Reporting workloads that are marked with the Prometheus scraping annotation to support automatically create network policies to allow Prometheus scraping in Otterize cloud (#278)

Author: zohar7ch

src/mapper/cmd/main.go

@@ -22,6 +22,7 @@ import (
 	"github.com/otterize/network-mapper/src/mapper/pkg/gcpintentsholder"
 	"github.com/otterize/network-mapper/src/mapper/pkg/incomingtrafficholder"
 	"github.com/otterize/network-mapper/src/mapper/pkg/labelreporter"
+	"github.com/otterize/network-mapper/src/mapper/pkg/metrics_collection_traffic"
 	"github.com/otterize/network-mapper/src/mapper/pkg/resourcevisibility"
 	"github.com/otterize/network-mapper/src/shared/echologrus"
 	"golang.org/x/sync/errgroup"
@@ -242,6 +243,23 @@ func main() {
 		if err := namespaceReconciler.SetupWithManager(mgr); err != nil {
 			logrus.WithError(err).Panic("unable to create namespace reconciler")
 		}
+
+		metricsCollectionTrafficHandler := metrics_collection_traffic.NewMetricsCollectionTrafficHandler(mgr.GetClient(), serviceidresolver.NewResolver(mgr.GetClient()), cloudClient)
+
+		metricsCollectorPodReconciler := metrics_collection_traffic.NewPodReconciler(metricsCollectionTrafficHandler)
+		if err = metricsCollectorPodReconciler.SetupWithManager(mgr); err != nil {
+			logrus.WithError(err).Panic("unable to create pod reconciler")
+		}
+
+		metricsCollectorServiceReconciler := metrics_collection_traffic.NewServiceReconciler(metricsCollectionTrafficHandler)
+		if err = metricsCollectorServiceReconciler.SetupWithManager(mgr); err != nil {
+			logrus.WithError(err).Panic("unable to create service reconciler")
+		}
+
+		metricsCollectorEndpointsReconciler := metrics_collection_traffic.NewEndpointsReconciler(metricsCollectionTrafficHandler)
+		if err = metricsCollectorEndpointsReconciler.SetupWithManager(mgr); err != nil {
+			logrus.WithError(err).Panic("unable to create endpoints reconciler")
+		}
 	}
 
 	if viper.GetBool(config.OTelEnabledKey) {

src/mapper/pkg/cloudclient/cloud_client.go

@@ -18,6 +18,7 @@ type CloudClient interface {
 	ReportTrafficLevels(ctx context.Context, trafficLevels []TrafficLevelInput) error
 	ReportNamespaceLabels(ctx context.Context, namespace string, labels []LabelInput) error
 	ReportWorkloadsLabels(ctx context.Context, workloadsLabels []ReportServiceMetadataInput) error
+	ReportK8sResourceEligibleForMetricsCollection(ctx context.Context, namespace string, reason EligibleForMetricsCollectionReason, resources []K8sResourceEligibleForMetricsCollectionInput) error
 }
 
 type CloudClientImpl struct {
@@ -100,6 +101,17 @@ func (c *CloudClientImpl) ReportK8sIngresses(ctx context.Context, namespace stri
 	return nil
 }
 
+func (c *CloudClientImpl) ReportK8sResourceEligibleForMetricsCollection(ctx context.Context, namespace string, reason EligibleForMetricsCollectionReason, resources []K8sResourceEligibleForMetricsCollectionInput) error {
+	logrus.Debug("Uploading k8s metrics collector resource to cloud, count: ", len(resources))
+
+	_, err := ReportK8sResourceEligibleForMetricsCollection(ctx, c.client, namespace, reason, resources)
+	if err != nil {
+		return errors.Wrap(err)
+	}
+
+	return nil
+}
+
 func (c *CloudClientImpl) ReportTrafficLevels(
 	ctx context.Context,
 	trafficLevels []TrafficLevelInput,

src/mapper/pkg/cloudclient/generated.go

@@ -23,6 +23,10 @@ mutation ReportK8sIngresses($namespace: String!, $ingresses: [K8sIngressInput!]!
     reportK8sIngresses(namespace: $namespace, ingresses: $ingresses)
 }
 
+mutation ReportK8sResourceEligibleForMetricsCollection($namespace: String!, $reason: EligibleForMetricsCollectionReason!, $resources: [K8sResourceEligibleForMetricsCollectionInput!]!) {
+    reportK8sResourceEligibleForMetricsCollection(namespace: $namespace, reason: $reason, resources: $resources)
+}
+
 mutation ReportTrafficLevels(
     $trafficLevels: [TrafficLevelInput!]!
 ) {

src/mapper/pkg/cloudclient/genqlient.graphql

@@ -743,6 +743,11 @@ type EdgeAccessStatuses {
 	linkerdPolicies: EdgeAccessStatus!
 }
 
+enum EligibleForMetricsCollectionReason {
+	POD_ANNOTATIONS
+	SERVICE_ANNOTATIONS
+}
+
 type Environment {
 	id: ID!
 	name: String!
@@ -1468,6 +1473,7 @@ input IntentsOperatorConfigurationInput {
 	awsALBLoadBalancerExemptionEnabled: Boolean
 	allowExternalTrafficPolicy: AllowExternalTrafficPolicy
 	externallyManagedPolicyWorkloads: [ExternallyManagedPolicyWorkloadInput!]
+	automateThirdPartyNetworkPolicies: AllowExternalTrafficPolicy
 }
 
 type IntentsOperatorState {
@@ -1567,6 +1573,12 @@ enum K8sPortProtocol {
 	SCTP
 }
 
+input K8sResourceEligibleForMetricsCollectionInput {
+	namespace: String!
+	name: String!
+	kind: String!
+}
+
 input K8sResourceIngressInput {
 	spec: K8sResourceIngressSpecInput!
 	status: K8sResourceIngressStatusInput
@@ -2031,6 +2043,11 @@ type Mutation {
 		namespace: String!
 		ingresses: [K8sIngressInput!]!
 	): Boolean!
+	reportK8sResourceEligibleForMetricsCollection(
+		namespace: String!
+		reason: EligibleForMetricsCollectionReason!
+		resources: [K8sResourceEligibleForMetricsCollectionInput!]!
+	): Boolean!
 	reportKafkaServerConfigs(
 		namespace: String!
 		serverConfigs: [KafkaServerConfigInput!]!

src/mapper/pkg/cloudclient/mocks/mocks.go

@@ -9,33 +9,35 @@ import (
 )
 
 const (
-	ClusterDomainKey                      = "cluster-domain"
-	ClusterDomainDefault                  = kubeutils.DefaultClusterDomain
-	CloudApiAddrKey                       = "api-address"
-	CloudApiAddrDefault                   = "https://app.otterize.com/api"
-	UploadIntervalSecondsKey              = "upload-interval-seconds"
-	UploadIntervalSecondsDefault          = 60
-	UploadBatchSizeKey                    = "upload-batch-size"
-	UploadBatchSizeDefault                = 500
-	ExcludedNamespacesKey                 = "exclude-namespaces"
-	OTelEnabledKey                        = "enable-otel-export"
-	OTelEnabledDefault                    = false
-	OTelMetricKey                         = "otel-metric-name"
-	OTelMetricDefault                     = "traces_service_graph_request_total" // same as expected in otel-collector-contrib's servicegraphprocessor
-	ExternalTrafficCaptureEnabledKey      = "capture-external-traffic-enabled"
-	ExternalTrafficCaptureEnabledDefault  = true
-	CreateWebhookCertificateKey           = "create-webhook-certificate"
-	CreateWebhookCertificateDefault       = true
-	DNSCacheItemsMaxCapacityKey           = "dns-cache-items-max-capacity"
-	DNSCacheItemsMaxCapacityDefault       = 100000
-	DNSClientIntentsUpdateIntervalKey     = "dns-client-intents-update-interval"
-	DNSClientIntentsUpdateIntervalDefault = 100 * time.Millisecond
-	DNSClientIntentsUpdateEnabledKey      = "dns-client-intents-update-enabled"
-	DNSClientIntentsUpdateEnabledDefault  = true
-	ServiceCacheTTLDurationKey            = "service-cache-ttl-duration"
-	ServiceCacheTTLDurationDefault        = 1 * time.Minute
-	ServiceCacheSizeKey                   = "service-cache-size"
-	ServiceCacheSizeDefault               = 10000
+	ClusterDomainKey                         = "cluster-domain"
+	ClusterDomainDefault                     = kubeutils.DefaultClusterDomain
+	CloudApiAddrKey                          = "api-address"
+	CloudApiAddrDefault                      = "https://app.otterize.com/api"
+	UploadIntervalSecondsKey                 = "upload-interval-seconds"
+	UploadIntervalSecondsDefault             = 60
+	UploadBatchSizeKey                       = "upload-batch-size"
+	UploadBatchSizeDefault                   = 500
+	ExcludedNamespacesKey                    = "exclude-namespaces"
+	OTelEnabledKey                           = "enable-otel-export"
+	OTelEnabledDefault                       = false
+	OTelMetricKey                            = "otel-metric-name"
+	OTelMetricDefault                        = "traces_service_graph_request_total" // same as expected in otel-collector-contrib's servicegraphprocessor
+	ExternalTrafficCaptureEnabledKey         = "capture-external-traffic-enabled"
+	ExternalTrafficCaptureEnabledDefault     = true
+	CreateWebhookCertificateKey              = "create-webhook-certificate"
+	CreateWebhookCertificateDefault          = true
+	DNSCacheItemsMaxCapacityKey              = "dns-cache-items-max-capacity"
+	DNSCacheItemsMaxCapacityDefault          = 100000
+	DNSClientIntentsUpdateIntervalKey        = "dns-client-intents-update-interval"
+	DNSClientIntentsUpdateIntervalDefault    = 100 * time.Millisecond
+	DNSClientIntentsUpdateEnabledKey         = "dns-client-intents-update-enabled"
+	DNSClientIntentsUpdateEnabledDefault     = true
+	ServiceCacheTTLDurationKey               = "service-cache-ttl-duration"
+	ServiceCacheTTLDurationDefault           = 1 * time.Minute
+	ServiceCacheSizeKey                      = "service-cache-size"
+	ServiceCacheSizeDefault                  = 10000
+	MetricsCollectionTrafficCacheSizeKey     = "metrics-collection-traffic-cache-size"
+	MetricsCollectionTrafficCacheSizeDefault = 10000
 
 	EnableIstioCollectionKey                  = "enable-istio-collection"
 	EnableIstioCollectionDefault              = false
@@ -79,6 +81,7 @@ func init() {
 	viper.SetDefault(EnableIstioCollectionKey, EnableIstioCollectionDefault)
 	viper.SetDefault(ServiceCacheTTLDurationKey, ServiceCacheTTLDurationDefault)
 	viper.SetDefault(ServiceCacheSizeKey, ServiceCacheSizeDefault)
+	viper.SetDefault(MetricsCollectionTrafficCacheSizeKey, MetricsCollectionTrafficCacheSizeDefault)
 	viper.SetDefault(TimeServerHasToLiveBeforeWeTrustItKey, TimeServerHasToLiveBeforeWeTrustItDefault)
 	viper.SetDefault(ControlPlaneIPv4CidrPrefixLength, ControlPlaneIPv4CidrPrefixLengthDefault)
 

src/mapper/pkg/cloudclient/schema.graphql

@@ -0,0 +1,48 @@
+package metrics_collection_traffic
+
+import (
+	"context"
+	"github.com/otterize/intents-operator/src/shared/errors"
+	"github.com/otterize/intents-operator/src/shared/injectablerecorder"
+	"github.com/samber/lo"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/client-go/tools/record"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/controller"
+)
+
+type EndpointsReconciler struct {
+	client.Client
+	injectablerecorder.InjectableRecorder
+	metricsCollectionTrafficHandler *MetricsCollectionTrafficHandler
+}
+
+func NewEndpointsReconciler(metricsCollectionTrafficHandler *MetricsCollectionTrafficHandler) *EndpointsReconciler {
+	return &EndpointsReconciler{
+		metricsCollectionTrafficHandler: metricsCollectionTrafficHandler,
+	}
+}
+
+func (r *EndpointsReconciler) SetupWithManager(mgr ctrl.Manager) error {
+	recorder := mgr.GetEventRecorderFor("intents-operator")
+	r.InjectRecorder(recorder)
+
+	return ctrl.NewControllerManagedBy(mgr).
+		For(&corev1.Endpoints{}).
+		WithOptions(controller.Options{RecoverPanic: lo.ToPtr(true)}).
+		Complete(r)
+}
+
+func (r *EndpointsReconciler) InjectRecorder(recorder record.EventRecorder) {
+	r.Recorder = recorder
+}
+
+func (r *EndpointsReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
+	err := r.metricsCollectionTrafficHandler.HandleAllServicesInNamespace(ctx, req)
+	if err != nil {
+		return ctrl.Result{}, errors.Wrap(err)
+	}
+
+	return ctrl.Result{}, nil
+}