Add deployments, statefulSets, replicaSets to .workloads Helm chart v…

…alues

Signed-off-by: Jakub Rożek <jrozek@datawire.io>

CHANGELOG.yml

@@ -78,6 +78,12 @@ items:
         body: >-
           The OSS code-base will no longer report usage data to the proprietary collector at Ambassador Labs. The actual calls
           to the collector remain, but will be no-ops unless a proper collector client is installed using an extension point.
+      - type: feature
+        title: Add deployments, statefulSets, replicaSets to workloads Helm chart value
+        body: >-
+          The Helm chart value <code>workloads</code> now supports the kinds <code>deployments.enabled</code>, <code>statefulSets.enabled</code>, and <code>replicaSets.enabled</code>.
+          By default, all three are enabled, but can be disabled by setting the corresponding value to <code>false</code>.
+          When disabled, the traffic-manager will ignore workloads of a corresponding kind, and Telepresence will not be able to intercept them.
   - version: 2.20.2
     date: 2024-10-21
     notes:

charts/telepresence/README.md

@@ -102,6 +102,9 @@ The following tables lists the configurable parameters of the Telepresence chart
 | client.routing.allowConflictingSubnets               | Allow the specified subnets to be routed even if they conflict with other routes on the local machine.                      | `[]`                                                                        |
 | client.dns.excludeSuffixes                           | Suffixes for which the client DNS resolver will always fail (or fallback in case of the overriding resolver)                | `[".com", ".io", ".net", ".org", ".ru"]`                                    |
 | client.dns.includeSuffixes                           | Suffixes for which the client DNS resolver will always attempt to do a lookup. Includes have higher priority than excludes. | `[]`                                                                        |
+| workloads.deployments.enabled                        | Enable/Disable the support for Deployments.                                                                                 | `true`                                                                      |
+| workloads.replicaSets.enabled                        | Enable/Disable the support for ReplicaSets.                                                                                 | `true`                                                                      |
+| workloads.statefulSets.enabled                       | Enable/Disable the support for StatefulSets.                                                                                | `true`                                                                      |
 | workloads.argoRollouts.enabled                       | Enable/Disable the argo-rollouts integration.                                                                               | `false`                                                                     |
 
 ### RBAC

charts/telepresence/templates/_helpers.tpl

@@ -88,7 +88,7 @@ RBAC rules required to create an intercept in a namespace; excludes any rules th
 - apiGroups: ["apps"]
   resources: ["deployments", "replicasets", "statefulsets"]
   verbs: ["get", "watch", "list"]
-{{- if .Values.workloads.argoRollouts.enabled }}
+{{- if and .Values.workloads .Values.workloads.argoRollouts .Values.workloads.argoRollouts.enabled }}
 - apiGroups: ["argoproj.io"]
   resources: ["rollouts"]
   verbs: ["get", "watch", "list"]

charts/telepresence/templates/deployment.yaml

@@ -81,9 +81,26 @@ spec:
             value: {{ .grpc.maxReceiveSize }}
           {{- end }}
           {{- end }}
-          {{- if .workloads.argoRollouts }}
-          - name: ARGO_ROLLOUTS_ENABLED
-            value: {{ .workloads.argoRollouts.enabled | quote }}
+          {{- if .workloads }}
+          {{- with .workloads }}
+          - name: ENABLED_WORKLOAD_KINDS
+            value: >-
+              {{- if or (not .deployments) .deployments.enabled }}
+              deployment
+              {{- end }}
+              {{- if or (not .statefulSets) .statefulSets.enabled }}
+              statefulset
+              {{- end }}
+              {{- if or (not .replicaSets) .replicaSets.enabled }}
+              replicaset
+              {{- end }}
+              {{- if and .argoRollouts .argoRollouts.enabled }}
+              rollout
+              {{- end }}
+          {{- end }}
+          {{- else }}
+          - name: ENABLED_WORKLOAD_KINDS
+            value: deployment statefulset rollout
           {{- end }}
       {{- if .agentInjector.enabled }}
         {{- /*

charts/telepresence/values.yaml

@@ -347,6 +347,12 @@ client:
 
 # Controls which workload kinds are recognized by Telepresence
 workloads:
+  deployments:
+    enabled: true
+  replicaSets:
+    enabled: true
+  statefulSets:
+    enabled: true
   argoRollouts:
     enabled: false
 

cmd/traffic/cmd/manager/cluster/info.go

@@ -129,6 +129,8 @@ func NewInfo(ctx context.Context) Info {
 		}
 	}
 
+	dlog.Infof(ctx, "Enabled support for the following workload kinds: %v", env.EnabledWorkloadKinds)
+
 	// make an attempt to create a service with ClusterIP that is out of range and then
 	// check the error message for the correct range as suggested tin the second answer here:
 	//   https://stackoverflow.com/questions/44190607/how-do-you-find-the-cluster-service-cidr-of-a-kubernetes-cluster

cmd/traffic/cmd/manager/managerutil/envconfig.go

@@ -2,6 +2,7 @@ package managerutil
 
 import (
 	"context"
+	"fmt"
 	"net/netip"
 	"reflect"
 	"strconv"
@@ -18,6 +19,7 @@ import (
 	"github.com/datawire/k8sapi/pkg/k8sapi"
 	"github.com/telepresenceio/telepresence/v2/pkg/agentconfig"
 	"github.com/telepresenceio/telepresence/v2/pkg/agentmap"
+	"github.com/telepresenceio/telepresence/v2/pkg/workload"
 )
 
 // Env is the traffic-manager's environment. It does not define any defaults because all
@@ -70,7 +72,7 @@ type Env struct {
 	ClientDnsIncludeSuffixes             []string       `env:"CLIENT_DNS_INCLUDE_SUFFIXES,       		parser=split-trim,  default="`
 	ClientConnectionTTL                  time.Duration  `env:"CLIENT_CONNECTION_TTL,              		parser=time.ParseDuration"`
 
-	ArgoRolloutsEnabled bool `env:"ARGO_ROLLOUTS_ENABLED, parser=bool, default=false"`
+	EnabledWorkloadKinds []workload.WorkloadKind `env:"ENABLED_WORKLOAD_KINDS, parser=split-trim, default=deployment statefulset replicaset"`
 
 	// For testing only
 	CompatibilityVersion *semver.Version `env:"COMPATIBILITY_VERSION, parser=version, default="`
@@ -256,6 +258,25 @@ func fieldTypeHandlers() map[reflect.Type]envconfig.FieldTypeHandler {
 		},
 		Setter: func(dst reflect.Value, src any) { dst.Set(reflect.ValueOf(src.(*semver.Version))) },
 	}
+	fhs[reflect.TypeOf([]workload.WorkloadKind{})] = envconfig.FieldTypeHandler{
+		Parsers: map[string]func(string) (any, error){
+			"split-trim": func(str string) (any, error) { //nolint:unparam // API requirement
+				if len(str) == 0 {
+					return nil, nil
+				}
+				ss := strings.Split(str, " ")
+				ks := make([]workload.WorkloadKind, len(ss))
+				for i, s := range ss {
+					ks[i] = workload.WorkloadKind(s)
+					if !ks[i].IsValid() {
+						return nil, fmt.Errorf("invalid workload kind: %q", s)
+					}
+				}
+				return ks, nil
+			},
+		},
+		Setter: func(dst reflect.Value, src interface{}) { dst.Set(reflect.ValueOf(src.([]workload.WorkloadKind))) },
+	}
 	return fhs
 }
 

cmd/traffic/cmd/manager/managerutil/envconfig_test.go

@@ -13,6 +13,7 @@ import (
 	"github.com/datawire/k8sapi/pkg/k8sapi"
 	"github.com/telepresenceio/telepresence/v2/cmd/traffic/cmd/manager/managerutil"
 	"github.com/telepresenceio/telepresence/v2/pkg/agentconfig"
+	"github.com/telepresenceio/telepresence/v2/pkg/workload"
 )
 
 func TestEnvconfig(t *testing.T) {
@@ -53,6 +54,7 @@ func TestEnvconfig(t *testing.T) {
 		PodCIDRStrategy:          "auto",
 		PodIP:                    netip.AddrFrom4([4]byte{203, 0, 113, 18}),
 		ServerPort:               8081,
+		EnabledWorkloadKinds:     []workload.WorkloadKind{workload.DeploymentWorkloadKind, workload.StatefulSetWorkloadKind, workload.ReplicaSetWorkloadKind},
 	}
 
 	testcases := map[string]struct {
@@ -65,12 +67,10 @@ func TestEnvconfig(t *testing.T) {
 		},
 		"simple": {
 			Input: map[string]string{
-				"AGENT_REGISTRY":        "ghcr.io/telepresenceio",
-				"ARGO_ROLLOUTS_ENABLED": "true",
+				"AGENT_REGISTRY": "ghcr.io/telepresenceio",
 			},
 			Output: func(e *managerutil.Env) {
 				e.AgentRegistry = "ghcr.io/telepresenceio"
-				e.ArgoRolloutsEnabled = true
 			},
 		},
 		"complex": {

cmd/traffic/cmd/manager/mutator/agent_injector.go

@@ -28,6 +28,7 @@ import (
 	"github.com/telepresenceio/telepresence/v2/pkg/agentmap"
 	"github.com/telepresenceio/telepresence/v2/pkg/maps"
 	"github.com/telepresenceio/telepresence/v2/pkg/tracing"
+	"github.com/telepresenceio/telepresence/v2/pkg/workload"
 )
 
 var podResource = meta.GroupVersionResource{Version: "v1", Group: "", Resource: "pods"} //nolint:gochecknoglobals // constant
@@ -145,9 +146,19 @@ func (a *agentInjector) Inject(ctx context.Context, req *admission.AdmissionRequ
 			return nil, nil
 		}
 
-		supportedKinds := []string{"Deployment", "ReplicaSet", "StatefulSet"}
-		if managerutil.ArgoRolloutsEnabled(ctx) {
-			supportedKinds = append(supportedKinds, "Rollout")
+		enabledWorkloads := managerutil.GetEnv(ctx).EnabledWorkloadKinds
+		supportedKinds := make([]string, len(enabledWorkloads))
+		for i, wlKind := range enabledWorkloads {
+			switch wlKind {
+			case workload.DeploymentWorkloadKind:
+				supportedKinds[i] = "Deployment"
+			case workload.ReplicaSetWorkloadKind:
+				supportedKinds[i] = "ReplicaSet"
+			case workload.StatefulSetWorkloadKind:
+				supportedKinds[i] = "StatefulSet"
+			case workload.RolloutWorkloadKind:
+				supportedKinds[i] = "Rollout"
+			}
 		}
 		wl, err := agentmap.FindOwnerWorkload(ctx, k8sapi.Pod(pod), supportedKinds)
 		if err != nil {

cmd/traffic/cmd/manager/mutator/agent_injector_test.go

@@ -31,6 +31,7 @@ import (
 	"github.com/telepresenceio/telepresence/v2/pkg/agentconfig"
 	"github.com/telepresenceio/telepresence/v2/pkg/agentmap"
 	"github.com/telepresenceio/telepresence/v2/pkg/informer"
+	"github.com/telepresenceio/telepresence/v2/pkg/workload"
 )
 
 const serviceAccountMountPath = "/var/run/secrets/kubernetes.io/serviceaccount"
@@ -1907,9 +1908,18 @@ func toAdmissionRequest(resource meta.GroupVersionResource, object any) *admissi
 }
 
 func generateForPod(t *testing.T, ctx context.Context, pod *core.Pod, gc agentmap.GeneratorConfig) (agentconfig.SidecarExt, error) {
-	supportedKinds := []string{"Deployment", "ReplicaSet", "StatefulSet"}
-	if managerutil.ArgoRolloutsEnabled(ctx) {
-		supportedKinds = append(supportedKinds, "Rollout")
+	supportedKinds := make([]string, 0, 4)
+	for _, wlKind := range managerutil.GetEnv(ctx).EnabledWorkloadKinds {
+		switch wlKind {
+		case workload.DeploymentWorkloadKind:
+			supportedKinds = append(supportedKinds, "Deployment")
+		case workload.ReplicaSetWorkloadKind:
+			supportedKinds = append(supportedKinds, "ReplicaSet")
+		case workload.StatefulSetWorkloadKind:
+			supportedKinds = append(supportedKinds, "StatefulSet")
+		case workload.RolloutWorkloadKind:
+			supportedKinds = append(supportedKinds, "Rollout")
+		}
 	}
 	wl, err := agentmap.FindOwnerWorkload(ctx, k8sapi.Pod(pod), supportedKinds)
 	if err != nil {

cmd/traffic/cmd/manager/mutator/watcher.go

@@ -560,19 +560,25 @@ func (c *configWatcher) StartWatchers(ctx context.Context) error {
 			return err
 		}
 	}
-	for _, si := range c.dps {
-		if err := c.watchWorkloads(ctx, si); err != nil {
-			return err
+	if c.dps != nil {
+		for _, si := range c.dps {
+			if err := c.watchWorkloads(ctx, si); err != nil {
+				return err
+			}
 		}
 	}
-	for _, si := range c.rss {
-		if err := c.watchWorkloads(ctx, si); err != nil {
-			return err
+	if c.rss != nil {
+		for _, si := range c.rss {
+			if err := c.watchWorkloads(ctx, si); err != nil {
+				return err
+			}
 		}
 	}
-	for _, si := range c.sss {
-		if err := c.watchWorkloads(ctx, si); err != nil {
-			return err
+	if c.sss != nil {
+		for _, si := range c.sss {
+			if err := c.watchWorkloads(ctx, si); err != nil {
+				return err
+			}
 		}
 	}
 	if c.rls != nil {
@@ -834,22 +840,36 @@ func (c *configWatcher) Start(ctx context.Context) {
 
 	c.svs = make([]cache.SharedIndexInformer, len(nss))
 	c.cms = make([]cache.SharedIndexInformer, len(nss))
-	c.dps = make([]cache.SharedIndexInformer, len(nss))
-	c.rss = make([]cache.SharedIndexInformer, len(nss))
-	c.sss = make([]cache.SharedIndexInformer, len(nss))
+	for _, wlKind := range env.EnabledWorkloadKinds {
+		switch wlKind {
+		case workload.DeploymentWorkloadKind:
+			c.dps = make([]cache.SharedIndexInformer, len(nss))
+		case workload.ReplicaSetWorkloadKind:
+			c.rss = make([]cache.SharedIndexInformer, len(nss))
+		case workload.StatefulSetWorkloadKind:
+			c.sss = make([]cache.SharedIndexInformer, len(nss))
+		case workload.RolloutWorkloadKind:
+			c.rls = make([]cache.SharedIndexInformer, len(nss))
+		}
+	}
 	for i, ns := range nss {
 		c.cms[i] = c.startConfigMap(ctx, ns)
 		c.svs[i] = c.startServices(ctx, ns)
-		c.dps[i] = workload.StartDeployments(ctx, ns)
-		c.rss[i] = workload.StartReplicaSets(ctx, ns)
-		c.sss[i] = workload.StartStatefulSets(ctx, ns)
+		if c.dps != nil {
+			c.dps[i] = workload.StartDeployments(ctx, ns)
+		}
+		if c.rss != nil {
+			c.rss[i] = workload.StartReplicaSets(ctx, ns)
+		}
+		if c.sss != nil {
+			c.sss[i] = workload.StartStatefulSets(ctx, ns)
+		}
 		c.startPods(ctx, ns)
 		kf := informer.GetK8sFactory(ctx, ns)
 		kf.Start(ctx.Done())
 		kf.WaitForCacheSync(ctx.Done())
 	}
-	if managerutil.ArgoRolloutsEnabled(ctx) {
-		c.rls = make([]cache.SharedIndexInformer, len(nss))
+	if c.rls != nil {
 		for i, ns := range nss {
 			c.rls[i] = workload.StartRollouts(ctx, ns)
 			rf := informer.GetArgoRolloutsFactory(ctx, ns)

cmd/traffic/cmd/manager/service.go

@@ -32,6 +32,7 @@ import (
 	"github.com/telepresenceio/telepresence/v2/pkg/tracing"
 	"github.com/telepresenceio/telepresence/v2/pkg/tunnel"
 	"github.com/telepresenceio/telepresence/v2/pkg/version"
+	"github.com/telepresenceio/telepresence/v2/pkg/workload"
 )
 
 // Clock is the mechanism used by the Manager state to get the current time.
@@ -583,9 +584,19 @@ func (s *service) GetKnownWorkloadKinds(ctx context.Context, request *rpc.Sessio
 	}
 	ctx = managerutil.WithSessionInfo(ctx, request)
 	dlog.Debugf(ctx, "GetKnownWorkloadKinds called")
-	kinds := []rpc.WorkloadInfo_Kind{rpc.WorkloadInfo_DEPLOYMENT, rpc.WorkloadInfo_REPLICASET, rpc.WorkloadInfo_STATEFULSET}
-	if managerutil.ArgoRolloutsEnabled(ctx) {
-		kinds = append(kinds, rpc.WorkloadInfo_ROLLOUT)
+	enabledWorkloadKinds := managerutil.GetEnv(ctx).EnabledWorkloadKinds
+	kinds := make([]rpc.WorkloadInfo_Kind, len(enabledWorkloadKinds))
+	for i, wlKind := range enabledWorkloadKinds {
+		switch wlKind {
+		case workload.DeploymentWorkloadKind:
+			kinds[i] = rpc.WorkloadInfo_DEPLOYMENT
+		case workload.ReplicaSetWorkloadKind:
+			kinds[i] = rpc.WorkloadInfo_REPLICASET
+		case workload.StatefulSetWorkloadKind:
+			kinds[i] = rpc.WorkloadInfo_STATEFULSET
+		case workload.RolloutWorkloadKind:
+			kinds[i] = rpc.WorkloadInfo_ROLLOUT
+		}
 	}
 	return &rpc.KnownWorkloadKinds{Kinds: kinds}, nil
 }

cmd/traffic/cmd/manager/state/state.go

@@ -495,7 +495,7 @@ func (s *state) WatchWorkloads(ctx context.Context, sessionID string) (ch <-chan
 	}
 	ns := client.Namespace
 	ww, _ := s.workloadWatchers.LoadOrCompute(ns, func() (ww workload.Watcher) {
-		ww, err = workload.NewWatcher(s.backgroundCtx, ns, managerutil.ArgoRolloutsEnabled(ctx))
+		ww, err = workload.NewWatcher(s.backgroundCtx, ns, managerutil.GetEnv(ctx).EnabledWorkloadKinds)
 		return ww
 	})
 	if err != nil {