-
Notifications
You must be signed in to change notification settings - Fork 178
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
169 changed files
with
125,700 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,250 @@ | ||
| package cluster | ||
|
|
||
| // Copyright (c) Microsoft Corporation. | ||
| // Licensed under the Apache License 2.0. | ||
|
|
||
| import ( | ||
| "context" | ||
| "fmt" | ||
| "log" | ||
| "net/url" | ||
| "strconv" | ||
| "strings" | ||
|
|
||
| "github.com/Azure/azure-sdk-for-go/sdk/azidentity" | ||
| "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6" | ||
| "github.com/Azure/go-autorest/autorest/azure" | ||
| "github.com/sirupsen/logrus" | ||
| metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" | ||
|
|
||
| apisubnet "github.com/Azure/ARO-RP/pkg/api/util/subnet" | ||
| arov1alpha1 "github.com/Azure/ARO-RP/pkg/operator/apis/aro.openshift.io/v1alpha1" | ||
| ) | ||
|
|
||
| const ( | ||
| cwp = "clusterWideProxy.status" | ||
| cwpErrorMessage = "NoProxy entries are incorrect" | ||
| ) | ||
|
|
||
| var mandatory_no_proxies = "localhost,127.0.0.1,.svc,.cluster.local.,168.63.129.16,169.254.169.254" | ||
|
|
||
| func contains(slice []string, item string) bool { | ||
| if strings.Contains(fmt.Sprint(slice), item) { | ||
| return true | ||
| } else { | ||
| return false | ||
| } | ||
| } | ||
|
|
||
| func (mon *Monitor) emitCWPStatus(ctx context.Context) error { | ||
| mon.hourlyRun = true | ||
| proxyConfig, err := mon.configcli.ConfigV1().Proxies().Get(ctx, "cluster", metav1.GetOptions{}) | ||
| if err != nil { | ||
| log.Fatalf("Error in getting the cluster wide proxy: %v", err) | ||
| } | ||
| if proxyConfig.Spec.HTTPProxy == "" && proxyConfig.Spec.HTTPSProxy == "" && proxyConfig.Spec.NoProxy == "" { | ||
| mon.emitGauge(cwp, 1, map[string]string{ | ||
| "status": strconv.FormatBool(false), | ||
| "Message": "CWP not enabled", | ||
| }) | ||
| } else { | ||
| no_proxy_list := strings.Split(proxyConfig.Spec.NoProxy, ",") | ||
| for _, mandatory_no_proxy := range strings.Split(mandatory_no_proxies, ",") { | ||
| if !contains(no_proxy_list, mandatory_no_proxy) { | ||
| mon.emitGauge(cwp, 1, map[string]string{ | ||
| "status": "True", | ||
| "Message": "CWP enabled but missing " + mandatory_no_proxy + " in the no_proxy list", | ||
| }) | ||
| if mon.hourlyRun { | ||
| mon.log.WithFields(logrus.Fields{ | ||
| "metric": cwp, | ||
| "status": strconv.FormatBool(true), | ||
| "message": "CWP enabled but missing " + mandatory_no_proxy + " in the no_proxy list", | ||
| }).Print() | ||
| } | ||
| } | ||
| } | ||
| cred, err := azidentity.NewDefaultAzureCredential(nil) | ||
| if err != nil { | ||
| log.Fatalf("failed to obtain a credential: %v", err) | ||
| } | ||
| mastersubnetID, err := azure.ParseResourceID(mon.oc.Properties.MasterProfile.SubnetID) | ||
| if err != nil { | ||
| return err | ||
| } | ||
| clientFactory, err := armnetwork.NewClientFactory(mastersubnetID.SubscriptionID, cred, nil) | ||
| if err != nil { | ||
| log.Fatalf("failed to create client: %v", err) | ||
| } | ||
| masterVnetID, _, err := apisubnet.Split(mon.oc.Properties.MasterProfile.SubnetID) | ||
| if err != nil { | ||
| return err | ||
| } | ||
| mastervnetId, err := azure.ParseResourceID(masterVnetID) | ||
| if err != nil { | ||
| return err | ||
| } | ||
| res, err := clientFactory.NewSubnetsClient().Get(ctx, mastersubnetID.ResourceGroup, mastervnetId.ResourceName, mastersubnetID.ResourceName, &armnetwork.SubnetsClientGetOptions{Expand: nil}) | ||
| if err != nil { | ||
| log.Fatalf("failed to finish the request: %v", err) | ||
| } | ||
| mastermachineCIDR := *res.Properties.AddressPrefix | ||
| if !contains(no_proxy_list, mastermachineCIDR) { | ||
| mon.emitGauge(cwp, 1, map[string]string{ | ||
| "status": strconv.FormatBool(true), | ||
| "Message": "CWP enabled but missing master machineCIDR " + mastermachineCIDR + " in the no_proxy list", | ||
| }) | ||
| if mon.hourlyRun { | ||
| mon.log.WithFields(logrus.Fields{ | ||
| "metric": cwp, | ||
| "status": true, | ||
| "message": "CWP enabled but missing master machineCIDR " + mastermachineCIDR + " in the no_proxy list", | ||
| }).Print() | ||
| } | ||
| } | ||
| for _, workerProfile := range mon.oc.Properties.WorkerProfiles { | ||
| workersubnetID, err := azure.ParseResourceID(workerProfile.SubnetID) | ||
| if err != nil { | ||
| return err | ||
| } | ||
| workerVnetID, _, err := apisubnet.Split(workerProfile.SubnetID) | ||
| if err != nil { | ||
| return err | ||
| } | ||
| workervnetId, err := azure.ParseResourceID(workerVnetID) | ||
| if err != nil { | ||
| return err | ||
| } | ||
| workerres, err := clientFactory.NewSubnetsClient().Get(ctx, workersubnetID.ResourceGroup, workervnetId.ResourceName, workersubnetID.ResourceName, &armnetwork.SubnetsClientGetOptions{Expand: nil}) | ||
| if err != nil { | ||
| log.Fatalf("failed to finish the request: %v", err) | ||
| } | ||
| workermachinesCIDR := *workerres.Properties.AddressPrefix | ||
| if !contains(no_proxy_list, mastermachineCIDR) { | ||
| mon.emitGauge(cwp, 1, map[string]string{ | ||
| "status": strconv.FormatBool(true), | ||
| "Message": "CWP enabled but missing Worker machine CIDR " + workermachinesCIDR + " in the no_proxy list", | ||
| }) | ||
| if mon.hourlyRun { | ||
| mon.log.WithFields(logrus.Fields{ | ||
| "metric": cwp, | ||
| "status": true, | ||
| "message": "CWP enabled but missing Worker machine CIDR " + workermachinesCIDR + " in the no_proxy list", | ||
| }).Print() | ||
| } | ||
| } | ||
| } | ||
| networkConfig, err := mon.configcli.ConfigV1().Networks().Get(ctx, "cluster", metav1.GetOptions{}) | ||
| if err != nil { | ||
| log.Fatalf("Error in getting network info: %v", err) | ||
| } | ||
| for _, network := range networkConfig.Spec.ClusterNetwork { | ||
| if !contains(no_proxy_list, network.CIDR) { | ||
| mon.emitGauge(cwp, 1, map[string]string{ | ||
| "status": strconv.FormatBool(true), | ||
| "Message": "CWP enabled but missing PodCIDR " + network.CIDR + " in the no_proxy list", | ||
| }) | ||
| if mon.hourlyRun { | ||
| mon.log.WithFields(logrus.Fields{ | ||
| "metric": cwp, | ||
| "status": true, | ||
| "message": "CWP enabled but missing PodCIDR " + network.CIDR + " in the no_proxy list", | ||
| }).Print() | ||
| } | ||
| } | ||
| } | ||
| for _, network := range networkConfig.Spec.ServiceNetwork { | ||
| if !contains(no_proxy_list, network) { | ||
| mon.emitGauge(cwp, 1, map[string]string{ | ||
| "status": strconv.FormatBool(true), | ||
| "Message": "CWP enabled but missing ServiceCIDR " + network + " in the no_proxy list", | ||
| }) | ||
| if mon.hourlyRun { | ||
| mon.log.WithFields(logrus.Fields{ | ||
| "metric": cwp, | ||
| "status": true, | ||
| "message": "CWP enabled but Service CIDR " + network + " is missing or incorrect", | ||
| }).Print() | ||
| } | ||
| } | ||
| } | ||
| cluster, err := mon.arocli.AroV1alpha1().Clusters().Get(ctx, arov1alpha1.SingletonClusterName, metav1.GetOptions{}) | ||
| if err != nil { | ||
| return err | ||
| } | ||
| for _, gatewayDomain := range cluster.Spec.GatewayDomains { | ||
| if !contains(no_proxy_list, gatewayDomain) { | ||
| mon.emitGauge(cwp, 1, map[string]string{ | ||
| "status": strconv.FormatBool(true), | ||
| "Message": "CWP enabled but missing Gateway domain " + gatewayDomain + " in the no_proxy list", | ||
| }) | ||
| if mon.hourlyRun { | ||
| mon.log.WithFields(logrus.Fields{ | ||
| "metric": cwp, | ||
| "status": true, | ||
| "message": "CWP enabled but Gateway domain " + gatewayDomain + "is missing or incorrect", | ||
| }).Print() | ||
| } | ||
| } | ||
| } | ||
| infraConfig, err := mon.configcli.ConfigV1().Infrastructures().Get(ctx, "cluster", metav1.GetOptions{}) | ||
| if err != nil { | ||
| log.Fatalf("Error in getting network info: %v", err) | ||
| } | ||
| apiServerIntURL, err := url.Parse(infraConfig.Status.APIServerInternalURL) | ||
| if err != nil { | ||
| return err | ||
| } | ||
| apiServerIntdomain := strings.Split(apiServerIntURL.Host, ":")[0] | ||
| if !contains(no_proxy_list, apiServerIntdomain) { | ||
| mon.emitGauge(cwp, 1, map[string]string{ | ||
| "status": strconv.FormatBool(true), | ||
| "Message": "CWP enabled but missing APIServerInternal URL " + apiServerIntdomain + " in the no_proxy list", | ||
| }) | ||
| if mon.hourlyRun { | ||
| mon.log.WithFields(logrus.Fields{ | ||
| "metric": cwp, | ||
| "status": true, | ||
| "message": "CWP enabled but APIServerInternal URL " + apiServerIntdomain + " is missing or incorrect", | ||
| }).Print() | ||
| } | ||
| } | ||
| apiServerProfileURL, err := url.Parse(mon.oc.Properties.APIServerProfile.URL) | ||
| if err != nil { | ||
| return err | ||
| } | ||
| apiServerProfiledomain := strings.Split(apiServerProfileURL.Host, ":")[0] | ||
| if !contains(no_proxy_list, apiServerProfiledomain) { | ||
| mon.emitGauge(cwp, 1, map[string]string{ | ||
| "status": strconv.FormatBool(true), | ||
| "Message": "CWP enabled but missing APiServerProfile URL " + apiServerProfiledomain + " in the no_proxy list", | ||
| }) | ||
| if mon.hourlyRun { | ||
| mon.log.WithFields(logrus.Fields{ | ||
| "metric": cwp, | ||
| "status": true, | ||
| "message": "CWP enabled but APiServerProfile URL " + apiServerProfiledomain + " is missing or incorrect", | ||
| }).Print() | ||
| } | ||
| } | ||
| consolProfileURL, err := url.Parse(mon.oc.Properties.ConsoleProfile.URL) | ||
| if err != nil { | ||
| return err | ||
| } | ||
| consoleProfiledomain := strings.Split(consolProfileURL.Host, ":")[0] | ||
| if !contains(no_proxy_list, consoleProfiledomain) { | ||
| mon.emitGauge(cwp, 1, map[string]string{ | ||
| "status": strconv.FormatBool(true), | ||
| "Message": "CWP enabled but missing Console Profile URL " + consoleProfiledomain + " in the no_proxy list", | ||
| }) | ||
| if mon.hourlyRun { | ||
| mon.log.WithFields(logrus.Fields{ | ||
| "metric": cwp, | ||
| "status": true, | ||
| "message": "CWP enabled but Console Profile URL " + consoleProfiledomain + " is missing or incorrect", | ||
| }).Print() | ||
| } | ||
| } | ||
| } | ||
| return nil | ||
| } |
Oops, something went wrong.