feat: restricting sidecar image and tag setup (#550)

Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>

common/common.go

@@ -20,6 +20,29 @@ const (
 	OpenFeatureAnnotationRoot   = "openfeature.dev"
 )
 
+type EnvConfig struct {
+	PodNamespace    string `envconfig:"POD_NAMESPACE" default:"open-feature-operator-system"`
+	FlagdProxyImage string `envconfig:"FLAGD_PROXY_IMAGE" default:"ghcr.io/open-feature/flagd-proxy"`
+	// renovate: datasource=github-tags depName=open-feature/flagd/flagd-proxy
+	FlagdProxyTag            string `envconfig:"FLAGD_PROXY_TAG" default:"v0.3.0"`
+	FlagdProxyPort           int    `envconfig:"FLAGD_PROXY_PORT" default:"8015"`
+	FlagdProxyManagementPort int    `envconfig:"FLAGD_PROXY_MANAGEMENT_PORT" default:"8016"`
+	FlagdProxyDebugLogging   bool   `envconfig:"FLAGD_PROXY_DEBUG_LOGGING" default:"false"`
+
+	SidecarEnvVarPrefix   string `envconfig:"SIDECAR_ENV_VAR_PREFIX" default:"FLAGD"`
+	SidecarManagementPort int    `envconfig:"SIDECAR_MANAGEMENT_PORT" default:"8014"`
+	SidecarPort           int    `envconfig:"SIDECAR_PORT" default:"8013"`
+	SidecarImage          string `envconfig:"SIDECAR_IMAGE" default:"ghcr.io/open-feature/flagd"`
+	// renovate: datasource=github-tags depName=open-feature/flagd/flagd-proxy
+	SidecarTag           string `envconfig:"SIDECAR_TAG" default:"v0.7.0"`
+	SidecarSocketPath    string `envconfig:"SIDECAR_SOCKET_PATH" default:""`
+	SidecarEvaluator     string `envconfig:"SIDECAR_EVALUATOR" default:"json"`
+	SidecarProviderArgs  string `envconfig:"SIDECAR_PROVIDER_ARGS" default:""`
+	SidecarSyncProvider  string `envconfig:"SIDECAR_SYNC_PROVIDER" default:"kubernetes"`
+	SidecarLogFormat     string `envconfig:"SIDECAR_LOG_FORMAT" default:"json"`
+	SidecarProbesEnabled bool   `envconfig:"SIDECAR_PROBES_ENABLED" default:"true"`
+}
+
 func FeatureFlagSourceIndex(o client.Object) []string {
 	deployment, ok := o.(*appsV1.Deployment)
 	if !ok {

common/flagdinjector/flagdinjector.go

@@ -47,6 +47,8 @@ type FlagdContainerInjector struct {
 	Logger                    logr.Logger
 	FlagdProxyConfig          *flagdproxy.FlagdProxyConfiguration
 	FlagDResourceRequirements corev1.ResourceRequirements
+	Image                     string
+	Tag                       string
 }
 
 //nolint:gocyclo
@@ -76,7 +78,7 @@ func (fi *FlagdContainerInjector) InjectFlagd(
 	}
 
 	// append sync provider args
-	if flagSourceConfig.SyncProviderArgs != nil {
+	if len(flagSourceConfig.SyncProviderArgs) > 0 {
 		for _, v := range flagSourceConfig.SyncProviderArgs {
 			flagdContainer.Args = append(
 				flagdContainer.Args,
@@ -375,7 +377,7 @@ func (fi *FlagdContainerInjector) toKubernetesProviderConfig(ctx context.Context
 func (fi *FlagdContainerInjector) generateBasicFlagdContainer(flagSourceConfig *api.FeatureFlagSourceSpec) corev1.Container {
 	return corev1.Container{
 		Name:  "flagd",
-		Image: fmt.Sprintf("%s:%s", flagSourceConfig.Image, flagSourceConfig.Tag),
+		Image: fmt.Sprintf("%s:%s", fi.Image, fi.Tag),
 		Args: []string{
 			"start",
 		},

common/flagdinjector/flagdinjector_test.go

@@ -26,6 +26,11 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client/fake"
 )
 
+const (
+	testTag   = "0.5.0"
+	testImage = "flagd"
+)
+
 func TestFlagdContainerInjector_InjectDefaultSyncProvider(t *testing.T) {
 
 	namespace, fakeClient := initContainerInjectionTestEnv()
@@ -35,6 +40,8 @@ func TestFlagdContainerInjector_InjectDefaultSyncProvider(t *testing.T) {
 		Logger:                    testr.New(t),
 		FlagdProxyConfig:          getProxyConfig(),
 		FlagDResourceRequirements: getResourceRequirements(),
+		Image:                     testImage,
+		Tag:                       testTag,
 	}
 
 	deployment := appsV1.Deployment{
@@ -72,6 +79,8 @@ func TestFlagdContainerInjector_InjectDefaultSyncProvider_WithDebugLogging(t *te
 		Logger:                    testr.New(t),
 		FlagdProxyConfig:          getProxyConfig(),
 		FlagDResourceRequirements: getResourceRequirements(),
+		Image:                     testImage,
+		Tag:                       testTag,
 	}
 
 	deployment := appsV1.Deployment{
@@ -111,6 +120,8 @@ func TestFlagdContainerInjector_InjectDefaultSyncProvider_WithOtelCollectorUri(t
 		Logger:                    testr.New(t),
 		FlagdProxyConfig:          getProxyConfig(),
 		FlagDResourceRequirements: getResourceRequirements(),
+		Image:                     testImage,
+		Tag:                       testTag,
 	}
 
 	deployment := appsV1.Deployment{
@@ -150,6 +161,8 @@ func TestFlagdContainerInjector_InjectDefaultSyncProvider_WithResources(t *testi
 		Logger:                    testr.New(t),
 		FlagdProxyConfig:          getProxyConfig(),
 		FlagDResourceRequirements: getResourceRequirements(),
+		Image:                     testImage,
+		Tag:                       testTag,
 	}
 
 	deployment := appsV1.Deployment{
@@ -199,6 +212,8 @@ func TestFlagdContainerInjector_InjectDefaultSyncProvider_WithSyncProviderArgs(t
 		Logger:                    testr.New(t),
 		FlagdProxyConfig:          getProxyConfig(),
 		FlagDResourceRequirements: getResourceRequirements(),
+		Image:                     testImage,
+		Tag:                       testTag,
 	}
 
 	deployment := appsV1.Deployment{
@@ -238,6 +253,8 @@ func TestFlagdContainerInjector_InjectFlagdKubernetesSource(t *testing.T) {
 		Logger:                    testr.New(t),
 		FlagdProxyConfig:          getProxyConfig(),
 		FlagDResourceRequirements: getResourceRequirements(),
+		Image:                     testImage,
+		Tag:                       testTag,
 	}
 
 	deployment := appsV1.Deployment{
@@ -289,6 +306,8 @@ func TestFlagdContainerInjector_InjectFlagdFilePathSource(t *testing.T) {
 		Logger:                    testr.New(t),
 		FlagdProxyConfig:          getProxyConfig(),
 		FlagDResourceRequirements: getResourceRequirements(),
+		Image:                     testImage,
+		Tag:                       testTag,
 	}
 
 	deployment := appsV1.Deployment{
@@ -365,6 +384,8 @@ func TestFlagdContainerInjector_InjectFlagdFilePathSource_UpdateReferencedConfig
 		Logger:                    testr.New(t),
 		FlagdProxyConfig:          getProxyConfig(),
 		FlagDResourceRequirements: getResourceRequirements(),
+		Image:                     testImage,
+		Tag:                       testTag,
 	}
 
 	ownerRef := metav1.OwnerReference{
@@ -444,6 +465,8 @@ func TestFlagdContainerInjector_InjectHttpSource(t *testing.T) {
 		Logger:                    testr.New(t),
 		FlagdProxyConfig:          getProxyConfig(),
 		FlagDResourceRequirements: getResourceRequirements(),
+		Image:                     testImage,
+		Tag:                       testTag,
 	}
 
 	deployment := appsV1.Deployment{
@@ -486,6 +509,8 @@ func TestFlagdContainerInjector_InjectGrpcSource(t *testing.T) {
 		Logger:                    testr.New(t),
 		FlagdProxyConfig:          getProxyConfig(),
 		FlagDResourceRequirements: getResourceRequirements(),
+		Image:                     testImage,
+		Tag:                       testTag,
 	}
 
 	deployment := appsV1.Deployment{
@@ -531,6 +556,8 @@ func TestFlagdContainerInjector_InjectProxySource_ProxyNotAvailable(t *testing.T
 		Logger:                    testr.New(t),
 		FlagdProxyConfig:          getProxyConfig(),
 		FlagDResourceRequirements: getResourceRequirements(),
+		Image:                     testImage,
+		Tag:                       testTag,
 	}
 
 	deployment := appsV1.Deployment{
@@ -572,6 +599,8 @@ func TestFlagdContainerInjector_InjectProxySource_ProxyNotReady(t *testing.T) {
 		Logger:                    testr.New(t),
 		FlagdProxyConfig:          getProxyConfig(),
 		FlagDResourceRequirements: getResourceRequirements(),
+		Image:                     testImage,
+		Tag:                       testTag,
 	}
 
 	deployment := appsV1.Deployment{
@@ -616,6 +645,8 @@ func TestFlagdContainerInjector_InjectProxySource_ProxyIsReady(t *testing.T) {
 		Logger:                    testr.New(t),
 		FlagdProxyConfig:          getProxyConfig(),
 		FlagDResourceRequirements: getResourceRequirements(),
+		Image:                     testImage,
+		Tag:                       testTag,
 	}
 
 	deployment := appsV1.Deployment{
@@ -655,6 +686,8 @@ func TestFlagdContainerInjector_Inject_FlagdContainerAlreadyPresent(t *testing.T
 		Logger:                    testr.New(t),
 		FlagdProxyConfig:          getProxyConfig(),
 		FlagDResourceRequirements: getResourceRequirements(),
+		Image:                     testImage,
+		Tag:                       testTag,
 	}
 
 	deployment := appsV1.Deployment{
@@ -697,6 +730,8 @@ func TestFlagdContainerInjector_InjectUnknownSyncProvider(t *testing.T) {
 		Logger:                    testr.New(t),
 		FlagdProxyConfig:          getProxyConfig(),
 		FlagDResourceRequirements: getResourceRequirements(),
+		Image:                     testImage,
+		Tag:                       testTag,
 	}
 
 	deployment := appsV1.Deployment{
@@ -833,8 +868,6 @@ func getFlagSourceConfigSpec() *api.FeatureFlagSourceSpec {
 	return &api.FeatureFlagSourceSpec{
 		ManagementPort: 8014,
 		Port:           8013,
-		Image:          "flagd",
-		Tag:            "0.5.0",
 		EnvVars: []v1.EnvVar{
 			{
 				Name:  "my-env-var",
@@ -951,8 +984,8 @@ func getProxyConfig() *flagdproxy.FlagdProxyConfiguration {
 		Port:           8013,
 		ManagementPort: 8014,
 		DebugLogging:   false,
-		Image:          "flagd",
-		Tag:            "0.5.0",
+		Image:          testImage,
+		Tag:            testTag,
 		Namespace:      "my-namespace",
 	}
 }
@@ -1031,6 +1064,8 @@ func TestFlagdContainerInjector_EnableClusterRoleBinding_AddDefaultServiceAccoun
 		Logger:                    testr.New(t),
 		FlagdProxyConfig:          getProxyConfig(),
 		FlagDResourceRequirements: getResourceRequirements(),
+		Image:                     testImage,
+		Tag:                       testTag,
 	}
 
 	err = fi.EnableClusterRoleBinding(context.Background(), namespace, "")
@@ -1075,6 +1110,8 @@ func TestFlagdContainerInjector_EnableClusterRoleBinding_ServiceAccountName(t *t
 		Logger:                    testr.New(t),
 		FlagdProxyConfig:          getProxyConfig(),
 		FlagDResourceRequirements: getResourceRequirements(),
+		Image:                     testImage,
+		Tag:                       testTag,
 	}
 
 	err = fi.EnableClusterRoleBinding(context.Background(), namespace, "my-serviceaccount")
@@ -1125,6 +1162,8 @@ func TestFlagdContainerInjector_EnableClusterRoleBinding_ServiceAccountAlreadyIn
 		Logger:                    testr.New(t),
 		FlagdProxyConfig:          getProxyConfig(),
 		FlagDResourceRequirements: getResourceRequirements(),
+		Image:                     testImage,
+		Tag:                       testTag,
 	}
 
 	err = fi.EnableClusterRoleBinding(context.Background(), namespace, "my-serviceaccount")
@@ -1159,6 +1198,8 @@ func TestFlagdContainerInjector_EnableClusterRoleBinding_ClusterRoleBindingNotFo
 		Logger:                    testr.New(t),
 		FlagdProxyConfig:          getProxyConfig(),
 		FlagDResourceRequirements: getResourceRequirements(),
+		Image:                     testImage,
+		Tag:                       testTag,
 	}
 
 	err = fi.EnableClusterRoleBinding(context.Background(), namespace, "my-serviceaccount")

common/flagdproxy/flagdproxy.go

@@ -3,10 +3,9 @@ package flagdproxy
 import (
 	"context"
 	"fmt"
-	"os"
 
 	"github.com/go-logr/logr"
-	"github.com/open-feature/open-feature-operator/common/utils"
+	"github.com/open-feature/open-feature-operator/common"
 	appsV1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
@@ -20,21 +19,7 @@ const (
 	FlagdProxyDeploymentName     = "flagd-proxy"
 	FlagdProxyServiceAccountName = "open-feature-operator-flagd-proxy"
 	FlagdProxyServiceName        = "flagd-proxy-svc"
-	// renovate: datasource=github-tags depName=open-feature/flagd/flagd-proxy
-	DefaultFlagdProxyTag            = "v0.3.0"
-	DefaultFlagdProxyImage          = "ghcr.io/open-feature/flagd-proxy"
-	DefaultFlagdProxyPort           = 8015
-	DefaultFlagdProxyManagementPort = 8016
-	DefaultFlagdProxyDebugLogging   = false
-	DefaultFlagdProxyNamespace      = "open-feature-operator-system"
-
-	envVarPodNamespace        = "POD_NAMESPACE"
-	envVarProxyImage          = "FLAGD_PROXY_IMAGE"
-	envVarProxyTag            = "FLAGD_PROXY_TAG"
-	envVarProxyPort           = "FLAGD_PROXY_PORT"
-	envVarProxyManagementPort = "FLAGD_PROXY_MANAGEMENT_PORT"
-	envVarProxyDebugLogging   = "FLAGD_PROXY_DEBUG_LOGGING"
-	operatorDeploymentName    = "open-feature-operator-controller-manager"
+	operatorDeploymentName       = "open-feature-operator-controller-manager"
 )
 
 type FlagdProxyHandler struct {
@@ -53,44 +38,16 @@ type FlagdProxyConfiguration struct {
 	OperatorDeploymentName string
 }
 
-func NewFlagdProxyConfiguration() (*FlagdProxyConfiguration, error) {
-	config := &FlagdProxyConfiguration{
-		Image:                  DefaultFlagdProxyImage,
-		Tag:                    DefaultFlagdProxyTag,
-		Namespace:              DefaultFlagdProxyNamespace,
+func NewFlagdProxyConfiguration(env common.EnvConfig) *FlagdProxyConfiguration {
+	return &FlagdProxyConfiguration{
+		Image:                  env.FlagdProxyImage,
+		Tag:                    env.FlagdProxyTag,
+		Namespace:              env.PodNamespace,
 		OperatorDeploymentName: operatorDeploymentName,
+		Port:                   env.FlagdProxyPort,
+		ManagementPort:         env.FlagdProxyManagementPort,
+		DebugLogging:           env.FlagdProxyDebugLogging,
 	}
-	ns, ok := os.LookupEnv(envVarPodNamespace)
-	if ok {
-		config.Namespace = ns
-	}
-	kpi, ok := os.LookupEnv(envVarProxyImage)
-	if ok {
-		config.Image = kpi
-	}
-	kpt, ok := os.LookupEnv(envVarProxyTag)
-	if ok {
-		config.Tag = kpt
-	}
-	port, err := utils.GetIntEnvVar(envVarProxyPort, DefaultFlagdProxyPort)
-	if err != nil {
-		return config, err
-	}
-	config.Port = port
-
-	managementPort, err := utils.GetIntEnvVar(envVarProxyManagementPort, DefaultFlagdProxyManagementPort)
-	if err != nil {
-		return config, err
-	}
-	config.ManagementPort = managementPort
-
-	kpDebugLogging, err := utils.GetBoolEnvVar(envVarProxyDebugLogging, DefaultFlagdProxyDebugLogging)
-	if err != nil {
-		return config, err
-	}
-	config.DebugLogging = kpDebugLogging
-
-	return config, nil
 }
 
 func NewFlagdProxyHandler(config *FlagdProxyConfiguration, client client.Client, logger logr.Logger) *FlagdProxyHandler {