From 4c91d7e896efd26d93ea6feb24b7cb986ff8fad7 Mon Sep 17 00:00:00 2001 From: Gerrit Date: Mon, 29 Mar 2021 11:06:48 +0200 Subject: [PATCH] Latest accounting api (#165) --- .../templates/accounting-exporter.yaml | 2 ++ charts/internal/control-plane/values.yaml | 3 ++- .../templates/rbac-accounting-controller.yaml | 1 + pkg/controller/controlplane/valuesprovider.go | 20 +++++++++++-------- 4 files changed, 17 insertions(+), 9 deletions(-) diff --git a/charts/internal/control-plane/templates/accounting-exporter.yaml b/charts/internal/control-plane/templates/accounting-exporter.yaml index 7e063da62..cb6bdef17 100644 --- a/charts/internal/control-plane/templates/accounting-exporter.yaml +++ b/charts/internal/control-plane/templates/accounting-exporter.yaml @@ -79,6 +79,8 @@ spec: value: {{ .Values.accountingExporter.enrichments.tenant }} - name: KUBE_COUNTER_PROJECT_ID value: {{ .Values.accountingExporter.enrichments.projectID }} + - name: KUBE_COUNTER_PROJECT_NAME + value: {{ .Values.accountingExporter.enrichments.projectName }} - name: KUBE_COUNTER_CLUSTER_ID value: {{ .Values.accountingExporter.enrichments.clusterID }} - name: KUBE_COUNTER_CLUSTER_NAME diff --git a/charts/internal/control-plane/values.yaml b/charts/internal/control-plane/values.yaml index 8008d346a..b0927efec 100644 --- a/charts/internal/control-plane/values.yaml +++ b/charts/internal/control-plane/values.yaml @@ -42,7 +42,7 @@ authnWebhook: enabled: false port: 443 - debug: true + debug: false tenant: some-tenant providerTenant: provider-tenant clusterName: cluster-name @@ -57,6 +57,7 @@ accountingExporter: enabled: false enrichments: projectID: project-id + projectName: project-name partitionID: partition-id tenant: some-tenant clusterID: cluster-id diff --git a/charts/internal/shoot-control-plane/templates/rbac-accounting-controller.yaml b/charts/internal/shoot-control-plane/templates/rbac-accounting-controller.yaml index c893aea96..dcf4aad29 100644 --- a/charts/internal/shoot-control-plane/templates/rbac-accounting-controller.yaml +++ b/charts/internal/shoot-control-plane/templates/rbac-accounting-controller.yaml @@ -8,6 +8,7 @@ rules: - apiGroups: - "" resources: + - namespaces - pods - persistentvolumes - persistentvolumeclaims diff --git a/pkg/controller/controlplane/valuesprovider.go b/pkg/controller/controlplane/valuesprovider.go index 487816f49..4fb199f5f 100644 --- a/pkg/controller/controlplane/valuesprovider.go +++ b/pkg/controller/controlplane/valuesprovider.go @@ -493,6 +493,11 @@ func (vp *valuesProvider) GetControlPlaneChartValues( return nil, err } + p, err := mclient.ProjectGet(infrastructureConfig.ProjectID) + if err != nil { + return nil, errors.Wrap(err, "could not retrieve project from metal-api") + } + chartValues, err := getCCMChartValues(cpConfig, infrastructureConfig, infrastructure, cp, cluster, checksums, scaledDown, mclient, metalControlPlane, nws) if err != nil { return nil, err @@ -505,12 +510,12 @@ func (vp *valuesProvider) GetControlPlaneChartValues( hmacAuthType: "", // currently default is used apiToken: metalCredentials.MetalAPIKey, } - authValues, err := getAuthNGroupRoleChartValues(cpConfig, cluster, vp.controllerConfig.Auth, ma) + authValues, err := getAuthNGroupRoleChartValues(cpConfig, cluster, vp.controllerConfig.Auth, p.Project, ma) if err != nil { return nil, err } - accValues, err := getAccountingExporterChartValues(ctx, vp.client, vp.controllerConfig.AccountingExporter, cluster, infrastructureConfig, mclient) + accValues, err := getAccountingExporterChartValues(ctx, vp.client, vp.controllerConfig.AccountingExporter, cluster, infrastructureConfig, p.Project) if err != nil { return nil, err } @@ -1084,18 +1089,17 @@ type metalAccess struct { } // returns values for "authn-webhook" and "group-rolebinding-controller" that are thematically related -func getAuthNGroupRoleChartValues(cpConfig *apismetal.ControlPlaneConfig, cluster *extensionscontroller.Cluster, config config.Auth, metalAccess metalAccess) (map[string]interface{}, error) { +func getAuthNGroupRoleChartValues(cpConfig *apismetal.ControlPlaneConfig, cluster *extensionscontroller.Cluster, config config.Auth, p *models.V1ProjectResponse, metalAccess metalAccess) (map[string]interface{}, error) { annotations := cluster.Shoot.GetAnnotations() clusterName := annotations[tag.ClusterName] - tenant := annotations[tag.ClusterTenant] ti := cpConfig.IAMConfig.IssuerConfig values := map[string]interface{}{ "authnWebhook": map[string]interface{}{ "enabled": config.Enabled, - "tenant": tenant, + "tenant": p.TenantID, "providerTenant": config.ProviderTenant, "clusterName": clusterName, "oidc": map[string]interface{}{ @@ -1119,13 +1123,12 @@ func getAuthNGroupRoleChartValues(cpConfig *apismetal.ControlPlaneConfig, cluste return values, nil } -func getAccountingExporterChartValues(ctx context.Context, client client.Client, accountingConfig config.AccountingExporterConfiguration, cluster *extensionscontroller.Cluster, infrastructure *apismetal.InfrastructureConfig, mclient *metalgo.Driver) (map[string]interface{}, error) { +func getAccountingExporterChartValues(ctx context.Context, client client.Client, accountingConfig config.AccountingExporterConfiguration, cluster *extensionscontroller.Cluster, infrastructure *apismetal.InfrastructureConfig, p *models.V1ProjectResponse) (map[string]interface{}, error) { annotations := cluster.Shoot.GetAnnotations() partitionID := infrastructure.PartitionID projectID := infrastructure.ProjectID clusterID := cluster.Shoot.ObjectMeta.UID clusterName := annotations[tag.ClusterName] - tenant := annotations[tag.ClusterTenant] if accountingConfig.Enabled { cp := &firewallv1.ClusterwideNetworkPolicy{ @@ -1171,8 +1174,9 @@ func getAccountingExporterChartValues(ctx context.Context, client client.Client, }, "enrichments": map[string]interface{}{ "partitionID": partitionID, - "tenant": tenant, + "tenant": p.TenantID, "projectID": projectID, + "projectName": p.Name, "clusterName": clusterName, "clusterID": clusterID, },