Initial revision

Signed-off-by: Markus Blaschke <[email protected]>

Author: mblaschke

.dockerignore

@@ -0,0 +1,3 @@
+/test
+/vendor
+/kube-pool-manager

.editorconfig

@@ -0,0 +1,28 @@
+# EditorConfig is awesome: http://EditorConfig.org
+
+# top-most EditorConfig file
+root = true
+charset = utf-8
+trim_trailing_whitespace = true
+
+[*]
+end_of_line = lf
+insert_final_newline = true
+indent_style = space
+indent_size = 4
+
+[Makefile]
+indent_style = tab
+
+[*.yml]
+indent_size = 2
+
+[*.yaml]
+indent_size = 2
+
+[*.conf]
+indent_size = 2
+
+[*.go]
+indent_style = tab
+indent_size = 4

.gitignore

@@ -0,0 +1,3 @@
+/vendor
+/kube-pool-manager
+*.exe

Dockerfile

@@ -0,0 +1,23 @@
+FROM golang:1.14 as build
+
+WORKDIR /go/src/github.com/webdevops/kube-pool-manager
+
+# Get deps (cached)
+COPY ./go.mod /go/src/github.com/webdevops/kube-pool-manager
+COPY ./go.sum /go/src/github.com/webdevops/kube-pool-manager
+RUN go mod download
+
+# Compile
+COPY ./ /go/src/github.com/webdevops/kube-pool-manager
+RUN make lint
+RUN make build
+RUN ./kube-pool-manager --help
+
+#############################################
+# FINAL IMAGE
+#############################################
+FROM gcr.io/distroless/base
+ENV LOG_JSON=1
+COPY --from=build /go/src/github.com/webdevops/kube-pool-manager/kube-pool-manager /
+USER 1000
+ENTRYPOINT ["/kube-pool-manager"]

LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2018 WebDevOps
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

Makefile

@@ -0,0 +1,39 @@
+.PHONY: all build clean image check vendor dependencies
+
+NAME				:= kube-pool-manager
+GIT_TAG				:= $(shell git describe --dirty --tags --always)
+GIT_COMMIT			:= $(shell git rev-parse --short HEAD)
+LDFLAGS             := -X "main.gitTag=$(GIT_TAG)" -X "main.gitCommit=$(GIT_COMMIT)" -extldflags "-static"
+
+PKGS				:= $(shell go list ./... | grep -v -E '/vendor/|/test')
+FIRST_GOPATH		:= $(firstword $(subst :, ,$(shell go env GOPATH)))
+GOLANGCI_LINT_BIN	:= $(FIRST_GOPATH)/bin/golangci-lint
+
+
+all: build
+
+clean:
+	git clean -Xfd .
+
+build:
+	CGO_ENABLED=0 go build -a -ldflags '$(LDFLAGS)' -o $(NAME) .
+
+vendor:
+	go mod tidy
+	go mod vendor
+	go mod verify
+
+image: build
+	docker build -t $(NAME):$(TAG) .
+
+.PHONY: lint
+lint: $(GOLANGCI_LINT_BIN)
+	# megacheck fails to respect build flags, causing compilation failure during linting.
+	# instead, use the unused, gosimple, and staticcheck linters directly
+	$(GOLANGCI_LINT_BIN) run -D megacheck -E unused,gosimple,staticcheck --timeout=10m
+
+dependencies: $(GOLANGCI_LINT_BIN)
+
+$(GOLANGCI_LINT_BIN):
+	curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $(FIRST_GOPATH)/bin v1.23.8
+

README.md

@@ -0,0 +1,51 @@
+Kube pool manager
+=================
+
+[![license](https://img.shields.io/github/license/webdevops/kube-pool-manager.svg)](https://github.com/webdevops/kube-pool-manager/blob/master/LICENSE)
+[![Docker](https://img.shields.io/docker/cloud/automated/webdevops/kube-pool-manager)](https://hub.docker.com/r/webdevops/kube-pool-manager/)
+[![Docker Build Status](https://img.shields.io/docker/cloud/build/webdevops/kube-pool-manager)](https://hub.docker.com/r/webdevops/kube-pool-manager/)
+
+Manager for Kubernetes pool, automatic applies configuration (annotations, labels, configSource, role) to kubernetes nodes based on any node spec.
+
+Supports JSON path, value and regexp matching.
+
+Sets following settings on nodes if matched:
+- node role
+- node labels
+- node annotations
+- node [configSource](https://kubernetes.io/docs/tasks/administer-cluster/reconfigure-kubelet/) 
+
+Configuration
+-------------
+
+```
+Usage:
+  kube-pool-manager [OPTIONS]
+
+Application Options:
+      --debug     debug mode [$DEBUG]
+  -v, --verbose   verbose mode [$VERBOSE]
+      --log.json  Switch log output to json format [$LOG_JSON]
+      --dry-run   Dry run (do not apply to nodes) [$DRY_RUN]
+      --config=   Config path [$CONFIG]
+      --bind=     Server address (default: :8080) [$SERVER_BIND]
+
+Help Options:
+  -h, --help      Show this help message
+```
+
+see [example.yaml](/example.yaml) for configuration file
+
+Metrics
+-------
+
+ (see `:8080/metrics`)
+
+| Metric                         | Description                                     |
+|:-------------------------------|:------------------------------------------------|
+| `poolmanager_node_applied`     | Status if node config was applied               |
+
+Kubernetes deployment
+---------------------
+
+see [deployment](/deployment)

config/config.go

@@ -0,0 +1,142 @@
+package config
+
+import (
+	"fmt"
+	log "github.com/sirupsen/logrus"
+	"github.com/webdevops/kube-pool-manager/k8s"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/client-go/util/jsonpath"
+	"regexp"
+	"strings"
+)
+
+type (
+	Config struct {
+		Pools []PoolConfig `yaml:"pools"`
+	}
+
+	PoolConfig struct {
+		Name     string               `yaml:"pool"`
+		Selector []PoolConfigSelector `yaml:"selector"`
+		Node     PoolConfigNode       `yaml:"node"`
+	}
+
+	PoolConfigSelector struct {
+		Path   string  `yaml:"path"`
+		Match  *string `yaml:"match"`
+		Regexp *string `yaml:"regexp"`
+		regexp *regexp.Regexp
+	}
+
+	PoolConfigNode struct {
+		Role         *string                     `yaml:"role"`
+		ConfigSource *PoolConfigNodeConfigSource `yaml:"configSource"`
+		Labels       *map[string]string          `yaml:"labels"`
+		Annotations  *map[string]string          `yaml:"annotations"`
+	}
+
+	PoolConfigNodeConfigSource struct {
+		ConfigMap struct {
+			Name             string `yaml:"name" json:"name"`
+			Namespace        string `yaml:"namespace" json:"namespace"`
+			KubeletConfigKey string `yaml:"kubeletConfigKey" json:"kubeletConfigKey"`
+		} `yaml:"configMap" json:"configMap"`
+	}
+)
+
+func (p *PoolConfig) IsMatchingNode(node *corev1.Node) (bool, error) {
+	for num, selector := range p.Selector {
+		// auto compile regexp
+		if selector.Regexp != nil {
+			p.Selector[num].regexp = regexp.MustCompile(*selector.Regexp)
+			selector.regexp = p.Selector[num].regexp
+		}
+
+		jpath := jsonpath.New(p.Name)
+		jpath.AllowMissingKeys(true)
+		if err := jpath.Parse(selector.Path); err != nil {
+			return false, err
+		}
+
+		values, err := jpath.FindResults(node)
+		if err != nil {
+			return false, err
+		}
+
+		if len(values) == 1 && len(values[0]) == 1 {
+			val := values[0][0].String()
+			selectorMatches := false
+
+			// compare value
+			if selector.Match != nil {
+				if strings.Compare(val, *selector.Match) == 0 {
+					selectorMatches = true
+				} else {
+					log.Tracef("Node \"%s\": path \"%s\" with value \"%s\" is not matching value \"%s\"", node.Name, selector.Path, val, *selector.Match)
+				}
+			}
+
+			// regexp
+			if selector.regexp != nil {
+				if selector.regexp.MatchString(val) {
+					selectorMatches = true
+				} else {
+					log.Tracef("Node \"%s\": path \"%s\" with value \"%s\" is not matching regexp \"%s\"", node.Name, selector.Path, val, *selector.Regexp)
+				}
+			}
+
+			if !selectorMatches {
+				return false, nil
+			}
+		} else {
+			// not found -> not matching
+			log.Tracef("Node \"%s\": path \"%s\" not found", node.Name, selector.Path)
+			return false, nil
+		}
+	}
+
+	return true, nil
+}
+
+func (p *PoolConfig) CreateJsonPatchSet() (patches []k8s.JsonPatch) {
+	patches = []k8s.JsonPatch{}
+
+	if p.Node.Role != nil {
+		name := "kubernetes.io/role"
+		patches = append(patches, k8s.JsonPatchString{
+			Op:    "replace",
+			Path:  fmt.Sprintf("/metadata/labels/%s", k8s.PatchPathEsacpe(name)),
+			Value: *p.Node.Role,
+		})
+	}
+
+	if p.Node.ConfigSource != nil {
+		patches = append(patches, k8s.JsonPatchObject{
+			Op:    "replace",
+			Path:  "/spec/configSource",
+			Value: *p.Node.ConfigSource,
+		})
+	}
+
+	if p.Node.Labels != nil {
+		for name, value := range *p.Node.Labels {
+			patches = append(patches, k8s.JsonPatchString{
+				Op:    "replace",
+				Path:  fmt.Sprintf("/metadata/labels/%s", k8s.PatchPathEsacpe(name)),
+				Value: value,
+			})
+		}
+	}
+
+	if p.Node.Annotations != nil {
+		for name, value := range *p.Node.Annotations {
+			patches = append(patches, k8s.JsonPatchString{
+				Op:    "replace",
+				Path:  fmt.Sprintf("/metadata/annotations/%s", k8s.PatchPathEsacpe(name)),
+				Value: value,
+			})
+		}
+	}
+
+	return patches
+}

config/config_test.go

@@ -0,0 +1,74 @@
+package config
+
+import (
+	corev1 "k8s.io/api/core/v1"
+	"testing"
+)
+
+func stringPtr(val string) *string {
+	return &val
+}
+
+func buildNode() *corev1.Node {
+	node := corev1.Node{}
+	node.Spec.ProviderID = "azure:///subscriptions/d86bcf13-ddf7-45ea-82f1-6f656767a318/resourceGroups/mc_k8s_mblaschke_westeurope/providers/Microsoft.Compute/virtualMachineScaleSets/aks-agents-35471996-vmss/virtualMachines/30"
+	node.ObjectMeta.Annotations = map[string]string{
+		"node.kubernetes.io/foobar": "barfoo",
+	}
+	node.ObjectMeta.Labels = map[string]string{
+		"node.kubernetes.io/role": "worker",
+	}
+
+	return &node
+}
+
+func Test_NodeMatcher(t *testing.T) {
+	node := buildNode()
+
+	pool := PoolConfig{
+		Name: "testing",
+		Selector: []PoolConfigSelector{
+			{
+				Path:  "{.spec.providerID}",
+				Match: stringPtr("azure:///subscriptions/d86bcf13-ddf7-45ea-82f1-6f656767a318/resourceGroups/mc_k8s_mblaschke_westeurope/providers/Microsoft.Compute/virtualMachineScaleSets/aks-agents-35471996-vmss/virtualMachines/30"),
+			},
+		},
+	}
+	matching, err := pool.IsMatchingNode(node)
+	if err != nil {
+		t.Errorf("Unexpected error: %v", err)
+	}
+	if !matching {
+		t.Error("Expected not matching, but matching node")
+	}
+
+	pool.Selector[0].Match = stringPtr("azure:///subscriptions/d86bcf13-ddf7-45ea-82f1-6f656767a318/resourceGroups/mc_k8s_mblaschke_westeurope/providers/Microsoft.Compute/virtualMachineScaleSets/aks-agents-35471996-vmss/virtualMachines/31")
+	matching, err = pool.IsMatchingNode(node)
+	if err != nil {
+		t.Errorf("Unexpected error: %v", err)
+	}
+	if matching {
+		t.Error("Expected matching, but not matching node")
+	}
+}
+
+func Test_NodeRegexp(t *testing.T) {
+	node := buildNode()
+
+	pool := PoolConfig{
+		Name: "testing",
+		Selector: []PoolConfigSelector{
+			{
+				Path:   "{.spec.providerID}",
+				Regexp: stringPtr("^.+/resourceGroups/mc_k8s_mblaschke_westeurope/.+$"),
+			},
+		},
+	}
+	matching, err := pool.IsMatchingNode(node)
+	if err != nil {
+		t.Errorf("Unexpected error: %v", err)
+	}
+	if !matching {
+		t.Error("Expected not matching, but matching node")
+	}
+}