Patch the Prometheus pod to include the NAD

vkmc · vkmc · commit f020839a3709 · 2025-01-23T16:38:41.000+01:00
diff --git a/api/bases/telemetry.openstack.org_metricstorages.yaml b/api/bases/telemetry.openstack.org_metricstorages.yaml
@@ -1368,11 +1368,10 @@ spec:
                   type: object
                 type: array
               networkAttachments:
-                description: Networks in addition to the cluster network, the service
-                  is attached to
-                items:
+                additionalProperties:
                   type: string
-                type: array
+                description: NetworkAttachments status of the Prometheus pods
+                type: object
               observedGeneration:
                 description: |-
                   ObservedGeneration - the most recent generation observed for this
diff --git a/api/v1beta1/conditions.go b/api/v1beta1/conditions.go
@@ -172,6 +172,9 @@ const (
 	// PrometheusUnableToRemoveTLSMessage
 	PrometheusUnableToRemoveTLSMessage = "Error occured when trying to remove TLS config: %s"
 
+	// PrometheusUnableToRemoveNADMessage
+	PrometheusUnableToRemoveNADMessage = "Error occured when trying to remove NAD config: %s"
+
 	//
 	// LoggingReady condition messages
 	//
diff --git a/api/v1beta1/metricstorage_types.go b/api/v1beta1/metricstorage_types.go
@@ -92,7 +92,7 @@ type MetricStorageSpec struct {
 
 	// NetworkAttachments is a list of NetworkAttachment resource names to expose the services to the given network
 	// +kubebuilder:validation:Optional
-	NetworkAttachments []string `json:"networkAttachments"`
+	NetworkAttachments []string `json:"networkAttachments,omitempty"`
 
 	// MonitoringStack allows to define a metric storage with
 	// options supported by Red Hat
@@ -131,8 +131,8 @@ type MetricStorageStatus struct {
 	// then the controller has not processed the latest changes injected by
 	// the openstack-operator in the top-level CR (e.g. the ContainerImage)
 	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
-	// Networks in addition to the cluster network, the service is attached to
-	NetworkAttachments []string `json:"networkAttachments,omitempty"`
+	// NetworkAttachments status of the Prometheus pods
+	NetworkAttachments map[string]string `json:"networkAttachments,omitempty"`
 }
 
 //+kubebuilder:object:root=true
diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
diff --git a/config/crd/bases/telemetry.openstack.org_metricstorages.yaml b/config/crd/bases/telemetry.openstack.org_metricstorages.yaml
@@ -1368,11 +1368,10 @@ spec:
                   type: object
                 type: array
               networkAttachments:
-                description: Networks in addition to the cluster network, the service
-                  is attached to
-                items:
+                additionalProperties:
                   type: string
-                type: array
+                description: NetworkAttachments status of the Prometheus pods
+                type: object
               observedGeneration:
                 description: |-
                   ObservedGeneration - the most recent generation observed for this
diff --git a/controllers/metricstorage_controller.go b/controllers/metricstorage_controller.go
@@ -58,6 +58,7 @@ import (
 	object "github.com/openstack-k8s-operators/lib-common/modules/common/object"
 	tls "github.com/openstack-k8s-operators/lib-common/modules/common/tls"
 
+	networkv1 "github.com/k8snetworkplumbingwg/network-attachment-definition-client/pkg/apis/k8s.cni.cncf.io/v1"
 	infranetworkv1 "github.com/openstack-k8s-operators/infra-operator/apis/network/v1beta1"
 	telemetryv1 "github.com/openstack-k8s-operators/telemetry-operator/api/v1beta1"
 	availability "github.com/openstack-k8s-operators/telemetry-operator/pkg/availability"
@@ -506,9 +507,15 @@ func (r *MetricStorageReconciler) reconcileNormal(
 	// all cert input checks out so report InputReady
 	instance.Status.Conditions.MarkTrue(condition.TLSInputReadyCondition, condition.InputReadyMessage)
 
-	// Networks to attach to
+	//
+	// NAD
+	//
+
+	// Get networks to attach to the Prometheus pod
+	nadList := []networkv1.NetworkAttachmentDefinition{}
+
 	for _, netAtt := range instance.Spec.NetworkAttachments {
-		_, err := nad.GetNADWithName(ctx, helper, netAtt, instance.Namespace)
+		nad, err := nad.GetNADWithName(ctx, helper, netAtt, instance.Namespace)
 		if err != nil {
 			if k8s_errors.IsNotFound(err) {
 				instance.Status.Conditions.Set(condition.FalseCondition(
@@ -527,6 +534,68 @@ func (r *MetricStorageReconciler) reconcileNormal(
 				err.Error()))
 			return ctrl.Result{}, err
 		}
+		if nad != nil {
+			nadList = append(nadList, *nad)
+		}
+	}
+
+	networkAnnotations, err := nad.EnsureNetworksAnnotation(nadList)
+
+	if err != nil {
+		err = fmt.Errorf("failed create network annotation from %s: %w", instance.Spec.NetworkAttachments, err)
+		instance.Status.Conditions.MarkFalse(
+			condition.NetworkAttachmentsReadyCondition,
+			condition.ErrorReason,
+			condition.SeverityWarning,
+			condition.NetworkAttachmentsReadyErrorMessage,
+			err)
+		return ctrl.Result{}, err
+	}
+
+	// Set NAD annotation to the Prometheus pod
+	if len(instance.Spec.NetworkAttachments) != 0 {
+		// Patch Prometheus to add the NAD annotation
+		prometheusWatchFn := func(_ context.Context, o client.Object) []reconcile.Request {
+			name := client.ObjectKey{
+				Namespace: o.GetNamespace(),
+				Name:      o.GetName(),
+			}
+			return []reconcile.Request{{NamespacedName: name}}
+		}
+		err = r.ensureWatches(ctx, "prometheuses.monitoring.rhobs", &monv1.Prometheus{}, handler.EnqueueRequestsFromMapFunc(prometheusWatchFn))
+		if err != nil {
+			instance.Status.Conditions.MarkFalse(telemetryv1.PrometheusReadyCondition,
+				condition.Reason("Can't watch prometheus resource. The Cluster Observability Operator probably isn't installed"),
+				condition.SeverityError,
+				telemetryv1.PrometheusUnableToWatchMessage, err)
+			Log.Info("Can't watch Prometheus resource. The Cluster Observability Operator probably isn't installed")
+			return ctrl.Result{RequeueAfter: telemetryv1.PauseBetweenWatchAttempts}, nil
+		}
+		prometheusNADPatch := metricstorage.PrometheusNAD(instance)
+		err = r.Client.Patch(context.Background(), &prometheusNADPatch, client.Apply, client.FieldOwner("telemetry-operator"))
+		if err != nil {
+			Log.Error(err, "Can't patch Prometheus resource")
+			return ctrl.Result{}, err
+		}
+		instance.Status.NetworkAttachments = networkAnnotations
+	} else if len(instance.Spec.NetworkAttachments) == 0 {
+		// Delete the prometheus CR, so it can be automatically restored without the NAD patch
+		prometheus := monv1.Prometheus{
+			ObjectMeta: metav1.ObjectMeta{
+				Namespace: instance.Namespace,
+				Name:      instance.Name,
+			},
+		}
+		err = r.Client.Delete(context.Background(), &prometheus)
+		if err != nil && !k8s_errors.IsNotFound(err) {
+			instance.Status.Conditions.MarkFalse(telemetryv1.PrometheusReadyCondition,
+				condition.Reason("Can't delete old Prometheus CR to remove NAD configuration"),
+				condition.SeverityError,
+				telemetryv1.PrometheusUnableToRemoveNADMessage, err)
+			Log.Error(err, "Can't delete old Prometheus CR to remove NAD configuration")
+			return ctrl.Result{}, err
+		}
+		instance.Status.NetworkAttachments = nil
 	}
 
 	// when job passed, mark NetworkAttachmentsReadyCondition ready
diff --git a/pkg/metricstorage/prometheus_nad_patch.go b/pkg/metricstorage/prometheus_nad_patch.go
@@ -0,0 +1,47 @@
+/*
+Copyright 2025.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package metricstorage
+
+import (
+	telemetryv1 "github.com/openstack-k8s-operators/telemetry-operator/api/v1beta1"
+	monv1 "github.com/rhobs/obo-prometheus-operator/pkg/apis/monitoring/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// PrometheusNAD defines patch for prometheus CR to add NAD annotations
+func PrometheusNAD(
+	instance *telemetryv1.MetricStorage,
+) monv1.Prometheus {
+	prom := monv1.Prometheus{
+		TypeMeta: metav1.TypeMeta{
+			Kind:       "Prometheus",
+			APIVersion: "monitoring.rhobs/v1",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      instance.Name,
+			Namespace: instance.Namespace,
+		},
+		Spec: monv1.PrometheusSpec{
+			CommonPrometheusFields: monv1.CommonPrometheusFields{
+				PodMetadata: &monv1.EmbeddedObjectMetadata{
+					Annotations: instance.Annotations,
+				},
+			},
+		},
+	}
+	return prom
+}
