newrelic-infra-operator

command module
v0.21.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 18, 2024 License: Apache-2.0 Imports: 5 Imported by: 0

README

New Relic Open Source community project banner.

New Relic Infrastructure Operator for Kubernetes codecov

This operator automates the injection of the New Relic Infrastructure sidecar on Pods matching the configured policies.

The newrelic-infra-operator sets up a mutatingWebhookConfiguration, which allows it to modify the Pod objects that are about to be created in the cluster.

On this event, and when the Pod being created matches the user’s configured policies the operator will:

  • Add a sidecar container to the Pod, containing the New Relic Kubernetes Integration.
  • If a secret containing license key doesn't exist, create it in the same Namespace as the pod, since it is needed for the integration to report data.
  • Add the Pod’s service account to a ClusterRoleBinding previously created by the operator chart, which will grant this sidecar the required permissions to access the Kubernetes metrics endpoints.

The ClusterRoleBinding grants the following permissions to the Pod being injected:

- apiGroups: [""]
  resources:
    - "nodes"
    - "nodes/metrics"
    - "nodes/stats"
    - "nodes/proxy"
    - "pods"
    - "services"
      verbs: ["get", "list"]
- nonResourceURLs: ["/metrics"]
  verbs: ["get"]

In order to get the sidecar injected on Pods deployed before the operator has been installed, you need to manually perform a rollout (restart) of the workloads. New Relic has chosen not to do this automatically in order to prevent unexpected service disruptions and resource usage spikes.

Installation

You can install this chart using nri-bundle located in the helm-charts repository or directly from this repository by adding this Helm repository:

helm repo add newrelic-infra-operator https://newrelic.github.io/newrelic-infra-operator
helm upgrade --install newrelic-infra-operator/newrelic-infra-operator -f your-custom-values.yaml

Once deployed, it will automatically inject the sidecar in the Pod matching the policy specified. Only Pods created after the deployment of the monitoring solution will be injected with the configuration and agent.

For further information regarding the installation refer to the official docs and to the README.md and the values.yaml of the chart.

Develop, Test and Run Locally

For the development process kind and tilt tools are used.

Building

To build the image:

GOOS=linux make image

To build the binary:

GOOS=linux make build
Configure Tilt

If you want to use a kind cluster for testing, configure Tilt using the command below:

cat <<EOF > tilt_option.json
{
  "default_registry": "localhost:5000"
}
EOF

If you want to use existing Kubernetes cluster, create tilt_option.json file with content similar to below:

{
  "default_registry": "quay.io/<your username>",
  "allowed_contexts": "<kubeconfig context to use>"
}
Helm chart location

To deploy the operator, the current Tilt configuration expects the New Relic helm-charts repository to be cloned as a sibling to this repository under the name helm-charts-newrelic This repository is an authoritative source of the deployment manifests for the operator.

If you have helm-charts repository cloned into a different path, you can configure Tilt to use it by adding the following key-value pair to your local tilt_option.json file:

  "chart_path": "../../helm-charts-newrelic/charts/newrelic-infra-operator/"
Creating kind cluster

If you want to use a local kind cluster for testing, create it with command below:

make kind-up
Run

If you use a kind cluster, simply run:

make tilt-up

If you deploy on external cluster, run the command below, pointing TILT_KUBECONFIG to your kubeconfig file:

TILT_KUBECONFIG=~/.kube/config make tilt-down

Now, when you make changes to the code, the operator binary will be built locally, copied to the Pod, and then executed.

Testing
Unit testing

In order to run unit tests run:

make test
Integration and test-e2e testing

In order to run integration and test-e2e tests run:

make test-integration
make test-e2e

Notice that in order to run both integration and test-e2e tests, you will need a working environment available with the newrelic-infra-operator running. Both installing the newrelic-infra-operator chart or spinning up the environment with make tilt-up are possible options.

It is also possible to run such tests against any cluster you have access to by setting the environment variable TEST_KUBECONFIG=/your/kube/config/path.

E2E testing

In order to run E2E tests, read the E2E README for more details regarding running E2E tests.

Support

Should you need assistance with New Relic products, you are in good hands with several support diagnostic tools and support channels.

If the issue has been confirmed as a bug or is a feature request, file a GitHub issue.

Support Channels

Contribute

We encourage your contributions to improve the newrelic-infra-operator! Keep in mind that when you submit your pull request, you'll need to sign the CLA via the click-through using CLA-Assistant. You only have to sign the CLA one time per project.

If you have any questions, or to execute our corporate CLA (which is required if your contribution is on behalf of a company), drop us an email at opensource@newrelic.com.

A note about vulnerabilities

As noted in our security policy, New Relic is committed to the privacy and security of our customers and their data. We believe that providing coordinated disclosure by security researchers and engaging with the security community are important means to achieve our security goals.

If you believe you have found a security vulnerability in this project or any of New Relic's products or websites, we welcome and greatly appreciate you reporting it to New Relic through HackerOne.

If you would like to contribute to this project, review these guidelines.

To all contributors, we thank you! Without your contribution, this project would not be what it is today.

License

newrelic-infra-operator is licensed under the Apache 2.0 License.

The newrelic-infra-operator also uses source code from third-party libraries. You can find full details on which libraries are used, and the terms under which they are licensed in the third-party notices document.

Documentation

The Go Gopher

There is no documentation for this package.

Directories

Path Synopsis
internal
cli
Package cli provides CLI implementation for operator.
Package cli provides CLI implementation for operator.
mutator/pod/agent
Package agent implements injection of infrastructure-agent container into given Pod.
Package agent implements injection of infrastructure-agent container into given Pod.
operator
Package operator exports top-level operator logic for users like CLI package to consume.
Package operator exports top-level operator logic for users like CLI package to consume.
testutil
Package testutil provides common helper for tests.
Package testutil provides common helper for tests.
webhook
Package webhook provides the configuration for the different webhooks
Package webhook provides the configuration for the different webhooks
tilt_modules

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL