Fix: avoid panic in ksm-core ingresses collector

LICENSE-3rdparty.csv

@@ -1180,6 +1180,7 @@ core,github.com/prometheus/client_model/go,Apache-2.0,Copyright 2012-2015 The Pr
 core,github.com/prometheus/common/expfmt,Apache-2.0,Copyright 2012-2015 The Prometheus Authors
 core,github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg,Apache-2.0,Copyright 2012-2015 The Prometheus Authors
 core,github.com/prometheus/common/model,Apache-2.0,Copyright 2012-2015 The Prometheus Authors
+core,github.com/prometheus/common/version,Apache-2.0,Copyright 2012-2015 The Prometheus Authors
 core,github.com/prometheus/procfs,Apache-2.0,Copyright 2012-2015 The Prometheus Authors
 core,github.com/prometheus/procfs/internal/fs,Apache-2.0,Copyright 2012-2015 The Prometheus Authors
 core,github.com/prometheus/procfs/internal/util,Apache-2.0,Copyright 2012-2015 The Prometheus Authors

go.mod

@@ -230,13 +230,13 @@ require (
 	k8s.io/apiextensions-apiserver v0.25.5
 	k8s.io/apimachinery v0.25.5
 	k8s.io/apiserver v0.25.5
-	k8s.io/autoscaler/vertical-pod-autoscaler v0.10.0
+	k8s.io/autoscaler/vertical-pod-autoscaler v0.12.0
 	k8s.io/client-go v0.25.5
 	k8s.io/cri-api v0.25.5 // Cannot be upgraded to 0.26 without lossing CRI API v1alpha2
 	k8s.io/klog v1.0.1-0.20200310124935-4ad0115ba9e4 // Min version that includes fix for Windows Nano
 	k8s.io/klog/v2 v2.80.1
 	k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280
-	k8s.io/kube-state-metrics/v2 v2.4.2
+	k8s.io/kube-state-metrics/v2 v2.7.0
 	k8s.io/kubelet v0.25.5
 	k8s.io/metrics v0.25.5
 	k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2
@@ -574,6 +574,11 @@ replace github.com/golang/glog v1.0.0 => github.com/paulcacheux/glog v1.0.1-0.20
 
 replace github.com/vishvananda/netlink => github.com/DataDog/netlink v1.0.1-0.20220504230202-f7323aba1f6c
 
+// Replace kube-state-metrics repo until https://github.com/kubernetes/kube-state-metrics/pull/1994 is merged and cherry-pick on v2.7.1
+// Else we will need to wait v2.9.0 release.
+// the current version corresponds to the `dd-release-2.7` branch
+replace k8s.io/kube-state-metrics/v2 => github.com/datadog/kube-state-metrics/v2 v2.2.2-0.20230217083638-a9a9c0ff16f4
+
 // Use custom Trivy fork to reduce binary size
 // Pull in replacements needed by upstream Trivy
 replace (

pkg/collector/corechecks/cluster/ksm/kubernetes_state.go

@@ -243,7 +243,9 @@ func (k *KSMCheck) Configure(integrationConfigDigest uint64, config, initConfig
 		allowedLabels[collector] = []string{"*"}
 	}
 
-	builder.WithAllowLabels(allowedLabels)
+	if err = builder.WithAllowLabels(allowedLabels); err != nil {
+		return err
+	}
 
 	// Enable exposing resource annotations explicitly for kube_<resource>_annotations metadata metrics.
 	// Equivalent to configuring --metric-annotations-allowlist.
@@ -263,7 +265,7 @@ func (k *KSMCheck) Configure(integrationConfigDigest uint64, config, initConfig
 		namespaces = options.DefaultNamespaces
 	}
 
-	builder.WithNamespaces(namespaces, "")
+	builder.WithNamespaces(namespaces)
 
 	allowDenyList, err := allowdenylist.New(options.MetricSet{}, buildDeniedMetricsSet(collectors))
 	if err != nil {

pkg/kubestatemetrics/builder/builder.go

@@ -34,15 +34,15 @@ import (
 type Builder struct {
 	ksmBuilder ksmtypes.BuilderInterface
 
-	kubeClient      clientset.Interface
-	vpaClient       vpaclientset.Interface
-	namespaces      options.NamespaceList
-	namespaceFilter string
-	ctx             context.Context
-	allowDenyList   generator.FamilyGeneratorFilter
-	metrics         *watch.ListWatchMetrics
-	shard           int32
-	totalShards     int
+	kubeClient          clientset.Interface
+	vpaClient           vpaclientset.Interface
+	namespaces          options.NamespaceList
+	fieldSelectorFilter string
+	ctx                 context.Context
+	allowDenyList       generator.FamilyGeneratorFilter
+	metrics             *watch.ListWatchMetrics
+	shard               int32
+	totalShards         int
 
 	resync time.Duration
 }
@@ -55,10 +55,9 @@ func New() *Builder {
 }
 
 // WithNamespaces sets the namespaces property of a Builder.
-func (b *Builder) WithNamespaces(nss options.NamespaceList, nsFilter string) {
+func (b *Builder) WithNamespaces(nss options.NamespaceList) {
 	b.namespaces = nss
-	b.namespaceFilter = nsFilter
-	b.ksmBuilder.WithNamespaces(nss, nsFilter)
+	b.ksmBuilder.WithNamespaces(nss)
 }
 
 // WithFamilyGeneratorFilter configures the white or blacklisted metric to be
@@ -68,6 +67,12 @@ func (b *Builder) WithFamilyGeneratorFilter(l generator.FamilyGeneratorFilter) {
 	b.ksmBuilder.WithFamilyGeneratorFilter(l)
 }
 
+// WithFieldSelectorFilter sets the fieldSelector property of a Builder.
+func (b *Builder) WithFieldSelectorFilter(fieldSelectors string) {
+	b.fieldSelectorFilter = fieldSelectors
+	b.ksmBuilder.WithFieldSelectorFilter(fieldSelectors)
+}
+
 // WithSharding sets the shard and totalShards property of a Builder.
 func (b *Builder) WithSharding(shard int32, totalShards int) {
 	b.shard = shard
@@ -130,8 +135,8 @@ func (b *Builder) WithCustomResourceStoreFactories(fs ...customresource.Registry
 }
 
 // WithAllowLabels configures which labels can be returned for metrics
-func (b *Builder) WithAllowLabels(l map[string][]string) {
-	b.ksmBuilder.WithAllowLabels(l)
+func (b *Builder) WithAllowLabels(l map[string][]string) error {
+	return b.ksmBuilder.WithAllowLabels(l)
 }
 
 // WithAllowAnnotations configures which annotations can be returned for metrics
@@ -168,7 +173,7 @@ func (b *Builder) GenerateStores(
 
 	if b.namespaces.IsAllNamespaces() {
 		store := store.NewMetricsStore(composedMetricGenFuncs, reflect.TypeOf(expectedType).String())
-		listWatcher := listWatchFunc(b.kubeClient, corev1.NamespaceAll, b.namespaceFilter)
+		listWatcher := listWatchFunc(b.kubeClient, corev1.NamespaceAll, b.fieldSelectorFilter)
 		b.startReflector(expectedType, store, listWatcher)
 		return []cache.Store{store}
 
@@ -177,7 +182,7 @@ func (b *Builder) GenerateStores(
 	stores := make([]cache.Store, 0, len(b.namespaces))
 	for _, ns := range b.namespaces {
 		store := store.NewMetricsStore(composedMetricGenFuncs, reflect.TypeOf(expectedType).String())
-		listWatcher := listWatchFunc(b.kubeClient, ns, b.namespaceFilter)
+		listWatcher := listWatchFunc(b.kubeClient, ns, b.fieldSelectorFilter)
 		b.startReflector(expectedType, store, listWatcher)
 		stores = append(stores, store)
 	}

releasenotes/notes/fix-panic-in-ksm-core-with-Ingresses-7b3143fbd556ab0a.yaml

@@ -0,0 +1,13 @@
+# Each section from every release note are combined when the
+# CHANGELOG.rst is rendered. So the text needs to be worded so that
+# it does not depend on any information only available in another
+# section. This may mean repeating some details, but each section
+# must be readable independently of the other.
+#
+# Each section note must be formatted as reStructuredText.
+---
+fixes:
+  - |
+    Avoid panic in kubernetes_state_core check with specific Ingress
+    objects configuration.
+