diff --git a/.github/workflows/common-workflows.yaml b/.github/workflows/common-workflows.yaml index dd02c397a..21b6bd48f 100644 --- a/.github/workflows/common-workflows.yaml +++ b/.github/workflows/common-workflows.yaml @@ -6,7 +6,6 @@ on: branches: ["**"] jobs: - # golang static analysis checks go-static-analysis: uses: dell/common-github-actions/.github/workflows/go-static-analysis.yaml@main diff --git a/api/v1/types.go b/api/v1/types.go index a40d1fb25..f59e230e3 100644 --- a/api/v1/types.go +++ b/api/v1/types.go @@ -355,6 +355,10 @@ type ContainerTemplate struct { // +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Leader Election" LeaderElection bool `json:"leaderElection,omitempty" yaml:"leaderElection,omitempty"` + // OpenTelemetryCollectorAddress is the address of the OTLP receiving endpoint using gRPC + // +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="OpenTelemetry Collector Address of the OTLP endpoint using gRPC" + OpenTelemetryCollectorAddress string `json:"openTelemetryCollectorAddress,omitempty" yaml:"openTelemetryCollectorAddress,omitempty"` + // The interval which the reconcile of each controller is run // +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Controller Reconcile Interval" ControllerReconcileInterval string `json:"controllerReconcileInterval,omitempty" yaml:"controllerReconcileInterval,omitempty"` diff --git a/config/crd/bases/storage.dell.com_apexconnectivityclients.yaml b/config/crd/bases/storage.dell.com_apexconnectivityclients.yaml index 731ee1df1..bec1a964f 100644 --- a/config/crd/bases/storage.dell.com_apexconnectivityclients.yaml +++ b/config/crd/bases/storage.dell.com_apexconnectivityclients.yaml @@ -312,6 +312,11 @@ spec: opaKubeMgmt: description: OpaKubeMgmt is the image tag for the Container type: string + openTelemetryCollectorAddress: + description: + OpenTelemetryCollectorAddress is the address + of the OTLP receiving endpoint using gRPC + type: string privateKey: description: PrivateKey is a private key used for a certificate/private-key @@ -769,6 +774,11 @@ spec: opaKubeMgmt: description: OpaKubeMgmt is the image tag for the Container type: string + openTelemetryCollectorAddress: + description: + OpenTelemetryCollectorAddress is the address + of the OTLP receiving endpoint using gRPC + type: string privateKey: description: PrivateKey is a private key used for a certificate/private-key @@ -1209,6 +1219,11 @@ spec: opaKubeMgmt: description: OpaKubeMgmt is the image tag for the Container type: string + openTelemetryCollectorAddress: + description: + OpenTelemetryCollectorAddress is the address + of the OTLP receiving endpoint using gRPC + type: string privateKey: description: PrivateKey is a private key used for a certificate/private-key diff --git a/config/crd/bases/storage.dell.com_containerstoragemodules.yaml b/config/crd/bases/storage.dell.com_containerstoragemodules.yaml index b7260f29a..012482669 100644 --- a/config/crd/bases/storage.dell.com_containerstoragemodules.yaml +++ b/config/crd/bases/storage.dell.com_containerstoragemodules.yaml @@ -317,6 +317,11 @@ spec: opaKubeMgmt: description: OpaKubeMgmt is the image tag for the Container type: string + openTelemetryCollectorAddress: + description: + OpenTelemetryCollectorAddress is the address + of the OTLP receiving endpoint using gRPC + type: string privateKey: description: PrivateKey is a private key used for a certificate/private-key @@ -755,6 +760,11 @@ spec: opaKubeMgmt: description: OpaKubeMgmt is the image tag for the Container type: string + openTelemetryCollectorAddress: + description: + OpenTelemetryCollectorAddress is the address + of the OTLP receiving endpoint using gRPC + type: string privateKey: description: PrivateKey is a private key used for a certificate/private-key @@ -1220,6 +1230,11 @@ spec: opaKubeMgmt: description: OpaKubeMgmt is the image tag for the Container type: string + openTelemetryCollectorAddress: + description: + OpenTelemetryCollectorAddress is the address + of the OTLP receiving endpoint using gRPC + type: string privateKey: description: PrivateKey is a private key used for a certificate/private-key @@ -1654,6 +1669,11 @@ spec: opaKubeMgmt: description: OpaKubeMgmt is the image tag for the Container type: string + openTelemetryCollectorAddress: + description: + OpenTelemetryCollectorAddress is the address + of the OTLP receiving endpoint using gRPC + type: string privateKey: description: PrivateKey is a private key used for a certificate/private-key @@ -2097,6 +2117,11 @@ spec: opaKubeMgmt: description: OpaKubeMgmt is the image tag for the Container type: string + openTelemetryCollectorAddress: + description: + OpenTelemetryCollectorAddress is the address + of the OTLP receiving endpoint using gRPC + type: string privateKey: description: PrivateKey is a private key used for a certificate/private-key @@ -2568,6 +2593,11 @@ spec: opaKubeMgmt: description: OpaKubeMgmt is the image tag for the Container type: string + openTelemetryCollectorAddress: + description: + OpenTelemetryCollectorAddress is the address + of the OTLP receiving endpoint using gRPC + type: string privateKey: description: PrivateKey is a private key used for a certificate/private-key @@ -3028,6 +3058,11 @@ spec: opaKubeMgmt: description: OpaKubeMgmt is the image tag for the Container type: string + openTelemetryCollectorAddress: + description: + OpenTelemetryCollectorAddress is the address + of the OTLP receiving endpoint using gRPC + type: string privateKey: description: PrivateKey is a private key used for a certificate/private-key diff --git a/deploy/crds/storage.dell.com.crds.all.yaml b/deploy/crds/storage.dell.com.crds.all.yaml index 71330267a..7fe41c528 100644 --- a/deploy/crds/storage.dell.com.crds.all.yaml +++ b/deploy/crds/storage.dell.com.crds.all.yaml @@ -251,6 +251,9 @@ spec: opaKubeMgmt: description: OpaKubeMgmt is the image tag for the Container type: string + openTelemetryCollectorAddress: + description: OpenTelemetryCollectorAddress is the address of the OTLP receiving endpoint using gRPC + type: string privateKey: description: PrivateKey is a private key used for a certificate/private-key pair type: string @@ -602,6 +605,9 @@ spec: opaKubeMgmt: description: OpaKubeMgmt is the image tag for the Container type: string + openTelemetryCollectorAddress: + description: OpenTelemetryCollectorAddress is the address of the OTLP receiving endpoint using gRPC + type: string privateKey: description: PrivateKey is a private key used for a certificate/private-key pair type: string @@ -942,6 +948,9 @@ spec: opaKubeMgmt: description: OpaKubeMgmt is the image tag for the Container type: string + openTelemetryCollectorAddress: + description: OpenTelemetryCollectorAddress is the address of the OTLP receiving endpoint using gRPC + type: string privateKey: description: PrivateKey is a private key used for a certificate/private-key pair type: string @@ -1372,6 +1381,9 @@ spec: opaKubeMgmt: description: OpaKubeMgmt is the image tag for the Container type: string + openTelemetryCollectorAddress: + description: OpenTelemetryCollectorAddress is the address of the OTLP receiving endpoint using gRPC + type: string privateKey: description: PrivateKey is a private key used for a certificate/private-key pair type: string @@ -1712,6 +1724,9 @@ spec: opaKubeMgmt: description: OpaKubeMgmt is the image tag for the Container type: string + openTelemetryCollectorAddress: + description: OpenTelemetryCollectorAddress is the address of the OTLP receiving endpoint using gRPC + type: string privateKey: description: PrivateKey is a private key used for a certificate/private-key pair type: string @@ -2071,6 +2086,9 @@ spec: opaKubeMgmt: description: OpaKubeMgmt is the image tag for the Container type: string + openTelemetryCollectorAddress: + description: OpenTelemetryCollectorAddress is the address of the OTLP receiving endpoint using gRPC + type: string privateKey: description: PrivateKey is a private key used for a certificate/private-key pair type: string @@ -2409,6 +2427,9 @@ spec: opaKubeMgmt: description: OpaKubeMgmt is the image tag for the Container type: string + openTelemetryCollectorAddress: + description: OpenTelemetryCollectorAddress is the address of the OTLP receiving endpoint using gRPC + type: string privateKey: description: PrivateKey is a private key used for a certificate/private-key pair type: string @@ -2752,6 +2773,9 @@ spec: opaKubeMgmt: description: OpaKubeMgmt is the image tag for the Container type: string + openTelemetryCollectorAddress: + description: OpenTelemetryCollectorAddress is the address of the OTLP receiving endpoint using gRPC + type: string privateKey: description: PrivateKey is a private key used for a certificate/private-key pair type: string @@ -3116,6 +3140,9 @@ spec: opaKubeMgmt: description: OpaKubeMgmt is the image tag for the Container type: string + openTelemetryCollectorAddress: + description: OpenTelemetryCollectorAddress is the address of the OTLP receiving endpoint using gRPC + type: string privateKey: description: PrivateKey is a private key used for a certificate/private-key pair type: string @@ -3465,6 +3492,9 @@ spec: opaKubeMgmt: description: OpaKubeMgmt is the image tag for the Container type: string + openTelemetryCollectorAddress: + description: OpenTelemetryCollectorAddress is the address of the OTLP receiving endpoint using gRPC + type: string privateKey: description: PrivateKey is a private key used for a certificate/private-key pair type: string diff --git a/deploy/operator.yaml b/deploy/operator.yaml index 608ce18b8..f8504c88b 100644 --- a/deploy/operator.yaml +++ b/deploy/operator.yaml @@ -1357,7 +1357,7 @@ spec: - name: RELATED_IMAGE_karavi-authorization-proxy value: docker.io/dellemc/csm-authorization-sidecar:v1.12.0 - name: RELATED_IMAGE_dell-csi-replicator - value: docker.io/dellemc/dell-csi-replicator:v1.10.0 + value: docker.io/dellemc/dell-csi-replicator:v1.12.0 - name: RELATED_IMAGE_dell-replication-controller-manager value: docker.io/dellemc/dell-replication-controller:v1.10.0 - name: RELATED_IMAGE_topology @@ -1392,7 +1392,7 @@ spec: value: docker.io/dellemc/connectivity-client-docker-k8s:1.19.0 - name: RELATED_IMAGE_cert-persister value: docker.io/dellemc/connectivity-cert-persister-k8s:0.11.0 - image: docker.io/dellemc/dell-csm-operator:v1.7.0 + image: amaas-eos-mw1.cec.lab.emc.com:5046/dell-csm-operator:aaron imagePullPolicy: Always livenessProbe: httpGet: diff --git a/operatorconfig/moduleconfig/authorization/v2.0.0/deployment.yaml b/operatorconfig/moduleconfig/authorization/v2.0.0/deployment.yaml index 294c63e97..62351ad44 100644 --- a/operatorconfig/moduleconfig/authorization/v2.0.0/deployment.yaml +++ b/operatorconfig/moduleconfig/authorization/v2.0.0/deployment.yaml @@ -329,6 +329,9 @@ spec: - port: 50051 targetPort: 50051 name: grpc + - port: 2112 + targetPort: 2112 + name: promhttp --- apiVersion: cert-manager.io/v1 kind: Issuer diff --git a/pkg/modules/authorization.go b/pkg/modules/authorization.go index 1000201a6..69b7e6a98 100644 --- a/pkg/modules/authorization.go +++ b/pkg/modules/authorization.go @@ -757,12 +757,14 @@ func authorizationStorageServiceV2(ctx context.Context, isDeleting bool, cr csmv image := "" vaults := []csmv1.Vault{} leaderElection := true + otelCollector := "" for _, component := range authModule.Components { switch component.Name { case AuthProxyServerComponent: replicas = component.StorageServiceReplicas image = component.StorageService leaderElection = component.LeaderElection + otelCollector = component.OpenTelemetryCollectorAddress case AuthRedisComponent: var sentinelValues []string for i := 0; i < component.RedisReplicas; i++ { @@ -871,6 +873,11 @@ func authorizationStorageServiceV2(ctx context.Context, isDeleting bool, cr csmv "--redis-password=$(REDIS_PASSWORD)", fmt.Sprintf("--leader-election=%t", leaderElection), } + + // if the config version is greater than v2.0.0-alpha, add the collector-address arg + if semver.Compare(authModule.ConfigVersion, "v2.0.0-alpha") == 1 { + args = append(args, fmt.Sprintf("--collector-address=%s", otelCollector)) + } args = append(args, vaultArgs...) for i, c := range deployment.Spec.Template.Spec.Containers { @@ -880,6 +887,22 @@ func authorizationStorageServiceV2(ctx context.Context, isDeleting bool, cr csmv } } + // if the config version is greater than v2.0.0-alpha, set promhttp container port + if semver.Compare(authModule.ConfigVersion, "v2.0.0-alpha") == 1 { + for i, c := range deployment.Spec.Template.Spec.Containers { + if c.Name == "storage-service" { + deployment.Spec.Template.Spec.Containers[i].Ports = append(deployment.Spec.Template.Spec.Containers[i].Ports, + corev1.ContainerPort{ + Name: "promhttp", + Protocol: "TCP", + ContainerPort: 2112, + }, + ) + break + } + } + } + deploymentBytes, err := json.Marshal(&deployment) if err != nil { return fmt.Errorf("marshalling storage-service deployment: %w", err) diff --git a/pkg/modules/authorization_test.go b/pkg/modules/authorization_test.go index effe387fc..209d55ef6 100644 --- a/pkg/modules/authorization_test.go +++ b/pkg/modules/authorization_test.go @@ -777,6 +777,49 @@ func TestAuthorizationKubeMgmtPolicies(t *testing.T) { } } +func TestAuthorizationOpenTelemetry(t *testing.T) { + cr, err := getCustomResource("./testdata/cr_auth_proxy_v2.0.0.yaml") + if err != nil { + t.Fatal(err) + } + + certmanagerv1.AddToScheme(scheme.Scheme) + sourceClient := ctrlClientFake.NewClientBuilder().WithObjects().Build() + + err = AuthorizationServerDeployment(context.TODO(), false, operatorConfig, cr, sourceClient) + if err != nil { + t.Fatal(err) + } + + storageService := &appsv1.Deployment{} + err = sourceClient.Get(context.Background(), types.NamespacedName{Name: "storage-service", Namespace: "authorization"}, storageService) + if err != nil { + t.Fatal(err) + } + + argFound := false + for _, container := range storageService.Spec.Template.Spec.Containers { + if container.Name == "storage-service" { + for _, arg := range container.Args { + if strings.Contains(arg, "--collector-address") { + argFound = true + if arg != "--collector-address=otel-collector:8889" { + t.Fatalf("expected --collector-address=otel-collector:8889, got %s", arg) + } + break + } + } + } + if argFound { + break + } + } + + if !argFound { + t.Fatalf("expected --collector-address=otel-collector:8889, got none") + } +} + func TestAuthorizationStorageServiceVault(t *testing.T) { vault0Identifier := "vault0" vault0Arg := "--vault=vault0,https://10.0.0.1:8400,csm-authorization,true" diff --git a/pkg/modules/testdata/cr_auth_proxy_v2.0.0.yaml b/pkg/modules/testdata/cr_auth_proxy_v2.0.0.yaml new file mode 100644 index 000000000..51520a9df --- /dev/null +++ b/pkg/modules/testdata/cr_auth_proxy_v2.0.0.yaml @@ -0,0 +1,104 @@ +apiVersion: storage.dell.com/v1 +kind: ContainerStorageModule +metadata: + name: authorization + namespace: authorization +spec: + modules: + # Authorization: enable csm-authorization proxy server for RBAC + - name: authorization-proxy-server + # enable: Enable/Disable csm-authorization + enabled: true + configVersion: v2.0.0 + forceRemoveModule: true + components: + # For Kubernetes Container Platform only + # enabled: Enable/Disable NGINX Ingress Controller + # Allowed values: + # true: enable deployment of NGINX Ingress Controller + # false: disable deployment of NGINX Ingress Controller only if you have your own ingress controller. Set the appropriate annotations for the ingresses in the proxy-server section + # Default value: true + - name: nginx + enabled: true + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: true + - name: cert-manager + enabled: true + - name: proxy-server + # enable: Enable/Disable csm-authorization proxy server + enabled: true + proxyService: dellemc/csm-authorization-proxy:v2.0.0-alpha + tenantService: dellemc/csm-authorization-tenant:v2.0.0-alpha + roleService: dellemc/csm-authorization-role:v2.0.0-alpha + storageService: dellemc/csm-authorization-storage:v2.0.0-alpha + opa: openpolicyagent/opa + opaKubeMgmt: openpolicyagent/kube-mgmt:0.11 + # controllerReconcileInterval: interval for the authorization controllers to reconcile with Redis. + controllerReconcileInterval: 5m + # certificate: base64-encoded certificate for cert/private-key pair -- add certificate here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" + # proxy-server ingress will use this hostname + # NOTE: an additional hostname can be configured in proxyServerIngress.hosts + # NOTE: proxy-server ingress is configured to accept IP address connections so hostnames are not required + hostname: "csm-authorization.com" + # proxy-server ingress configuration + proxyServerIngress: + - ingressClassName: nginx + # additional host rules for the proxy-server ingress + hosts: + - authorization-ingress-nginx-controller.authorization.svc.cluster.local + # additional annotations for the proxy-server ingress + annotations: {} + # openTelemetryCollectorAddress: the OTLP receiving endpoint using gRPC + openTelemetryCollectorAddress: "otel-collector:8889" + - name: redis + redis: redis:6.0.8-alpine + commander: rediscommander/redis-commander:latest + redisName: redis-csm + redisCommander: rediscommander + sentinel: sentinel + redisReplicas: 5 + # by default, csm-authorization will deploy a local (https://kubernetes.io/docs/concepts/storage/storage-classes/#local) volume for redis + # to use a different storage class for redis, specify the name of the storage class + # NOTE: the storage class must NOT be a storage class provisioned by a CSI driver using this installation of CSM Authorization + # Default value: None + storageclass: "local-storage" + - name: vault + vaultConfigurations: + - identifier: vault0 + address: https://10.0.0.1:8400 + role: csm-authorization + skipCertificateValidation: true + # clientCertificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + clientCertificate: "" + # clientKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + clientKey: "" + # certificateAuthority: base64-encoded certificate authority for validating vault server certificate -- add certificate authority here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificateAuthority: "" + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: csm-config-params + namespace: authorization +data: + csm-config-params.yaml: |- + CONCURRENT_POWERFLEX_REQUESTS: 10 + LOG_LEVEL: debug + STORAGE_CAPACITY_POLL_INTERVAL: 5m diff --git a/samples/authorization/csm_authorization_proxy_server_v200.yaml b/samples/authorization/csm_authorization_proxy_server_v200.yaml index 4833a9c77..807fe1a63 100644 --- a/samples/authorization/csm_authorization_proxy_server_v200.yaml +++ b/samples/authorization/csm_authorization_proxy_server_v200.yaml @@ -66,6 +66,8 @@ spec: # additional annotations for the proxy-server ingress annotations: {} + # openTelemetryCollectorAddress: the OTLP receiving endpoint using gRPC + openTelemetryCollectorAddress: "" - name: redis redis: redis:7.4.0-alpine commander: rediscommander/redis-commander:latest