From 50724b4dacf5a1a43e563041da36379aa8b27903 Mon Sep 17 00:00:00 2001 From: ZachRobinson Date: Fri, 10 Mar 2023 11:55:22 -0600 Subject: [PATCH 1/5] add k8s_sensor to spec Signed-off-by: ZachRobinson --- api/v1/inline_types.go | 7 +++ api/v1/instanaagent_types.go | 3 ++ api/v1/zz_generated.deepcopy.go | 17 ++++++ bundle/manifests/instana.io_agents.yaml | 71 +++++++++++++++++++++++++ config/crd/bases/instana.io_agents.yaml | 71 +++++++++++++++++++++++++ 5 files changed, 169 insertions(+) diff --git a/api/v1/inline_types.go b/api/v1/inline_types.go index aefb9f21..17284d7a 100644 --- a/api/v1/inline_types.go +++ b/api/v1/inline_types.go @@ -258,6 +258,13 @@ type KubernetesSpec struct { DeploymentSpec KubernetesDeploymentSpec `json:"deployment,omitempty"` } +type K8sSpec struct { + // +kubebuilder:validation:Optional + DeploymentSpec KubernetesDeploymentSpec `json:"deployment,omitempty"` + // +kubebuilder:validation:Optional + ImageSpec ImageSpec `json:"image,omitempty"` +} + type KubernetesDeploymentSpec struct { // Specify if separate deployment of the Kubernetes Sensor should be enabled. Enabled `json:",inline"` diff --git a/api/v1/instanaagent_types.go b/api/v1/instanaagent_types.go index e7ae5ef4..0fdf0f0f 100644 --- a/api/v1/instanaagent_types.go +++ b/api/v1/instanaagent_types.go @@ -61,6 +61,9 @@ type InstanaAgentSpec struct { // +kubebuilder:validation:Optional KubernetesSpec `json:"kubernetes,omitempty"` + // +kubebuilder:validation:Optional + K8sSensor K8sSpec `json:"k8s_sensor,omitempty"` + // Specifying the PinnedChartVersion allows for 'pinning' the Helm Chart used by the Operator for installing the Agent // DaemonSet. Normally the Operator will always install and update to the latest Helm Chart version. // The Operator will check and make sure no 'unsupported' Chart versions can be selected. diff --git a/api/v1/zz_generated.deepcopy.go b/api/v1/zz_generated.deepcopy.go index 2a8e153b..9aaf938d 100644 --- a/api/v1/zz_generated.deepcopy.go +++ b/api/v1/zz_generated.deepcopy.go @@ -320,6 +320,23 @@ func (in *InstanaAgentStatus) DeepCopy() *InstanaAgentStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *K8sSpec) DeepCopyInto(out *K8sSpec) { + *out = *in + in.DeploymentSpec.DeepCopyInto(&out.DeploymentSpec) + in.ImageSpec.DeepCopyInto(&out.ImageSpec) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new K8sSpec. +func (in *K8sSpec) DeepCopy() *K8sSpec { + if in == nil { + return nil + } + out := new(K8sSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *KubernetesDeploymentSpec) DeepCopyInto(out *KubernetesDeploymentSpec) { *out = *in diff --git a/bundle/manifests/instana.io_agents.yaml b/bundle/manifests/instana.io_agents.yaml index c6d5735d..9a38862e 100644 --- a/bundle/manifests/instana.io_agents.yaml +++ b/bundle/manifests/instana.io_agents.yaml @@ -1351,6 +1351,77 @@ spec: additionalProperties: type: string type: object + k8s_sensor: + properties: + deployment: + properties: + enabled: + type: boolean + pod: + description: Override pod resource requirements for the Kubernetes + Sensor pods. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + replicas: + description: Specify the number of replicas for the Kubernetes + Sensor. + type: integer + type: object + image: + properties: + digest: + description: Digest (a.k.a. Image ID) of the agent container + image. If specified, it has priority over `agent.image.tag`, + which will then be ignored. + type: string + name: + description: Name is the name of the container image of the + Instana agent. + type: string + pullPolicy: + description: PullPolicy specifies when to pull the image container. + type: string + pullSecrets: + description: PullSecrets allows you to override the default + pull secret that is created when `agent.image.name` starts + with "containers.instana.io". Setting `agent.image.pullSecrets` + prevents the creation of the default "containers-instana-io" + secret. + items: + properties: + name: + type: string + type: object + type: array + tag: + description: Tag is the name of the agent container image; + if `agent.image.digest` is specified, this property is ignored. + type: string + type: object + type: object kubernetes: description: Allows for installment of the Kubernetes Sensor as separate pod. Which allows for better tailored resource settings (mainly diff --git a/config/crd/bases/instana.io_agents.yaml b/config/crd/bases/instana.io_agents.yaml index 1de9f128..171c11ac 100644 --- a/config/crd/bases/instana.io_agents.yaml +++ b/config/crd/bases/instana.io_agents.yaml @@ -1351,6 +1351,77 @@ spec: additionalProperties: type: string type: object + k8s_sensor: + properties: + deployment: + properties: + enabled: + type: boolean + pod: + description: Override pod resource requirements for the Kubernetes + Sensor pods. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + replicas: + description: Specify the number of replicas for the Kubernetes + Sensor. + type: integer + type: object + image: + properties: + digest: + description: Digest (a.k.a. Image ID) of the agent container + image. If specified, it has priority over `agent.image.tag`, + which will then be ignored. + type: string + name: + description: Name is the name of the container image of the + Instana agent. + type: string + pullPolicy: + description: PullPolicy specifies when to pull the image container. + type: string + pullSecrets: + description: PullSecrets allows you to override the default + pull secret that is created when `agent.image.name` starts + with "containers.instana.io". Setting `agent.image.pullSecrets` + prevents the creation of the default "containers-instana-io" + secret. + items: + properties: + name: + type: string + type: object + type: array + tag: + description: Tag is the name of the agent container image; + if `agent.image.digest` is specified, this property is ignored. + type: string + type: object + type: object kubernetes: description: Allows for installment of the Kubernetes Sensor as separate pod. Which allows for better tailored resource settings (mainly From 4e29ccd2e2af44deb21276468c41e1f463f3c445 Mon Sep 17 00:00:00 2001 From: ZachRobinson Date: Fri, 10 Mar 2023 12:02:14 -0600 Subject: [PATCH 2/5] don't add ownerrefs to k8s_sensor role/rolebinding (why are we adding ownerRefs to anything if we are using helm!?) Signed-off-by: ZachRobinson --- controllers/reconciliation/helm/post_renderer.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/controllers/reconciliation/helm/post_renderer.go b/controllers/reconciliation/helm/post_renderer.go index f8ef7300..45577304 100644 --- a/controllers/reconciliation/helm/post_renderer.go +++ b/controllers/reconciliation/helm/post_renderer.go @@ -66,7 +66,7 @@ func (p *AgentChartPostRenderer) Run(in *bytes.Buffer) (*bytes.Buffer, error) { p.log.V(1).Info("Removing leader-elector sidecar from DaemonSet was successful") } - if !(r.ObjectName() == "clusterroles/instana-agent" || r.ObjectName() == "clusterrolebindings/instana-agent") { + if !(r.ObjectName() == "clusterroles/instana-agent" || r.ObjectName() == "clusterrolebindings/instana-agent" || r.ObjectName() == "clusterroles/k8sensor" || r.ObjectName() == "clusterrolebindings/k8sensor") { if err := controllerutil.SetControllerReference(p.crdInstance, modifiedResource, p.scheme); err != nil { return err } From 57db31f6f656a0f739a4b935f8cf1feec01dc873 Mon Sep 17 00:00:00 2001 From: ZachRobinson Date: Wed, 22 Mar 2023 10:09:34 -0500 Subject: [PATCH 3/5] don't run leader election if k8s sensor is deployed Signed-off-by: ZachRobinson --- controllers/instanaagent_controller.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/controllers/instanaagent_controller.go b/controllers/instanaagent_controller.go index ba6bab58..7546ef75 100644 --- a/controllers/instanaagent_controller.go +++ b/controllers/instanaagent_controller.go @@ -125,11 +125,11 @@ type InstanaAgentReconciler struct { leaderElector *leaderelection.LeaderElector } -//+kubebuilder:rbac:groups=agents.instana.io,resources=instanaagent,verbs=get;list;watch;create;update;patch;delete -//+kubebuilder:rbac:groups=apps,resources=daemonsets,verbs=get;list;watch;create;update;patch;delete -//+kubebuilder:rbac:groups=core,resources=pods;secrets;configmaps;services;serviceaccounts,verbs=get;list;watch;create;update;patch;delete -//+kubebuilder:rbac:groups=agents.instana.io,resources=instanaagent/status,verbs=get;update;patch -//+kubebuilder:rbac:groups=agents.instana.io,resources=instanaagent/finalizers,verbs=update +// +kubebuilder:rbac:groups=agents.instana.io,resources=instanaagent,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=apps,resources=daemonsets,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=core,resources=pods;secrets;configmaps;services;serviceaccounts,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=agents.instana.io,resources=instanaagent/status,verbs=get;update;patch +// +kubebuilder:rbac:groups=agents.instana.io,resources=instanaagent/finalizers,verbs=update func (r *InstanaAgentReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { log := r.log.WithValues("namespace", req.Namespace, "name", req.Name) log.Info("Reconciling Instana Agent") @@ -224,7 +224,7 @@ func (r *InstanaAgentReconciler) Reconcile(ctx context.Context, req ctrl.Request } // First try to start Leader Election Coordination so to return error if we cannot get it started - if r.leaderElector == nil || !r.leaderElector.IsLeaderElectionScheduled() { + if (r.leaderElector == nil || !r.leaderElector.IsLeaderElectionScheduled()) && !crdInstance.Spec.K8sSensor.DeploymentSpec.Enabled.Enabled { if r.leaderElector != nil { // As we'll replace the Leader Elector instance make sure to properly clean up old one r.leaderElector.CancelLeaderElection() From 612f3fa4dab0eed321cc894f4bdf2c9d0d85867e Mon Sep 17 00:00:00 2001 From: ZachRobinson Date: Wed, 22 Mar 2023 10:13:32 -0500 Subject: [PATCH 4/5] cancel when k8s sensor is turned on Signed-off-by: ZachRobinson --- controllers/instanaagent_controller.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/controllers/instanaagent_controller.go b/controllers/instanaagent_controller.go index 7546ef75..3c63ae4a 100644 --- a/controllers/instanaagent_controller.go +++ b/controllers/instanaagent_controller.go @@ -224,7 +224,11 @@ func (r *InstanaAgentReconciler) Reconcile(ctx context.Context, req ctrl.Request } // First try to start Leader Election Coordination so to return error if we cannot get it started - if (r.leaderElector == nil || !r.leaderElector.IsLeaderElectionScheduled()) && !crdInstance.Spec.K8sSensor.DeploymentSpec.Enabled.Enabled { + if crdInstance.Spec.K8sSensor.DeploymentSpec.Enabled.Enabled { + if r.leaderElector != nil { + r.leaderElector.CancelLeaderElection() + } + } else if r.leaderElector == nil || !r.leaderElector.IsLeaderElectionScheduled() { if r.leaderElector != nil { // As we'll replace the Leader Elector instance make sure to properly clean up old one r.leaderElector.CancelLeaderElection() From b71283be8885b50d12da8f2a5fece2b258b0894a Mon Sep 17 00:00:00 2001 From: ZachRobinson Date: Wed, 22 Mar 2023 10:14:35 -0500 Subject: [PATCH 5/5] regen Signed-off-by: ZachRobinson --- api/v1/zz_generated.deepcopy.go | 1 + 1 file changed, 1 insertion(+) diff --git a/api/v1/zz_generated.deepcopy.go b/api/v1/zz_generated.deepcopy.go index 9aaf938d..48215d5e 100644 --- a/api/v1/zz_generated.deepcopy.go +++ b/api/v1/zz_generated.deepcopy.go @@ -265,6 +265,7 @@ func (in *InstanaAgentSpec) DeepCopyInto(out *InstanaAgentSpec) { out.ServiceAccountSpec = in.ServiceAccountSpec out.PodSecurityPolicySpec = in.PodSecurityPolicySpec in.KubernetesSpec.DeepCopyInto(&out.KubernetesSpec) + in.K8sSensor.DeepCopyInto(&out.K8sSensor) if in.ConfigurationFiles != nil { in, out := &in.ConfigurationFiles, &out.ConfigurationFiles *out = make(map[string]string, len(*in))