Skip to content

Commit

Permalink
Merge branch 'main' into gen-2096
Browse files Browse the repository at this point in the history
  • Loading branch information
BenElferink authored Dec 23, 2024
2 parents f414656 + 3f50f26 commit d72105c
Show file tree
Hide file tree
Showing 36 changed files with 1,013 additions and 446 deletions.
175 changes: 70 additions & 105 deletions cli/cmd/resources/odiglet.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import (

"github.com/odigos-io/odigos/cli/pkg/autodetect"
cmdcontext "github.com/odigos-io/odigos/cli/pkg/cmd_context"
"github.com/odigos-io/odigos/common/consts"

"github.com/odigos-io/odigos/cli/cmd/resources/odigospro"
"github.com/odigos-io/odigos/cli/cmd/resources/resourcemanager"
Expand All @@ -24,12 +25,16 @@ import (
)

const (
OdigletServiceName = "odiglet"
OdigletDaemonSetName = "odiglet"
OdigletAppLabelValue = "odiglet"
OdigletContainerName = "odiglet"
OdigletImageName = "keyval/odigos-odiglet"
OdigletEnterpriseImageName = "keyval/odigos-enterprise-odiglet"
OdigletDaemonSetName = "odiglet"
OdigletAppLabelValue = OdigletDaemonSetName
OdigletServiceAccountName = OdigletDaemonSetName
OdigletRoleName = OdigletDaemonSetName
OdigletRoleBindingName = OdigletDaemonSetName
OdigletClusterRoleName = OdigletDaemonSetName
OdigletClusterRoleBindingName = OdigletDaemonSetName
OdigletContainerName = "odiglet"
OdigletImageName = "keyval/odigos-odiglet"
OdigletEnterpriseImageName = "keyval/odigos-enterprise-odiglet"
)

func NewOdigletServiceAccount(ns string) *corev1.ServiceAccount {
Expand All @@ -39,20 +44,21 @@ func NewOdigletServiceAccount(ns string) *corev1.ServiceAccount {
APIVersion: "v1",
},
ObjectMeta: metav1.ObjectMeta{
Name: "odiglet",
Name: OdigletServiceAccountName,
Namespace: ns,
},
}
}

func NewOdigletClusterRole(psp bool) *rbacv1.ClusterRole {
clusterrole := &rbacv1.ClusterRole{
func NewOdigletRole(ns string) *rbacv1.Role {
return &rbacv1.Role{
TypeMeta: metav1.TypeMeta{
Kind: "ClusterRole",
Kind: "Role",
APIVersion: "rbac.authorization.k8s.io/v1",
},
ObjectMeta: metav1.ObjectMeta{
Name: "odiglet",
Name: OdigletRoleName,
Namespace: ns,
},
Rules: []rbacv1.PolicyRule{
{
Expand All @@ -62,37 +68,57 @@ func NewOdigletClusterRole(psp bool) *rbacv1.ClusterRole {
"watch",
},
APIGroups: []string{"odigos.io"},
Resources: []string{"odigosconfigurations", "collectorsgroups", "collectorsgroups/status"},
},
{
Verbs: []string{
"get",
"list",
"watch",
},
APIGroups: []string{""},
Resources: []string{"configmaps"},
Resources: []string{"collectorsgroups", "collectorsgroups/status"},
},
{
Verbs: []string{
"get",
"list",
"watch",
},
APIGroups: []string{""},
Resources: []string{
"pods",
},
APIGroups: []string{""},
Resources: []string{"configmaps"},
ResourceNames: []string{consts.OdigosConfigurationName},
},
},
}
}

func NewOdigletRoleBinding(ns string) *rbacv1.RoleBinding {
return &rbacv1.RoleBinding{
TypeMeta: metav1.TypeMeta{
Kind: "RoleBinding",
APIVersion: "rbac.authorization.k8s.io/v1",
},
ObjectMeta: metav1.ObjectMeta{
Name: OdigletRoleBindingName,
Namespace: ns,
},
Subjects: []rbacv1.Subject{
{
Verbs: []string{
"get",
},
APIGroups: []string{""},
Resources: []string{
"pods/status",
},
Kind: "ServiceAccount",
Name: OdigletServiceAccountName,
Namespace: ns,
},
},
RoleRef: rbacv1.RoleRef{
APIGroup: "rbac.authorization.k8s.io",
Kind: "Role",
Name: OdigletRoleName,
},
}
}

func NewOdigletClusterRole(psp bool) *rbacv1.ClusterRole {
clusterrole := &rbacv1.ClusterRole{
TypeMeta: metav1.TypeMeta{
Kind: "ClusterRole",
APIVersion: "rbac.authorization.k8s.io/v1",
},
ObjectMeta: metav1.ObjectMeta{
Name: OdigletClusterRoleName,
},
Rules: []rbacv1.PolicyRule{
{
Verbs: []string{
"get",
Expand All @@ -101,34 +127,7 @@ func NewOdigletClusterRole(psp bool) *rbacv1.ClusterRole {
},
APIGroups: []string{""},
Resources: []string{
"nodes",
},
},
{
Verbs: []string{
"get",
"list",
"watch",
},
APIGroups: []string{"apps"},
Resources: []string{"deployments"},
},
{
Verbs: []string{
"get",
},
APIGroups: []string{"apps"},
Resources: []string{
"deployments/status",
},
},
{
Verbs: []string{
"get",
},
APIGroups: []string{"apps"},
Resources: []string{
"deployments/finalizers",
"pods", "pods/status",
},
},
{
Expand All @@ -137,25 +136,9 @@ func NewOdigletClusterRole(psp bool) *rbacv1.ClusterRole {
"list",
"watch",
},
APIGroups: []string{"apps"},
Resources: []string{"statefulsets"},
},
{
Verbs: []string{
"get",
},
APIGroups: []string{"apps"},
Resources: []string{
"statefulsets/status",
},
},
{
Verbs: []string{
"get",
},
APIGroups: []string{"apps"},
APIGroups: []string{""},
Resources: []string{
"statefulsets/finalizers",
"nodes",
},
},
{
Expand All @@ -165,24 +148,15 @@ func NewOdigletClusterRole(psp bool) *rbacv1.ClusterRole {
"watch",
},
APIGroups: []string{"apps"},
Resources: []string{"daemonsets"},
},
{
Verbs: []string{
"get",
},
APIGroups: []string{"apps"},
Resources: []string{
"daemonsets/status",
},
Resources: []string{"deployments", "daemonsets", "statefulsets"},
},
{
Verbs: []string{
"get",
},
APIGroups: []string{"apps"},
Resources: []string{
"daemonsets/finalizers",
"deployments/status", "daemonsets/status", "statefulsets/status",
},
},
{
Expand Down Expand Up @@ -253,17 +227,6 @@ func NewOdigletClusterRole(psp bool) *rbacv1.ClusterRole {
"instrumentationinstances/status",
},
},
{
Verbs: []string{
"get",
"list",
"watch",
},
APIGroups: []string{""},
Resources: []string{
"namespaces",
},
},
{
Verbs: []string{
"get",
Expand Down Expand Up @@ -319,19 +282,19 @@ func NewOdigletClusterRoleBinding(ns string) *rbacv1.ClusterRoleBinding {
APIVersion: "rbac.authorization.k8s.io/v1",
},
ObjectMeta: metav1.ObjectMeta{
Name: "odiglet",
Name: OdigletClusterRoleBindingName,
},
Subjects: []rbacv1.Subject{
{
Kind: "ServiceAccount",
Name: "odiglet",
Name: OdigletServiceAccountName,
Namespace: ns,
},
},
RoleRef: rbacv1.RoleRef{
APIGroup: "rbac.authorization.k8s.io",
Kind: "ClusterRole",
Name: "odiglet",
Name: OdigletClusterRoleName,
},
}
}
Expand All @@ -349,7 +312,7 @@ func NewSCCRoleBinding(ns string) *rbacv1.RoleBinding {
Subjects: []rbacv1.Subject{
{
Kind: "ServiceAccount",
Name: "odiglet",
Name: OdigletServiceAccountName,
Namespace: ns,
},
{
Expand Down Expand Up @@ -641,7 +604,7 @@ func NewOdigletDaemonSet(ns string, version string, imagePrefix string, imageNam
},
},
DNSPolicy: "ClusterFirstWithHostNet",
ServiceAccountName: "odiglet",
ServiceAccountName: OdigletServiceAccountName,
HostNetwork: true,
HostPID: true,
PriorityClassName: "system-node-critical",
Expand Down Expand Up @@ -723,6 +686,8 @@ func (a *odigletResourceManager) InstallFromScratch(ctx context.Context) error {

resources := []kube.Object{
NewOdigletServiceAccount(a.ns),
NewOdigletRole(a.ns),
NewOdigletRoleBinding(a.ns),
NewOdigletClusterRole(a.config.Psp),
NewOdigletClusterRoleBinding(a.ns),
}
Expand Down
7 changes: 4 additions & 3 deletions common/config/elasticsearch.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,10 @@ const (
ElasticsearchUrlKey = "ELASTICSEARCH_URL"
esTracesIndexKey = "ES_TRACES_INDEX"
esLogsIndexKey = "ES_LOGS_INDEX"
esBasicAuthKey = "ELASTICSEARCH_BASIC_AUTH_ENABLED" // unused in this file, currently UI only (we do not want to break existing setups by requiring this boolean)
esUsername = "ELASTICSEARCH_USERNAME"
esPassword = "ELASTICSEARCH_PASSWORD"
esTlsKey = "ELASTICSEARCH_TLS_ENABLED" // unused in this file, currently UI only (we do not want to break existing setups by requiring this boolean)
esCaPem = "ELASTICSEARCH_CA_PEM"
)

Expand Down Expand Up @@ -46,21 +48,20 @@ func (e *Elasticsearch) ModifyConfig(dest ExporterConfigurer, currentConfig *Con
logIndexVal = "log_index"
}

basicAuthUsername := dest.GetConfig()[esUsername]
caPem := dest.GetConfig()[esCaPem]

exporterConfig := GenericMap{
"endpoints": []string{parsedURL},
"traces_index": traceIndexVal,
"logs_index": logIndexVal,
}

caPem := dest.GetConfig()[esCaPem]
if caPem != "" {
exporterConfig["tls"] = GenericMap{
"ca_pem": caPem,
}
}

basicAuthUsername := dest.GetConfig()[esUsername]
if basicAuthUsername != "" {
exporterConfig["user"] = basicAuthUsername
exporterConfig["password"] = fmt.Sprintf("${%s}", esPassword)
Expand Down
35 changes: 34 additions & 1 deletion destinations/data/elasticsearch.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -36,13 +36,28 @@ spec:
type: text
placeholder: 'log_index'
tooltip: 'The name of the index where logs will be stored. Defaults to log_index'
- name: ELASTICSEARCH_BASIC_AUTH_ENABLED
displayName: Enable HTTP Basic Authentication
componentType: checkbox
initialValue: false
componentProps:
required: false
customReadDataLabels:
- condition: 'true'
title: 'Basic Auth'
value: 'Enabled'
- condition: 'false'
title: 'Basic Auth'
value: 'Disabled'
- name: ELASTICSEARCH_USERNAME
displayName: Username
componentType: input
componentProps:
type: text
required: false
tooltip: 'Username used for HTTP Basic Authentication'
renderCondition: ['ELASTICSEARCH_BASIC_AUTH_ENABLED', '==', 'true']
hideFromReadData: ['ELASTICSEARCH_BASIC_AUTH_ENABLED', '==', 'false']
- name: ELASTICSEARCH_PASSWORD
displayName: Password
componentType: input
Expand All @@ -51,11 +66,29 @@ spec:
required: false
tooltip: 'Password used for HTTP Basic Authentication'
secret: true
renderCondition: ['ELASTICSEARCH_BASIC_AUTH_ENABLED', '==', 'true']
hideFromReadData: ['ELASTICSEARCH_BASIC_AUTH_ENABLED', '==', 'false']
- name: ELASTICSEARCH_TLS_ENABLED
displayName: Enable TLS
componentType: checkbox
initialValue: false
componentProps:
required: false
tooltip: 'Secure connection (Transport Layer Security)'
customReadDataLabels:
- condition: 'true'
title: 'TLS'
value: 'Encrypted'
- condition: 'false'
title: 'TLS'
value: 'Unencrypted'
- name: ELASTICSEARCH_CA_PEM
displayName: CA Certificate
componentType: textarea
componentProps:
type: text
required: false
placeholder: '-----BEGIN CERTIFICATE-----'
tooltip: 'When using https, provide the CA certificate to verify the server. If empty uses system root CA'
tooltip: 'When using TLS, provide the CA certificate to verify the server. If empty uses system root CA'
renderCondition: ['ELASTICSEARCH_TLS_ENABLED', '==', 'true']
hideFromReadData: ['true']
Loading

0 comments on commit d72105c

Please sign in to comment.