 |
44 | // NewInspectRuleLister returns a new InspectRuleLister.
45 | func NewInspectRuleLister(indexer cache.Indexer) InspectRuleLister {
46 | return &inspectRuleLister{listers.New[*kubeeyev1alpha2.InspectRule](indexer, kubeeyev1alpha2.Resource("inspectrule"))}
47 | }
48 |
--------------------------------------------------------------------------------
/clients/listers/kubeeye/v1alpha2/inspecttask.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2022.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 | // Code generated by lister-gen. DO NOT EDIT.
17 |
18 | package v1alpha2
19 |
20 | import (
21 | kubeeyev1alpha2 "github.com/kubesphere/kubeeye/apis/kubeeye/v1alpha2"
22 | labels "k8s.io/apimachinery/pkg/labels"
23 | listers "k8s.io/client-go/listers"
24 | cache "k8s.io/client-go/tools/cache"
25 | )
26 |
27 | // InspectTaskLister helps list InspectTasks.
28 | // All objects returned here must be treated as read-only.
29 | type InspectTaskLister interface {
30 | // List lists all InspectTasks in the indexer.
31 | // Objects returned here must be treated as read-only.
32 | List(selector labels.Selector) (ret []*kubeeyev1alpha2.InspectTask, err error)
33 | // Get retrieves the InspectTask from the index for a given name.
34 | // Objects returned here must be treated as read-only.
35 | Get(name string) (*kubeeyev1alpha2.InspectTask, error)
36 | InspectTaskListerExpansion
37 | }
38 |
39 | // inspectTaskLister implements the InspectTaskLister interface.
40 | type inspectTaskLister struct {
41 | listers.ResourceIndexer[*kubeeyev1alpha2.InspectTask]
42 | }
43 |
44 | // NewInspectTaskLister returns a new InspectTaskLister.
45 | func NewInspectTaskLister(indexer cache.Indexer) InspectTaskLister {
46 | return &inspectTaskLister{listers.New[*kubeeyev1alpha2.InspectTask](indexer, kubeeyev1alpha2.Resource("inspecttask"))}
47 | }
48 |
--------------------------------------------------------------------------------
/cmd/apiserver/main.go:
--------------------------------------------------------------------------------
1 | package main
2 |
3 | import (
4 | "context"
5 | "github.com/gin-gonic/gin"
6 | "github.com/kubesphere/kubeeye/pkg/informers"
7 | "github.com/kubesphere/kubeeye/pkg/kube"
8 | "github.com/kubesphere/kubeeye/pkg/server/router"
9 | _ "github.com/kubesphere/kubeeye/swaggerDocs"
10 | "github.com/pkg/errors"
11 | swaggerfiles "github.com/swaggo/files"
12 | ginSwagger "github.com/swaggo/gin-swagger"
13 | "k8s.io/klog/v2"
14 | "net/http"
15 | "os"
16 | )
17 |
18 | // @title KubeEye API
19 | // @version 1.0
20 | // @description This is a kubeeye api server.
21 |
22 | // @license.name Apache 2.0
23 | // @license.url http://www.apache.org/licenses/LICENSE-2.0.html
24 |
25 | // @host 172.31.73.216:30882
26 | // @BasePath /kapis/kubeeye.kubesphere.io/v1alpha2
27 |
28 | func main() {
29 |
30 | r := gin.Default()
31 |
32 | ctx, cancelFunc := context.WithCancel(context.TODO())
33 | errCh := make(chan error, 1)
34 | defer close(errCh)
35 |
36 | var kc kube.KubernetesClient
37 | kubeConfig, err := kube.GetKubeConfigInCluster()
38 | if err != nil {
39 | errCh <- err
40 | }
41 |
42 | clients, err := kc.K8SClients(kubeConfig)
43 | if err != nil {
44 | errCh <- err
45 | }
46 |
47 | informerFactory := informers.NewInformerFactory(clients.ClientSet, clients.VersionClientSet)
48 |
49 | stopCh := make(chan struct{})
50 | defer close(stopCh)
51 |
52 | informerFactory.ForResources(informers.KeEyeGver(), informers.K8sEyeGver())
53 | informerFactory.Start(stopCh)
54 |
55 | informerFactory.KubeEyeInformerFactory().WaitForCacheSync(stopCh)
56 | informerFactory.KubernetesInformerFactory().WaitForCacheSync(stopCh)
57 |
58 | router.RegisterRouter(ctx, r, clients, informerFactory.KubeEyeInformerFactory().Kubeeye())
59 |
60 | srv := &http.Server{
61 | Addr: "0.0.0.0:9090",
62 | Handler: r,
63 | }
64 |
65 | r.GET("/readyz", func(c *gin.Context) {
66 | c.String(http.StatusOK, "pong")
67 | })
68 | r.GET("/healthz", func(c *gin.Context) {
69 | c.String(http.StatusOK, "pong")
70 | })
71 | r.GET("/swagger/*any", ginSwagger.WrapHandler(swaggerfiles.Handler))
72 |
73 | go func() {
74 | for {
75 | select {
76 | case <-ctx.Done():
77 | cancelFunc()
78 | klog.Info("It's over!!!")
79 | os.Exit(1)
80 | case errCtx := <-errCh:
81 | cancelFunc()
82 | klog.Infof("Oh ho, error le !!! err:%s", errCtx)
83 | os.Exit(1)
84 | }
85 | }
86 | }()
87 |
88 | // 服务连接
89 | if err = srv.ListenAndServe(); err != nil && !errors.Is(http.ErrServerClosed, err) {
90 | klog.Errorf("listen: %s\n", err)
91 | errCh <- err
92 | }
93 |
94 | }
95 |
--------------------------------------------------------------------------------
/cmd/ke/ctl/create/config.go:
--------------------------------------------------------------------------------
1 | package create
2 |
3 | import (
4 | "fmt"
5 | kubeeyetemplate "github.com/kubesphere/kubeeye/pkg/template"
6 | "github.com/spf13/cobra"
7 | "k8s.io/klog/v2"
8 | "os"
9 | "path"
10 | "strings"
11 | "text/template"
12 | )
13 |
14 | type ConfigOptions struct {
15 | Template string
16 | Path string
17 | }
18 |
19 | func NewConfigCmd() *cobra.Command {
20 | c := &ConfigOptions{}
21 | configCmd := &cobra.Command{
22 | Use: "config",
23 | Short: "Generate Inspect Rule Config",
24 | RunE: func(cmd *cobra.Command, args []string) error {
25 | err := c.GenerateInspectConfig()
26 | if err != nil {
27 | klog.Errorf("failed to generate config ,err:%s", err)
28 | return err
29 | }
30 | klog.Info("generate config success")
31 | return nil
32 | },
33 | }
34 |
35 | c.addFlags(configCmd)
36 | return configCmd
37 | }
38 |
39 | func (c *ConfigOptions) addFlags(cmd *cobra.Command) {
40 | cmd.Flags().StringVar(&c.Template, "template", "", "Generate Inspect rule (InspectRule or InspectPlan). default Generate All")
41 | cmd.Flags().StringVarP(&c.Path, "path", "o", "", "Generate Config output path")
42 | }
43 |
44 | func (c *ConfigOptions) GenerateInspectConfig() error {
45 | if c.Template == "" {
46 | err := c.GenerateInspectRule()
47 |
48 | if err != nil {
49 | return err
50 | }
51 | err = c.GenerateInspectPlan()
52 | if err != nil {
53 | return err
54 | }
55 | }
56 | switch strings.ToUpper(c.Template) {
57 | case "INSPECTRULE":
58 | err := c.GenerateInspectRule()
59 | if err != nil {
60 | return err
61 | }
62 | case "INSPECTPLAN":
63 | err := c.GenerateInspectPlan()
64 | if err != nil {
65 | return err
66 | }
67 | }
68 |
69 | return nil
70 | }
71 |
72 | func (c *ConfigOptions) GenerateInspectRule() error {
73 | ruleTemplate, err := kubeeyetemplate.GetInspectRuleTemplate()
74 | if err != nil {
75 | return err
76 | }
77 | err = c.RenderConfigFile(ruleTemplate, nil)
78 | if err != nil {
79 | return err
80 | }
81 | return nil
82 | }
83 | func (c *ConfigOptions) GenerateInspectPlan() error {
84 | ruleTemplate, err := kubeeyetemplate.GetInspectPlanTemplate()
85 | if err != nil {
86 | return err
87 | }
88 | err = c.RenderConfigFile(ruleTemplate, nil)
89 | if err != nil {
90 | return err
91 | }
92 | return nil
93 | }
94 |
95 | func (c *ConfigOptions) RenderConfigFile(temp *template.Template, data map[string]interface{}) error {
96 | name := c.GetFileName(temp)
97 | file, err := os.Create(name)
98 | if err != nil {
99 | return err
100 | }
101 | err = temp.Execute(file, data)
102 | if err != nil {
103 | return err
104 | }
105 | return nil
106 | }
107 |
108 | func (c *ConfigOptions) GetFileName(temp *template.Template) string {
109 | if c.Path == "" {
110 | return fmt.Sprintf("%s.yaml", temp.Name())
111 | }
112 | return path.Join(c.Path, fmt.Sprintf("%s.yaml", temp.Name()))
113 |
114 | }
115 |
--------------------------------------------------------------------------------
/cmd/ke/ctl/create/create.go:
--------------------------------------------------------------------------------
1 | package create
2 |
3 | import (
4 | "github.com/spf13/cobra"
5 | )
6 |
7 | func NewCmdCreate() *cobra.Command {
8 | var createCmd = &cobra.Command{
9 | Use: "create",
10 | Short: "create inspect job on Kubernetes cluster.",
11 | }
12 |
13 | createCmd.AddCommand(NewJobCmd())
14 | createCmd.AddCommand(NewConfigCmd())
15 | return createCmd
16 | }
17 |
--------------------------------------------------------------------------------
/cmd/ke/ctl/inspect.go:
--------------------------------------------------------------------------------
1 | package ctl
2 |
3 | import (
4 | "github.com/kubesphere/kubeeye/cmd/ke/ctl/create"
5 | "github.com/spf13/cobra"
6 | )
7 |
8 | var kubeConfig string
9 |
10 | func Execute() error {
11 |
12 | var rootCmd = &cobra.Command{
13 | Use: "ke",
14 | Short: "inspect finds various problems on Kubernetes cluster.",
15 | }
16 |
17 | rootCmd.AddCommand(create.NewCmdCreate())
18 |
19 | addFlags(rootCmd)
20 |
21 | err := rootCmd.Execute()
22 | if err != nil {
23 | return err
24 | }
25 | return nil
26 | }
27 |
28 | func addFlags(cmd *cobra.Command) {
29 | cmd.PersistentFlags().StringVar(&kubeConfig, "kube-config", "", "kube config")
30 | }
31 |
--------------------------------------------------------------------------------
/cmd/ke/main.go:
--------------------------------------------------------------------------------
1 | package main
2 |
3 | import (
4 | "github.com/kubesphere/kubeeye/cmd/ke/ctl"
5 | "k8s.io/klog/v2"
6 | "os"
7 | )
8 |
9 | func main() {
10 | if err := ctl.Execute(); err != nil {
11 | klog.Error(err)
12 | os.Exit(1)
13 | }
14 | }
15 |
--------------------------------------------------------------------------------
/config/crd/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # This kustomization.yaml is not intended to be run by itself,
2 | # since it depends on service name and namespace that are out of this kustomize package.
3 | # It should be run by config/default
4 | resources:
5 | - bases/kubeeye.kubesphere.io_inspectplans.yaml
6 | - bases/kubeeye.kubesphere.io_inspecttasks.yaml
7 | - bases/kubeeye.kubesphere.io_inspectrules.yaml
8 | - bases/kubeeye.kubesphere.io_inspectresults.yaml
9 | #+kubebuilder:scaffold:crdkustomizeresource
10 |
11 | patchesStrategicMerge:
12 | # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
13 | # patches here are for enabling the conversion webhook for each CRD
14 | #- patches/webhook_in_inspectplans.yaml
15 | #- patches/webhook_in_inspecttasks.yaml
16 | #- patches/webhook_in_inspectresults.yaml
17 | #+kubebuilder:scaffold:crdkustomizewebhookpatch
18 |
19 | # [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix.
20 | # patches here are for enabling the CA injection for each CRD
21 | #- patches/cainjection_in_inspectplans.yaml
22 | #- patches/cainjection_in_inspecttasks.yaml
23 | #- patches/cainjection_in_inspectresults.yaml
24 | #+kubebuilder:scaffold:crdkustomizecainjectionpatch
25 |
26 | # the following config is for teaching kustomize how to do kustomization for CRDs.
27 | configurations:
28 | - kustomizeconfig.yaml
29 |
--------------------------------------------------------------------------------
/config/crd/kustomizeconfig.yaml:
--------------------------------------------------------------------------------
1 | # This file is for teaching kustomize how to substitute name and namespace reference in CRD
2 | nameReference:
3 | - kind: Service
4 | version: v1
5 | fieldSpecs:
6 | - kind: CustomResourceDefinition
7 | version: v1
8 | group: apiextensions.k8s.io
9 | path: spec/conversion/webhook/clientConfig/service/name
10 |
11 | namespace:
12 | - kind: CustomResourceDefinition
13 | version: v1
14 | group: apiextensions.k8s.io
15 | path: spec/conversion/webhook/clientConfig/service/namespace
16 | create: false
17 |
18 | varReference:
19 | - path: metadata/annotations
20 |
--------------------------------------------------------------------------------
/config/crd/patches/cainjection_in_inspectplans.yaml:
--------------------------------------------------------------------------------
1 | # The following patch adds a directive for certmanager to inject CA into the CRD
2 | apiVersion: apiextensions.k8s.io/v1
3 | kind: CustomResourceDefinition
4 | metadata:
5 | annotations:
6 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
7 | name: inspectplans.kubeeye.kubesphere.io
8 |
--------------------------------------------------------------------------------
/config/crd/patches/cainjection_in_inspectresults.yaml:
--------------------------------------------------------------------------------
1 | # The following patch adds a directive for certmanager to inject CA into the CRD
2 | apiVersion: apiextensions.k8s.io/v1
3 | kind: CustomResourceDefinition
4 | metadata:
5 | annotations:
6 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
7 | name: inspectresults.kubeeye.kubesphere.io
8 |
--------------------------------------------------------------------------------
/config/crd/patches/cainjection_in_inspectrules.yaml:
--------------------------------------------------------------------------------
1 | # The following patch adds a directive for certmanager to inject CA into the CRD
2 | apiVersion: apiextensions.k8s.io/v1
3 | kind: CustomResourceDefinition
4 | metadata:
5 | annotations:
6 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
7 | name: inspectrules.kubeeye.kubesphere.io
8 |
--------------------------------------------------------------------------------
/config/crd/patches/cainjection_in_inspecttasks.yaml:
--------------------------------------------------------------------------------
1 | # The following patch adds a directive for certmanager to inject CA into the CRD
2 | apiVersion: apiextensions.k8s.io/v1
3 | kind: CustomResourceDefinition
4 | metadata:
5 | annotations:
6 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
7 | name: inspecttasks.kubeeye.kubesphere.io
8 |
--------------------------------------------------------------------------------
/config/crd/patches/webhook_in_inspectplans.yaml:
--------------------------------------------------------------------------------
1 | # The following patch enables a conversion webhook for the CRD
2 | apiVersion: apiextensions.k8s.io/v1
3 | kind: CustomResourceDefinition
4 | metadata:
5 | name: inspectplans.kubeeye.kubesphere.io
6 | spec:
7 | conversion:
8 | strategy: Webhook
9 | webhook:
10 | clientConfig:
11 | service:
12 | namespace: system
13 | name: webhook-service
14 | path: /convert
15 | conversionReviewVersions:
16 | - v1
17 |
--------------------------------------------------------------------------------
/config/crd/patches/webhook_in_inspectresults.yaml:
--------------------------------------------------------------------------------
1 | # The following patch enables a conversion webhook for the CRD
2 | apiVersion: apiextensions.k8s.io/v1
3 | kind: CustomResourceDefinition
4 | metadata:
5 | name: inspectresults.kubeeye.kubesphere.io
6 | spec:
7 | conversion:
8 | strategy: Webhook
9 | webhook:
10 | clientConfig:
11 | service:
12 | namespace: system
13 | name: webhook-service
14 | path: /convert
15 | conversionReviewVersions:
16 | - v1
17 |
--------------------------------------------------------------------------------
/config/crd/patches/webhook_in_inspectrules.yaml:
--------------------------------------------------------------------------------
1 | # The following patch enables a conversion webhook for the CRD
2 | apiVersion: apiextensions.k8s.io/v1
3 | kind: CustomResourceDefinition
4 | metadata:
5 | name: inspects.kubeeye.kubesphere.io
6 | spec:
7 | conversion:
8 | strategy: Webhook
9 | webhook:
10 | clientConfig:
11 | service:
12 | namespace: system
13 | name: webhook-service
14 | path: /convert
15 | conversionReviewVersions:
16 | - v1
17 |
--------------------------------------------------------------------------------
/config/crd/patches/webhook_in_inspecttasks.yaml:
--------------------------------------------------------------------------------
1 | # The following patch enables a conversion webhook for the CRD
2 | apiVersion: apiextensions.k8s.io/v1
3 | kind: CustomResourceDefinition
4 | metadata:
5 | name: inspecttasks.kubeeye.kubesphere.io
6 | spec:
7 | conversion:
8 | strategy: Webhook
9 | webhook:
10 | clientConfig:
11 | service:
12 | namespace: system
13 | name: webhook-service
14 | path: /convert
15 | conversionReviewVersions:
16 | - v1
17 |
--------------------------------------------------------------------------------
/config/default/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # Adds namespace to all resources.
2 | namespace: kubeeye-system
3 |
4 | # Value of this field is prepended to the
5 | # names of all resources, e.g. a deployment named
6 | # "wordpress" becomes "alices-wordpress".
7 | # Note that it should also match with the prefix (text before '-') of the namespace
8 | # field above.
9 | namePrefix: kubeeye-
10 |
11 | # Labels to add to all resources and selectors.
12 | #commonLabels:
13 | # someName: someValue
14 |
15 | resources:
16 | - ../crd
17 | - ../rbac
18 | - ../manager
19 | - ../storage
20 | # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
21 | # crd/kustomization.yaml
22 | #- ../webhook
23 | # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required.
24 | #- ../certmanager
25 | # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
26 | #- ../prometheus
27 |
28 | patchesStrategicMerge:
29 | # Protect the /metrics endpoint by putting it behind auth.
30 | # If you want your controller-manager to expose the /metrics
31 | # endpoint w/o any authn/z, please comment the following line.
32 | - manager_auth_proxy_patch.yaml
33 |
34 | # Mount the controller config file for loading manager configurations
35 | # through a ComponentConfig type
36 | #- manager_config_patch.yaml
37 |
38 | # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
39 | # crd/kustomization.yaml
40 | #- manager_webhook_patch.yaml
41 |
42 | # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'.
43 | # Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks.
44 | # 'CERTMANAGER' needs to be enabled to use ca injection
45 | #- webhookcainjection_patch.yaml
46 |
47 | # the following config is for teaching kustomize how to do var substitution
48 | vars:
49 | # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix.
50 | #- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR
51 | # objref:
52 | # kind: Certificate
53 | # group: cert-manager.io
54 | # version: v1
55 | # name: serving-cert # this name should match the one in certificate.yaml
56 | # fieldref:
57 | # fieldpath: metadata.namespace
58 | #- name: CERTIFICATE_NAME
59 | # objref:
60 | # kind: Certificate
61 | # group: cert-manager.io
62 | # version: v1
63 | # name: serving-cert # this name should match the one in certificate.yaml
64 | #- name: SERVICE_NAMESPACE # namespace of the service
65 | # objref:
66 | # kind: Service
67 | # version: v1
68 | # name: webhook-service
69 | # fieldref:
70 | # fieldpath: metadata.namespace
71 | #- name: SERVICE_NAME
72 | # objref:
73 | # kind: Service
74 | # version: v1
75 | # name: webhook-service
76 |
--------------------------------------------------------------------------------
/config/default/manager_auth_proxy_patch.yaml:
--------------------------------------------------------------------------------
1 | # This patch inject a sidecar container which is a HTTP proxy for the
2 | # controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
3 | apiVersion: apps/v1
4 | kind: Deployment
5 | metadata:
6 | name: controller-manager
7 | namespace: system
8 | spec:
9 | template:
10 | spec:
11 | containers:
12 | - name: kube-rbac-proxy
13 | image: kubesphere/kube-rbac-proxy:v0.11.0
14 | args:
15 | - "--secure-listen-address=0.0.0.0:8443"
16 | - "--upstream=http://127.0.0.1:8080/"
17 | - "--logtostderr=true"
18 | - "--v=0"
19 | ports:
20 | - containerPort: 8443
21 | protocol: TCP
22 | name: https
23 | resources:
24 | limits:
25 | cpu: 500m
26 | memory: 128Mi
27 | requests:
28 | cpu: 5m
29 | memory: 64Mi
30 | - name: manager
31 | args:
32 | - "--health-probe-bind-address=:8081"
33 | - "--metrics-bind-address=127.0.0.1:8080"
34 | - "--leader-elect"
35 |
--------------------------------------------------------------------------------
/config/default/manager_config_patch.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: controller-manager
5 | namespace: system
6 | spec:
7 | template:
8 | spec:
9 | containers:
10 | - name: manager
11 | args:
12 | - "--config=controller_manager_config.yaml"
13 | volumeMounts:
14 | - name: manager-config
15 | mountPath: /controller_manager_config.yaml
16 | subPath: controller_manager_config.yaml
17 | volumes:
18 | - name: manager-config
19 | configMap:
20 | name: manager-config
21 |
--------------------------------------------------------------------------------
/config/manager/apiserver.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: apiserver
5 | namespace: system
6 | spec:
7 | selector:
8 | control-plane: kubeeye-controller-manager
9 | ports:
10 | - protocol: TCP
11 | port: 9090
12 | targetPort: 9090
13 | type: ClusterIP
14 |
15 | #---
16 | #apiVersion: apps/v1
17 | #kind: Deployment
18 | #metadata:
19 | # name: apiserver
20 | # namespace: system
21 | # labels:
22 | # app: kubeeye-apiserver
23 | #spec:
24 | # replicas: 1
25 | # selector:
26 | # matchLabels:
27 | # app: kubeeye-apiserver
28 | # template:
29 | # metadata:
30 | # name: kubeeye-apiserver
31 | # labels:
32 | # app: kubeeye-apiserver
33 | # spec:
34 | # containers:
35 | # - name: kubeeye-apiserver
36 | # image: kubespheredev/kubeeye-apiserver:latest
37 | # imagePullPolicy: IfNotPresent
38 | # env:
39 | # - name: GIN_MODE
40 | # value: release
41 | # volumeMounts:
42 | # - mountPath: /etc/localtime
43 | # name: localtime
44 | # - mountPath: /kubeeye/data
45 | # readOnly: true
46 | # name: inspect-result
47 | # livenessProbe:
48 | # initialDelaySeconds: 15
49 | # timeoutSeconds: 10
50 | # periodSeconds: 20
51 | # httpGet:
52 | # port: 9090
53 | # path: /readyz
54 | # readinessProbe:
55 | # periodSeconds: 10
56 | # timeoutSeconds: 10
57 | # initialDelaySeconds: 5
58 | # httpGet:
59 | # port: 9090
60 | # path: /healthz
61 | # resources:
62 | # limits:
63 | # cpu: 500m
64 | # memory: 256Mi
65 | # requests:
66 | # cpu: 100m
67 | # memory: 128Mi
68 | # serviceAccountName: controller-manager
69 | # securityContext:
70 | # fsGroup: 1000
71 | # runAsNonRoot: true
72 | # volumes:
73 | # - name: localtime
74 | # hostPath:
75 | # path: /etc/localtime
76 | # - name: inspect-result
77 | # persistentVolumeClaim:
78 | # claimName: inspect-result
79 | # restartPolicy: Always
80 | # strategy:
81 | # type: RollingUpdate
82 | # rollingUpdate:
83 | # maxUnavailable: 25%
84 | # maxSurge: 25%
85 |
--------------------------------------------------------------------------------
/config/manager/controller_manager_config.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: controller-runtime.sigs.k8s.io/v1alpha1
2 | kind: ControllerManagerConfig
3 | health:
4 | healthProbeBindAddress: :8081
5 | metrics:
6 | bindAddress: 127.0.0.1:8080
7 | webhook:
8 | port: 9443
9 | leaderElection:
10 | leaderElect: true
11 | resourceName: fa68b2a3.kubesphere.io
12 |
--------------------------------------------------------------------------------
/config/manager/kubeeye-config.yaml:
--------------------------------------------------------------------------------
1 | kind: ConfigMap
2 | apiVersion: v1
3 | metadata:
4 | name: config
5 | namespace: system
6 | data:
7 | config: |
8 | job:
9 | autoDelTime: 30
10 | backLimit: 5
11 | image: kubespheredev/kubeeye-job:latest
12 | imagePullPolicy: IfNotPresent
13 | resources:
14 | limits:
15 | cpu: 1000m
16 | memory: 512Mi
17 | requests:
18 | cpu: 50m
19 | memory: 256Mi
20 | multiCluster:
21 | member1:
22 | image: kubespheredev/kubeeye-job:latest
23 | imagePullPolicy: IfNotPresent
--------------------------------------------------------------------------------
/config/manager/kustomization.yaml:
--------------------------------------------------------------------------------
1 | resources:
2 | - manager.yaml
3 | - kubeeye-config.yaml
4 | - apiserver.yaml
5 |
6 | generatorOptions:
7 | disableNameSuffixHash: true
8 |
9 | configMapGenerator:
10 | - files:
11 | - controller_manager_config.yaml
12 | name: manager-config
13 | apiVersion: kustomize.config.k8s.io/v1beta1
14 | kind: Kustomization
15 | images:
16 | - name: controller
17 | newName: kubespheredev/kubeeye-controller
18 | newTag: latest
19 |
--------------------------------------------------------------------------------
/config/manager/manager.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Namespace
3 | metadata:
4 | labels:
5 | control-plane: kubeeye-controller-manager
6 | name: system
7 | ---
8 | apiVersion: apps/v1
9 | kind: Deployment
10 | metadata:
11 | name: controller-manager
12 | namespace: system
13 | labels:
14 | control-plane: kubeeye-controller-manager
15 | spec:
16 | selector:
17 | matchLabels:
18 | control-plane: kubeeye-controller-manager
19 | replicas: 1
20 | template:
21 | metadata:
22 | annotations:
23 | kubectl.kubernetes.io/default-container: manager
24 | labels:
25 | control-plane: kubeeye-controller-manager
26 | spec:
27 | securityContext:
28 | runAsNonRoot: true
29 | fsGroup: 1000
30 | containers:
31 | - args:
32 | - --leader-elect
33 | image: controller:latest
34 | imagePullPolicy: IfNotPresent
35 | name: manager
36 | securityContext:
37 | allowPrivilegeEscalation: false
38 | livenessProbe:
39 | httpGet:
40 | path: /healthz
41 | port: 8081
42 | initialDelaySeconds: 15
43 | periodSeconds: 20
44 | readinessProbe:
45 | httpGet:
46 | path: /readyz
47 | port: 8081
48 | initialDelaySeconds: 5
49 | periodSeconds: 10
50 | resources:
51 | limits:
52 | cpu: 1500m
53 | memory: 2048Mi
54 | requests:
55 | cpu: 200m
56 | memory: 256Mi
57 | volumeMounts:
58 | - mountPath: /kubeeye/data
59 | name: inspect-result
60 | - mountPath: /etc/localtime
61 | name: localtime
62 | - name: kubeeye-apiserver
63 | image: kubespheredev/kubeeye-apiserver:latest
64 | imagePullPolicy: IfNotPresent
65 | env:
66 | - name: GIN_MODE
67 | value: release
68 | - name: DISABLE_SYSTEM_COMPONENT
69 | value: "true"
70 | - name: DISABLE_OVERVIEW
71 | value: "true"
72 | volumeMounts:
73 | - mountPath: /etc/localtime
74 | name: localtime
75 | - mountPath: /kubeeye/data
76 | readOnly: true
77 | name: inspect-result
78 | livenessProbe:
79 | initialDelaySeconds: 15
80 | timeoutSeconds: 10
81 | periodSeconds: 20
82 | httpGet:
83 | port: 9090
84 | path: /readyz
85 | readinessProbe:
86 | periodSeconds: 10
87 | timeoutSeconds: 10
88 | initialDelaySeconds: 5
89 | httpGet:
90 | port: 9090
91 | path: /healthz
92 | resources:
93 | limits:
94 | cpu: 500m
95 | memory: 256Mi
96 | requests:
97 | cpu: 100m
98 | memory: 128Mi
99 | serviceAccountName: controller-manager
100 | terminationGracePeriodSeconds: 10
101 | volumes:
102 | - name: inspect-result
103 | persistentVolumeClaim:
104 | claimName: inspect-result
105 | - name: localtime
106 | hostPath:
107 | path: /etc/localtime
108 |
--------------------------------------------------------------------------------
/config/prometheus/kustomization.yaml:
--------------------------------------------------------------------------------
1 | resources:
2 | - monitor.yaml
3 |
--------------------------------------------------------------------------------
/config/prometheus/monitor.yaml:
--------------------------------------------------------------------------------
1 |
2 | # Prometheus Monitor Service (Metrics)
3 | apiVersion: monitoring.coreos.com/v1
4 | kind: ServiceMonitor
5 | metadata:
6 | labels:
7 | control-plane: kubeeye-controller-manager
8 | name: controller-manager-metrics-monitor
9 | namespace: system
10 | spec:
11 | endpoints:
12 | - path: /metrics
13 | port: https
14 | scheme: https
15 | bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
16 | tlsConfig:
17 | insecureSkipVerify: true
18 | selector:
19 | matchLabels:
20 | control-plane: kubeeye-controller-manager
21 |
--------------------------------------------------------------------------------
/config/rbac/auth_proxy_client_clusterrole.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: rbac.authorization.k8s.io/v1
2 | kind: ClusterRole
3 | metadata:
4 | name: metrics-reader
5 | rules:
6 | - nonResourceURLs:
7 | - "/metrics"
8 | verbs:
9 | - get
10 |
--------------------------------------------------------------------------------
/config/rbac/auth_proxy_role.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: rbac.authorization.k8s.io/v1
2 | kind: ClusterRole
3 | metadata:
4 | name: proxy-role
5 | rules:
6 | - apiGroups:
7 | - authentication.k8s.io
8 | resources:
9 | - tokenreviews
10 | verbs:
11 | - create
12 | - apiGroups:
13 | - authorization.k8s.io
14 | resources:
15 | - subjectaccessreviews
16 | verbs:
17 | - create
18 |
--------------------------------------------------------------------------------
/config/rbac/auth_proxy_role_binding.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: rbac.authorization.k8s.io/v1
2 | kind: ClusterRoleBinding
3 | metadata:
4 | name: proxy-rolebinding
5 | roleRef:
6 | apiGroup: rbac.authorization.k8s.io
7 | kind: ClusterRole
8 | name: proxy-role
9 | subjects:
10 | - kind: ServiceAccount
11 | name: controller-manager
12 | namespace: system
13 |
--------------------------------------------------------------------------------
/config/rbac/auth_proxy_service.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | labels:
5 | control-plane: kubeeye-controller-manager
6 | name: controller-manager-metrics-service
7 | namespace: system
8 | spec:
9 | ports:
10 | - name: https
11 | port: 8443
12 | protocol: TCP
13 | targetPort: https
14 | selector:
15 | control-plane: kubeeye-controller-manager
16 |
--------------------------------------------------------------------------------
/config/rbac/inspect_editor_role.yaml:
--------------------------------------------------------------------------------
1 | # permissions for end users to edit insights.
2 | apiVersion: rbac.authorization.k8s.io/v1
3 | kind: ClusterRole
4 | metadata:
5 | labels:
6 | app.kubernetes.io/name: clusterrole
7 | app.kubernetes.io/instance: inspectrules-editor-role
8 | app.kubernetes.io/component: rbac
9 | app.kubernetes.io/created-by: kubeeye
10 | app.kubernetes.io/part-of: kubeeye
11 | app.kubernetes.io/managed-by: kustomize
12 | name: inspectrules-editor-role
13 | rules:
14 | - apiGroups:
15 | - kubeeye.kubesphere.io
16 | resources:
17 | - inspectrules
18 | verbs:
19 | - create
20 | - delete
21 | - get
22 | - list
23 | - patch
24 | - update
25 | - watch
26 | - apiGroups:
27 | - kubeeye.kubesphere.io
28 | resources:
29 | - inspectrules/status
30 | verbs:
31 | - get
32 |
--------------------------------------------------------------------------------
/config/rbac/inspect_viewer_role.yaml:
--------------------------------------------------------------------------------
1 | # permissions for end users to view insights.
2 | apiVersion: rbac.authorization.k8s.io/v1
3 | kind: ClusterRole
4 | metadata:
5 | labels:
6 | app.kubernetes.io/name: clusterrole
7 | app.kubernetes.io/instance: inspectrules-viewer-role
8 | app.kubernetes.io/component: rbac
9 | app.kubernetes.io/created-by: kubeeye
10 | app.kubernetes.io/part-of: kubeeye
11 | app.kubernetes.io/managed-by: kustomize
12 | name: inspectrules-viewer-role
13 | rules:
14 | - apiGroups:
15 | - kubeeye.kubesphere.io
16 | resources:
17 | - inspectrules
18 | verbs:
19 | - get
20 | - list
21 | - watch
22 | - apiGroups:
23 | - kubeeye.kubesphere.io
24 | resources:
25 | - inspectrules/status
26 | verbs:
27 | - get
28 |
--------------------------------------------------------------------------------
/config/rbac/inspectplan_editor_role.yaml:
--------------------------------------------------------------------------------
1 | # permissions for end users to edit auditplans.
2 | apiVersion: rbac.authorization.k8s.io/v1
3 | kind: ClusterRole
4 | metadata:
5 | name: inspectplan-editor-role
6 | rules:
7 | - apiGroups:
8 | - kubeeye.kubesphere.io
9 | resources:
10 | - inspectplans
11 | verbs:
12 | - create
13 | - delete
14 | - get
15 | - list
16 | - patch
17 | - update
18 | - watch
19 | - apiGroups:
20 | - kubeeye.kubesphere.io
21 | resources:
22 | - inspectplans/status
23 | verbs:
24 | - get
25 |
--------------------------------------------------------------------------------
/config/rbac/inspectplan_viewer_role.yaml:
--------------------------------------------------------------------------------
1 | # permissions for end users to view auditplans.
2 | apiVersion: rbac.authorization.k8s.io/v1
3 | kind: ClusterRole
4 | metadata:
5 | name: inspectplan-viewer-role
6 | rules:
7 | - apiGroups:
8 | - kubeeye.kubesphere.io
9 | resources:
10 | - inspectplans
11 | verbs:
12 | - get
13 | - list
14 | - watch
15 | - apiGroups:
16 | - kubeeye.kubesphere.io
17 | resources:
18 | - inspectplans/status
19 | verbs:
20 | - get
21 |
--------------------------------------------------------------------------------
/config/rbac/inspectresult_editor_role.yaml:
--------------------------------------------------------------------------------
1 | # permissions for end users to edit inspectresults.
2 | apiVersion: rbac.authorization.k8s.io/v1
3 | kind: ClusterRole
4 | metadata:
5 | labels:
6 | app.kubernetes.io/name: clusterrole
7 | app.kubernetes.io/instance: inspectresult-editor-role
8 | app.kubernetes.io/component: rbac
9 | app.kubernetes.io/created-by: kubeeye
10 | app.kubernetes.io/part-of: kubeeye
11 | app.kubernetes.io/managed-by: kustomize
12 | name: inspectresult-editor-role
13 | rules:
14 | - apiGroups:
15 | - kubeeye.kubesphere.io
16 | resources:
17 | - inspectresults
18 | verbs:
19 | - create
20 | - delete
21 | - get
22 | - list
23 | - patch
24 | - update
25 | - watch
26 | - apiGroups:
27 | - kubeeye.kubesphere.io
28 | resources:
29 | - inspectresults/status
30 | verbs:
31 | - get
32 |
--------------------------------------------------------------------------------
/config/rbac/inspectresult_viewer_role.yaml:
--------------------------------------------------------------------------------
1 | # permissions for end users to view inspectresults.
2 | apiVersion: rbac.authorization.k8s.io/v1
3 | kind: ClusterRole
4 | metadata:
5 | labels:
6 | app.kubernetes.io/name: clusterrole
7 | app.kubernetes.io/instance: inspectresult-viewer-role
8 | app.kubernetes.io/component: rbac
9 | app.kubernetes.io/created-by: kubeeye
10 | app.kubernetes.io/part-of: kubeeye
11 | app.kubernetes.io/managed-by: kustomize
12 | name: inspectresult-viewer-role
13 | rules:
14 | - apiGroups:
15 | - kubeeye.kubesphere.io
16 | resources:
17 | - inspectresults
18 | verbs:
19 | - get
20 | - list
21 | - watch
22 | - apiGroups:
23 | - kubeeye.kubesphere.io
24 | resources:
25 | - inspectresults/status
26 | verbs:
27 | - get
28 |
--------------------------------------------------------------------------------
/config/rbac/inspecttask_editor_role.yaml:
--------------------------------------------------------------------------------
1 | # permissions for end users to edit audittasks.
2 | apiVersion: rbac.authorization.k8s.io/v1
3 | kind: ClusterRole
4 | metadata:
5 | name: inspecttask-editor-role
6 | rules:
7 | - apiGroups:
8 | - kubeeye.kubesphere.io
9 | resources:
10 | - inspecttasks
11 | verbs:
12 | - create
13 | - delete
14 | - get
15 | - list
16 | - patch
17 | - update
18 | - watch
19 | - apiGroups:
20 | - kubeeye.kubesphere.io
21 | resources:
22 | - inspecttasks/status
23 | verbs:
24 | - get
25 |
--------------------------------------------------------------------------------
/config/rbac/inspecttask_viewer_role.yaml:
--------------------------------------------------------------------------------
1 | # permissions for end users to view audittasks.
2 | apiVersion: rbac.authorization.k8s.io/v1
3 | kind: ClusterRole
4 | metadata:
5 | name: inspecttask-viewer-role
6 | rules:
7 | - apiGroups:
8 | - kubeeye.kubesphere.io
9 | resources:
10 | - inspecttasks
11 | verbs:
12 | - get
13 | - list
14 | - watch
15 | - apiGroups:
16 | - kubeeye.kubesphere.io
17 | resources:
18 | - inspecttasks/status
19 | verbs:
20 | - get
21 |
--------------------------------------------------------------------------------
/config/rbac/kustomization.yaml:
--------------------------------------------------------------------------------
1 | resources:
2 | # All RBAC will be applied under this service account in
3 | # the deployment namespace. You may comment out this resource
4 | # if your manager will use a service account that exists at
5 | # runtime. Be sure to update RoleBinding and ClusterRoleBinding
6 | # subjects if changing service account names.
7 | - service_account.yaml
8 | - role.yaml
9 | - role_binding.yaml
10 | - leader_election_role.yaml
11 | - leader_election_role_binding.yaml
12 | # Comment the following 4 lines if you want to disable
13 | # the auth proxy (https://github.com/brancz/kube-rbac-proxy)
14 | # which protects your /metrics endpoint.
15 | - auth_proxy_service.yaml
16 | - auth_proxy_role.yaml
17 | - auth_proxy_role_binding.yaml
18 | - auth_proxy_client_clusterrole.yaml
19 |
--------------------------------------------------------------------------------
/config/rbac/leader_election_role.yaml:
--------------------------------------------------------------------------------
1 | # permissions to do leader election.
2 | apiVersion: rbac.authorization.k8s.io/v1
3 | kind: Role
4 | metadata:
5 | name: leader-election-role
6 | rules:
7 | - apiGroups:
8 | - ""
9 | resources:
10 | - configmaps
11 | verbs:
12 | - get
13 | - list
14 | - watch
15 | - create
16 | - update
17 | - patch
18 | - delete
19 | - apiGroups:
20 | - coordination.k8s.io
21 | resources:
22 | - leases
23 | verbs:
24 | - get
25 | - list
26 | - watch
27 | - create
28 | - update
29 | - patch
30 | - delete
31 | - apiGroups:
32 | - ""
33 | resources:
34 | - events
35 | verbs:
36 | - create
37 | - patch
38 |
--------------------------------------------------------------------------------
/config/rbac/leader_election_role_binding.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: rbac.authorization.k8s.io/v1
2 | kind: RoleBinding
3 | metadata:
4 | name: leader-election-rolebinding
5 | roleRef:
6 | apiGroup: rbac.authorization.k8s.io
7 | kind: Role
8 | name: leader-election-role
9 | subjects:
10 | - kind: ServiceAccount
11 | name: controller-manager
12 | namespace: system
13 |
--------------------------------------------------------------------------------
/config/rbac/role.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: rbac.authorization.k8s.io/v1
3 | kind: ClusterRole
4 | metadata:
5 | name: manager-role
6 | rules:
7 | - apiGroups:
8 | - ""
9 | resources:
10 | - configmaps
11 | verbs:
12 | - deletecollection
13 | - get
14 | - list
15 | - watch
16 | - apiGroups:
17 | - ""
18 | resources:
19 | - namespaces
20 | verbs:
21 | - create
22 | - get
23 | - list
24 | - watch
25 | - apiGroups:
26 | - ""
27 | resources:
28 | - nodes
29 | - pods
30 | - secrets
31 | - services
32 | verbs:
33 | - get
34 | - list
35 | - watch
36 | - apiGroups:
37 | - ""
38 | resources:
39 | - serviceaccounts
40 | verbs:
41 | - create
42 | - delete
43 | - apiGroups:
44 | - batch
45 | resources:
46 | - jobs
47 | verbs:
48 | - create
49 | - delete
50 | - get
51 | - apiGroups:
52 | - cluster.kubesphere.io
53 | resources:
54 | - clusters
55 | verbs:
56 | - get
57 | - apiGroups:
58 | - kubeeye.kubesphere.io
59 | resources:
60 | - inspectplans
61 | - inspectresults
62 | - inspectrules
63 | - inspecttasks
64 | verbs:
65 | - create
66 | - delete
67 | - get
68 | - list
69 | - patch
70 | - update
71 | - watch
72 | - apiGroups:
73 | - kubeeye.kubesphere.io
74 | resources:
75 | - inspectplans/finalizers
76 | - inspectresults/finalizers
77 | - inspectrules/finalizers
78 | - inspecttasks/finalizers
79 | verbs:
80 | - update
81 | - apiGroups:
82 | - kubeeye.kubesphere.io
83 | resources:
84 | - inspectplans/status
85 | - inspectresults/status
86 | - inspectrules/status
87 | - inspecttasks/status
88 | verbs:
89 | - get
90 | - patch
91 | - update
92 | - apiGroups:
93 | - rbac.authorization.k8s.io
94 | resources:
95 | - clusterrolebindings
96 | - clusterroles
97 | verbs:
98 | - '*'
99 |
--------------------------------------------------------------------------------
/config/rbac/role_binding.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: rbac.authorization.k8s.io/v1
2 | kind: ClusterRoleBinding
3 | metadata:
4 | name: manager-rolebinding
5 | roleRef:
6 | apiGroup: rbac.authorization.k8s.io
7 | kind: ClusterRole
8 | name: manager-role
9 | subjects:
10 | - kind: ServiceAccount
11 | name: controller-manager
12 | namespace: system
13 |
--------------------------------------------------------------------------------
/config/rbac/service_account.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ServiceAccount
3 | metadata:
4 | name: controller-manager
5 | namespace: system
6 |
--------------------------------------------------------------------------------
/config/samples/kubeeye_v1alpha2_inspectresult.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kubeeye.kubesphere.io/v1alpha2
2 | kind: InspectResult
3 | metadata:
4 | labels:
5 | app.kubernetes.io/name: inspectresult
6 | app.kubernetes.io/instance: inspectresult-sample
7 | app.kubernetes.io/part-of: kubeeye
8 | app.kubernetes.io/managed-by: kustomize
9 | app.kubernetes.io/created-by: kubeeye
10 | name: inspectresult-sample
11 | spec:
12 | # TODO(user): Add fields here
13 |
--------------------------------------------------------------------------------
/config/storage/inspect-result.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: PersistentVolumeClaim
3 | metadata:
4 | name: inspect-result
5 | namespace: system
6 | spec:
7 | accessModes:
8 | - ReadWriteOnce
9 | volumeMode: Filesystem
10 | resources:
11 | requests:
12 | storage: 10Gi
13 |
14 |
--------------------------------------------------------------------------------
/config/storage/kustomization.yaml:
--------------------------------------------------------------------------------
1 | resources:
2 | - inspect-result.yaml
3 |
--------------------------------------------------------------------------------
/cover.out:
--------------------------------------------------------------------------------
1 | mode: set
2 | github.com/kubesphere/kubeeye/controllers/kubeeye/clusterinsight_controller.go:61.106,66.71 3 0
3 | github.com/kubesphere/kubeeye/controllers/kubeeye/clusterinsight_controller.go:74.2,76.16 2 0
4 | github.com/kubesphere/kubeeye/controllers/kubeeye/clusterinsight_controller.go:82.2,84.16 3 0
5 | github.com/kubesphere/kubeeye/controllers/kubeeye/clusterinsight_controller.go:89.2,99.46 5 0
6 | github.com/kubesphere/kubeeye/controllers/kubeeye/clusterinsight_controller.go:108.2,108.63 1 0
7 | github.com/kubesphere/kubeeye/controllers/kubeeye/clusterinsight_controller.go:113.2,116.43 2 0
8 | github.com/kubesphere/kubeeye/controllers/kubeeye/clusterinsight_controller.go:120.2,121.16 2 0
9 | github.com/kubesphere/kubeeye/controllers/kubeeye/clusterinsight_controller.go:126.2,126.56 1 0
10 | github.com/kubesphere/kubeeye/controllers/kubeeye/clusterinsight_controller.go:66.71,67.30 1 0
11 | github.com/kubesphere/kubeeye/controllers/kubeeye/clusterinsight_controller.go:67.30,70.4 2 0
12 | github.com/kubesphere/kubeeye/controllers/kubeeye/clusterinsight_controller.go:76.16,79.3 2 0
13 | github.com/kubesphere/kubeeye/controllers/kubeeye/clusterinsight_controller.go:84.16,87.3 2 0
14 | github.com/kubesphere/kubeeye/controllers/kubeeye/clusterinsight_controller.go:99.46,100.44 1 0
15 | github.com/kubesphere/kubeeye/controllers/kubeeye/clusterinsight_controller.go:100.44,101.34 1 0
16 | github.com/kubesphere/kubeeye/controllers/kubeeye/clusterinsight_controller.go:101.34,103.5 1 0
17 | github.com/kubesphere/kubeeye/controllers/kubeeye/clusterinsight_controller.go:108.63,111.3 2 0
18 | github.com/kubesphere/kubeeye/controllers/kubeeye/clusterinsight_controller.go:116.43,118.3 1 0
19 | github.com/kubesphere/kubeeye/controllers/kubeeye/clusterinsight_controller.go:121.16,124.3 2 0
20 | github.com/kubesphere/kubeeye/controllers/kubeeye/clusterinsight_controller.go:130.77,134.2 1 0
21 | github.com/kubesphere/kubeeye/controllers/kubeeye/clusterinsight_controller.go:136.93,143.2 6 0
22 |
--------------------------------------------------------------------------------
/docs/check-content_zh-CN.md:
--------------------------------------------------------------------------------
1 | * 所有节点是否Ready
2 | * 集群基本信息
3 | * 集群基本组件是否正常
4 | * pod是否Running
5 | * cpuLimit是否设置
6 | * cpuRequest是否设置
7 | * memoryLimit是否设置
8 | * memoryRequest是否设置
9 | * 镜像tag是否设置
10 | * 是否特权模式运行
11 | * 是否用root用户执行
12 | * readinessProbe是否设置
13 | * livenessProbe是否设置
14 | * 镜像拉取策略是否为Always
15 | * hostNetwork是否设置
16 | * hostPort是否设置
17 | * 节点内核是否死锁
18 | * 节点内存是否出现OOM
19 | * 节点是否出现TaskHung
20 | * 节点是否出现UnregisterNetDevice
21 | * 节点是否出现内核空指针
22 | * 节点是否出现Ext4Error
23 | * 节点是否出现Ext4Warning
24 | * 节点是否出现AUFSUmountHung
25 | * 节点是否出现DockerHung
26 | * 节点Kubelet是否正常
27 | * 节点是否出现CorruptDockerImage
28 | * 节点是否出现CorruptDockerOverlay2
29 | * 节点是否出现DockerContainerStartupFailure
30 | * 节点kubelet是否正常
31 | * pod里镜像拉取不到检测
32 | * pod里No such file or directory字样检测
33 | * pod里I/O error字样检测
34 | * pod里 No such device or address字样检测
35 | * pod里 Device or resource busy字样检测
36 | * pod里 File exists字样检测
37 | * pod里 Not a directory字样检测
38 | * pod里 Invalid argument字样检测
39 | * pod里 Too many open files字样检测
40 | * pod里 No space left on device字样检测
41 |
42 |
--------------------------------------------------------------------------------
/docs/images/KubeEye-O.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kubesphere/kubeeye/6ebcd03de9d343e2451047ab2bfe1967ef341871/docs/images/KubeEye-O.jpg
--------------------------------------------------------------------------------
/docs/images/KubeEye-O.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/images/KubeEye.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kubesphere/kubeeye/6ebcd03de9d343e2451047ab2bfe1967ef341871/docs/images/KubeEye.jpg
--------------------------------------------------------------------------------
/docs/images/KubeEye.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/docs/images/kubeeye-architecture-new.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kubesphere/kubeeye/6ebcd03de9d343e2451047ab2bfe1967ef341871/docs/images/kubeeye-architecture-new.png
--------------------------------------------------------------------------------
/docs/images/kubeeye-architecture.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kubesphere/kubeeye/6ebcd03de9d343e2451047ab2bfe1967ef341871/docs/images/kubeeye-architecture.png
--------------------------------------------------------------------------------
/docs/images/kubeeye-logo-vertical.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kubesphere/kubeeye/6ebcd03de9d343e2451047ab2bfe1967ef341871/docs/images/kubeeye-logo-vertical.jpg
--------------------------------------------------------------------------------
/docs/images/kubeeye-logo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kubesphere/kubeeye/6ebcd03de9d343e2451047ab2bfe1967ef341871/docs/images/kubeeye-logo.png
--------------------------------------------------------------------------------
/docs/roadmap.md:
--------------------------------------------------------------------------------
1 | # Roadmap of KubeEye
2 |
3 | KubeEye Roadmap demonstrates a list of open-source product development plans, as well as KubeSphere community's anticipation. Obviously, it details the future's direction of KubeEye, but may change over time. We hope the Roadmap can help you get familiar with the project plans and vision. If you have any better ideas, welcome to filing [Issues](https://github.com/kubesphere/kubeeye/issues).
4 |
5 | ## v0.1.0
6 |
7 | ### Features:
8 |
9 | - KubeEye command-line tool:
10 |
11 | Functional requirements:
12 |
13 | - [x] Standalone operation.
14 |
15 | - [x] Check k8s cluster resource configuration and events.
16 |
17 | - [x] Provide API interface.
18 |
19 | - [ ] Install the console.
20 |
21 | - [ ] Provide installation methods for installing more cluster review components, such as installing NPD and kube-bench.
22 |
23 | - [ ] Able to collect node information and review by using KubeEye Collector.
24 |
25 | - KubeEye console:
26 |
27 | Functional requirements:
28 |
29 | - [ ] Able to call KubeEye command-line tool to get inspection results.
30 |
31 | - [ ] Display the inspection results on the web page.
32 |
33 | - [ ] Store inspection results and view historical inspection results on the web page.
34 |
35 | - [ ] Reflect the changing trend of cluster inspection on the web page.
36 |
37 | - [ ] Download inspection results on the web page.
38 |
39 | - [ ] Make modification suggestions to each inspection result.
40 |
--------------------------------------------------------------------------------
/examples/test/main.go:
--------------------------------------------------------------------------------
1 | package main
2 |
3 | func main() {
4 |
5 | }
6 |
--------------------------------------------------------------------------------
/examples/tmp/imageRegistryRule.rego:
--------------------------------------------------------------------------------
1 | package kubeeye_workloads_rego
2 |
3 | deny[msg] {
4 | resource := input
5 | type := resource.Object.kind
6 | resourcename := resource.Object.metadata.name
7 | resourcenamespace := resource.Object.metadata.namespace
8 | type == "Pod"
9 |
10 | PodImageRegistryRule(resource)
11 |
12 | msg := {
13 | "Name": sprintf("%v", [resourcename]),
14 | "Namespace": sprintf("%v", [resourcenamespace]),
15 | "Type": sprintf("%v", [type]),
16 | "Message": "ImageTagIsLatest"
17 | }
18 | }
19 |
20 | PodImageRegistryRule(resource) {
21 | regex.match("^myregistry.public.kubesphere/basic/.+", input.Object.spec.containers[_].image)
22 | }
23 |
24 | deny[msg] {
25 | resource := input
26 | type := resource.Object.kind
27 | resourcename := resource.Object.metadata.name
28 | resourcenamespace := resource.Object.metadata.namespace
29 | workloadsType := {"Deployment","ReplicaSet","DaemonSet","StatefulSet","Job"}
30 | workloadsType[type]
31 |
32 | not workloadsImageRegistryRule(resource)
33 |
34 | msg := {
35 | "Name": sprintf("%v", [resourcename]),
36 | "Namespace": sprintf("%v", [resourcenamespace]),
37 | "Type": sprintf("%v", [type]),
38 | "Message": "ImageRegistryNotmyregistry"
39 | }
40 | }
41 |
42 | workloadsImageRegistryRule(resource) {
43 | regex.match("^myregistry.public.kubesphere/basic/.+", resource.Object.spec.template.spec.containers[_].image)
44 | }
45 |
46 | deny[msg] {
47 | resource := input
48 | type := resource.Object.kind
49 | resourcename := resource.Object.metadata.name
50 | resourcenamespace := resource.Object.metadata.namespace
51 | type == "CronJob"
52 |
53 | CronJobImageRegistryRule(resource)
54 |
55 | msg := {
56 | "Name": sprintf("%v", [resourcename]),
57 | "Namespace": sprintf("%v", [resourcenamespace]),
58 | "Type": sprintf("%v", [type]),
59 | "Message": "ImageTagIsLatest"
60 | }
61 | }
62 |
63 | CronJobImageRegistryRule(resource) {
64 | regex.match("^myregistry.public.kubesphere/basic/.+", resource.Object.spec.jobTemplate.spec.template.spec.containers[_].image)
65 | }
--------------------------------------------------------------------------------
/hack/boilerplate.go.txt:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2022.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
--------------------------------------------------------------------------------
/hack/docker_build_multiarch.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 |
3 | set -ex
4 | set -o pipefail
5 |
6 | KUBE_ROOT=$(dirname "${BASH_SOURCE[0]}")/..
7 | source "${KUBE_ROOT}/hack/lib/init.sh"
8 |
9 | # push to kubeeye with default latest tag
10 | TAG=${TAG:-latest}
11 | REPO=${REPO:-kubesphere}
12 | PUSH=${PUSH:-}
13 |
14 | # support other container tools. e.g. podman
15 | CONTAINER_CLI=${CONTAINER_CLI:-docker}
16 | CONTAINER_BUILDER=${CONTAINER_BUILDER:-"buildx build"}
17 |
18 | # If set, just building, no pushing
19 | if [[ -z "${DRY_RUN:-}" ]]; then
20 | PUSH="--push"
21 | fi
22 |
23 | # supported platforms
24 | PLATFORMS=linux/amd64,linux/arm64
25 |
26 | # shellcheck disable=SC2086 # inteneded splitting of CONTAINER_BUILDER
27 | ${CONTAINER_CLI} ${CONTAINER_BUILDER} \
28 | --platform ${PLATFORMS} \
29 | ${PUSH} \
30 | -f Dockerfile \
31 | -t "${REPO}"/kubeeye:"${TAG}" .
32 |
--------------------------------------------------------------------------------
/hack/generate_client.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | set -e
4 |
5 | GV="bolingcavalry:v1"
6 |
7 | rm -rf ./pkg/clients
8 | ./hack/generate_group.sh "client,lister,informer" k8s_customize_controller/pkg/clients k8s_customize_controller/pkg/apis "${GV}" --output-base=./ -h "$PWD/hack/boilerplate.go.txt" -v 10
9 | mv k8s_customize_controller/pkg/clients ./pkg/
10 | rm -rf ./k8s_customize_controller
11 |
--------------------------------------------------------------------------------
/hack/lib/golang.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 |
3 | # This is a modified version of Kubernetes
4 | KUBE_GO_PACKAGE=kubesphere.io/kubesphere
5 |
6 | # Ensure the go tool exists and is a viable version.
7 | kube::golang::verify_go_version() {
8 | if [[ -z "$(command -v go)" ]]; then
9 | kube::log::usage_from_stdin <&1)
43 | # Y=$(kube::readlinkdashf $1 2>&1)
44 | # if [ "$X" != "$Y" ]; then
45 | # echo readlinkdashf $1: expected "$X", got "$Y"
46 | # fi
47 | # }
48 | # testone /
49 | # testone /tmp
50 | # testone $T
51 | # testone $T/file
52 | # testone $T/dir
53 | # testone $T/linkfile
54 | # testone $T/linkdir
55 | # testone $T/nonexistant
56 | # testone $T/linkdir/file
57 | # testone $T/linkdir/dir
58 | # testone $T/linkdir/linkfile
59 | # testone $T/linkdir/linkdir
60 | function kube::readlinkdashf {
61 | # run in a subshell for simpler 'cd'
62 | (
63 | if [[ -d "${1}" ]]; then # This also catch symlinks to dirs.
64 | cd "${1}"
65 | pwd -P
66 | else
67 | cd "$(dirname "${1}")"
68 | local f
69 | f=$(basename "${1}")
70 | if [[ -L "${f}" ]]; then
71 | readlink "${f}"
72 | else
73 | echo "$(pwd -P)/${f}"
74 | fi
75 | fi
76 | )
77 | }
78 |
79 | # This emulates "realpath" which is not available on MacOS X
80 | # Test:
81 | # T=/tmp/$$.$RANDOM
82 | # mkdir $T
83 | # touch $T/file
84 | # mkdir $T/dir
85 | # ln -s $T/file $T/linkfile
86 | # ln -s $T/dir $T/linkdir
87 | # function testone() {
88 | # X=$(realpath $1 2>&1)
89 | # Y=$(kube::realpath $1 2>&1)
90 | # if [ "$X" != "$Y" ]; then
91 | # echo realpath $1: expected "$X", got "$Y"
92 | # fi
93 | # }
94 | # testone /
95 | # testone /tmp
96 | # testone $T
97 | # testone $T/file
98 | # testone $T/dir
99 | # testone $T/linkfile
100 | # testone $T/linkdir
101 | # testone $T/nonexistant
102 | # testone $T/linkdir/file
103 | # testone $T/linkdir/dir
104 | # testone $T/linkdir/linkfile
105 | # testone $T/linkdir/linkdir
106 | kube::realpath() {
107 | if [[ ! -e "${1}" ]]; then
108 | echo "${1}: No such file or directory" >&2
109 | return 1
110 | fi
111 | kube::readlinkdashf "${1}"
112 | }
--------------------------------------------------------------------------------
/hack/tools.go:
--------------------------------------------------------------------------------
1 | //go:build tools
2 | // +build tools
3 |
4 | /*
5 | Copyright 2020 The KubeSphere Authors.
6 |
7 | Licensed under the Apache License, Version 2.0 (the "License");
8 | you may not use this file except in compliance with the License.
9 | You may obtain a copy of the License at
10 |
11 | http://www.apache.org/licenses/LICENSE-2.0
12 |
13 | Unless required by applicable law or agreed to in writing, software
14 | distributed under the License is distributed on an "AS IS" BASIS,
15 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 | See the License for the specific language governing permissions and
17 | limitations under the License.
18 | */
19 |
20 | // This package imports things required by build scripts, to force `go mod` to see them as dependencies
21 | package tools
22 |
23 | import (
24 | _ "k8s.io/code-generator"
25 | )
26 |
--------------------------------------------------------------------------------
/hack/update-codegen.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 |
3 | set -o errexit
4 | set -o nounset
5 | set -o pipefail
6 |
7 | SCRIPT_DIR="$(dirname "${BASH_SOURCE[0]}")"
8 | SCRIPT_ROOT="${SCRIPT_DIR}/.."
9 | CODEGEN_PKG="${CODEGEN_PKG:-"${SCRIPT_ROOT}/vendor/k8s.io/code-generator"}"
10 |
11 | echo "Verifying environment..."
12 | echo "SCRIPT_ROOT: ${SCRIPT_ROOT}"
13 | echo "CODEGEN_PKG: ${CODEGEN_PKG}"
14 |
15 | # 验证必要文件存在
16 | if [ ! -f "${CODEGEN_PKG}/kube_codegen.sh" ]; then
17 | echo "Error: kube_codegen.sh not found at ${CODEGEN_PKG}/kube_codegen.sh"
18 | exit 1
19 | fi
20 |
21 | if [ ! -f "${SCRIPT_ROOT}/hack/boilerplate.go.txt" ]; then
22 | echo "Creating empty boilerplate.go.txt"
23 | touch "${SCRIPT_ROOT}/hack/boilerplate.go.txt"
24 | fi
25 |
26 | if [ ! -d "${SCRIPT_ROOT}/apis/kubeeye" ]; then
27 | echo "Error: APIs directory not found at ${SCRIPT_ROOT}/apis/kubeeye"
28 | exit 1
29 | fi
30 |
31 | source "${CODEGEN_PKG}/kube_codegen.sh"
32 |
33 | THIS_PKG="github.com/kubesphere/kubeeye"
34 |
35 | echo "Generating deepcopy functions..."
36 | kube::codegen::gen_helpers \
37 | --boilerplate "${SCRIPT_ROOT}/hack/boilerplate.go.txt" \
38 | "${SCRIPT_ROOT}"
39 |
40 | echo "Generating client code..."
41 | kube::codegen::gen_client \
42 | --with-watch \
43 | --with-applyconfig \
44 | --output-dir "${SCRIPT_ROOT}/clients" \
45 | --output-pkg "${THIS_PKG}/clients" \
46 | --boilerplate "${SCRIPT_ROOT}/hack/boilerplate.go.txt" \
47 | "${SCRIPT_ROOT}/apis"
48 |
49 |
--------------------------------------------------------------------------------
/hack/verify-codegen.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 |
3 | set -o errexit
4 | set -o nounset
5 | set -o pipefail
6 |
7 | SCRIPT_ROOT=$(dirname "${BASH_SOURCE[0]}")/..
8 |
9 | DIFFROOT="${SCRIPT_ROOT}/pkg"
10 | TMP_DIFFROOT="${SCRIPT_ROOT}/_tmp/pkg"
11 | _tmp="${SCRIPT_ROOT}/_tmp"
12 |
13 | cleanup() {
14 | rm -rf "${_tmp}"
15 | }
16 | trap "cleanup" EXIT SIGINT
17 |
18 | cleanup
19 |
20 | mkdir -p "${TMP_DIFFROOT}"
21 | cp -a "${DIFFROOT}"/* "${TMP_DIFFROOT}"
22 |
23 | "${SCRIPT_ROOT}/hack/update-codegen.sh"
24 | echo "diffing ${DIFFROOT} against freshly generated codegen"
25 | ret=0
26 | diff -Naupr "${DIFFROOT}" "${TMP_DIFFROOT}" || ret=$?
27 | cp -a "${TMP_DIFFROOT}"/* "${DIFFROOT}"
28 | if [[ $ret -eq 0 ]]
29 | then
30 | echo "${DIFFROOT} up to date."
31 | else
32 | echo "${DIFFROOT} is out of date. Please run hack/update-codegen.sh"
33 | exit 1
34 | fi
--------------------------------------------------------------------------------
/pkg/collectors/opa/node_stats_summary.go:
--------------------------------------------------------------------------------
1 | package opa
2 |
3 | import (
4 | "context"
5 | "fmt"
6 | corev1 "k8s.io/api/core/v1"
7 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
8 | "k8s.io/apimachinery/pkg/util/json"
9 | "k8s.io/klog/v2"
10 | statsApi "k8s.io/kubelet/pkg/apis/stats/v1alpha1"
11 | )
12 |
13 | func (rc *ResourceCollector) CollectNodeStatsSummary() ([]statsApi.Summary, error) {
14 | nodes, err := rc.client.CoreV1().Nodes().List(context.Background(), metav1.ListOptions{})
15 | if err != nil {
16 | return nil, err
17 | }
18 |
19 | var nodeStatsSummarys []statsApi.Summary
20 |
21 | for _, node := range nodes.Items {
22 | if !isNodeReady(node) {
23 | continue
24 | }
25 |
26 | result := &statsApi.Summary{}
27 | // Get node stats summary (/api/v1/nodes/{nodeName}/proxy/stats/summary)
28 | resultRaw, err := rc.client.CoreV1().RESTClient().Get().Resource("nodes").Name(node.Name).SubResource("proxy").Suffix("stats/summary").Do(context.Background()).Raw()
29 | if err != nil {
30 | klog.Error(fmt.Sprintf("Failed get node %s stats summary", node.Name), err)
31 | continue
32 | }
33 |
34 | // Unmarshal node stats summary
35 | err = json.Unmarshal(resultRaw, result)
36 | if err != nil {
37 | klog.Error(fmt.Sprintf("Failed to unmarshal node %s stats summary", node.Name), err)
38 | continue
39 | }
40 |
41 | nodeStatsSummarys = append(nodeStatsSummarys, *result)
42 | }
43 |
44 | return nodeStatsSummarys, nil
45 | }
46 |
47 | // isNodeReady checks if a node is ready
48 | func isNodeReady(node corev1.Node) bool {
49 | for _, condition := range node.Status.Conditions {
50 | if condition.Type == corev1.NodeReady {
51 | return condition.Status == corev1.ConditionTrue
52 | }
53 | }
54 | return false
55 | }
56 |
--------------------------------------------------------------------------------
/pkg/collectors/opa/opa.go:
--------------------------------------------------------------------------------
1 | package opa
2 |
3 | import (
4 | "fmt"
5 | "github.com/kubesphere/kubeeye/apis/kubeeye/v1alpha2"
6 | "github.com/kubesphere/kubeeye/pkg/constant"
7 | "k8s.io/klog/v2"
8 | "regexp"
9 | "strings"
10 | )
11 |
12 | type RulesManager struct {
13 | Rules map[string][]*v1alpha2.OpaRule
14 | }
15 |
16 | func NewRulesManager() *RulesManager {
17 | return &RulesManager{
18 | Rules: make(map[string][]*v1alpha2.OpaRule),
19 | }
20 | }
21 |
22 | func (rm *RulesManager) AddRule(rule *v1alpha2.OpaRule) error {
23 | // parse resourceKind and apiVersion from rule
24 | resourceKind, apiVersion, err := parseResourceInfo(rule.Rule)
25 | if err != nil {
26 | return fmt.Errorf("failed to parse resource info from rule %s: %v", rule.Name, err)
27 | }
28 |
29 | key := fmt.Sprintf("%s.%s", resourceKind, apiVersion)
30 |
31 | rm.Rules[key] = append(rm.Rules[key], rule)
32 |
33 | klog.Infof("resourceKind: %s, apiVersion: %s, count: %d, ruleName: %s", resourceKind, apiVersion, len(rm.Rules[key]), rule.Name)
34 |
35 | return nil
36 | }
37 |
38 | // parseResourceInfo parses resourceKind and apiVersion from rego rule
39 | func parseResourceInfo(regoContent string) (kind, apiVersion string, err error) {
40 |
41 | // check if regoContent contains "package inspect.kubeeye.nodeStatsSummary"
42 | if strings.Contains(regoContent, "package inspect.kubeeye.nodeStatsSummary") {
43 | return constant.NodeStatsSummary, "v1", nil
44 | }
45 |
46 | kindPattern := `input\.kind\s*==\s*"([^"]+)"`
47 | apiVersionPattern := `input\.apiVersion\s*==\s*"([^"]+)"`
48 |
49 | kindRegex := regexp.MustCompile(kindPattern)
50 | apiVersionRegex := regexp.MustCompile(apiVersionPattern)
51 |
52 | kindMatches := kindRegex.FindStringSubmatch(regoContent)
53 | apiVersionMatches := apiVersionRegex.FindStringSubmatch(regoContent)
54 |
55 | if len(kindMatches) < 2 || len(apiVersionMatches) < 2 {
56 | return "", "", fmt.Errorf("invalid rego rule format")
57 | }
58 |
59 | return kindMatches[1], apiVersionMatches[1], nil
60 | }
61 |
--------------------------------------------------------------------------------
/pkg/constant/constant.go:
--------------------------------------------------------------------------------
1 | package constant
2 |
3 | import (
4 | "time"
5 | )
6 |
7 | const AuditorServiceAddrConfigMap = "auditor-service-addr"
8 |
9 | const DefaultTimeout = 10 * time.Minute
10 |
11 | const (
12 | DefaultNamespace = "kubeeye-system"
13 | )
14 |
15 | var SystemNamespaces = []string{"kubeeye-system", "kubesphere-system", "kubesphere-logging-system", "kubesphere-monitoring-system", "openpitrix-system", "kube-system", "istio-system", "kubesphere-devops-system", "porter-system"}
16 |
17 | const BaseFilePrefix = "kubeeye-base-file"
18 | const (
19 | Opa = "opa"
20 | FileChange = "filechange"
21 | Prometheus = "promQL"
22 | BaseFile = "basefile"
23 | Data = "data"
24 | Sysctl = "sysctl"
25 | Systemd = "systemd"
26 | FileFilter = "filefilter"
27 | ServiceConnect = "serviceconnect"
28 | Component = "component"
29 | CustomCommand = "customcommand"
30 | NodeInfo = "nodeinfo"
31 | NodesStatus = "nodes status"
32 | AbnormalPods = "abnormal pods"
33 | NodeStatsSummary = "NodeStatsSummary"
34 | )
35 |
36 | const (
37 | Cpu = "cpu"
38 | Memory = "memory"
39 | Filesystem = "filesystem"
40 | LoadAvg = "loadavg"
41 | Inode = "inode"
42 | )
43 |
44 | const (
45 | LabelName = "kubeeye.kubesphere.io/name"
46 | LabelPlanName = "kubeeye.kubesphere.io/plan-name"
47 | LabelRuleType = "kubeeye.kubesphere.io/rule-type"
48 | LabelTaskName = "kubeeye.kubesphere.io/task-name"
49 | LabelNodeName = "kubeeye.kubesphere.io/node-name"
50 | LabelConfigType = "kubeeye.kubesphere.io/config-type"
51 | LabelRuleGroup = "kubeeye.kubesphere.io/rule-group"
52 | LabelInspectRuleGroup = "kubeeye.kubesphere.io/inspect-rule-group"
53 | LabelSystemWorkspace = "kubesphere.io/workspace"
54 | )
55 |
56 | const (
57 | AnnotationStartTime = "kubeeye.kubesphere.io/task-start-time"
58 | AnnotationEndTime = "kubeeye.kubesphere.io/task-end-time"
59 | AnnotationInspectPolicy = "kubeeye.kubesphere.io/task-inspect-policy"
60 | AnnotationJoinPlanNum = "kubeeye.kubesphere.io/join-plan-num"
61 | AnnotationJoinRuleNum = "kubeeye.kubesphere.io/join-rule-num"
62 | AnnotationDescription = "kubeeye.kubesphere.io/description"
63 | AnnotationInspectType = "kubeeye.kubesphere.io/inspect-type"
64 | AnnotationInspectIgnore = "kubeeye.kubesphere.io/inspect-ignore"
65 | )
66 |
67 | const (
68 | ProcPathPrefix = "/hosts/proc"
69 | RootPathPrefix = "/hosts/root"
70 | ResultPathPrefix = "/kubeeye/data"
71 | )
72 |
--------------------------------------------------------------------------------
/pkg/controllers/suite_test.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2022.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package controllers
18 |
19 | import (
20 | "github.com/onsi/ginkgo/reporters"
21 | "path/filepath"
22 | "testing"
23 |
24 | . "github.com/onsi/ginkgo"
25 | . "github.com/onsi/gomega"
26 | "k8s.io/client-go/kubernetes/scheme"
27 | "k8s.io/client-go/rest"
28 | "sigs.k8s.io/controller-runtime/pkg/client"
29 | "sigs.k8s.io/controller-runtime/pkg/envtest"
30 | logf "sigs.k8s.io/controller-runtime/pkg/log"
31 | "sigs.k8s.io/controller-runtime/pkg/log/zap"
32 |
33 | kubeeyev1alpha2 "github.com/kubesphere/kubeeye/apis/kubeeye/v1alpha2"
34 | //+kubebuilder:scaffold:imports
35 | )
36 |
37 | // These tests use Ginkgo (BDD-style Go testing framework). Refer to
38 | // http://onsi.github.io/ginkgo/ to learn more about Ginkgo.
39 |
40 | var cfg *rest.Config
41 | var k8sClient client.Client
42 | var testEnv *envtest.Environment
43 |
44 | func TestAPIs(t *testing.T) {
45 | RegisterFailHandler(Fail)
46 |
47 | RunSpecsWithDefaultAndCustomReporters(t,
48 | "Controller Suite",
49 | []Reporter{&reporters.JUnitReporter{}})
50 | }
51 |
52 | var _ = BeforeSuite(func() {
53 | logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true)))
54 |
55 | By("bootstrapping test environment")
56 | testEnv = &envtest.Environment{
57 | CRDDirectoryPaths: []string{filepath.Join("..", "config", "crd", "bases")},
58 | ErrorIfCRDPathMissing: true,
59 | }
60 |
61 | var err error
62 | // cfg is defined in this file globally.
63 | cfg, err = testEnv.Start()
64 | Expect(err).NotTo(HaveOccurred())
65 | Expect(cfg).NotTo(BeNil())
66 |
67 | err = kubeeyev1alpha2.AddToScheme(scheme.Scheme)
68 | Expect(err).NotTo(HaveOccurred())
69 |
70 | //+kubebuilder:scaffold:scheme
71 |
72 | k8sClient, err = client.New(cfg, client.Options{Scheme: scheme.Scheme})
73 | Expect(err).NotTo(HaveOccurred())
74 | Expect(k8sClient).NotTo(BeNil())
75 |
76 | }, 60)
77 |
78 | var _ = AfterSuite(func() {
79 | By("tearing down the test environment")
80 | err := testEnv.Stop()
81 | Expect(err).NotTo(HaveOccurred())
82 | })
83 |
--------------------------------------------------------------------------------
/pkg/informers/informers.go:
--------------------------------------------------------------------------------
1 | package informers
2 |
3 | import (
4 | kubeeyeClient "github.com/kubesphere/kubeeye/clients/clientset/versioned"
5 | "github.com/kubesphere/kubeeye/clients/informers/externalversions"
6 | "github.com/kubesphere/kubeeye/pkg/constant"
7 | "k8s.io/apimachinery/pkg/runtime/schema"
8 | "k8s.io/client-go/informers"
9 | "k8s.io/client-go/kubernetes"
10 | "k8s.io/klog/v2"
11 | )
12 |
13 | type InformerFactory interface {
14 | KubeEyeInformerFactory() externalversions.SharedInformerFactory
15 | KubernetesInformerFactory() informers.SharedInformerFactory
16 | Start(stopCh <-chan struct{})
17 | ForResources(keEyeGver map[schema.GroupVersion][]string, k8sEyeGver map[schema.GroupVersion][]string)
18 | }
19 |
20 | type informerFactory struct {
21 | kubeEyeInformerFactory externalversions.SharedInformerFactory
22 | kubernetesInformerFactory informers.SharedInformerFactory
23 | }
24 |
25 | func NewInformerFactory(k8sClient kubernetes.Interface, kubeEyeClient kubeeyeClient.Interface) InformerFactory {
26 | info := &informerFactory{}
27 | if k8sClient != nil {
28 | info.kubernetesInformerFactory = informers.NewSharedInformerFactory(k8sClient, constant.DefaultTimeout)
29 | }
30 | if kubeEyeClient != nil {
31 | info.kubeEyeInformerFactory = externalversions.NewSharedInformerFactory(kubeEyeClient, constant.DefaultTimeout)
32 | }
33 | return info
34 | }
35 |
36 | func (i *informerFactory) KubeEyeInformerFactory() externalversions.SharedInformerFactory {
37 | return i.kubeEyeInformerFactory
38 | }
39 |
40 | func (i *informerFactory) KubernetesInformerFactory() informers.SharedInformerFactory {
41 | return i.kubernetesInformerFactory
42 | }
43 |
44 | func (i *informerFactory) Start(stopCh <-chan struct{}) {
45 | if i.kubernetesInformerFactory != nil {
46 | i.kubernetesInformerFactory.Start(stopCh)
47 |
48 | }
49 | if i.kubeEyeInformerFactory != nil {
50 | i.kubeEyeInformerFactory.Start(stopCh)
51 | }
52 | }
53 |
54 | func (i *informerFactory) ForResources(keEyeGver map[schema.GroupVersion][]string, k8sEyeGver map[schema.GroupVersion][]string) {
55 |
56 | if i.kubeEyeInformerFactory != nil && keEyeGver != nil {
57 | for groupVersion, resources := range keEyeGver {
58 | for _, resource := range resources {
59 | _, err := i.kubeEyeInformerFactory.ForResource(groupVersion.WithResource(resource))
60 | if err != nil {
61 | klog.Error(err)
62 | }
63 | }
64 |
65 | }
66 |
67 | }
68 | if i.kubernetesInformerFactory != nil && k8sEyeGver != nil {
69 | for groupVersion, resources := range k8sEyeGver {
70 | for _, resource := range resources {
71 | _, err := i.kubernetesInformerFactory.ForResource(groupVersion.WithResource(resource))
72 | if err != nil {
73 | klog.Error(err)
74 | }
75 | }
76 | }
77 | }
78 |
79 | }
80 |
--------------------------------------------------------------------------------
/pkg/informers/informers_resources.go:
--------------------------------------------------------------------------------
1 | package informers
2 |
3 | import (
4 | "github.com/kubesphere/kubeeye/apis/kubeeye/v1alpha2"
5 | corev1 "k8s.io/api/core/v1"
6 | "k8s.io/apimachinery/pkg/runtime/schema"
7 | )
8 |
9 | func KeEyeGver() map[schema.GroupVersion][]string {
10 | return map[schema.GroupVersion][]string{
11 | v1alpha2.SchemeGroupVersion: {"inspectrules", "inspectplans", "inspecttasks", "inspectresults"},
12 | }
13 | }
14 |
15 | func K8sEyeGver() map[schema.GroupVersion][]string {
16 | return map[schema.GroupVersion][]string{
17 | corev1.SchemeGroupVersion: {"configmaps", "nodes", "pods", "services"},
18 | }
19 | }
20 |
--------------------------------------------------------------------------------
/pkg/inspect/command_inspect.go:
--------------------------------------------------------------------------------
1 | package inspect
2 |
3 | import (
4 | "context"
5 | "encoding/json"
6 | "fmt"
7 | "github.com/kubesphere/event-rule-engine/visitor"
8 | kubeeyev1alpha2 "github.com/kubesphere/kubeeye/apis/kubeeye/v1alpha2"
9 | "github.com/kubesphere/kubeeye/pkg/constant"
10 | "github.com/kubesphere/kubeeye/pkg/kube"
11 | "github.com/kubesphere/kubeeye/pkg/utils"
12 | corev1 "k8s.io/api/core/v1"
13 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
14 | "k8s.io/client-go/informers"
15 | "k8s.io/klog/v2"
16 | "os/exec"
17 | )
18 |
19 | type commandInspect struct {
20 | }
21 |
22 | func init() {
23 | RuleOperatorMap[constant.CustomCommand] = &commandInspect{}
24 | }
25 |
26 | func (c *commandInspect) RunInspect(ctx context.Context, rules []kubeeyev1alpha2.JobRule, clients *kube.KubernetesClient, currentJobName string, informers informers.SharedInformerFactory, ownerRef ...metav1.OwnerReference) ([]byte, error) {
27 |
28 | var commandResult []kubeeyev1alpha2.CommandResultItem
29 |
30 | _, exist, phase := utils.ArrayFinds(rules, func(m kubeeyev1alpha2.JobRule) bool {
31 | return m.JobName == currentJobName
32 | })
33 |
34 | if exist {
35 | var commandRules []kubeeyev1alpha2.CustomCommandRule
36 | err := json.Unmarshal(phase.RunRule, &commandRules)
37 | if err != nil {
38 | klog.Error(err, " Failed to marshal kubeeye result")
39 | return nil, err
40 | }
41 | for _, r := range commandRules {
42 | ctl := kubeeyev1alpha2.CommandResultItem{
43 | BaseResult: kubeeyev1alpha2.BaseResult{Name: r.Name},
44 | Command: r.Command,
45 | }
46 | command := exec.Command("sh", "-c", r.Command)
47 | outputResult, err := command.Output()
48 | if err != nil {
49 | fmt.Println(err)
50 | ctl.Value = fmt.Sprintf("command execute failed, %s", err)
51 | ctl.Level = r.Level
52 | ctl.Assert = true
53 | continue
54 | }
55 |
56 | err, res := visitor.EventRuleEvaluate(map[string]interface{}{"result": string(outputResult)}, r.Rule)
57 | if err != nil {
58 | ctl.Value = fmt.Sprintf("rule evaluate failed err:%s", err)
59 | ctl.Level = r.Level
60 | ctl.Assert = true
61 | } else {
62 | if res {
63 | ctl.Level = r.Level
64 | }
65 | ctl.Assert = res
66 | }
67 |
68 | commandResult = append(commandResult, ctl)
69 | }
70 | }
71 |
72 | marshal, err := json.Marshal(commandResult)
73 | if err != nil {
74 | return nil, err
75 | }
76 | return marshal, nil
77 |
78 | }
79 |
80 | func (c *commandInspect) GetResult(runNodeName string, resultCm *corev1.ConfigMap, resultCr *kubeeyev1alpha2.InspectResult) (*kubeeyev1alpha2.InspectResult, error) {
81 |
82 | var commandResult []kubeeyev1alpha2.CommandResultItem
83 | err := json.Unmarshal(resultCm.BinaryData[constant.Data], &commandResult)
84 | if err != nil {
85 | klog.Error("failed to get result", err)
86 | return nil, err
87 | }
88 |
89 | for i := range commandResult {
90 | commandResult[i].NodeName = runNodeName
91 | }
92 | resultCr.Spec.CommandResult = append(resultCr.Spec.CommandResult, commandResult...)
93 | return resultCr, nil
94 |
95 | }
96 |
--------------------------------------------------------------------------------
/pkg/inspect/component_inspect.go:
--------------------------------------------------------------------------------
1 | package inspect
2 |
3 | import (
4 | "bytes"
5 | "context"
6 | "encoding/json"
7 | kubeeyev1alpha2 "github.com/kubesphere/kubeeye/apis/kubeeye/v1alpha2"
8 | "github.com/kubesphere/kubeeye/pkg/constant"
9 | "github.com/kubesphere/kubeeye/pkg/kube"
10 | "github.com/kubesphere/kubeeye/pkg/utils"
11 | corev1 "k8s.io/api/core/v1"
12 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
13 | "k8s.io/apimachinery/pkg/labels"
14 | "k8s.io/client-go/informers"
15 | "k8s.io/utils/strings/slices"
16 | )
17 |
18 | type componentInspect struct {
19 | }
20 |
21 | func init() {
22 | RuleOperatorMap[constant.Component] = &componentInspect{}
23 | }
24 |
25 | func (c *componentInspect) RunInspect(ctx context.Context, rules []kubeeyev1alpha2.JobRule, clients *kube.KubernetesClient, currentJobName string, informers informers.SharedInformerFactory, ownerRef ...metav1.OwnerReference) ([]byte, error) {
26 | var componentResult []kubeeyev1alpha2.ComponentResultItem
27 | var componentExclude []string
28 | if _, exist, rule := utils.ArrayFinds(rules, func(m kubeeyev1alpha2.JobRule) bool {
29 | return m.JobName == currentJobName
30 | }); exist {
31 | err := json.NewDecoder(bytes.NewReader(rule.RunRule)).Decode(&componentExclude)
32 | if err != nil {
33 | return nil, err
34 | }
35 | }
36 | for _, namespace := range constant.SystemNamespaces {
37 | services, err := clients.ClientSet.CoreV1().Services(namespace).List(ctx, metav1.ListOptions{})
38 | if err == nil {
39 | for _, service := range services.Items {
40 | _, ignore := service.Annotations[constant.AnnotationInspectIgnore]
41 | if !slices.Contains(componentExclude, service.Name) && !ignore {
42 | item := kubeeyev1alpha2.ComponentResultItem{BaseResult: kubeeyev1alpha2.BaseResult{
43 | Name: service.Name,
44 | }}
45 | if len(service.Spec.Selector) > 0 {
46 | pods, err := clients.ClientSet.CoreV1().Pods(namespace).List(ctx, metav1.ListOptions{LabelSelector: labels.FormatLabels(service.Spec.Selector)})
47 | if err == nil {
48 | for _, pod := range pods.Items {
49 | _, podIgnore := pod.Annotations[constant.AnnotationInspectIgnore]
50 | if (pod.Status.Phase != corev1.PodRunning || !isAllContainersReady(&pod)) && !podIgnore {
51 | item.Assert = true
52 | }
53 | }
54 | } else {
55 | item.Assert = true
56 | }
57 | if item.Assert {
58 | item.Level = kubeeyev1alpha2.DangerLevel
59 | }
60 | componentResult = append(componentResult, item)
61 | }
62 | }
63 | }
64 | }
65 | }
66 | marshal, err := json.Marshal(componentResult)
67 | if err != nil {
68 | return nil, err
69 | }
70 |
71 | return marshal, nil
72 | }
73 |
74 | func (c *componentInspect) GetResult(runNodeName string, resultCm *corev1.ConfigMap, resultCr *kubeeyev1alpha2.InspectResult) (*kubeeyev1alpha2.InspectResult, error) {
75 | var componentResult []kubeeyev1alpha2.ComponentResultItem
76 | err := json.Unmarshal(resultCm.BinaryData[constant.Data], &componentResult)
77 | if err != nil {
78 | return nil, err
79 | }
80 |
81 | resultCr.Spec.ComponentResult = componentResult
82 |
83 | return resultCr, nil
84 | }
85 |
86 | func isAllContainersReady(pod *corev1.Pod) bool {
87 | for _, c := range pod.Status.ContainerStatuses {
88 | if c.Ready {
89 | return true
90 | }
91 | }
92 | return false
93 | }
94 |
--------------------------------------------------------------------------------
/pkg/inspect/kubeeyeinspect.go:
--------------------------------------------------------------------------------
1 | package inspect
2 |
3 | import (
4 | "github.com/kubesphere/kubeeye/apis/kubeeye/options"
5 | kubeeyev1alpha2 "github.com/kubesphere/kubeeye/apis/kubeeye/v1alpha2"
6 | "github.com/kubesphere/kubeeye/pkg/kube"
7 | )
8 |
9 | var (
10 | workloads = "data.kubeeye_workloads_rego"
11 | rbac = "data.kubeeye_RBAC_rego"
12 | nodes = "data.kubeeye_nodes_rego"
13 | events = "data.kubeeye_events_rego"
14 | certexp = "data.kubeeye_certexpiration"
15 | )
16 |
17 | var RuleOperatorMap = make(map[string]options.InspectInterface)
18 |
19 | type PercentOutput struct {
20 | TotalAuditCount int
21 | CurrentAuditCount int
22 | AuditPercent int
23 | }
24 | type OutputType string
25 |
26 | func CalculateScore(fmResultss []kubeeyev1alpha2.ResourceResult, k8sResources kube.K8SResource) (scoreInfo kubeeyev1alpha2.ScoreInfo) {
27 | var countDanger int
28 | var countWarning int
29 | var countIgnore int
30 |
31 | for _, fmResult := range fmResultss {
32 | for _, item := range fmResult.ResultItems {
33 | if item.Level == "warning" {
34 | countWarning++
35 | } else if item.Level == "danger" {
36 | countDanger++
37 | } else if item.Level == "ignore" {
38 | countIgnore++
39 | }
40 | }
41 | }
42 |
43 | total := k8sResources.WorkloadsCount*20 + (len(k8sResources.Roles.Items)+len(k8sResources.ClusterRoles.Items))*3 + len(k8sResources.Events.Items) + len(k8sResources.Nodes.Items) + 1
44 | countSuccess := total - countDanger - countWarning - countIgnore
45 | totalWeight := countSuccess*2 + countDanger*2 + countWarning
46 | scoreInfo.Score = countSuccess * 2 * 100 / totalWeight
47 | scoreInfo.Total = total
48 | scoreInfo.Dangerous = countDanger
49 | scoreInfo.Warning = countWarning
50 | scoreInfo.Ignore = countIgnore
51 | scoreInfo.Passing = countSuccess
52 |
53 | return scoreInfo
54 | }
55 |
--------------------------------------------------------------------------------
/pkg/inspect/opa_inspect.go:
--------------------------------------------------------------------------------
1 | package inspect
2 |
3 | import (
4 | "context"
5 | "encoding/json"
6 | kubeeyev1alpha2 "github.com/kubesphere/kubeeye/apis/kubeeye/v1alpha2"
7 | "github.com/kubesphere/kubeeye/pkg/collectors/opa"
8 | "github.com/kubesphere/kubeeye/pkg/constant"
9 | "github.com/kubesphere/kubeeye/pkg/kube"
10 | "github.com/kubesphere/kubeeye/pkg/utils"
11 | corev1 "k8s.io/api/core/v1"
12 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
13 | "k8s.io/client-go/informers"
14 | "k8s.io/klog/v2"
15 | )
16 |
17 | type OpaInspect struct {
18 | }
19 |
20 | func init() {
21 | RuleOperatorMap[constant.Opa] = &OpaInspect{}
22 | }
23 |
24 | func (o *OpaInspect) RunInspect(ctx context.Context, rules []kubeeyev1alpha2.JobRule, clients *kube.KubernetesClient, currentJobName string, informers informers.SharedInformerFactory, ownerRef ...metav1.OwnerReference) ([]byte, error) {
25 |
26 | klog.Info("Fetching Rego Rules")
27 |
28 | _, exist, phase := utils.ArrayFinds(rules, func(m kubeeyev1alpha2.JobRule) bool {
29 | return m.JobName == currentJobName
30 | })
31 |
32 | if exist {
33 | rulesManager := opa.NewRulesManager()
34 |
35 | var opaRules []kubeeyev1alpha2.OpaRule
36 | err := json.Unmarshal(phase.RunRule, &opaRules)
37 | if err != nil {
38 | klog.Errorf("unmarshal opaRule failed,err:%s\n", err)
39 | return nil, err
40 | }
41 |
42 | klog.Info("Adding Rego Rules")
43 |
44 | for i := range opaRules {
45 | err := rulesManager.AddRule(&opaRules[i])
46 | if err != nil {
47 | klog.Errorf("add rule failed,err:%s\n", err)
48 | return nil, err
49 | }
50 | }
51 |
52 | klog.Info("Fetching resources")
53 |
54 | resourcesCollector, err := opa.NewResourceCollector(clients.KubeConfig)
55 | if err != nil {
56 | klog.Errorf("new resourceCollector failed,err:%s\n", err)
57 | return nil, err
58 | }
59 |
60 | resourcesManager := opa.NewResourcesManager()
61 |
62 | for key := range rulesManager.Rules {
63 | err := resourcesManager.AddResource(key, resourcesCollector)
64 | if err != nil {
65 | klog.Errorf("add resource failed,err:%s\n", err)
66 | return nil, err
67 | }
68 | }
69 |
70 | klog.Info("Checking Rego Rules")
71 |
72 | opaChecker := opa.NewOPAChecker(1000, 100)
73 |
74 | result, err := opaChecker.VailOpaRulesResult(rulesManager, resourcesManager)
75 | marshal, err := json.Marshal(result)
76 |
77 | if err != nil {
78 | klog.Error("marshal opaRule failed,err:%s\n", err)
79 | return nil, err
80 | }
81 |
82 | return marshal, nil
83 | }
84 | return nil, nil
85 | }
86 |
87 | func (o *OpaInspect) GetResult(runNodeName string, resultCm *corev1.ConfigMap, resultCr *kubeeyev1alpha2.InspectResult) (*kubeeyev1alpha2.InspectResult, error) {
88 | var opaResult kubeeyev1alpha2.KubeeyeOpaResult
89 | err := json.Unmarshal(resultCm.BinaryData[constant.Data], &opaResult)
90 | if err != nil {
91 | return nil, err
92 | }
93 |
94 | resultCr.Spec.OpaResult = opaResult
95 |
96 | return resultCr, nil
97 | }
98 |
--------------------------------------------------------------------------------
/pkg/kube/resources.go:
--------------------------------------------------------------------------------
1 | // Copyright 2020 KubeSphere Authors
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | package kube
16 |
17 | import (
18 | "time"
19 |
20 | corev1 "k8s.io/api/core/v1"
21 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
22 | "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
23 | )
24 |
25 | type K8SResource struct {
26 | ServerVersion string
27 | CreationTime time.Time
28 | APIServerAddress string
29 | Nodes *unstructured.UnstructuredList
30 | NodesCount int
31 | Namespaces *unstructured.UnstructuredList
32 | NameSpacesCount int
33 | NameSpacesList []string
34 | Deployments *unstructured.UnstructuredList
35 | Pods *unstructured.UnstructuredList
36 | DaemonSets *unstructured.UnstructuredList
37 | StatefulSets *unstructured.UnstructuredList
38 | Jobs *unstructured.UnstructuredList
39 | CronJobs *unstructured.UnstructuredList
40 | WorkloadsCount int
41 | Roles *unstructured.UnstructuredList
42 | ClusterRoles *unstructured.UnstructuredList
43 | Events *unstructured.UnstructuredList
44 | }
45 |
46 | type RegoRulesList struct {
47 | RegoRules []string
48 | }
49 |
50 | type Workload struct {
51 | Kind string
52 | Pod corev1.Pod
53 | PodSpec corev1.PodSpec
54 | ObjectMeta metav1.Object
55 | }
56 |
57 | type ValidateResult struct {
58 | Name string
59 | Namespace string
60 | Type string
61 | Level string
62 | Message string
63 | Reason string
64 | }
65 |
66 | type ResourceProvider struct {
67 | ServerVersion string
68 | CreationTime time.Time
69 | AuditAddress string
70 | Nodes []corev1.Node
71 | Namespaces []corev1.Namespace
72 | Pods *corev1.PodList
73 | ConfigMap []corev1.ConfigMap
74 | ProblemDetector []corev1.Event
75 | Workloads []Workload
76 | }
77 |
78 | type Certificate struct {
79 | Name string `yaml:"name" json:"name,omitempty"`
80 | Expires string `yaml:"expires" json:"expires,omitempty"`
81 | Residual string `yaml:"residual" json:"residual,omitempty"`
82 | }
83 |
--------------------------------------------------------------------------------
/pkg/message/alarm_message.go:
--------------------------------------------------------------------------------
1 | package message
2 |
3 | import (
4 | "bytes"
5 | "github.com/kubesphere/kubeeye/pkg/conf"
6 |
7 | "io"
8 | "k8s.io/klog/v2"
9 | "net/http"
10 | )
11 |
12 | type AlarmMessageHandler struct {
13 | // 可以添加处理器需要的属性
14 | RequestUrl string
15 | }
16 |
17 | func (h *AlarmMessageHandler) HandleMessageEvent(event *conf.MessageEvent) {
18 | // 执行消息发送操作
19 | // 例如,发送消息给目标
20 |
21 | resp, err := http.Post(h.RequestUrl, "application/json", bytes.NewReader(event.Content))
22 | if err != nil {
23 | klog.Error(err)
24 | return
25 | }
26 | defer resp.Body.Close()
27 | all, err := io.ReadAll(resp.Body)
28 | if err != nil {
29 | klog.Error(err)
30 | return
31 | }
32 | klog.Info(string(all))
33 | }
34 |
--------------------------------------------------------------------------------
/pkg/message/message.go:
--------------------------------------------------------------------------------
1 | package message
2 |
3 | import "github.com/kubesphere/kubeeye/pkg/conf"
4 |
5 | type EventDispatcher struct {
6 | handlers conf.EventHandler
7 | }
8 |
9 | func RegisterHandler(handler conf.EventHandler) *EventDispatcher {
10 | return &EventDispatcher{
11 | handlers: handler,
12 | }
13 | }
14 |
15 | func (d *EventDispatcher) DispatchMessageEvent(event *conf.MessageEvent) {
16 | d.handlers.HandleMessageEvent(event)
17 | }
18 |
--------------------------------------------------------------------------------
/pkg/output/output.go:
--------------------------------------------------------------------------------
1 | package output
2 |
3 | import (
4 | "path"
5 | "strings"
6 | )
7 |
8 | func ParseFileName(p string, defaultFileName string) string {
9 | if strings.LastIndex(p, ".html") > 0 {
10 | return p
11 | }
12 | return path.Join(p, defaultFileName)
13 | }
14 |
--------------------------------------------------------------------------------
/pkg/server/api/utils.go:
--------------------------------------------------------------------------------
1 | package api
2 |
3 | import (
4 | "bytes"
5 | "encoding/json"
6 | "github.com/gin-gonic/gin"
7 | "github.com/kubesphere/kubeeye/apis/kubeeye/v1alpha2"
8 | "io"
9 | "k8s.io/apimachinery/pkg/api/errors"
10 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
11 | "net/http"
12 | )
13 |
14 | func GetRequestBody(g *gin.Context, obj any) error {
15 | data, err := g.GetRawData()
16 | if err != nil {
17 | return err
18 | }
19 | err = json.Unmarshal(data, obj)
20 | if err != nil {
21 | return err
22 | }
23 | g.Request.Body = io.NopCloser(bytes.NewBuffer(data))
24 | return nil
25 | }
26 |
27 | func NewErrors(msg string, kind string) errors.StatusError {
28 | return errors.StatusError{ErrStatus: metav1.Status{
29 | Status: "Failure",
30 | Message: msg,
31 | Details: &metav1.StatusDetails{
32 | Group: v1alpha2.SchemeGroupVersion.Group,
33 | Kind: kind,
34 | Causes: nil,
35 | },
36 | Code: http.StatusInternalServerError,
37 | }}
38 | }
39 |
--------------------------------------------------------------------------------
/pkg/server/router/router.go:
--------------------------------------------------------------------------------
1 | package router
2 |
3 | import (
4 | "context"
5 | "github.com/gin-gonic/gin"
6 | "github.com/kubesphere/kubeeye/clients/informers/externalversions/kubeeye"
7 | "github.com/kubesphere/kubeeye/pkg/kube"
8 | "github.com/kubesphere/kubeeye/pkg/server/api"
9 | "github.com/kubesphere/kubeeye/pkg/template"
10 | )
11 |
12 | const groupPath = "/kapis/kubeeye.kubesphere.io/v1alpha2"
13 |
14 | type Router struct {
15 | Engine *gin.Engine
16 | Clients *kube.KubernetesClient
17 | Ctx context.Context
18 | }
19 |
20 | func RegisterRouter(ctx context.Context, r *gin.Engine, clients *kube.KubernetesClient, factory kubeeye.Interface) {
21 | htmlTemplate, err := template.GetInspectResultHtmlTemplate()
22 | if err == nil {
23 | r.SetHTMLTemplate(htmlTemplate)
24 | }
25 | result := api.NewInspectResult(ctx, clients, factory.V1alpha2().InspectResults())
26 | task := api.NewInspectTask(ctx, clients, factory.V1alpha2().InspectTasks())
27 | plan := api.NewInspectPlan(ctx, clients, factory.V1alpha2().InspectPlans())
28 | rule := api.NewInspectRule(ctx, clients, factory.V1alpha2().InspectRules())
29 |
30 | v1alpha1 := r.Group(groupPath)
31 | {
32 |
33 | v1alpha1.GET("/inspectresults", result.ListInspectResult)
34 | v1alpha1.GET("/inspectresults/:name", result.GetInspectResult)
35 | v1alpha1.GET("/inspectresults/:name/download", result.DownloadInspectResult)
36 |
37 | v1alpha1.GET("/inspecttasks", task.ListInspectTask)
38 | v1alpha1.GET("/inspecttasks/:name", task.GetInspectTask)
39 | v1alpha1.DELETE("/inspecttasks/:name", task.DeleteInspectTask)
40 |
41 | v1alpha1.GET("/inspectplans", plan.ListInspectPlan)
42 | v1alpha1.GET("/inspectplans/:name", plan.GetInspectPlan)
43 | v1alpha1.POST("/inspectplans", plan.CreateInspectPlan)
44 | v1alpha1.DELETE("/inspectplans/:name", plan.DeleteInspectPlan)
45 | v1alpha1.PUT("/inspectplans", plan.UpdateInspectPlan)
46 | v1alpha1.PATCH("/inspectplans/:name/status", plan.PatchInspectPlanStatus)
47 | v1alpha1.PATCH("/inspectplans/:name", plan.PatchInspectPlan)
48 |
49 | v1alpha1.GET("/inspectrules", rule.ListInspectRule)
50 | v1alpha1.GET("/inspectrules/:name", rule.GetInspectRule)
51 | v1alpha1.POST("/inspectrules", rule.CreateInspectRule)
52 | v1alpha1.DELETE("/inspectrules", rule.DeleteInspectRule)
53 | v1alpha1.PUT("/inspectrules", rule.UpdateInspectRule)
54 | }
55 |
56 | }
57 |
--------------------------------------------------------------------------------
/pkg/template/config_map_template.go:
--------------------------------------------------------------------------------
1 | package template
2 |
3 | import (
4 | "github.com/kubesphere/kubeeye/pkg/constant"
5 | corev1 "k8s.io/api/core/v1"
6 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
7 | "strings"
8 | )
9 |
10 | func BinaryFileConfigMapTemplate(name string, namespace string, binaryData []byte, onRely bool, reference ...metav1.OwnerReference) *corev1.ConfigMap {
11 | return BinaryConfigMapTemplate(name, namespace, binaryData, onRely, map[string]string{constant.LabelConfigType: constant.BaseFile}, reference...)
12 | }
13 |
14 | func BinaryConfigMapTemplate(name string, namespace string, binaryData []byte, onRely bool, labels map[string]string, reference ...metav1.OwnerReference) *corev1.ConfigMap {
15 | resultConfigMap := &corev1.ConfigMap{
16 | ObjectMeta: metav1.ObjectMeta{
17 | Name: strings.ToLower(name),
18 | Namespace: namespace,
19 | OwnerReferences: reference,
20 | Labels: labels,
21 | },
22 | Immutable: &onRely,
23 | BinaryData: map[string][]byte{constant.Data: binaryData},
24 | }
25 |
26 | return resultConfigMap
27 | }
28 |
--------------------------------------------------------------------------------
/pkg/template/role_template.go:
--------------------------------------------------------------------------------
1 | package template
2 |
3 | import (
4 | v1 "k8s.io/api/core/v1"
5 | rbacv1 "k8s.io/api/rbac/v1"
6 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
7 | "os"
8 | )
9 |
10 | func GetClusterRoleTemplate() *rbacv1.ClusterRole {
11 |
12 | return &rbacv1.ClusterRole{
13 | ObjectMeta: metav1.ObjectMeta{
14 | Name: "kubeeye-inspect-role",
15 | },
16 | Rules: []rbacv1.PolicyRule{{
17 | APIGroups: []string{""},
18 | Resources: []string{"*"},
19 | Verbs: []string{"list", "get", "watch"},
20 | },
21 | {
22 | APIGroups: []string{""},
23 | Resources: []string{"configmaps"},
24 | Verbs: []string{"create"},
25 | },
26 | {
27 | APIGroups: []string{"apps"},
28 | Resources: []string{"deployments", "daemonsets", "statefulsets"},
29 | Verbs: []string{"list", "get", "watch"},
30 | },
31 | {
32 | APIGroups: []string{"batch"},
33 | Resources: []string{"jobs", "cronjobs"},
34 | Verbs: []string{"list", "get", "watch"},
35 | },
36 | {
37 | APIGroups: []string{"rbac.authorization.k8s.io"},
38 | Resources: []string{"roles", "clusterroles", "rolebindings", "clusterrolebindings"},
39 | Verbs: []string{"list", "get", "watch"},
40 | },
41 | },
42 | }
43 | }
44 |
45 | func GetClusterRoleBindingTemplate() *rbacv1.ClusterRoleBinding {
46 | return &rbacv1.ClusterRoleBinding{
47 | ObjectMeta: metav1.ObjectMeta{
48 | Name: "kubeeye-inspect-rolebinding",
49 | },
50 | Subjects: []rbacv1.Subject{
51 | {Kind: "ServiceAccount", Name: "kubeeye-inspect-job", Namespace: os.Getenv("KUBERNETES_POD_NAMESPACE")},
52 | },
53 | RoleRef: rbacv1.RoleRef{
54 | APIGroup: "rbac.authorization.k8s.io",
55 | Kind: "ClusterRole",
56 | Name: "kubeeye-inspect-role",
57 | },
58 | }
59 | }
60 |
61 | func GetServiceAccountTemplate() *v1.ServiceAccount {
62 | return &v1.ServiceAccount{
63 | ObjectMeta: metav1.ObjectMeta{
64 | Name: "kubeeye-inspect-job",
65 | Namespace: os.Getenv("KUBERNETES_POD_NAMESPACE"),
66 | },
67 | }
68 | }
69 |
--------------------------------------------------------------------------------
/pkg/template/template_options.go:
--------------------------------------------------------------------------------
1 | package template
2 |
3 | import (
4 | kubeeyev1alpha2 "github.com/kubesphere/kubeeye/apis/kubeeye/v1alpha2"
5 | "github.com/kubesphere/kubeeye/pkg/conf"
6 | )
7 |
8 | type JobTemplateOptions struct {
9 | JobConfig *conf.JobConfig
10 | JobName string
11 | Task *kubeeyev1alpha2.InspectTask
12 | NodeName string
13 | NodeSelector map[string]string
14 | RuleType string
15 | }
16 |
--------------------------------------------------------------------------------
/sample/rules/kubeeye_filechange_inspect.yaml:
--------------------------------------------------------------------------------
1 | # Description: Inspect file change
2 | ---
3 | apiVersion: kubeeye.kubesphere.io/v1alpha2
4 | kind: InspectRule
5 | metadata:
6 | name: filechange-inspect-rules
7 | spec:
8 | fileChange:
9 | - name: kubelet-config
10 | path: /var/lib/kubelet/config.yaml
11 |
--------------------------------------------------------------------------------
/sample/rules/kubeeye_filterrule_inspect.yaml:
--------------------------------------------------------------------------------
1 | # Description: Filter the file content by the specified rule.
2 | ---
3 | apiVersion: kubeeye.kubesphere.io/v1alpha2
4 | kind: InspectRule
5 | metadata:
6 | name: filter-file-inspect-rules
7 | spec:
8 | fileFilter:
9 | - name: systemLog
10 | path: /var/log/syslog
11 | rule: error
12 |
--------------------------------------------------------------------------------
/sample/rules/kubeeye_nodeInfo_inspect.yaml:
--------------------------------------------------------------------------------
1 | # Description: The rules for inspecting Nodes.
2 | ---
3 | apiVersion: kubeeye.kubesphere.io/v1alpha2
4 | kind: InspectRule
5 | metadata:
6 | name: node-info-inspect-rules
7 | spec:
8 | nodeInfo:
9 | - name: Cpu
10 | rule: cpu > 20
11 | resourcesType: cpu
12 | desc: CPU usage greater than 20%
13 | - name: Memory
14 | rule: memory > 20
15 | resourcesType: memory
16 | desc: memory usage greater than 20%
17 | - name: filesystem
18 | rule: filesystem > 20
19 | resourcesType: filesystem
20 | desc: filesystem usage greater than 20%
21 |
--------------------------------------------------------------------------------
/sample/rules/kubeeye_opa_configmap_inspect.yaml:
--------------------------------------------------------------------------------
1 | # Example: CheckConfigmap
2 | # Description: Check if the subnet is used by multiple namespaces in the HostNic configuration.
3 | ---
4 | apiVersion: kubeeye.kubesphere.io/v1alpha2
5 | kind: InspectRule
6 | metadata:
7 | name: configmap-inspect-rules
8 | spec:
9 | opas:
10 | - name: CheckDuplicateSubnets
11 | rule: |-
12 | package inspect.kubeeye
13 | import rego.v1
14 |
15 | deny contains msg if {
16 | input.kind == "ConfigMap"
17 | input.apiVersion == "v1"
18 |
19 | input.metadata.namespace == "kube-system"
20 | input.metadata.name == "ipam-config"
21 |
22 | input.data.ipam != ""
23 | ipam_config := json.unmarshal(input.data.ipam)
24 |
25 | some ns, subnets in ipam_config
26 | some subnet in subnets
27 |
28 | usage := {
29 | "subnet": subnet,
30 | "namespaces": [ns |
31 | some other_ns, other_subnets in ipam_config
32 | some other_subnet in other_subnets
33 | other_subnet == subnet
34 | ns := other_ns
35 | ],
36 | }
37 |
38 | count(usage.namespaces) > 1
39 |
40 | level := "danger"
41 | msg := {
42 | "Name": sprintf("%v", [input.metadata.name]),
43 | "Namespace": sprintf("%v", [input.metadata.namespace]),
44 | "Type": sprintf("%v", [input.kind]),
45 | "Level": sprintf("%v", [level]),
46 | "Message": sprintf("subnet %v is used multi namespaces %v", [usage.subnet, usage.namespaces]),
47 | "Reason": "HostNic 配置中 subnet 被重复分配"
48 | }
49 | }
50 |
--------------------------------------------------------------------------------
/sample/rules/kubeeye_opa_event_inspect.yaml:
--------------------------------------------------------------------------------
1 | # Description: The rules for inspecting Events.
2 | ---
3 | apiVersion: kubeeye.kubesphere.io/v1alpha2
4 | kind: InspectRule
5 | metadata:
6 | name: event-inspect-rules
7 | spec:
8 | opas:
9 | - name: AbnormalEventsRule
10 | rule: |-
11 | package inspect.kubeeye
12 | import rego.v1
13 |
14 | deny contains msg if {
15 | input.kind == "Event"
16 | input.apiVersion == "v1"
17 |
18 | input.metadata.namespace == "kube-system"
19 |
20 | level := "DANGER"
21 | Message := input.reason
22 | Reason := input.message
23 |
24 | input.type != "Normal"
25 |
26 | msg := {
27 | "Name": sprintf("%v", [input.metadata.name]),
28 | "Namespace": sprintf("%v", [input.metadata.namespace]),
29 | "Type": sprintf("%v", [input.kind]),
30 | "Level": sprintf("%v", [level]),
31 | "Message": sprintf("%v", [input.message]),
32 | "Reason": sprintf("%v", [input.reason])
33 | }
34 | }
35 |
--------------------------------------------------------------------------------
/sample/rules/kubeeye_opa_node_stats_summary_inspect.yaml:
--------------------------------------------------------------------------------
1 | # Example: CheckConfigmap
2 | # Description: Check if the subnet is used by multiple namespaces in the HostNic configuration.
3 | ---
4 | apiVersion: kubeeye.kubesphere.io/v1alpha2
5 | kind: InspectRule
6 | metadata:
7 | name: node-stats-summary-inspect-rules
8 | spec:
9 | opas:
10 | - name: CheckDuplicateSubnets
11 | rule: |-
12 | package inspect.kubeeye.nodeStatsSummary
13 | import rego.v1
14 |
15 | # 定义阈值 (5GB in bytes)
16 | threshold := 5 * 1024 * 1024 * 1024
17 |
18 | deny contains msg if {
19 |
20 | pod := input.pods[_]
21 | storage := pod["ephemeral-storage"]
22 | bytes := storage.usedBytes
23 | bytes > threshold
24 |
25 | gb_used := bytes / (1024 * 1024 * 1024)
26 |
27 | level := "danger"
28 | msg := {
29 | "Name": sprintf("%v", [pod.podRef.name]),
30 | "Namespace": sprintf("%v", [pod.podRef.namespace]),
31 | "Type": "Pod",
32 | "Level": sprintf("%v", [level]),
33 | "Message": sprintf("Pod '%v/%v' ephemeral-storage usage (%.2f GB) exceeds threshold (5 GB)", [pod.podRef.namespace, pod.podRef.name, gb_used]),
34 | "Reason": "Pod ephemeral-storage usage exceeds threshold"
35 | }
36 | }
37 |
--------------------------------------------------------------------------------
/sample/rules/kubeeye_opa_pod_state_inspect.yaml:
--------------------------------------------------------------------------------
1 | # Description: The rules for inspecting Pod State.
2 | ---
3 | apiVersion: kubeeye.kubesphere.io/v1alpha2
4 | kind: InspectRule
5 | metadata:
6 | name: pod-state-inspect-rules
7 | spec:
8 | opas:
9 | - name: PodStateCheck
10 | rule: |-
11 | package inspect.kubeeye
12 | import rego.v1
13 |
14 | deny contains msg if {
15 |
16 | input.kind == "Pod"
17 | input.apiVersion == "v1"
18 |
19 | level := "DANGER"
20 |
21 | not input.metadata.namespace == "kubeeye-system"
22 |
23 | test := input.status.containerStatuses[_]
24 | input.status.phase != "Succeeded"
25 | not test.state.running
26 |
27 | container_status := input.status.containerStatuses[_]
28 | container_name := container_status.name
29 |
30 | status := get_container_status(container_status)
31 |
32 | msg := {
33 | "Name": sprintf("%v", [input.metadata.name]),
34 | "Namespace": sprintf("%v", [input.metadata.namespace]),
35 | "Type": sprintf("%v", [input.kind]),
36 | "Level": sprintf("%v", [level]),
37 | "Message": "PodStateCheck",
38 | "Reason": sprintf("%v %v", [container_name, status])
39 | }
40 | }
41 |
42 | get_container_status(container_status) := status if {
43 | container_status.state.terminated
44 | not container_status.state.terminated.reason == "Completed"
45 | status := container_status.state.terminated.reason
46 | } else := status if {
47 | container_status.state.waiting
48 | status := container_status.state.waiting.reason
49 | }
50 |
--------------------------------------------------------------------------------
/sample/rules/kubeeye_services_connect_inspect.yaml:
--------------------------------------------------------------------------------
1 | # Description: The rules for inspecting Services.
2 | ---
3 | apiVersion: kubeeye.kubesphere.io/v1alpha2
4 | kind: InspectRule
5 | metadata:
6 | name: services-connect-inspect-rules
7 | spec:
8 | serviceConnect:
9 | - workspace: system-workspace
10 | level: warning
11 |
12 |
--------------------------------------------------------------------------------
/sample/rules/kubeeye_systemd_inspect.yaml:
--------------------------------------------------------------------------------
1 | # Description: The rules for inspecting systemd services.
2 | ---
3 | apiVersion: kubeeye.kubesphere.io/v1alpha2
4 | kind: InspectRule
5 | metadata:
6 | name: systemd-inspect-rules
7 | spec:
8 | systemd:
9 | - name: docker
10 | rule: docker == "active"
11 | - name: etcd
12 | rule: etcd == "active"
13 | - name: kubelet
14 | rule: kubelet == "active"
15 |
--------------------------------------------------------------------------------