From 230ddc756cf8522de6e8e82f72ca96d1040bed12 Mon Sep 17 00:00:00 2001 From: Milica Cvrkota Date: Tue, 30 Jul 2024 15:52:24 +0200 Subject: [PATCH] add ServiceEntries when REGISTRY_ONLY enabled Signed-off-by: Milica Cvrkota --- api/v1/inline_types.go | 4 + api/v1/instanaagent_types.go | 2 + api/v1/instanaagent_types_test.go | 25 +++++++ config/rbac/role.yaml | 7 ++ .../instana_v1_extended_instanaagent.yaml | 4 + controllers/apply.go | 15 +++- controllers/instanaagent_controller.go | 8 ++ controllers/util.go | 53 +++++++++++++ go.mod | 19 +++-- go.sum | 38 ++++++---- main.go | 3 + pkg/k8s/client/client.go | 8 ++ .../agent/serviceentry/serviceentry.go | 75 +++++++++++++++++++ .../builders/common/constants/constants.go | 4 + .../builders/k8s-sensor/rbac/clusterrole.go | 5 ++ 15 files changed, 245 insertions(+), 25 deletions(-) create mode 100644 pkg/k8s/object/builders/agent/serviceentry/serviceentry.go diff --git a/api/v1/inline_types.go b/api/v1/inline_types.go index cc0e9a54..c46585e0 100644 --- a/api/v1/inline_types.go +++ b/api/v1/inline_types.go @@ -270,6 +270,10 @@ type HostSpec struct { type ServiceMeshSpec struct { // +kubebuilder:validation:Optional Enabled bool `json:"enabled,omitempty"` + // +kubebuilder:validation:Optional + Namespace string `json:"namespace,omitempty"` + // +kubebuilder:validation:Optional + Configmap string `json:"configmap,omitempty"` } type Prometheus struct { diff --git a/api/v1/instanaagent_types.go b/api/v1/instanaagent_types.go index e3843f53..27f65637 100644 --- a/api/v1/instanaagent_types.go +++ b/api/v1/instanaagent_types.go @@ -172,6 +172,8 @@ func (in *InstanaAgent) Default() { optional.ValueOrDefault(&in.Spec.K8sSensor.ImageSpec.Tag, "latest") optional.ValueOrDefault(&in.Spec.K8sSensor.ImageSpec.PullPolicy, corev1.PullAlways) optional.ValueOrDefault(&in.Spec.K8sSensor.DeploymentSpec.Replicas, 3) + optional.ValueOrDefault(&in.Spec.ServiceMesh.Namespace, "istio-system") + optional.ValueOrDefault(&in.Spec.ServiceMesh.Configmap, "istio") } // +kubebuilder:object:root=true diff --git a/api/v1/instanaagent_types_test.go b/api/v1/instanaagent_types_test.go index 7b5c4740..96dc3a99 100644 --- a/api/v1/instanaagent_types_test.go +++ b/api/v1/instanaagent_types_test.go @@ -1,3 +1,20 @@ +/* +(c) Copyright IBM Corp. 2024 +(c) Copyright Instana Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + package v1 import ( @@ -51,6 +68,10 @@ func TestInstanaAgent_Default(t *testing.T) { Replicas: 2, }, }, + ServiceMesh: ServiceMeshSpec{ + Namespace: "istio-system", + Configmap: "istio", + }, } tests := []struct { @@ -100,6 +121,10 @@ func TestInstanaAgent_Default(t *testing.T) { Replicas: 3, }, }, + ServiceMesh: ServiceMeshSpec{ + Namespace: "istio-system", + Configmap: "istio", + }, }, }, { diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index ecf4ba8a..2a943635 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -136,6 +136,13 @@ rules: - get - patch - update +- apiGroups: + - networking.istio.io + resources: + - serviceentries + verbs: + - create + - patch - apiGroups: - networking.k8s.io resources: diff --git a/config/samples/instana_v1_extended_instanaagent.yaml b/config/samples/instana_v1_extended_instanaagent.yaml index 24bca628..741ca006 100644 --- a/config/samples/instana_v1_extended_instanaagent.yaml +++ b/config/samples/instana_v1_extended_instanaagent.yaml @@ -96,6 +96,10 @@ spec: # agent.serviceMesh.enabled sets the Instana agent's communication direction with JVMs. # To allow communication to be directed to the agent, set this variable to true. enabled: true + # Namespace where istio is installed. Defaults to istio-system. This may have to be changed for OpenShift ServiceMesh + namespace: istio-system + # ConfigMap for mesh. Defaults to istio. This may have to be changed for OpenShift ServiceMesh + configmap: istio # agent.host.repository sets a host path to be mounted as the agent maven repository (for debugging or development purposes) # host: diff --git a/controllers/apply.go b/controllers/apply.go index 02b5e008..4a5c1082 100644 --- a/controllers/apply.go +++ b/controllers/apply.go @@ -29,6 +29,7 @@ import ( tlssecret "github.com/instana/instana-agent-operator/pkg/k8s/object/builders/agent/secrets/tls-secret" "github.com/instana/instana-agent-operator/pkg/k8s/object/builders/agent/service" agentserviceaccount "github.com/instana/instana-agent-operator/pkg/k8s/object/builders/agent/serviceaccount" + "github.com/instana/instana-agent-operator/pkg/k8s/object/builders/agent/serviceentry" "github.com/instana/instana-agent-operator/pkg/k8s/object/builders/common/builder" k8ssensorconfigmap "github.com/instana/instana-agent-operator/pkg/k8s/object/builders/k8s-sensor/configmap" k8ssensordeployment "github.com/instana/instana-agent-operator/pkg/k8s/object/builders/k8s-sensor/deployment" @@ -64,12 +65,22 @@ func (r *InstanaAgentReconciler) applyResources( ctx context.Context, agent *instanav1.InstanaAgent, isOpenShift bool, + isIstioRegistryOnlyEnabled bool, + nodeIPs []string, operatorUtils operator_utils.OperatorUtils, statusManager status.AgentStatusManager, ) reconcileReturn { log := r.loggerFor(ctx, agent) log.V(1).Info("applying Kubernetes resources for agent") + var serviceEntriesBuilders []builder.ObjectBuilder + + if isIstioRegistryOnlyEnabled { + for _, nodeIP := range nodeIPs { + serviceEntriesBuilders = append(serviceEntriesBuilders, serviceentry.NewServiceEntriesBuilder(agent, nodeIP)) + } + } + builders := append( getDaemonSetBuilders(agent, isOpenShift, statusManager), agentconfigmap.NewConfigMapBuilder(agent, statusManager), @@ -87,7 +98,9 @@ func (r *InstanaAgentReconciler) applyResources( k8ssensorserviceaccount.NewServiceAccountBuilder(agent), ) - if err := operatorUtils.ApplyAll(builders...); err != nil { + mergedBuilders := append(builders, serviceEntriesBuilders...) + + if err := operatorUtils.ApplyAll(mergedBuilders...); err != nil { log.Error(err, "failed to apply kubernetes resources for agent") return reconcileFailure(err) } diff --git a/controllers/instanaagent_controller.go b/controllers/instanaagent_controller.go index de705cc7..c9ea7239 100644 --- a/controllers/instanaagent_controller.go +++ b/controllers/instanaagent_controller.go @@ -123,10 +123,17 @@ func (r *InstanaAgentReconciler) reconcile( return isOpenShiftRes } + isIstioRegistryOnlyEnabled, nodeIPs, isIstioRegistryOnlyEnabledRes := r.getIstioOutboundConfigAndNodeIps(ctx, agent.Spec.ServiceMesh.Namespace, agent.Spec.ServiceMesh.Configmap) + if isIstioRegistryOnlyEnabledRes.suppliesReconcileResult() { + return isIstioRegistryOnlyEnabledRes + } + if applyResourcesRes := r.applyResources( ctx, agent, isOpenShift, + isIstioRegistryOnlyEnabled, + nodeIPs, operatorUtils, statusManager, ); applyResourcesRes.suppliesReconcileResult() { @@ -157,6 +164,7 @@ func (r *InstanaAgentReconciler) reconcile( // +kubebuilder:rbac:groups=apps.openshift.io,resources=deploymentconfigs,verbs=get;list;watch // +kubebuilder:rbac:groups=security.openshift.io,resourceNames=privileged,resources=securitycontextconstraints,verbs=use // +kubebuilder:rbac:groups=policy,resourceNames=instana-agent-k8sensor,resources=podsecuritypolicies,verbs=use +// +kubebuilder:rbac:groups=networking.istio.io,resources=serviceentries,verbs=create;patch func (r *InstanaAgentReconciler) Reconcile(ctx context.Context, req ctrl.Request) ( res ctrl.Result, diff --git a/controllers/util.go b/controllers/util.go index f035eb9f..bb94d01a 100644 --- a/controllers/util.go +++ b/controllers/util.go @@ -19,8 +19,11 @@ package controllers import ( "context" + "strings" "github.com/go-logr/logr" + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/types" logf "sigs.k8s.io/controller-runtime/pkg/log" instanav1 "github.com/instana/instana-agent-operator/api/v1" @@ -42,6 +45,56 @@ func (r *InstanaAgentReconciler) isOpenShift(ctx context.Context, operatorUtils return isOpenShiftRes, reconcileContinue() } +func (r *InstanaAgentReconciler) getIstioOutboundConfigAndNodeIps(ctx context.Context, namespace string, configmap string) ( + bool, + []string, + reconcileReturn, +) { + log := logf.FromContext(ctx) + var nodeIPs []string + + isIstioRegistryOnlyEnabled := r.checkRegistryOnlyMode(ctx, namespace, configmap) + + if isIstioRegistryOnlyEnabled { + nodes, err := r.client.ListNodes(ctx) + if err != nil { + log.Error(err, "could not list nodes for generating ServiceEntries") + } + nodeIPs = getNodeIPs(nodes) + } + + return isIstioRegistryOnlyEnabled, nodeIPs, reconcileContinue() +} + +func (r *InstanaAgentReconciler) checkRegistryOnlyMode(ctx context.Context, namespace string, configmap string) bool { + istioConfigMap := &corev1.ConfigMap{} + err := r.client.Get(ctx, types.NamespacedName{Name: configmap, Namespace: namespace}, istioConfigMap) + if err != nil { + return false + } + if istioConfigMap.Data == nil { + return false + } + meshConfig, ok := istioConfigMap.Data["mesh"] + if !ok { + return false + } + + return strings.Contains(meshConfig, "REGISTRY_ONLY") +} + +func getNodeIPs(nodes *corev1.NodeList) []string { + var nodeIPs []string + for _, node := range nodes.Items { + for _, address := range node.Status.Addresses { + if address.Type == corev1.NodeInternalIP { + nodeIPs = append(nodeIPs, address.Address) + } + } + } + return nodeIPs +} + func (r *InstanaAgentReconciler) loggerFor(ctx context.Context, agent *instanav1.InstanaAgent) logr.Logger { return logf.FromContext(ctx).WithValues( "Generation", diff --git a/go.mod b/go.mod index a390f32e..5b85b873 100644 --- a/go.mod +++ b/go.mod @@ -10,9 +10,10 @@ require ( github.com/pkg/errors v0.9.1 github.com/stretchr/testify v1.8.4 go.uber.org/mock v0.4.0 - golang.org/x/net v0.21.0 + golang.org/x/net v0.22.0 gopkg.in/yaml.v3 v3.0.1 helm.sh/helm/v3 v3.14.2 + istio.io/client-go v1.22.2 k8s.io/api v0.29.2 k8s.io/apimachinery v0.29.2 k8s.io/client-go v0.29.2 @@ -58,7 +59,7 @@ require ( github.com/gobwas/glob v0.2.3 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect - github.com/golang/protobuf v1.5.3 // indirect + github.com/golang/protobuf v1.5.4 // indirect github.com/google/btree v1.0.1 // indirect github.com/google/gnostic-models v0.6.8 // indirect github.com/google/go-cmp v0.6.0 // indirect @@ -126,22 +127,24 @@ require ( go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.26.0 // indirect - golang.org/x/crypto v0.19.0 // indirect + golang.org/x/crypto v0.21.0 // indirect golang.org/x/exp v0.0.0-20240222234643-814bf88cf225 // indirect golang.org/x/oauth2 v0.17.0 // indirect golang.org/x/sync v0.6.0 // indirect - golang.org/x/sys v0.17.0 // indirect - golang.org/x/term v0.17.0 // indirect + golang.org/x/sys v0.18.0 // indirect + golang.org/x/term v0.18.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.5.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/appengine v1.6.8 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect - google.golang.org/grpc v1.58.3 // indirect - google.golang.org/protobuf v1.32.0 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240318140521-94a12d6c2237 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240314234333-6e1732d8331c // indirect + google.golang.org/grpc v1.62.1 // indirect + google.golang.org/protobuf v1.33.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect + istio.io/api v1.22.2-0.20240619002433-8214ad1c7bd7 // indirect k8s.io/apiextensions-apiserver v0.29.2 // indirect k8s.io/apiserver v0.29.2 // indirect k8s.io/cli-runtime v0.29.0 // indirect diff --git a/go.sum b/go.sum index 04fe9fab..ecf3b2f1 100644 --- a/go.sum +++ b/go.sum @@ -164,8 +164,8 @@ github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QD github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= -github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/gomodule/redigo v1.8.2 h1:H5XSIre1MB5NbPYFp+i1NBbb5qN1W8Y8YAQoAYbkm8k= github.com/gomodule/redigo v1.8.2/go.mod h1:P9dn9mFrCBvWhGE1wpxx6fgq7BAeLBk+UUUzlpkBYO0= github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4= @@ -428,8 +428,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= -golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo= -golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= +golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= +golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20240222234643-814bf88cf225 h1:LfspQV/FYTatPTr/3HzIcmiUFH7PGP+OQ6mgDYo3yuQ= golang.org/x/exp v0.0.0-20240222234643-814bf88cf225/go.mod h1:CxmFvTBINI24O/j8iY7H1xHzx2i4OsyguNBmN/uPtqc= @@ -456,8 +456,8 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= -golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4= -golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= +golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc= +golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ= golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA= @@ -495,14 +495,14 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= -golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= -golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U= -golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= +golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= +golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= @@ -537,13 +537,15 @@ google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJ google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d h1:uvYuEyMHKNt+lT4K3bN6fGswmK8qSvcreM3BwjDh+y4= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M= +google.golang.org/genproto/googleapis/api v0.0.0-20240318140521-94a12d6c2237 h1:RFiFrvy37/mpSpdySBDrUdipW/dHwsRwh3J3+A9VgT4= +google.golang.org/genproto/googleapis/api v0.0.0-20240318140521-94a12d6c2237/go.mod h1:Z5Iiy3jtmioajWHDGFk7CeugTyHtPvMHA4UTmUkyalE= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240314234333-6e1732d8331c h1:lfpJ/2rWPa/kJgxyyXM8PrNnfCzcmxJ265mADgwmvLI= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240314234333-6e1732d8331c/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.58.3 h1:BjnpXut1btbtgN/6sp+brB2Kbm2LjNXnidYujAVbSoQ= -google.golang.org/grpc v1.58.3/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0= +google.golang.org/grpc v1.62.1 h1:B4n+nfKzOICUXMgyrNd19h/I9oH0L1pizfk1d4zSgTk= +google.golang.org/grpc v1.62.1/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -555,8 +557,8 @@ google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpAD google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I= -google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= +google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= @@ -582,6 +584,10 @@ helm.sh/helm/v3 v3.14.2 h1:V71fv+NGZv0icBlr+in1MJXuUIHCiPG1hW9gEBISTIA= helm.sh/helm/v3 v3.14.2/go.mod h1:2itvvDv2WSZXTllknfQo6j7u3VVgMAvm8POCDgYH424= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +istio.io/api v1.22.2-0.20240619002433-8214ad1c7bd7 h1:iSnlKJkc4UREFpBnaJLnZv2dtpg5DXUbk0BqTXpa3n0= +istio.io/api v1.22.2-0.20240619002433-8214ad1c7bd7/go.mod h1:S3l8LWqNYS9yT+d4bH+jqzH2lMencPkW7SKM1Cu9EyM= +istio.io/client-go v1.22.2 h1:BiE7itlXFTHpZwOv0t2aZQGga7oCox8lYOdaYbyWNEo= +istio.io/client-go v1.22.2/go.mod h1:Fxt0tVZLXQRKyrBv7uwm4zCZE0qayejG0bSwZy9K6Hg= k8s.io/api v0.29.2 h1:hBC7B9+MU+ptchxEqTNW2DkUosJpp1P+Wn6YncZ474A= k8s.io/api v0.29.2/go.mod h1:sdIaaKuU7P44aoyyLlikSLayT6Vb7bvJNCX105xZXY0= k8s.io/apiextensions-apiserver v0.29.2 h1:UK3xB5lOWSnhaCk0RFZ0LUacPZz9RY4wi/yt2Iu+btg= diff --git a/main.go b/main.go index 1389601c..df4c03de 100644 --- a/main.go +++ b/main.go @@ -12,6 +12,7 @@ import ( "runtime" "strconv" + istionetworking "istio.io/client-go/pkg/apis/networking/v1alpha3" k8sruntime "k8s.io/apimachinery/pkg/runtime" utilruntime "k8s.io/apimachinery/pkg/util/runtime" clientgoscheme "k8s.io/client-go/kubernetes/scheme" @@ -37,6 +38,8 @@ func init() { utilruntime.Must(clientgoscheme.AddToScheme(scheme)) utilruntime.Must(agentoperatorv1.AddToScheme(scheme)) + + utilruntime.Must(istionetworking.AddToScheme(scheme)) // +kubebuilder:scaffold:scheme } diff --git a/pkg/k8s/client/client.go b/pkg/k8s/client/client.go index 25bd4f6c..8db47fb4 100644 --- a/pkg/k8s/client/client.go +++ b/pkg/k8s/client/client.go @@ -31,6 +31,7 @@ import ( "github.com/instana/instana-agent-operator/pkg/multierror" "github.com/instana/instana-agent-operator/pkg/result" + corev1 "k8s.io/api/core/v1" k8sClient "sigs.k8s.io/controller-runtime/pkg/client" ) @@ -52,6 +53,7 @@ type InstanaAgentClient interface { GetAsResult(ctx context.Context, key k8sClient.ObjectKey, obj k8sClient.Object, opts ...k8sClient.GetOption) result.Result[k8sClient.Object] Status() k8sClient.SubResourceWriter Patch(ctx context.Context, obj k8sClient.Object, patch k8sClient.Patch, opts ...k8sClient.PatchOption) error + ListNodes(ctx context.Context) (*corev1.NodeList, error) } type instanaAgentClient struct { @@ -216,3 +218,9 @@ func (c *instanaAgentClient) deleteAllInTimeLimit( return err } } + +func (c *instanaAgentClient) ListNodes(ctx context.Context) (*corev1.NodeList, error) { + nodeList := &corev1.NodeList{} + err := c.k8sClient.List(ctx, nodeList) + return nodeList, err +} diff --git a/pkg/k8s/object/builders/agent/serviceentry/serviceentry.go b/pkg/k8s/object/builders/agent/serviceentry/serviceentry.go new file mode 100644 index 00000000..4466d17e --- /dev/null +++ b/pkg/k8s/object/builders/agent/serviceentry/serviceentry.go @@ -0,0 +1,75 @@ +/* + * (c) Copyright IBM Corp. 2024 + * (c) Copyright Instana Inc. 2024 + */ + +package serviceentry + +import ( + "fmt" + "strings" + + instanav1 "github.com/instana/instana-agent-operator/api/v1" + "github.com/instana/instana-agent-operator/pkg/k8s/object/builders/common/builder" + "github.com/instana/instana-agent-operator/pkg/k8s/object/builders/common/constants" + "github.com/instana/instana-agent-operator/pkg/k8s/object/builders/common/helpers" + "github.com/instana/instana-agent-operator/pkg/optional" + networkingv1alpha3api "istio.io/api/networking/v1alpha3" + networkingv1alpha3 "istio.io/client-go/pkg/apis/networking/v1alpha3" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "sigs.k8s.io/controller-runtime/pkg/client" +) + +const ( + componentName = constants.ComponentInstanaAgent + agentPort = constants.AgentPort +) + +type serviceEntryListBuilder struct { + *instanav1.InstanaAgent + helpers.Helpers + nodeIP string +} + +func (s *serviceEntryListBuilder) Build() builder.OptionalObject { + return optional.Of[client.Object]( + &networkingv1alpha3.ServiceEntry{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "networking.istio.io/v1alpha3", + Kind: "ServiceEntry", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: fmt.Sprintf("%s-worker-%s", componentName, s.nodeIP), + Namespace: s.Namespace, + }, + Spec: networkingv1alpha3api.ServiceEntry{ + Hosts: []string{fmt.Sprintf("%s.%s.%s.svc", s.nodeIP, s.HeadlessServiceName(), s.Namespace)}, + Ports: []*networkingv1alpha3api.ServicePort{ + { + Number: agentPort, + Protocol: "TCP", + Name: "agent", + }, + }, + Resolution: networkingv1alpha3api.ServiceEntry_DNS, + Location: networkingv1alpha3api.ServiceEntry_MESH_EXTERNAL, + }, + }, + ) +} + +func (s *serviceEntryListBuilder) ComponentName() string { + return componentName +} + +func (s *serviceEntryListBuilder) IsNamespaced() bool { + return true +} + +func NewServiceEntriesBuilder(agent *instanav1.InstanaAgent, nodeIP string) builder.ObjectBuilder { + return &serviceEntryListBuilder{ + InstanaAgent: agent, + Helpers: helpers.NewHelpers(agent), + nodeIP: strings.ReplaceAll(nodeIP, ".", "-"), + } +} diff --git a/pkg/k8s/object/builders/common/constants/constants.go b/pkg/k8s/object/builders/common/constants/constants.go index 03f69e65..40c64744 100644 --- a/pkg/k8s/object/builders/common/constants/constants.go +++ b/pkg/k8s/object/builders/common/constants/constants.go @@ -34,3 +34,7 @@ const ( DownloadKey = "downloadKey" BackendKey = "backend" ) + +const ( + AgentPort = 42699 +) diff --git a/pkg/k8s/object/builders/k8s-sensor/rbac/clusterrole.go b/pkg/k8s/object/builders/k8s-sensor/rbac/clusterrole.go index 93e463f1..19c8bde2 100644 --- a/pkg/k8s/object/builders/k8s-sensor/rbac/clusterrole.go +++ b/pkg/k8s/object/builders/k8s-sensor/rbac/clusterrole.go @@ -1,3 +1,8 @@ +/* + * (c) Copyright IBM Corp. 2024 + * (c) Copyright Instana Inc. 2024 + */ + package rbac import (