sensu-plugins-kubernetes-reactiveops 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 25b537379f6e02c1eeddab70d94520a43616d6c1
+  data.tar.gz: bccba5e6690207a3b3bb71d5ec1427e3ac1303e0
+SHA512:
+  metadata.gz: 4f4673f8517e188270b429baf4a4f922359153a13dbe093e7b170ed0321c1873881aa6f40bfce8e3877babc02c03186da7c0e976dc8974fc7b259e6a660bf48b
+  data.tar.gz: 5f501632b0e28e4a12500effa1ed51aa7602c3e0abcbe788112540e4b45655050fe13d7a515ad809018e367cff844654f03c2b420b8a6693b9788113923177d2

data/CHANGELOG.md

@@ -0,0 +1,50 @@
+#Change Log
+This project adheres to [Semantic Versioning](http://semver.org/).
+
+This CHANGELOG follows the format listed at [Keep A Changelog](http://keepachangelog.com/)
+
+## [Unreleased]
+### Added
+- Added metrics-pods.rb that will output the number of running pods per service
+- Added check-kube-pods-running check
+- Split check-kube-pods-pending into two checks; the original still checks for
+pending pods, the restart count portion has been split into it's own check.
+
+## [0.1.2] - 2016-08-07
+### Fixed
+- check-kube-service-available.rb: fixed error caused by misspelling of true boolean (@justinhammar)
+
+### Changed
+- check-kube-pods-pending.rb: Add namespace to output (@ajohnstone)
+- check-kube-service-available.rb: Add namespace to output (@ajohnstone)
+- pin `activesupport` to `< 5.0.0` to maintain compatability with Ruby < 2.2 (@eheydrick)
+
+## [0.1.1] - 2016-05-17
+### Fixed
+- cli.rb: Fixed typo in critical call
+
+## [0.1.0] - 2016-05-15
+### Added
+- Added flag to ignore namespaces in check-kube-pods-pending
+- check-kube-service-available.rb: Will not mark a service as failed if any needed pod is running and ready
+- check-kube-service-available.rb: Added options to allow of pod pending for given time to be counted as valid
+- Factored all checks to share a common base class for connecting to Kubernetes
+- Added flags to specify certificate authority and Kubernetes bearer token
+- Added flags to specify client certificate/key and in-cluster support
+- Support for Ruby 2.3
+
+### Fixed
+- check-kube-service-available.rb: Fixed scope issue in main block that would cause a nil error
+
+### Changed
+- Update to Rubocop 0.40 and cleanup
+- Update to kubeclient 1.1.3
+
+## 0.0.1 - 2016-03-03
+### Added
+- initial release
+
+[Unreleased]: https://github.com/sensu-plugins/sensu-plugins-kubernetes/compare/0.1.2...HEAD
+[0.1.2]: https://github.com/sensu-plugins/sensu-plugins-kubernetes/compare/0.1.1...0.1.2
+[0.1.1]: https://github.com/sensu-plugins/sensu-plugins-kubernetes/compare/0.1.0...0.1.1
+[0.1.0]: https://github.com/sensu-plugins/sensu-plugins-kubernetes/compare/0.0.1...0.1.0

data/LICENSE

@@ -0,0 +1,22 @@
+The MIT License (MIT)
+
+Copyright (c) 2016 Sensu Community Plugins
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+

data/README.md

@@ -0,0 +1,229 @@
+## Sensu-Plugins-kubernetes
+
+[![Build Status](https://travis-ci.org/sensu-plugins/sensu-plugins-kubernetes.svg?branch=master)](https://travis-ci.org/sensu-plugins/sensu-plugins-kubernetes)
+[![Gem Version](https://badge.fury.io/rb/sensu-plugins-kubernetes.svg)](http://badge.fury.io/rb/sensu-plugins-kubernetes)
+[![Code Climate](https://codeclimate.com/github/sensu-plugins/sensu-plugins-kubernetes/badges/gpa.svg)](https://codeclimate.com/github/sensu-plugins/sensu-plugins-kubernetes)
+[![Test Coverage](https://codeclimate.com/github/sensu-plugins/sensu-plugins-kubernetes/badges/coverage.svg)](https://codeclimate.com/github/sensu-plugins/sensu-plugins-kubernetes)
+[![Dependency Status](https://gemnasium.com/sensu-plugins/sensu-plugins-kubernetes.svg)](https://gemnasium.com/sensu-plugins/sensu-plugins-kubernetes)
+
+## Functionality
+This provides functionality to check node and pod status as well as api and service availability.
+
+## Files
+- bin/check-kube-nodes-ready.rb
+- bin/check-kube-apiserver-available.rb
+- bin/check-kube-pods-pending.rb
+- bin/check-kube-service-available.rb
+- bin/check-kube-pods-runtime.rb
+- bin/check-kube-pods-running.rb
+- bin/check-kube-pods-restarting.rb
+- bin/handler-kube-pod.rb
+- bin/metrics-pods.rb
+
+## Usage
+
+**check-kube-nodes-ready.rb**
+```
+Usage: check-kube-nodes-ready.rb (options)
+        --ca-file CA-FILE            CA file to verify API server cert
+        --cert CERT-FILE             Client cert to present
+        --key KEY-FILE               Client key for the client cert
+        --in-cluster                 Use service account authentication
+    -p, --password PASSWORD          If user is passed, also pass a password
+    -s, --api-server URL             URL to API server
+    -t, --token TOKEN                Bearer token for authorization
+        --token-file TOKEN-FILE      File containing bearer token for authorization
+    -u, --user USER                  User with access to API
+    -v, --api-version VERSION        API version
+```
+
+**check-kube-apiserver-available.rb**
+```
+Usage: check-kube-apiserver-available.rb (options)
+        --ca-file CA-FILE            CA file to verify API server cert
+        --cert CERT-FILE             Client cert to present
+        --key KEY-FILE               Client key for the client cert
+        --in-cluster                 Use service account authentication
+    -p, --password PASSWORD          If user is passed, also pass a password
+    -s, --api-server URL             URL to API server
+    -t, --token TOKEN                Bearer token for authorization
+        --token-file TOKEN-FILE      File containing bearer token for authorization
+    -u, --user USER                  User with access to API
+```
+
+**check-kube-pods-pending.rb**
+```
+Usage: check-kube-pods-pending.rb (options)
+        --ca-file CA-FILE            CA file to verify API server cert
+        --cert CERT-FILE             Client cert to present
+        --key KEY-FILE               Client key for the client cert
+        --in-cluster                 Use service account authentication
+        --password PASSWORD          If user is passed, also pass a password
+    -s, --api-server URL             URL to API server
+        --token TOKEN                Bearer token for authorization
+        --token-file TOKEN-FILE      File containing bearer token for authorization
+    -u, --user USER                  User with access to API
+    -v, --api-version VERSION        API version
+    -n NAMESPACES,                   Exclude the specified list of namespaces
+        --exclude-namespace
+    -t, --timeout TIMEOUT            Threshold for pods to be in the pending state
+    -f, --filter FILTER              Selector filter for pods to be checked
+    -p, --pods PODS                  List of pods to check
+    -r, --restart COUNT              Threshold for number of restarts allowed
+```
+
+**check-kube-service-available.rb**
+```
+Usage: check-kube-service-available.rb (options)
+        --ca-file CA-FILE            CA file to verify API server cert
+        --cert CERT-FILE             Client cert to present
+        --key KEY-FILE               Client key for the client cert
+        --in-cluster                 Use service account authentication
+        --password PASSWORD          If user is passed, also pass a password
+    -s, --api-server URL             URL to API server
+    -t, --token TOKEN                Bearer token for authorization
+        --token-file TOKEN-FILE      File containing bearer token for authorization
+    -u, --user USER                  User with access to API
+    -v, --api-version VERSION        API version
+    -p, --pending SECONDS            Time (in seconds) a pod may be pending for and be valid
+    -l, --list SERVICES              List of services to check (required)
+```
+
+**check-kube-pods-runtime.rb**
+```
+Usage: check-kube-pods-runtime.rb (options)
+        --ca-file CA-FILE            CA file to verify API server cert
+        --cert CERT-FILE             Client cert to present
+        --key KEY-FILE               Client key for the client cert
+        --in-cluster                 Use service account authentication
+        --password PASSWORD          If user is passed, also pass a password
+    -s, --api-server URL             URL to API server
+    -t, --token TOKEN                Bearer token for authorization
+        --token-file TOKEN-FILE      File containing bearer token for authorization
+    -u, --user USER                  User with access to API
+    -v, --api-version VERSION        API version
+    -c, --critical COUNT             Threshold for Pods to be critical
+    -f, --filter FILTER              Selector filter for pods to be checked
+    -p, --pods PODS                  List of pods to check
+    -w, --warn TIMEOUT               Threshold for pods to be in the pending state
+```
+
+**check-kube-pods-running.rb**
+```
+Usage: ./check-kube-pods-running.rb (options)
+        --ca-file CA-FILE            CA file to verify API server cert
+        --cert CERT-FILE             Client cert to present
+        --key KEY-FILE               Client key for the client cert
+        --in-cluster                 Use service account authentication
+        --password PASSWORD          If user is passed, also pass a password
+    -s, --api-server URL             URL to API server
+    -t, --token TOKEN                Bearer token for authorization
+        --token-file TOKEN-FILE      File containing bearer token for authorization
+    -u, --user USER                  User with access to API
+    -v, --api-version VERSION        API version
+    -n NAMESPACES,                   Exclude the specified list of namespaces
+        --exclude-namespace
+    -f, --filter FILTER              Selector filter for pods to be checked
+    -p, --pods PODS                  List of pods to check
+```
+
+**check-kube-pods-restarting.rb**
+
+```
+Usage: ./check-kube-pods-restarting.rb (options)
+        --ca-file CA-FILE            CA file to verify API server cert
+        --cert CERT-FILE             Client cert to present
+        --key KEY-FILE               Client key for the client cert
+        --in-cluster                 Use service account authentication
+        --password PASSWORD          If user is passed, also pass a password
+    -s, --api-server URL             URL to API server
+    -t, --token TOKEN                Bearer token for authorization
+        --token-file TOKEN-FILE      File containing bearer token for authorization
+    -u, --user USER                  User with access to API
+    -v, --api-version VERSION        API version
+    -n NAMESPACES,                   Exclude the specified list of namespaces
+        --exclude-namespace
+    -f, --filter FILTER              Selector filter for pods to be checked
+    -p, --pods PODS                  List of pods to check
+    -r, --restart COUNT              Threshold for number of restarts allowed
+```
+
+**handler-kube-pod.rb**
+```
+Usage: handler-kube-pod.rb (options)
+    -j, --json JSONCONFIG            Configuration name
+```
+
+`JSONCONFIG` defaults to `k8s`.
+
+```
+{
+    "k8s": {
+        "server": "https://kubernetes/",
+        "version": "v1",
+        "incluster": false,
+        "ca_file": "/certs/ca.crt.pem",
+        "client_cert_file": "/certs/client.crt.pem",
+        "client_key_file": "/private/client.key.pem",
+        "username": "alice",
+        "password": "secret",
+        "token": "incomprehensible.token.string",
+        "token_file": "/secret/token"
+    }
+}
+```
+
+**metrics-pods**
+```
+Usage: metrics-pods.rb (options)
+        --ca-file CA-FILE            CA file to verify API server cert
+        --cert CERT-FILE             Client cert to present
+        --key KEY-FILE               Client key for the client cert
+        --in-cluster                 Use service account authentication
+        --password PASSWORD          If user is passed, also pass a password
+        -s, --api-server URL             URL to API server
+        -t, --token TOKEN                Bearer token for authorization
+        --token-file TOKEN-FILE      File containing bearer token for authorization
+        -u, --user USER                  User with access to API
+        -v, --api-version VERSION        API version
+```
+
+`api_server` and `api_version` can still be used for backwards compatibility,
+but `server` and `version` will take precedence.
+
+## Installation
+
+[Installation and Setup](http://sensu-plugins.io/docs/installation_instructions.html)
+
+## Notes
+
+Of the Kubernetes connection options:
+```
+--api-server URL             URL to API server
+--api-version VERSION        API version
+--in-cluster                 Use service account authentication
+--ca-file CA-FILE            CA file to verify API server cert
+--cert CERT-FILE             Client cert to present
+--key KEY-FILE               Client key for the client cert
+--user USER                  User with access to API
+--password PASSWORD          If user is passed, also pass a password
+--token TOKEN                Bearer token for authorization
+--token-file TOKEN-FILE      File containing bearer token for authorization
+```
+Only the API server option is required, however it does default to the `KUBERNETES_MASTER` environment variable, or you can use the in-cluster option. The other options are to be used as needed.
+
+The default API version is `v1`.
+
+The in-cluster option provides defaults for:
+- The server URL, using the `KUBERNETES_SERVICE_HOST` and `KUBERNETES_SERVICE_PORT` environment variables.
+- The API CA file, using the service account CA file if it exists. (`/var/run/secrets/kubernetes.io/serviceaccount/ca.crt`)
+- The API token, using the service account token file. (`/var/run/secrets/kubernetes.io/serviceaccount/token`)
+
+If the Kubernetes API provides a server certificate, it is only validated if a CA file is provided.
+
+The client certificate and client private key are optional, but if one is provided then the other must also be provided.
+
+Only one of the authentication methods (user, token, or token file) can be used.
+For example, using a username and a token, or a token and a token file, will produce an error.
+
+If the 'user' authentication method is used, a password must also be provided.

data/bin/check-kube-apiserver-available.rb

@@ -0,0 +1,56 @@
+#! /usr/bin/env ruby
+#
+#   check-kube-apiserver-available.rb
+#
+# DESCRIPTION:
+# => Check if the Kubernetes API server is up
+#
+# OUTPUT:
+#   plain text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: sensu-plugin
+#   gem: kube-client
+#
+# USAGE:
+# -s, --api-server URL             URL to API server
+#     --in-cluster                 Use service account authentication
+#     --ca-file CA-FILE            CA file to verify API server cert
+#     --cert CERT-FILE             Client cert to present
+#     --key KEY-FILE               Client key for the client cert
+# -u, --user USER                  User with access to API
+# -p, --password PASSWORD          If user is passed, also pass a password
+# -t, --token TOKEN                Bearer token for authorization
+#     --token-file TOKEN-FILE      File containing bearer token for authorization
+#
+# LICENSE:
+#   Kel Cecil <kelcecil@praisechaos.com>
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'sensu-plugins-kubernetes/cli'
+
+class ApiServerIsAvailable < Sensu::Plugins::Kubernetes::CLI
+  @options = Sensu::Plugins::Kubernetes::CLI.options.reject { |k| k == :api_version }
+
+  def run
+    if healthy?
+      ok 'Kubernetes API server is available'
+    end
+    critical 'Kubernetes API server is unavailable'
+  end
+
+  # TODO: replace this method when it's added to kubeclient
+  def healthy?
+    client.handle_exception do
+      client.create_rest_client('/healthz').get(client.headers)
+    end
+    true
+  rescue KubeException
+    false
+  end
+end

data/bin/check-kube-nodes-ready.rb

@@ -0,0 +1,59 @@
+#! /usr/bin/env ruby
+#
+#   check-kube-nodes-ready.rb
+#
+# DESCRIPTION:
+# => Check if the Kubernetes nodes are in a ready to use state
+#
+# OUTPUT:
+#   plain text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: sensu-plugin
+#   gem: kube-client
+#
+# USAGE:
+# -s, --api-server URL             URL to API server
+# -v, --api-version VERSION        API version. Defaults to 'v1'
+#     --in-cluster                 Use service account authentication
+#     --ca-file CA-FILE            CA file to verify API server cert
+#     --cert CERT-FILE             Client cert to present
+#     --key KEY-FILE               Client key for the client cert
+# -u, --user USER                  User with access to API
+# -p, --password PASSWORD          If user is passed, also pass a password
+# -t, --token TOKEN                Bearer token for authorization
+#     --token-file TOKEN-FILE      File containing bearer token for authorization
+#
+# LICENSE:
+#   Kel Cecil <kelcecil@praisechaos.com>
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'sensu-plugins-kubernetes/cli'
+
+class AllNodesAreReady < Sensu::Plugins::Kubernetes::CLI
+  @options = Sensu::Plugins::Kubernetes::CLI.options.dup
+
+  def run
+    failed_nodes = []
+    client.get_nodes.each do |node|
+      item = node.status.conditions.detect { |condition| condition.type == 'Ready' }
+      if item.nil?
+        warning "#{node.name} does not have a status"
+      elsif item.status != 'True'
+        failed_nodes << node.metadata.name
+      end
+    end
+
+    if failed_nodes.empty?
+      ok 'All nodes are reporting as ready'
+    end
+    critical "Nodes are not ready: #{failed_nodes.join(' ')}"
+  rescue KubeException => e
+    critical 'API error: ' << e.message
+  end
+end

data/bin/check-kube-pods-pending.rb

@@ -0,0 +1,116 @@
+#! /usr/bin/env ruby
+#
+#   check-kube-pods-pending
+#
+# DESCRIPTION:
+# => Check if pods are stuck in a pending state or constantly restarting
+#
+# OUTPUT:
+#   plain text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: sensu-plugin
+#   gem: kube-client
+#
+# USAGE:
+# -s, --api-server URL             URL to API server
+# -v, --api-version VERSION        API version. Defaults to 'v1'
+#     --in-cluster                 Use service account authentication
+#     --ca-file CA-FILE            CA file to verify API server cert
+#     --cert CERT-FILE             Client cert to present
+#     --key KEY-FILE               Client key for the client cert
+# -u, --user USER                  User with access to API
+#     --password PASSWORD          If user is passed, also pass a password
+#     --token TOKEN                Bearer token for authorization
+#     --token-file TOKEN-FILE      File containing bearer token for authorization
+# -n NAMESPACES,                   Exclude the specified list of namespaces
+#     --exclude-namespace
+# -t, --timeout TIMEOUT            Threshold for pods to be in the pending state
+# -f, --filter FILTER              Selector filter for pods to be checked
+# -p, --pods PODS                  Optional list of pods to check.
+#                                  Defaults to 'all'
+#
+# NOTES:
+# => The filter used for the -f flag is in the form key=value. If multiple
+#    filters need to be specfied, use a comma. ex. foo=bar,red=color
+#
+# LICENSE:
+#   Barry Martin <nyxcharon@gmail.com>
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'sensu-plugins-kubernetes/cli'
+
+class AllPodsAreReady < Sensu::Plugins::Kubernetes::CLI
+  @options = Sensu::Plugins::Kubernetes::CLI.options.dup
+
+  option :pod_list,
+         description: 'List of pods to check',
+         short: '-p PODS',
+         long: '--pods',
+         default: 'all'
+
+  option :pending_timeout,
+         description: 'Threshold for pods to be in the pending state',
+         short: '-t TIMEOUT',
+         long: '--timeout',
+         proc: proc(&:to_i),
+         default: 300
+
+  option :pod_filter,
+         description: 'Selector filter for pods to be checked',
+         short: '-f FILTER',
+         long: '--filter'
+
+  option :exclude_namespace,
+         description: 'Exclude the specified list of namespaces',
+         short: '-n NAMESPACES',
+         long: '--exclude-namespace',
+         proc: proc { |a| a.split(',') },
+         default: ''
+
+  def run
+    pods_list = []
+    failed_pods = []
+    pods = []
+    if config[:pod_filter].nil?
+      pods_list = parse_list(config[:pod_list])
+      pods = client.get_pods
+    else
+      pods = client.get_pods(label_selector: config[:pod_filter].to_s)
+      if pods.empty?
+        unknown 'The filter specified resulted in 0 pods'
+      end
+      pods_list = ['all']
+    end
+    pods.each do |pod|
+      next if pod.nil?
+      next if config[:exclude_namespace].include?(pod.metadata.namespace)
+      next unless pods_list.include?(pod.metadata.name) || pods_list.include?('all')
+      # Check for pending state
+      next unless pod.status.phase == 'Pending'
+      pod_stamp = Time.parse(pod.metadata.creationTimestamp)
+      puts pod.metadata.name
+      if (Time.now.utc - pod_stamp.utc).to_i > config[:pending_timeout]
+        failed_pods << "#{pod.metadata.namespace}.#{pod.metadata.name}"
+      end
+    end
+    if failed_pods.empty?
+      ok 'All pods are reporting as ready'
+    else
+      critical "Pods exceeded pending threshold: #{failed_pods.join(' ')}"
+    end
+  rescue KubeException => e
+    critical 'API error: ' << e.message
+  end
+
+  def parse_list(list)
+    return list.split(',') if list && list.include?(',')
+    return [list] if list
+    ['']
+  end
+end