From 886388cafc65dbc6c77f27abb5ad8793fb359b63 Mon Sep 17 00:00:00 2001
From: Cedric Lamoriniere <cedric.lamoriniere@datadoghq.com>
Date: Wed, 15 Feb 2023 14:43:05 +0100
Subject: [PATCH] Fix: avoid panic in ksm-core ingresses collector

* Update kube-state-metrics dependencies to v2.7.0 to benefit from
  upstream fixes.
* Add kube-state-metrics patch on top of v.2.7.0 to make this version
  usage in the kubernetes_state_core check.
---
 go.mod                                        |  9 ++++-
 go.sum                                        | 13 ++-----
 .../cluster/ksm/kubernetes_state.go           |  6 ++-
 pkg/kubestatemetrics/builder/builder.go       | 37 +++++++++++--------
 4 files changed, 36 insertions(+), 29 deletions(-)

diff --git a/go.mod b/go.mod
index dce1cb78b1641f..8390c6a112da7f 100644
--- a/go.mod
+++ b/go.mod
@@ -230,13 +230,13 @@ require (
 	k8s.io/apiextensions-apiserver v0.25.5
 	k8s.io/apimachinery v0.25.5
 	k8s.io/apiserver v0.25.5
-	k8s.io/autoscaler/vertical-pod-autoscaler v0.10.0
+	k8s.io/autoscaler/vertical-pod-autoscaler v0.12.0
 	k8s.io/client-go v0.25.5
 	k8s.io/cri-api v0.25.5 // Cannot be upgraded to 0.26 without lossing CRI API v1alpha2
 	k8s.io/klog v1.0.1-0.20200310124935-4ad0115ba9e4 // Min version that includes fix for Windows Nano
 	k8s.io/klog/v2 v2.80.1
 	k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280
-	k8s.io/kube-state-metrics/v2 v2.4.2
+	k8s.io/kube-state-metrics/v2 v2.7.0
 	k8s.io/kubelet v0.25.5
 	k8s.io/metrics v0.25.5
 	k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2
@@ -574,6 +574,11 @@ replace github.com/golang/glog v1.0.0 => github.com/paulcacheux/glog v1.0.1-0.20
 
 replace github.com/vishvananda/netlink => github.com/DataDog/netlink v1.0.1-0.20220504230202-f7323aba1f6c
 
+// Replace kube-state-metrics repo until https://github.com/kubernetes/kube-state-metrics/pull/1994 is merged and cherry-pick on v2.7.1
+// Else we will need to wait v2.9.0 release.
+// the current version corresponds to the `dd-release-2.7` branch
+replace k8s.io/kube-state-metrics/v2 => github.com/datadog/kube-state-metrics/v2 v2.2.2-0.20230217083638-a9a9c0ff16f4
+
 // Use custom Trivy fork to reduce binary size
 // Pull in replacements needed by upstream Trivy
 replace (
diff --git a/go.sum b/go.sum
index e30a2f18fa2c84..5daa7077e889ea 100644
--- a/go.sum
+++ b/go.sum
@@ -619,6 +619,8 @@ github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c/go.mod h1:Ct2BUK8SB0YC1S
 github.com/d2g/dhcp4client v1.0.0/go.mod h1:j0hNfjhrt2SxUOw55nL0ATM/z4Yt3t2Kd1mW34z5W5s=
 github.com/d2g/dhcp4server v0.0.0-20181031114812-7d4a0a7f59a5/go.mod h1:Eo87+Kg/IX2hfWJfwxMzLyuSZyxSoAug2nGa1G2QAi8=
 github.com/d2g/hardwareaddr v0.0.0-20190221164911-e7d9fbe030e4/go.mod h1:bMl4RjIciD2oAxI7DmWRx6gbeqrkoLqv3MV0vzNad+I=
+github.com/datadog/kube-state-metrics/v2 v2.2.2-0.20230217083638-a9a9c0ff16f4 h1:ykrwvGAIsQrMVxl1YD2u23C62q/wsdPiSdWo8EUMRk0=
+github.com/datadog/kube-state-metrics/v2 v2.2.2-0.20230217083638-a9a9c0ff16f4/go.mod h1:1XUV6TkXSy78Ds3QKe5k/6J+YzqB/KZnc3uGTmCAwMo=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -788,7 +790,6 @@ github.com/go-logfmt/logfmt v0.5.1 h1:otpy5pqBCBZ1ng9RQ0dPu4PN7ba75Y/aA+UpowDyNV
 github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
 github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
 github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
-github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
 github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0=
@@ -2296,7 +2297,6 @@ golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20200221231518-2aa609cf4a9d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
@@ -2985,8 +2985,8 @@ k8s.io/apiextensions-apiserver v0.23.15 h1:ABxYYQ0d5WlqBboqlL00ZBT9HAKXs+DpkISTy
 k8s.io/apiextensions-apiserver v0.23.15/go.mod h1:+w9qQ3O85VidEPKRDkwfz5uwY0rwJN+t5+bbWmZJWPM=
 k8s.io/apimachinery v0.23.15 h1:IyYaHIVN2OL1QKXXye0IWNI/EpOBicMVRkj34rIdyPk=
 k8s.io/apimachinery v0.23.15/go.mod h1:mbefzm1H5rPdyibAc8rmzLAbr/oG60tDHQFj0FTqrZU=
-k8s.io/autoscaler/vertical-pod-autoscaler v0.10.0 h1:mSO9phIinHH3bRuXQkHMIA2uJ4i1WSayDeYr8J3bGjU=
-k8s.io/autoscaler/vertical-pod-autoscaler v0.10.0/go.mod h1:sOm4JDB+0ZrrqFuscsbWL5KoFMMJuOrN1NE/6ulmYNA=
+k8s.io/autoscaler/vertical-pod-autoscaler v0.12.0 h1:cy8LoXSl5GkTNJDTx3ZCS143f9Ai7gqnGkoUxPlGSmI=
+k8s.io/autoscaler/vertical-pod-autoscaler v0.12.0/go.mod h1:LraL5kR2xX7jb4VMCG6/tUH4I75uRHlnzC0VWQHcyWk=
 k8s.io/cli-runtime v0.25.3 h1:Zs7P7l7db/5J+KDePOVtDlArAa9pZXaDinGWGZl0aM8=
 k8s.io/client-go v0.23.15 h1:raIR9U0gmZwX2kkwR4PtLghcNfYTiB9QYdodlycmT1s=
 k8s.io/client-go v0.23.15/go.mod h1:ar8V/vcyQD28dkxGURvv2JTteCUL9PMW5DZXpNrJBTY=
@@ -3001,27 +3001,22 @@ k8s.io/gengo v0.0.0-20201113003025-83324d819ded/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAE
 k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
 k8s.io/gengo v0.0.0-20211129171323-c02415ce4185 h1:TT1WdmqqXareKxZ/oNXEUSwKlLiHzPMyB0t8BaFeBYI=
 k8s.io/gengo v0.0.0-20211129171323-c02415ce4185/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
-k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
 k8s.io/klog v1.0.1-0.20200310124935-4ad0115ba9e4 h1:PbZJplYddJmSutLN9divJ0qU2nwGuY9ce++qhcsjqU0=
 k8s.io/klog v1.0.1-0.20200310124935-4ad0115ba9e4/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
 k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
 k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
 k8s.io/klog/v2 v2.4.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
-k8s.io/klog/v2 v2.9.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec=
 k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4=
 k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65 h1:E3J9oCLlaobFUqsjG9DfKbP2BmgwBL2p7pn0A3dG9W4=
 k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65/go.mod h1:sX9MT8g7NVZM5lVL/j8QyCCJe8YSMW30QvGZWaCIDIk=
-k8s.io/kube-state-metrics/v2 v2.4.2 h1:IYloz4pxxy331k3DeUMmblagZokwyi+Wh6f7XbGn8gE=
-k8s.io/kube-state-metrics/v2 v2.4.2/go.mod h1:9Bwe50fiZLymSO58qKUAwmcr6CmsLu9qybTlGzHFcG4=
 k8s.io/kubectl v0.25.3 h1:HnWJziEtmsm4JaJiKT33kG0kadx68MXxUE8UEbXnN4U=
 k8s.io/kubelet v0.23.15 h1:7PFvNjNxj6AC58Vv37k8isFyHGMpa91lYctKLCSaS34=
 k8s.io/kubelet v0.23.15/go.mod h1:LdqsFYxm2o61tEFf9zf9bEcyeCw5Ev6x8Xv61tDBaZM=
 k8s.io/kubernetes v1.13.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk=
 k8s.io/metrics v0.23.15 h1:76eEvnxwjaNzj1HpwgyovjAFZ+RvF6J9CV/5/H7TX+E=
 k8s.io/metrics v0.23.15/go.mod h1:biUO8gcMwcwu23GIV0F1nE1XEynlmAO5/VBsJqRxvpo=
-k8s.io/utils v0.0.0-20200324210504-a9aa75ae1b89/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew=
 k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 k8s.io/utils v0.0.0-20211116205334-6203023598ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
diff --git a/pkg/collector/corechecks/cluster/ksm/kubernetes_state.go b/pkg/collector/corechecks/cluster/ksm/kubernetes_state.go
index 10db19839fab0a..19c48fc3530d27 100644
--- a/pkg/collector/corechecks/cluster/ksm/kubernetes_state.go
+++ b/pkg/collector/corechecks/cluster/ksm/kubernetes_state.go
@@ -243,7 +243,9 @@ func (k *KSMCheck) Configure(integrationConfigDigest uint64, config, initConfig
 		allowedLabels[collector] = []string{"*"}
 	}
 
-	builder.WithAllowLabels(allowedLabels)
+	if err = builder.WithAllowLabels(allowedLabels); err != nil {
+		return err
+	}
 
 	// Enable exposing resource annotations explicitly for kube_<resource>_annotations metadata metrics.
 	// Equivalent to configuring --metric-annotations-allowlist.
@@ -263,7 +265,7 @@ func (k *KSMCheck) Configure(integrationConfigDigest uint64, config, initConfig
 		namespaces = options.DefaultNamespaces
 	}
 
-	builder.WithNamespaces(namespaces, "")
+	builder.WithNamespaces(namespaces)
 
 	allowDenyList, err := allowdenylist.New(options.MetricSet{}, buildDeniedMetricsSet(collectors))
 	if err != nil {
diff --git a/pkg/kubestatemetrics/builder/builder.go b/pkg/kubestatemetrics/builder/builder.go
index 3862a8e70d6473..1855f33b5e5cc2 100644
--- a/pkg/kubestatemetrics/builder/builder.go
+++ b/pkg/kubestatemetrics/builder/builder.go
@@ -34,15 +34,15 @@ import (
 type Builder struct {
 	ksmBuilder ksmtypes.BuilderInterface
 
-	kubeClient      clientset.Interface
-	vpaClient       vpaclientset.Interface
-	namespaces      options.NamespaceList
-	namespaceFilter string
-	ctx             context.Context
-	allowDenyList   generator.FamilyGeneratorFilter
-	metrics         *watch.ListWatchMetrics
-	shard           int32
-	totalShards     int
+	kubeClient          clientset.Interface
+	vpaClient           vpaclientset.Interface
+	namespaces          options.NamespaceList
+	fieldSelectorFilter string
+	ctx                 context.Context
+	allowDenyList       generator.FamilyGeneratorFilter
+	metrics             *watch.ListWatchMetrics
+	shard               int32
+	totalShards         int
 
 	resync time.Duration
 }
@@ -55,10 +55,9 @@ func New() *Builder {
 }
 
 // WithNamespaces sets the namespaces property of a Builder.
-func (b *Builder) WithNamespaces(nss options.NamespaceList, nsFilter string) {
+func (b *Builder) WithNamespaces(nss options.NamespaceList) {
 	b.namespaces = nss
-	b.namespaceFilter = nsFilter
-	b.ksmBuilder.WithNamespaces(nss, nsFilter)
+	b.ksmBuilder.WithNamespaces(nss)
 }
 
 // WithFamilyGeneratorFilter configures the white or blacklisted metric to be
@@ -68,6 +67,12 @@ func (b *Builder) WithFamilyGeneratorFilter(l generator.FamilyGeneratorFilter) {
 	b.ksmBuilder.WithFamilyGeneratorFilter(l)
 }
 
+// WithFieldSelectorFilter sets the fieldSelector property of a Builder.
+func (b *Builder) WithFieldSelectorFilter(fieldSelectors string) {
+	b.fieldSelectorFilter = fieldSelectors
+	b.ksmBuilder.WithFieldSelectorFilter(fieldSelectors)
+}
+
 // WithSharding sets the shard and totalShards property of a Builder.
 func (b *Builder) WithSharding(shard int32, totalShards int) {
 	b.shard = shard
@@ -130,8 +135,8 @@ func (b *Builder) WithCustomResourceStoreFactories(fs ...customresource.Registry
 }
 
 // WithAllowLabels configures which labels can be returned for metrics
-func (b *Builder) WithAllowLabels(l map[string][]string) {
-	b.ksmBuilder.WithAllowLabels(l)
+func (b *Builder) WithAllowLabels(l map[string][]string) error {
+	return b.ksmBuilder.WithAllowLabels(l)
 }
 
 // WithAllowAnnotations configures which annotations can be returned for metrics
@@ -168,7 +173,7 @@ func (b *Builder) GenerateStores(
 
 	if b.namespaces.IsAllNamespaces() {
 		store := store.NewMetricsStore(composedMetricGenFuncs, reflect.TypeOf(expectedType).String())
-		listWatcher := listWatchFunc(b.kubeClient, corev1.NamespaceAll, b.namespaceFilter)
+		listWatcher := listWatchFunc(b.kubeClient, corev1.NamespaceAll, b.fieldSelectorFilter)
 		b.startReflector(expectedType, store, listWatcher)
 		return []cache.Store{store}
 
@@ -177,7 +182,7 @@ func (b *Builder) GenerateStores(
 	stores := make([]cache.Store, 0, len(b.namespaces))
 	for _, ns := range b.namespaces {
 		store := store.NewMetricsStore(composedMetricGenFuncs, reflect.TypeOf(expectedType).String())
-		listWatcher := listWatchFunc(b.kubeClient, ns, b.namespaceFilter)
+		listWatcher := listWatchFunc(b.kubeClient, ns, b.fieldSelectorFilter)
 		b.startReflector(expectedType, store, listWatcher)
 		stores = append(stores, store)
 	}