-
Notifications
You must be signed in to change notification settings - Fork 209
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Namespace Source instrumentation #2105
Add Namespace Source instrumentation #2105
Conversation
97d3821
to
5d3f265
Compare
@tamirdavid1 looks like the tests are failing the 2nd time I instrument the apps (by namespace) with this diff:
I'm just curious if you think this could be related to #2082? If so is there anything I should update to react to that? For reference, this test is trying to:
|
5d3f265
to
40c0205
Compare
@tamirdavid1 doing more trials it looks like this doesn't happen the first time the workload is instrumented, only on subsequent attempts |
4880f52
to
aae3f77
Compare
d9acb7d
to
c228058
Compare
instrumentor/controllers/deleteinstrumentedapplication/namespace_controller.go
Outdated
Show resolved
Hide resolved
instrumentor/controllers/deleteinstrumentedapplication/source_controller.go
Outdated
Show resolved
Hide resolved
instrumentor/controllers/deleteinstrumentedapplication/source_controller.go
Outdated
Show resolved
Hide resolved
instrumentor/controllers/startlangdetection/source_controller.go
Outdated
Show resolved
Hide resolved
instrumentor/controllers/startlangdetection/source_controller.go
Outdated
Show resolved
Hide resolved
instrumentor/controllers/startlangdetection/workload_controllers.go
Outdated
Show resolved
Hide resolved
if err != nil { | ||
return ctrl.Result{}, err | ||
} | ||
if len(sourceList.Items) == 0 { | ||
return ctrl.Result{}, nil | ||
} | ||
// if this is explicitly excluded (ie, namespace instrumentation), skip | ||
for _, s := range sourceList.Items { | ||
if _, exists := s.Labels[consts.OdigosWorkloadExcludedLabel]; exists { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s
in this case can also be a source of kind Namespace
, this gives a specific semantic to this check (excluded namespaces will also trigger the workload to be considered as not instrumented
. Not sure I covered all cases in my head, but if the Namespace
is excluded, and the workload source is not, I think it might not get instrumented when it should.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wasn't aware that we could have an excluded namespace with an included workload inside of it. I thought it was only the other way around (ie, you can instrument a namespace and specify certain workloads to exclude). If both are the case I'll update
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it's not officially something that we suggest people to do, but no one will stop users from populating the label on a namespace. In this case it might be worth making sure we still instrument correctly :)
instrumentor/controllers/deleteinstrumentedapplication/source_controller.go
Outdated
Show resolved
Hide resolved
instrumentor/controllers/startlangdetection/source_controller.go
Outdated
Show resolved
Hide resolved
instrumentor/controllers/startlangdetection/source_controller.go
Outdated
Show resolved
Hide resolved
note: blocked on #2107 for tests to pass |
@blumamir @RonFed I think I got to all the feedback, ptal. One thing I realized this was missing was the case where someone creates or deletes and excluded Source in a namespace that's already instrumented. That's added along with tests in 7295ac9. There are basically 4 cases:
This requires 2 finalizers. I'm planning to move the finalizer creation to the same mutating webhook we'll use for label defaulting. But for now, this will work. If it's helpful, I had to draw it out to understand: |
if sourceList.Namespace != nil && sourceList.Namespace.DeletionTimestamp.IsZero() { | ||
return true, nil | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if the workload has a source CR, then it's not inheriting it's instrumentation from the ns, but this function can return true
here instead of false
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
like we talked about offline, this function and its use will be refactored in the backend label clean-up. Keeping this open as a reminder to do that
@@ -38,34 +41,138 @@ type SourceReconciler struct { | |||
|
|||
func (r *SourceReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { | |||
logger := log.FromContext(ctx) | |||
logger.Info("Reconciling Deleted Source object", "name", req.Name, "namespace", req.Namespace) | |||
logger.Info("Reconciling Source object", "name", req.Name, "namespace", req.Namespace) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we want to also write the kind here? so it's not ambiguous
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This log line just refers to the Source object itself, so the kind is always Source. A Source can be named differently from the workload, for example:
apiVersion: odigos.io/v1alpha1
kind: Source
metadata:
name: my-source # <--- source name
namespace: default
spec:
workload:
name: coupone # <--- workload name
namespace: default
kind: Deployment
instrumentor/controllers/deleteinstrumentationconfig/source_controller.go
Show resolved
Hide resolved
instrumentor/controllers/deleteinstrumentationconfig/source_controller.go
Outdated
Show resolved
Hide resolved
instrumentor/controllers/deleteinstrumentationconfig/source_controller.go
Outdated
Show resolved
Hide resolved
instrumentor/controllers/deleteinstrumentationconfig/source_controller.go
Outdated
Show resolved
Hide resolved
instrumentor/controllers/deleteinstrumentationconfig/source_controller.go
Outdated
Show resolved
Hide resolved
@@ -151,11 +151,15 @@ func syncGenericWorkloadListToNs(ctx context.Context, c client.Client, kind work | |||
} | |||
} | |||
|
|||
if !isInheritingInstrumentationFromNs(freshWorkloadCopy) { | |||
var err error | |||
inheriting, err := isInheritingInstrumentationFromNs(ctx, c, freshWorkloadCopy) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this check only says if a workload instrumentation is inherited from ns. not if it's effectively instrumented or not.
It used to be ok because of this which guaranteed that this function is called after we already know the namespace is not labeled.
I think that the changes in this PR renders this assumption invalid, and we can now deleteWorkloadInstrumentationConfig
and removeReportedNameAnnotation
below even for instrumented workloads.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same as #2105 (comment)
This adds instrumentation+uninstrumentation for Namespace-wide resources with Source objects. A namespace Source looks like so:
With
name
andnamespace
matching the name of the Namespace, andkind
set toNamespace
. These 3 fields are required because we're have the entire PodWorkload field marked required, so this can probably be simplified.What this does:
GetSourceListForWorkload
, check for inherited instrumentation from Namespace.odigos.io/excluded
on a Source for that workload -- TODO add a test for this)isInheritingInstrumentationFromNs
insyncGenericWorkloadListToNs