Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: write catalog landing page from a customer pov #132

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 11 additions & 12 deletions mission-control/docs/config-db/overview.md
Original file line number Diff line number Diff line change
@@ -1,12 +1,18 @@
# Overview

![config db](../images/config-db.svg)
**Catalog** enhances configuration management by providing a clear view and search function for tracking changes across various dimensions such as nodes, zones, environments, applications, and technologies. This utility is enabled by a JSON-based database that regularly collects configuration data from multiple sources. The data is organized into a searchable JSON tree, facilitating efficient comparison and analysis across different environments.

A configuration summary is shown below:

`Config DB` is a JSON-based configuration management database. It enables you to scrape configuration from several sources on an ongoing basis and navigate that configuration in an easy-to-navigate and search JSON tree.
![](../images/config-db.png)

By doing this, `Config DB` enables you to view and search the change history of your configuration across multiple dimensions _(node, zone, environment, application, technology, etc...)_ as well as compare and view the differences between configurations across environments.
Each configuration has:

- **Configuration** - Normally JSON, but XML and properties files are also available
- **Insights** - Security, cost, performance, and other recommendations from scanners including AWS Trusted Advisor, AWS Config rules, etc.
- **Changes** - Either change directly on the config _(recorded as diff change type)_ or changes identified via AWS Cloudtrail, etc.

It is able to scan multiple configuration sources including
You can scan multiple configuration sources including:

- [AWS Cloud Resources](./scrapers/aws.md)
- [Azure Devops](./scrapers/azure-devops.md) - Azure Devops Pipeline runs
Expand All @@ -16,14 +22,7 @@ It is able to scan multiple configuration sources including
- [SQL](./scrapers/sql.md) - Data available via queries on MySQL, SQL Server, and Postgres databases
- [Trivy](./scrapers/trivy.md) - Security scanning of Kubernetes clusters

Each configuration has:

- **Configuration** - Normally JSON, but XML and properties files are also available
- **Insights** - Security, cost, performance, and other recommendations from scanners including AWS Trusted Advisor, AWS Config rules, etc...
- **Changes** - Either change directly on the config _(recorded as diff change type)_ or changes identified via AWS Cloudtrail, etc...

![config db](../images/config-db.svg)


A configuration summary is shown below:

![](../images/config-db.png)
93 changes: 93 additions & 0 deletions mission-control/docs/config-db/scrapers/kubernetes.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,75 @@

The `kubernetes` config type scrapes the configurations of your Kubernetes resources as specified with the fields; `namespace`, `selector`, `fieldSelector` and more.

Create a ScrapeConfig Custom Resource with the following manifest

```yaml
apiVersion: configs.flanksource.com/v1
kind: ScrapeConfig
metadata:
name: kubernetes-scraper
spec:
kubernetes:
- clusterName: local-kind-cluster
exclusions:
- Secret
- ReplicaSet
- APIService
- PodMetrics
- NodeMetrics
- endpoints.discovery.k8s.io
- endpointslices.discovery.k8s.io
- leases.coordination.k8s.io
- podmetrics.metrics.k8s.io
- nodemetrics.metrics.k8s.io
- customresourcedefinition
- controllerrevision
- certificaterequest
- orders.acme.cert-manager.io
relationships:
- kind:
expr: "has(spec.claimRef) ? spec.claimRef.kind : ''"
name:
expr: "has(spec.claimRef) ? spec.claimRef.name : ''"
namespace:
expr: "has(spec.claimRef) ? spec.claimRef.namespace : ''"
- kind:
value: Kustomization
name:
label: kustomize.toolkit.fluxcd.io/name
namespace:
label: kustomize.toolkit.fluxcd.io/namespace
- kind:
value: HelmRelease
name:
label: helm.toolkit.fluxcd.io/name
namespace:
label: helm.toolkit.fluxcd.io/namespace
event:
exclusions:
- SuccessfulCreate
- Created
- DNSConfigForming
severityKeywords:
error:
- failed
- error
warn:
- backoff
- nodeoutofmemory
```

Or from the UI add the spec:

```yaml
kubernetes:
- clusterName: local-kind-cluster
exclusions:
- Secret
- ReplicaSet
- APIService
- PodMetrics
- NodeMetrics
- endpoints.discovery.k8s.io
- endpointslices.discovery.k8s.io
- leases.coordination.k8s.io
Expand All @@ -30,6 +92,25 @@ kubernetes:
warn:
- backoff
- nodeoutofmemory
relationships:
- kind:
expr: "has(spec.claimRef) ? spec.claimRef.kind : ''"
name:
expr: "has(spec.claimRef) ? spec.claimRef.name : ''"
namespace:
expr: "has(spec.claimRef) ? spec.claimRef.namespace : ''"
- kind:
value: Kustomization
name:
label: kustomize.toolkit.fluxcd.io/name
namespace:
label: kustomize.toolkit.fluxcd.io/namespace
- kind:
value: HelmRelease
name:
label: helm.toolkit.fluxcd.io/name
namespace:
label: helm.toolkit.fluxcd.io/namespace
```

### Kubernetes
Expand Down Expand Up @@ -57,6 +138,18 @@ kubernetes:
| `exclusions` | Specify Kubernetes resources to be excluded from scraping | `[]string` | |
| **`kubeconfig`** | Specify kubeconfig for access to your Kubernetes Cluster | [`kommons.EnvVar`](https://pkg.go.dev/github.com/flanksource/kommons#EnvVar) | yes |
| `event` | Specify configuration to handle Kubernetes events. See [**KubernetesEvent**](#kubernetesevent) | [`KubernetesEvent`](#kubernetesevent) | yes |
| `relationships` | Helps the user to understand relationships amongst components, configurations and health checks. | [`Relationships`](#Relationships) | |


### Relationships

Checks if a kubernetes source has the labels specified in `name` and `namespace` fields. Then based on the labels it looks up the matching resource config specified in `kind` and adds a relationship to it.

| Field | Description | Scheme | Required |
| ------------------ | ------------------------------------------------------------------------------------------ | --------------------------------------- | -------- |
| `name` | The label with the name of the relative | `string` | Yes |
| `namespace` | The label with the namespace of the relative | `string` | Yes |
| `kind` | The resource type of the relative | `string` | Yes |
Comment on lines +148 to +152
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Relationships table appears incomplete. The example YAML shows both expr and value fields being used, but these aren't documented in the table. Also, the table marks all fields as required (Yes), while the main table shows relationships as optional. These inconsistencies should be resolved to match the actual implementation.

Spotted by Graphite Reviewer

Is this helpful? React 👍 or 👎 to let us know.


### KubernetesEvent

Expand Down