Updates for OpenShift compatibility (#2348)

OpenShift seems to enable [OwnerReferencesPermissionEnforcement](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement) by default, which gives errors like this when setting OwnerReferences: ``` 2025-01-29T19:42:38Z ERROR Reconciler error {"controller": "startlangdetection-source", "controllerGroup": "odigos.io", "controllerKind": "Source", "Source": {"name":"source-xsbv2","namespace":"test-project"}, "namespace": "test-project", "name": "source-xsbv2", "reconcileID": "c36405f6-40bb-4eb0-9d5d-fe4bc7802994", "error": "instrumentationconfigs.odigos.io \"deployment-inventory\" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: , <nil>"} ``` This basically means wherever we update an ownerreference with `BlockOwnerDeletion: true` (which is set by the controller-runtime helpers), we also need permission to update the finalizers for whatever we're making the owner. I found this in these places: * When the autoscaler creates a collector configmap, the owner of the ConfigMap is the CollectorsGroups. So we need to be able to update `collectorsgroups/finalizers` * When the Instrumentor creates an InstrumentationConfig, the owner of the InstrumentationConfig is the workload. So we need finalizers for deployments,statefulsets,and daemonsets * When the odiglet creates an InstrumentationInstance, the owner of the InstrumentationInstance is also the workload. Same as above This also adds the SELinux volume mount from #1131 to the Odiglet init container added in #1355, along with making the init container privileged and adding logging for when the SELinux commands aren't found (this was failing silently) This also updates the `--openshift` flag to automatically use the `*-ubi9` images. If no `--image-prefix` is set, the images will be pulled from `registry.connect.redhat.com/odigos`.
odigos-io · Jan 31, 2025 · 3808517 · 3808517
1 parent dfff83d
commit 3808517
Show file tree

Hide file tree

Showing 37 changed files with 260 additions and 155 deletions.
diff --git a/api/k8sconsts/autoscaler.go b/api/k8sconsts/autoscaler.go
@@ -2,6 +2,7 @@ package k8sconsts
 
 const (
 	AutoScalerDeploymentName         = "odigos-autoscaler"
+	AutoScalerImageUBI9              = "odigos-autoscaler-ubi9"
 	AutoScalerServiceAccountName     = AutoScalerDeploymentName
 	AutoScalerAppLabelValue          = AutoScalerDeploymentName
 	AutoScalerRoleName               = AutoScalerDeploymentName

diff --git a/api/k8sconsts/clustercollector.go b/api/k8sconsts/clustercollector.go
@@ -1,6 +1,9 @@
 package k8sconsts
 
 const (
+	OdigosClusterCollectorImage     = "keyval/odigos-collector"
+	OdigosClusterCollectorImageUBI9 = "odigos-collector-ubi9"
+
 	OdigosClusterCollectorDeploymentName = "odigos-gateway"
 	OdigosClusterCollectorConfigMapName  = OdigosClusterCollectorDeploymentName
 	OdigosClusterCollectorServiceName    = OdigosClusterCollectorDeploymentName

diff --git a/api/k8sconsts/consts.go b/api/k8sconsts/consts.go
@@ -4,6 +4,8 @@ import (
 	"k8s.io/apimachinery/pkg/util/version"
 )
 
+const RedHatImagePrefix = "registry.connect.redhat.com/odigos"
+
 const (
 	OdigletPprofEndpointPort    int32 = 6060
 	CollectorsPprofEndpointPort int32 = 1777

diff --git a/api/k8sconsts/instrumentor.go b/api/k8sconsts/instrumentor.go
@@ -3,6 +3,7 @@ package k8sconsts
 const (
 	InstrumentorOtelServiceName             = "instrumentor"
 	InstrumentorDeploymentName              = "odigos-instrumentor"
+	InstrumentorImageUBI9                   = "odigos-instrumentor-ubi9"
 	InstrumentorAppLabelValue               = InstrumentorDeploymentName
 	InstrumentorServiceName                 = InstrumentorDeploymentName
 	InstrumentorServiceAccountName          = InstrumentorDeploymentName

diff --git a/api/k8sconsts/odiglet.go b/api/k8sconsts/odiglet.go
@@ -11,4 +11,6 @@ const (
 	OdigletContainerName          = "odiglet"
 	OdigletImageName              = "keyval/odigos-odiglet"
 	OdigletEnterpriseImageName    = "keyval/odigos-enterprise-odiglet"
+	OdigletEnterpriseImageUBI9    = "odigos-enterprise-odiglet-ubi9"
+	OdigletImageUBI9              = "odigos-odiglet-ubi9"
 )
diff --git a/api/k8sconsts/scheduler.go b/api/k8sconsts/scheduler.go
@@ -2,6 +2,7 @@ package k8sconsts
 
 const (
 	SchedulerImage                  = "keyval/odigos-scheduler"
+	SchedulerImageUBI9              = "odigos-scheduler-ubi9"
 	SchedulerServiceName            = "scheduler"
 	SchedulerDeploymentName         = "odigos-scheduler"
 	SchedulerAppLabelValue          = SchedulerDeploymentName

diff --git a/api/k8sconsts/ui.go b/api/k8sconsts/ui.go
@@ -2,6 +2,7 @@ package k8sconsts
 
 const (
 	UIImage              = "keyval/odigos-ui"
+	UIImageUBI9          = "odigos-ui-ubi9"
 	UIServiceName        = "ui"
 	UIDeploymentName     = "odigos-ui"
 	UIAppLabelValue      = "odigos-ui"

diff --git a/autoscaler/controllers/collectorsgroup_controller.go b/autoscaler/controllers/collectorsgroup_controller.go
@@ -20,7 +20,6 @@ import (
 	"context"
 
 	odigosv1 "github.com/odigos-io/odigos/api/odigos/v1alpha1"
-	controllerconfig "github.com/odigos-io/odigos/autoscaler/controllers/controller_config"
 	"github.com/odigos-io/odigos/autoscaler/controllers/datacollection"
 	"github.com/odigos-io/odigos/autoscaler/controllers/gateway"
 	"sigs.k8s.io/controller-runtime/pkg/predicate"
@@ -40,14 +39,13 @@ type CollectorsGroupReconciler struct {
 	OdigosVersion        string
 	K8sVersion           *version.Version
 	DisableNameProcessor bool
-	Config               *controllerconfig.ControllerConfig
 }
 
 func (r *CollectorsGroupReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
 	logger := log.FromContext(ctx)
 	logger.V(0).Info("Reconciling CollectorsGroup")
 
-	err := gateway.Sync(ctx, r.Client, r.Scheme, r.ImagePullSecrets, r.OdigosVersion, r.Config)
+	err := gateway.Sync(ctx, r.Client, r.Scheme, r.ImagePullSecrets, r.OdigosVersion)
 	if err != nil {
 		return ctrl.Result{}, err
 	}

diff --git a/autoscaler/controllers/common/config.go b/autoscaler/controllers/common/config.go
@@ -2,9 +2,12 @@ package common
 
 import (
 	odigosv1 "github.com/odigos-io/odigos/api/odigos/v1alpha1"
+	controllerconfig "github.com/odigos-io/odigos/autoscaler/controllers/controller_config"
 	"github.com/odigos-io/odigos/common/config"
 )
 
+var ControllerConfig *controllerconfig.ControllerConfig
+
 /* Convenience methods to convert between k8s types and config interfaces */
 func ToProcessorConfigurerArray(items []*odigosv1.Processor) []config.ProcessorConfigurer {
 	configurers := make([]config.ProcessorConfigurer, len(items))

diff --git a/autoscaler/controllers/controller_config/controller_config.go b/autoscaler/controllers/controller_config/controller_config.go
@@ -3,5 +3,6 @@ package controllerconfig
 import "k8s.io/apimachinery/pkg/util/version"
 
 type ControllerConfig struct {
-	K8sVersion *version.Version
+	K8sVersion     *version.Version
+	CollectorImage string
 }
diff --git a/autoscaler/controllers/datacollection/daemonset.go b/autoscaler/controllers/datacollection/daemonset.go
@@ -10,8 +10,8 @@ import (
 	odigosv1 "github.com/odigos-io/odigos/api/odigos/v1alpha1"
 	"github.com/odigos-io/odigos/autoscaler/controllers/common"
 	"github.com/odigos-io/odigos/autoscaler/controllers/datacollection/custom"
-	"github.com/odigos-io/odigos/autoscaler/utils"
 	"k8s.io/apimachinery/pkg/util/version"
+	commonconfig "github.com/odigos-io/odigos/autoscaler/controllers/common"
 
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
@@ -28,7 +28,6 @@ import (
 
 const (
 	containerName        = "data-collection"
-	containerImage       = "keyval/odigos-collector"
 	containerCommand     = "/odigosotelcol"
 	confDir              = "/conf"
 	configHashAnnotation = "odigos.io/config-hash"
@@ -171,8 +170,7 @@ func getOdigletDaemonsetPodSpec(ctx context.Context, c client.Client, namespace
 
 func getDesiredDaemonSet(datacollection *odigosv1.CollectorsGroup,
 	scheme *runtime.Scheme, imagePullSecrets []string, odigosVersion string, k8sVersion *version.Version,
-	odigletDaemonsetPodSpec *corev1.PodSpec,
-) (*appsv1.DaemonSet, error) {
+	odigletDaemonsetPodSpec *corev1.PodSpec) (*appsv1.DaemonSet, error) {
 	// TODO(edenfed): add log volumes only if needed according to apps or dests
 
 	// 50% of the nodes can be unavailable during the update.
@@ -273,7 +271,7 @@ func getDesiredDaemonSet(datacollection *odigosv1.CollectorsGroup,
 					Containers: []corev1.Container{
 						{
 							Name:    containerName,
-							Image:   utils.GetCollectorContainerImage(containerImage, odigosVersion),
+							Image:   commonconfig.ControllerConfig.CollectorImage,
 							Command: []string{containerCommand, fmt.Sprintf("--config=%s/%s.yaml", confDir, k8sconsts.OdigosNodeCollectorConfigMapKey)},
 							VolumeMounts: []corev1.VolumeMount{
 								{

diff --git a/autoscaler/controllers/destination_controller.go b/autoscaler/controllers/destination_controller.go
@@ -19,7 +19,6 @@ package controllers
 import (
 	"context"
 
-	controllerconfig "github.com/odigos-io/odigos/autoscaler/controllers/controller_config"
 	"github.com/odigos-io/odigos/autoscaler/controllers/gateway"
 	"k8s.io/apimachinery/pkg/runtime"
 	ctrl "sigs.k8s.io/controller-runtime"
@@ -35,13 +34,12 @@ type DestinationReconciler struct {
 	Scheme           *runtime.Scheme
 	ImagePullSecrets []string
 	OdigosVersion    string
-	Config           *controllerconfig.ControllerConfig
 }
 
 func (r *DestinationReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
 	logger := log.FromContext(ctx)
 	logger.V(0).Info("Reconciling Destination")
-	err := gateway.Sync(ctx, r.Client, r.Scheme, r.ImagePullSecrets, r.OdigosVersion, r.Config)
+	err := gateway.Sync(ctx, r.Client, r.Scheme, r.ImagePullSecrets, r.OdigosVersion)
 	if err != nil {
 		return ctrl.Result{}, err
 	}

diff --git a/autoscaler/controllers/gateway/deployment.go b/autoscaler/controllers/gateway/deployment.go
@@ -9,11 +9,11 @@ import (
 	"errors"
 
 	"github.com/odigos-io/odigos/api/k8sconsts"
-	"github.com/odigos-io/odigos/autoscaler/utils"
-	"github.com/odigos-io/odigos/common/consts"
-
 	odigosv1 "github.com/odigos-io/odigos/api/odigos/v1alpha1"
 	"github.com/odigos-io/odigos/autoscaler/controllers/common"
+	commonconfig "github.com/odigos-io/odigos/autoscaler/controllers/common"
+	"github.com/odigos-io/odigos/common/consts"
+
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
@@ -28,7 +28,6 @@ import (
 
 const (
 	containerName        = "gateway"
-	containerImage       = "keyval/odigos-collector"
 	containerCommand     = "/odigosotelcol"
 	confDir              = "/conf"
 	configHashAnnotation = "odigos.io/config-hash"
@@ -144,7 +143,7 @@ func getDesiredDeployment(dests *odigosv1.DestinationList, configDataHash string
 					Containers: []corev1.Container{
 						{
 							Name:    containerName,
-							Image:   utils.GetCollectorContainerImage(containerImage, odigosVersion),
+							Image:   commonconfig.ControllerConfig.CollectorImage,
 							Command: []string{containerCommand, fmt.Sprintf("--config=%s/%s.yaml", confDir, k8sconsts.OdigosClusterCollectorConfigMapKey)},
 							EnvFrom: getSecretsFromDests(dests),
 							// Add the ODIGOS_VERSION environment variable from the ConfigMap

diff --git a/autoscaler/controllers/gateway/hpa.go b/autoscaler/controllers/gateway/hpa.go
@@ -11,6 +11,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 	"sigs.k8s.io/controller-runtime/pkg/log"
+	commonconfig "github.com/odigos-io/odigos/autoscaler/controllers/common"
 
 	odigosv1 "github.com/odigos-io/odigos/api/odigos/v1alpha1"
 	autoscalingv2 "k8s.io/api/autoscaling/v2"
@@ -31,7 +32,8 @@ var (
 	stabilizationWindowSeconds = intPtr(300) // cooldown period for scaling down
 )
 
-func syncHPA(gateway *odigosv1.CollectorsGroup, ctx context.Context, c client.Client, scheme *runtime.Scheme, kubeVersion *version.Version) error {
+func syncHPA(gateway *odigosv1.CollectorsGroup, ctx context.Context, c client.Client, scheme *runtime.Scheme) error {
+	kubeVersion := commonconfig.ControllerConfig.K8sVersion
 	logger := log.FromContext(ctx)
 
 	var hpa client.Object

diff --git a/autoscaler/controllers/gateway/root.go b/autoscaler/controllers/gateway/root.go
@@ -6,7 +6,7 @@ import (
 	"github.com/odigos-io/odigos/api/k8sconsts"
 	odigosv1 "github.com/odigos-io/odigos/api/odigos/v1alpha1"
 	commonconf "github.com/odigos-io/odigos/autoscaler/controllers/common"
-	controllerconfig "github.com/odigos-io/odigos/autoscaler/controllers/controller_config"
+
 	"github.com/odigos-io/odigos/k8sutils/pkg/env"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/types"
@@ -20,8 +20,7 @@ var (
 	}
 )
 
-func Sync(ctx context.Context, k8sClient client.Client, scheme *runtime.Scheme, imagePullSecrets []string, odigosVersion string,
-	config *controllerconfig.ControllerConfig) error {
+func Sync(ctx context.Context, k8sClient client.Client, scheme *runtime.Scheme, imagePullSecrets []string, odigosVersion string) error {
 	logger := log.FromContext(ctx)
 
 	odigosNs := env.GetCurrentNamespace()
@@ -47,7 +46,7 @@ func Sync(ctx context.Context, k8sClient client.Client, scheme *runtime.Scheme,
 	// Add the generic batch processor to the list of processors
 	processors.Items = append(processors.Items, commonconf.GetGenericBatchProcessor())
 
-	err = syncGateway(&dests, &processors, &gatewayCollectorGroup, ctx, k8sClient, scheme, imagePullSecrets, odigosVersion, config)
+	err = syncGateway(&dests, &processors, &gatewayCollectorGroup, ctx, k8sClient, scheme, imagePullSecrets, odigosVersion)
 	statusPatchString := commonconf.GetCollectorsGroupDeployedConditionsPatch(err)
 	statusErr := k8sClient.Status().Patch(ctx, &gatewayCollectorGroup, client.RawPatch(types.MergePatchType, []byte(statusPatchString)))
 	if statusErr != nil {
@@ -59,8 +58,7 @@ func Sync(ctx context.Context, k8sClient client.Client, scheme *runtime.Scheme,
 
 func syncGateway(dests *odigosv1.DestinationList, processors *odigosv1.ProcessorList,
 	gateway *odigosv1.CollectorsGroup, ctx context.Context,
-	c client.Client, scheme *runtime.Scheme, imagePullSecrets []string, odigosVersion string,
-	config *controllerconfig.ControllerConfig) error {
+	c client.Client, scheme *runtime.Scheme, imagePullSecrets []string, odigosVersion string) error {
 	logger := log.FromContext(ctx)
 	logger.V(0).Info("Syncing gateway")
 
@@ -94,7 +92,7 @@ func syncGateway(dests *odigosv1.DestinationList, processors *odigosv1.Processor
 		return err
 	}
 
-	err = syncHPA(gateway, ctx, c, scheme, config.K8sVersion)
+	err = syncHPA(gateway, ctx, c, scheme)
 	if err != nil {
 		logger.Error(err, "Failed to sync HPA")
 	}

diff --git a/autoscaler/controllers/processor_controller.go b/autoscaler/controllers/processor_controller.go
@@ -4,7 +4,6 @@ import (
 	"context"
 
 	v1 "github.com/odigos-io/odigos/api/odigos/v1alpha1"
-	controllerconfig "github.com/odigos-io/odigos/autoscaler/controllers/controller_config"
 	"github.com/odigos-io/odigos/autoscaler/controllers/datacollection"
 	"github.com/odigos-io/odigos/autoscaler/controllers/gateway"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -22,15 +21,14 @@ type ProcessorReconciler struct {
 	OdigosVersion        string
 	K8sVersion           *version.Version
 	DisableNameProcessor bool
-	Config               *controllerconfig.ControllerConfig
 }
 
 func (r *ProcessorReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
 
 	logger := log.FromContext(ctx)
 	logger.V(0).Info("Reconciling Processor")
 
-	err := gateway.Sync(ctx, r.Client, r.Scheme, r.ImagePullSecrets, r.OdigosVersion, r.Config)
+	err := gateway.Sync(ctx, r.Client, r.Scheme, r.ImagePullSecrets, r.OdigosVersion)
 	if err != nil {
 		return ctrl.Result{}, err
 	}

diff --git a/autoscaler/controllers/secret_controller.go b/autoscaler/controllers/secret_controller.go
@@ -3,7 +3,6 @@ package controllers
 import (
 	"context"
 
-	controllerconfig "github.com/odigos-io/odigos/autoscaler/controllers/controller_config"
 	"github.com/odigos-io/odigos/autoscaler/controllers/gateway"
 	odigospredicate "github.com/odigos-io/odigos/k8sutils/pkg/predicate"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -20,14 +19,13 @@ type SecretReconciler struct {
 	Scheme           *runtime.Scheme
 	ImagePullSecrets []string
 	OdigosVersion    string
-	Config           *controllerconfig.ControllerConfig
 }
 
 func (r *SecretReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
 	logger := log.FromContext(ctx)
 	logger.V(0).Info("Reconciling Secret")
 
-	err := gateway.Sync(ctx, r.Client, r.Scheme, r.ImagePullSecrets, r.OdigosVersion, r.Config)
+	err := gateway.Sync(ctx, r.Client, r.Scheme, r.ImagePullSecrets, r.OdigosVersion)
 	if err != nil {
 		return ctrl.Result{}, err
 	}

diff --git a/autoscaler/controllers/source_controller.go b/autoscaler/controllers/source_controller.go
@@ -3,7 +3,6 @@ package controllers
 import (
 	"context"
 
-	controllerconfig "github.com/odigos-io/odigos/autoscaler/controllers/controller_config"
 	"github.com/odigos-io/odigos/autoscaler/controllers/gateway"
 	odigospredicate "github.com/odigos-io/odigos/k8sutils/pkg/predicate"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -20,7 +19,6 @@ type SourceReconciler struct {
 	Scheme           *runtime.Scheme
 	ImagePullSecrets []string
 	OdigosVersion    string
-	Config           *controllerconfig.ControllerConfig
 }
 
 // Reconcile ensures that any changes to Source CRDs (creation, deletion, or label modifications)
@@ -29,7 +27,7 @@ func (r *SourceReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctr
 	logger := log.FromContext(ctx)
 	logger.V(0).Info("Reconciling Source")
 
-	err := gateway.Sync(ctx, r.Client, r.Scheme, r.ImagePullSecrets, r.OdigosVersion, r.Config)
+	err := gateway.Sync(ctx, r.Client, r.Scheme, r.ImagePullSecrets, r.OdigosVersion)
 	if err != nil {
 		return ctrl.Result{}, err
 	}