diff --git a/Makefile b/Makefile index 892373ba1..06f564c9d 100644 --- a/Makefile +++ b/Makefile @@ -215,6 +215,12 @@ cli-diagnose: @echo "Diagnosing cluster data for debugging" cd ./cli ; go run -tags=embed_manifests . diagnose +.PHONY: helm-install +helm-install: + @echo "Installing odigos using helm" + helm upgrade --install odigos ./helm/odigos --create-namespace --namespace odigos-system --set image.tag=$(ODIGOS_CLI_VERSION) + kubectl label namespace odigos-system odigos.io/system-object="true" + .PHONY: api-all api-all: make -C api all diff --git a/autoscaler/main.go b/autoscaler/main.go index 457ed60ec..4757f758e 100644 --- a/autoscaler/main.go +++ b/autoscaler/main.go @@ -51,7 +51,7 @@ import ( metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server" apiactions "github.com/odigos-io/odigos/api/actions/v1alpha1" - observabilitycontrolplanev1 "github.com/odigos-io/odigos/api/odigos/v1alpha1" + odigosv1 "github.com/odigos-io/odigos/api/odigos/v1alpha1" "github.com/odigos-io/odigos/common" "github.com/odigos-io/odigos/autoscaler/controllers" @@ -72,7 +72,7 @@ var ( func init() { utilruntime.Must(clientgoscheme.AddToScheme(scheme)) - utilruntime.Must(observabilitycontrolplanev1.AddToScheme(scheme)) + utilruntime.Must(odigosv1.AddToScheme(scheme)) utilruntime.Must(apiactions.AddToScheme(scheme)) //+kubebuilder:scaffold:scheme } @@ -157,6 +157,36 @@ func main() { &corev1.Secret{}: { Field: nsSelector, }, + &odigosv1.CollectorsGroup{}: { + Field: nsSelector, + }, + &odigosv1.Destination{}: { + Field: nsSelector, + }, + &odigosv1.Processor{}: { + Field: nsSelector, + }, + &apiactions.AddClusterInfo{}: { + Field: nsSelector, + }, + &apiactions.DeleteAttribute{}: { + Field: nsSelector, + }, + &apiactions.ErrorSampler{}: { + Field: nsSelector, + }, + &apiactions.LatencySampler{}: { + Field: nsSelector, + }, + &apiactions.PiiMasking{}: { + Field: nsSelector, + }, + &apiactions.ProbabilisticSampler{}: { + Field: nsSelector, + }, + &apiactions.RenameAttribute{}: { + Field: nsSelector, + }, }, }, HealthProbeBindAddress: probeAddr, diff --git a/cli/cmd/resources/autoscaler.go b/cli/cmd/resources/autoscaler.go index c75fa36d4..b961c688c 100644 --- a/cli/cmd/resources/autoscaler.go +++ b/cli/cmd/resources/autoscaler.go @@ -19,11 +19,15 @@ import ( ) const ( - AutoScalerServiceAccountName = "odigos-autoscaler" - AutoScalerServiceName = "auto-scaler" - AutoScalerDeploymentName = "odigos-autoscaler" - AutoScalerAppLabelValue = "odigos-autoscaler" - AutoScalerContainerName = "manager" + AutoScalerDeploymentName = "odigos-autoscaler" + AutoScalerServiceAccountName = AutoScalerDeploymentName + AutoScalerAppLabelValue = AutoScalerDeploymentName + AutoScalerRoleName = AutoScalerDeploymentName + AutoScalerRoleBindingName = AutoScalerDeploymentName + AutoScalerClusterRoleName = AutoScalerDeploymentName + AutoScalerClusterRoleBindingName = AutoScalerDeploymentName + AutoScalerServiceName = "auto-scaler" + AutoScalerContainerName = "manager" ) func NewAutoscalerServiceAccount(ns string) *corev1.ServiceAccount { @@ -46,7 +50,7 @@ func NewAutoscalerRole(ns string) *rbacv1.Role { APIVersion: "rbac.authorization.k8s.io/v1", }, ObjectMeta: metav1.ObjectMeta{ - Name: "odigos-autoscaler", + Name: AutoScalerRoleName, Namespace: ns, }, Rules: []rbacv1.PolicyRule{ @@ -117,8 +121,8 @@ func NewAutoscalerRole(ns string) *rbacv1.Role { { Verbs: []string{ "get", - "patch", - "update", + "list", + "watch", }, APIGroups: []string{"apps"}, Resources: []string{"deployments/status"}, @@ -142,107 +146,14 @@ func NewAutoscalerRole(ns string) *rbacv1.Role { APIGroups: []string{""}, Resources: []string{"secrets"}, }, - }, - } -} - -func NewAutoscalerRoleBinding(ns string) *rbacv1.RoleBinding { - return &rbacv1.RoleBinding{ - TypeMeta: metav1.TypeMeta{ - Kind: "RoleBinding", - APIVersion: "rbac.authorization.k8s.io/v1", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: "odigos-autoscaler", - Namespace: ns, - }, - Subjects: []rbacv1.Subject{ - { - Kind: "ServiceAccount", - Name: "odigos-autoscaler", - }, - }, - RoleRef: rbacv1.RoleRef{ - APIGroup: "rbac.authorization.k8s.io", - Kind: "Role", - Name: "odigos-autoscaler", - }, - } -} - -func NewAutoscalerClusterRole() *rbacv1.ClusterRole { - return &rbacv1.ClusterRole{ - TypeMeta: metav1.TypeMeta{ - Kind: "ClusterRole", - APIVersion: "rbac.authorization.k8s.io/v1", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: "odigos-autoscaler", - }, - Rules: []rbacv1.PolicyRule{ - { - Verbs: []string{ - "get", - "list", - "watch", - }, - APIGroups: []string{""}, - Resources: []string{"configmaps"}, - }, { Verbs: []string{ "get", "list", "watch", }, - APIGroups: []string{""}, - Resources: []string{"services"}, - }, - { - Verbs: []string{ - "get", - "list", - "watch", - }, - APIGroups: []string{"apps"}, - Resources: []string{"daemonsets"}, - }, - { - Verbs: []string{ - "get", - "list", - "watch", - }, - APIGroups: []string{"apps"}, - Resources: []string{"deployments"}, - }, - { - Verbs: []string{ - "get", - "list", - "watch", - }, - APIGroups: []string{"odigos.io"}, - Resources: []string{"instrumentationconfigs"}, - }, { - Verbs: []string{ - "create", - "delete", - "get", - "list", - "patch", - "update", - "watch", - }, APIGroups: []string{"odigos.io"}, - Resources: []string{"collectorsgroups"}, - }, - { - Verbs: []string{ - "update", - }, - APIGroups: []string{"odigos.io"}, - Resources: []string{"collectorsgroups/finalizers"}, + Resources: []string{"destinations"}, }, { Verbs: []string{ @@ -251,20 +162,7 @@ func NewAutoscalerClusterRole() *rbacv1.ClusterRole { "update", }, APIGroups: []string{"odigos.io"}, - Resources: []string{"collectorsgroups/status"}, - }, - { - Verbs: []string{ - "create", - "delete", - "get", - "list", - "patch", - "update", - "watch", - }, - APIGroups: []string{"odigos.io"}, - Resources: []string{"destinations"}, + Resources: []string{"destinations/status"}, }, { Verbs: []string{ @@ -280,10 +178,12 @@ func NewAutoscalerClusterRole() *rbacv1.ClusterRole { }, { Verbs: []string{ - "update", + "watch", + "get", + "list", }, - APIGroups: []string{"odigos.io"}, - Resources: []string{"destinations/finalizers"}, + APIGroups: []string{"actions.odigos.io"}, + Resources: []string{"addclusterinfos", "deleteattributes", "renameattributes", "probabilisticsamplers", "piimaskings", "latencysamplers", "errorsamplers"}, }, { Verbs: []string{ @@ -291,17 +191,17 @@ func NewAutoscalerClusterRole() *rbacv1.ClusterRole { "patch", "update", }, - APIGroups: []string{"odigos.io"}, - Resources: []string{"destinations/status"}, + APIGroups: []string{"actions.odigos.io"}, + Resources: []string{"addclusterinfos/status", "deleteattributes/status", "renameattributes/status", "probabilisticsamplers/status", "piimaskings/status", "latencysamplers/status", "errorsamplers/status"}, }, { Verbs: []string{ - "watch", "get", "list", + "watch", }, - APIGroups: []string{"actions.odigos.io"}, - Resources: []string{"addclusterinfos", "deleteattributes", "renameattributes", "probabilisticsamplers", "piimaskings", "latencysamplers", "errorsamplers"}, + APIGroups: []string{"odigos.io"}, + Resources: []string{"collectorsgroups"}, }, { Verbs: []string{ @@ -309,9 +209,47 @@ func NewAutoscalerClusterRole() *rbacv1.ClusterRole { "patch", "update", }, - APIGroups: []string{"actions.odigos.io"}, - Resources: []string{"addclusterinfos/status", "deleteattributes/status", "renameattributes/status", "probabilisticsamplers/status", "piimaskings/status", "latencysamplers/status", "errorsamplers/status"}, + APIGroups: []string{"odigos.io"}, + Resources: []string{"collectorsgroups/status"}, }, + }, + } +} + +func NewAutoscalerRoleBinding(ns string) *rbacv1.RoleBinding { + return &rbacv1.RoleBinding{ + TypeMeta: metav1.TypeMeta{ + Kind: "RoleBinding", + APIVersion: "rbac.authorization.k8s.io/v1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: AutoScalerRoleBindingName, + Namespace: ns, + }, + Subjects: []rbacv1.Subject{ + { + Kind: "ServiceAccount", + Name: AutoScalerServiceAccountName, + }, + }, + RoleRef: rbacv1.RoleRef{ + APIGroup: "rbac.authorization.k8s.io", + Kind: "Role", + Name: AutoScalerRoleName, + }, + } +} + +func NewAutoscalerClusterRole() *rbacv1.ClusterRole { + return &rbacv1.ClusterRole{ + TypeMeta: metav1.TypeMeta{ + Kind: "ClusterRole", + APIVersion: "rbac.authorization.k8s.io/v1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: AutoScalerClusterRoleName, + }, + Rules: []rbacv1.PolicyRule{ { Verbs: []string{ "get", @@ -319,7 +257,7 @@ func NewAutoscalerClusterRole() *rbacv1.ClusterRole { "watch", }, APIGroups: []string{"odigos.io"}, - Resources: []string{"odigosconfigurations"}, + Resources: []string{"instrumentationconfigs"}, }, }, } @@ -332,19 +270,19 @@ func NewAutoscalerClusterRoleBinding(ns string) *rbacv1.ClusterRoleBinding { APIVersion: "rbac.authorization.k8s.io/v1", }, ObjectMeta: metav1.ObjectMeta{ - Name: "odigos-autoscaler", + Name: AutoScalerClusterRoleBindingName, }, Subjects: []rbacv1.Subject{ { Kind: "ServiceAccount", - Name: "odigos-autoscaler", + Name: AutoScalerServiceAccountName, Namespace: ns, }, }, RoleRef: rbacv1.RoleRef{ APIGroup: "rbac.authorization.k8s.io", Kind: "ClusterRole", - Name: "odigos-autoscaler", + Name: AutoScalerClusterRoleName, }, } } @@ -362,7 +300,7 @@ func NewAutoscalerLeaderElectionRoleBinding(ns string) *rbacv1.RoleBinding { Subjects: []rbacv1.Subject{ { Kind: "ServiceAccount", - Name: "odigos-autoscaler", + Name: AutoScalerServiceAccountName, }, }, RoleRef: rbacv1.RoleRef{ @@ -486,7 +424,7 @@ func NewAutoscalerDeployment(ns string, version string, imagePrefix string, imag }, }, TerminationGracePeriodSeconds: ptrint64(10), - ServiceAccountName: "odigos-autoscaler", + ServiceAccountName: AutoScalerServiceAccountName, SecurityContext: &corev1.PodSecurityContext{ RunAsNonRoot: ptrbool(true), }, diff --git a/helm/odigos/templates/autoscaler/clusterrole.yaml b/helm/odigos/templates/autoscaler/clusterrole.yaml index c94fec1fc..014f2c6b1 100644 --- a/helm/odigos/templates/autoscaler/clusterrole.yaml +++ b/helm/odigos/templates/autoscaler/clusterrole.yaml @@ -3,118 +3,11 @@ kind: ClusterRole metadata: name: odigos-autoscaler rules: - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - apps - resources: - - daemonsets - - deployments - verbs: - - get - - list - - watch - apiGroups: - odigos.io resources: - instrumentationconfigs - - collectorsgroups - - odigosconfigurations - - destinations - - processors - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - odigos.io - resources: - - collectorsgroups/finalizers - - destinations/finalizers - verbs: - - update - - apiGroups: - - odigos.io - resources: - - collectorsgroups/status - - destinations/status - verbs: - - get - - patch - - update - - apiGroups: - - actions.odigos.io - resources: - - addclusterinfos - - deleteattributes - - renameattributes - - probabilisticsamplers - - latencysamplers - - errorsamplers - - piimaskings - verbs: - - watch - - get - - list - - apiGroups: - - actions.odigos.io - resources: - - addclusterinfos/status - - deleteattributes/status - - renameattributes/status - - probabilisticsamplers/status - - latencysamplers/status - - errorsamplers/status - - piimaskings/status - verbs: - - get - - patch - - update - - apiGroups: - - "" - resources: - - configmaps - - services - verbs: - - get - - list - - watch - - apiGroups: - - apps - resources: - - daemonsets - - deployments - verbs: - - get - - list - - watch - - apiGroups: - - odigos.io - resources: - - odigosconfigurations verbs: - get - list - - watch + - watch \ No newline at end of file diff --git a/helm/odigos/templates/autoscaler/role.yaml b/helm/odigos/templates/autoscaler/role.yaml index c8f864849..623646420 100644 --- a/helm/odigos/templates/autoscaler/role.yaml +++ b/helm/odigos/templates/autoscaler/role.yaml @@ -8,6 +8,17 @@ rules: - "" resources: - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: - services verbs: - create @@ -22,7 +33,6 @@ rules: - apps resources: - daemonsets - - deployments verbs: - create - delete @@ -36,6 +46,26 @@ rules: - apps resources: - daemonsets/status + verbs: + - get + - patch + - update + - apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: - deployments/status verbs: - get @@ -54,7 +84,78 @@ rules: - "" resources: - secrets + verbs: + - list + - watch + - get + - apiGroups: + - odigos.io + resources: + - destinations verbs: - get - list - watch + - apiGroups: + - odigos.io + resources: + - destinations/status + verbs: + - get + - patch + - update + - apiGroups: + - odigos.io + resources: + - processors + verbs: + - get + - list + - watch + - patch + - create + - update + - apiGroups: + - actions.odigos.io + resources: + - addclusterinfos + - deleteattributes + - renameattributes + - probabilisticsamplers + - piimaskings + - latencysamplers + - errorsamplers + verbs: + - watch + - get + - list + - apiGroups: + - actions.odigos.io + resources: + - addclusterinfos/status + - deleteattributes/status + - renameattributes/status + - probabilisticsamplers/status + - piimaskings/status + - latencysamplers/status + - errorsamplers/status + verbs: + - get + - patch + - update + - apiGroups: + - odigos.io + resources: + - collectorsgroups + verbs: + - get + - list + - watch + - apiGroups: + - odigos.io + resources: + - collectorsgroups/status + verbs: + - get + - patch + - update diff --git a/helm/odigos/templates/scheduler/role.yaml b/helm/odigos/templates/scheduler/role.yaml index ca14e3135..8199720ad 100644 --- a/helm/odigos/templates/scheduler/role.yaml +++ b/helm/odigos/templates/scheduler/role.yaml @@ -2,6 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: odigos-scheduler + namespace: {{ .Release.Namespace }} rules: - apiGroups: - ""