shell-operator icon indicating copy to clipboard operation
shell-operator copied to clipboard
verified publisher icon flant

Add example of ConfigMap monitoring

Open vasyakrg opened this issue 5 years ago • 4 comments

monitored configMaps too.

{ "configVersion":"v1", "kubernetes":[ { "apiVersion": "events.k8s.io/v1beta1", "kind": "Event", "namespace": { "nameSelector": { "matchNames": ["example-monitor-events"] } }, "fieldSelector": { "matchExpressions": [ { "field": "metadata.namespace", "operator": "Equals", "value": "example-monitor-events" } ] } } ] }

monitored only activity of pods

vasyakrg avatar Mar 03 '20 06:03 vasyakrg

There was a similar question: https://github.com/flant/shell-operator/issues/22 Event is a special resource and it is not needed to monitor Added/Modified/Deleted events.

The example of a config:

configVersion: v1
kubernetes:
- name: ConfigMapMonitor
  apiVersion: v1
  kind: ConfigMap
  watchEvent:
  - Added
  - Deleted
  - Modified
  jqFilter: ".data"

P.S. I think it is a good idea for a new example!

diafour avatar Mar 03 '20 08:03 diafour

Hi @diafour

Thanks for marking this as good first issue . I would love to work on this and file a PR. let me know what exactly you want me to do ? A bit more description will be helpful .

kp3642 avatar Jul 28 '20 17:07 kp3642

This issue is to create a new example.

There are examples to monitor Pods, Namespaces, Secrets: https://github.com/flant/shell-operator/tree/master/examples/101-monitor-pods https://github.com/flant/shell-operator/tree/master/examples/102-monitor-namespaces https://github.com/flant/shell-operator/tree/master/examples/104-secret-copier And there is no example to monitor ConfigMap. It will be great to create 107-monitor-configmap example.

I have several scenarios in mind:

  1. Simply copy 101-monitor-pods to 107-monitor-configmap and change configuration.

  2. Also, an advanced example can be added: use ConfigMap modifications to configure additional annotations for Nodes.

diafour avatar Jul 29 '20 20:07 diafour

Config maps can be monitored the same way as in pods example:

oper.yml

---
apiVersion: v1
kind: Namespace
metadata:
  name: oper
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: oper
  namespace: oper
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: oper
  namespace: oper
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["get", "watch", "list"]
- apiGroups: [""]
  resources: ["configmaps"]
  verbs: ["get", "watch", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: oper
  namespace: oper
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: oper
subjects:
- kind: ServiceAccount
  name: oper
  namespace: oper
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: oper
  namespace: oper
data:
  entrypoint.sh: |
    #!/usr/bin/env bash

    # https://docs.microsoft.com/en-us/powershell/scripting/install/installing-powershell-core-on-linux?view=powershell-7.1#installation-via-direct-download---alpine-39-and-310
    apk add --no-cache ca-certificates less ncurses-terminfo-base krb5-libs libgcc libintl libssl1.1 libstdc++ tzdata userspace-rcu zlib icu-libs curl
    apk -X https://dl-cdn.alpinelinux.org/alpine/edge/main add --no-cache lttng-ust
    curl -s -L https://github.com/PowerShell/PowerShell/releases/download/v7.1.3/powershell-7.1.3-linux-alpine-x64.tar.gz -o /tmp/powershell.tar.gz
    mkdir -p /opt/microsoft/powershell/7
    tar zxf /tmp/powershell.tar.gz -C /opt/microsoft/powershell/7
    chmod +x /opt/microsoft/powershell/7/pwsh
    ln -s /opt/microsoft/powershell/7/pwsh /usr/bin/pwsh

    # https://github.com/flant/shell-operator/blob/master/Dockerfile#L40
    exec /sbin/tini -- /shell-operator start
  oper.ps1: |
    #!/usr/bin/env pwsh

    if ($args[0] -eq '--config') {
      Write-Host '
      configVersion: v1
      kubernetes:
      - apiVersion: v1
        kind: Pod
        executeHookOnEvent: ["Added"]
      - apiVersion: v1
        kind: ConfigMap
        executeHookOnEvent: ["Added", "Deleted", "Modified"]
      '
    } else {
      $items = Get-Content $env:BINDING_CONTEXT_PATH | ConvertFrom-Json
      foreach($item in $items) {
        $event = $item.watchEvent
        $kind = $item.object.kind
        $name = $item.object.metadata.name
        Write-Host "$kind $name $event"
      }
    }
---
apiVersion: v1
kind: Pod
metadata:
  name: oper
  namespace: oper
spec:
  serviceAccountName: oper
  volumes:
  - name: oper
    configMap:
      name: oper
      defaultMode: 0755
  containers:
  - name: oper
    image: flant/shell-operator:latest
    command: 
      - /entrypoint.sh
    imagePullPolicy: IfNotPresent
    volumeMounts:
    - name: oper
      subPath: oper.ps1
      mountPath: /hooks/oper.ps1
    - name: oper
      subPath: entrypoint.sh
      mountPath: /entrypoint.sh

Now you can run it:

kubectl apply -f oper.yml

And watch what will happen:

kubectl -n oper logs oper | grep '^{' | grep stdout | jq -r ".msg"

ConfigMap ingress-controller-leader-nginx Modified
ConfigMap hello Added
ConfigMap ingress-controller-leader-nginx Modified
ConfigMap ingress-controller-leader-nginx Modified
Pod demo-1625304780-pp66g Added
ConfigMap ingress-controller-leader-nginx Modified
ConfigMap ingress-controller-leader-nginx Modified
ConfigMap hello Deleted

To cleanup, just delete namespace, e.g. kubectl delete ns oper

marchenko1985 avatar Jul 03 '21 09:07 marchenko1985