Support K8S node discovery with filtering options (#1577)

* K8S node discovery with filtering options * fix edge case that returned no namespaces when using Role instead of ClusterRole * update documentation for dashboard with k8s
dotnetcore · Sep 20, 2024 · 8397a5a · 8397a5a
1 parent 6481ce5
commit 8397a5a
Show file tree

Hide file tree

Showing 4 changed files with 391 additions and 24 deletions.
diff --git a/docs/content/user-guide/en/monitoring/kubernetes.md b/docs/content/user-guide/en/monitoring/kubernetes.md
@@ -18,6 +18,25 @@ services.AddCap(x =>
 
 ```
 
+## UseK8sDiscovery Configuration
+
+This configuration option is used to configure the Dashboard/Nodes to list every K8s `service` by default. If this is set to `True` then only services with the `dotnetcore.cap.visibility: show` label will be listed. More information on labels will be found on the **Kubernetes Labels Configuration** section.
+
+* ShowOnlyExplicitVisibleNodes 
+
+> Default ：false
+
+
+```cs
+services.AddCap(x =>
+{
+    // ...
+    x.UseK8sDiscovery(opt=>{
+      opt.ShowOnlyExplicitVisibleNodes = true;
+    });
+});
+```
+
 The component will automatically detect whether it is inside the cluster. If it is inside the cluster, the Pod must be granted Kubernetes Api permissions. Refer to the next section.
 
 ## Assign Pod Access to Kubernetes Api 
@@ -90,6 +109,67 @@ spec:
       targetPort: 80
 ```
 
+From version `8.3.0` and onwards you can use a `Role` instead of `ClusterRole` to allow discovery of services only inside the namespace that the dashboard is running. Kubernetes Roles has limited jurisdiction inside the namespace. In the above example just remove ClusterRole and ClusterRoleBinding and instead use the following: 
+
+```
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: ns-svc-reader
+rules:
+- apiGroups: [""]
+  resources: ["services"]
+  verbs: ["get", "watch", "list"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: read-pods
+subjects:
+- kind: ServiceAccount
+  name: api-access
+  namespace: default
+roleRef:
+  kind: ClusterRole
+  name: ns-svc-reader
+  apiGroup: rbac.authorization.k8s.io
+
+```
+
+## Kubernetes Labels Configuration
+
+The list of Nodes showed in the dashboard can be controlled by adding labels to the to your kubernetes services. 
+
+
+- `dotnetcore.cap.visibility` label is used to show or hide a service from the list. 
+
+    > Allowed Values: show | hide
+
+    > Examples: `dotnetcore.cap.visibility: show` or `dotnetcore.cap.visibility: hide`
+
+By default every k8s service is listed with the first port found in the service. However if more ports are present on the service you can select the wanted by using the following labels: 
+
+- `dotnetcore.cap.portName` label is used to filter the wanted port of the service. 
+
+    > Allowed Values: string
+
+    > Examples: `dotnetcore.cap.portName: grpc` or `dotnetcore.cap.portName: http`
+
+If not found any port with the given name, it will try to match the next label portIndex
+
+- `dotnetcore.cap.portIndex` label is used to filter the wanted port of the service. This filter is taken into consideration only if no label portName is set or a non matching portName is set.
+
+    > Allowed Values: number represented as string ex: '2' or '14'
+
+    > Examples: `dotnetcore.cap.portIndex: '1'` or `dotnetcore.cap.portIndex: '3'`
+
+  If the provided index is outside of bounds then it will fallback to the first port (index:0)
+
+
+
+
+
 ## Using Dashboard Standalone
 
 You can use the Dashboard standalone without configuring CAP, in this case, the Dashboard can be deployed as a separate Pod in the Kubernetes cluster just for data viewing. The service to be viewed no longer needs to configure the `cap.UseK8sDiscovery()` option.

diff --git a/docs/content/user-guide/zh/monitoring/kubernetes.md b/docs/content/user-guide/zh/monitoring/kubernetes.md
@@ -18,6 +18,25 @@ services.AddCap(x =>
 
 ```
 
+## 使用K8sDiscovery配置
+
+此配置选项用于配置仪表板/节点以默认列出每个 K8s `service` 。如果将此设置为 `true`，则只会列出带有`dotnetcore.cap.visibility: show` 标签的服务。有关标签的更多信息可以在 **Kubernetes 标签配置** 部分找到。
+
+* ShowOnlyExplicitVisibleNodes
+
+> 默认值：false
+
+
+```cs
+services.AddCap(x =>
+{
+    // ...
+    x.UseK8sDiscovery(opt=>{
+      opt.ShowOnlyExplicitVisibleNodes = true;
+    });
+});
+```
+
 组件将会自动检测是否处于集群内部，如果处于集群内部在需要赋予Pod Kubernetes Api 的权限。参考下一章节。
 
 ## 分配 Pod 访问  Kubernetes Api 
@@ -90,6 +109,65 @@ spec:
       targetPort: 80
 ```
 
+从版本 `8.3.0` 及更高版本，您可以使用 `Role` 而不是 `ClusterRole`，以允许仅在仪表板运行的命名空间内发现服务。 Kubernetes 角色在命名空间内拥有有限的管辖权。在上面的示例中，只需删除 ClusterRole 和 ClusterRoleBinding 并改为使用以下内容
+
+```
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: ns-svc-reader
+rules:
+- apiGroups: [""]
+  resources: ["services"]
+  verbs: ["get", "watch", "list"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: read-pods
+subjects:
+- kind: ServiceAccount
+  name: api-access
+  namespace: default
+roleRef:
+  kind: ClusterRole
+  name: ns-svc-reader
+  apiGroup: rbac.authorization.k8s.io
+
+```
+
+## Kubernetes 标签配置
+
+可以通过向 kubernetes 服务添加标签来控制仪表板中显示的节点列表。
+
+
+- `dotnetcore.cap.visibility` 标签用于显示或隐藏列表中的服务。
+
+    > 可能的值: show | hide
+
+    > 示例: `dotnetcore.cap.visibility: show` or `dotnetcore.cap.visibility: hide`
+
+默认情况下，每个 k8s 服务都会列出该服务中找到的第一个端口。但是，如果服务上存在更多端口，您可以使用以下标签选择所需的端口：
+
+- `dotnetcore.cap.portName` 标签用于过滤需要的服务端口。
+
+    > 可能的值: string
+
+    > 示例: `dotnetcore.cap.portName: grpc` or `dotnetcore.cap.portName: http`
+
+If not found any port with the given name, it will try to match the next label portIndex
+
+- `dotnetcore.cap.portIndex` 标签用于过滤需要的服务端口。 仅当未设置标签 portName 或设置不匹配的 portName 时，才会考虑此过滤器。
+
+    > 可能的值: 数字表示为字符串 ex: '2' or '14'
+
+    > 示例: `dotnetcore.cap.portIndex: '1'` or `dotnetcore.cap.portIndex: '3'`
+
+  如果提供的索引超出范围，那么它将回退到第一个端口（索引：0）
+
+
+
 ## 独立使用 Dashboard 
 
 你可以独立使用 Dashboard 而不需要配置CAP，此时相当于 Dashboard 可作为单独的 Pod 部署到 Kubernetes 集群中仅用作查看数据，待查看的服务不再需要配置 `cap.UseK8sDiscovery()` 配置项。

diff --git a/src/DotNetCore.CAP.Dashboard.K8s/K8sDiscoveryOptions.cs b/src/DotNetCore.CAP.Dashboard.K8s/K8sDiscoveryOptions.cs
@@ -14,7 +14,14 @@ public class K8sDiscoveryOptions
     public K8sDiscoveryOptions()
     {
         K8SClientConfig = KubernetesClientConfiguration.BuildDefaultConfig();
+        ShowOnlyExplicitVisibleNodes = true;
     }
 
     public KubernetesClientConfiguration K8SClientConfig { get; set; }
+
+    /// <summary>
+    /// If this is set to TRUE will make all nodes hidden by default. Only kubernetes services 
+    /// with label "dotnetcore.cap.visibility:show" will be listed in the nodes section.
+    /// </summary>
+    public bool ShowOnlyExplicitVisibleNodes { get; set; }
 }