From e7d035b08515b139eedba8d54e84956f18e06f5d Mon Sep 17 00:00:00 2001 From: Peter Stranak Date: Mon, 15 Dec 2025 08:52:08 +0100 Subject: [PATCH 1/3] Mark Pods deployed by k8s collector with "sw.k8s.deployedbycollector" --- deploy/helm/events-collector-config.yaml | 16 ++++++- deploy/helm/metrics-collector-config.yaml | 39 ++++++++++++++- deploy/helm/templates/_helpers.tpl | 1 + ...events-collector-config-map_test.yaml.snap | 47 +++++++++++++++++++ ...ollector-config-map-fargate_test.yaml.snap | 13 +++++ ...etrics-collector-config-map_test.yaml.snap | 39 +++++++++++++++ .../target-allocator_test.yaml.snap | 3 +- deploy/helm/values.yaml | 19 +++++++- 8 files changed, 173 insertions(+), 4 deletions(-) diff --git a/deploy/helm/events-collector-config.yaml b/deploy/helm/events-collector-config.yaml index 630c4d81..821ccaa8 100644 --- a/deploy/helm/events-collector-config.yaml +++ b/deploy/helm/events-collector-config.yaml @@ -326,7 +326,7 @@ processors: transform/entity_attributes: log_statements: - statements: - # do not create/update endities from events + # do not create/update entities from events - set(resource.attributes["sw.entity.noupdate"], "true") - set(resource.attributes["k8s.pod.name"], resource.attributes["k8s.object.name"]) where resource.attributes["k8s.object.kind"] == "Pod" @@ -371,6 +371,18 @@ processors: statements: - set(resource.attributes["sw.k8s.service.type"], log.body["spec"]["type"]) where log.body["spec"]["type"] != nil + transform/remove_deployed_by_collector_label_if_from_different_namespace: + error_mode: ignore + log_statements: + - conditions: + - resource.attributes["sw.k8s.log.type"] == "entitystateevent" + and log.attributes["otel.entity.attributes"] != nil + and log.attributes["otel.entity.attributes"]["sw.k8s.deployedbycollector"] == true + and log.attributes["otel.entity.id"] != nil + and log.attributes["otel.entity.id"]["k8s.namespace.name"] != "{{ .Release.Namespace }}" + statements: + - delete_key(log.attributes["otel.entity.attributes"], "sw.k8s.deployedbycollector") + transform/set_labels_and_annotations_for_entities: error_mode: ignore log_statements: @@ -746,6 +758,7 @@ service: - resource/manifest - resourcedetection/providers - k8seventgeneration + - transform/remove_deployed_by_collector_label_if_from_different_namespace - groupbyattrs/serviceendpointsmapping - transform/serviceendpointsmapping-renamepodip - k8sattributes @@ -793,6 +806,7 @@ service: - resource/manifest - k8sattributes - k8seventgeneration + - transform/remove_deployed_by_collector_label_if_from_different_namespace {{- if eq (include "isNamespacesFilterEnabled" .) "true" }} - filter/namespaces {{- end }} diff --git a/deploy/helm/metrics-collector-config.yaml b/deploy/helm/metrics-collector-config.yaml index 4008a48c..9ae06a5e 100644 --- a/deploy/helm/metrics-collector-config.yaml +++ b/deploy/helm/metrics-collector-config.yaml @@ -34,7 +34,34 @@ extensions: processors: k8sattributes: -{{ include "common.k8s-instrumentation" . | indent 4 }} + auth_type: "serviceAccount" + passthrough: false + extract: + metadata: + - k8s.pod.name + - k8s.deployment.name + - k8s.replicaset.name + - k8s.daemonset.name + - k8s.job.name + - k8s.cronjob.name + - k8s.statefulset.name + - k8s.node.name + labels: + - tag_name: sw.k8s.deployedbycollector + key: swo.cloud.solarwinds.com/deployed-with-k8s-collector + from: pod + pod_association: + - sources: + - from: resource_attribute + name: k8s.pod.name + - from: resource_attribute + name: k8s.namespace.name + - sources: + - from: resource_attribute + name: k8s.pod.ip + - from: resource_attribute + name: k8s.namespace.name + memory_limiter: {{ toYaml .Values.otel.metrics.memory_limiter | indent 4 }} transform: @@ -939,6 +966,15 @@ processors: )' {{- end }} + transform/remove_deployed_by_collector_label_if_from_different_namespace: + error_mode: ignore + metric_statements: + - conditions: + - resource.attributes["sw.k8s.deployedbycollector"] == "true" + and resource.attributes["k8s.namespace.name"] != "{{ .Release.Namespace }}" + statements: + - delete_key(resource.attributes, "sw.k8s.deployedbycollector") + connectors: forward/prometheus: {} forward/metric-exporter: {} @@ -1241,6 +1277,7 @@ service: - groupbyattrs/all - resource/metrics - k8sattributes + - transform/remove_deployed_by_collector_label_if_from_different_namespace - transform/cleanup_attributes_for_nonexisting_entities {{- if eq (include "isNamespacesFilterEnabled" .) "true" }} - filter/namespaces diff --git a/deploy/helm/templates/_helpers.tpl b/deploy/helm/templates/_helpers.tpl index 149dcc63..0356e439 100644 --- a/deploy/helm/templates/_helpers.tpl +++ b/deploy/helm/templates/_helpers.tpl @@ -79,6 +79,7 @@ app.kubernetes.io/managed-by: {{ .Release.Name }} helm.sh/chart: {{ include "common.chart" . }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} +swo.cloud.solarwinds.com/deployed-with-k8s-collector: "true" {{- if .Values.commonLabels}} {{ toYaml .Values.commonLabels }} {{- end }} diff --git a/deploy/helm/tests/__snapshot__/events-collector-config-map_test.yaml.snap b/deploy/helm/tests/__snapshot__/events-collector-config-map_test.yaml.snap index 207734da..4cc025fe 100644 --- a/deploy/helm/tests/__snapshot__/events-collector-config-map_test.yaml.snap +++ b/deploy/helm/tests/__snapshot__/events-collector-config-map_test.yaml.snap @@ -527,6 +527,16 @@ Custom events filter with new syntax: log_statements: - statements: - set(log.attributes["sw.namespace"], "sw.events.inframon.k8s") + transform/remove_deployed_by_collector_label_if_from_different_namespace: + error_mode: ignore + log_statements: + - conditions: + - resource.attributes["sw.k8s.log.type"] == "entitystateevent" and log.attributes["otel.entity.attributes"] + != nil and log.attributes["otel.entity.attributes"]["sw.k8s.deployedbycollector"] + == true and log.attributes["otel.entity.id"] != nil and log.attributes["otel.entity.id"]["k8s.namespace.name"] + != "NAMESPACE" + statements: + - delete_key(log.attributes["otel.entity.attributes"], "sw.k8s.deployedbycollector") transform/scope: log_statements: - statements: @@ -948,6 +958,7 @@ Custom events filter with new syntax: - resource/manifest - resourcedetection/providers - k8seventgeneration + - transform/remove_deployed_by_collector_label_if_from_different_namespace - groupbyattrs/serviceendpointsmapping - transform/serviceendpointsmapping-renamepodip - k8sattributes @@ -974,6 +985,7 @@ Custom events filter with new syntax: - resource/manifest - k8sattributes - k8seventgeneration + - transform/remove_deployed_by_collector_label_if_from_different_namespace receivers: - swok8sobjects/keepalive logs/serviceendpointsmapping: @@ -1541,6 +1553,16 @@ Custom events filter with old syntax: log_statements: - statements: - set(log.attributes["sw.namespace"], "sw.events.inframon.k8s") + transform/remove_deployed_by_collector_label_if_from_different_namespace: + error_mode: ignore + log_statements: + - conditions: + - resource.attributes["sw.k8s.log.type"] == "entitystateevent" and log.attributes["otel.entity.attributes"] + != nil and log.attributes["otel.entity.attributes"]["sw.k8s.deployedbycollector"] + == true and log.attributes["otel.entity.id"] != nil and log.attributes["otel.entity.id"]["k8s.namespace.name"] + != "NAMESPACE" + statements: + - delete_key(log.attributes["otel.entity.attributes"], "sw.k8s.deployedbycollector") transform/scope: log_statements: - statements: @@ -1962,6 +1984,7 @@ Custom events filter with old syntax: - resource/manifest - resourcedetection/providers - k8seventgeneration + - transform/remove_deployed_by_collector_label_if_from_different_namespace - groupbyattrs/serviceendpointsmapping - transform/serviceendpointsmapping-renamepodip - k8sattributes @@ -1988,6 +2011,7 @@ Custom events filter with old syntax: - resource/manifest - k8sattributes - k8seventgeneration + - transform/remove_deployed_by_collector_label_if_from_different_namespace receivers: - swok8sobjects/keepalive logs/serviceendpointsmapping: @@ -2548,6 +2572,16 @@ Events config should match snapshot when using default values: log_statements: - statements: - set(log.attributes["sw.namespace"], "sw.events.inframon.k8s") + transform/remove_deployed_by_collector_label_if_from_different_namespace: + error_mode: ignore + log_statements: + - conditions: + - resource.attributes["sw.k8s.log.type"] == "entitystateevent" and log.attributes["otel.entity.attributes"] + != nil and log.attributes["otel.entity.attributes"]["sw.k8s.deployedbycollector"] + == true and log.attributes["otel.entity.id"] != nil and log.attributes["otel.entity.id"]["k8s.namespace.name"] + != "NAMESPACE" + statements: + - delete_key(log.attributes["otel.entity.attributes"], "sw.k8s.deployedbycollector") transform/scope: log_statements: - statements: @@ -2968,6 +3002,7 @@ Events config should match snapshot when using default values: - resource/manifest - resourcedetection/providers - k8seventgeneration + - transform/remove_deployed_by_collector_label_if_from_different_namespace - groupbyattrs/serviceendpointsmapping - transform/serviceendpointsmapping-renamepodip - k8sattributes @@ -2994,6 +3029,7 @@ Events config should match snapshot when using default values: - resource/manifest - k8sattributes - k8seventgeneration + - transform/remove_deployed_by_collector_label_if_from_different_namespace receivers: - swok8sobjects/keepalive logs/serviceendpointsmapping: @@ -3422,6 +3458,16 @@ Events config should not contain manifest collection pipeline when disabled: log_statements: - statements: - set(log.attributes["sw.namespace"], "sw.events.inframon.k8s") + transform/remove_deployed_by_collector_label_if_from_different_namespace: + error_mode: ignore + log_statements: + - conditions: + - resource.attributes["sw.k8s.log.type"] == "entitystateevent" and log.attributes["otel.entity.attributes"] + != nil and log.attributes["otel.entity.attributes"]["sw.k8s.deployedbycollector"] + == true and log.attributes["otel.entity.id"] != nil and log.attributes["otel.entity.id"]["k8s.namespace.name"] + != "NAMESPACE" + statements: + - delete_key(log.attributes["otel.entity.attributes"], "sw.k8s.deployedbycollector") transform/scope: log_statements: - statements: @@ -3677,6 +3723,7 @@ Events config should not contain manifest collection pipeline when disabled: - resource/manifest - resourcedetection/providers - k8seventgeneration + - transform/remove_deployed_by_collector_label_if_from_different_namespace - groupbyattrs/serviceendpointsmapping - transform/serviceendpointsmapping-renamepodip - k8sattributes diff --git a/deploy/helm/tests/__snapshot__/metrics-collector-config-map-fargate_test.yaml.snap b/deploy/helm/tests/__snapshot__/metrics-collector-config-map-fargate_test.yaml.snap index 5705fcff..8f657787 100644 --- a/deploy/helm/tests/__snapshot__/metrics-collector-config-map-fargate_test.yaml.snap +++ b/deploy/helm/tests/__snapshot__/metrics-collector-config-map-fargate_test.yaml.snap @@ -452,6 +452,10 @@ Metrics config should match snapshot when using default values: k8sattributes: auth_type: serviceAccount extract: + labels: + - from: pod + key: swo.cloud.solarwinds.com/deployed-with-k8s-collector + tag_name: sw.k8s.deployedbycollector metadata: - k8s.pod.name - k8s.deployment.name @@ -1497,6 +1501,14 @@ Metrics config should match snapshot when using default values: - statements: - set(resource.attributes["sw.entity.noupdate"], "true") where resource.attributes["k8s.node.name"] != nil + transform/remove_deployed_by_collector_label_if_from_different_namespace: + error_mode: ignore + metric_statements: + - conditions: + - resource.attributes["sw.k8s.deployedbycollector"] == "true" and resource.attributes["k8s.namespace.name"] + != "NAMESPACE" + statements: + - delete_key(resource.attributes, "sw.k8s.deployedbycollector") transform/scope: metric_statements: - statements: @@ -1763,6 +1775,7 @@ Metrics config should match snapshot when using default values: - groupbyattrs/all - resource/metrics - k8sattributes + - transform/remove_deployed_by_collector_label_if_from_different_namespace - transform/cleanup_attributes_for_nonexisting_entities - filter/remove_temporary_metrics receivers: diff --git a/deploy/helm/tests/__snapshot__/metrics-collector-config-map_test.yaml.snap b/deploy/helm/tests/__snapshot__/metrics-collector-config-map_test.yaml.snap index c8e99326..7c56587f 100644 --- a/deploy/helm/tests/__snapshot__/metrics-collector-config-map_test.yaml.snap +++ b/deploy/helm/tests/__snapshot__/metrics-collector-config-map_test.yaml.snap @@ -452,6 +452,10 @@ Metrics config should match snapshot when fargate is enabled: k8sattributes: auth_type: serviceAccount extract: + labels: + - from: pod + key: swo.cloud.solarwinds.com/deployed-with-k8s-collector + tag_name: sw.k8s.deployedbycollector metadata: - k8s.pod.name - k8s.deployment.name @@ -1497,6 +1501,14 @@ Metrics config should match snapshot when fargate is enabled: - statements: - set(resource.attributes["sw.entity.noupdate"], "true") where resource.attributes["k8s.node.name"] != nil + transform/remove_deployed_by_collector_label_if_from_different_namespace: + error_mode: ignore + metric_statements: + - conditions: + - resource.attributes["sw.k8s.deployedbycollector"] == "true" and resource.attributes["k8s.namespace.name"] + != "NAMESPACE" + statements: + - delete_key(resource.attributes, "sw.k8s.deployedbycollector") transform/scope: metric_statements: - statements: @@ -1763,6 +1775,7 @@ Metrics config should match snapshot when fargate is enabled: - groupbyattrs/all - resource/metrics - k8sattributes + - transform/remove_deployed_by_collector_label_if_from_different_namespace - transform/cleanup_attributes_for_nonexisting_entities - filter/remove_temporary_metrics receivers: @@ -2257,6 +2270,10 @@ Metrics config should match snapshot when using Prometheus url with extra_scrape k8sattributes: auth_type: serviceAccount extract: + labels: + - from: pod + key: swo.cloud.solarwinds.com/deployed-with-k8s-collector + tag_name: sw.k8s.deployedbycollector metadata: - k8s.pod.name - k8s.deployment.name @@ -3302,6 +3319,14 @@ Metrics config should match snapshot when using Prometheus url with extra_scrape - statements: - set(resource.attributes["sw.entity.noupdate"], "true") where resource.attributes["k8s.node.name"] != nil + transform/remove_deployed_by_collector_label_if_from_different_namespace: + error_mode: ignore + metric_statements: + - conditions: + - resource.attributes["sw.k8s.deployedbycollector"] == "true" and resource.attributes["k8s.namespace.name"] + != "NAMESPACE" + statements: + - delete_key(resource.attributes, "sw.k8s.deployedbycollector") transform/scope: metric_statements: - statements: @@ -3503,6 +3528,7 @@ Metrics config should match snapshot when using Prometheus url with extra_scrape - groupbyattrs/all - resource/metrics - k8sattributes + - transform/remove_deployed_by_collector_label_if_from_different_namespace - transform/cleanup_attributes_for_nonexisting_entities - filter/remove_temporary_metrics receivers: @@ -4004,6 +4030,10 @@ Metrics config should match snapshot when using default values: k8sattributes: auth_type: serviceAccount extract: + labels: + - from: pod + key: swo.cloud.solarwinds.com/deployed-with-k8s-collector + tag_name: sw.k8s.deployedbycollector metadata: - k8s.pod.name - k8s.deployment.name @@ -5049,6 +5079,14 @@ Metrics config should match snapshot when using default values: - statements: - set(resource.attributes["sw.entity.noupdate"], "true") where resource.attributes["k8s.node.name"] != nil + transform/remove_deployed_by_collector_label_if_from_different_namespace: + error_mode: ignore + metric_statements: + - conditions: + - resource.attributes["sw.k8s.deployedbycollector"] == "true" and resource.attributes["k8s.namespace.name"] + != "NAMESPACE" + statements: + - delete_key(resource.attributes, "sw.k8s.deployedbycollector") transform/scope: metric_statements: - statements: @@ -5235,6 +5273,7 @@ Metrics config should match snapshot when using default values: - groupbyattrs/all - resource/metrics - k8sattributes + - transform/remove_deployed_by_collector_label_if_from_different_namespace - transform/cleanup_attributes_for_nonexisting_entities - filter/remove_temporary_metrics receivers: diff --git a/deploy/helm/tests/__snapshot__/target-allocator_test.yaml.snap b/deploy/helm/tests/__snapshot__/target-allocator_test.yaml.snap index 0cbce08e..70d60544 100644 --- a/deploy/helm/tests/__snapshot__/target-allocator_test.yaml.snap +++ b/deploy/helm/tests/__snapshot__/target-allocator_test.yaml.snap @@ -7,7 +7,7 @@ Target Allocator deployment spec should match snapshot: template: metadata: annotations: - checksum/config: 3c56cadd046598061587a72aef09bfea163380638912acf86c47a1a39c7bce6d + checksum/config: 9c6d7cded0e280222d07c522b1d2036c7671ffac5ff89ba8abdaedfc7ff8393e labels: app: swi-k8s-opentelemet-swo-k8s-collector-prometheus-discovery-ta app.kubernetes.io/instance: swi-k8s-opentelemetry-collector-swo-k8s-collector @@ -15,6 +15,7 @@ Target Allocator deployment spec should match snapshot: app.kubernetes.io/part-of: swo-k8s-collector app.kubernetes.io/version: 1.0.0 helm.sh/chart: swo-k8s-collector-1.0.0 + swo.cloud.solarwinds.com/deployed-with-k8s-collector: "true" spec: affinity: nodeAffinity: diff --git a/deploy/helm/values.yaml b/deploy/helm/values.yaml index c8619728..14f5e3af 100644 --- a/deploy/helm/values.yaml +++ b/deploy/helm/values.yaml @@ -1003,6 +1003,9 @@ kube-state-metrics: - kube_endpoint_address - kube_configmap_created + podLabels: + swo.cloud.solarwinds.com/deployed-with-k8s-collector: "true" + # DEPRECATED: Node exporter is deployed only in case opencost section is enabled. Otherwise this section can be ignored. # prometheus-node-exporter: @@ -1242,6 +1245,8 @@ operator: go: repository: "" tag: "" + podLabels: + swo.cloud.solarwinds.com/deployed-with-k8s-collector: "true" admissionWebhooks: certManager: enabled: true @@ -1256,9 +1261,17 @@ operator: certmanager: enabled: false installCRDs: true + podLabels: + swo.cloud.solarwinds.com/deployed-with-k8s-collector: "true" + webhook: + podLabels: + swo.cloud.solarwinds.com/deployed-with-k8s-collector: "true" + cainjector: + podLabels: + swo.cloud.solarwinds.com/deployed-with-k8s-collector: "true" # Wait jobs ensure that subcharts are fully deployed before any resources deployed by post-install hooks -# which avoids unnecessary installation failues (e.g. OpenTelemetryCollector custom resources should be deployed after operator is fully functional) +# which avoids unnecessary installation failures (e.g. OpenTelemetryCollector custom resources should be deployed after operator is fully functional) waitJobs: # is valid only if `operator.enable=true`, otherwise is ignored operator: @@ -1338,6 +1351,7 @@ trivy-operator: trivyOperator: scanJobNodeSelector: kubernetes.io/os: linux + scanJobPodTemplateLabels: "swo.cloud.solarwinds.com/deployed-with-k8s-collector=true" operator: # Currently only Image Vulnerability Scanning is supported, other features are TBD vulnerabilityScannerEnabled: true @@ -1360,6 +1374,9 @@ trivy-operator: # Another option of providing access to private registries is to use managed registries, which will involve modifying the operator's service account # See https://aquasecurity.github.io/trivy-operator/v0.29.0/docs/vulnerability-scanning/managed-registries/ for configuration steps + podLabels: + swo.cloud.solarwinds.com/deployed-with-k8s-collector: "true" + # Configuration for migration jobs that handle upgrades between chart versions migrations: # Cleanup job for OpenTelemetryCollector CR of discovery collector when migrating from 4.x.x to 5.x.x chart version From 6883bc8f68b7e206236b1d76b650a22449e739ea Mon Sep 17 00:00:00 2001 From: etichy Date: Wed, 17 Dec 2025 09:35:24 +0100 Subject: [PATCH 2/3] Adjust version --- deploy/helm/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/helm/Chart.yaml b/deploy/helm/Chart.yaml index 77fb6560..09f104f3 100644 --- a/deploy/helm/Chart.yaml +++ b/deploy/helm/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: swo-k8s-collector -version: 5.1.0-alpha.1 -appVersion: 0.140.1 +version: 5.1.0-alpha.2 +appVersion: 0.140.3 description: SolarWinds Kubernetes Integration keywords: - monitoring From 2a4532513dc91d21617c9611260e2471db1ee14c Mon Sep 17 00:00:00 2001 From: etichy Date: Wed, 17 Dec 2025 09:41:15 +0100 Subject: [PATCH 3/3] Fix --- .github/workflows/buildAndTestHelm.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/buildAndTestHelm.yml b/.github/workflows/buildAndTestHelm.yml index 042b0d37..2ed13174 100644 --- a/.github/workflows/buildAndTestHelm.yml +++ b/.github/workflows/buildAndTestHelm.yml @@ -45,7 +45,7 @@ jobs: run: helm template deploy/helm --include-crds --no-hooks - name: Install Unit test plugin - run: helm plugin install https://github.com/helm-unittest/helm-unittest.git + run: helm plugin install https://github.com/helm-unittest/helm-unittest.git --version v1.0.2 - name: Run unit tests run: helm unittest deploy/helm