grafana-operator icon indicating copy to clipboard operation
grafana-operator copied to clipboard
verified publisher icon grafana

[Bug] instanceSelector.matchExpressions not working for GrafanaDatasource

Open sebbbastien opened this issue 1 year ago • 1 comments

Describe the bug instanceSelector.matchExpressions does not work as expected.

Version Operator version: v5.6.1

To Reproduce Steps to reproduce the behavior:

  1. Apply this yaml:
apiVersion: grafana.integreatly.org/v1beta1
kind: Grafana
metadata:
  name: grafana-production
  labels:
    env: production
spec:
  config:
    auth:
      disable_login_form: "false"
---
apiVersion: grafana.integreatly.org/v1beta1
kind: Grafana
metadata:
  name: grafana-staging
  labels:
    env: staging
spec:
  config:
    auth:
      disable_login_form: "false"
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDatasource
metadata:
  name: example-grafana-datasource
spec:
  instanceSelector:
    matchExpressions:
      - {key: env, operator: In, values: [staging]}
  datasource:
    name: "Loki datasource"
    type: loki
    url: http://loki-gateway.loki.svc.cluster.local
    access: proxy
    database: loki
    editable: false
    isDefault: true
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDatasource
metadata:
  name: example-grafana-datasource-hidden
spec:
  instanceSelector:
    matchExpressions:
      - {key: env, operator: In, values: [staging]}
  datasource:
    name: "Loki datasource hidden"
    type: loki
    url: http://loki-gateway.loki.svc.cluster.local
    access: proxy
    database: loki
    editable: false
    isDefault: true
  1. Get admin passwords:
kubectl get secrets grafana-staging-admin-credentials -o jsonpath="{.data.GF_SECURITY_ADMIN_PASSWORD}" | base64 -d; echo
kubectl get secrets grafana-production-admin-credentials -o jsonpath="{.data.GF_SECURITY_ADMIN_PASSWORD}" | base64 -d; echo
  1. Set port-forward:
kubectl port-forward services/grafana-staging-service 8080:3000
kubectl port-forward services/grafana-production-service 8081:3000
  1. Connect to http://localhost:8080 and http://localhost:8081 using admin user and step 2 passwords and go to Configuration > Data sources.

Expected behavior According to instanceSelector.matchExpressions:

  • Loki datasource should only be present on staging.
  • Loki datasource hidden should not be present.

Screenshots Staging: image Production: image

Runtime (please complete the following information):

  • OS: Ubuntu 22.04
  • Grafana Operator Version: v5.6.1
  • Environment: K3s v1.28.5+k3s1
  • Deployment type: deployed
  • Other:

sebbbastien avatar Feb 07 '24 05:02 sebbbastien

Thanks for a well described issue @sebbbastien . I have tried this out and I can verify that I get the same issue. I also gave the following config a try instead.

apiVersion: grafana.integreatly.org/v1beta1
kind: Grafana
metadata:
  name: grafana-production
  labels:
    dashboards: lalal
spec:
  config:
    auth:
      disable_login_form: "false"
---
apiVersion: grafana.integreatly.org/v1beta1
kind: Grafana
metadata:
  name: grafana-staging
  labels:
    dashboards: grafana
spec:
  config:
    auth:
      disable_login_form: "false"
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDatasource
metadata:
  name: example-grafana-datasource
spec:
  instanceSelector:
    matchLabels:
      dashboards: grafana
  datasource:
    name: "Loki datasource"
    type: loki
    url: http://loki-gateway.loki.svc.cluster.local
    access: proxy
    database: loki
    editable: false
    isDefault: true
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDatasource
metadata:
  name: example-grafana-datasource-hidden
spec:
  instanceSelector:
    matchLabels:
      dashboards: grafana
  datasource:
    name: "Loki datasource hidden"
    type: loki
    url: http://loki-gateway.loki.svc.cluster.local
    access: proxy
    database: loki
    editable: false
    isDefault: true

So I used matchLabels instead.

  instanceSelector:
    matchLabels:
      dashboards: grafana

And then I didn't get the same issue. So in the meantime, I would suggest using this solution.

nissessenap avatar Feb 07 '24 20:02 nissessenap

Hi ! Sorry @NissesSenap but your solution is ok for one binding but in my use case I got the same issue with Dashboard.
I use multiples labels values for binding default and custom dashboard to my instances. When I use matchExpression all instances got my custom dashboard while the match label or value doesn't exist.

Ronan-WeScale avatar Apr 12 '24 13:04 Ronan-WeScale

I think is not implemented correctly in https://github.com/grafana/grafana-operator/blob/e43aff9dca5e907f71a5139097bd9d0529f2bf78/controllers/controller_shared.go#L27

I will try to fix this and ask for PR

Ronan-WeScale avatar Apr 12 '24 13:04 Ronan-WeScale

@Ronan-WeScale I'm not saying this is the way it should be, I'm saying that you can potentially use a workaround by using matchLabels.

We have accepted the triage and any help we can get to fix this is greatly appreciated.

nissessenap avatar Apr 12 '24 13:04 nissessenap

Hi @NissesSenap

I'm not good in golang but I do my best for this PR #1497. I follow the contributing guide and run some additional tests for my use case with some dashboards and selectors but not datasource, but normally that's work as same.

Ronan-WeScale avatar Apr 16 '24 15:04 Ronan-WeScale