Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Include ports for networkpolicy or ciliumnetworkpolicy for OTLP ingest #1452

Merged
merged 3 commits into from
Oct 11, 2024
Merged

Include ports for networkpolicy or ciliumnetworkpolicy for OTLP ingest #1452

merged 3 commits into from
Oct 11, 2024

Conversation

mrdoggopat
Copy link
Contributor

What does this PR do?

When global.networkPolicy.create and OTLP is enabled, enables the necessary ingress ports in the NetworkPolicy or CiliumNetworkPolicy for OTLP ingest depending on the flavor that is configured in global.networkPolicy.flavor. Currently this is only supported for APM features.

Also refined the logic on the OTLP ports for the local service depending if the user has configured features.otlp.receiver.protocols.grpc/http.hostPortConfig.enabled and/or features.otlp.receiver.protocols.grpc/http.hostPortConfig.hostPort. This is in an effort to make it so that NetworkPolicy's ingress ports correspond with the local service (vice-versa) whenever the above hostPortConfig's are configured, a follow-up to this PR: #1440

Motivation

CECO-1468
Generally to alleviate connectivity issues with OTLP ingest for clusters have restrictive NetworkPolicy rules.

Describe your test plan

Create a kind cluster, and follow this guide to install Cilium in your cluster: https://docs.cilium.io/en/stable/installation/kind/

Test the "kubernetes" flavor:
Deploy the following DatadogAgent configurations:

spec:
  global:
    networkPolicy:
      create: true
      flavor: "kubernetes"
  features:
    otlp:
      receiver:
        protocols:
          grpc:
            enabled: true
          http:
            enabled: true

The operator should deploy the NetworkPolicy object with ingress ports 4317 and 4318.
For instance if you named the DatadogAgent as datadog, you can run kubectl describe networkpolicy datadog-agent to check if the ports are present.

Can also include the configurations features.otlp.receiver.protocols.grpc.hostPortConfig.hostPort and features.otlp.receiver.protocols.http.hostPortConfig.hostPort to configure custom ports and check if it reflects in the NetworkPolicy

Test the "cilium" flavor:

spec:
  global:
    networkPolicy:
      create: true
      flavor: "cilium"
  features:
    otlp:
      receiver:
        protocols:
          grpc:
            enabled: true
          http:
            enabled: true

The operator should deploy the CiliumNetworkPolicy object with ingress ports 4317 and 4318.
For instance if you named the DatadogAgent as datadog, you can run kubectl describe ciliumnetworkpolicy datadog-agent to check if the ports are present.

Can also include the configurations features.otlp.receiver.protocols.grpc.hostPortConfig.hostPort and features.otlp.receiver.protocols.http.hostPortConfig.hostPort to configure custom ports and check if it reflects in the CiliumNetworkPolicy.

Checklist

  • PR has at least one valid label: bug, enhancement, refactoring, documentation, tooling, and/or dependencies
  • PR has a milestone or the qa/skip-qa label

@mrdoggopat mrdoggopat added bug Something isn't working enhancement New feature or request labels Oct 8, 2024
@mrdoggopat mrdoggopat requested a review from a team as a code owner October 8, 2024 18:27
@mrdoggopat mrdoggopat added this to the v1.10.0 milestone Oct 8, 2024
@codecov-commenter
Copy link

codecov-commenter commented Oct 8, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 9.23077% with 118 lines in your changes missing coverage. Please review.

Project coverage is 49.90%. Comparing base (1d9b69b) to head (9759c5b).
Report is 12 commits behind head on main.

Files with missing lines Patch % Lines
...al/controller/datadogagent/feature/otlp/feature.go 9.23% 111 Missing and 7 partials ⚠️
Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #1452      +/-   ##
==========================================
+ Coverage   49.01%   49.90%   +0.88%     
==========================================
  Files         223      224       +1     
  Lines       19508    20327     +819     
==========================================
+ Hits         9562    10144     +582     
- Misses       9456     9637     +181     
- Partials      490      546      +56
Flag Coverage Δ
unittests 49.90% <9.23%> (+0.88%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines Coverage Δ
...al/controller/datadogagent/feature/otlp/feature.go 45.45% <9.23%> (-18.34%) ⬇️

... and 27 files with indirect coverage changes

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 1d9b69b...9759c5b. Read the comment docs.

@khewonc khewonc modified the milestones: v1.10.0, v1.11.0 Oct 10, 2024
@mrdoggopat mrdoggopat merged commit 24f18f9 into main Oct 11, 2024
19 checks passed
@mrdoggopat mrdoggopat deleted the mrmcpat-otlp-ingest-networkpolicy branch October 11, 2024 20:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@khewonc khewonc khewonc approved these changes

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees
No one assigned
Labels
bug Something isn't working enhancement New feature or request
Projects
None yet
Milestone
v1.11.0
Development

Successfully merging this pull request may close these issues.
3 participants
@mrdoggopat @codecov-commenter @khewonc