Generate Prometheus client from KRM

api/v1/appbinding.go

@@ -16,6 +16,10 @@ limitations under the License.
 
 package v1
 
+import (
+	kmapi "kmodules.xyz/client-go/api/v1"
+)
+
 type GrafanaConfig struct {
 	URL         string        `json:"url"`
 	Service     ServiceSpec   `json:"service"`
@@ -73,3 +77,46 @@ type GrafanaContext struct {
 	FolderID   *int64 `json:"folderID,omitempty"`
 	Datasource string `json:"datasource,omitempty"`
 }
+
+type Prometheus struct {
+	AppBindingRef   *kmapi.ObjectReference `json:"appBindingRef,omitempty"`
+	*ConnectionSpec `json:",inline,omitempty"`
+}
+
+// ConnectionSpec is the spec for app
+type ConnectionSpec struct {
+	// ClientConfig defines how to communicate with the app.
+	// Required
+	ClientConfig `json:",inline"`
+
+	// Secret is the name of the secret to create in the AppBinding's
+	// namespace that will hold the credentials associated with the AppBinding.
+	AuthSecret *kmapi.ObjectReference `json:"authSecret,omitempty"`
+
+	// TLSSecret is the name of the secret that will hold
+	// the client certificate and private key associated with the AppBinding.
+	TLSSecret *kmapi.ObjectReference `json:"tlsSecret,omitempty"`
+}
+
+// ClientConfig contains the information to make a connection with an app
+type ClientConfig struct {
+	// `url` gives the location of the app, in standard URL form
+	// (`[scheme://]host:port/path`). Exactly one of `url` or `service`
+	// must be specified.
+	// +optional
+	URL string `json:"url"`
+
+	// InsecureSkipTLSVerify disables TLS certificate verification when communicating with this app.
+	// This is strongly discouraged.  You should use the CABundle instead.
+	InsecureSkipTLSVerify bool `json:"insecureSkipTLSVerify,omitempty"`
+
+	// CABundle is a PEM encoded CA bundle which will be used to validate the serving certificate of this app.
+	// +optional
+	CABundle []byte `json:"caBundle,omitempty"`
+
+	// ServerName is used to verify the hostname on the returned
+	// certificates unless InsecureSkipVerify is given. It is also included
+	// in the client's handshake to support virtual hosting unless it is
+	// an IP address.
+	ServerName string `json:"serverName,omitempty"`
+}

api/v1/helpers.go

@@ -17,12 +17,16 @@ limitations under the License.
 package v1
 
 import (
+	"errors"
 	"fmt"
 
 	"kmodules.xyz/client-go/policy/secomp"
+	appcatalog "kmodules.xyz/custom-resources/apis/appcatalog/v1alpha1"
 
 	"gomodules.xyz/pointer"
 	core "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/utils/ptr"
 )
 
 func (agent *AgentSpec) SetDefaults() {
@@ -86,3 +90,48 @@ func GrafanaDatasource(isDefault bool, clusterName, projectId string) string {
 	}
 	return fmt.Sprintf("%s-%s", clusterName, projectId)
 }
+
+func (c *ConnectionSpec) ToAppBinding() (*appcatalog.AppBinding, error) {
+	var ns string
+	if c.AuthSecret != nil {
+		if c.AuthSecret.Namespace == "" {
+			return nil, errors.New("auth secret namespace not set")
+		}
+		ns = c.AuthSecret.Namespace
+	}
+	if c.TLSSecret != nil {
+		if c.TLSSecret.Namespace == "" {
+			return nil, errors.New("tls secret namespace not set")
+		}
+		if ns != "" && ns != c.TLSSecret.Namespace {
+			return nil, errors.New("tls secret namespace does not match auth secret namespace")
+		}
+	}
+
+	app := appcatalog.AppBinding{
+		TypeMeta: metav1.TypeMeta{},
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "<generated>",
+			Namespace: ns,
+		},
+		Spec: appcatalog.AppBindingSpec{
+			ClientConfig: appcatalog.ClientConfig{
+				URL:                   ptr.To(c.URL),
+				InsecureSkipTLSVerify: c.InsecureSkipTLSVerify,
+				CABundle:              c.CABundle,
+				ServerName:            c.ServerName,
+			},
+		},
+	}
+	if c.AuthSecret != nil {
+		app.Spec.Secret = &core.LocalObjectReference{
+			Name: c.AuthSecret.Name,
+		}
+	}
+	if c.TLSSecret != nil {
+		app.Spec.TLSSecret = &core.LocalObjectReference{
+			Name: c.TLSSecret.Name,
+		}
+	}
+	return &app, nil
+}