diff --git a/credentials-operator/README.md b/credentials-operator/README.md index ee3517b9..b6fa2056 100644 --- a/credentials-operator/README.md +++ b/credentials-operator/README.md @@ -1,14 +1,15 @@ # Parameters ## Global parameters -| Key | Description | Default | -|----------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------|---------| -| `global.spire.serverServiceName` | If deployed with SPIRE, this key specifies SPIRE-server's service name. You should use either this **OR** `spire.serverAddress` (not both). | | -| `global.allowGetAllResources` | If defined overrides `allowGetAllResources`. | | | `false` | -| `global.commonAnnotations` | Annotations to add to all deployed objects | {} | -| `global.commonLabels` | Labels to add to all deployed objects | {} | -| `global.podAnnotations` | Annotations to add to all deployed pods | {} | -| `global.podLabels` | Labels to add to all deployed pods | {} | +| Key | Description | Default | +|--------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------| +| `global.spire.serverServiceName` | If deployed with SPIRE, this key specifies SPIRE-server's service name. You should use either this **OR** `spire.serverAddress` (not both). | | +| `global.allowGetAllResources` | If defined overrides `allowGetAllResources`. | | | `false` | +| `global.commonAnnotations` | Annotations to add to all deployed objects | {} | +| `global.commonLabels` | Labels to add to all deployed objects | {} | +| `global.podAnnotations` | Annotations to add to all deployed pods | {} | +| `global.podLabels` | Labels to add to all deployed pods | {} | +| `global.serviceNameOverrideAnnotationName` | Which annotation to use (in the [service name resolution algorithm](https://docs.otterize.com/reference/service-identities#kubernetes-service-identity-resolution)) for setting a pod's service name, if not the default. Use this if you already have annotations on your pods that provide the correct service name. | `intents.otterize.com/service-name` | ## SPIRE parameters diff --git a/credentials-operator/templates/deployment.yaml b/credentials-operator/templates/deployment.yaml index 823a3d17..5cd24745 100644 --- a/credentials-operator/templates/deployment.yaml +++ b/credentials-operator/templates/deployment.yaml @@ -103,6 +103,10 @@ spec: name: intents-operator-otterize-cloud-client-secret key: otterize-cloud-client-secret {{ end }} + {{ if .Values.global.serviceNameOverrideAnnotationName }} + - name: OTTERIZE_SERVICE_NAME_OVERRIDE_ANNOTATION + value: {{ .Values.global.serviceNameOverrideAnnotationName | quote }} + {{ end }} {{ if .Values.global.otterizeCloud.apiExtraCAPEMSecret }} - name: OTTERIZE_API_EXTRA_CA_PEM value: {{ template "otterize.operator.apiExtraCAPEM" }} diff --git a/credentials-operator/values.yaml b/credentials-operator/values.yaml index a2fd90f1..578066c6 100644 --- a/credentials-operator/values.yaml +++ b/credentials-operator/values.yaml @@ -28,6 +28,10 @@ global: commonLabels: {} # Annotations to add to all deployed objects commonAnnotations: {} + + # Specify an annotation name that by setting it, one can override otterize's service name resolution. + serviceNameOverrideAnnotationName: intents.otterize.com/service-name + kubebuilder_rbac_proxy: image: otterize/kubebuilder-kube-rbac-proxy tag: v0.11.0 diff --git a/intents-operator/README.md b/intents-operator/README.md index 782eb253..6e811815 100644 --- a/intents-operator/README.md +++ b/intents-operator/README.md @@ -1,10 +1,15 @@ # Parameters ## Global parameters -| Key | Description | Default | -|-------------------------------|----------------------------------------------------------------------|---------| -| `global.allowGetAllResources` | If defined overrides `allowGetAllResources`. | | -| `global.telemetry.enabled` | If set to `false`, anonymous telemetries collection will be disabled | `true` | +| Key | Description | Default | +|--------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------| +| `global.allowGetAllResources` | If defined overrides `allowGetAllResources`. | | +| `global.telemetry.enabled` | If set to `false`, anonymous telemetries collection will be disabled | `true` | +| `global.commonAnnotations` | Annotations to add to all deployed objects | {} | +| `global.commonLabels` | Labels to add to all deployed objects | {} | +| `global.podAnnotations` | Annotations to add to all deployed pods | {} | +| `global.podLabels` | Labels to add to all deployed pods | {} | +| `global.serviceNameOverrideAnnotationName` | Which annotation to use (in the [service name resolution algorithm](https://docs.otterize.com/reference/service-identities#kubernetes-service-identity-resolution)) for setting a pod's service name, if not the default. Use this if you already have annotations on your pods that provide the correct service name. | `intents.otterize.com/service-name` | ## Operator parameters | Key | Description | Default | @@ -42,10 +47,6 @@ | `global.otterizeCloud.credentials.secretKeyRef.secretKey` | If specified, the key for the clientSecret in a pre-created Kubernetes Secret to be used instead of creating a secret with the value of clientSecret. | `(none)` | | `global.otterizeCloud.apiAddress` | Overrides Otterize Cloud default API address. | `(none)` | | `global.otterizeCloud.apiExtraCAPEMSecret` | The name of a secret containing a single `CA.pem` file for an extra root CA used to connect to Otterize Cloud. The secret should be placed in the same namespace as the Otterize deployment. | `(none)` | -| `global.commonAnnotations` | Annotations to add to all deployed objects | {} | -| `global.commonLabels` | Labels to add to all deployed objects | {} | -| `global.podAnnotations` | Annotations to add to all deployed pods | {} | -| `global.podLabels` | Labels to add to all deployed pods | {} | ## Common parameters diff --git a/intents-operator/templates/intents-operator-deployment.yaml b/intents-operator/templates/intents-operator-deployment.yaml index 2036a110..e667d2d4 100644 --- a/intents-operator/templates/intents-operator-deployment.yaml +++ b/intents-operator/templates/intents-operator-deployment.yaml @@ -140,6 +140,10 @@ spec: - name: OTTERIZE_API_EXTRA_CA_PEM value: {{ template "otterize.operator.apiExtraCAPEM" }} {{ end }} + {{ if .Values.global.serviceNameOverrideAnnotationName }} + - name: OTTERIZE_SERVICE_NAME_OVERRIDE_ANNOTATION + value: {{ .Values.global.serviceNameOverrideAnnotationName | quote }} + {{ end }} volumeMounts: - mountPath: /controller_manager_config.yaml name: manager-config diff --git a/intents-operator/values.yaml b/intents-operator/values.yaml index 496bbb98..a04de485 100644 --- a/intents-operator/values.yaml +++ b/intents-operator/values.yaml @@ -64,6 +64,10 @@ global: commonLabels: {} # Annotations to add to all deployed objects commonAnnotations: {} + + # Specify an annotation name that by setting it, one can override otterize's service name resolution. + serviceNameOverrideAnnotationName: intents.otterize.com/service-name + kubebuilder_rbac_proxy: image: otterize/kubebuilder-kube-rbac-proxy tag: v0.11.0 diff --git a/network-mapper/README.md b/network-mapper/README.md index 29dfba21..0df79d0e 100644 --- a/network-mapper/README.md +++ b/network-mapper/README.md @@ -60,14 +60,15 @@ | `global.otterizeCloud.apiExtraCAPEMSecret` | The name of a secret containing a single `CA.pem` file for an extra root CA used to connect to Otterize Cloud. The secret should be placed in the same namespace as the Otterize deployment. | `(none)` | ## Global parameters -| Key | Description | Default | -|-------------------------------|----------------------------------------------------------------------|---------| -| `global.allowGetAllResources` | If defined overrides `allowGetAllResources`. | | -| `global.telemetry.enabled` | If set to `false`, anonymous telemetries collection will be disabled | `true` | -| `global.commonAnnotations` | Annotations to add to all deployed objects | {} | -| `global.commonLabels` | Labels to add to all deployed objects | {} | -| `global.podAnnotations` | Annotations to add to all deployed pods | {} | -| `global.podLabels` | Labels to add to all deployed pods | {} | +| Key | Description | Default | +|--------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------| +| `global.allowGetAllResources` | If defined overrides `allowGetAllResources`. | | +| `global.telemetry.enabled` | If set to `false`, anonymous telemetries collection will be disabled | `true` | +| `global.commonAnnotations` | Annotations to add to all deployed objects | {} | +| `global.commonLabels` | Labels to add to all deployed objects | {} | +| `global.podAnnotations` | Annotations to add to all deployed pods | {} | +| `global.podLabels` | Labels to add to all deployed pods | {} | +| `global.serviceNameOverrideAnnotationName` | Which annotation to use (in the [service name resolution algorithm](https://docs.otterize.com/reference/service-identities#kubernetes-service-identity-resolution)) for setting a pod's service name, if not the default. Use this if you already have annotations on your pods that provide the correct service name. | `intents.otterize.com/service-name` | ## Common parameters diff --git a/network-mapper/templates/istio-watcher-deployment.yaml b/network-mapper/templates/istio-watcher-deployment.yaml index 0c9c0531..fedcdd33 100644 --- a/network-mapper/templates/istio-watcher-deployment.yaml +++ b/network-mapper/templates/istio-watcher-deployment.yaml @@ -57,5 +57,9 @@ spec: value: http://{{ template "otterize.mapper.fullName" . }}:9090/query - name: OTTERIZE_DEBUG value: {{ .Values.debug | quote }} + {{ if .Values.global.serviceNameOverrideAnnotationName }} + - name: OTTERIZE_SERVICE_NAME_OVERRIDE_ANNOTATION + value: {{ .Values.global.serviceNameOverrideAnnotationName | quote }} + {{ end }} serviceAccountName: {{ template "otterize.istiowatcher.fullName" . }} {{ end }} \ No newline at end of file diff --git a/network-mapper/templates/kafka-watcher-deployment.yaml b/network-mapper/templates/kafka-watcher-deployment.yaml index e5e60950..cdcede80 100644 --- a/network-mapper/templates/kafka-watcher-deployment.yaml +++ b/network-mapper/templates/kafka-watcher-deployment.yaml @@ -61,5 +61,9 @@ spec: - name: OTTERIZE_KAFKA_SERVERS value: {{ join " " .Values.kafkawatcher.kafkaServers }} {{ end }} + {{ if .Values.global.serviceNameOverrideAnnotationName }} + - name: OTTERIZE_SERVICE_NAME_OVERRIDE_ANNOTATION + value: {{ .Values.global.serviceNameOverrideAnnotationName | quote }} + {{ end }} serviceAccountName: {{ template "otterize.kafkawatcher.fullName" . }} {{ end }} \ No newline at end of file diff --git a/network-mapper/templates/mapper-deployment.yaml b/network-mapper/templates/mapper-deployment.yaml index b1b295be..d0e1c60a 100644 --- a/network-mapper/templates/mapper-deployment.yaml +++ b/network-mapper/templates/mapper-deployment.yaml @@ -58,6 +58,10 @@ spec: - name: OTTERIZE_API_ADDRESS value: "{{ .Values.global.otterizeCloud.apiAddress }}" {{ end }} + {{ if .Values.global.serviceNameOverrideAnnotationName }} + - name: OTTERIZE_SERVICE_NAME_OVERRIDE_ANNOTATION + value: {{ .Values.global.serviceNameOverrideAnnotationName | quote }} + {{ end }} {{ if .Values.global.otterizeCloud.credentials.clientId }} - name: OTTERIZE_CLIENT_ID value: "{{ .Values.global.otterizeCloud.credentials.clientId }}" diff --git a/network-mapper/templates/sniffer-daemonset.yaml b/network-mapper/templates/sniffer-daemonset.yaml index 43128170..b487a0c9 100644 --- a/network-mapper/templates/sniffer-daemonset.yaml +++ b/network-mapper/templates/sniffer-daemonset.yaml @@ -60,6 +60,10 @@ spec: value: http://{{ template "otterize.mapper.fullName" . }}:9090/query - name: OTTERIZE_DEBUG value: {{ .Values.debug | quote }} + {{ if .Values.global.serviceNameOverrideAnnotationName }} + - name: OTTERIZE_SERVICE_NAME_OVERRIDE_ANNOTATION + value: {{ .Values.global.serviceNameOverrideAnnotationName | quote }} + {{ end }} securityContext: capabilities: add: diff --git a/network-mapper/values.yaml b/network-mapper/values.yaml index 2fa93bd5..55bb9e00 100644 --- a/network-mapper/values.yaml +++ b/network-mapper/values.yaml @@ -90,6 +90,10 @@ global: commonLabels: {} # Annotations to add to all deployed objects commonAnnotations: {} + + # Specify an annotation name that by setting it, one can override otterize's service name resolution. + serviceNameOverrideAnnotationName: intents.otterize.com/service-name + # If defined overrides `allowGetAllResources` allowGetAllResources: otterizeCloud: diff --git a/otterize-kubernetes/README.md b/otterize-kubernetes/README.md index 99d7b72c..274c58ec 100644 --- a/otterize-kubernetes/README.md +++ b/otterize-kubernetes/README.md @@ -12,18 +12,19 @@ ## Global parameters These parameters are used by multiple charts, and must be kept the same for the correct functioning of the separate components. -| Key | Description | Default | -|----------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------| -| `global.spiffe.CASubject` | The Subject that CA certificates should use (see below). | | -| `global.spiffe.CASubject.country` | SPIRE's CA certificates `Country` value. | `"US"` | -| `global.spiffe.CASubject.organization` | SPIRE's CA certificates `Organization` Value. | `"SPIRE"` | -| `global.spiffe.trustDomain` | The trust domain that SPIRE will use. | `"example.org"` | -| `global.spire.serverServiceName` | Name of the Kubernetes service that will be created for SPIRE-server. | | -| `global.allowGetAllResources` | If defined overrides `allowGetAllResources` in subcharts. Gives get, list and watch permission to watch on all resources. This is used to resolve service names when pods have owners that are custom resources. When disabled, a limited set of permissions is used that only allows access to built-in Kubernetes resources that deploy Pods and Pods themselves - Deployments, StatefulSets, DaemonSets, ReplicaSets and Services. Resolving may not be able to complete if the owning resource is not one of those. | | -| `global.commonAnnotations` | Annotations to add to all deployed objects | {} | -| `global.commonLabels` | Labels to add to all deployed objects | {} | -| `global.podAnnotations` | Annotations to add to all deployed pods | {} | -| `global.podLabels` | Labels to add to all deployed pods | {} | +| Key | Description | Default | +|--------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------| +| `global.spiffe.CASubject` | The Subject that CA certificates should use (see below). | | +| `global.spiffe.CASubject.country` | SPIRE's CA certificates `Country` value. | `"US"` | +| `global.spiffe.CASubject.organization` | SPIRE's CA certificates `Organization` Value. | `"SPIRE"` | +| `global.spiffe.trustDomain` | The trust domain that SPIRE will use. | `"example.org"` | +| `global.spire.serverServiceName` | Name of the Kubernetes service that will be created for SPIRE-server. | | +| `global.allowGetAllResources` | If defined overrides `allowGetAllResources` in subcharts. Gives get, list and watch permission to watch on all resources. This is used to resolve service names when pods have owners that are custom resources. When disabled, a limited set of permissions is used that only allows access to built-in Kubernetes resources that deploy Pods and Pods themselves - Deployments, StatefulSets, DaemonSets, ReplicaSets and Services. Resolving may not be able to complete if the owning resource is not one of those. | | +| `global.commonAnnotations` | Annotations to add to all deployed objects | {} | +| `global.commonLabels` | Labels to add to all deployed objects | {} | +| `global.podAnnotations` | Annotations to add to all deployed pods | {} | +| `global.podLabels` | Labels to add to all deployed pods | {} | +| `global.serviceNameOverrideAnnotationName` | Which annotation to use (in the [service name resolution algorithm](https://docs.otterize.com/reference/service-identities#kubernetes-service-identity-resolution)) for setting a pod's service name, if not the default. Use this if you already have annotations on your pods that provide the correct service name. | `intents.otterize.com/service-name` | ## Cloud parameters | Key | Description | Default | diff --git a/otterize-kubernetes/values.yaml b/otterize-kubernetes/values.yaml index f0ad91a7..228f8ab6 100644 --- a/otterize-kubernetes/values.yaml +++ b/otterize-kubernetes/values.yaml @@ -13,6 +13,10 @@ global: commonLabels: {} # Annotations to add to all deployed objects commonAnnotations: {} + + # Specify an annotation name that by setting it, one can override otterize's service name resolution. + serviceNameOverrideAnnotationName: intents.otterize.com/service-name + kubebuilder_rbac_proxy: image: otterize/kubebuilder-kube-rbac-proxy tag: v0.11.0