Skip to content
/ athena Public

A service that knows everything about your installation

License

Apache-2.0 license
1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

giantswarm/athena

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

387 Commits
.abs
.abs
 
 
.ats
.ats
 
 
.circleci
.circleci
 
 
.github
.github
 
 
cmd
cmd
 
 
examples
examples
 
 
helm/athena
helm/athena
 
 
internal/config
internal/config
 
 
pkg
pkg
 
 
scripts/gqlgen
scripts/gqlgen
 
 
tests
tests
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
.nancy-ignore
.nancy-ignore
 
 
.nancy-ignore.generated
.nancy-ignore.generated
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
CHANGELOG.md
CHANGELOG.md
 
 
CODEOWNERS
CODEOWNERS
 
 
DCO
DCO
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
Makefile.gen.app.mk
Makefile.gen.app.mk
 
 
Makefile.gen.go.mk
Makefile.gen.go.mk
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
gqlgen.yml
gqlgen.yml
 
 
main.go
main.go
 
 
renovate.json
renovate.json
 
 

Repository files navigation

CircleCI Docker Repository on Quay

Athena

Athena is a service that knows some useful things about your cluster. Its purpose is to provide some non-sensitive data (e. g. the CA certificate of the Kubernetes API, the cluster identifier, the cloud provider) to public clients, so they could easily establish a connection with the Kubernetes API, and identify the cluster that they're talking to.

Athena is typically running in every Giant Swarm management cluster, but is also useful in workload clusters.

Installing in a workload cluster

If Dex is already configured in the workload cluster, Athena can be used to provide OIDC access information to kubectl gs for easy login via SSO.

The app is installed in workload clusters, via our app platform.

Other than the app itself, you will need to provide a values.yaml configuration.

The management cluster name is needed as minimal configuration.

managementCluster:
  name: test

It is also possible to override the api and issuer addresses as well as the cluster name and provider in case it is needed:

managementCluster:
  name: test
clusterID: example
provider:
  kind: aws
kubernetes:
  api:
    address: https://api.test.example.io
oidc:
  issuerAddress: https://dex.test.example.io

Access to athena can be restricted to certain CIDRs.

security:
  subnet:
    customer:
      public: x.x.x.x/x,x.x.x.x/x
      private: x.x.x.x/x
    restrictAccess:
      gsAPI: true

Examples

Athena provides a GraphQL service. You can find example queries in the examples folder. You can execute these in the GraphQL playground app (at the / route).

How to add a new property?

Adding a new query property is relatively simple. We can illustrate this by adding a new party property.

  1. Create a new schema for your new property

pkg/graph/graphql/party.graphql

type Party {
  name: String!
}
  1. Extend the Query by adding your new property to it.

pkg/graph/graphql/party.graphql

type Party {
  name: String!
}
+
+   extend type Query {
+     party: Party!
+   }
  1. Run the code generator
$ go generate ./...
  1. Add your resolver implementation (what to return when that parameter is queried).

pkg/graph/resolver/party.resolvers.go

func (r *queryResolver) Party(ctx context.Context) (*model.Party, error) {
-  	 panic(fmt.Errorf("not implemented"))
+    p := &model.Party{
+		Name: "something",
+	 }
+
+    return p, nil
}
  1. See it in action

You can run the app locally, and execute a query for this in the GraphQL playground app (at the / route).

About

A service that knows everything about your installation

Resources

Readme

License

Apache-2.0 license

Security policy

Security policy
Activity
Custom properties

Stars

1 star

Watchers

9 watching

Forks

1 fork
Report repository

Releases 40

v1.12.4 Latest
Aug 13, 2024
+ 39 releases

Contributors 31

+ 17 contributors

Languages