Add ingress options (#1128)

* add ingress name generation function Signed-off-by: Benedikt Bongartz <bongartz@klimlive.de> * extend otelcol crd with minimalistic ingress options Signed-off-by: Benedikt Bongartz <bongartz@klimlive.de> * support collector ingress reconciling Signed-off-by: Benedikt Bongartz <bongartz@klimlive.de> * register ingress reconciler Signed-off-by: Benedikt Bongartz <bongartz@klimlive.de> * grant permission to create, modify and delete ingress entries Signed-off-by: Benedikt Bongartz <bongartz@klimlive.de> * add ingress integration tests Signed-off-by: Benedikt Bongartz <bongartz@klimlive.de> * verify if collector mode is compatible with ingress settings Signed-off-by: Benedikt Bongartz <bongartz@klimlive.de> * create dedicated ingress type Signed-off-by: Benedikt Bongartz <bongartz@klimlive.de> * follow recommendations Signed-off-by: Benedikt Bongartz <bongartz@klimlive.de> * regenerate Signed-off-by: Benedikt Bongartz <bongartz@klimlive.de> Signed-off-by: Benedikt Bongartz <bongartz@klimlive.de>
open-telemetry · Oct 11, 2022 · 8783fe1 · 8783fe1
1 parent c166e87
commit 8783fe1
Show file tree

Hide file tree

Showing 17 changed files with 925 additions and 0 deletions.
diff --git a/apis/v1alpha1/ingress_type.go b/apis/v1alpha1/ingress_type.go
@@ -0,0 +1,26 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package v1alpha1
+
+type (
+	// IngressType represents how a collector should be exposed (ingress vs route).
+	// +kubebuilder:validation:Enum=ingress
+	IngressType string
+)
+
+const (
+	// IngressTypeNginx specifies that an ingress entry should be created.
+	IngressTypeNginx IngressType = "ingress"
+)
diff --git a/apis/v1alpha1/opentelemetrycollector_types.go b/apis/v1alpha1/opentelemetrycollector_types.go
@@ -17,9 +17,32 @@ package v1alpha1
 import (
 	autoscalingv2 "k8s.io/api/autoscaling/v2"
 	v1 "k8s.io/api/core/v1"
+	networkingv1 "k8s.io/api/networking/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
+// Ingress is used to specify how OpenTelemetry Collector is exposed. This
+// functionality is only available if one of the valid modes is set.
+// Valid modes are: deployment, daemonset and statefulset.
+type Ingress struct {
+	// Type default value is: ""
+	// Supported types are: ingress
+	Type IngressType `json:"type,omitempty"`
+
+	// Hostname by which the ingress proxy can be reached.
+	// +optional
+	Hostname string `json:"hostname,omitempty"`
+
+	// Annotations to add to ingress.
+	// e.g. 'cert-manager.io/cluster-issuer: "letsencrypt"'
+	// +optional
+	Annotations map[string]string `json:"annotations,omitempty"`
+
+	// TLS configuration.
+	// +optional
+	TLS []networkingv1.IngressTLS `json:"tls,omitempty"`
+}
+
 // OpenTelemetryCollectorSpec defines the desired state of OpenTelemetryCollector.
 type OpenTelemetryCollectorSpec struct {
 	// Resources to set on the OpenTelemetry Collector pods.
@@ -107,6 +130,11 @@ type OpenTelemetryCollectorSpec struct {
 	// +optional
 	// +listType=atomic
 	Volumes []v1.Volume `json:"volumes,omitempty"`
+	// Ingress is used to specify how OpenTelemetry Collector is exposed. This
+	// functionality is only available if one of the valid modes is set.
+	// Valid modes are: deployment, daemonset and statefulset.
+	// +optional
+	Ingress Ingress `json:"ingress,omitempty"`
 	// HostNetwork indicates if the pod should run in the host networking namespace.
 	// +optional
 	HostNetwork bool `json:"hostNetwork,omitempty"`

diff --git a/apis/v1alpha1/opentelemetrycollector_webhook.go b/apis/v1alpha1/opentelemetrycollector_webhook.go
@@ -166,5 +166,11 @@ func (r *OpenTelemetryCollector) validateCRDSpec() error {
 
 	}
 
+	if r.Spec.Ingress.Type == IngressTypeNginx && r.Spec.Mode == ModeSidecar {
+		return fmt.Errorf("the OptenTelemetry Spec Ingress configuiration is incorrect. Ingress can only be used in combination with the modes: %s, %s, %s",
+			ModeDeployment, ModeDaemonSet, ModeStatefulSet,
+		)
+	}
+
 	return nil
 }
diff --git a/apis/v1alpha1/opentelemetrycollector_webhook_test.go b/apis/v1alpha1/opentelemetrycollector_webhook_test.go
@@ -15,6 +15,7 @@
 package v1alpha1
 
 import (
+	"fmt"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
@@ -317,6 +318,20 @@ func TestOTELColValidatingWebhook(t *testing.T) {
 			},
 			expectedErr: "targetCPUUtilization should be greater than 0 and less than 100",
 		},
+		{
+			name: "invalid deployment mode incompabible with ingress settings",
+			otelcol: OpenTelemetryCollector{
+				Spec: OpenTelemetryCollectorSpec{
+					Mode: ModeSidecar,
+					Ingress: Ingress{
+						Type: IngressTypeNginx,
+					},
+				},
+			},
+			expectedErr: fmt.Sprintf("Ingress can only be used in combination with the modes: %s, %s, %s",
+				ModeDeployment, ModeDaemonSet, ModeStatefulSet,
+			),
+		},
 	}
 
 	for _, test := range tests {

diff --git a/apis/v1alpha1/zz_generated.deepcopy.go b/apis/v1alpha1/zz_generated.deepcopy.go
diff --git a/bundle/manifests/opentelemetry-operator.clusterserviceversion.yaml b/bundle/manifests/opentelemetry-operator.clusterserviceversion.yaml
@@ -209,6 +209,18 @@ spec:
           - get
           - list
           - update
+        - apiGroups:
+          - networking.k8s.io
+          resources:
+          - ingresses
+          verbs:
+          - create
+          - delete
+          - get
+          - list
+          - patch
+          - update
+          - watch
         - apiGroups:
           - opentelemetry.io
           resources:

diff --git a/bundle/manifests/opentelemetry.io_opentelemetrycollectors.yaml b/bundle/manifests/opentelemetry.io_opentelemetrycollectors.yaml
@@ -354,6 +354,52 @@ spec:
                 description: ImagePullPolicy indicates the pull policy to be used
                   for retrieving the container image (Always, Never, IfNotPresent)
                 type: string
+              ingress:
+                description: 'Ingress is used to specify how OpenTelemetry Collector
+                  is exposed. This functionality is only available if one of the valid
+                  modes is set. Valid modes are: deployment, daemonset and statefulset.'
+                properties:
+                  annotations:
+                    additionalProperties:
+                      type: string
+                    description: 'Annotations to add to ingress. e.g. ''cert-manager.io/cluster-issuer:
+                      "letsencrypt"'''
+                    type: object
+                  hostname:
+                    description: Hostname by which the ingress proxy can be reached.
+                    type: string
+                  tls:
+                    description: TLS configuration.
+                    items:
+                      description: IngressTLS describes the transport layer security
+                        associated with an Ingress.
+                      properties:
+                        hosts:
+                          description: Hosts are a list of hosts included in the TLS
+                            certificate. The values in this list must match the name/s
+                            used in the tlsSecret. Defaults to the wildcard host setting
+                            for the loadbalancer controller fulfilling this Ingress,
+                            if left unspecified.
+                          items:
+                            type: string
+                          type: array
+                          x-kubernetes-list-type: atomic
+                        secretName:
+                          description: SecretName is the name of the secret used to
+                            terminate TLS traffic on port 443. Field is left optional
+                            to allow TLS routing based on SNI hostname alone. If the
+                            SNI host in a listener conflicts with the "Host" header
+                            field used by an IngressRule, the SNI host is used for
+                            termination and value of the Host header is used for routing.
+                          type: string
+                      type: object
+                    type: array
+                  type:
+                    description: 'Type default value is: "" Supported types are: ingress'
+                    enum:
+                    - ingress
+                    type: string
+                type: object
               maxReplicas:
                 description: MaxReplicas sets an upper bound to the autoscaling feature.
                   If MaxReplicas is set autoscaling is enabled.

diff --git a/config/crd/bases/opentelemetry.io_opentelemetrycollectors.yaml b/config/crd/bases/opentelemetry.io_opentelemetrycollectors.yaml
@@ -352,6 +352,52 @@ spec:
                 description: ImagePullPolicy indicates the pull policy to be used
                   for retrieving the container image (Always, Never, IfNotPresent)
                 type: string
+              ingress:
+                description: 'Ingress is used to specify how OpenTelemetry Collector
+                  is exposed. This functionality is only available if one of the valid
+                  modes is set. Valid modes are: deployment, daemonset and statefulset.'
+                properties:
+                  annotations:
+                    additionalProperties:
+                      type: string
+                    description: 'Annotations to add to ingress. e.g. ''cert-manager.io/cluster-issuer:
+                      "letsencrypt"'''
+                    type: object
+                  hostname:
+                    description: Hostname by which the ingress proxy can be reached.
+                    type: string
+                  tls:
+                    description: TLS configuration.
+                    items:
+                      description: IngressTLS describes the transport layer security
+                        associated with an Ingress.
+                      properties:
+                        hosts:
+                          description: Hosts are a list of hosts included in the TLS
+                            certificate. The values in this list must match the name/s
+                            used in the tlsSecret. Defaults to the wildcard host setting
+                            for the loadbalancer controller fulfilling this Ingress,
+                            if left unspecified.
+                          items:
+                            type: string
+                          type: array
+                          x-kubernetes-list-type: atomic
+                        secretName:
+                          description: SecretName is the name of the secret used to
+                            terminate TLS traffic on port 443. Field is left optional
+                            to allow TLS routing based on SNI hostname alone. If the
+                            SNI host in a listener conflicts with the "Host" header
+                            field used by an IngressRule, the SNI host is used for
+                            termination and value of the Host header is used for routing.
+                          type: string
+                      type: object
+                    type: array
+                  type:
+                    description: 'Type default value is: "" Supported types are: ingress'
+                    enum:
+                    - ingress
+                    type: string
+                type: object
               maxReplicas:
                 description: MaxReplicas sets an upper bound to the autoscaling feature.
                   If MaxReplicas is set autoscaling is enabled.

diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -120,6 +120,18 @@ rules:
   - get
   - list
   - update
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - opentelemetry.io
   resources:

diff --git a/controllers/opentelemetrycollector_controller.go b/controllers/opentelemetrycollector_controller.go
@@ -102,6 +102,11 @@ func NewReconciler(p Params) *OpenTelemetryCollectorReconciler {
 				"stateful sets",
 				true,
 			},
+			{
+				reconcile.Ingresses,
+				"ingresses",
+				true,
+			},
 			{
 				reconcile.Self,
 				"opentelemetry",
@@ -123,6 +128,7 @@ func NewReconciler(p Params) *OpenTelemetryCollectorReconciler {
 // +kubebuilder:rbac:groups=opentelemetry.io,resources=opentelemetrycollectors,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=opentelemetry.io,resources=opentelemetrycollectors/status,verbs=get;update;patch
 // +kubebuilder:rbac:groups=opentelemetry.io,resources=opentelemetrycollectors/finalizers,verbs=get;update;patch
+// +kubebuilder:rbac:groups=networking.k8s.io,resources=ingresses,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=get;list;create;update
 // +kubebuilder:rbac:groups="",resources=events,verbs=create;patch