Skip to content

Commit

Permalink
Merge pull request #5 from EnergyExchangeEnablersBV/feature/DEV-264_F…
Browse files Browse the repository at this point in the history
…ileBased_Auth

feat: add authentication through docker.json file.
  • Loading branch information
kha7iq authored Feb 8, 2023
2 parents 3323551 + 4a13c00 commit 62979b5
Show file tree
Hide file tree
Showing 667 changed files with 161 additions and 284,301 deletions.
2 changes: 2 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -100,3 +100,5 @@ fabric.properties
# Android studio 3.1+ serialized cache file
.idea/caches/build_file_checksums.ser

# Ignore vendor directory
vendor/
4 changes: 2 additions & 2 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
# Build

FROM golang:1.19-alpine as build
FROM golang:1.20-alpine as build
ENV CGO_ENABLED=0 GOOS=linux
RUN apk update && apk add --no-cache gcc musl-dev git
RUN mkdir /app
COPY . /app
WORKDIR /app/cmd/drl-exporter
RUN apk update && apk add --no-cache gcc musl-dev git

# RUN go mod download

Expand Down
3 changes: 2 additions & 1 deletion Makefile
Original file line number Diff line number Diff line change
@@ -1,8 +1,9 @@
IMAGE_NAME=drl-exporter
IMAGE_VERSION=2.0
IMAGE_VERSION=2.1.0

.PHONY: docker
docker:
go mod vendor
docker build -t $(IMAGE_NAME) .
docker tag $(IMAGE_NAME):latest $(IMAGE_NAME):$(IMAGE_VERSION)

Expand Down
50 changes: 33 additions & 17 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -56,16 +56,16 @@ curl localhost:2121/metrics
```text
# HELP dockerhub_limit_max_requests_time Dockerhub rate limit maximum requests total time seconds
# TYPE dockerhub_limit_max_requests_time gauge
dockerhub_limit_max_requests_time 21600
dockerhub_limit_max_requests_time 21600{reqsource="my-IP-or-ID"}
# HELP dockerhub_limit_max_requests_total Dockerhub rate limit maximum requests in given time
# TYPE dockerhub_limit_max_requests_total gauge
dockerhub_limit_max_requests_total 100
dockerhub_limit_max_requests_total 100{reqsource="my-IP-or-ID"}
# HELP dockerhub_limit_remaining_requests_time Dockerhub rate limit remaining requests time seconds
# TYPE dockerhub_limit_remaining_requests_time gauge
dockerhub_limit_remaining_requests_time 21600
dockerhub_limit_remaining_requests_time 21600{reqsource="my-IP-or-ID"}
# HELP dockerhub_limit_remaining_requests_total Dockerhub rate limit remaining requests in given time
# TYPE dockerhub_limit_remaining_requests_total gauge
dockerhub_limit_remaining_requests_total 99
dockerhub_limit_remaining_requests_total 99{reqsource="my-IP-or-ID"}
```
<br>
To build the image in your local environment
Expand All @@ -78,16 +78,29 @@ make docker

## Configuration Variables

| Variables | Default Value | Discription |
| Variables | Default Value | Description |
| -------------------------- | :----------------: | :-------------: |
| EXPORTER_PORT | 2121 | Server listening port |
| ENABLE_USER_AUTH | false️ | **Must** be set to **true** if providing username |
| DOCKERHUB_USER | "" | Dockerhub account |
| DOCKERHUB_PASSWORD | "" | Account password |
| DOCKERHUB_REPO_IMAGE | ratelimitpreview/test | custom repository/image |

| ENABLE_FILE_AUTH | false | Load auth credentials from docker config file<br>at /$FILE_AUTH_DIR/config.json<br>Must leave auth through ENV empty. |
| FILE_AUTH_DIR | /config | Directory where config.json resides |
<br>

Example docker configuration config.json file below. <br>
Note that a more extensive configuration can be handled, as long as at least an 'auths' exists for `https://index.docker.io/v1/`, with a username and password.
```
{
"auths": {
"https://index.docker.io/v1/": {
"username": "MyUsername",
"password": "MyPasswordOrToken"
}
}
}
```
## Local Demo
You can find the complete docker-compose file along with a dashboard under deploy folder to test it out.

Expand Down Expand Up @@ -122,17 +135,20 @@ config.dockerhubPassword=<password>,config.enableUserAuth=true --namespace=<nam
```
## Chart Configuration

| Parameter | Description | Default |
| --------------------------------- | ----------------------------------------------------------------------------------------------------------------- | ------- |
| `config.exporterPort` | Port the deployment exposes | `2121` |
| `config.enableUserAuth` | Enable metrics for specific dockerhub account | `false` |
| `config.dockerhubUsername` | Dockerhub Username | `nil` |
| `config.dockerhubPassword` | Dockerhub Password | `nil` |
| `serviceMonitor.enabled` | If true, creates a ServiceMonitor instance | `false` |
| `serviceMonitor.additionalLabels` | Configure additional labels for the servicemonitor | `{}` |
| `serviceMonitor.namespace` | The namespace into which the servicemonitor is deployed. | `same as chart namespace` |
| `serviceMonitor.interval` | The interval with which prometheus will scrape | `30s` |
| `serviceMonitor.scrapeTimeout` | The timeout for the scrape request | `10s` |
| Parameter | Description | Default |
|-----------------------------------|-----------------------------------------------------------------------------------------------------------------------------|---------------------------|
| `config.exporterPort` | Port the deployment exposes | `2121` |
| `config.enableUserAuth` | Enable metrics for specific dockerhub account | `false` |
| `config.dockerhubUsername` | Dockerhub Username | `""` |
| `config.dockerhubPassword` | Dockerhub Password | `nil` |
| `config.enableFileAuth` | Enable authentication through k8s secret, type `kubernetes.io/dockerconfigjson`. Only effective if enableUserAuth is false. | `false` |
| `config.fileAuthDir` | Path to mount the config.json in the pod. Only effective if enableFileAuth is true. | `/config` |
| `config.fileAuthSecretName` | Name of existing k8s `kubernetes.io/dockerconfigjson` secret to use. Only effective if enableFileAuth is true. | `dockerhub` |
| `serviceMonitor.enabled` | If true, creates a ServiceMonitor instance | `false` |
| `serviceMonitor.additionalLabels` | Configure additional labels for the servicemonitor | `{}` |
| `serviceMonitor.namespace` | The namespace into which the servicemonitor is deployed. | `same as chart namespace` |
| `serviceMonitor.interval` | The interval with which prometheus will scrape | `30s` |
| `serviceMonitor.scrapeTimeout` | The timeout for the scrape request | `10s` |

## TODO
- [x] Tests
Expand Down
4 changes: 2 additions & 2 deletions deploy/chart/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,9 @@ type: application

# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
version: 1.0.1
version: 1.1.0

# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
appVersion: 2.0.1
appVersion: 2.1.0
25 changes: 14 additions & 11 deletions deploy/chart/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,14 +22,17 @@ The command removes all the Kubernetes components associated with the chart and

## Configuration

| Parameter | Description | Default |
| --------------------------------- | ----------------------------------------------------------------------------------------------------------------- | ------- |
| `config.exporterPort` | Port the deployment exposes | `2121` |
| `config.enableUserAuth` | Enable metrics for specific dockerhub account | `false` |
| `config.dockerhubUsername` | Dockerhub Username | `nil` |
| `config.dockerhubPassword` | Dockerhub Password | `nil` |
| `serviceMonitor.enabled` | If true, creates a ServiceMonitor instance | `false` |
| `serviceMonitor.additionalLabels` | Configure additional labels for the servicemonitor | `{}` |
| `serviceMonitor.namespace` | The namespace into which the servicemonitor is deployed. If not set, will the same as the namespace of this chart | `nil` |
| `serviceMonitor.interval` | The interval with which prometheus will scrape | `30s` |
| `serviceMonitor.scrapeTimeout` | The timeout for the scrape request | `10s` |
| Parameter | Description | Default |
|-----------------------------------|-----------------------------------------------------------------------------------------------------------------------------|---------------------------|
| `config.exporterPort` | Port the deployment exposes | `2121` |
| `config.enableUserAuth` | Enable metrics for specific dockerhub account | `false` |
| `config.dockerhubUsername` | Dockerhub Username | `""` |
| `config.dockerhubPassword` | Dockerhub Password | `nil` |
| `config.enableFileAuth` | Enable authentication through k8s secret, type `kubernetes.io/dockerconfigjson`. Only effective if enableUserAuth is false. | `false` |
| `config.fileAuthDir` | Path to mount the config.json in the pod. Only effective if enableFileAuth is true. | `/config` |
| `config.fileAuthSecretName` | Name of existing k8s `kubernetes.io/dockerconfigjson` secret to use. Only effective if enableFileAuth is true. | `dockerhub` |
| `serviceMonitor.enabled` | If true, creates a ServiceMonitor instance | `false` |
| `serviceMonitor.additionalLabels` | Configure additional labels for the servicemonitor | `{}` |
| `serviceMonitor.namespace` | The namespace into which the servicemonitor is deployed. | `same as chart namespace` |
| `serviceMonitor.interval` | The interval with which prometheus will scrape | `30s` |
| `serviceMonitor.scrapeTimeout` | The timeout for the scrape request | `10s` |
4 changes: 3 additions & 1 deletion deploy/chart/templates/configmap.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,6 @@ metadata:
data:
exporter-port: {{ default "2121" .Values.config.exporterPort | quote }}
enable-user-auth: {{ default "false" .Values.config.enableUserAuth | quote }}
dockerhub-username: {{ default "" .Values.config.dockerhubUsername | quote }}
dockerhub-username: {{ default "" .Values.config.dockerhubUsername | quote }}
enable-file-auth: {{ default "false" .Values.config.enableFileAuth | quote }}
file-auth-dir: {{ default "/config" .Values.config.fileAuthDir | quote }}
27 changes: 27 additions & 0 deletions deploy/chart/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -49,17 +49,25 @@ spec:
timeoutSeconds: 5
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- if .Values.config.enableFileAuth }}
volumeMounts:
- name: {{ default "dockerhub" .Values.config.fileAuthSecretName }}
readOnly: true
mountPath: {{ default "/config" .Values.config.fileAuthDir }}
{{- end}}
env:
- name: DOCKERHUB_USER
valueFrom:
configMapKeyRef:
name: {{ include "drl-exporter.fullname" . }}-configmap
key: dockerhub-username
{{- if .Values.config.dockerhubPassword }}
- name: DOCKERHUB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "drl-exporter.fullname" . }}-secret
key: dockerhub-password
{{- end }}
- name: ENABLE_USER_AUTH
valueFrom:
configMapKeyRef:
Expand All @@ -70,6 +78,25 @@ spec:
configMapKeyRef:
name: {{ include "drl-exporter.fullname" . }}-configmap
key: exporter-port
- name: ENABLE_FILE_AUTH
valueFrom:
configMapKeyRef:
name: {{ include "drl-exporter.fullname" . }}-configmap
key: enable-file-auth
{{- if .Values.config.enableFileAuth }}
- name: FILE_AUTH_DIR
valueFrom:
configMapKeyRef:
name: {{ include "drl-exporter.fullname" . }}-configmap
key: file-auth-dir
volumes:
- name: {{ default "dockerhub" .Values.config.fileAuthSecretName }}
secret:
secretName: {{ default "dockerhub" .Values.config.fileAuthSecretName }}
items:
- key: .dockerconfigjson
path: config.json
{{- end}}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
Expand Down
4 changes: 3 additions & 1 deletion deploy/chart/templates/secret.yaml
Original file line number Diff line number Diff line change
@@ -1,8 +1,10 @@
{{- if .Values.config.dockerhubPassword -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "drl-exporter.fullname" . }}-secret
labels:
{{- include "drl-exporter.labels" . | nindent 4 }}
data:
dockerhub-password: {{ default "" .Values.config.dockerhubPassword | b64enc | quote }}
dockerhub-password: {{ default "" .Values.config.dockerhubPassword | b64enc | quote }}
{{- end -}}
2 changes: 1 addition & 1 deletion deploy/chart/templates/service.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ metadata:
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.config.exporterPort }}
- port: {{ default 2121 .Values.config.exporterPort }}
targetPort: http
protocol: TCP
name: http
Expand Down
10 changes: 6 additions & 4 deletions deploy/chart/values.yaml
Original file line number Diff line number Diff line change
@@ -1,11 +1,13 @@
# Default values for drl-exporter.


config:
exporterPort: 2121 ## Change metrics server listen port
enableUserAuth: false ## to enable auth with user change to true
exporterPort: ## Change metrics server listen port
enableUserAuth: ## Boolean, set to true to enable auth with user
dockerhubUsername: ## dockerhub username here
dockerhubPassword: ## ockerhub password here
dockerhubPassword: ## dockerhub password here
enableFileAuth: ## Boolean, set to true to enable auth through k8s secret of type 'kubernetes.io/dockerconfigjson'. Only effective when enableUserAuth is false.
fileAuthDir: ## Path to mount the config.json in the pod. Only effective if enableFileAuth is true. Defaults to '/config'.
fileAuthSecretName: ## Name of existing k8s `kubernetes.io/dockerconfigjson` secret to use. Only effective if enableFileAuth is true. Defaults to 'dockerhub', must be in same namespace.

replicaCount: 1

Expand Down
11 changes: 9 additions & 2 deletions go.mod
Original file line number Diff line number Diff line change
@@ -1,20 +1,27 @@
module github.com/m47ik/drl-exporter

go 1.17
go 1.20

require (
github.com/nicholasjackson/env v0.6.0
github.com/docker/cli v23.0.0+incompatible
github.com/nicholasjackson/env v0.6.1
github.com/prometheus/client_golang v1.14.0
)

require (
github.com/beorn7/perks v1.0.1 // indirect
github.com/cespare/xxhash/v2 v2.2.0 // indirect
github.com/docker/docker v20.10.22+incompatible // indirect
github.com/docker/docker-credential-helpers v0.7.0 // indirect
github.com/golang/protobuf v1.5.2 // indirect
github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/prometheus/client_model v0.3.0 // indirect
github.com/prometheus/common v0.39.0 // indirect
github.com/prometheus/procfs v0.9.0 // indirect
github.com/sirupsen/logrus v1.9.0 // indirect
golang.org/x/sys v0.4.0 // indirect
google.golang.org/protobuf v1.28.1 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
gotest.tools/v3 v3.4.0 // indirect
)
Loading

0 comments on commit 62979b5

Please sign in to comment.