fix(linkrule): add per-rule dedup ID

kubewharf · Dec 5, 2023 · 571996f · 571996f
1 parent 84b725b
commit 571996f
Show file tree

Hide file tree

Showing 18 changed files with 251 additions and 74 deletions.
diff --git a/.editorconfig b/.editorconfig
@@ -22,7 +22,7 @@ indent_style = space
 indent_size = 4
 
 [*.sh]
-indent_style = tab
+indent_style = space
 indent_size = 2
 
 [*.dot]

diff --git a/charts/kelemetry/templates/_helpers.yaml b/charts/kelemetry/templates/_helpers.yaml
@@ -114,6 +114,7 @@ span-cache-etcd-prefix: {{ .Values.aggregator.spanCache.etcd.prefix | toJson }}
 linker-worker-count: {{ .Values.linkers.workerCount }}
 annotation-linker-enable: {{ .Values.linkers.annotation }}
 owner-linker-enable: {{ .Values.linkers.ownerReference }}
+rule-linker-enable: {{ .Values.linkers.rule }}
 
 {{/* TRACER */}}
 tracer-otel-endpoint: {{.Release.Name}}-collector.{{.Release.Namespace}}.svc:4317

diff --git a/charts/kelemetry/values.yaml b/charts/kelemetry/values.yaml
@@ -339,6 +339,8 @@ linkers:
   ownerReference: true
   # Enable the annotation linker, which links objects based on the `kelemetry.kubewharf.io/parent-link` annotation.
   annotation: true
+    # Enable the rule linker, which links objects using rules in the `LinkRule` CRD in the corresponding cluster.
+  rule: true
 
 # Object cache is an LRU cache for reusing lazily-fetched objects.
 objectCache:

diff --git a/crds/samples/helm-release-link-rule.yaml b/crds/samples/helm-release-link-rule.yaml
@@ -10,8 +10,8 @@ targetTemplate:
   group: ""
   version: v1
   resource: secrets
-  namespaceTemplate: '{{.metadata.annotations["meta.helm.sh/release-namespace"]}}'
-  nameTemplate: '{{.metadata.annotations["meta.helm.sh/release-name"]}}'
+  namespaceTemplate: '{{.metadata.annotations | index "meta.helm.sh/release-namespace"}}'
+  nameTemplate: '{{.metadata.annotations | index "meta.helm.sh/release-name"}}'
 link:
   targetRole: Parent
   class: templates
diff --git a/crds/samples/pod-secret.yaml b/crds/samples/pod-secret.yaml
@@ -0,0 +1,22 @@
+apiVersion: kelemetry.kubewharf.io/v1alpha1
+kind: LinkRule
+metadata:
+  name: pod-secret
+sourceFilter:
+  resources:
+    - group: ""
+      resource: pods
+targetTemplate:
+  group: ""
+  version: v1
+  resource: secrets
+  namespaceTemplate: "{{.metadata.namespace}}"
+  nameTemplate: |
+    {{- range .spec.volumes -}}
+      {{- if .secret -}}
+        {{- .secret.secretName -}},
+      {{- end -}}
+    {{- end -}}
+link:
+  targetRole: Child
+  class: volumes
diff --git a/e2e/run-all.sh b/e2e/run-all.sh
@@ -4,6 +4,8 @@ set -euo pipefail
 
 cd $(dirname $0)
 
+export REPO_PATH=$(realpath ..)
+
 export TEST_DISPLAY_MODE="21000000"
 
 export DISPLAY_MODES="${TEST_DISPLAY_MODE} ${DISPLAY_MODES:-}"

diff --git a/e2e/secret-link/client.sh b/e2e/secret-link/client.sh
@@ -0,0 +1,39 @@
+#!/usr/bin/env bash
+
+kubectl create -f ${REPO_PATH}/crds/samples/pod-secret.yaml
+
+kubectl create secret generic content
+
+kubectl create -f - << EOF
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: reader
+  labels:
+    app: reader
+spec:
+  selector:
+    matchLabels:
+      app: reader
+  replicas: 2
+  template:
+    metadata:
+      labels:
+        app: reader
+    spec:
+      containers:
+        - name: reader
+          command: ["sleep", "infinity"]
+          image: alpine:3.16
+          volumeMounts:
+            - name: content
+              mountPath: /mnt/content
+      volumes:
+        - name: content
+          secret:
+            secretName: content
+EOF
+sleep 10
+
+kubectl delete deployment/reader secret/content
+sleep 20
diff --git a/e2e/secret-link/config.sh b/e2e/secret-link/config.sh
@@ -0,0 +1,9 @@
+local TRACE_DISPLAY_NAME="Volume links"
+local TEST_DISPLAY_MODE="24100000"
+
+declare -A TRACE_SEARCH_TAGS
+TRACE_SEARCH_TAGS[cluster]=tracetest
+TRACE_SEARCH_TAGS[group]=apps
+TRACE_SEARCH_TAGS[resource]=deployments
+TRACE_SEARCH_TAGS[namespace]=default
+TRACE_SEARCH_TAGS[name]=reader
diff --git a/e2e/secret-link/validate.jq b/e2e/secret-link/validate.jq
@@ -0,0 +1,17 @@
+include "assert";
+include "graph";
+
+.data[0]
+| ._ = (
+  # check tags
+  .spans
+    | root
+    | .tags | from_entries
+    | assertEq("root span is deployment"; .resource; "deployments")
+    | assertEq("root span has the correct name"; .name; "reader")
+) | ._ = (
+  # check that secret is linked
+  .spans
+    | map(select(.tags | from_entries | .resource == "secrets" and .name == "content"))
+    | assertEq("has content"; length; 1)
+) | null
diff --git a/hack/tfconfig.yaml b/hack/tfconfig.yaml
@@ -75,6 +75,13 @@ modifiers:
         - linkClass: children
           fromChild: false
       downwardDistance: 3
+  "00100000":
+    # include secrets under pods
+    displayName: volume secrets
+    modifierName: link-selector
+    args:
+      ifAll:
+        - linkClass: volumes
 
 # Uncomment to enable extension trace from apiserver
 #   "00000001":

diff --git a/pkg/aggregator/linker/linker.go b/pkg/aggregator/linker/linker.go
@@ -27,8 +27,16 @@ type Linker interface {
 }
 
 type LinkerResult struct {
-	Object  utilobject.Rich
-	Role    zconstants.LinkRoleValue
-	Class   string
+	// The linked object.
+	Object utilobject.Rich
+	// Determines whether the linked object should be displayed as a parent or child of the object span.
+	Role zconstants.LinkRoleValue
+	// Classifies links to help with link selection in tfconfig.
+	Class string
+	// DedupId is a variable in a span cache key that distinguishes the link pseudospan
+	// from other pseudospans in the same object in the same time window.
+	//
+	// This ID shall be consistent such that the link pseudospan does not get recreated many times,
+	// and shall be unique such that each link creator maintains its own links.
 	DedupId string
 }