Require Kubernetes API monitoring config for extensions (#4334)

Dynatrace · Jan 23, 2025 · 111fac0 · 111fac0
1 parent 60b7a5c
commit 111fac0
Show file tree

Hide file tree

Showing 4 changed files with 130 additions and 1 deletion.
diff --git a/pkg/api/validation/dynakube/eec_test.go b/pkg/api/validation/dynakube/eec_test.go
@@ -20,7 +20,12 @@ func TestExtensionExecutionControllerImage(t *testing.T) {
 			&dynakube.DynaKube{
 				ObjectMeta: defaultDynakubeObjectMeta,
 				Spec: dynakube.DynaKubeSpec{
-					APIURL:     testApiUrl,
+					APIURL: testApiUrl,
+					ActiveGate: activegate.Spec{
+						Capabilities: []activegate.CapabilityDisplayName{
+							activegate.KubeMonCapability.DisplayName,
+						},
+					},
 					Extensions: &dynakube.ExtensionsSpec{},
 					Templates: dynakube.TemplatesSpec{
 						ExtensionExecutionController: dynakube.ExtensionExecutionControllerSpec{
@@ -42,6 +47,11 @@ func TestExtensionExecutionControllerImage(t *testing.T) {
 				Spec: dynakube.DynaKubeSpec{
 					APIURL:     testApiUrl,
 					Extensions: &dynakube.ExtensionsSpec{},
+					ActiveGate: activegate.Spec{
+						Capabilities: []activegate.CapabilityDisplayName{
+							activegate.KubeMonCapability.DisplayName,
+						},
+					},
 					Templates: dynakube.TemplatesSpec{
 						ExtensionExecutionController: dynakube.ExtensionExecutionControllerSpec{
 							ImageRef: image.Ref{
@@ -61,6 +71,11 @@ func TestExtensionExecutionControllerImage(t *testing.T) {
 				Spec: dynakube.DynaKubeSpec{
 					APIURL:     testApiUrl,
 					Extensions: &dynakube.ExtensionsSpec{},
+					ActiveGate: activegate.Spec{
+						Capabilities: []activegate.CapabilityDisplayName{
+							activegate.KubeMonCapability.DisplayName,
+						},
+					},
 					Templates: dynakube.TemplatesSpec{
 						ExtensionExecutionController: dynakube.ExtensionExecutionControllerSpec{
 							ImageRef: image.Ref{
@@ -80,6 +95,11 @@ func TestExtensionExecutionControllerImage(t *testing.T) {
 				Spec: dynakube.DynaKubeSpec{
 					APIURL:     testApiUrl,
 					Extensions: &dynakube.ExtensionsSpec{},
+					ActiveGate: activegate.Spec{
+						Capabilities: []activegate.CapabilityDisplayName{
+							activegate.KubeMonCapability.DisplayName,
+						},
+					},
 				},
 			})
 	})
@@ -93,6 +113,11 @@ func TestExtensionExecutionControllerPVCSettings(t *testing.T) {
 				Spec: dynakube.DynaKubeSpec{
 					APIURL:     testApiUrl,
 					Extensions: &dynakube.ExtensionsSpec{},
+					ActiveGate: activegate.Spec{
+						Capabilities: []activegate.CapabilityDisplayName{
+							activegate.KubeMonCapability.DisplayName,
+						},
+					},
 					Templates: dynakube.TemplatesSpec{
 						ExtensionExecutionController: dynakube.ExtensionExecutionControllerSpec{
 							ImageRef: image.Ref{
@@ -113,6 +138,11 @@ func TestExtensionExecutionControllerPVCSettings(t *testing.T) {
 				Spec: dynakube.DynaKubeSpec{
 					APIURL:     testApiUrl,
 					Extensions: &dynakube.ExtensionsSpec{},
+					ActiveGate: activegate.Spec{
+						Capabilities: []activegate.CapabilityDisplayName{
+							activegate.KubeMonCapability.DisplayName,
+						},
+					},
 					Templates: dynakube.TemplatesSpec{
 						ExtensionExecutionController: dynakube.ExtensionExecutionControllerSpec{
 							ImageRef: image.Ref{
@@ -133,6 +163,11 @@ func TestExtensionExecutionControllerPVCSettings(t *testing.T) {
 				Spec: dynakube.DynaKubeSpec{
 					APIURL:     testApiUrl,
 					Extensions: &dynakube.ExtensionsSpec{},
+					ActiveGate: activegate.Spec{
+						Capabilities: []activegate.CapabilityDisplayName{
+							activegate.KubeMonCapability.DisplayName,
+						},
+					},
 					Templates: dynakube.TemplatesSpec{
 						ExtensionExecutionController: dynakube.ExtensionExecutionControllerSpec{
 							ImageRef: image.Ref{
@@ -155,6 +190,9 @@ func TestWarnIfmultiplyDKwithExtensionsEnabled(t *testing.T) {
 	}
 	// we want to exclude AG resources warning.
 	agSpec := activegate.Spec{
+		Capabilities: []activegate.CapabilityDisplayName{
+			activegate.KubeMonCapability.DisplayName,
+		},
 		CapabilityProperties: activegate.CapabilityProperties{
 			Resources: corev1.ResourceRequirements{
 				Limits: corev1.ResourceList{

diff --git a/pkg/api/validation/dynakube/extensions.go b/pkg/api/validation/dynakube/extensions.go
@@ -0,0 +1,19 @@
+package validation
+
+import (
+	"context"
+
+	"github.com/Dynatrace/dynatrace-operator/pkg/api/v1beta3/dynakube"
+)
+
+const (
+	errorExtensionsWithoutK8SMonitoring = "The Dynakube's specification enables extensions without an ActiveGate which has Kubernetes monitoring enabled. This is not feasible, as the cluster will not be visible in Dynatrace without the Kubernetes monitoring feature."
+)
+
+func extensionsWithoutK8SMonitoring(ctx context.Context, dv *Validator, dk *dynakube.DynaKube) string {
+	if dk.IsExtensionsEnabled() && (!dk.ActiveGate().IsKubernetesMonitoringEnabled() || !dk.FeatureAutomaticKubernetesApiMonitoring()) {
+		return errorExtensionsWithoutK8SMonitoring
+	}
+
+	return ""
+}
diff --git a/pkg/api/validation/dynakube/extensions_test.go b/pkg/api/validation/dynakube/extensions_test.go
@@ -0,0 +1,71 @@
+package validation
+
+import (
+	"testing"
+
+	"github.com/Dynatrace/dynatrace-operator/pkg/api/shared/image"
+	"github.com/Dynatrace/dynatrace-operator/pkg/api/v1beta3/dynakube"
+	"github.com/Dynatrace/dynatrace-operator/pkg/api/v1beta3/dynakube/activegate"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+const testDynakubeName = "dynakube"
+
+func TestExtensionsWithoutK8SMonitoring(t *testing.T) {
+	t.Run("no error if extensions are enabled with activegate with k8s-monitoring", func(t *testing.T) {
+		dk := createStandaloneExtensionsDynakube(testDynakubeName, testApiUrl)
+		dk.Spec.ActiveGate = activegate.Spec{
+			Capabilities: []activegate.CapabilityDisplayName{
+				activegate.KubeMonCapability.DisplayName,
+			},
+		}
+		assertAllowed(t, dk)
+	})
+	t.Run("error if extensions are enabled without activegate with k8s-monitoring", func(t *testing.T) {
+		assertDenied(t,
+			[]string{errorExtensionsWithoutK8SMonitoring},
+			createStandaloneExtensionsDynakube(testDynakubeName, testApiUrl))
+	})
+	t.Run("error if extensions are enabled with activegate with k8s-monitoring but automatic Kuberenetes API monitoring is disabled", func(t *testing.T) {
+		dk := createStandaloneExtensionsDynakube(testDynakubeName, testApiUrl)
+		dk.ObjectMeta.Annotations = map[string]string{
+			dynakube.AnnotationFeatureAutomaticK8sApiMonitoring: "false",
+		}
+		dk.Spec.ActiveGate = activegate.Spec{
+			Capabilities: []activegate.CapabilityDisplayName{
+				activegate.KubeMonCapability.DisplayName,
+			},
+		}
+		assertDenied(t, []string{errorExtensionsWithoutK8SMonitoring}, dk)
+	})
+	t.Run("error if extensions are enabled but automatic Kuberenetes API monitoring is disabled and without activgate k8s-monitoring", func(t *testing.T) {
+		dk := createStandaloneExtensionsDynakube(testDynakubeName, testApiUrl)
+		dk.ObjectMeta.Annotations = map[string]string{
+			dynakube.AnnotationFeatureAutomaticK8sApiMonitoring: "false",
+		}
+		assertDenied(t, []string{errorExtensionsWithoutK8SMonitoring}, dk)
+	})
+}
+
+func createStandaloneExtensionsDynakube(name, apiUrl string) *dynakube.DynaKube {
+	dk := &dynakube.DynaKube{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      name,
+			Namespace: testNamespace,
+		},
+		Spec: dynakube.DynaKubeSpec{
+			APIURL:     apiUrl,
+			Extensions: &dynakube.ExtensionsSpec{},
+			Templates: dynakube.TemplatesSpec{
+				ExtensionExecutionController: dynakube.ExtensionExecutionControllerSpec{
+					ImageRef: image.Ref{
+						Repository: "repo/image",
+						Tag:        "version",
+					},
+				},
+			},
+		},
+	}
+
+	return dk
+}
diff --git a/pkg/api/validation/dynakube/validation.go b/pkg/api/validation/dynakube/validation.go
@@ -57,6 +57,7 @@ var (
 		emptyTelemetryServiceProtocolsList,
 		unknownTelemetryServiceProtocols,
 		duplicatedTelemetryServiceProtocols,
+		extensionsWithoutK8SMonitoring,
 	}
 	validatorWarningFuncs = []validatorFunc{
 		missingActiveGateMemoryLimit,