NETOBSERV-2225 - Deploy static plugin at operator startup

.mk/local.mk

@@ -50,7 +50,8 @@ local-deploy-operator:
 	go run ./main.go \
 		-ebpf-agent-image=quay.io/netobserv/netobserv-ebpf-agent:main \
 		-flowlogs-pipeline-image=quay.io/netobserv/flowlogs-pipeline:main \
-		-console-plugin-image=quay.io/netobserv/network-observability-console-plugin:main &
+		-console-plugin-image=quay.io/netobserv/network-observability-console-plugin:main \
+		-namespace=${NAMESPACE} &
 	@echo "====> Waiting for flowlogs-pipeline pod to be ready"
 	while : ; do kubectl get ds flowlogs-pipeline && break; sleep 1; done
 	kubectl wait --timeout=180s --for=condition=ready pod -l app=flowlogs-pipeline

.mk/ocp.mk

@@ -35,7 +35,8 @@ ocp-deploy-operator: ## run flp from the operator
 	go run ./main.go \
 		-ebpf-agent-image=quay.io/netobserv/netobserv-ebpf-agent:main \
 		-flowlogs-pipeline-image=quay.io/netobserv/flowlogs-pipeline:main \
-		-console-plugin-image=quay.io/netobserv/network-observability-console-plugin:main
+		-console-plugin-image=quay.io/netobserv/network-observability-console-plugin:main \
+		-namespace=${NAMESPACE}
 
 .PHONY: undeploy-operator
 undeploy-operator: ## stop the operator locally

bundle/manifests/netobserv-operator.clusterserviceversion.yaml

@@ -1243,6 +1243,7 @@ spec:
                 - --flowlogs-pipeline-image=$(RELATED_IMAGE_FLOWLOGS_PIPELINE)
                 - --console-plugin-image=$(RELATED_IMAGE_CONSOLE_PLUGIN)
                 - --console-plugin-compat-image=$(RELATED_IMAGE_CONSOLE_PLUGIN_COMPAT)
+                - --namespace=$(NAMESPACE)
                 - --downstream-deployment=$(DOWNSTREAM_DEPLOYMENT)
                 - --profiling-bind-address=$(PROFILING_BIND_ADDRESS)
                 - --metrics-cert-file=/etc/tls/private/tls.crt
@@ -1258,6 +1259,10 @@ spec:
                   value: quay.io/netobserv/network-observability-console-plugin:v1.9.1-community
                 - name: RELATED_IMAGE_CONSOLE_PLUGIN_COMPAT
                   value: quay.io/netobserv/network-observability-console-plugin-pf4:v1.8.2-community
+                - name: NAMESPACE
+                  valueFrom:
+                    fieldRef:
+                      fieldPath: metadata.namespace
                 - name: DOWNSTREAM_DEPLOYMENT
                   value: "false"
                 - name: PROFILING_BIND_ADDRESS

config/manager/manager.yaml

@@ -28,6 +28,7 @@ spec:
         - --flowlogs-pipeline-image=$(RELATED_IMAGE_FLOWLOGS_PIPELINE)
         - --console-plugin-image=$(RELATED_IMAGE_CONSOLE_PLUGIN)
         - --console-plugin-compat-image=$(RELATED_IMAGE_CONSOLE_PLUGIN_COMPAT)
+        - --namespace=$(NAMESPACE)
         - --downstream-deployment=$(DOWNSTREAM_DEPLOYMENT)
         - --profiling-bind-address=$(PROFILING_BIND_ADDRESS)
         env:
@@ -39,6 +40,10 @@ spec:
             value: quay.io/netobserv/network-observability-console-plugin:v1.9.1-community
           - name: RELATED_IMAGE_CONSOLE_PLUGIN_COMPAT
             value: quay.io/netobserv/network-observability-console-plugin-pf4:v1.8.2-community
+          - name: NAMESPACE
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
           - name: DOWNSTREAM_DEPLOYMENT
             value: "false"
           - name: PROFILING_BIND_ADDRESS

helm/templates/deployment.yaml

@@ -27,6 +27,7 @@ spec:
             - --flowlogs-pipeline-image=$(RELATED_IMAGE_FLOWLOGS_PIPELINE)
             - --console-plugin-image=$(RELATED_IMAGE_CONSOLE_PLUGIN)
             - --console-plugin-compat-image=$(RELATED_IMAGE_CONSOLE_PLUGIN_COMPAT)
+            - --namespace=$(NAMESPACE)
             - --downstream-deployment=$(DOWNSTREAM_DEPLOYMENT)
             - --profiling-bind-address=$(PROFILING_BIND_ADDRESS)
             - --metrics-cert-file=/etc/tls/private/tls.crt
@@ -40,6 +41,10 @@ spec:
               value: '{{ .Values.flowlogsPipeline.image }}:{{ .Values.flowlogsPipeline.version }}'
             - name: RELATED_IMAGE_CONSOLE_PLUGIN
               value: '{{ if .Values.standaloneConsole.enable }}{{ .Values.standaloneConsole.image }}:{{ .Values.standaloneConsole.version }}{{ else }}{{ .Values.consolePlugin.image }}:{{ .Values.consolePlugin.version }}{{ end }}'
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
             - name: DOWNSTREAM_DEPLOYMENT
               value: "false"
             - name: PROFILING_BIND_ADDRESS

internal/controller/consoleplugin/consoleplugin_objects.go

@@ -31,8 +31,6 @@ import (
 	"github.com/netobserv/network-observability-operator/internal/pkg/volumes"
 )
 
-const secretName = "console-serving-cert"
-const displayName = "NetObserv plugin"
 const proxyAlias = "backend"
 
 const configMapName = "console-plugin-config"
@@ -53,7 +51,7 @@ type builder struct {
 	volumes  volumes.Builder
 }
 
-func newBuilder(info *reconcilers.Instance, desired *flowslatest.FlowCollectorSpec) builder {
+func newBuilder(info *reconcilers.Instance, desired *flowslatest.FlowCollectorSpec, name string) builder {
 	imageToUse := reconcilers.MainImage
 	needsPF4, err := info.ClusterInfo.IsOpenShiftVersionLessThan("4.15.0")
 	if err == nil && needsPF4 {
@@ -66,28 +64,28 @@ func newBuilder(info *reconcilers.Instance, desired *flowslatest.FlowCollectorSp
 		info:     info,
 		imageRef: imageToUse,
 		labels: map[string]string{
-			"app":     constants.PluginName,
+			"app":     name,
 			"version": helper.MaxLabelLength(version),
 		},
 		selector: map[string]string{
-			"app": constants.PluginName,
+			"app": name,
 		},
 		desired:  desired,
 		advanced: &advanced,
 	}
 }
 
-func (b *builder) consolePlugin() *osv1.ConsolePlugin {
+func (b *builder) consolePlugin(name, displayName string) *osv1.ConsolePlugin {
 	return &osv1.ConsolePlugin{
 		ObjectMeta: metav1.ObjectMeta{
-			Name: constants.PluginName,
+			Name: name,
 		},
 		Spec: osv1.ConsolePluginSpec{
 			DisplayName: displayName,
 			Backend: osv1.ConsolePluginBackend{
 				Type: osv1.Service,
 				Service: &osv1.ConsolePluginService{
-					Name:      constants.PluginName,
+					Name:      name,
 					Namespace: b.info.Namespace,
 					Port:      *b.advanced.Port,
 					BasePath:  "/"},
@@ -97,7 +95,7 @@ func (b *builder) consolePlugin() *osv1.ConsolePlugin {
 					Endpoint: osv1.ConsolePluginProxyEndpoint{
 						Type: osv1.ProxyTypeService,
 						Service: &osv1.ConsolePluginProxyServiceConfig{
-							Name:      constants.PluginName,
+							Name:      name,
 							Namespace: b.info.Namespace,
 							Port:      *b.advanced.Port}},
 					Alias:         proxyAlias,
@@ -139,14 +137,14 @@ func (b *builder) serviceMonitor() *monitoringv1.ServiceMonitor {
 							Cert: monitoringv1.SecretOrConfigMap{
 								Secret: &corev1.SecretKeySelector{
 									LocalObjectReference: corev1.LocalObjectReference{
-										Name: secretName,
+										Name: fmt.Sprintf("%s-cert", constants.PluginName),
 									},
 									Key: "tls.crt",
 								},
 							},
 							KeySecret: &corev1.SecretKeySelector{
 								LocalObjectReference: corev1.LocalObjectReference{
-									Name: secretName,
+									Name: fmt.Sprintf("%s-cert", constants.PluginName),
 								},
 								Key: "tls.key",
 							},
@@ -168,10 +166,10 @@ func (b *builder) serviceMonitor() *monitoringv1.ServiceMonitor {
 	}
 }
 
-func (b *builder) deployment(cmDigest string) *appsv1.Deployment {
+func (b *builder) deployment(name, cmDigest string) *appsv1.Deployment {
 	return &appsv1.Deployment{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      constants.PluginName,
+			Name:      name,
 			Namespace: b.info.Namespace,
 			Labels:    b.labels,
 		},
@@ -180,14 +178,27 @@ func (b *builder) deployment(cmDigest string) *appsv1.Deployment {
 			Selector: &metav1.LabelSelector{
 				MatchLabels: b.selector,
 			},
-			Template: *b.podTemplate(cmDigest),
+			Template: *b.podTemplate(name, cmDigest),
 		},
 	}
 }
 
-func (b *builder) podTemplate(cmDigest string) *corev1.PodTemplateSpec {
-	volumes := []corev1.Volume{
-		{
+func (b *builder) podTemplate(name, cmDigest string) *corev1.PodTemplateSpec {
+	var sa string
+	annotations := map[string]string{}
+	args := []string{
+		"-loglevel", b.desired.ConsolePlugin.LogLevel,
+	}
+	volumes := []corev1.Volume{}
+	volumeMounts := []corev1.VolumeMount{}
+
+	if cmDigest != "" {
+		sa = name
+		annotations[constants.PodConfigurationDigest] = cmDigest
+
+		args = append(args, "-config", filepath.Join(configPath, configFile))
+
+		volumes = append(volumes, corev1.Volume{
 			Name: configVolume,
 			VolumeSource: corev1.VolumeSource{
 				ConfigMap: &corev1.ConfigMapVolumeSource{
@@ -196,57 +207,49 @@ func (b *builder) podTemplate(cmDigest string) *corev1.PodTemplateSpec {
 					},
 				},
 			},
-		},
-	}
+		})
 
-	volumeMounts := []corev1.VolumeMount{
-		{
+		volumeMounts = append(volumeMounts, corev1.VolumeMount{
 			Name:      configVolume,
 			MountPath: configPath,
 			ReadOnly:  true,
-		},
+		})
 	}
 
 	if !helper.UseTestConsolePlugin(b.desired) {
 		volumes = append(volumes, corev1.Volume{
-			Name: secretName,
+			Name: fmt.Sprintf("%s-cert", name),
 			VolumeSource: corev1.VolumeSource{
 				Secret: &corev1.SecretVolumeSource{
-					SecretName: secretName,
+					SecretName: fmt.Sprintf("%s-cert", name),
 				},
 			},
 		})
 		volumeMounts = append(volumeMounts, corev1.VolumeMount{
-			Name:      secretName,
+			Name:      fmt.Sprintf("%s-cert", name),
 			MountPath: "/var/serving-cert",
 			ReadOnly:  true,
 		})
 	}
 
 	return &corev1.PodTemplateSpec{
 		ObjectMeta: metav1.ObjectMeta{
-			Labels: b.labels,
-			Annotations: map[string]string{
-				constants.PodConfigurationDigest: cmDigest,
-			},
+			Labels:      b.labels,
+			Annotations: annotations,
 		},
 		Spec: corev1.PodSpec{
 			Containers: []corev1.Container{{
-				Name:            constants.PluginName,
+				Name:            name,
 				Image:           b.info.Images[b.imageRef],
 				ImagePullPolicy: corev1.PullPolicy(b.desired.ConsolePlugin.ImagePullPolicy),
 				Resources:       *b.desired.ConsolePlugin.Resources.DeepCopy(),
 				VolumeMounts:    b.volumes.AppendMounts(volumeMounts),
 				Env:             []corev1.EnvVar{constants.EnvNoHTTP2},
-				Args: []string{
-
-					"-loglevel", b.desired.ConsolePlugin.LogLevel,
-					"-config", filepath.Join(configPath, configFile),
-				},
+				Args:            args,
 				SecurityContext: helper.ContainerDefaultSecurityContext(),
 			}},
 			Volumes:            b.volumes.AppendVolumes(volumes),
-			ServiceAccountName: constants.PluginName,
+			ServiceAccountName: sa,
 			NodeSelector:       b.advanced.Scheduling.NodeSelector,
 			Tolerations:        b.advanced.Scheduling.Tolerations,
 			Affinity:           b.advanced.Scheduling.Affinity,
@@ -275,14 +278,14 @@ func (b *builder) autoScaler() *ascv2.HorizontalPodAutoscaler {
 	}
 }
 
-func (b *builder) mainService() *corev1.Service {
+func (b *builder) mainService(name string) *corev1.Service {
 	return &corev1.Service{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      constants.PluginName,
+			Name:      name,
 			Namespace: b.info.Namespace,
 			Labels:    b.labels,
 			Annotations: map[string]string{
-				constants.OpenShiftCertificateAnnotation: "console-serving-cert",
+				constants.OpenShiftCertificateAnnotation: fmt.Sprintf("%s-cert", name),
 			},
 		},
 		Spec: corev1.ServiceSpec{
@@ -550,13 +553,13 @@ func (b *builder) configMap(ctx context.Context) (*corev1.ConfigMap, string, err
 	return &configMap, digest, nil
 }
 
-func (b *builder) serviceAccount() *corev1.ServiceAccount {
+func (b *builder) serviceAccount(name string) *corev1.ServiceAccount {
 	return &corev1.ServiceAccount{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      constants.PluginName,
+			Name:      name,
 			Namespace: b.info.Namespace,
 			Labels: map[string]string{
-				"app": constants.PluginName,
+				"app": name,
 			},
 		},
 	}