Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Include ports for networkpolicy or ciliumnetworkpolicy for OTLP ingest #1452

Merged
merged 3 commits into from
Oct 11, 2024
Merged

Include ports for networkpolicy or ciliumnetworkpolicy for OTLP ingest #1452

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
db9741a
create networkpolicy or ciliumnetworkpolicy for otlp ingest
mrdoggopat Oct 8, 2024
cf6dd4f
Merge branch 'main' into mrmcpat-otlp-ingest-networkpolicy
mrdoggopat Oct 8, 2024
9759c5b
simplify the host port configuration logic
mrdoggopat Oct 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
152 changes: 142 additions & 10 deletions internal/controller/datadogagent/feature/otlp/feature.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,15 +12,18 @@ import (
"strings"

corev1 "k8s.io/api/core/v1"
netv1 "k8s.io/api/networking/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/util/intstr"

"github.com/DataDog/datadog-operator/api/datadoghq/v2alpha1"
apiutils "github.com/DataDog/datadog-operator/api/utils"
"github.com/DataDog/datadog-operator/pkg/cilium/v1"
"github.com/go-logr/logr"

apicommon "github.com/DataDog/datadog-operator/api/datadoghq/common"
"github.com/DataDog/datadog-operator/internal/controller/datadogagent/common"
"github.com/DataDog/datadog-operator/internal/controller/datadogagent/component/objects"
"github.com/DataDog/datadog-operator/internal/controller/datadogagent/feature"
)

Expand Down Expand Up @@ -59,6 +62,9 @@ type otlpFeature struct {
forceEnableLocalService bool
localServiceName string

createKubernetesNetworkPolicy bool
createCiliumNetworkPolicy bool

owner metav1.Object
}

Expand Down Expand Up @@ -121,6 +127,15 @@ func (f *otlpFeature) Configure(dda *v2alpha1.DatadogAgent) (reqComp feature.Req
reqComp.Agent.Containers = append(reqComp.Agent.Containers, apicommon.TraceAgentContainerName)
}
}
if f.grpcEnabled || f.httpEnabled {
if enabled, flavor := v2alpha1.IsNetworkPolicyEnabled(dda); enabled {
if flavor == v2alpha1.NetworkPolicyFlavorCilium {
f.createCiliumNetworkPolicy = true
} else {
f.createKubernetesNetworkPolicy = true
}
}
}

return reqComp
}
Expand All @@ -130,13 +145,17 @@ func (f *otlpFeature) Configure(dda *v2alpha1.DatadogAgent) (reqComp feature.Req
func (f *otlpFeature) ManageDependencies(managers feature.ResourceManagers, components feature.RequiredComponents) error {
platformInfo := managers.Store().GetPlatformInfo()
versionInfo := platformInfo.GetVersionInfo()

if f.grpcEnabled {
port, err := extractPortEndpoint(f.grpcEndpoint)
if err != nil {
f.logger.Error(err, "failed to extract port from OTLP/gRPC endpoint")
return fmt.Errorf("failed to extract port from OTLP/gRPC endpoint: %w", err)
}
if f.grpcHostPortEnabled && f.grpcCustomHostPort != 0 {
port = f.grpcCustomHostPort
}
if common.ShouldCreateAgentLocalService(versionInfo, f.forceEnableLocalService) {
port, err := extractPortEndpoint(f.grpcEndpoint)
if err != nil {
f.logger.Error(err, "failed to extract port from OTLP/gRPC endpoint")
return fmt.Errorf("failed to extract port from OTLP/gRPC endpoint: %w", err)
}
servicePort := []corev1.ServicePort{
{
Protocol: corev1.ProtocolTCP,
Expand All @@ -150,14 +169,72 @@ func (f *otlpFeature) ManageDependencies(managers feature.ResourceManagers, comp
return err
}
}
//network policies for gRPC OTLP
policyName, podSelector := objects.GetNetworkPolicyMetadata(f.owner, v2alpha1.NodeAgentComponentName)
if f.createKubernetesNetworkPolicy {
protocolTCP := corev1.ProtocolTCP
ingressRules := []netv1.NetworkPolicyIngressRule{
{
Ports: []netv1.NetworkPolicyPort{
{
Port: &intstr.IntOrString{
Type: intstr.Int,
IntVal: port,
},
Protocol: &protocolTCP,
},
},
},
}
if err := managers.NetworkPolicyManager().AddKubernetesNetworkPolicy(
policyName,
f.owner.GetNamespace(),
podSelector,
nil,
ingressRules,
nil,
); err != nil {
return err
}
} else if f.createCiliumNetworkPolicy {
policySpecs := []cilium.NetworkPolicySpec{
{
Description: "Ingress for gRPC OTLP",
EndpointSelector: podSelector,
Ingress: []cilium.IngressRule{
{
FromEndpoints: []metav1.LabelSelector{
{},
},
ToPorts: []cilium.PortRule{
{
Ports: []cilium.PortProtocol{
{
Port: strconv.Itoa(int(port)),
Protocol: cilium.ProtocolTCP,
},
},
},
},
},
},
},
}
if err := managers.CiliumPolicyManager().AddCiliumPolicy(policyName, f.owner.GetNamespace(), policySpecs); err != nil {
return err
}
}
}
if f.httpEnabled {
port, err := extractPortEndpoint(f.httpEndpoint)
if err != nil {
f.logger.Error(err, "failed to extract port from OTLP/HTTP endpoint")
return fmt.Errorf("failed to extract port from OTLP/HTTP endpoint: %w", err)
}
if f.httpHostPortEnabled && f.httpCustomHostPort != 0 {
port = f.httpCustomHostPort
}
if common.ShouldCreateAgentLocalService(versionInfo, f.forceEnableLocalService) {
port, err := extractPortEndpoint(f.httpEndpoint)
if err != nil {
f.logger.Error(err, "failed to extract port from OTLP/HTTP endpoint")
return fmt.Errorf("failed to extract port from OTLP/HTTP endpoint: %w", err)
}
servicePort := []corev1.ServicePort{
{
Protocol: corev1.ProtocolTCP,
Expand All @@ -171,6 +248,61 @@ func (f *otlpFeature) ManageDependencies(managers feature.ResourceManagers, comp
return err
}
}
//network policies for HTTP OTLP
policyName, podSelector := objects.GetNetworkPolicyMetadata(f.owner, v2alpha1.NodeAgentComponentName)
if f.createKubernetesNetworkPolicy {
protocolTCP := corev1.ProtocolTCP
ingressRules := []netv1.NetworkPolicyIngressRule{
{
Ports: []netv1.NetworkPolicyPort{
{
Port: &intstr.IntOrString{
Type: intstr.Int,
IntVal: port,
},
Protocol: &protocolTCP,
},
},
},
}
if err := managers.NetworkPolicyManager().AddKubernetesNetworkPolicy(
policyName,
f.owner.GetNamespace(),
podSelector,
nil,
ingressRules,
nil,
); err != nil {
return err
}
} else if f.createCiliumNetworkPolicy {
policySpecs := []cilium.NetworkPolicySpec{
{
Description: "Ingress for HTTP OTLP",
EndpointSelector: podSelector,
Ingress: []cilium.IngressRule{
{
FromEndpoints: []metav1.LabelSelector{
{},
},
ToPorts: []cilium.PortRule{
{
Ports: []cilium.PortProtocol{
{
Port: strconv.Itoa(int(port)),
Protocol: cilium.ProtocolTCP,
},
},
},
},
},
},
},
}
if err := managers.CiliumPolicyManager().AddCiliumPolicy(policyName, f.owner.GetNamespace(), policySpecs); err != nil {
return err
}
}
}
return nil
}
Expand Down
Loading