Skip to content

Commit

Permalink
Merge pull request #45 from projectsyn/fix/monitoring
Browse files Browse the repository at this point in the history
Add synmonitoring label to namespace
  • Loading branch information
laserb authored Aug 13, 2021
2 parents 822e5bc + 78d6971 commit 2091bca
Show file tree
Hide file tree
Showing 3 changed files with 70 additions and 1 deletion.
4 changes: 4 additions & 0 deletions class/keycloak.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,10 @@ parameters:
- keycloak/component/main.jsonnet
input_type: jsonnet
output_path: ${_instance}
- input_paths:
- keycloak/component/prometheus-netpol.jsonnet
input_type: jsonnet
output_path: ${_instance}
- output_path: ${_instance}/01_keycloak_helmchart
input_type: helm
output_type: yaml
Expand Down
8 changes: 7 additions & 1 deletion component/main.jsonnet
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,13 @@ local inv = kap.inventory();
// The hiera parameters for the component
local params = inv.parameters.keycloak;

local namespace = kube.Namespace(params.namespace);
local namespace = kube.Namespace(params.namespace) {
metadata+: {
labels+: {
SYNMonitoring: 'main',
},
},
};

local admin_secret = kube.Secret(params.admin.secretname) {
metadata+: {
Expand Down
59 changes: 59 additions & 0 deletions component/prometheus-netpol.jsonnet
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
local kap = import 'lib/kapitan.libjsonnet';
local kube = import 'lib/kube.libjsonnet';
local inv = kap.inventory();
local params = inv.parameters.keycloak;

local prometheus_namespace =
if std.objectHas(inv.parameters, 'rancher_monitoring') then
inv.parameters.rancher_monitoring.namespace
else
'syn-synsights';
local prometheus_name = 'prometheus';

local keycloak_namespace = params.namespace;
local keycloak_name = params.release_name;

local name = prometheus_name + '-' + prometheus_namespace + '-to-' + keycloak_name;

local netpol =
kube.NetworkPolicy(name) {
metadata+: {
namespace: keycloak_namespace,
},
spec+: {
ingress: [
{
from: [
{
namespaceSelector: {
matchLabels: {
name: prometheus_namespace,
},
},
podSelector: {
matchLabels: {
app: prometheus_name,
},
},
},
],
ports: [
{
port: 9990,
protocol: 'TCP',
},
],
},
],
podSelector: {
matchLabels: {
'app.kubernetes.io/instance': keycloak_name,
'app.kubernetes.io/name': keycloak_name,
},
},
},
};

{
'40_netpol': netpol,
}

0 comments on commit 2091bca

Please sign in to comment.