Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Discover Kubernetes workload application versions #205

Open
treezio opened this issue Jan 30, 2023 · 4 comments
Open

feat: Discover Kubernetes workload application versions #205

treezio opened this issue Jan 30, 2023 · 4 comments
Labels
enhancement New feature or request

Comments

@treezio
Copy link

treezio commented Jan 30, 2023
edited
Loading

First of all, thanks for Argus as it is a great tool that can help us to keep the applications running in our cluster up-to-date!

Although it is really helpful, sometimes it is a bit tricky to obtain the application version running as not all the applications expose that information in an endpoint or it is difficult to parse using just regex (maybe there are other ways that I'm missing).

As Kubernetes is becoming a de-facto solution to deploy the different workloads in a production environment, I'd like to suggest to include some kind of integration with the Kubernetes API, as it could be helpful to avoid relying on the application endpoints, and also easily customizable without the necessity of changing anything on the application code.

Scenario

Argus application running as a single replica deployment/statefulset with the necessary permissions to request for deployments or any other workload resources to the kubernetes API

Requirements

There are some permissions needed. The necessary resources are the following:

  • ServiceAccount: Entity associated to the argus deployment/statefulset that would grant the necessary permissions to the argus workload.
  • ClusterRole: Set of permissions to bind to the ServiceAccount in order to grant the access to the necessary apiGroups and resources (Ex: apps/deployments)
  • Rolebinding: Association between the serviceaccount and the clusterrole

All this resources could be easily generated using a helm chart (we are currently deploying argus using a basic helm chart)

PoC

Having all this set-up ready, it is necessary to tweak a little bit the requests by providing:

  • token: located in /run/secrets/kubernetes.io/serviceaccount/token
  • kubernetes ca crt : located in /run/secrets/kubernetes.io/serviceaccount/ca.crt

So it could be easily tested connecting to a pod sh session and requesting the argus-release deployment information:

export TOKEN=$(cat /run/secrets/kubernetes.io/serviceaccount/token)
curl -s https://kubernetes.default.svc/apis/apps/v1/namespaces/test/deployments/argus-release --header "Auth
orization: Bearer $TOKEN" --cacert /run/secrets/kubernetes.io/serviceaccount/ca.crt

This request output contains all the information related to argus deployment in JSON format.

using the jq tool we could parse the image and tag version:

curl -s https://kubernetes.default.svc/apis/apps/v1/namespaces/test/deployments/argus-release --header "Auth
orization: Bearer $TOKEN" --cacert /run/secrets/kubernetes.io/serviceaccount/ca.crt | jq '.spec.template.spec.co
ntainers[] | select(.name == "argus") | .image'

releaseargus/argus:0.11.1

The version could be easily parsed using some regex.

In case the image tag value does not match the actual version of the application (sometimes git sha is used), labels metadata field could be used to customize the deployment setting the application version using the helm chart or any other tool. Ex "version":"0.11.1"

this could be extracted from the response using the following keys .metadata.labels.version which could be even easier.

So, having all this facts I guess it is possible to implement the feature somehow.

Implementation

Tweak the request to accept TOKEN and CaCert File when Kubernetes API is requested ?. Maybe having optional deployed_version.token and deployed_version.ca_crt configuration variables

Configuration

deployed_version:
  url: https://kubernetes.default.svc/apis/apps/v1/namespaces/test/deployments/argus-release
  token: /run/secrets/kubernetes.io/serviceaccount/token
  ca_crt: /run/secrets/kubernetes.io/serviceaccount/ca.crt

What I think that could be really tricky is parsing the response as each deployment could have one or more containers so there is an array in the containers[] key. I don't know is the kind of logic I used with Jq could be implemented in argus:
(jq .spec.template.spec.containers[] | select(.name == "argus") | .image)
Which means:
Select the dict with the value argus in the key name for the .spec.template.spec.containers[] array and then extract the value for image key.

I would love to code this myself but I'm afraid I'm lacking the skill to code on Golang so maybe all this helps to implement a solution.

Thanks !
@treezio treezio added the enhancement New feature or request label Jan 30, 2023
@JosephKav
Copy link
Collaborator

JosephKav commented Jan 31, 2023
edited
Loading

Thanks for all the detail you've provided here, it'll certainly help! I like the suggestion and shall work on implementing this soon. Kubernetes seems to be used in most places nowadays.

I'm close to finishing off editing/adding services in the UI, so once I've got that working and released, I'll start on this :)

@treezio
Copy link
Author

treezio commented Jan 31, 2023

Cool! Thanks for taking care of this!
Let me know if you need any further help or information 😄

@w00dst0ck
Copy link

Hi @JosephKav
is there any progress on this issue?

@JosephKav
Copy link
Collaborator

Hi @JosephKav is there any progress on this issue?

Sorry, but I haven't done any work on this as of yet

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@w00dst0ck @JosephKav @treezio