prometheus/ssl_exporter
1
0
Fork 0
mirror of https://github.com/ribbybibby/ssl_exporter.git synced 2025-02-19 19:59:47 +02:00
Code Issues Releases Activity

kubernetes: use namespace selector where possible

Browse Source 
We can use a namespace selector to only list secrets in the target namespace,
unless its a glob pattern.
This commit is contained in:
Rob Best 2024-04-30 06:39:07 +01:00
parent 1b8a0c3b93
commit 3eab6a10fd
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
prober/kubernetes.go
View File

@ -3,6 +3,7 @@ package prober
import (
"context"
"fmt"
"regexp"
"strings"
"github.com/bmatcuk/doublestar/v2"
@ -22,6 +23,8 @@ var (
// ErrKubeBadTarget is returned when the target doesn't match the
// expected form for the kubernetes prober
ErrKubeBadTarget = fmt.Errorf("Target secret must be provided in the form: <namespace>/<name>")
globPattern = regexp.MustCompile(`^.*(\*|\?|\{|\}|\[|\])+.*$`)
)
// ProbeKubernetes collects certificate metrics from kubernetes.io/tls Secrets
@ -43,8 +46,15 @@ func probeKubernetes(ctx context.Context, target string, module config.Module, r
ns := parts[0]
name := parts[1]
// If the namespace contains a glob pattern then we need to filter on
// all the secrets in the cluster
selector := ns
if globPattern.MatchString(ns) {
selector = ""
}
var tlsSecrets []v1.Secret
secrets, err := client.CoreV1().Secrets("").List(ctx, metav1.ListOptions{FieldSelector: "type=kubernetes.io/tls"})
secrets, err := client.CoreV1().Secrets(selector).List(ctx, metav1.ListOptions{FieldSelector: "type=kubernetes.io/tls"})
if err != nil {
return err
}