update kubeeye api (#337)

* update mod

* adjust customized inspect  struct

* add system workspace label  when   create "kubeeye-system" namespace

* support component rule exclude

Author: liangzai006

apis/kubeeye/v1alpha2/inspectrule_types.go

@@ -28,16 +28,17 @@ type InspectRuleSpec struct {
 	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
 	// Important: Run "make" to regenerate code after modifying this file
 
-	PrometheusEndpoint string                   `json:"prometheusEndpoint,omitempty"`
-	Opas               []OpaRule                `json:"opas,omitempty"`
-	Prometheus         []PrometheusRule         `json:"prometheus,omitempty"`
-	FileChange         []FileChangeRule         `json:"fileChange,omitempty" `
-	Sysctl             []SysRule                `json:"sysctl,omitempty"`
-	Systemd            []SysRule                `json:"systemd,omitempty"`
-	FileFilter         []FileFilterRule         `json:"fileFilter,omitempty"`
-	CustomCommand      []CustomCommandRule      `json:"customCommand,omitempty"`
-	NodeInfo           []NodeInfo               `json:"nodeInfo,omitempty"`
-	ServiceConnect     []ServiceConnectRuleItem `json:"serviceConnect,omitempty"`
+	ComponentExclude   []string             `json:"componentExclude,omitempty"`
+	PrometheusEndpoint string               `json:"prometheusEndpoint,omitempty"`
+	Opas               []OpaRule            `json:"opas,omitempty"`
+	Prometheus         []PrometheusRule     `json:"prometheus,omitempty"`
+	FileChange         []FileChangeRule     `json:"fileChange,omitempty" `
+	Sysctl             []SysRule            `json:"sysctl,omitempty"`
+	Systemd            []SysRule            `json:"systemd,omitempty"`
+	FileFilter         []FileFilterRule     `json:"fileFilter,omitempty"`
+	CustomCommand      []CustomCommandRule  `json:"customCommand,omitempty"`
+	NodeInfo           []NodeInfoRule       `json:"nodeInfo,omitempty"`
+	ServiceConnect     []ServiceConnectRule `json:"serviceConnect,omitempty"`
 }
 type RuleItemBases struct {
 	Name  string `json:"name,omitempty"`
@@ -46,7 +47,7 @@ type RuleItemBases struct {
 	Level Level  `json:"level,omitempty"`
 }
 
-type ServiceConnectRuleItem struct {
+type ServiceConnectRule struct {
 	RuleItemBases `json:",inline"`
 	Namespace     string `json:"namespace,omitempty"`
 	Workspace     string `json:"workspace,omitempty"`
@@ -57,7 +58,7 @@ type Node struct {
 	NodeSelector map[string]string `json:"nodeSelector,omitempty"`
 }
 
-type NodeInfo struct {
+type NodeInfoRule struct {
 	RuleItemBases `json:",inline"`
 	Node          `json:",inline"`
 	ResourcesType string `json:"resourcesType,omitempty"`

apis/kubeeye/v1alpha2/zz_generated.deepcopy.go

@@ -20,6 +20,7 @@ import (
 	"github.com/kubesphere/kubeeye/pkg/kube"
 	"go.uber.org/zap/zapcore"
 	"os"
+	"sigs.k8s.io/controller-runtime/pkg/metrics/server"
 
 	// Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.)
 	// to ensure that exec-entrypoint and run can make use of them.
@@ -70,9 +71,10 @@ func main() {
 	ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts)))
 
 	mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
-		Scheme:                 scheme,
-		MetricsBindAddress:     metricsAddr,
-		Port:                   9443,
+		Scheme: scheme,
+		Metrics: server.Options{
+			BindAddress: metricsAddr,
+		},
 		HealthProbeBindAddress: probeAddr,
 		LeaderElection:         enableLeaderElection,
 		LeaderElectionID:       "fa68b2a3.kubesphere.io",

cmd/ke-manager/main.go

@@ -39,6 +39,10 @@ spec:
           spec:
             description: InspectRuleSpec defines the desired state of InspectRule
             properties:
+              componentExclude:
+                items:
+                  type: string
+                type: array
               customCommand:
                 items:
                   properties:

config/crd/bases/kubeeye.kubesphere.io_inspectrules.yaml

@@ -3,8 +3,7 @@ kind: InspectPlan
 metadata:
   name: inspectplan
 spec:
-  maxTasks: 10
   ruleNames:
+    - name: inspect-rule-systemd
     - name: services-connect
-  timeout: 30m
-
+status: {}

deploy/kubeeye_v1alpha2_inspectplan.yaml

@@ -12,7 +12,7 @@ const (
 	DefaultNamespace = "kubeeye-system"
 )
 
-var SystemNamespaces = []string{"kubesphere-system", "kubesphere-logging-system", "kubesphere-monitoring-system", "openpitrix-system", "kube-system", "istio-system", "kubesphere-devops-system", "porter-system"}
+var SystemNamespaces = []string{"kubeeye-system", "kubesphere-system", "kubesphere-logging-system", "kubesphere-monitoring-system", "openpitrix-system", "kube-system", "istio-system", "kubesphere-devops-system", "porter-system"}
 
 const BaseFilePrefix = "kubeeye-base-file"
 const (
@@ -60,6 +60,7 @@ const (
 	AnnotationJoinRuleNum   = "kubeeye.kubesphere.io/join-rule-num"
 	AnnotationDescription   = "kubeeye.kubesphere.io/description"
 	AnnotationInspectType   = "kubeeye.kubesphere.io/inspect-type"
+	AnnotationInspectIgnore = "kubeeye.kubesphere.io/inspect-ignore"
 )
 
 const (

pkg/constant/constant.go

@@ -163,7 +163,7 @@ func ComputeLevel(data interface{}, mapLevel map[kubeeyev1alpha2.Level]*int) {
 	for _, m := range maps {
 		v, ok := m["level"]
 		if !ok {
-			mapLevel[kubeeyev1alpha2.DangerLevel] = Autoincrement(kubeeyev1alpha2.DangerLevel)
+			mapLevel[kubeeyev1alpha2.WarningLevel] = Autoincrement(kubeeyev1alpha2.WarningLevel)
 		} else {
 			l := v.(string)
 			mapLevel[kubeeyev1alpha2.Level(l)] = Autoincrement(kubeeyev1alpha2.Level(l))

pkg/controllers/inspectrules_controller.go

@@ -514,9 +514,23 @@ func isTimeout(startTime metav1.Time, t string) bool {
 // InitClusterInspect Initialize the relevant configuration items required for multi-cluster inspection
 func (r *InspectTaskReconciler) initClusterInspectConfig(ctx context.Context, clients *kube.KubernetesClient) error {
 
-	_, err := clients.ClientSet.CoreV1().Namespaces().Create(ctx, &corev1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: constant.DefaultNamespace}}, metav1.CreateOptions{})
-	if err != nil && !kubeErr.IsAlreadyExists(err) {
-		return err
+	_, err := clients.ClientSet.CoreV1().Namespaces().Get(ctx, constant.DefaultNamespace, metav1.GetOptions{})
+	if err != nil {
+		if kubeErr.IsNotFound(err) {
+			_, err = clients.ClientSet.CoreV1().Namespaces().Create(ctx, &corev1.Namespace{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:   constant.DefaultNamespace,
+					Labels: map[string]string{"kubesphere.io/workspace": "system-workspace"},
+				}},
+				metav1.CreateOptions{})
+
+			if err != nil && !kubeErr.IsAlreadyExists(err) {
+				return err
+			}
+		} else {
+			return err
+		}
+
 	}
 
 	_, err = clients.ClientSet.RbacV1().ClusterRoles().Create(ctx, template.GetClusterRoleTemplate(), metav1.CreateOptions{})

pkg/controllers/inspecttask_controller.go

@@ -17,6 +17,7 @@ limitations under the License.
 package controllers
 
 import (
+	"github.com/onsi/ginkgo/reporters"
 	"path/filepath"
 	"testing"
 
@@ -26,7 +27,6 @@ import (
 	"k8s.io/client-go/rest"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/envtest"
-	"sigs.k8s.io/controller-runtime/pkg/envtest/printer"
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
 	"sigs.k8s.io/controller-runtime/pkg/log/zap"
 
@@ -46,7 +46,7 @@ func TestAPIs(t *testing.T) {
 
 	RunSpecsWithDefaultAndCustomReporters(t,
 		"Controller Suite",
-		[]Reporter{printer.NewlineReporter{}})
+		[]Reporter{&reporters.JUnitReporter{}})
 }
 
 var _ = BeforeSuite(func() {