-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
21 changed files
with
665 additions
and
39 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| # Event Worker |
3 changes: 2 additions & 1 deletion
3
apps/job-dispatcher/eslint.config.js → apps/event-worker/eslint.config.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,9 +1,10 @@ | ||
| import baseConfig from "@ctrlplane/eslint-config/base"; | ||
| import baseConfig, { requireJsSuffix } from "@ctrlplane/eslint-config/base"; | ||
|
|
||
| /** @type {import('typescript-eslint').Config} */ | ||
| export default [ | ||
| { | ||
| ignores: [".nitro/**", ".output/**"], | ||
| }, | ||
| requireJsSuffix, | ||
| ...baseConfig, | ||
| ]; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| import { logger } from "@ctrlplane/logger"; | ||
|
|
||
| import { redis } from "./redis"; | ||
| import { createTargetScanWorker } from "./target-scan"; | ||
|
|
||
| const targetScanWorker = createTargetScanWorker(); | ||
|
|
||
| const shutdown = () => { | ||
| logger.warn("Exiting..."); | ||
|
|
||
| targetScanWorker.close(); | ||
| redis.quit(); | ||
|
|
||
| process.exit(0); | ||
| }; | ||
|
|
||
| process.on("SIGTERM", shutdown); | ||
| process.on("SIGINT", shutdown); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| import IORedis from "ioredis"; | ||
|
|
||
| import { env } from "./config"; | ||
|
|
||
| export const redis = new IORedis(env.REDIS_URL, { | ||
| maxRetriesPerRequest: null, | ||
| }); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,107 @@ | ||
| import { CoreV1Api } from "@kubernetes/client-node"; | ||
| import { Job } from "bullmq"; | ||
| import _ from "lodash"; | ||
|
|
||
| import { TargetProviderGoogle, Workspace } from "@ctrlplane/db/schema"; | ||
| import { logger } from "@ctrlplane/logger"; | ||
|
|
||
| import { | ||
| clusterToTarget, | ||
| connectToCluster, | ||
| getClusters, | ||
| getGoogleClusterClient, | ||
| } from "./google.js"; | ||
| import { UpsertTarget } from "./upsert.js"; | ||
|
|
||
| const log = logger.child({ label: "target-scan/gke" }); | ||
|
|
||
| export const getGkeTargets = async ( | ||
| workspace: Workspace, | ||
| config: TargetProviderGoogle, | ||
| ) => { | ||
| const { googleServiceAccountEmail } = workspace; | ||
| log.info( | ||
| `Scaning ${config.projectIds.join(", ")} using ${googleServiceAccountEmail}`, | ||
| { workspaceId: workspace.id, config, googleServiceAccountEmail }, | ||
| ); | ||
| const googleClusterClient = await getGoogleClusterClient( | ||
| googleServiceAccountEmail, | ||
| ); | ||
|
|
||
| const clusters = ( | ||
| await Promise.allSettled( | ||
| config.projectIds.map(async (project) => { | ||
| const clusters = await getClusters(googleClusterClient, project); | ||
| return { project, clusters }; | ||
| }), | ||
| ) | ||
| ) | ||
| .filter((result) => result.status === "fulfilled") | ||
| .map((v) => v.value); | ||
|
|
||
| const kubernetesApiTargets: UpsertTarget[] = clusters.flatMap( | ||
| ({ project, clusters }) => | ||
| clusters.map((cluster) => | ||
| clusterToTarget( | ||
| workspace.id, | ||
| config.targetProviderId, | ||
| project, | ||
| cluster, | ||
| ), | ||
| ), | ||
| ); | ||
| const kubernetesNamespaceTargets = ( | ||
| await Promise.all( | ||
| clusters.flatMap(({ project, clusters }, idx) => { | ||
| return clusters.flatMap(async (cluster) => { | ||
| if (cluster.name == null || cluster.location == null) return []; | ||
|
|
||
| const kubeConfig = await connectToCluster( | ||
| googleClusterClient, | ||
| project, | ||
| cluster.name, | ||
| cluster.location, | ||
| ); | ||
|
|
||
| const k8sApi = kubeConfig.makeApiClient(CoreV1Api); | ||
|
|
||
| try { | ||
| const response = await k8sApi.listNamespace(); | ||
| const namespaces = response.body.items; | ||
| return namespaces | ||
| .filter((n) => n.metadata != null) | ||
| .map((n) => | ||
| _.merge( | ||
| clusterToTarget( | ||
| workspace.id, | ||
| config.targetProviderId, | ||
| project, | ||
| cluster, | ||
| ), | ||
| { | ||
| name: `${cluster.name ?? cluster.id ?? ""}/${n.metadata!.name}`, | ||
| kind: "KubernetesNamespace", | ||
| identifier: `${project}/${cluster.name}/${n.metadata!.name}`, | ||
| config: { | ||
| namespace: n.metadata!.name, | ||
| }, | ||
| labels: { | ||
| ...n.metadata?.labels, | ||
| "kubernetes/namespace": n.metadata!.name, | ||
| }, | ||
| }, | ||
| ), | ||
| ); | ||
| } catch { | ||
| console.log( | ||
| `Unable to connect to cluster: ${cluster.name}/${cluster.id}`, | ||
| ); | ||
| return []; | ||
| } | ||
| }); | ||
| }), | ||
| ) | ||
| ).flat(); | ||
|
|
||
| return [...kubernetesApiTargets, ...kubernetesNamespaceTargets]; | ||
| }; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,134 @@ | ||
| import type { ClusterManagerClient } from "@google-cloud/container"; | ||
| import Container from "@google-cloud/container"; | ||
| import { google } from "@google-cloud/container/build/protos/protos.js"; | ||
| import { KubeConfig } from "@kubernetes/client-node"; | ||
| import { GoogleAuth } from "google-auth-library"; | ||
| import { SemVer } from "semver"; | ||
|
|
||
| import { omitNullUndefined } from "../utils.js"; | ||
|
|
||
| const sourceCredentials = new GoogleAuth({ | ||
| scopes: ["https://www.googleapis.com/auth/cloud-platform"], | ||
| }); | ||
|
|
||
| export const getGoogleClusterClient = async ( | ||
| targetPrincipal?: string | null, | ||
| ) => { | ||
| return new Container.v1.ClusterManagerClient({ | ||
| clientOptions: | ||
| targetPrincipal != null | ||
| ? { | ||
| sourceClient: await sourceCredentials.getClient(), | ||
| targetPrincipal, | ||
| lifetime: 3600, // Token lifetime in seconds | ||
| delegates: [], | ||
| targetScopes: ["https://www.googleapis.com/auth/cloud-platform"], | ||
| } | ||
| : {}, | ||
| }); | ||
| }; | ||
|
|
||
| export const getClusters = async ( | ||
| clusterClient: ClusterManagerClient, | ||
| projectId: string, | ||
| ) => { | ||
| const request = { parent: `projects/${projectId}/locations/-` }; | ||
| const [response] = await clusterClient.listClusters(request); | ||
| const { clusters } = response; | ||
| return clusters ?? []; | ||
| }; | ||
|
|
||
| export const connectToCluster = async ( | ||
| clusterClient: ClusterManagerClient, | ||
| project: string, | ||
| clusterName: string, | ||
| clusterLocation: string, | ||
| ) => { | ||
| const [credentials] = await clusterClient.getCluster({ | ||
| name: `projects/${project}/locations/${clusterLocation}/clusters/${clusterName}`, | ||
| }); | ||
| const kubeConfig = new KubeConfig(); | ||
| kubeConfig.loadFromOptions({ | ||
| clusters: [ | ||
| { | ||
| name: clusterName, | ||
| server: `https://${credentials.endpoint}`, | ||
| caData: credentials.masterAuth!.clusterCaCertificate!, | ||
| }, | ||
| ], | ||
| users: [ | ||
| { | ||
| name: clusterName, | ||
| token: (await sourceCredentials.getAccessToken())!, | ||
| }, | ||
| ], | ||
| contexts: [ | ||
| { | ||
| name: clusterName, | ||
| user: clusterName, | ||
| cluster: clusterName, | ||
| }, | ||
| ], | ||
| currentContext: clusterName, | ||
| }); | ||
| return kubeConfig; | ||
| }; | ||
|
|
||
| export const clusterToTarget = ( | ||
| workspaceId: string, | ||
| providerId: string, | ||
| project: string, | ||
| cluster: google.container.v1.ICluster, | ||
| ) => { | ||
| const masterVersion = new SemVer(cluster.currentMasterVersion ?? "0"); | ||
| const nodeVersion = new SemVer(cluster.currentNodeVersion ?? "0"); | ||
| const autoscaling = String( | ||
| cluster.autoscaling?.enableNodeAutoprovisioning ?? false, | ||
| ); | ||
|
|
||
| const appUrl = `https://console.cloud.google.com/kubernetes/clusters/details/${cluster.location}/${cluster.name}/details?project=${project}`; | ||
| return { | ||
| workspaceId, | ||
| name: cluster.name ?? cluster.id ?? "", | ||
| providerId, | ||
| identifier: `${project}/${cluster.name}`, | ||
| version: "kubernetes/v1", | ||
| kind: "KubernetesAPI", | ||
| config: { | ||
| name: cluster.name, | ||
| status: cluster.status, | ||
| cluster: { | ||
| certificateAuthorityData: cluster.masterAuth?.clusterCaCertificate, | ||
| endpoint: `https://${cluster.endpoint}`, | ||
| }, | ||
| }, | ||
| labels: omitNullUndefined({ | ||
| "ctrlplane/url": appUrl, | ||
|
|
||
| "google/self-link": cluster.selfLink, | ||
| "google/project": project, | ||
| "google/location": cluster.location, | ||
| "google/autopilot": cluster.autopilot?.enabled, | ||
|
|
||
| "kubernetes/cluster-name": cluster.name, | ||
| "kubernetes/cluster-id": cluster.id, | ||
| "kubernetes/distribution": "gke", | ||
| "kubernetes/status": cluster.status, | ||
| "kubernetes/node-count": String(cluster.currentNodeCount ?? "unknown"), | ||
|
|
||
| "kubernetes/master-version": masterVersion.version, | ||
| "kubernetes/master-version-major": String(masterVersion.major), | ||
| "kubernetes/master-version-minor": String(masterVersion.minor), | ||
| "kubernetes/master-version-patch": String(masterVersion.patch), | ||
|
|
||
| "kubernetes/node-version": nodeVersion.version, | ||
| "kubernetes/node-version-major": String(nodeVersion.major), | ||
| "kubernetes/node-version-minor": String(nodeVersion.minor), | ||
| "kubernetes/node-version-patch": String(nodeVersion.patch), | ||
|
|
||
| "kubernetes/autoscaling-enabled": autoscaling, | ||
|
|
||
| ...(cluster.resourceLabels ?? {}), | ||
| }), | ||
| }; | ||
| }; |
Oops, something went wrong.