Skip to content

Commit b9e1889

Browse files
authored
Merge pull request #769 from jetstack/feature/discovery-configmaps
Discovery of ConfigMaps
2 parents 45e0e64 + 9fd3170 commit b9e1889

File tree

11 files changed

+468
-0
lines changed

11 files changed

+468
-0
lines changed

deploy/charts/disco-agent/templates/configmap.yaml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -109,3 +109,11 @@ data:
109109
resource-type:
110110
version: v1
111111
resource: pods
112+
- kind: k8s-dynamic
113+
name: ark/configmaps
114+
config:
115+
resource-type:
116+
resource: configmaps
117+
version: v1
118+
label-selectors:
119+
- conjur.org/name=conjur-connect-configmap

deploy/charts/disco-agent/tests/__snapshot__/configmap_test.yaml.snap

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -97,6 +97,14 @@ custom-cluster-description:
9797
resource-type:
9898
version: v1
9999
resource: pods
100+
- kind: k8s-dynamic
101+
name: ark/configmaps
102+
config:
103+
resource-type:
104+
resource: configmaps
105+
version: v1
106+
label-selectors:
107+
- conjur.org/name=conjur-connect-configmap
100108
kind: ConfigMap
101109
metadata:
102110
labels:
@@ -206,6 +214,14 @@ custom-cluster-name:
206214
resource-type:
207215
version: v1
208216
resource: pods
217+
- kind: k8s-dynamic
218+
name: ark/configmaps
219+
config:
220+
resource-type:
221+
resource: configmaps
222+
version: v1
223+
label-selectors:
224+
- conjur.org/name=conjur-connect-configmap
209225
kind: ConfigMap
210226
metadata:
211227
labels:
@@ -315,6 +331,14 @@ custom-period:
315331
resource-type:
316332
version: v1
317333
resource: pods
334+
- kind: k8s-dynamic
335+
name: ark/configmaps
336+
config:
337+
resource-type:
338+
resource: configmaps
339+
version: v1
340+
label-selectors:
341+
- conjur.org/name=conjur-connect-configmap
318342
kind: ConfigMap
319343
metadata:
320344
labels:
@@ -424,6 +448,14 @@ defaults:
424448
resource-type:
425449
version: v1
426450
resource: pods
451+
- kind: k8s-dynamic
452+
name: ark/configmaps
453+
config:
454+
resource-type:
455+
resource: configmaps
456+
version: v1
457+
label-selectors:
458+
- conjur.org/name=conjur-connect-configmap
427459
kind: ConfigMap
428460
metadata:
429461
labels:

examples/machinehub.yaml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -129,3 +129,13 @@ data-gatherers:
129129
resource-type:
130130
version: v1
131131
resource: pods
132+
133+
# Gather Kubernetes config maps with specific conjur.org label
134+
- name: ark/configmaps
135+
kind: k8s-dynamic
136+
config:
137+
resource-type:
138+
resource: configmaps
139+
version: v1
140+
label-selectors:
141+
- conjur.org/name=conjur-connect-configmap

examples/machinehub/input.json

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -153,5 +153,11 @@
153153
"data": {
154154
"items": []
155155
}
156+
},
157+
{
158+
"data-gatherer": "ark/configmaps",
159+
"data": {
160+
"items": []
161+
}
156162
}
157163
]
Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
apiVersion: v1
2+
kind: ConfigMap
3+
metadata:
4+
name: conjur-connect-configmap
5+
namespace: default
6+
labels:
7+
conjur.org/name: conjur-connect-configmap
8+
app.kubernetes.io/name: authn-k8s
9+
app.kubernetes.io/component: conjur-conn-configmap
10+
app.kubernetes.io/instance: pet-store-authn-k8s
11+
app.kubernetes.io/part-of: app-namespace-config
12+
app.kubernetes.io/managed-by: helm
13+
helm.sh/chart: authn-k8s-namespace-prep-1.0.0
14+
data:
15+
CONJUR_ACCOUNT: myConjurAccount
16+
CONJUR_APPLIANCE_URL: https://conjur.conjur-ns.svc.cluster.local
17+
CONJUR_AUTHN_URL: https://conjur.conjur-ns.svc.cluster.local/authn-k8s/my-authenticator-id
18+
CONJUR_AUTHENTICATOR_ID: my-authenticator-id
19+
CONJUR_SSL_CERTIFICATE: |
20+
-----BEGIN CERTIFICATE-----
21+
MIIDYTCCAkmgAwIBAgIUTXBJk7Fm+M9kVD5x66jPiwU2JfcwDQYJKoZIhvcNAQEL
22+
BQAwQDErMCkGA1UEAwwiY29uanVyLmNvbmp1ci1ucy5zdmMuY2x1c3Rlci5sb2Nh
23+
bDERMA8GA1UECgwIRTJFIFRlc3QwHhcNMjYwMTI4MTMwNzA5WhcNMzYwMTI2MTMw
24+
NzA5WjBAMSswKQYDVQQDDCJjb25qdXIuY29uanVyLW5zLnN2Yy5jbHVzdGVyLmxv
25+
Y2FsMREwDwYDVQQKDAhFMkUgVGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
26+
AQoCggEBALdJ9InvV4oOy5LzP/JfZ7iAuM7RIQzeD1fDjm1EEfQcLqSgobH2yZtA
27+
YETlj/c2bfJ8Cc2dTJMoTefwofwjA6iR43SBf0e78raKsGSmR3ors9BqaulvgII5
28+
Tk3y5jdZxty7UNIGOJP9QoJ4kPQHu37HhSfaA517yQJNCOa4NSLkpHWK155o6Cvf
29+
k03M6Szzs5uL7GTK/8IJnl0WSXJezC7lQ8Q+0VVCR6Cq4CzAKm2ZoVCPGkYDZb+Y
30+
2i0aGe8ideO0JgTOsHzXiv5x1DzaEdX0+DhV+aQKbRJYENa2w5LCG0b1Z6Hpyvm6
31+
uT0LobEgNLxJ8fOxa3LEq2IryzHFZjUCAwEAAaNTMFEwHQYDVR0OBBYEFHuXVFoC
32+
IaF7T3Iic7fKxyKwVhpkMB8GA1UdIwQYMBaAFHuXVFoCIaF7T3Iic7fKxyKwVhpk
33+
MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAF/7DwNERFTpucWi
34+
roDVME2SH1kTKiemcKzguoeOkDBZd70GbLejy64gWF9nIbcQ9WYxRIuqSI2h0j8d
35+
ED9SGQ66nic3uw16GN5IJk21ucFwAJstgQG3kvWPBbSrxMO9TB0pounRozZ5DkZe
36+
ZI+vZ4BNOZDT9TAE08xXLrzVhzVDM8DGAydzXUlvscfhYpTe77Cm7yMxmItO7QTA
37+
xTrBaamgxM1XYbx+DiS8nTm1U2G3UVACCv9zH6MXDe2DDREBuX1U3skqqbJlsypf
38+
68ckx8fzdxIU5OLx0LZ4QZOR66cHyambDtngoD3iKqDcR1L8EdXajq+IaPRZfcD6
39+
VLEtA4Y=
40+
-----END CERTIFICATE-----

hack/ark/test-e2e.sh

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -74,6 +74,12 @@ kubectl create secret generic e2e-sample-secret-$(date '+%s') \
7474
--namespace default \
7575
--from-literal=username=${RANDOM}
7676

77+
# Create a sample ConfigMap in the cluster that will be discovered by the agent
78+
#
79+
# This ConfigMap has the label that matches the default label-selector configured
80+
# in the ark/configmaps data gatherer (conjur.org/name=conjur-connect-configmap).
81+
kubectl apply -f "${root_dir}/hack/ark/conjur-connect-configmap.yaml"
82+
7783
# We use a non-existent tag and omit the `--version` flag, to work around a Helm
7884
# v4 bug. See: https://github.com/helm/helm/issues/31600
7985
helm upgrade agent "oci://${ARK_CHART}:NON_EXISTENT_TAG@${ARK_CHART_DIGEST}" \

internal/cyberark/dataupload/dataupload.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -71,6 +71,8 @@ type Snapshot struct {
7171
Secrets []runtime.Object `json:"secrets"`
7272
// ServiceAccounts is a list of ServiceAccount resources in the cluster.
7373
ServiceAccounts []runtime.Object `json:"serviceaccounts"`
74+
// ConfigMaps is a list of ConfigMap resources in the cluster.
75+
ConfigMaps []runtime.Object `json:"configmaps"`
7476
// Roles is a list of Role resources in the cluster.
7577
Roles []runtime.Object `json:"roles"`
7678
// ClusterRoles is a list of ClusterRole resources in the cluster.

pkg/client/client_cyberark.go

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -218,6 +218,9 @@ var defaultExtractorFunctions = map[string]func(*api.DataReading, *dataupload.Sn
218218
"ark/pods": func(r *api.DataReading, s *dataupload.Snapshot) error {
219219
return extractResourceListFromReading(r, &s.Pods)
220220
},
221+
"ark/configmaps": func(r *api.DataReading, s *dataupload.Snapshot) error {
222+
return extractResourceListFromReading(r, &s.ConfigMaps)
223+
},
221224
}
222225

223226
// convertDataReadings processes a list of DataReadings using the provided

0 commit comments

Comments
 (0)