-
Notifications
You must be signed in to change notification settings - Fork 480
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Validate all env. vars. before starting injecting env. vars #1141
Changes from 5 commits
34127db
134c44e
928b2e0
ff8d0e3
2a6569c
0b2fce7
d703287
cea2e0d
2710133
400fc2a
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change | ||||
---|---|---|---|---|---|---|
|
@@ -40,11 +40,19 @@ const ( | |||||
dotNetStartupHookPath = "/otel-auto-instrumentation/netcoreapp3.1/OpenTelemetry.AutoInstrumentation.StartupHook.dll" | ||||||
) | ||||||
|
||||||
func injectDotNetSDK(logger logr.Logger, dotNetSpec v1alpha1.DotNet, pod corev1.Pod, index int) corev1.Pod { | ||||||
// caller checks if there is at least one container | ||||||
container := pod.Spec.Containers[index] | ||||||
func injectDotNetSDK(logger logr.Logger, dotNetSpec v1alpha1.DotNet, pod corev1.Pod, index int) (corev1.Pod, bool) { | ||||||
|
||||||
// inject env vars | ||||||
// caller checks if there is at least one container. | ||||||
container := &pod.Spec.Containers[index] | ||||||
|
||||||
// validate container environment variables. | ||||||
err := validateContainerEnv(container.Env, envDotNetStartupHook, envDotNetAdditionalDeps, envDotNetSharedStore) | ||||||
if err != nil { | ||||||
logger.Info("Skipping DotNet SDK injection", "reason:", err.Error(), "container Name", container.Name) | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think this is how
Suggested change
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Done There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Feel free to resolve |
||||||
return pod, false | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I would prefer if we return There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @pellared I didn't get your point (The caller is already doing some logging). There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I also think that as a rule of thumb the function should either log or return an error. Returning There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. What is more, if func injectDotNetSDK(dotNetSpec v1alpha1.DotNet, pod corev1.Pod, index int) (corev1.Pod, error) There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. If we return the error from
Because if want to propagate the error further in the call stack then we need to modify the signature of inject function too. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. That is correct There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Done There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Feel free to resolve |
||||||
} | ||||||
|
||||||
// inject .Net instrumentation spec env vars. | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. typo:
Suggested change
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Done There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Feel free to resolve |
||||||
for _, env := range dotNetSpec.Env { | ||||||
idx := getIndexOfEnv(container.Env, env.Name) | ||||||
if idx == -1 { | ||||||
|
@@ -57,40 +65,26 @@ func injectDotNetSDK(logger logr.Logger, dotNetSpec v1alpha1.DotNet, pod corev1. | |||||
concatEnvValues = true | ||||||
) | ||||||
|
||||||
if !trySetEnvVar(logger, &container, envDotNetCoreClrEnableProfiling, dotNetCoreClrEnableProfilingEnabled, doNotConcatEnvValues) { | ||||||
return pod | ||||||
} | ||||||
setDotNetEnvVar(container, envDotNetCoreClrEnableProfiling, dotNetCoreClrEnableProfilingEnabled, doNotConcatEnvValues) | ||||||
|
||||||
if !trySetEnvVar(logger, &container, envDotNetCoreClrProfiler, dotNetCoreClrProfilerId, doNotConcatEnvValues) { | ||||||
return pod | ||||||
} | ||||||
setDotNetEnvVar(container, envDotNetCoreClrProfiler, dotNetCoreClrProfilerId, doNotConcatEnvValues) | ||||||
|
||||||
if !trySetEnvVar(logger, &container, envDotNetCoreClrProfilerPath, dotNetCoreClrProfilerPath, doNotConcatEnvValues) { | ||||||
return pod | ||||||
} | ||||||
setDotNetEnvVar(container, envDotNetCoreClrProfilerPath, dotNetCoreClrProfilerPath, doNotConcatEnvValues) | ||||||
|
||||||
if !trySetEnvVar(logger, &container, envDotNetStartupHook, dotNetStartupHookPath, concatEnvValues) { | ||||||
return pod | ||||||
} | ||||||
setDotNetEnvVar(container, envDotNetStartupHook, dotNetStartupHookPath, concatEnvValues) | ||||||
|
||||||
if !trySetEnvVar(logger, &container, envDotNetAdditionalDeps, dotNetAdditionalDepsPath, concatEnvValues) { | ||||||
return pod | ||||||
} | ||||||
setDotNetEnvVar(container, envDotNetAdditionalDeps, dotNetAdditionalDepsPath, concatEnvValues) | ||||||
|
||||||
if !trySetEnvVar(logger, &container, envDotNetOTelAutoHome, dotNetOTelAutoHomePath, doNotConcatEnvValues) { | ||||||
return pod | ||||||
} | ||||||
setDotNetEnvVar(container, envDotNetOTelAutoHome, dotNetOTelAutoHomePath, doNotConcatEnvValues) | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think that we should additionally validate that the @Kielek do you agree? I think it would be better addressed in a separate issue/PR. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Yeah. We should address this one in separate PR specific to .Net. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I created #1156. Free free to resolve this comment. |
||||||
|
||||||
if !trySetEnvVar(logger, &container, envDotNetSharedStore, dotNetSharedStorePath, concatEnvValues) { | ||||||
return pod | ||||||
} | ||||||
setDotNetEnvVar(container, envDotNetSharedStore, dotNetSharedStorePath, concatEnvValues) | ||||||
|
||||||
container.VolumeMounts = append(container.VolumeMounts, corev1.VolumeMount{ | ||||||
Name: volumeName, | ||||||
MountPath: "/otel-auto-instrumentation", | ||||||
}) | ||||||
|
||||||
// We just inject Volumes and init containers for the first processed container | ||||||
// We just inject Volumes and init containers for the first processed container. | ||||||
if isInitContainerMissing(pod) { | ||||||
pod.Spec.Volumes = append(pod.Spec.Volumes, corev1.Volume{ | ||||||
Name: volumeName, | ||||||
|
@@ -108,30 +102,20 @@ func injectDotNetSDK(logger logr.Logger, dotNetSpec v1alpha1.DotNet, pod corev1. | |||||
}}, | ||||||
}) | ||||||
} | ||||||
|
||||||
pod.Spec.Containers[index] = container | ||||||
return pod | ||||||
return pod, true | ||||||
} | ||||||
|
||||||
func trySetEnvVar(logger logr.Logger, container *corev1.Container, envVarName string, envVarValue string, concatValues bool) bool { | ||||||
// set env var to the container. | ||||||
func setDotNetEnvVar(container *corev1.Container, envVarName string, envVarValue string, concatValues bool) { | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I suggest describing what There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Done There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Feel free to resolve |
||||||
idx := getIndexOfEnv(container.Env, envVarName) | ||||||
if idx < 0 { | ||||||
container.Env = append(container.Env, corev1.EnvVar{ | ||||||
Name: envVarName, | ||||||
Value: envVarValue, | ||||||
}) | ||||||
return true | ||||||
return | ||||||
} | ||||||
|
||||||
if container.Env[idx].ValueFrom != nil { | ||||||
// TODO add to status object or submit it as an event | ||||||
logger.Info("Skipping DotNet SDK injection, the container defines env var value via ValueFrom", "envVar", envVarName, "container", container.Name) | ||||||
return false | ||||||
} | ||||||
|
||||||
if concatValues { | ||||||
container.Env[idx].Value = fmt.Sprintf("%s:%s", container.Env[idx].Value, envVarValue) | ||||||
} | ||||||
|
||||||
return true | ||||||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think that most of the comments are redundant.
IMO
// caller checks if there is at least one container.
it is valid comment, but putting information// validate container environment variables.
in front ofvalidateContainerEnv
does not make sense.Please check whole PR in this context.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Feel free to resolve