From 17f6f7ca7c9813df4c89a7f750ada90acdec9fcd Mon Sep 17 00:00:00 2001 From: tianzuoguo Date: Thu, 30 Nov 2023 11:02:04 +0800 Subject: [PATCH] feat: add Prometheus basic auth and bearer token authentication for annotator --- cmd/controller/app/options/options.go | 6 +++++- go.mod | 2 ++ pkg/controller/annotator/config/types.go | 13 +++++++++++++ pkg/controller/prometheus/prometheus.go | 13 +++++++++++-- 4 files changed, 31 insertions(+), 3 deletions(-) diff --git a/cmd/controller/app/options/options.go b/cmd/controller/app/options/options.go index 02e125a..9c6ed1e 100644 --- a/cmd/controller/app/options/options.go +++ b/cmd/controller/app/options/options.go @@ -65,6 +65,10 @@ func (o *Options) Flags(flag *pflag.FlagSet) error { flag.StringVar(&o.PolicyConfigPath, "policy-config-path", o.PolicyConfigPath, "Path to annotator policy config") flag.StringVar(&o.PrometheusAddr, "prometheus-address", o.PrometheusAddr, "The address of prometheus, from which we can pull metrics data.") + flag.StringVar(&o.PrometheusUser, "prometheus-user", o.PrometheusUser, "The username of prometheus.") + flag.StringVar(&o.PrometheusPassword, "prometheus-password", o.PrometheusPassword, "The password of prometheus.") + flag.StringVar(&o.PrometheusBearer, "prometheus-bearer", "Bearer", "The custom bearer auth header of prometheus.") + flag.StringVar(&o.PrometheusBearerToken, "prometheus-bearer-token", o.PrometheusBearerToken, "The bearer auth token of prometheus.") flag.Int32Var(&o.BindingHeapSize, "binding-heap-size", o.BindingHeapSize, "Max size of binding heap size, used to store hot value data.") flag.Int32Var(&o.ConcurrentSyncs, "concurrent-syncs", o.ConcurrentSyncs, "The number of annotator controller workers that are allowed to sync concurrently.") flag.StringVar(&o.kubeconfig, "kubeconfig", o.kubeconfig, "Path to kubeconfig file with authorization information") @@ -123,7 +127,7 @@ func (o *Options) Config() (*controllerappconfig.Config, error) { c.LeaderElectionClient = clientset.NewForConfigOrDie(rest.AddUserAgent(kubeconfig, "leader-election")) - c.PromClient, err = prometheus.NewPromClient(o.PrometheusAddr) + c.PromClient, err = prometheus.NewPromClient(&o.PrometheusConfig) if err != nil { return nil, err } diff --git a/go.mod b/go.mod index f9e2d8b..4f7a28f 100644 --- a/go.mod +++ b/go.mod @@ -81,6 +81,7 @@ require ( github.com/imdario/mergo v0.3.12 // indirect github.com/inconshreveable/mousetrap v1.0.0 // indirect github.com/josharian/intern v1.0.0 // indirect + github.com/jpillora/backoff v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/mailru/easyjson v0.7.6 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect @@ -88,6 +89,7 @@ require ( github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect + github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f // indirect github.com/onsi/gomega v1.18.1 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/runc v1.0.2 // indirect diff --git a/pkg/controller/annotator/config/types.go b/pkg/controller/annotator/config/types.go index dfa8e6c..d0cad65 100644 --- a/pkg/controller/annotator/config/types.go +++ b/pkg/controller/annotator/config/types.go @@ -2,6 +2,7 @@ package config // AnnotatorConfiguration holds configuration for a node annotator. type AnnotatorConfiguration struct { + PrometheusConfig // BindingHeapSize limits the size of Binding Heap, which stores the lastest // pod scheduled imformation. BindingHeapSize int32 @@ -9,6 +10,18 @@ type AnnotatorConfiguration struct { ConcurrentSyncs int32 // PolicyConfigPath specified the path of Scheduler Policy File. PolicyConfigPath string +} + +// PrometheusConfig holds configuration for a prometheus client. +type PrometheusConfig struct { // PrometheusAddr is the address of Prometheus Service. PrometheusAddr string + // PrometheusUser is the basic auth username of Prometheus Service. + PrometheusUser string + // PrometheusPassword is the basic auth password of Prometheus Service. + PrometheusPassword string + // PrometheusBearer is the custom bearer auth header of Prometheus Service. + PrometheusBearer string + // PrometheusBearerToken is the bearer auth token of Prometheus Service. + PrometheusBearerToken string } diff --git a/pkg/controller/prometheus/prometheus.go b/pkg/controller/prometheus/prometheus.go index 09421f2..537036e 100644 --- a/pkg/controller/prometheus/prometheus.go +++ b/pkg/controller/prometheus/prometheus.go @@ -7,8 +7,10 @@ import ( "strconv" "time" + annotatorconfig "github.com/gocrane/crane-scheduler/pkg/controller/annotator/config" "github.com/prometheus/client_golang/api" v1 "github.com/prometheus/client_golang/api/prometheus/v1" + pconfig "github.com/prometheus/common/config" "github.com/prometheus/common/model" "k8s.io/klog/v2" ) @@ -32,9 +34,16 @@ type promClient struct { } // NewPromClient returns PromClient interface. -func NewPromClient(addr string) (PromClient, error) { +func NewPromClient(promconfig *annotatorconfig.PrometheusConfig) (PromClient, error) { config := api.Config{ - Address: addr, + Address: promconfig.PrometheusAddr, + } + if promconfig.PrometheusUser != "" && promconfig.PrometheusPassword != "" { + config.RoundTripper = pconfig.NewBasicAuthRoundTripper(promconfig.PrometheusUser, + pconfig.Secret(promconfig.PrometheusPassword), "", api.DefaultRoundTripper) + } else if promconfig.PrometheusBearerToken != "" { + config.RoundTripper = pconfig.NewAuthorizationCredentialsRoundTripper(promconfig.PrometheusBearer, + pconfig.Secret(promconfig.PrometheusBearerToken), api.DefaultRoundTripper) } client, err := api.NewClient(config)