Refactor project from k8s-aws-ebs-tagger to k8s-pvc-tagger (mtougeron#56)

* Start the rename to k8s-pvc-tagger

* Support new & legacy metric names

* track the storageclass in the metrics

* Update default annotation name

* conditionals to support legacy annotations

* update unit tests

* add a note about the rename

* Clarify the aws-ebs only for legacy annotation support

* only publish to new registry names

* Fix helm chart version since it's been renamed not updated

* dockle bugfix

Author: mtougeron

.github/workflows/containerscan.yml

@@ -6,6 +6,10 @@ on:
   pull_request:
     branches: [ main ]
 
+env:
+  # See https://github.com/goodwithtech/dockle/issues/188
+  DOCKLE_HOST: "unix:///var/run/docker.sock"
+
 jobs:
 
   ContainerScan:
@@ -16,7 +20,7 @@ jobs:
     - name: Set up Go 1.x
       uses: actions/setup-go@v2
       with:
-        go-version: ^1.16
+        go-version: ^1.18
       id: go
 
     - name: Check out code into the Go module directory

.github/workflows/publish.yml

@@ -39,7 +39,7 @@ jobs:
         id: docker_meta
         uses: crazy-max/ghaction-docker-meta@v1
         with:
-          images: ${{ secrets.DOCKER_HUB_USERNAME }}/k8s-aws-ebs-tagger,ghcr.io/${{ github.repository_owner }}/k8s-aws-ebs-tagger
+          images: ${{ secrets.DOCKER_HUB_USERNAME }}/k8s-pvc-tagger,ghcr.io/${{ github.repository_owner }}/k8s-pvc-tagger
       -
         name: Set up QEMU
         uses: docker/setup-qemu-action@v1

Dockerfile

@@ -3,7 +3,7 @@ FROM golang:1.18-alpine AS builder
 ARG VERSION=0.0.1
 ARG TARGETARCH
 
-ENV APP_NAME=k8s-aws-ebs-tagger \
+ENV APP_NAME=k8s-pvc-tagger \
     GO111MODULE=on \
     CGO_ENABLED=0 \
     GOOS=linux \
@@ -32,14 +32,14 @@ WORKDIR /app
 # Copy binary from build to main folder
 RUN cp /build/${APP_NAME} .
 
-RUN addgroup -S k8s-aws-ebs-tagger && adduser -S k8s-aws-ebs-tagger -G k8s-aws-ebs-tagger
+RUN addgroup -S k8s-pvc-tagger && adduser -S k8s-pvc-tagger -G k8s-pvc-tagger
 
 # Build a small image
 FROM scratch
 COPY --from=builder /etc/passwd /etc/passwd
-USER k8s-aws-ebs-tagger
+USER k8s-pvc-tagger
 # https://github.com/aws/aws-sdk-go/issues/2322
 COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
 COPY --from=builder /app/${APP_NAME} /
 
-ENTRYPOINT ["/k8s-aws-ebs-tagger"]
+ENTRYPOINT ["/k8s-pvc-tagger"]

README.md

@@ -1,36 +1,40 @@
-# k8s-aws-ebs-tagger
+# k8s-pvc-tagger
 
-A utility to tag AWS EBS volumes based on the PVC's `aws-ebs-tagger/tags` annotation
+NOTE: This project was originally named `k8s-aws-ebs-tagger` but was renamed to `k8s-pvc-tagger` as the scope has expanded to more than aws ebs volumes.
 
-![Go](https://github.com/mtougeron/k8s-aws-ebs-tagger/workflows/Go/badge.svg) ![Gosec](https://github.com/mtougeron/k8s-aws-ebs-tagger/workflows/Gosec/badge.svg) ![ContainerScan](https://github.com/mtougeron/k8s-aws-ebs-tagger/workflows/ContainerScan/badge.svg) [![GitHub tag](https://img.shields.io/github/v/tag/mtougeron/k8s-aws-ebs-tagger)](https://github.com/mtougeron/k8s-aws-ebs-tagger/tags/)
+A utility to tag PVC volumes based on the PVC's `k8s-pvc-tagger/tags` annotation
 
-The `k8s-aws-ebs-tagger` watches for new PersistentVolumeClaims and when new AWS EBS volumes are created it adds tags based on the PVC's `aws-ebs-tagger/tags` annotation to the created EBS volume.
+![Go](https://github.com/mtougeron/k8s-pvc-tagger/workflows/Go/badge.svg) ![Gosec](https://github.com/mtougeron/k8s-pvc-tagger/workflows/Gosec/badge.svg) ![ContainerScan](https://github.com/mtougeron/k8s-pvc-tagger/workflows/ContainerScan/badge.svg) [![GitHub tag](https://img.shields.io/github/v/tag/mtougeron/k8s-pvc-tagger)](https://github.com/mtougeron/k8s-pvc-tagger/tags/)
+
+The `k8s-pvc-tagger` watches for new PersistentVolumeClaims and when new AWS EBS volumes are created it adds tags based on the PVC's `k8s-pvc-tagger/tags` annotation to the created EBS volume. Other cloud provider and volume times are coming soon.
 
 ### How to set tags
 
 #### cmdline args
 
-`--default-tags` - A json or csv encoded key/value map of the tags to set by default on EBS Volumes. Values can be overwritten by the `aws-ebs-tagger/tags` annotation.
+`--default-tags` - A json or csv encoded key/value map of the tags to set by default on EBS Volumes. Values can be overwritten by the `k8s-pvc-tagger/tags` annotation.
 
-`--tag-format` - Either `json` or `csv` for the format the `aws-ebs-tagger/tags` and `--default-tags` are in.
+`--tag-format` - Either `json` or `csv` for the format the `k8s-pvc-tagger/tags` and `--default-tags` are in.
 
 `--allow-all-tags` - Allow all tags to be set via the PVC; even those used by the EBS controllers. Use with caution!
 
 #### Annotations
 
-`aws-ebs-tagger/ignore` - When this annotation is set (any value) it will ignore this PVC and not add any tags to it
+`k8s-pvc-tagger/ignore` - When this annotation is set (any value) it will ignore this PVC and not add any tags to it
+
+`k8s-pvc-tagger/tags` - A json encoded key/value map of the tags to set on the EBS Volume (in addition to the `--default-tags`). It can also be used to override the values set in the `--default-tags`
 
-`aws-ebs-tagger/tags` - A json encoded key/value map of the tags to set on the EBS Volume (in addition to the `--default-tags`). It can also be used to override the values set in the `--default-tags`
+NOTE: Until version `v1.1.0` the legacy annotation prefix of `aws-ebs-tagger` will continue to be supported for aws-ebs volumes ONLY.
 
 #### Examples
 
 1. The cmdline arg `--default-tags={"me": "touge"}` and no annotation will set the tag `me=touge`
 
-2. The cmdline arg `--default-tags={"me": "touge"}` and the annotation `aws-ebs-tagger/tags: | {"me": "someone else", "another tag": "some value"}` will create the tags `me=someone else` and `another tag=some value` on the EBS Volume
+2. The cmdline arg `--default-tags={"me": "touge"}` and the annotation `k8s-pvc-tagger/tags: | {"me": "someone else", "another tag": "some value"}` will create the tags `me=someone else` and `another tag=some value` on the EBS Volume
 
-3. The cmdline arg `--default-tags={"me": "touge"}` and the annotation `aws-ebs-tagger/ignore: ""` will not set any tags on the EBS Volume
+3. The cmdline arg `--default-tags={"me": "touge"}` and the annotation `k8s-pvc-tagger/ignore: ""` will not set any tags on the EBS Volume
 
-4. The cmdline arg `--default-tags={"me": "touge"}` and the annotation `aws-ebs-tagger/tags: | {"cost-center": "abc", "environment": "prod"}` will create the tags `me=touge`, `cost-center=abc` and `environment=prod` on the EBS Volume
+4. The cmdline arg `--default-tags={"me": "touge"}` and the annotation `k8s-pvc-tagger/tags: | {"cost-center": "abc", "environment": "prod"}` will create the tags `me=touge`, `cost-center=abc` and `environment=prod` on the EBS Volume
 
 #### ignored tags
 
@@ -55,7 +59,7 @@ metadata:
     TeamID: "Frontend"
   annotations:
     CostCenter: "1234"
-    aws-ebs-tagger/tags: |
+    k8s-pvc-tagger/tags: |
       {"Owner": "{{ .Labels.TeamID }}-{{ .Annotations.CostCenter }}"}
 ---
 apiVersion: v1
@@ -64,29 +68,29 @@ metadata:
   name: app-1
   namespace: my-app
   annotations:
-    aws-ebs-tagger/tags: |
+    k8s-pvc-tagger/tags: |
       {"OwnerID": "{{ .Namespace }}/{{ .Name }}"}
 ```
 
 ### Installation
 
 #### AWS IAM Role
 
-You need to create an AWS IAM Role that can be used by `k8s-aws-ebs-tagger`. I recommend using a tool like [kube2iam](https://github.com/jtblin/kube2iam) instead of using an AWS access key/secret. An example policy is in [examples/iam-role.json](examples/iam-role.json).
+You need to create an AWS IAM Role that can be used by `k8s-pvc-tagger`. I recommend using a tool like [kube2iam](https://github.com/jtblin/kube2iam) instead of using an AWS access key/secret. An example policy is in [examples/iam-role.json](examples/iam-role.json).
 
 #### Install via helm
 
 ```
 helm repo add mtougeron https://mtougeron.github.io/helm-charts/
 helm repo update
-helm install k8s-aws-ebs-tagger mtougeron/k8s-aws-ebs-tagger
+helm install k8s-pvc-tagger mtougeron/k8s-pvc-tagger
 ```
 
 #### Container Image
 
-Images are available on the [GitHub Container Registry](https://github.com/users/mtougeron/packages/container/k8s-aws-ebs-tagger/versions) and [DockerHub](https://hub.docker.com/r/mtougeron/k8s-aws-ebs-tagger). Containers are published for `linux/amd64` & `linux/arm64`.
+Images are available on the [GitHub Container Registry](https://github.com/users/mtougeron/packages/container/k8s-pvc-tagger/versions) and [DockerHub](https://hub.docker.com/r/mtougeron/k8s-pvc-tagger). Containers are published for `linux/amd64` & `linux/arm64`.
 
 
 ### Licensing
 
-This project is licensed under the Apache V2 License. See [LICENSE](https://github.com/mtougeron/k8s-aws-ebs-tagger/blob/main/LICENSE) for more information.
+This project is licensed under the Apache V2 License. See [LICENSE](https://github.com/mtougeron/k8s-pvc-tagger/blob/main/LICENSE) for more information.

SECURITY.md

@@ -4,11 +4,11 @@
 
 | Version | Supported          | gosec  |
 | ------- | ------------------ | ------ |
-| latest  | :white_check_mark: | ![Gosec](https://github.com/mtougeron/k8s-aws-ebs-tagger/workflows/Gosec/badge.svg) |
+| latest  | :white_check_mark: | ![Gosec](https://github.com/mtougeron/k8s-pvc-tagger/workflows/Gosec/badge.svg) |
 
 ## Scanning
 
-Security scanning uses [gosec](https://github.com/securego/gosec) via a [GitHub workflow](https://github.com/mtougeron/k8s-aws-ebs-tagger/actions?query=workflow%3AGosec)
+Security scanning uses [gosec](https://github.com/securego/gosec) via a [GitHub workflow](https://github.com/mtougeron/k8s-pvc-tagger/actions?query=workflow%3AGosec)
 
 ## Reporting a Vulnerability
 

aws.go

@@ -90,7 +90,7 @@ func getMetadataRegion() (string, error) {
 	return doc.Region, nil
 }
 
-func (client *Client) addVolumeTags(volumeID string, tags map[string]string) {
+func (client *Client) addVolumeTags(volumeID string, tags map[string]string, storageclass string) {
 	var ec2Tags []*ec2.Tag
 	for k, v := range tags {
 		ec2Tags = append(ec2Tags, &ec2.Tag{Key: aws.String(k), Value: aws.String(v)})
@@ -103,14 +103,16 @@ func (client *Client) addVolumeTags(volumeID string, tags map[string]string) {
 	})
 	if err != nil {
 		log.Errorln("Could not create tags for volumeID:", volumeID, err)
-		promActionsTotal.With(prometheus.Labels{"status": "error"}).Inc()
+		promActionsTotal.With(prometheus.Labels{"status": "error", "storageclass": storageclass}).Inc()
+		promActionsLegacyTotal.With(prometheus.Labels{"status": "error"}).Inc()
 		return
 	}
 
-	promActionsTotal.With(prometheus.Labels{"status": "success"}).Inc()
+	promActionsTotal.With(prometheus.Labels{"status": "success", "storageclass": storageclass}).Inc()
+	promActionsLegacyTotal.With(prometheus.Labels{"status": "success"}).Inc()
 }
 
-func (client *Client) deleteVolumeTags(volumeID string, tags []string) {
+func (client *Client) deleteVolumeTags(volumeID string, tags []string, storageclass string) {
 	var ec2Tags []*ec2.Tag
 	for _, k := range tags {
 		ec2Tags = append(ec2Tags, &ec2.Tag{Key: aws.String(k)})
@@ -123,9 +125,11 @@ func (client *Client) deleteVolumeTags(volumeID string, tags []string) {
 	})
 	if err != nil {
 		log.Errorln("Could not delete tags for volumeID:", volumeID, err)
-		promActionsTotal.With(prometheus.Labels{"status": "error"}).Inc()
+		promActionsTotal.With(prometheus.Labels{"status": "error", "storageclass": storageclass}).Inc()
+		promActionsLegacyTotal.With(prometheus.Labels{"status": "error"}).Inc()
 		return
 	}
 
-	promActionsTotal.With(prometheus.Labels{"status": "success"}).Inc()
+	promActionsTotal.With(prometheus.Labels{"status": "success", "storageclass": storageclass}).Inc()
+	promActionsLegacyTotal.With(prometheus.Labels{"status": "success"}).Inc()
 }

charts/k8s-aws-ebs-tagger/Chart.yaml

@@ -0,0 +1,18 @@
+apiVersion: v2
+name: k8s-pvc-tagger
+description: An app to tag PVC volumes based on a PVC annotation
+home: https://github.com/mtougeron/k8s-pvc-tagger
+type: application
+maintainers:
+  - name: mtougeron
+    email: [email protected]
+keywords:
+  - kubernetes
+  - aws
+  - aws-ebs
+  - persistent-volumes
+sources:
+  - https://github.com/mtougeron/k8s-pvc-tagger
+
+version: 1.0.0
+appVersion: v1.0.0

charts/k8s-aws-ebs-tagger/.helmignore charts/k8s-pvc-tagger/.helmignore

@@ -2,7 +2,7 @@
 {{/*
 Expand the name of the chart.
 */}}
-{{- define "k8s-aws-ebs-tagger.name" -}}
+{{- define "k8s-pvc-tagger.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
@@ -11,7 +11,7 @@ Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
-{{- define "k8s-aws-ebs-tagger.fullname" -}}
+{{- define "k8s-pvc-tagger.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
@@ -27,16 +27,16 @@ If release name contains chart name it will be used as a full name.
 {{/*
 Create chart name and version as used by the chart label.
 */}}
-{{- define "k8s-aws-ebs-tagger.chart" -}}
+{{- define "k8s-pvc-tagger.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
 {{/*
 Common labels
 */}}
-{{- define "k8s-aws-ebs-tagger.labels" -}}
-helm.sh/chart: {{ include "k8s-aws-ebs-tagger.chart" . }}
-{{ include "k8s-aws-ebs-tagger.selectorLabels" . }}
+{{- define "k8s-pvc-tagger.labels" -}}
+helm.sh/chart: {{ include "k8s-pvc-tagger.chart" . }}
+{{ include "k8s-pvc-tagger.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
@@ -46,17 +46,17 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{/*
 Selector labels
 */}}
-{{- define "k8s-aws-ebs-tagger.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "k8s-aws-ebs-tagger.name" . }}
+{{- define "k8s-pvc-tagger.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "k8s-pvc-tagger.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 
 {{/*
 Create the name of the service account to use
 */}}
-{{- define "k8s-aws-ebs-tagger.serviceAccountName" -}}
+{{- define "k8s-pvc-tagger.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
-{{- default (include "k8s-aws-ebs-tagger.fullname" .) .Values.serviceAccount.name }}
+{{- default (include "k8s-pvc-tagger.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}

charts/k8s-pvc-tagger/Chart.yaml

@@ -1,28 +1,28 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ include "k8s-aws-ebs-tagger.fullname" . }}
+  name: {{ include "k8s-pvc-tagger.fullname" . }}
   labels:
-    {{- include "k8s-aws-ebs-tagger.labels" . | nindent 4 }}
+    {{- include "k8s-pvc-tagger.labels" . | nindent 4 }}
 spec:
   replicas: {{ .Values.replicaCount }}
   selector:
     matchLabels:
-      {{- include "k8s-aws-ebs-tagger.selectorLabels" . | nindent 6 }}
+      {{- include "k8s-pvc-tagger.selectorLabels" . | nindent 6 }}
   template:
     metadata:
     {{- with .Values.podAnnotations }}
       annotations:
         {{- toYaml . | nindent 8 }}
     {{- end }}
       labels:
-        {{- include "k8s-aws-ebs-tagger.selectorLabels" . | nindent 8 }}
+        {{- include "k8s-pvc-tagger.selectorLabels" . | nindent 8 }}
     spec:
       {{- with .Values.imagePullSecrets }}
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      serviceAccountName: {{ include "k8s-aws-ebs-tagger.serviceAccountName" . }}
+      serviceAccountName: {{ include "k8s-pvc-tagger.serviceAccountName" . }}
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       containers: