Fix host network (newrelic#596)

* Update hostnetwork configuration for ksm deployment

Co-authored-by: Roberto Santalla <[email protected]>
Co-authored-by: dpacheconr <[email protected]>

Author: 3 people

charts/newrelic-infrastructure/Chart.yaml

@@ -8,7 +8,7 @@ sources:
   - https://github.com/newrelic/nri-kubernetes/tree/main/charts/newrelic-infrastructure
   - https://github.com/newrelic/infrastructure-agent/
 
-version: 3.10.0
+version: 3.11.0
 appVersion: 3.6.0
 
 dependencies:

charts/newrelic-infrastructure/README.md

@@ -153,6 +153,7 @@ integrations that you have configured.
 | ksm.config.selector | string | `"app.kubernetes.io/name=kube-state-metrics"` | Label selector that will be used to automatically discover an instance of kube-state-metrics running in the cluster. |
 | ksm.config.timeout | string | `"10s"` | Timeout for the ksm API contacted by the integration |
 | ksm.enabled | bool | `true` | Enable cluster state monitoring. Advanced users only. Setting this to `false` is not supported and will break the New Relic experience. |
+| ksm.hostNetwork | bool | Not set | Sets pod's hostNetwork. When set bypasses global/common variable  |
 | ksm.resources | object | 100m/150M -/850M | Resources for the KSM scraper pod. Keep in mind that sharding is not supported at the moment, so memory usage for this component ramps up quickly on large clusters. |
 | ksm.tolerations | list | Schedules in all tainted nodes | Tolerations for the KSM Deployment. |
 | kubelet | object | See `values.yaml` | Configuration for the DaemonSet that collects metrics from the Kubelet. |
@@ -164,6 +165,7 @@ integrations that you have configured.
 | kubelet.extraEnvFrom | list | `[]` | Add user environment from configMaps or secrets as variables to the agent |
 | kubelet.extraVolumeMounts | list | `[]` | Defines where to mount volumes specified with `extraVolumes` |
 | kubelet.extraVolumes | list | `[]` | Volumes to mount in the containers |
+| kubelet.hostNetwork | bool | Not set | Sets pod's hostNetwork. When set bypasses global/common variable  |
 | kubelet.tolerations | list | Schedules in all tainted nodes | Tolerations for the control plane DaemonSet. |
 | labels | object | `{}` | Additional labels for chart objects. Can be configured also with `global.labels` |
 | licenseKey | string | `""` | This set this license key to use. Can be configured also with `global.licenseKey` |
@@ -179,7 +181,7 @@ integrations that you have configured.
 | proxy | string | `""` | Configures the integration to send all HTTP/HTTPS request through the proxy in that URL. The URL should have a standard format like `https://user:password@hostname:port`. Can be configured also with `global.proxy` |
 | rbac.create | bool | `true` | Whether the chart should automatically create the RBAC objects required to run. |
 | rbac.pspEnabled | bool | `false` | Whether the chart should create Pod Security Policy objects. |
-| selfMonitoring.pixie.enabled | bool | `true` | Enables the Pixie Health Check nri-flex config. This Flex config performs periodic checks of the Pixie /healthz and /statusz endpoints exposed by the Pixie Cloud Connector. A status for each endpoint is sent to New Relic in a pixieHealthCheck event. |
+| selfMonitoring.pixie.enabled | bool | `false` | Enables the Pixie Health Check nri-flex config. This Flex config performs periodic checks of the Pixie /healthz and /statusz endpoints exposed by the Pixie Cloud Connector. A status for each endpoint is sent to New Relic in a pixieHealthCheck event. |
 | serviceAccount | object | See `values.yaml` | Settings controlling ServiceAccount creation. |
 | serviceAccount.create | bool | `true` | Whether the chart should automatically create the ServiceAccount objects required to run. |
 | strategy | object | `type: Recreate` | Update strategy for the deployed Deployments. |

charts/newrelic-infrastructure/templates/ksm/_host_network.tpl

@@ -0,0 +1,22 @@
+{{/* Returns whether the ksm scraper should run with hostNetwork: true based on the user configuration. */}}
+{{- define "nriKubernetes.ksm.hostNetwork" -}}
+{{- /* `get` will return "" (empty string) if value is not found, and the value otherwise, so we can type-assert with kindIs */ -}}
+{{- if get .Values.ksm "hostNetwork" | kindIs "bool" -}}
+    {{- if .Values.ksm.hostNetwork -}}
+        {{- .Values.ksm.hostNetwork -}}
+    {{- end -}}
+{{- else if include "newrelic.common.hostNetwork" . -}}
+    {{- include "newrelic.common.hostNetwork" . -}}
+{{- end -}}
+{{- end -}}
+
+
+
+{{/* Abstraction of "nriKubernetes.ksm.hostNetwork" that returns true of false directly */}}
+{{- define "nriKubernetes.ksm.hostNetwork.value" -}}
+{{- if include "nriKubernetes.ksm.hostNetwork" . -}}
+    true
+{{- else -}}
+    false
+{{- end -}}
+{{- end -}}

charts/newrelic-infrastructure/templates/ksm/deployment.yaml

@@ -49,11 +49,11 @@ spec:
         {{- . | nindent 8 }}
       {{- end }}
       serviceAccountName: {{ include "newrelic.common.serviceAccount.name" . }}
-      hostNetwork: {{ include "newrelic.common.hostNetwork.value" . }}
-      {{- if include "nriKubernetes.controlPlane.hostNetwork" . }}
+      hostNetwork: {{ include "nriKubernetes.ksm.hostNetwork.value" . }}
+      {{- if include "nriKubernetes.ksm.hostNetwork" . }}
       dnsPolicy: ClusterFirstWithHostNet
       {{- end }}
-
+      
       {{- if .Values.ksm.initContainers }}
       initContainers: {{- tpl (.Values.ksm.initContainers | toYaml) . | nindent 8 }}
       {{- end }}

charts/newrelic-infrastructure/templates/kubelet/_host_network.tpl

@@ -0,0 +1,22 @@
+{{/* Returns whether the kubelet scraper should run with hostNetwork: true based on the user configuration. */}}
+{{- define "nriKubernetes.kubelet.hostNetwork" -}}
+{{- /* `get` will return "" (empty string) if value is not found, and the value otherwise, so we can type-assert with kindIs */ -}}
+{{- if get .Values.kubelet "hostNetwork" | kindIs "bool" -}}
+    {{- if .Values.kubelet.hostNetwork -}}
+        {{- .Values.kubelet.hostNetwork -}}
+    {{- end -}}
+{{- else if include "newrelic.common.hostNetwork" . -}}
+    {{- include "newrelic.common.hostNetwork" . -}}
+{{- end -}}
+{{- end -}}
+
+
+
+{{/* Abstraction of "nriKubernetes.kubelet.hostNetwork" that returns true of false directly */}}
+{{- define "nriKubernetes.kubelet.hostNetwork.value" -}}
+{{- if include "nriKubernetes.kubelet.hostNetwork" . -}}
+    true
+{{- else -}}
+    false
+{{- end -}}
+{{- end -}}

charts/newrelic-infrastructure/templates/kubelet/daemonset.yaml

@@ -50,8 +50,8 @@ spec:
         {{- . | nindent 8 }}
       {{- end }}
       serviceAccountName: {{ include "newrelic.common.serviceAccount.name" . }}
-      hostNetwork: {{ include "newrelic.common.hostNetwork.value" . }}
-      {{- if include "nriKubernetes.controlPlane.hostNetwork" . }}
+      hostNetwork: {{ include "nriKubernetes.kubelet.hostNetwork.value" . }}
+      {{- if include "nriKubernetes.kubelet.hostNetwork" . }}
       dnsPolicy: ClusterFirstWithHostNet
       {{- end }}
 

charts/newrelic-infrastructure/tests/hostNetwork_test.yaml

@@ -114,3 +114,87 @@ tests:
           path: spec.template.spec.hostNetwork
           value: true
         template: templates/kubelet/daemonset.yaml
+
+  - it: ksm hostNetwork is overridable to true
+    set:
+      licenseKey: test
+      cluster: test
+      global.hostNetwork: null
+      hostNetwork: false
+      ksm.hostNetwork: true
+    asserts:
+      - equal:
+          path: spec.template.spec.hostNetwork
+          value: true
+        template: templates/ksm/deployment.yaml
+      - equal:
+          path: spec.template.spec.hostNetwork
+          value: true
+        template: templates/controlplane/daemonset.yaml
+      - equal:
+          path: spec.template.spec.hostNetwork
+          value: false
+        template: templates/kubelet/daemonset.yaml
+
+  - it: ksm hostNetwork is overridable to false
+    set:
+      licenseKey: test
+      cluster: test
+      global.hostNetwork: null
+      hostNetwork: true
+      ksm.hostNetwork: false
+    asserts:
+      - equal:
+          path: spec.template.spec.hostNetwork
+          value: false
+        template: templates/ksm/deployment.yaml
+      - equal:
+          path: spec.template.spec.hostNetwork
+          value: true
+        template: templates/controlplane/daemonset.yaml
+      - equal:
+          path: spec.template.spec.hostNetwork
+          value: true
+        template: templates/kubelet/daemonset.yaml
+
+  - it: kubelet hostNetwork is overridable to true
+    set:
+      licenseKey: test
+      cluster: test
+      global.hostNetwork: null
+      hostNetwork: false
+      kubelet.hostNetwork: true
+    asserts:
+      - equal:
+          path: spec.template.spec.hostNetwork
+          value: false
+        template: templates/ksm/deployment.yaml
+      - equal:
+          path: spec.template.spec.hostNetwork
+          value: true
+        template: templates/controlplane/daemonset.yaml
+      - equal:
+          path: spec.template.spec.hostNetwork
+          value: true
+        template: templates/kubelet/daemonset.yaml
+
+  - it: kubelet hostNetwork is overridable to false
+    set:
+      licenseKey: test
+      cluster: test
+      global.hostNetwork: null
+      hostNetwork: true
+      kubelet.hostNetwork: false
+    asserts:
+      - equal:
+          path: spec.template.spec.hostNetwork
+          value: true
+        template: templates/ksm/deployment.yaml
+      - equal:
+          path: spec.template.spec.hostNetwork
+          value: true
+        template: templates/controlplane/daemonset.yaml
+      - equal:
+          path: spec.template.spec.hostNetwork
+          value: false
+        template: templates/kubelet/daemonset.yaml

charts/newrelic-infrastructure/values.yaml

@@ -84,6 +84,9 @@ kubelet:
     - operator: "Exists"
       effect: "NoExecute"
   nodeSelector: {}
+  # -- (bool) Sets pod's hostNetwork. When set bypasses global/common variable
+  # @default -- Not set
+  hostNetwork:
   affinity: {}
   # -- Config for the Infrastructure agent that will forward the metrics to the backend and will run the integrations in this cluster.
   # It will be merged with the configuration in `.common.agentConfig`. You can see all the agent configurations in
@@ -133,6 +136,9 @@ ksm:
     - operator: "Exists"
       effect: "NoExecute"
   nodeSelector: {}
+  # -- (bool) Sets pod's hostNetwork. When set bypasses global/common variable
+  # @default -- Not set
+  hostNetwork:
   # -- Affinity for the KSM Deployment.
   # @default -- Deployed in the same node as KSM
   affinity: