dynatrace-operator icon indicating copy to clipboard operation
dynatrace-operator copied to clipboard

Published 20 hours ago verified publisher icon Dynatrace

Remove nodes-controller

Open albertogdd opened this issue 6 months ago • 10 comments

https://dt-rnd.atlassian.net/browse/DAQ-3933

Description

Remove nodes-controller from the operator.

How can this be tested?

  • Deploy a Dynakube and check that no nodes-controller-cache ConfigMap exists. (you may need to manually remove the old one)

albertogdd avatar May 05 '25 12:05 albertogdd

Still need to remove code related to (it's written in ticket BTW):

* https://github.com/dynatrace/dynatrace-operator/blob/86e608b5a4d3729bc46849bb8e89df78eead2cf7/pkg/clients/dynatrace/dynatrace_client_test.go#L198-L199

* https://github.com/dynatrace/dynatrace-operator/blob/f85df8f8f7fb174496f39f32bc94cba84c8656cd/pkg/clients/dynatrace/endpoints.go#L86-L89

* https://github.com/dynatrace/dynatrace-operator/blob/5dabec1f1656a1a8590ac0ee4b5dfaadee8b1b91/pkg/clients/dynatrace/dynatrace_client.go#L190-L209

You are right. I think this can also be removed:

https://github.com/Dynatrace/dynatrace-operator/blob/main/pkg/clients/dynatrace/endpoints.go#L56

waodim avatar May 05 '25 12:05 waodim

Fixed your comments @waodim @andriisoldatenko The only thing missing is the token scopes mentioned in the ticket. Aren't those assigned via UI and not through code?

albertogdd avatar May 06 '25 13:05 albertogdd

@albertogdd

The only thing missing is the token scopes mentioned in the ticket.

I think the ticket is talking about this: https://github.com/Dynatrace/dynatrace-operator/blob/dae7fd7db8cf7000e15832e88a617f063a0e5b8c/pkg/clients/dynatrace/client.go#L115

because we check for it, we should remove the check the rest can come later (docs, cluster etc)

it can be a nice test to:

  1. Generate new token on the UI without DataExport scope
  2. Use it with the Operator
  3. Everything works (we would otherwise fail at the very beginning)

0sewa0 avatar May 06 '25 13:05 0sewa0

@albertogdd ~i'm thinking about we don't need anymore extra permissions for Operator for list/watch/get nodes https://github.com/dynatrace/dynatrace-operator/blob/ef5511cf77142570501edeb24cbed918050d2331/config/helm/chart/default/templates/Common/operator/clusterrole-operator.yaml#L26-L27 cc @0sewa0 don't we?~

andriisoldatenko avatar May 06 '25 13:05 andriisoldatenko

@andriisoldatenko

cc @0sewa0 don't we?

yes, but not for long: (soon the initgeneration package will be obsolete ) https://github.com/Dynatrace/dynatrace-operator/blob/dae7fd7db8cf7000e15832e88a617f063a0e5b8c/pkg/injection/namespace/initgeneration/initgeneration.go#L263-L275

0sewa0 avatar May 06 '25 13:05 0sewa0

@0sewa0 I just got recommended from support guys to use the new app to check this kind of things, currently I'm testing it too, but it takes a bit until you remove the dynakube and it gets recognized by the tenant etc. image

albertogdd avatar May 07 '25 11:05 albertogdd

~@albertogdd the host screen has big red exclamation marks, that shouldn't be there 😅~ not relevant

0sewa0 avatar May 07 '25 11:05 0sewa0

Tested on my tenant, resizing the cluster from 3 nodes to 2, I can see the k8s node shutdown event being sent :+1: image

albertogdd avatar May 07 '25 13:05 albertogdd

Testing dynakube with a token without the "DataExport" scope image Event exists in removed node after resizing cluster image No errors seen on operator logs/events

albertogdd avatar May 07 '25 13:05 albertogdd

ConfigMap dynatrace-node-cache doesn't get removed. I just tested upgrading the operator from the main branch to the feature branch, and the ConfigMap is left in the cluster. Gonna write it in the release notes of the story.

albertogdd avatar May 07 '25 13:05 albertogdd