Add annotations for tenant and projectID to service (#350)

* Add annotations for tenant and projectID to servicemointor

* Use correct namespace

* Switch annotation names

* Add annotations to service as well

* Only fetch configMap once

* Renaming

* Renaming

* Add comment

* Make the name of the sidecars config map configurable (and thereby properly separate different postgres installs in the same cluster)

Author: eberlep

controllers/postgres_controller.go

@@ -14,6 +14,7 @@ import (
 	"fmt"
 	"net/http"
 	"net/url"
+	"strconv"
 	"strings"
 
 	"github.com/go-logr/logr"
@@ -23,10 +24,12 @@ import (
 	"k8s.io/utils/pointer"
 
 	firewall "github.com/metal-stack/firewall-controller/api/v1"
+	coreosv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/apimachinery/pkg/util/intstr"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
@@ -36,6 +39,13 @@ import (
 	"github.com/fi-ts/postgreslet/pkg/operatormanager"
 )
 
+const (
+	postgresExporterServiceName                    string = "postgres-exporter"
+	postgresExporterServicePortName                string = "metrics"
+	postgresExporterServiceTenantAnnotationName    string = pg.TenantLabelName
+	postgresExporterServiceProjectIDAnnotationName string = pg.ProjectIDLabelName
+)
+
 // requeue defines in how many seconds a requeue should happen
 var requeue = ctrl.Result{
 	Requeue: true,
@@ -53,6 +63,8 @@ type PostgresReconciler struct {
 	recorder                    record.EventRecorder
 	PgParamBlockList            map[string]bool
 	StandbyClustersSourceRanges []string
+	PostgresletNamespace        string
+	SidecarsConfigMapName       string
 }
 
 // Reconcile is the entry point for postgres reconciliation.
@@ -105,6 +117,11 @@ func (r *PostgresReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c
 		}
 		log.Info("corresponding Service of type LoadBalancer deleted")
 
+		// delete the postgres-exporter service
+		if err := r.deleteExporterSidecarService(ctx, namespace); client.IgnoreNotFound(err) != nil {
+			return ctrl.Result{}, fmt.Errorf("error while deleting the postgres-exporter service: %w", err)
+		}
+
 		if err := r.deleteZPostgresqlByLabels(ctx, matchingLabels, namespace); err != nil {
 			r.recorder.Eventf(instance, "Warning", "Error", "failed to delete Zalando resource: %v", err)
 			return ctrl.Result{}, err
@@ -183,7 +200,29 @@ func (r *PostgresReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c
 		return ctrl.Result{}, fmt.Errorf("unable to create or update egress ClusterwideNetworkPolicy: %w", err)
 	}
 
-	if err := r.createOrUpdateZalandoPostgresql(ctx, instance, log); err != nil {
+	// try to fetch the global sidecars configmap
+	cns := types.NamespacedName{
+		Namespace: r.PostgresletNamespace,
+		Name:      r.SidecarsConfigMapName,
+	}
+	globalSidecarsCM := &corev1.ConfigMap{}
+	if err := r.SvcClient.Get(ctx, cns, globalSidecarsCM); err != nil {
+		// configmap with configuration does not exists, nothing we can do here...
+		return ctrl.Result{}, fmt.Errorf("could not fetch config for sidecars")
+	}
+	// Add services for our sidecars
+	namespace := instance.ToPeripheralResourceNamespace()
+	if err := r.createOrUpdateExporterSidecarServices(ctx, namespace, globalSidecarsCM, instance); err != nil {
+		return ctrl.Result{}, fmt.Errorf("error while creating sidecars services %v: %w", namespace, err)
+	}
+
+	// Add service monitor for our exporter sidecar
+	err := r.createOrUpdateExporterSidecarServiceMonitor(ctx, namespace, instance)
+	if err != nil {
+		return ctrl.Result{}, fmt.Errorf("error while creating sidecars servicemonitor %v: %w", namespace, err)
+	}
+
+	if err := r.createOrUpdateZalandoPostgresql(ctx, instance, log, globalSidecarsCM); err != nil {
 		r.recorder.Eventf(instance, "Warning", "Error", "failed to create Zalando resource: %v", err)
 		return ctrl.Result{}, fmt.Errorf("failed to create or update zalando postgresql: %w", err)
 	}
@@ -224,21 +263,7 @@ func (r *PostgresReconciler) SetupWithManager(mgr ctrl.Manager) error {
 		Complete(r)
 }
 
-func (r *PostgresReconciler) createOrUpdateZalandoPostgresql(ctx context.Context, instance *pg.Postgres, log logr.Logger) error {
-	// Get the sidecar config
-	// try to fetch the global sidecars configmap
-	cns := types.NamespacedName{
-		// TODO don't use string literals here! name is dependent of the release name of the helm chart!
-		Namespace: "postgreslet-system",
-		Name:      "postgreslet-postgres-sidecars",
-	}
-	c := &corev1.ConfigMap{}
-	if err := r.SvcClient.Get(ctx, cns, c); err != nil {
-		// configmap with configuration does not exists, nothing we can do here...
-		log.Info("could not fetch config for sidecars")
-		c = nil
-	}
-
+func (r *PostgresReconciler) createOrUpdateZalandoPostgresql(ctx context.Context, instance *pg.Postgres, log logr.Logger, sidecarsCM *corev1.ConfigMap) error {
 	var restoreBackupConfig *pg.BackupConfig
 	var restoreSouceInstance *pg.Postgres
 	if instance.Spec.PostgresRestore != nil {
@@ -273,7 +298,7 @@ func (r *PostgresReconciler) createOrUpdateZalandoPostgresql(ctx context.Context
 			return fmt.Errorf("failed to fetch zalando postgresql: %w", err)
 		}
 
-		u, err := instance.ToUnstructuredZalandoPostgresql(nil, c, r.StorageClass, r.PgParamBlockList, restoreBackupConfig, restoreSouceInstance)
+		u, err := instance.ToUnstructuredZalandoPostgresql(nil, sidecarsCM, r.StorageClass, r.PgParamBlockList, restoreBackupConfig, restoreSouceInstance)
 		if err != nil {
 			return fmt.Errorf("failed to convert to unstructured zalando postgresql: %w", err)
 		}
@@ -289,7 +314,7 @@ func (r *PostgresReconciler) createOrUpdateZalandoPostgresql(ctx context.Context
 	// Update zalando postgresql
 	mergeFrom := client.MergeFrom(rawZ.DeepCopy())
 
-	u, err := instance.ToUnstructuredZalandoPostgresql(rawZ, c, r.StorageClass, r.PgParamBlockList, restoreBackupConfig, restoreSouceInstance)
+	u, err := instance.ToUnstructuredZalandoPostgresql(rawZ, sidecarsCM, r.StorageClass, r.PgParamBlockList, restoreBackupConfig, restoreSouceInstance)
 	if err != nil {
 		return fmt.Errorf("failed to convert to unstructured zalando postgresql: %w", err)
 	}
@@ -748,3 +773,171 @@ func (r *PostgresReconciler) getBackupConfig(ctx context.Context, ns, name strin
 	}
 	return &backupConfig, nil
 }
+
+// createOrUpdateExporterSidecarServices ensures the neccessary services to acces the sidecars exist
+func (r *PostgresReconciler) createOrUpdateExporterSidecarServices(ctx context.Context, namespace string, c *corev1.ConfigMap, in *pg.Postgres) error {
+	log := r.Log.WithValues("namespace", namespace)
+
+	exporterServicePort, error := strconv.ParseInt(c.Data["postgres-exporter-service-port"], 10, 32)
+	if error != nil {
+		// todo log error
+		exporterServicePort = 9187
+	}
+
+	exporterServiceTargetPort, error := strconv.ParseInt(c.Data["postgres-exporter-service-target-port"], 10, 32)
+	if error != nil {
+		// todo log error
+		exporterServiceTargetPort = exporterServicePort
+	}
+
+	pes := &corev1.Service{}
+
+	if err := r.SetName(pes, postgresExporterServiceName); err != nil {
+		return fmt.Errorf("error while setting the name of the postgres-exporter service to %v: %w", namespace, err)
+	}
+	if err := r.SetNamespace(pes, namespace); err != nil {
+		return fmt.Errorf("error while setting the namespace of the postgres-exporter service to %v: %w", namespace, err)
+	}
+	labels := map[string]string{
+		// "application": "spilo", // TODO check if we still need that label, IsOperatorDeletable won't work anymore if we set it.
+		"app": "postgres-exporter",
+	}
+	if err := r.SetLabels(pes, labels); err != nil {
+		return fmt.Errorf("error while setting the labels of the postgres-exporter service to %v: %w", labels, err)
+	}
+	annotations := map[string]string{
+		postgresExporterServiceTenantAnnotationName:    in.Spec.Tenant,
+		postgresExporterServiceProjectIDAnnotationName: in.Spec.ProjectID,
+	}
+	if err := r.SetAnnotations(pes, annotations); err != nil {
+		return fmt.Errorf("error while setting the annotations of the postgres-exporter service to %v: %w", annotations, err)
+	}
+
+	pes.Spec.Ports = []corev1.ServicePort{
+		{
+			Name:       postgresExporterServicePortName,
+			Port:       int32(exporterServicePort),
+			Protocol:   corev1.ProtocolTCP,
+			TargetPort: intstr.FromInt(int(exporterServiceTargetPort)),
+		},
+	}
+	selector := map[string]string{
+		"application": "spilo",
+	}
+	pes.Spec.Selector = selector
+	pes.Spec.Type = corev1.ServiceTypeClusterIP
+
+	// try to fetch any existing postgres-exporter service
+	ns := types.NamespacedName{
+		Namespace: namespace,
+		Name:      postgresExporterServiceName,
+	}
+	old := &corev1.Service{}
+	if err := r.SvcClient.Get(ctx, ns, old); err == nil {
+		// service exists, overwriting it (but using the same clusterip)
+		pes.Spec.ClusterIP = old.Spec.ClusterIP
+		pes.ObjectMeta.ResourceVersion = old.GetObjectMeta().GetResourceVersion()
+		if err := r.SvcClient.Update(ctx, pes); err != nil {
+			return fmt.Errorf("error while updating the postgres-exporter service: %w", err)
+		}
+		log.Info("postgres-exporter service updated")
+		return nil
+	}
+	// todo: handle errors other than `NotFound`
+
+	// local servicemonitor does not exist, creating it
+	if err := r.SvcClient.Create(ctx, pes); err != nil {
+		return fmt.Errorf("error while creating the postgres-exporter service: %w", err)
+	}
+	log.Info("postgres-exporter service created")
+
+	return nil
+}
+
+// createOrUpdateExporterSidecarServiceMonitor ensures the servicemonitors for the sidecars exist
+func (r *PostgresReconciler) createOrUpdateExporterSidecarServiceMonitor(ctx context.Context, namespace string, in *pg.Postgres) error {
+	log := r.Log.WithValues("namespace", namespace)
+
+	pesm := &coreosv1.ServiceMonitor{}
+
+	// TODO what's the correct name?
+	if err := r.SetName(pesm, postgresExporterServiceName); err != nil {
+		return fmt.Errorf("error while setting the name of the postgres-exporter servicemonitor to %v: %w", namespace, err)
+	}
+	if err := r.SetNamespace(pesm, namespace); err != nil {
+		return fmt.Errorf("error while setting the namespace of the postgres-exporter servicemonitor to %v: %w", namespace, err)
+	}
+	labels := map[string]string{
+		"app":     "postgres-exporter",
+		"release": "prometheus",
+	}
+	if err := r.SetLabels(pesm, labels); err != nil {
+		return fmt.Errorf("error while setting the namespace of the postgres-exporter servicemonitor to %v: %w", namespace, err)
+	}
+	annotations := map[string]string{
+		postgresExporterServiceTenantAnnotationName:    in.Spec.Tenant,
+		postgresExporterServiceProjectIDAnnotationName: in.Spec.ProjectID,
+	}
+	if err := r.SetAnnotations(pesm, annotations); err != nil {
+		return fmt.Errorf("error while setting the annotations of the postgres-exporter service monitor to %v: %w", annotations, err)
+	}
+
+	pesm.Spec.Endpoints = []coreosv1.Endpoint{
+		{
+			Port: postgresExporterServicePortName,
+		},
+	}
+	pesm.Spec.NamespaceSelector = coreosv1.NamespaceSelector{
+		MatchNames: []string{namespace},
+	}
+	matchLabels := map[string]string{
+		// TODO use extraced string
+		"app": "postgres-exporter",
+	}
+	pesm.Spec.Selector = metav1.LabelSelector{
+		MatchLabels: matchLabels,
+	}
+
+	// try to fetch any existing postgres-exporter service
+	ns := types.NamespacedName{
+		Namespace: namespace,
+		Name:      postgresExporterServiceName,
+	}
+	old := &coreosv1.ServiceMonitor{}
+	if err := r.SvcClient.Get(ctx, ns, old); err == nil {
+		// Copy the resource version
+		pesm.ObjectMeta.ResourceVersion = old.ObjectMeta.ResourceVersion
+		if err := r.SvcClient.Update(ctx, pesm); err != nil {
+			return fmt.Errorf("error while updating the postgres-exporter servicemonitor: %w", err)
+		}
+		log.Info("postgres-exporter servicemonitor updated")
+		return nil
+	}
+	// todo: handle errors other than `NotFound`
+
+	// local servicemonitor does not exist, creating it
+	if err := r.SvcClient.Create(ctx, pesm); err != nil {
+		return fmt.Errorf("error while creating the postgres-exporter servicemonitor: %w", err)
+	}
+	log.Info("postgres-exporter servicemonitor created")
+
+	return nil
+}
+
+func (r *PostgresReconciler) deleteExporterSidecarService(ctx context.Context, namespace string) error {
+	log := r.Log.WithValues("namespace", namespace)
+
+	s := &corev1.Service{}
+	if err := r.SetName(s, postgresExporterServiceName); err != nil {
+		return fmt.Errorf("error while setting the name of the postgres-exporter service to delete to %v: %w", postgresExporterServiceName, err)
+	}
+	if err := r.SetNamespace(s, namespace); err != nil {
+		return fmt.Errorf("error while setting the namespace of the postgres-exporter service to delete to %v: %w", namespace, err)
+	}
+	if err := r.SvcClient.Delete(ctx, s); err != nil {
+		return fmt.Errorf("error while deleting the postgres-exporter service: %w", err)
+	}
+	log.Info("postgres-exporter service deleted")
+
+	return nil
+}

main.go

@@ -53,6 +53,8 @@ const (
 	pgParamBlockListFlg            = "postgres-param-blocklist"
 	majorVersionUpgradeModeFlg     = "major-version-upgrade-mode"
 	standbyClustersSourceRangesFlg = "standby-clusters-source-ranges"
+	postgresletNamespaceFlg        = "postgreslet-namespace"
+	sidecarsCMNameFlg              = "sidecars-configmap-name"
 )
 
 var (
@@ -71,7 +73,7 @@ func init() {
 }
 
 func main() {
-	var metricsAddrCtrlMgr, metricsAddrSvcMgr, partitionID, tenant, ctrlClusterKubeconfig, pspName, lbIP, storageClass, postgresImage, etcdHost, operatorImage, majorVersionUpgradeMode string
+	var metricsAddrCtrlMgr, metricsAddrSvcMgr, partitionID, tenant, ctrlClusterKubeconfig, pspName, lbIP, storageClass, postgresImage, etcdHost, operatorImage, majorVersionUpgradeMode, postgresletNamespace, sidecarsCMName string
 	var enableLeaderElection, enableCRDValidation bool
 	var portRangeStart, portRangeSize int
 	var pgParamBlockList map[string]bool
@@ -143,6 +145,12 @@ func main() {
 	viper.SetDefault(standbyClustersSourceRangesFlg, "255.255.255.255/32")
 	standbyClusterSourceRanges = viper.GetStringSlice(standbyClustersSourceRangesFlg)
 
+	viper.SetDefault(postgresletNamespaceFlg, "postgreslet-system")
+	postgresletNamespace = viper.GetString(postgresletNamespaceFlg)
+
+	viper.SetDefault(sidecarsCMNameFlg, "postgreslet-postgres-sidecars")
+	sidecarsCMName = viper.GetString(sidecarsCMNameFlg)
+
 	ctrl.SetLogger(zap.New(zap.UseDevMode(true)))
 
 	ctrl.Log.Info("flag",
@@ -164,6 +172,8 @@ func main() {
 		pgParamBlockListFlg, pgParamBlockList,
 		majorVersionUpgradeModeFlg, majorVersionUpgradeMode,
 		standbyClustersSourceRangesFlg, standbyClusterSourceRanges,
+		postgresletNamespaceFlg, postgresletNamespace,
+		sidecarsCMNameFlg, sidecarsCMName,
 	)
 
 	svcClusterConf := ctrl.GetConfigOrDie()
@@ -203,6 +213,8 @@ func main() {
 		EtcdHost:                etcdHost,
 		CRDValidation:           enableCRDValidation,
 		MajorVersionUpgradeMode: majorVersionUpgradeMode,
+		PostgresletNamespace:    postgresletNamespace,
+		SidecarsConfigMapName:   sidecarsCMName,
 	}
 	opMgr, err := operatormanager.New(svcClusterConf, "external/svc-postgres-operator.yaml", scheme, ctrl.Log.WithName("OperatorManager"), opMgrOpts)
 	if err != nil {
@@ -227,6 +239,8 @@ func main() {
 		LBManager:                   lbmanager.New(svcClusterMgr.GetClient(), lbMgrOpts),
 		PgParamBlockList:            pgParamBlockList,
 		StandbyClustersSourceRanges: standbyClusterSourceRanges,
+		PostgresletNamespace:        postgresletNamespace,
+		SidecarsConfigMapName:       sidecarsCMName,
 	}).SetupWithManager(ctrlPlaneClusterMgr); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "Postgres")
 		os.Exit(1)