├── .dockerignore ├── .github ├── release.yml └── workflows │ └── pull_request.yml ├── .gitignore ├── .golangci.yml ├── Dockerfile ├── LICENSE ├── Makefile ├── PROJECT ├── README.md ├── api └── v1alpha1 │ ├── groupversion_info.go │ ├── instrumenter_types.go │ ├── instrumenter_webhook.go │ ├── sidecar.go │ ├── webhook_suite_test.go │ └── zz_generated.deepcopy.go ├── config ├── certmanager │ ├── certificate.yaml │ ├── kustomization.yaml │ └── kustomizeconfig.yaml ├── crd │ ├── bases │ │ └── appo11y.grafana.com_instrumenters.yaml │ ├── kustomization.yaml │ ├── kustomizeconfig.yaml │ └── patches │ │ ├── cainjection_in_instrumenters.yaml │ │ └── webhook_in_instrumenters.yaml ├── default │ ├── kustomization.yaml │ ├── manager_auth_proxy_patch.yaml │ ├── manager_config_patch.yaml │ ├── manager_webhook_patch.yaml │ └── webhookcainjection_patch.yaml ├── manager │ ├── kustomization.yaml │ └── manager.yaml ├── manifests │ └── kustomization.yaml ├── prometheus │ ├── kustomization.yaml │ └── monitor.yaml ├── rbac │ ├── auth_proxy_client_clusterrole.yaml │ ├── auth_proxy_role.yaml │ ├── auth_proxy_role_binding.yaml │ ├── auth_proxy_service.yaml │ ├── instrumenter_editor_role.yaml │ ├── instrumenter_viewer_role.yaml │ ├── kustomization.yaml │ ├── leader_election_role.yaml │ ├── leader_election_role_binding.yaml │ ├── role.yaml │ ├── role_binding.yaml │ └── service_account.yaml ├── samples │ ├── appo11y_v1alpha1_instrumenter.yaml │ └── kustomization.yaml ├── scorecard │ ├── bases │ │ └── config.yaml │ ├── kustomization.yaml │ └── patches │ │ ├── basic.config.yaml │ │ └── olm.config.yaml └── webhook │ ├── kustomization.yaml │ ├── kustomizeconfig.yaml │ ├── manifests.yaml │ └── service.yaml ├── controllers ├── instrumenter_controller.go ├── instrumenter_test.go └── suite_test.go ├── examples └── deploy-with-grafana-agent.yml ├── go.mod ├── go.sum ├── hack └── boilerplate.go.txt ├── main.go ├── pkg └── helper │ ├── helper.go │ └── lvl │ └── level.go └── test-assets ├── cert-manager-crd.yaml ├── prometheus.yaml └── sample-svc.yml /.dockerignore: -------------------------------------------------------------------------------- 1 | # More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file 2 | # Ignore build and test binaries. 3 | bin/ 4 | testbin/ 5 | -------------------------------------------------------------------------------- /.github/release.yml: -------------------------------------------------------------------------------- 1 | changelog: 2 | categories: 3 | - title: Breaking changes 🔨 4 | labels: 5 | - breaking-change 6 | - title: Bug fixes 🐛 7 | labels: 8 | - bug 9 | - title: Other changes/additions 10 | labels: 11 | - "*" 12 | -------------------------------------------------------------------------------- /.github/workflows/pull_request.yml: -------------------------------------------------------------------------------- 1 | name: Pull request checks 2 | 3 | on: 4 | push: 5 | branches: [ 'main' ] 6 | pull_request: 7 | branches: [ 'main' ] 8 | 9 | jobs: 10 | test: 11 | name: test 12 | runs-on: ubuntu-latest 13 | strategy: 14 | matrix: 15 | go: [ '1.20' ] 16 | steps: 17 | - uses: actions/checkout@v3 18 | # TODO: 19 | # - name: Check Drone.yml is up-to-date 20 | # uses: chrislennon/action-drone@v1 21 | # with: 22 | # version: 1.7.0 23 | # - run: make check-drone-drift 24 | # env: 25 | # DRONE_SERVER: ${{ secrets.DRONE_SERVER }} 26 | # DRONE_TOKEN: ${{ secrets.DRONE_TOKEN }} 27 | - name: Set up Go 28 | uses: actions/setup-go@v3 29 | with: 30 | go-version: ${{ matrix.go }} 31 | - name: Run verification and unit tests 32 | run: make test 33 | - name: Report coverage 34 | uses: codecov/codecov-action@v3 35 | with: 36 | files: ./cover.out 37 | flags: unittests 38 | token: ${{ secrets.CODECOV_TOKEN }} -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # If you prefer the allow list template instead of the deny list, see community template: 2 | # https://github.com/github/gitignore/blob/main/community/Golang/Go.AllowList.gitignore 3 | 4 | # Test binary, built with `go test -c` 5 | *.test 6 | 7 | # Output of the go coverage tool, specifically when used with LiteIDE 8 | *.out 9 | 10 | # Dependency directories (remove the comment below to include it) 11 | # vendor/ 12 | 13 | # Go workspace file 14 | go.work 15 | bin/* 16 | 17 | ignore* -------------------------------------------------------------------------------- /.golangci.yml: -------------------------------------------------------------------------------- 1 | linters: 2 | enable: 3 | - errcheck 4 | - errorlint 5 | - cyclop 6 | - errname 7 | - exportloopref 8 | - gocritic 9 | - goimports 10 | - gosimple 11 | - govet 12 | - ineffassign 13 | - revive 14 | - staticcheck 15 | - stylecheck 16 | - typecheck 17 | - unused 18 | disable: 19 | - exhaustive 20 | linters-settings: 21 | stylecheck: 22 | go: "1.20" 23 | gocritic: 24 | enabled-checks: 25 | - hugeParam 26 | - rangeExprCopy 27 | - rangeValCopy 28 | - indexAlloc 29 | - deprecatedComment 30 | cyclop: 31 | max-complexity: 10 32 | 33 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | # Build the manager binary 2 | FROM golang:1.20 as builder 3 | ARG TARGETOS 4 | ARG TARGETARCH 5 | 6 | WORKDIR /workspace 7 | # Copy the Go Modules manifests 8 | COPY go.mod go.mod 9 | COPY go.sum go.sum 10 | # cache deps before building and copying source so that we don't need to re-download as much 11 | # and so that source changes don't invalidate our downloaded layer 12 | RUN go mod download 13 | 14 | # Copy the go source 15 | COPY main.go main.go 16 | COPY api/ api/ 17 | COPY controllers/ controllers/ 18 | COPY pkg/ pkg/ 19 | 20 | # Build 21 | # the GOARCH has not a default value to allow the binary be built according to the host where the command 22 | # was called. For example, if we call make docker-build in a local env which has the Apple Silicon M1 SO 23 | # the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore, 24 | # by leaving it empty we can ensure that the container and binary shipped on it will have the same platform. 25 | RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o manager main.go 26 | 27 | # Use distroless as minimal base image to package the manager binary 28 | # Refer to https://github.com/GoogleContainerTools/distroless for more details 29 | FROM gcr.io/distroless/static:nonroot 30 | WORKDIR / 31 | COPY --from=builder /workspace/manager . 32 | USER 65532:65532 33 | 34 | ENTRYPOINT ["/manager"] 35 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | # VERSION defines the project version for the bundle. 2 | # Update this value when you upgrade the version of your project. 3 | # To re-generate a bundle for another specific version without changing the standard setup, you can: 4 | # - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2) 5 | # - use environment variables to overwrite this value (e.g export VERSION=0.0.2) 6 | VERSION ?= 0.0.1 7 | 8 | # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. 9 | ENVTEST_K8S_VERSION = 1.26.1 10 | 11 | ## Tool & dependencies versions 12 | CERT_MANAGER_VERSION = v1.12.1 13 | KUSTOMIZE_VERSION ?= v5.0.3 14 | CONTROLLER_TOOLS_VERSION ?= v0.12.0 15 | GOLANGCI_LINT_VERSION ?= v1.53.1 16 | 17 | # CHANNELS define the bundle channels used in the bundle. 18 | # Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable") 19 | # To re-generate a bundle for other specific channels without changing the standard setup, you can: 20 | # - use the CHANNELS as arg of the bundle target (e.g make bundle CHANNELS=candidate,fast,stable) 21 | # - use environment variables to overwrite this value (e.g export CHANNELS="candidate,fast,stable") 22 | ifneq ($(origin CHANNELS), undefined) 23 | BUNDLE_CHANNELS := --channels=$(CHANNELS) 24 | endif 25 | 26 | # DEFAULT_CHANNEL defines the default channel used in the bundle. 27 | # Add a new line here if you would like to change its default config. (E.g DEFAULT_CHANNEL = "stable") 28 | # To re-generate a bundle for any other default channel without changing the default setup, you can: 29 | # - use the DEFAULT_CHANNEL as arg of the bundle target (e.g make bundle DEFAULT_CHANNEL=stable) 30 | # - use environment variables to overwrite this value (e.g export DEFAULT_CHANNEL="stable") 31 | ifneq ($(origin DEFAULT_CHANNEL), undefined) 32 | BUNDLE_DEFAULT_CHANNEL := --default-channel=$(DEFAULT_CHANNEL) 33 | endif 34 | BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL) 35 | 36 | # IMAGE_TAG_BASE defines the docker.io namespace and part of the image name for remote images. 37 | # This variable is used to construct full image tags for bundle and catalog images. 38 | # 39 | # For example, running 'make bundle-build bundle-push catalog-build catalog-push' will build and push both 40 | # grafana.com/ebpf-autoinstrument-operator-bundle:$VERSION and grafana.com/ebpf-autoinstrument-operator-catalog:$VERSION. 41 | IMAGE_TAG_BASE ?= grafana.com/ebpf-autoinstrument-operator 42 | 43 | # BUNDLE_IMG defines the image:tag used for the bundle. 44 | # You can use it as an arg. (E.g make bundle-build BUNDLE_IMG=/:) 45 | BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:v$(VERSION) 46 | 47 | # BUNDLE_GEN_FLAGS are the flags passed to the operator-sdk generate bundle command 48 | BUNDLE_GEN_FLAGS ?= -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS) 49 | 50 | # USE_IMAGE_DIGESTS defines if images are resolved via tags or digests 51 | # You can enable this value if you would like to use SHA Based Digests 52 | # To enable set flag to true 53 | USE_IMAGE_DIGESTS ?= false 54 | ifeq ($(USE_IMAGE_DIGESTS), true) 55 | BUNDLE_GEN_FLAGS += --use-image-digests 56 | endif 57 | 58 | # Image URL to use all building/pushing image targets 59 | IMG ?= controller:latest 60 | 61 | # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set) 62 | ifeq (,$(shell go env GOBIN)) 63 | GOBIN=$(shell go env GOPATH)/bin 64 | else 65 | GOBIN=$(shell go env GOBIN) 66 | endif 67 | 68 | # Setting SHELL to bash allows bash commands to be executed by recipes. 69 | # Options are set to exit when a recipe line exits non-zero or a piped command fails. 70 | SHELL = /usr/bin/env bash -o pipefail 71 | .SHELLFLAGS = -ec 72 | 73 | .PHONY: all 74 | all: build 75 | 76 | ##@ General 77 | 78 | # The help target prints out all targets with their descriptions organized 79 | # beneath their categories. The categories are represented by '##@' and the 80 | # target descriptions by '##'. The awk commands is responsible for reading the 81 | # entire set of makefiles included in this invocation, looking for lines of the 82 | # file as xyz: ## something, and then pretty-format the target and help. Then, 83 | # if there's a line with ##@ something, that gets pretty-printed as a category. 84 | # More info on the usage of ANSI control characters for terminal formatting: 85 | # https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters 86 | # More info on the awk command: 87 | # http://linuxcommand.org/lc3_adv_awk.php 88 | 89 | .PHONY: help 90 | help: ## Display this help. 91 | @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) 92 | 93 | ##@ Development 94 | 95 | .PHONY: manifests 96 | manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects. 97 | $(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases 98 | 99 | .PHONY: generate 100 | generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations. 101 | $(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..." 102 | 103 | .PHONY: fmt 104 | fmt: ## Run go fmt against code. 105 | go fmt ./... 106 | 107 | .PHONY: vet 108 | vet: ## Run go vet against code. 109 | go vet ./... 110 | 111 | .PHONY: lint 112 | lint: golangci-lint 113 | @echo "### Linting code" 114 | $(GOLANGCI_LINT) run ./... --timeout=3m 115 | 116 | .PHONY: test 117 | test: manifests generate fmt vet lint envtest ## Run tests. 118 | KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" go test ./... -coverprofile cover.out 119 | 120 | ##@ Build 121 | 122 | .PHONY: build 123 | build: manifests generate fmt vet ## Build manager binary. 124 | go build -o bin/manager main.go 125 | 126 | .PHONY: run 127 | run: manifests generate fmt vet ## Run a controller from your host. 128 | go run ./main.go 129 | 130 | # If you wish built the manager image targeting other platforms you can use the --platform flag. 131 | # (i.e. docker build --platform linux/arm64 ). However, you must enable docker buildKit for it. 132 | # More info: https://docs.docker.com/develop/develop-images/build_enhancements/ 133 | .PHONY: docker-build 134 | docker-build: ## Build docker image with the manager. 135 | docker build -t ${IMG} . 136 | 137 | .PHONY: docker-push 138 | docker-push: ## Push docker image with the manager. 139 | docker push ${IMG} 140 | 141 | # PLATFORMS defines the target platforms for the manager image be build to provide support to multiple 142 | # architectures. (i.e. make docker-buildx IMG=myregistry/mypoperator:0.0.1). To use this option you need to: 143 | # - able to use docker buildx . More info: https://docs.docker.com/build/buildx/ 144 | # - have enable BuildKit, More info: https://docs.docker.com/develop/develop-images/build_enhancements/ 145 | # - be able to push the image for your registry (i.e. if you do not inform a valid value via IMG=> then the export will fail) 146 | # To properly provided solutions that supports more than one platform you should use this option. 147 | PLATFORMS ?= linux/arm64,linux/amd64 148 | .PHONY: docker-buildx 149 | docker-buildx: test ## Build and push docker image for the manager for cross-platform support 150 | # copy existing Dockerfile and insert --platform=${BUILDPLATFORM} into Dockerfile.cross, and preserve the original Dockerfile 151 | sed -e '1 s/\(^FROM\)/FROM --platform=\$$\{BUILDPLATFORM\}/; t' -e ' 1,// s//FROM --platform=\$$\{BUILDPLATFORM\}/' Dockerfile > Dockerfile.cross 152 | - docker buildx create --name project-v3-builder 153 | docker buildx use project-v3-builder 154 | - docker buildx build --push --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile.cross . 155 | - docker buildx rm project-v3-builder 156 | rm Dockerfile.cross 157 | 158 | ##@ Deployment 159 | 160 | ifndef ignore-not-found 161 | ignore-not-found = false 162 | endif 163 | 164 | .PHONY: install 165 | install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config. 166 | $(KUSTOMIZE) build config/crd | kubectl apply -f - 167 | 168 | .PHONY: uninstall 169 | uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion. 170 | $(KUSTOMIZE) build config/crd | kubectl delete --ignore-not-found=$(ignore-not-found) -f - 171 | 172 | .PHONY: deploy 173 | deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config. 174 | cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} 175 | $(KUSTOMIZE) build config/default | kubectl apply -f - 176 | 177 | .PHONY: undeploy 178 | undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion. 179 | $(KUSTOMIZE) build config/default | kubectl delete --ignore-not-found=$(ignore-not-found) -f - 180 | 181 | ##@ Build Dependencies 182 | 183 | ## Location to install dependencies to 184 | LOCALBIN ?= $(shell pwd)/bin 185 | $(LOCALBIN): 186 | mkdir -p $(LOCALBIN) 187 | 188 | ## Tool Binaries 189 | KUSTOMIZE ?= $(LOCALBIN)/kustomize 190 | CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen 191 | GOLANGCI_LINT ?= $(LOCALBIN)/golangci-lint 192 | ENVTEST ?= $(LOCALBIN)/setup-envtest 193 | 194 | KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" 195 | .PHONY: kustomize 196 | kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary. If wrong version is installed, it will be removed before downloading. 197 | $(KUSTOMIZE): $(LOCALBIN) 198 | @if test -x $(LOCALBIN)/kustomize && ! $(LOCALBIN)/kustomize version | grep -q $(KUSTOMIZE_VERSION); then \ 199 | echo "$(LOCALBIN)/kustomize version is not expected $(KUSTOMIZE_VERSION). Removing it before installing."; \ 200 | rm -rf $(LOCALBIN)/kustomize; \ 201 | fi 202 | test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) | bash -s -- $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); } 203 | 204 | .PHONY: controller-gen 205 | controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. If wrong version is installed, it will be overwritten. 206 | $(CONTROLLER_GEN): $(LOCALBIN) 207 | test -s $(LOCALBIN)/controller-gen && $(LOCALBIN)/controller-gen --version | grep -q $(CONTROLLER_TOOLS_VERSION) || \ 208 | GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-tools/cmd/controller-gen@$(CONTROLLER_TOOLS_VERSION) 209 | 210 | .PHONY: golangci-lint 211 | golangci-lint: $(GOLANGCI_LINT) ## Download golangci-lint locally if necessary. If wrong version is installed, it will be overwritten. 212 | $(GOLANGCI_LINT): $(LOCALBIN) 213 | test -s $(LOCALBIN)/golangci-lint && $(LOCALBIN)/golangci-lint --version | grep -q $(GOLANGCI_LINT_VERSION) || \ 214 | GOBIN=$(LOCALBIN) go install github.com/golangci/golangci-lint/cmd/golangci-lint@$(GOLANGCI_LINT_VERSION) 215 | 216 | .PHONY: envtest 217 | envtest: $(ENVTEST) ## Download envtest-setup locally if necessary. 218 | $(ENVTEST): $(LOCALBIN) 219 | test -s $(LOCALBIN)/setup-envtest || GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest 220 | 221 | .PHONY: bundle 222 | bundle: manifests kustomize ## Generate bundle manifests and metadata, then validate generated files. 223 | operator-sdk generate kustomize manifests -q 224 | cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG) 225 | $(KUSTOMIZE) build config/manifests | operator-sdk generate bundle $(BUNDLE_GEN_FLAGS) 226 | operator-sdk bundle validate ./bundle 227 | 228 | .PHONY: bundle-build 229 | bundle-build: ## Build the bundle image. 230 | docker build -f bundle.Dockerfile -t $(BUNDLE_IMG) . 231 | 232 | .PHONY: bundle-push 233 | bundle-push: ## Push the bundle image. 234 | $(MAKE) docker-push IMG=$(BUNDLE_IMG) 235 | 236 | .PHONY: opm 237 | OPM = ./bin/opm 238 | opm: ## Download opm locally if necessary. 239 | ifeq (,$(wildcard $(OPM))) 240 | ifeq (,$(shell which opm 2>/dev/null)) 241 | @{ \ 242 | set -e ;\ 243 | mkdir -p $(dir $(OPM)) ;\ 244 | OS=$(shell go env GOOS) && ARCH=$(shell go env GOARCH) && \ 245 | curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.23.0/$${OS}-$${ARCH}-opm ;\ 246 | chmod +x $(OPM) ;\ 247 | } 248 | else 249 | OPM = $(shell which opm) 250 | endif 251 | endif 252 | 253 | # A comma-separated list of bundle images (e.g. make catalog-build BUNDLE_IMGS=example.com/operator-bundle:v0.1.0,example.com/operator-bundle:v0.2.0). 254 | # These images MUST exist in a registry and be pull-able. 255 | BUNDLE_IMGS ?= $(BUNDLE_IMG) 256 | 257 | # The image tag given to the resulting catalog image (e.g. make catalog-build CATALOG_IMG=example.com/operator-catalog:v0.2.0). 258 | CATALOG_IMG ?= $(IMAGE_TAG_BASE)-catalog:v$(VERSION) 259 | 260 | # Set CATALOG_BASE_IMG to an existing catalog image tag to add $BUNDLE_IMGS to that image. 261 | ifneq ($(origin CATALOG_BASE_IMG), undefined) 262 | FROM_INDEX_OPT := --from-index $(CATALOG_BASE_IMG) 263 | endif 264 | 265 | # Build a catalog image by adding bundle images to an empty catalog using the operator package manager tool, 'opm'. 266 | # This recipe invokes 'opm' in 'semver' bundle add mode. For more information on add modes, see: 267 | # https://github.com/operator-framework/community-operators/blob/7f1438c/docs/packaging-operator.md#updating-your-existing-operator 268 | .PHONY: catalog-build 269 | catalog-build: opm ## Build a catalog image. 270 | $(OPM) index add --container-tool docker --mode semver --tag $(CATALOG_IMG) --bundles $(BUNDLE_IMGS) $(FROM_INDEX_OPT) 271 | 272 | # Push the catalog image. 273 | .PHONY: catalog-push 274 | catalog-push: ## Push a catalog image. 275 | $(MAKE) docker-push IMG=$(CATALOG_IMG) 276 | 277 | .PHONY: kind-load 278 | kind-load: ## Loads the built image into local Kind cluster 279 | kind load docker-image $(IMG) 280 | 281 | .PHONY: install-cert-manager 282 | install-cert-manager: ## Installs cert-manager for webhook certificates management 283 | kubectl apply --validate=false -f test-assets/cert-manager-crd.yaml 284 | 285 | .PHONY: install-prometheus 286 | install-prometheus: ## Installs a prometheus Pod Monitor instance 287 | kubectl apply -f test-assets/prometheus.yaml 288 | 289 | .PHONY: install-test-components 290 | install-test-components: install-cert-manager install-prometheus ## Installs all the components required for local testing 291 | -------------------------------------------------------------------------------- /PROJECT: -------------------------------------------------------------------------------- 1 | # Code generated by tool. DO NOT EDIT. 2 | # This file is used to track the info used to scaffold your project 3 | # and allow the plugins properly work. 4 | # More info: https://book.kubebuilder.io/reference/project-config.html 5 | domain: grafana.com 6 | layout: 7 | - go.kubebuilder.io/v3 8 | plugins: 9 | manifests.sdk.operatorframework.io/v2: {} 10 | scorecard.sdk.operatorframework.io/v2: {} 11 | projectName: ebpf-autoinstrument-operator 12 | repo: github.com/grafana/ebpf-autoinstrument-operator 13 | resources: 14 | - api: 15 | crdVersion: v1 16 | namespaced: true 17 | controller: true 18 | domain: grafana.com 19 | group: appo11y 20 | kind: Instrumenter 21 | path: github.com/grafana/ebpf-autoinstrument-operator/api/v1alpha1 22 | plural: instrumenters 23 | version: v1alpha1 24 | webhooks: 25 | defaulting: true 26 | webhookVersion: v1 27 | version: "3" 28 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # ebpf-autoinstrument-operator 2 | 3 | ## How to run (development purposes) 4 | 5 | Run a fresh Kind cluster: 6 | 7 | ``` 8 | kind create cluster 9 | ``` 10 | 11 | Install prerequisites: 12 | 13 | ``` 14 | make install-cert-manager 15 | make install-prometheus # optional, if not using OTEL exporter 16 | ``` 17 | 18 | Rebuild and install the operator 19 | 20 | ``` 21 | export IMG=myuser/ebpf-autoinstrument-operator:dev 22 | make generate manifests docker-build kind-load deploy 23 | ``` 24 | 25 | To undeploy: 26 | ``` 27 | make undeploy 28 | ``` -------------------------------------------------------------------------------- /api/v1alpha1/groupversion_info.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2023 Grafana Labs . 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package v1alpha1 contains API Schema definitions for the appo11y v1alpha1 API group 18 | // +kubebuilder:object:generate=true 19 | // +groupName=appo11y.grafana.com 20 | package v1alpha1 21 | 22 | import ( 23 | "k8s.io/apimachinery/pkg/runtime/schema" 24 | "sigs.k8s.io/controller-runtime/pkg/scheme" 25 | ) 26 | 27 | var ( 28 | // GroupVersion is group version used to register these objects 29 | GroupVersion = schema.GroupVersion{Group: "appo11y.grafana.com", Version: "v1alpha1"} 30 | 31 | // SchemeBuilder is used to add go types to the GroupVersionKind scheme 32 | SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} 33 | 34 | // AddToScheme adds the types in this group-version to the given scheme. 35 | AddToScheme = SchemeBuilder.AddToScheme 36 | ) 37 | -------------------------------------------------------------------------------- /api/v1alpha1/instrumenter_types.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2023 Grafana Labs . 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v1alpha1 18 | 19 | import ( 20 | v1 "k8s.io/api/core/v1" 21 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 22 | ) 23 | 24 | // Exporter type for metrics 25 | // +kubebuilder:validation:Enum:="Prometheus";"OpenTelemetryMetrics";"OpenTelemetryTraces" 26 | type Exporter string 27 | 28 | const ( 29 | ExporterPrometheus = "Prometheus" 30 | ExporterOTELMetrics = "OpenTelemetryMetrics" 31 | ExporterOTELTraces = "OpenTelemetryTraces" 32 | ) 33 | 34 | // InstrumenterSpec defines the desired state of Instrumenter 35 | type InstrumenterSpec struct { 36 | // Image allows overriding the autoinstrumenter container image for development purposes 37 | // +kubebuilder:validate:MinLength:=1 38 | // +kubebuilder:default:="grafana/ebpf-autoinstrument:latest" 39 | // TODO: make Image values optional and use relatedImages sections in bundle 40 | Image string `json:"image,omitempty"` 41 | 42 | // ImagePullPolicy allows overriding the container pull policy for development purposes 43 | // +kubebuilder:default:="IfNotPresent" 44 | ImagePullPolicy v1.PullPolicy `json:"imagePullPolicy,omitempty"` 45 | 46 | // Exporters define the exporter endpoints that the autoinstrumenter must support 47 | // +optional 48 | // +kubebuilder:default:={"Prometheus"} 49 | Export []Exporter `json:"export"` 50 | 51 | // Selector overrides the selection of Pods and executables to instrument 52 | // +kubebuilder:default:={portLabel:"grafana.com/instrument-port"} 53 | Selector Selector `json:"selector,omitempty"` 54 | 55 | // Prometheus allows configuring the autoinstrumenter as a Prometheus pull exporter. 56 | // +kubebuilder:default:={path:"/metrics"} 57 | Prometheus Prometheus `json:"prometheus,omitempty"` 58 | 59 | // OpenTelemetry allows configuring the autoinstrumenter as an OpenTelemetry metrics 60 | // and traces exporter 61 | // +kubebuilder:default:={interval:"5s"} 62 | OpenTelemetry OpenTelemetry `json:"openTelemetry,omitempty"` 63 | 64 | // OverrideEnv allows overriding the autoinstrumenter env vars for fine-grained 65 | // configuration 66 | // +optional 67 | OverrideEnv []v1.EnvVar `json:"overrideEnv,omitempty"` 68 | } 69 | 70 | // Selector allows selecting the Pod and executable to autoinstrument 71 | type Selector struct { 72 | // PortLabel specifies which Pod label would specify which executable needs to be instrumented, 73 | // according to the port it opens. 74 | // Any pod containing the label would be selected for instrumentation 75 | // +optional 76 | // +kubebuilder:default:="grafana.com/instrument-port" 77 | PortLabel string `json:"portLabel"` 78 | } 79 | 80 | type Prometheus struct { 81 | // +kubebuilder:default:="/metrics" 82 | Path string `json:"path,omitempty"` 83 | 84 | // +kubebuilder:default:=9102 85 | // +kubebuilder:validate:Minimum:=1 86 | // +kubebuilder:validate:Maximum:=65535 87 | Port int `json:"port,omitempty"` 88 | 89 | // +kubebuilder:default:={scrape:"prometheus.io/scrape"} 90 | Annotations PrometheusAnnotations `json:"annotations,omitempty"` 91 | } 92 | 93 | type PrometheusAnnotations struct { 94 | // +kubebuilder:default:="prometheus.io/scrape" 95 | Scrape string `json:"scrape,omitempty"` 96 | 97 | // +kubebuilder:default:="prometheus.io/scheme" 98 | Scheme string `json:"scheme,omitempty"` 99 | 100 | // +kubebuilder:default:="prometheus.io/port" 101 | Port string `json:"port,omitempty"` 102 | 103 | // +kubebuilder:default:="prometheus.io/path" 104 | Path string `json:"path,omitempty"` 105 | } 106 | 107 | type OpenTelemetry struct { 108 | // Endpoint of the OpenTelemetry collector 109 | // +optional 110 | // TODO: properly validate URL (or empty value) 111 | Endpoint string `json:"endpoint,omitempty"` 112 | 113 | // InsecureSkipVerify controls whether the instrumenter OTEL client verifies the server's 114 | // certificate chain and host name. 115 | // If set to `true`, the OTEL client accepts any certificate presented by the server 116 | // and any host name in that certificate. In this mode, TLS is susceptible to machine-in-the-middle 117 | // attacks. This option should be used only for testing and development purposes. 118 | // +kubebuilder:default:=false 119 | InsecureSkipVerify bool `json:"insecureSkipVerify,omitempty"` 120 | 121 | // Interval is the intervening time between metrics exports 122 | // +kubebuilder:default:="5s" 123 | Interval metav1.Duration `json:"interval,omitempty"` 124 | } 125 | 126 | // InstrumenterStatus defines the observed state of Instrumenter 127 | type InstrumenterStatus struct { 128 | // INSERT ADDITIONAL STATUS FIELD - define observed state of cluster 129 | // Important: Run "make" to regenerate code after modifying this file 130 | } 131 | 132 | //+kubebuilder:object:root=true 133 | //+kubebuilder:subresource:status 134 | //+kubebuilder:resource:path=instrumenters 135 | //+kubebuilder:resource:scope=Namespaced 136 | 137 | // Instrumenter is the Schema for the instrumenters API 138 | type Instrumenter struct { 139 | metav1.TypeMeta `json:",inline"` 140 | metav1.ObjectMeta `json:"metadata,omitempty"` 141 | 142 | Spec InstrumenterSpec `json:"spec,omitempty"` 143 | Status InstrumenterStatus `json:"status,omitempty"` 144 | } 145 | 146 | //+kubebuilder:object:root=true 147 | 148 | // InstrumenterList contains a list of Instrumenter 149 | type InstrumenterList struct { 150 | metav1.TypeMeta `json:",inline"` 151 | metav1.ListMeta `json:"metadata,omitempty"` 152 | Items []Instrumenter `json:"items"` 153 | } 154 | 155 | func init() { 156 | SchemeBuilder.Register(&Instrumenter{}, &InstrumenterList{}) 157 | } 158 | -------------------------------------------------------------------------------- /api/v1alpha1/instrumenter_webhook.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2023 Grafana Labs . 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v1alpha1 18 | 19 | import ( 20 | "context" 21 | "fmt" 22 | 23 | "sigs.k8s.io/controller-runtime/pkg/webhook/admission" 24 | 25 | "github.com/grafana/ebpf-autoinstrument-operator/pkg/helper/lvl" 26 | v1 "k8s.io/api/core/v1" 27 | "k8s.io/apimachinery/pkg/runtime" 28 | ctrl "sigs.k8s.io/controller-runtime" 29 | "sigs.k8s.io/controller-runtime/pkg/builder" 30 | "sigs.k8s.io/controller-runtime/pkg/client" 31 | logf "sigs.k8s.io/controller-runtime/pkg/log" 32 | ) 33 | 34 | // log is for logging in this package. 35 | var webhookLog = logf.Log.WithName("pod-sidecar-webhook") 36 | 37 | type podSidecarWebHook struct { 38 | client.Client 39 | } 40 | 41 | // SetupWebhookWithManager needs to manually register the webhook (not using the kubebuilder/operator-sdk workflow) 42 | // as it needs to be registered towards a core type that is not registerd as type by the controller. 43 | func SetupWebhookWithManager(mgr ctrl.Manager) error { 44 | webhookLog.Info("registering webhook server") 45 | return builder.WebhookManagedBy(mgr). 46 | For(&v1.Pod{}). 47 | WithDefaulter(&podSidecarWebHook{Client: mgr.GetClient()}). 48 | Complete() 49 | } 50 | 51 | var _ admission.CustomDefaulter = (*podSidecarWebHook)(nil) 52 | 53 | //+kubebuilder:webhook:path=/mutate--v1-pod,mutating=true,failurePolicy=fail,sideEffects=NoneOnDryRun,groups="",resources=pods,verbs=create;update,versions=v1,name=minstrumenter.kb.io,admissionReviewVersions=v1 54 | 55 | func (wh *podSidecarWebHook) Default(ctx context.Context, obj runtime.Object) error { 56 | pod, ok := obj.(*v1.Pod) 57 | if !ok { 58 | webhookLog.Error(fmt.Errorf("received object is not a *v1.Pod: %T", obj), 59 | "this must be a bug in the code. Please contact the developers. Ignoring request") 60 | return nil 61 | } 62 | log := webhookLog.WithValues("podName", pod.Name, "podNamespace", pod.Namespace) 63 | dbg := log.V(lvl.Debug) 64 | 65 | // Check if there is any instrumenter in the given namespace 66 | // TODO: find a way to cache it in memory? 67 | instrumenters := InstrumenterList{} 68 | if err := wh.List(ctx, &instrumenters, client.InNamespace(pod.Namespace)); err != nil { 69 | log.Error(err, "requesting instrumenters list. Ignoring request") 70 | return nil 71 | } 72 | 73 | dbg.Info("queried instrumenters for that namespace", "len", len(instrumenters.Items)) 74 | // It should never happen that two instrumenters match the same Pod, 75 | // at the moment, we leave it as an undefined behavior. 76 | for i := range instrumenters.Items { 77 | instr := &instrumenters.Items[i] 78 | dbg.Info("checking if the Pod needs to be instrumented", "instrumenter", instr.Name) 79 | if InstrumentIfRequired(instr, pod) { 80 | dbg.Info("pod successfully instrumented") 81 | return nil 82 | } 83 | } 84 | 85 | return nil 86 | } 87 | -------------------------------------------------------------------------------- /api/v1alpha1/sidecar.go: -------------------------------------------------------------------------------- 1 | package v1alpha1 2 | 3 | import ( 4 | "reflect" 5 | "strconv" 6 | 7 | "github.com/mariomac/gostream/stream" 8 | 9 | "github.com/grafana/ebpf-autoinstrument-operator/pkg/helper" 10 | 11 | v1 "k8s.io/api/core/v1" 12 | ) 13 | 14 | // TODO: user-overridable 15 | const ( 16 | instrumenterName = "grafana-ebpf-autoinstrumenter" 17 | 18 | InstrumentedLabel = "grafana.com/instrumented-by" 19 | 20 | // TODO: user-configurable 21 | metricsPath = "/v1/metrics" 22 | tracesPath = "/v1/traces" 23 | ) 24 | 25 | // NeedsInstrumentation returns whether the given pod requires instrumentation, 26 | // and a container with the instrumenter, in case of requiring it. 27 | func NeedsInstrumentation(iq *Instrumenter, dst *v1.Pod) (*v1.Container, bool) { 28 | if dst.Labels == nil { 29 | return nil, false 30 | } 31 | // if the Pod does not have the port selection label, 32 | // or it's being already instrumented by another Instrumenter 33 | if dst.Labels[iq.Spec.Selector.PortLabel] == "" || 34 | (dst.Labels[InstrumentedLabel] != "" && dst.Labels[InstrumentedLabel] != iq.Name) { 35 | return nil, false 36 | } 37 | expected := buildSidecar(iq, dst) 38 | actual, ok := findByName(dst.Spec.Containers) 39 | if !ok { 40 | return expected, true 41 | } 42 | if reflect.DeepEqual(expected, actual) { 43 | return nil, false 44 | } 45 | return expected, true 46 | } 47 | 48 | // InstrumentIfRequired instruments, if needed, the destination pod, and returns whether it has been instrumented 49 | func InstrumentIfRequired(iq *Instrumenter, dst *v1.Pod) bool { 50 | sidecar, ok := NeedsInstrumentation(iq, dst) 51 | if !ok { 52 | return false 53 | } 54 | AddInstrumenter(iq.Name, sidecar, dst) 55 | return true 56 | } 57 | 58 | func AddInstrumenter(instrumenterName string, sidecar *v1.Container, dst *v1.Pod) { 59 | // it might happen that the sidecar container needs to be replaced or added 60 | current, ok := findByName(dst.Spec.Containers) 61 | if ok { 62 | *current = *sidecar 63 | } else { 64 | dst.Spec.Containers = append(dst.Spec.Containers, *sidecar) 65 | } 66 | labelInstrumented(instrumenterName, dst) 67 | // TODO: on Pod recreation, restore the previous value of this property (e.g. store it in an annotation) 68 | dst.Spec.ShareProcessNamespace = helper.Ptr(true) 69 | } 70 | 71 | func RemoveInstrumenter(dst *v1.Pod) { 72 | unlabelInstrumented(dst) 73 | dst.Spec.Containers = stream.OfSlice(dst.Spec.Containers). 74 | Filter(func(c v1.Container) bool { 75 | return c.Name != instrumenterName 76 | }).ToSlice() 77 | } 78 | 79 | func buildSidecar(iq *Instrumenter, dst *v1.Pod) *v1.Container { 80 | lbls := dst.ObjectMeta.Labels 81 | 82 | // TODO: extract this information from owner (daemonset, deployment, replicaset...) 83 | svcName, svcNamespace := dst.Name, dst.Namespace 84 | 85 | // TODO: do not make pod failing if sidecar fails, just report it in the Instrumenter status 86 | sidecar := &v1.Container{ 87 | Name: instrumenterName, 88 | Image: iq.Spec.Image, 89 | ImagePullPolicy: iq.Spec.ImagePullPolicy, 90 | // TODO: capabilities by default, or privileged only if user requests for it 91 | SecurityContext: &v1.SecurityContext{ 92 | Privileged: helper.Ptr(true), 93 | RunAsUser: helper.Ptr(int64(0)), 94 | }, 95 | Env: []v1.EnvVar{ 96 | {Name: "SERVICE_NAME", Value: svcName}, 97 | {Name: "SERVICE_NAMESPACE", Value: svcNamespace}, 98 | {Name: "OPEN_PORT", Value: lbls[iq.Spec.Selector.PortLabel]}, 99 | }, 100 | } 101 | exporters := map[Exporter]struct{}{} 102 | for _, e := range iq.Spec.Export { 103 | exporters[e] = struct{}{} 104 | } 105 | if _, ok := exporters[ExporterPrometheus]; ok { 106 | configurePrometheusExporter(svcName, iq, dst, sidecar) 107 | } 108 | _, otelM := exporters[ExporterOTELMetrics] 109 | _, otelT := exporters[ExporterOTELMetrics] 110 | if otelM || otelT { 111 | configOpenTelemetry(otelM, otelT, iq, sidecar) 112 | } 113 | 114 | sidecar.Env = append(sidecar.Env, iq.Spec.OverrideEnv...) 115 | return sidecar 116 | } 117 | 118 | func configurePrometheusExporter(svcName string, iq *Instrumenter, dst *v1.Pod, sidecar *v1.Container) { 119 | portStr := strconv.Itoa(iq.Spec.Prometheus.Port) 120 | if dst.Annotations == nil { 121 | dst.Annotations = map[string]string{} 122 | } 123 | dst.Annotations[iq.Spec.Prometheus.Annotations.Scrape] = "true" 124 | dst.Annotations[iq.Spec.Prometheus.Annotations.Port] = portStr 125 | dst.Annotations[iq.Spec.Prometheus.Annotations.Scheme] = "http" // TODO: make configurable 126 | dst.Annotations[iq.Spec.Prometheus.Annotations.Path] = iq.Spec.Prometheus.Path 127 | sidecar.Env = append(sidecar.Env, 128 | v1.EnvVar{Name: "PROMETHEUS_SERVICE_NAME", Value: svcName}, 129 | v1.EnvVar{Name: "PROMETHEUS_PORT", Value: portStr}, 130 | v1.EnvVar{Name: "PROMETHEUS_PATH", Value: iq.Spec.Prometheus.Path}, 131 | // TODO: extra properties such as METRICS_REPORT_TARGET and METRICS_REPORT_PEER 132 | ) 133 | } 134 | 135 | func configOpenTelemetry(metrics, traces bool, iq *Instrumenter, sidecar *v1.Container) { 136 | otel := &iq.Spec.OpenTelemetry 137 | if !metrics { 138 | sidecar.Env = append(sidecar.Env, 139 | v1.EnvVar{Name: "OTEL_EXPORTER_OTLP_TRACES_ENDPOINT", Value: otel.Endpoint + tracesPath}) 140 | } else if !traces { 141 | sidecar.Env = append(sidecar.Env, 142 | v1.EnvVar{Name: "OTEL_EXPORTER_OTLP_METRICS_ENDPOINT", Value: otel.Endpoint + metricsPath}) 143 | } else { 144 | sidecar.Env = append(sidecar.Env, 145 | v1.EnvVar{Name: "OTEL_EXPORTER_OTLP_ENDPOINT", Value: otel.Endpoint}) 146 | } 147 | if otel.InsecureSkipVerify { 148 | sidecar.Env = append(sidecar.Env, 149 | v1.EnvVar{Name: "OTEL_INSECURE_SKIP_VERIFY", Value: "true"}) 150 | } 151 | // TODO: this should be added automatically from the autoinstrumenter. Kept here for backwards-compatibility 152 | sidecar.Env = append(sidecar.Env, 153 | v1.EnvVar{Name: "OTEL_EXPORTER_OTLP_PROTOCOL", Value: "http/protobuf"}) 154 | 155 | } 156 | 157 | func findByName(containers []v1.Container) (*v1.Container, bool) { 158 | for c := range containers { 159 | if containers[c].Name == instrumenterName { 160 | return &containers[c], true 161 | } 162 | } 163 | return nil, false 164 | } 165 | 166 | // labelInstrumented annotates a pod as already being instrumented 167 | func labelInstrumented(instrumenterName string, dst *v1.Pod) { 168 | if dst.Labels == nil { 169 | dst.Labels = map[string]string{} 170 | } 171 | dst.Labels[InstrumentedLabel] = instrumenterName 172 | } 173 | 174 | func unlabelInstrumented(dst *v1.Pod) { 175 | if len(dst.Labels) == 0 { 176 | return 177 | } 178 | delete(dst.Labels, InstrumentedLabel) 179 | } 180 | -------------------------------------------------------------------------------- /api/v1alpha1/webhook_suite_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2023 Grafana Labs . 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v1alpha1 18 | 19 | import ( 20 | "context" 21 | "crypto/tls" 22 | "fmt" 23 | "net" 24 | "path/filepath" 25 | "testing" 26 | "time" 27 | 28 | . "github.com/onsi/ginkgo/v2" 29 | . "github.com/onsi/gomega" 30 | 31 | admissionv1beta1 "k8s.io/api/admission/v1beta1" 32 | //+kubebuilder:scaffold:imports 33 | "k8s.io/apimachinery/pkg/runtime" 34 | "k8s.io/client-go/rest" 35 | ctrl "sigs.k8s.io/controller-runtime" 36 | "sigs.k8s.io/controller-runtime/pkg/client" 37 | "sigs.k8s.io/controller-runtime/pkg/envtest" 38 | logf "sigs.k8s.io/controller-runtime/pkg/log" 39 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 40 | ) 41 | 42 | // These tests use Ginkgo (BDD-style Go testing framework). Refer to 43 | // http://onsi.github.io/ginkgo/ to learn more about Ginkgo. 44 | 45 | var cfg *rest.Config 46 | var k8sClient client.Client 47 | var testEnv *envtest.Environment 48 | var ctx context.Context 49 | var cancel context.CancelFunc 50 | 51 | func TestAPIs(t *testing.T) { 52 | RegisterFailHandler(Fail) 53 | 54 | RunSpecs(t, "Webhook Suite") 55 | } 56 | 57 | var _ = BeforeSuite(func() { 58 | logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true))) 59 | 60 | ctx, cancel = context.WithCancel(context.TODO()) 61 | 62 | By("bootstrapping test environment") 63 | testEnv = &envtest.Environment{ 64 | CRDDirectoryPaths: []string{filepath.Join("..", "..", "config", "crd", "bases")}, 65 | ErrorIfCRDPathMissing: false, 66 | WebhookInstallOptions: envtest.WebhookInstallOptions{ 67 | Paths: []string{filepath.Join("..", "..", "config", "webhook")}, 68 | }, 69 | } 70 | 71 | var err error 72 | // cfg is defined in this file globally. 73 | cfg, err = testEnv.Start() 74 | Expect(err).NotTo(HaveOccurred()) 75 | Expect(cfg).NotTo(BeNil()) 76 | 77 | scheme := runtime.NewScheme() 78 | err = AddToScheme(scheme) 79 | Expect(err).NotTo(HaveOccurred()) 80 | 81 | err = admissionv1beta1.AddToScheme(scheme) 82 | Expect(err).NotTo(HaveOccurred()) 83 | 84 | //+kubebuilder:scaffold:scheme 85 | 86 | k8sClient, err = client.New(cfg, client.Options{Scheme: scheme}) 87 | Expect(err).NotTo(HaveOccurred()) 88 | Expect(k8sClient).NotTo(BeNil()) 89 | 90 | // start webhook server using Manager 91 | webhookInstallOptions := &testEnv.WebhookInstallOptions 92 | mgr, err := ctrl.NewManager(cfg, ctrl.Options{ 93 | Scheme: scheme, 94 | Host: webhookInstallOptions.LocalServingHost, 95 | Port: webhookInstallOptions.LocalServingPort, 96 | CertDir: webhookInstallOptions.LocalServingCertDir, 97 | LeaderElection: false, 98 | MetricsBindAddress: "0", 99 | }) 100 | Expect(err).NotTo(HaveOccurred()) 101 | 102 | err = SetupWebhookWithManager(mgr) 103 | Expect(err).NotTo(HaveOccurred()) 104 | 105 | //+kubebuilder:scaffold:webhook 106 | 107 | go func() { 108 | defer GinkgoRecover() 109 | err = mgr.Start(ctx) 110 | Expect(err).NotTo(HaveOccurred()) 111 | }() 112 | 113 | // wait for the webhook server to get ready 114 | dialer := &net.Dialer{Timeout: time.Second} 115 | addrPort := fmt.Sprintf("%s:%d", webhookInstallOptions.LocalServingHost, webhookInstallOptions.LocalServingPort) 116 | Eventually(func() error { 117 | conn, err := tls.DialWithDialer(dialer, "tcp", addrPort, &tls.Config{InsecureSkipVerify: true}) 118 | if err != nil { 119 | return err 120 | } 121 | conn.Close() 122 | return nil 123 | }).Should(Succeed()) 124 | 125 | }) 126 | 127 | var _ = AfterSuite(func() { 128 | cancel() 129 | By("tearing down the test environment") 130 | err := testEnv.Stop() 131 | Expect(err).NotTo(HaveOccurred()) 132 | }) 133 | -------------------------------------------------------------------------------- /api/v1alpha1/zz_generated.deepcopy.go: -------------------------------------------------------------------------------- 1 | //go:build !ignore_autogenerated 2 | // +build !ignore_autogenerated 3 | 4 | /* 5 | Copyright 2023 Grafana Labs . 6 | 7 | Licensed under the Apache License, Version 2.0 (the "License"); 8 | you may not use this file except in compliance with the License. 9 | You may obtain a copy of the License at 10 | 11 | http://www.apache.org/licenses/LICENSE-2.0 12 | 13 | Unless required by applicable law or agreed to in writing, software 14 | distributed under the License is distributed on an "AS IS" BASIS, 15 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | See the License for the specific language governing permissions and 17 | limitations under the License. 18 | */ 19 | 20 | // Code generated by controller-gen. DO NOT EDIT. 21 | 22 | package v1alpha1 23 | 24 | import ( 25 | "k8s.io/api/core/v1" 26 | "k8s.io/apimachinery/pkg/runtime" 27 | ) 28 | 29 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 30 | func (in *Instrumenter) DeepCopyInto(out *Instrumenter) { 31 | *out = *in 32 | out.TypeMeta = in.TypeMeta 33 | in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) 34 | in.Spec.DeepCopyInto(&out.Spec) 35 | out.Status = in.Status 36 | } 37 | 38 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Instrumenter. 39 | func (in *Instrumenter) DeepCopy() *Instrumenter { 40 | if in == nil { 41 | return nil 42 | } 43 | out := new(Instrumenter) 44 | in.DeepCopyInto(out) 45 | return out 46 | } 47 | 48 | // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. 49 | func (in *Instrumenter) DeepCopyObject() runtime.Object { 50 | if c := in.DeepCopy(); c != nil { 51 | return c 52 | } 53 | return nil 54 | } 55 | 56 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 57 | func (in *InstrumenterList) DeepCopyInto(out *InstrumenterList) { 58 | *out = *in 59 | out.TypeMeta = in.TypeMeta 60 | in.ListMeta.DeepCopyInto(&out.ListMeta) 61 | if in.Items != nil { 62 | in, out := &in.Items, &out.Items 63 | *out = make([]Instrumenter, len(*in)) 64 | for i := range *in { 65 | (*in)[i].DeepCopyInto(&(*out)[i]) 66 | } 67 | } 68 | } 69 | 70 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstrumenterList. 71 | func (in *InstrumenterList) DeepCopy() *InstrumenterList { 72 | if in == nil { 73 | return nil 74 | } 75 | out := new(InstrumenterList) 76 | in.DeepCopyInto(out) 77 | return out 78 | } 79 | 80 | // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. 81 | func (in *InstrumenterList) DeepCopyObject() runtime.Object { 82 | if c := in.DeepCopy(); c != nil { 83 | return c 84 | } 85 | return nil 86 | } 87 | 88 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 89 | func (in *InstrumenterSpec) DeepCopyInto(out *InstrumenterSpec) { 90 | *out = *in 91 | if in.Export != nil { 92 | in, out := &in.Export, &out.Export 93 | *out = make([]Exporter, len(*in)) 94 | copy(*out, *in) 95 | } 96 | out.Selector = in.Selector 97 | out.Prometheus = in.Prometheus 98 | out.OpenTelemetry = in.OpenTelemetry 99 | if in.OverrideEnv != nil { 100 | in, out := &in.OverrideEnv, &out.OverrideEnv 101 | *out = make([]v1.EnvVar, len(*in)) 102 | for i := range *in { 103 | (*in)[i].DeepCopyInto(&(*out)[i]) 104 | } 105 | } 106 | } 107 | 108 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstrumenterSpec. 109 | func (in *InstrumenterSpec) DeepCopy() *InstrumenterSpec { 110 | if in == nil { 111 | return nil 112 | } 113 | out := new(InstrumenterSpec) 114 | in.DeepCopyInto(out) 115 | return out 116 | } 117 | 118 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 119 | func (in *InstrumenterStatus) DeepCopyInto(out *InstrumenterStatus) { 120 | *out = *in 121 | } 122 | 123 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstrumenterStatus. 124 | func (in *InstrumenterStatus) DeepCopy() *InstrumenterStatus { 125 | if in == nil { 126 | return nil 127 | } 128 | out := new(InstrumenterStatus) 129 | in.DeepCopyInto(out) 130 | return out 131 | } 132 | 133 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 134 | func (in *OpenTelemetry) DeepCopyInto(out *OpenTelemetry) { 135 | *out = *in 136 | out.Interval = in.Interval 137 | } 138 | 139 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpenTelemetry. 140 | func (in *OpenTelemetry) DeepCopy() *OpenTelemetry { 141 | if in == nil { 142 | return nil 143 | } 144 | out := new(OpenTelemetry) 145 | in.DeepCopyInto(out) 146 | return out 147 | } 148 | 149 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 150 | func (in *Prometheus) DeepCopyInto(out *Prometheus) { 151 | *out = *in 152 | out.Annotations = in.Annotations 153 | } 154 | 155 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Prometheus. 156 | func (in *Prometheus) DeepCopy() *Prometheus { 157 | if in == nil { 158 | return nil 159 | } 160 | out := new(Prometheus) 161 | in.DeepCopyInto(out) 162 | return out 163 | } 164 | 165 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 166 | func (in *PrometheusAnnotations) DeepCopyInto(out *PrometheusAnnotations) { 167 | *out = *in 168 | } 169 | 170 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrometheusAnnotations. 171 | func (in *PrometheusAnnotations) DeepCopy() *PrometheusAnnotations { 172 | if in == nil { 173 | return nil 174 | } 175 | out := new(PrometheusAnnotations) 176 | in.DeepCopyInto(out) 177 | return out 178 | } 179 | 180 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 181 | func (in *Selector) DeepCopyInto(out *Selector) { 182 | *out = *in 183 | } 184 | 185 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Selector. 186 | func (in *Selector) DeepCopy() *Selector { 187 | if in == nil { 188 | return nil 189 | } 190 | out := new(Selector) 191 | in.DeepCopyInto(out) 192 | return out 193 | } 194 | -------------------------------------------------------------------------------- /config/certmanager/certificate.yaml: -------------------------------------------------------------------------------- 1 | # The following manifests contain a self-signed issuer CR and a certificate CR. 2 | # More document can be found at https://docs.cert-manager.io 3 | # WARNING: Targets CertManager v1.0. Check https://cert-manager.io/docs/installation/upgrading/ for breaking changes. 4 | apiVersion: cert-manager.io/v1 5 | kind: Issuer 6 | metadata: 7 | labels: 8 | app.kubernetes.io/name: issuer 9 | app.kubernetes.io/instance: selfsigned-issuer 10 | app.kubernetes.io/component: certificate 11 | app.kubernetes.io/created-by: ebpf-autoinstrument-operator 12 | app.kubernetes.io/part-of: ebpf-autoinstrument-operator 13 | app.kubernetes.io/managed-by: kustomize 14 | name: selfsigned-issuer 15 | namespace: system 16 | spec: 17 | selfSigned: {} 18 | --- 19 | apiVersion: cert-manager.io/v1 20 | kind: Certificate 21 | metadata: 22 | labels: 23 | app.kubernetes.io/name: certificate 24 | app.kubernetes.io/instance: serving-cert 25 | app.kubernetes.io/component: certificate 26 | app.kubernetes.io/created-by: ebpf-autoinstrument-operator 27 | app.kubernetes.io/part-of: ebpf-autoinstrument-operator 28 | app.kubernetes.io/managed-by: kustomize 29 | name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml 30 | namespace: system 31 | spec: 32 | # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize 33 | dnsNames: 34 | - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc 35 | - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local 36 | issuerRef: 37 | kind: Issuer 38 | name: selfsigned-issuer 39 | secretName: webhook-server-cert # this secret will not be prefixed, since it's not managed by kustomize 40 | -------------------------------------------------------------------------------- /config/certmanager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - certificate.yaml 3 | 4 | configurations: 5 | - kustomizeconfig.yaml 6 | -------------------------------------------------------------------------------- /config/certmanager/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This configuration is for teaching kustomize how to update name ref and var substitution 2 | nameReference: 3 | - kind: Issuer 4 | group: cert-manager.io 5 | fieldSpecs: 6 | - kind: Certificate 7 | group: cert-manager.io 8 | path: spec/issuerRef/name 9 | 10 | varReference: 11 | - kind: Certificate 12 | group: cert-manager.io 13 | path: spec/commonName 14 | - kind: Certificate 15 | group: cert-manager.io 16 | path: spec/dnsNames 17 | -------------------------------------------------------------------------------- /config/crd/bases/appo11y.grafana.com_instrumenters.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | controller-gen.kubebuilder.io/version: v0.12.0 7 | name: instrumenters.appo11y.grafana.com 8 | spec: 9 | group: appo11y.grafana.com 10 | names: 11 | kind: Instrumenter 12 | listKind: InstrumenterList 13 | plural: instrumenters 14 | singular: instrumenter 15 | scope: Namespaced 16 | versions: 17 | - name: v1alpha1 18 | schema: 19 | openAPIV3Schema: 20 | description: Instrumenter is the Schema for the instrumenters API 21 | properties: 22 | apiVersion: 23 | description: 'APIVersion defines the versioned schema of this representation 24 | of an object. Servers should convert recognized schemas to the latest 25 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 26 | type: string 27 | kind: 28 | description: 'Kind is a string value representing the REST resource this 29 | object represents. Servers may infer this from the endpoint the client 30 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 31 | type: string 32 | metadata: 33 | type: object 34 | spec: 35 | description: InstrumenterSpec defines the desired state of Instrumenter 36 | properties: 37 | export: 38 | default: 39 | - Prometheus 40 | description: Exporters define the exporter endpoints that the autoinstrumenter 41 | must support 42 | items: 43 | description: Exporter type for metrics 44 | enum: 45 | - Prometheus 46 | - OpenTelemetryMetrics 47 | - OpenTelemetryTraces 48 | type: string 49 | type: array 50 | image: 51 | default: grafana/ebpf-autoinstrument:latest 52 | description: 'Image allows overriding the autoinstrumenter container 53 | image for development purposes TODO: make Image values optional 54 | and use relatedImages sections in bundle' 55 | type: string 56 | imagePullPolicy: 57 | default: IfNotPresent 58 | description: ImagePullPolicy allows overriding the container pull 59 | policy for development purposes 60 | type: string 61 | openTelemetry: 62 | default: 63 | interval: 5s 64 | description: OpenTelemetry allows configuring the autoinstrumenter 65 | as an OpenTelemetry metrics and traces exporter 66 | properties: 67 | endpoint: 68 | description: 'Endpoint of the OpenTelemetry collector TODO: properly 69 | validate URL (or empty value)' 70 | type: string 71 | insecureSkipVerify: 72 | default: false 73 | description: InsecureSkipVerify controls whether the instrumenter 74 | OTEL client verifies the server's certificate chain and host 75 | name. If set to `true`, the OTEL client accepts any certificate 76 | presented by the server and any host name in that certificate. 77 | In this mode, TLS is susceptible to machine-in-the-middle attacks. 78 | This option should be used only for testing and development 79 | purposes. 80 | type: boolean 81 | interval: 82 | default: 5s 83 | description: Interval is the intervening time between metrics 84 | exports 85 | type: string 86 | type: object 87 | overrideEnv: 88 | description: OverrideEnv allows overriding the autoinstrumenter env 89 | vars for fine-grained configuration 90 | items: 91 | description: EnvVar represents an environment variable present in 92 | a Container. 93 | properties: 94 | name: 95 | description: Name of the environment variable. Must be a C_IDENTIFIER. 96 | type: string 97 | value: 98 | description: 'Variable references $(VAR_NAME) are expanded using 99 | the previously defined environment variables in the container 100 | and any service environment variables. If a variable cannot 101 | be resolved, the reference in the input string will be unchanged. 102 | Double $$ are reduced to a single $, which allows for escaping 103 | the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the 104 | string literal "$(VAR_NAME)". Escaped references will never 105 | be expanded, regardless of whether the variable exists or 106 | not. Defaults to "".' 107 | type: string 108 | valueFrom: 109 | description: Source for the environment variable's value. Cannot 110 | be used if value is not empty. 111 | properties: 112 | configMapKeyRef: 113 | description: Selects a key of a ConfigMap. 114 | properties: 115 | key: 116 | description: The key to select. 117 | type: string 118 | name: 119 | description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 120 | TODO: Add other useful fields. apiVersion, kind, uid?' 121 | type: string 122 | optional: 123 | description: Specify whether the ConfigMap or its key 124 | must be defined 125 | type: boolean 126 | required: 127 | - key 128 | type: object 129 | x-kubernetes-map-type: atomic 130 | fieldRef: 131 | description: 'Selects a field of the pod: supports metadata.name, 132 | metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, 133 | spec.nodeName, spec.serviceAccountName, status.hostIP, 134 | status.podIP, status.podIPs.' 135 | properties: 136 | apiVersion: 137 | description: Version of the schema the FieldPath is 138 | written in terms of, defaults to "v1". 139 | type: string 140 | fieldPath: 141 | description: Path of the field to select in the specified 142 | API version. 143 | type: string 144 | required: 145 | - fieldPath 146 | type: object 147 | x-kubernetes-map-type: atomic 148 | resourceFieldRef: 149 | description: 'Selects a resource of the container: only 150 | resources limits and requests (limits.cpu, limits.memory, 151 | limits.ephemeral-storage, requests.cpu, requests.memory 152 | and requests.ephemeral-storage) are currently supported.' 153 | properties: 154 | containerName: 155 | description: 'Container name: required for volumes, 156 | optional for env vars' 157 | type: string 158 | divisor: 159 | anyOf: 160 | - type: integer 161 | - type: string 162 | description: Specifies the output format of the exposed 163 | resources, defaults to "1" 164 | pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 165 | x-kubernetes-int-or-string: true 166 | resource: 167 | description: 'Required: resource to select' 168 | type: string 169 | required: 170 | - resource 171 | type: object 172 | x-kubernetes-map-type: atomic 173 | secretKeyRef: 174 | description: Selects a key of a secret in the pod's namespace 175 | properties: 176 | key: 177 | description: The key of the secret to select from. Must 178 | be a valid secret key. 179 | type: string 180 | name: 181 | description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 182 | TODO: Add other useful fields. apiVersion, kind, uid?' 183 | type: string 184 | optional: 185 | description: Specify whether the Secret or its key must 186 | be defined 187 | type: boolean 188 | required: 189 | - key 190 | type: object 191 | x-kubernetes-map-type: atomic 192 | type: object 193 | required: 194 | - name 195 | type: object 196 | type: array 197 | prometheus: 198 | default: 199 | path: /metrics 200 | description: Prometheus allows configuring the autoinstrumenter as 201 | a Prometheus pull exporter. 202 | properties: 203 | annotations: 204 | default: 205 | scrape: prometheus.io/scrape 206 | properties: 207 | path: 208 | default: prometheus.io/path 209 | type: string 210 | port: 211 | default: prometheus.io/port 212 | type: string 213 | scheme: 214 | default: prometheus.io/scheme 215 | type: string 216 | scrape: 217 | default: prometheus.io/scrape 218 | type: string 219 | type: object 220 | path: 221 | default: /metrics 222 | type: string 223 | port: 224 | default: 9102 225 | type: integer 226 | type: object 227 | selector: 228 | default: 229 | portLabel: grafana.com/instrument-port 230 | description: Selector overrides the selection of Pods and executables 231 | to instrument 232 | properties: 233 | portLabel: 234 | default: grafana.com/instrument-port 235 | description: PortLabel specifies which Pod label would specify 236 | which executable needs to be instrumented, according to the 237 | port it opens. Any pod containing the label would be selected 238 | for instrumentation 239 | type: string 240 | type: object 241 | type: object 242 | status: 243 | description: InstrumenterStatus defines the observed state of Instrumenter 244 | type: object 245 | type: object 246 | served: true 247 | storage: true 248 | subresources: 249 | status: {} 250 | -------------------------------------------------------------------------------- /config/crd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # This kustomization.yaml is not intended to be run by itself, 2 | # since it depends on service name and namespace that are out of this kustomize package. 3 | # It should be run by config/default 4 | resources: 5 | - bases/appo11y.grafana.com_instrumenters.yaml 6 | #+kubebuilder:scaffold:crdkustomizeresource 7 | 8 | patchesStrategicMerge: 9 | # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. 10 | # patches here are for enabling the conversion webhook for each CRD 11 | - patches/webhook_in_instrumenters.yaml 12 | #+kubebuilder:scaffold:crdkustomizewebhookpatch 13 | 14 | # [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix. 15 | # patches here are for enabling the CA injection for each CRD 16 | - patches/cainjection_in_instrumenters.yaml 17 | #+kubebuilder:scaffold:crdkustomizecainjectionpatch 18 | 19 | # the following config is for teaching kustomize how to do kustomization for CRDs. 20 | configurations: 21 | - kustomizeconfig.yaml 22 | -------------------------------------------------------------------------------- /config/crd/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This file is for teaching kustomize how to substitute name and namespace reference in CRD 2 | nameReference: 3 | - kind: Service 4 | version: v1 5 | fieldSpecs: 6 | - kind: CustomResourceDefinition 7 | version: v1 8 | group: apiextensions.k8s.io 9 | path: spec/conversion/webhook/clientConfig/service/name 10 | 11 | namespace: 12 | - kind: CustomResourceDefinition 13 | version: v1 14 | group: apiextensions.k8s.io 15 | path: spec/conversion/webhook/clientConfig/service/namespace 16 | create: false 17 | 18 | varReference: 19 | - path: metadata/annotations 20 | -------------------------------------------------------------------------------- /config/crd/patches/cainjection_in_instrumenters.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 7 | name: instrumenters.appo11y.grafana.com 8 | -------------------------------------------------------------------------------- /config/crd/patches/webhook_in_instrumenters.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables a conversion webhook for the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: instrumenters.appo11y.grafana.com 6 | spec: 7 | conversion: 8 | strategy: Webhook 9 | webhook: 10 | clientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | conversionReviewVersions: 16 | - v1 17 | -------------------------------------------------------------------------------- /config/default/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Adds namespace to all resources. 2 | namespace: ebpf-autoinstrument-operator-system 3 | 4 | # Value of this field is prepended to the 5 | # names of all resources, e.g. a deployment named 6 | # "wordpress" becomes "alices-wordpress". 7 | # Note that it should also match with the prefix (text before '-') of the namespace 8 | # field above. 9 | namePrefix: ebpf-autoinstrument-operator- 10 | 11 | # Labels to add to all resources and selectors. 12 | #commonLabels: 13 | # someName: someValue 14 | 15 | resources: 16 | - ../crd 17 | - ../rbac 18 | - ../manager 19 | # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in 20 | # crd/kustomization.yaml 21 | - ../webhook 22 | # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required. 23 | - ../certmanager 24 | # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. 25 | #- ../prometheus 26 | 27 | patchesStrategicMerge: 28 | # Protect the /metrics endpoint by putting it behind auth. 29 | # If you want your controller-manager to expose the /metrics 30 | # endpoint w/o any authn/z, please comment the following line. 31 | - manager_auth_proxy_patch.yaml 32 | 33 | 34 | 35 | # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in 36 | # crd/kustomization.yaml 37 | - manager_webhook_patch.yaml 38 | 39 | # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 40 | # Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks. 41 | # 'CERTMANAGER' needs to be enabled to use ca injection 42 | - webhookcainjection_patch.yaml 43 | 44 | # the following config is for teaching kustomize how to do var substitution 45 | vars: 46 | # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix. 47 | - name: CERTIFICATE_NAMESPACE # namespace of the certificate CR 48 | objref: 49 | kind: Certificate 50 | group: cert-manager.io 51 | version: v1 52 | name: serving-cert # this name should match the one in certificate.yaml 53 | fieldref: 54 | fieldpath: metadata.namespace 55 | - name: CERTIFICATE_NAME 56 | objref: 57 | kind: Certificate 58 | group: cert-manager.io 59 | version: v1 60 | name: serving-cert # this name should match the one in certificate.yaml 61 | - name: SERVICE_NAMESPACE # namespace of the service 62 | objref: 63 | kind: Service 64 | version: v1 65 | name: webhook-service 66 | fieldref: 67 | fieldpath: metadata.namespace 68 | - name: SERVICE_NAME 69 | objref: 70 | kind: Service 71 | version: v1 72 | name: webhook-service 73 | -------------------------------------------------------------------------------- /config/default/manager_auth_proxy_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch inject a sidecar container which is a HTTP proxy for the 2 | # controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. 3 | apiVersion: apps/v1 4 | kind: Deployment 5 | metadata: 6 | name: controller-manager 7 | namespace: system 8 | spec: 9 | template: 10 | spec: 11 | affinity: 12 | nodeAffinity: 13 | requiredDuringSchedulingIgnoredDuringExecution: 14 | nodeSelectorTerms: 15 | - matchExpressions: 16 | - key: kubernetes.io/arch 17 | operator: In 18 | values: 19 | - amd64 20 | - arm64 21 | - ppc64le 22 | - s390x 23 | - key: kubernetes.io/os 24 | operator: In 25 | values: 26 | - linux 27 | containers: 28 | - name: kube-rbac-proxy 29 | securityContext: 30 | allowPrivilegeEscalation: false 31 | capabilities: 32 | drop: 33 | - "ALL" 34 | image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1 35 | args: 36 | - "--secure-listen-address=0.0.0.0:8443" 37 | - "--upstream=http://127.0.0.1:8080/" 38 | - "--logtostderr=true" 39 | - "--v=0" 40 | ports: 41 | - containerPort: 8443 42 | protocol: TCP 43 | name: https 44 | resources: 45 | limits: 46 | cpu: 500m 47 | memory: 128Mi 48 | requests: 49 | cpu: 5m 50 | memory: 64Mi 51 | - name: manager 52 | args: 53 | - "--health-probe-bind-address=:8081" 54 | - "--metrics-bind-address=127.0.0.1:8080" 55 | - "--leader-elect" 56 | -------------------------------------------------------------------------------- /config/default/manager_config_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | -------------------------------------------------------------------------------- /config/default/manager_webhook_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | ports: 12 | - containerPort: 9443 13 | name: webhook-server 14 | protocol: TCP 15 | volumeMounts: 16 | - mountPath: /tmp/k8s-webhook-server/serving-certs 17 | name: cert 18 | readOnly: true 19 | volumes: 20 | - name: cert 21 | secret: 22 | defaultMode: 420 23 | secretName: webhook-server-cert 24 | -------------------------------------------------------------------------------- /config/default/webhookcainjection_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch add annotation to admission webhook config and 2 | # the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. 3 | apiVersion: admissionregistration.k8s.io/v1 4 | kind: MutatingWebhookConfiguration 5 | metadata: 6 | labels: 7 | app.kubernetes.io/name: mutatingwebhookconfiguration 8 | app.kubernetes.io/instance: mutating-webhook-configuration 9 | app.kubernetes.io/component: webhook 10 | app.kubernetes.io/created-by: ebpf-autoinstrument-operator 11 | app.kubernetes.io/part-of: ebpf-autoinstrument-operator 12 | app.kubernetes.io/managed-by: kustomize 13 | name: mutating-webhook-configuration 14 | annotations: 15 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 16 | #--- 17 | #apiVersion: admissionregistration.k8s.io/v1 18 | #kind: ValidatingWebhookConfiguration 19 | #metadata: 20 | # labels: 21 | # app.kubernetes.io/name: validatingwebhookconfiguration 22 | # app.kubernetes.io/instance: validating-webhook-configuration 23 | # app.kubernetes.io/component: webhook 24 | # app.kubernetes.io/created-by: ebpf-autoinstrument-operator 25 | # app.kubernetes.io/part-of: ebpf-autoinstrument-operator 26 | # app.kubernetes.io/managed-by: kustomize 27 | # name: validating-webhook-configuration 28 | # annotations: 29 | # cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 30 | -------------------------------------------------------------------------------- /config/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manager.yaml 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | images: 6 | - name: controller 7 | newName: myuser/ebpf-autoinstrument-operator 8 | newTag: dev 9 | -------------------------------------------------------------------------------- /config/manager/manager.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | labels: 5 | control-plane: controller-manager 6 | app.kubernetes.io/name: namespace 7 | app.kubernetes.io/instance: system 8 | app.kubernetes.io/component: manager 9 | app.kubernetes.io/created-by: ebpf-autoinstrument-operator 10 | app.kubernetes.io/part-of: ebpf-autoinstrument-operator 11 | app.kubernetes.io/managed-by: kustomize 12 | name: system 13 | --- 14 | apiVersion: apps/v1 15 | kind: Deployment 16 | metadata: 17 | name: controller-manager 18 | namespace: system 19 | labels: 20 | control-plane: controller-manager 21 | app.kubernetes.io/name: deployment 22 | app.kubernetes.io/instance: controller-manager 23 | app.kubernetes.io/component: manager 24 | app.kubernetes.io/created-by: ebpf-autoinstrument-operator 25 | app.kubernetes.io/part-of: ebpf-autoinstrument-operator 26 | app.kubernetes.io/managed-by: kustomize 27 | spec: 28 | selector: 29 | matchLabels: 30 | control-plane: controller-manager 31 | replicas: 1 32 | template: 33 | metadata: 34 | annotations: 35 | kubectl.kubernetes.io/default-container: manager 36 | labels: 37 | control-plane: controller-manager 38 | spec: 39 | # TODO(user): Uncomment the following code to configure the nodeAffinity expression 40 | # according to the platforms which are supported by your solution. 41 | # It is considered best practice to support multiple architectures. You can 42 | # build your manager image using the makefile target docker-buildx. 43 | # affinity: 44 | # nodeAffinity: 45 | # requiredDuringSchedulingIgnoredDuringExecution: 46 | # nodeSelectorTerms: 47 | # - matchExpressions: 48 | # - key: kubernetes.io/arch 49 | # operator: In 50 | # values: 51 | # - amd64 52 | # - arm64 53 | # - ppc64le 54 | # - s390x 55 | # - key: kubernetes.io/os 56 | # operator: In 57 | # values: 58 | # - linux 59 | securityContext: 60 | runAsNonRoot: true 61 | # TODO(user): For common cases that do not require escalating privileges 62 | # it is recommended to ensure that all your Pods/Containers are restrictive. 63 | # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted 64 | # Please uncomment the following code if your project does NOT have to work on old Kubernetes 65 | # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ). 66 | # seccompProfile: 67 | # type: RuntimeDefault 68 | containers: 69 | - command: 70 | - /manager 71 | args: 72 | - --leader-elect 73 | image: controller:latest 74 | name: manager 75 | securityContext: 76 | allowPrivilegeEscalation: false 77 | capabilities: 78 | drop: 79 | - "ALL" 80 | livenessProbe: 81 | httpGet: 82 | path: /healthz 83 | port: 8081 84 | initialDelaySeconds: 15 85 | periodSeconds: 20 86 | readinessProbe: 87 | httpGet: 88 | path: /readyz 89 | port: 8081 90 | initialDelaySeconds: 5 91 | periodSeconds: 10 92 | # TODO(user): Configure the resources accordingly based on the project requirements. 93 | # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ 94 | resources: 95 | limits: 96 | cpu: 500m 97 | memory: 128Mi 98 | requests: 99 | cpu: 10m 100 | memory: 64Mi 101 | serviceAccountName: controller-manager 102 | terminationGracePeriodSeconds: 10 103 | -------------------------------------------------------------------------------- /config/manifests/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # These resources constitute the fully configured set of manifests 2 | # used to generate the 'manifests/' directory in a bundle. 3 | resources: 4 | - bases/ebpf-autoinstrument-operator.clusterserviceversion.yaml 5 | - ../default 6 | - ../samples 7 | - ../scorecard 8 | 9 | # [From Mario] comment below only applies for deploying via OperatorHub. 10 | # [WEBHOOK] To enable webhooks, uncomment all the sections with [WEBHOOK] prefix. 11 | # Do NOT uncomment sections with prefix [CERTMANAGER], as OLM does not support cert-manager. 12 | # These patches remove the unnecessary "cert" volume and its manager container volumeMount. 13 | #patchesJson6902: 14 | #- target: 15 | # group: apps 16 | # version: v1 17 | # kind: Deployment 18 | # name: controller-manager 19 | # namespace: system 20 | # patch: |- 21 | # # Remove the manager container's "cert" volumeMount, since OLM will create and mount a set of certs. 22 | # # Update the indices in this path if adding or removing containers/volumeMounts in the manager's Deployment. 23 | # - op: remove 24 | # path: /spec/template/spec/containers/1/volumeMounts/0 25 | # # Remove the "cert" volume, since OLM will create and mount a set of certs. 26 | # # Update the indices in this path if adding or removing volumes in the manager's Deployment. 27 | # - op: remove 28 | # path: /spec/template/spec/volumes/0 29 | -------------------------------------------------------------------------------- /config/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - monitor.yaml 3 | -------------------------------------------------------------------------------- /config/prometheus/monitor.yaml: -------------------------------------------------------------------------------- 1 | 2 | # Prometheus Monitor Service (Metrics) 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: ServiceMonitor 5 | metadata: 6 | labels: 7 | control-plane: controller-manager 8 | app.kubernetes.io/name: servicemonitor 9 | app.kubernetes.io/instance: controller-manager-metrics-monitor 10 | app.kubernetes.io/component: metrics 11 | app.kubernetes.io/created-by: ebpf-autoinstrument-operator 12 | app.kubernetes.io/part-of: ebpf-autoinstrument-operator 13 | app.kubernetes.io/managed-by: kustomize 14 | name: controller-manager-metrics-monitor 15 | namespace: system 16 | spec: 17 | endpoints: 18 | - path: /metrics 19 | port: https 20 | scheme: https 21 | bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token 22 | tlsConfig: 23 | insecureSkipVerify: true 24 | selector: 25 | matchLabels: 26 | control-plane: controller-manager 27 | -------------------------------------------------------------------------------- /config/rbac/auth_proxy_client_clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: clusterrole 6 | app.kubernetes.io/instance: metrics-reader 7 | app.kubernetes.io/component: kube-rbac-proxy 8 | app.kubernetes.io/created-by: ebpf-autoinstrument-operator 9 | app.kubernetes.io/part-of: ebpf-autoinstrument-operator 10 | app.kubernetes.io/managed-by: kustomize 11 | name: metrics-reader 12 | rules: 13 | - nonResourceURLs: 14 | - "/metrics" 15 | verbs: 16 | - get 17 | -------------------------------------------------------------------------------- /config/rbac/auth_proxy_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: clusterrole 6 | app.kubernetes.io/instance: proxy-role 7 | app.kubernetes.io/component: kube-rbac-proxy 8 | app.kubernetes.io/created-by: ebpf-autoinstrument-operator 9 | app.kubernetes.io/part-of: ebpf-autoinstrument-operator 10 | app.kubernetes.io/managed-by: kustomize 11 | name: proxy-role 12 | rules: 13 | - apiGroups: 14 | - authentication.k8s.io 15 | resources: 16 | - tokenreviews 17 | verbs: 18 | - create 19 | - apiGroups: 20 | - authorization.k8s.io 21 | resources: 22 | - subjectaccessreviews 23 | verbs: 24 | - create 25 | -------------------------------------------------------------------------------- /config/rbac/auth_proxy_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: clusterrolebinding 6 | app.kubernetes.io/instance: proxy-rolebinding 7 | app.kubernetes.io/component: kube-rbac-proxy 8 | app.kubernetes.io/created-by: ebpf-autoinstrument-operator 9 | app.kubernetes.io/part-of: ebpf-autoinstrument-operator 10 | app.kubernetes.io/managed-by: kustomize 11 | name: proxy-rolebinding 12 | roleRef: 13 | apiGroup: rbac.authorization.k8s.io 14 | kind: ClusterRole 15 | name: proxy-role 16 | subjects: 17 | - kind: ServiceAccount 18 | name: controller-manager 19 | namespace: system 20 | -------------------------------------------------------------------------------- /config/rbac/auth_proxy_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | control-plane: controller-manager 6 | app.kubernetes.io/name: service 7 | app.kubernetes.io/instance: controller-manager-metrics-service 8 | app.kubernetes.io/component: kube-rbac-proxy 9 | app.kubernetes.io/created-by: ebpf-autoinstrument-operator 10 | app.kubernetes.io/part-of: ebpf-autoinstrument-operator 11 | app.kubernetes.io/managed-by: kustomize 12 | name: controller-manager-metrics-service 13 | namespace: system 14 | spec: 15 | ports: 16 | - name: https 17 | port: 8443 18 | protocol: TCP 19 | targetPort: https 20 | selector: 21 | control-plane: controller-manager 22 | -------------------------------------------------------------------------------- /config/rbac/instrumenter_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit instrumenters. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | labels: 6 | app.kubernetes.io/name: clusterrole 7 | app.kubernetes.io/instance: instrumenter-editor-role 8 | app.kubernetes.io/component: rbac 9 | app.kubernetes.io/created-by: ebpf-autoinstrument-operator 10 | app.kubernetes.io/part-of: ebpf-autoinstrument-operator 11 | app.kubernetes.io/managed-by: kustomize 12 | name: instrumenter-editor-role 13 | rules: 14 | - apiGroups: 15 | - appo11y.grafana.com 16 | resources: 17 | - instrumenters 18 | verbs: 19 | - create 20 | - delete 21 | - get 22 | - list 23 | - patch 24 | - update 25 | - watch 26 | - apiGroups: 27 | - appo11y.grafana.com 28 | resources: 29 | - instrumenters/status 30 | verbs: 31 | - get 32 | -------------------------------------------------------------------------------- /config/rbac/instrumenter_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view instrumenters. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | labels: 6 | app.kubernetes.io/name: clusterrole 7 | app.kubernetes.io/instance: instrumenter-viewer-role 8 | app.kubernetes.io/component: rbac 9 | app.kubernetes.io/created-by: ebpf-autoinstrument-operator 10 | app.kubernetes.io/part-of: ebpf-autoinstrument-operator 11 | app.kubernetes.io/managed-by: kustomize 12 | name: instrumenter-viewer-role 13 | rules: 14 | - apiGroups: 15 | - appo11y.grafana.com 16 | resources: 17 | - instrumenters 18 | verbs: 19 | - get 20 | - list 21 | - watch 22 | - apiGroups: 23 | - appo11y.grafana.com 24 | resources: 25 | - instrumenters/status 26 | verbs: 27 | - get 28 | -------------------------------------------------------------------------------- /config/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | # All RBAC will be applied under this service account in 3 | # the deployment namespace. You may comment out this resource 4 | # if your manager will use a service account that exists at 5 | # runtime. Be sure to update RoleBinding and ClusterRoleBinding 6 | # subjects if changing service account names. 7 | - service_account.yaml 8 | - role.yaml 9 | - role_binding.yaml 10 | - leader_election_role.yaml 11 | - leader_election_role_binding.yaml 12 | # Comment the following 4 lines if you want to disable 13 | # the auth proxy (https://github.com/brancz/kube-rbac-proxy) 14 | # which protects your /metrics endpoint. 15 | - auth_proxy_service.yaml 16 | - auth_proxy_role.yaml 17 | - auth_proxy_role_binding.yaml 18 | - auth_proxy_client_clusterrole.yaml 19 | -------------------------------------------------------------------------------- /config/rbac/leader_election_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do leader election. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | labels: 6 | app.kubernetes.io/name: role 7 | app.kubernetes.io/instance: leader-election-role 8 | app.kubernetes.io/component: rbac 9 | app.kubernetes.io/created-by: ebpf-autoinstrument-operator 10 | app.kubernetes.io/part-of: ebpf-autoinstrument-operator 11 | app.kubernetes.io/managed-by: kustomize 12 | name: leader-election-role 13 | rules: 14 | - apiGroups: 15 | - "" 16 | resources: 17 | - configmaps 18 | verbs: 19 | - get 20 | - list 21 | - watch 22 | - create 23 | - update 24 | - patch 25 | - delete 26 | - apiGroups: 27 | - coordination.k8s.io 28 | resources: 29 | - leases 30 | verbs: 31 | - get 32 | - list 33 | - watch 34 | - create 35 | - update 36 | - patch 37 | - delete 38 | - apiGroups: 39 | - "" 40 | resources: 41 | - events 42 | verbs: 43 | - create 44 | - patch 45 | -------------------------------------------------------------------------------- /config/rbac/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: rolebinding 6 | app.kubernetes.io/instance: leader-election-rolebinding 7 | app.kubernetes.io/component: rbac 8 | app.kubernetes.io/created-by: ebpf-autoinstrument-operator 9 | app.kubernetes.io/part-of: ebpf-autoinstrument-operator 10 | app.kubernetes.io/managed-by: kustomize 11 | name: leader-election-rolebinding 12 | roleRef: 13 | apiGroup: rbac.authorization.k8s.io 14 | kind: Role 15 | name: leader-election-role 16 | subjects: 17 | - kind: ServiceAccount 18 | name: controller-manager 19 | namespace: system 20 | -------------------------------------------------------------------------------- /config/rbac/role.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: manager-role 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - pods 11 | verbs: 12 | - delete 13 | - get 14 | - list 15 | - update 16 | - watch 17 | - apiGroups: 18 | - appo11y.grafana.com 19 | resources: 20 | - instrumenters 21 | verbs: 22 | - create 23 | - delete 24 | - get 25 | - list 26 | - patch 27 | - update 28 | - watch 29 | - apiGroups: 30 | - appo11y.grafana.com 31 | resources: 32 | - instrumenters/finalizers 33 | verbs: 34 | - update 35 | - apiGroups: 36 | - appo11y.grafana.com 37 | resources: 38 | - instrumenters/status 39 | verbs: 40 | - get 41 | - patch 42 | - update 43 | -------------------------------------------------------------------------------- /config/rbac/role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: clusterrolebinding 6 | app.kubernetes.io/instance: manager-rolebinding 7 | app.kubernetes.io/component: rbac 8 | app.kubernetes.io/created-by: ebpf-autoinstrument-operator 9 | app.kubernetes.io/part-of: ebpf-autoinstrument-operator 10 | app.kubernetes.io/managed-by: kustomize 11 | name: manager-rolebinding 12 | roleRef: 13 | apiGroup: rbac.authorization.k8s.io 14 | kind: ClusterRole 15 | name: manager-role 16 | subjects: 17 | - kind: ServiceAccount 18 | name: controller-manager 19 | namespace: system 20 | -------------------------------------------------------------------------------- /config/rbac/service_account.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: serviceaccount 6 | app.kubernetes.io/instance: controller-manager 7 | app.kubernetes.io/component: rbac 8 | app.kubernetes.io/created-by: ebpf-autoinstrument-operator 9 | app.kubernetes.io/part-of: ebpf-autoinstrument-operator 10 | app.kubernetes.io/managed-by: kustomize 11 | name: controller-manager 12 | namespace: system 13 | -------------------------------------------------------------------------------- /config/samples/appo11y_v1alpha1_instrumenter.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: appo11y.grafana.com/v1alpha1 2 | kind: Instrumenter 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: instrumenter 6 | app.kubernetes.io/instance: instrumenter-sample 7 | app.kubernetes.io/part-of: ebpf-autoinstrument-operator 8 | app.kubernetes.io/managed-by: kustomize 9 | app.kubernetes.io/created-by: ebpf-autoinstrument-operator 10 | name: instrumenter-sample 11 | spec: 12 | export: [ "Prometheus" ] # Also valid: OpenTelemetryMetrics, OpenTelemetryTraces 13 | image: grafana/beyla:latest 14 | imagePullPolicy: IfNotPresent 15 | selector: 16 | portLabel: grafana.com/instrument-port 17 | prometheus: 18 | path: "/metrics" 19 | port: 9102 20 | annotations: 21 | scrape: "prometheus.io/scrape" 22 | scheme: "prometheus.io/scheme" 23 | port: "prometheus.io/port" 24 | path: "prometheus.io/path" 25 | openTelemetry: 26 | endpoint: "" 27 | insecureSkipVerify: false 28 | interval: 5s 29 | overrideEnv: 30 | - name: PRINT_TRACES 31 | value: "true" 32 | -------------------------------------------------------------------------------- /config/samples/kustomization.yaml: -------------------------------------------------------------------------------- 1 | ## Append samples you want in your CSV to this file as resources ## 2 | resources: 3 | - appo11y_v1alpha1_instrumenter.yaml 4 | #+kubebuilder:scaffold:manifestskustomizesamples 5 | -------------------------------------------------------------------------------- /config/scorecard/bases/config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: scorecard.operatorframework.io/v1alpha3 2 | kind: Configuration 3 | metadata: 4 | name: config 5 | stages: 6 | - parallel: true 7 | tests: [] 8 | -------------------------------------------------------------------------------- /config/scorecard/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - bases/config.yaml 3 | patchesJson6902: 4 | - path: patches/basic.config.yaml 5 | target: 6 | group: scorecard.operatorframework.io 7 | version: v1alpha3 8 | kind: Configuration 9 | name: config 10 | - path: patches/olm.config.yaml 11 | target: 12 | group: scorecard.operatorframework.io 13 | version: v1alpha3 14 | kind: Configuration 15 | name: config 16 | #+kubebuilder:scaffold:patchesJson6902 17 | -------------------------------------------------------------------------------- /config/scorecard/patches/basic.config.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /stages/0/tests/- 3 | value: 4 | entrypoint: 5 | - scorecard-test 6 | - basic-check-spec 7 | image: quay.io/operator-framework/scorecard-test:v1.28.1 8 | labels: 9 | suite: basic 10 | test: basic-check-spec-test 11 | -------------------------------------------------------------------------------- /config/scorecard/patches/olm.config.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /stages/0/tests/- 3 | value: 4 | entrypoint: 5 | - scorecard-test 6 | - olm-bundle-validation 7 | image: quay.io/operator-framework/scorecard-test:v1.28.1 8 | labels: 9 | suite: olm 10 | test: olm-bundle-validation-test 11 | - op: add 12 | path: /stages/0/tests/- 13 | value: 14 | entrypoint: 15 | - scorecard-test 16 | - olm-crds-have-validation 17 | image: quay.io/operator-framework/scorecard-test:v1.28.1 18 | labels: 19 | suite: olm 20 | test: olm-crds-have-validation-test 21 | - op: add 22 | path: /stages/0/tests/- 23 | value: 24 | entrypoint: 25 | - scorecard-test 26 | - olm-crds-have-resources 27 | image: quay.io/operator-framework/scorecard-test:v1.28.1 28 | labels: 29 | suite: olm 30 | test: olm-crds-have-resources-test 31 | - op: add 32 | path: /stages/0/tests/- 33 | value: 34 | entrypoint: 35 | - scorecard-test 36 | - olm-spec-descriptors 37 | image: quay.io/operator-framework/scorecard-test:v1.28.1 38 | labels: 39 | suite: olm 40 | test: olm-spec-descriptors-test 41 | - op: add 42 | path: /stages/0/tests/- 43 | value: 44 | entrypoint: 45 | - scorecard-test 46 | - olm-status-descriptors 47 | image: quay.io/operator-framework/scorecard-test:v1.28.1 48 | labels: 49 | suite: olm 50 | test: olm-status-descriptors-test 51 | -------------------------------------------------------------------------------- /config/webhook/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manifests.yaml 3 | - service.yaml 4 | 5 | configurations: 6 | - kustomizeconfig.yaml 7 | -------------------------------------------------------------------------------- /config/webhook/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # the following config is for teaching kustomize where to look at when substituting vars. 2 | # It requires kustomize v2.1.0 or newer to work properly. 3 | nameReference: 4 | - kind: Service 5 | version: v1 6 | fieldSpecs: 7 | - kind: MutatingWebhookConfiguration 8 | group: admissionregistration.k8s.io 9 | path: webhooks/clientConfig/service/name 10 | # - kind: ValidatingWebhookConfiguration 11 | # group: admissionregistration.k8s.io 12 | # path: webhooks/clientConfig/service/name 13 | 14 | namespace: 15 | - kind: MutatingWebhookConfiguration 16 | group: admissionregistration.k8s.io 17 | path: webhooks/clientConfig/service/namespace 18 | create: true 19 | #- kind: ValidatingWebhookConfiguration 20 | # group: admissionregistration.k8s.io 21 | # path: webhooks/clientConfig/service/namespace 22 | # create: true 23 | 24 | varReference: 25 | - path: metadata/annotations 26 | -------------------------------------------------------------------------------- /config/webhook/manifests.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: admissionregistration.k8s.io/v1 3 | kind: MutatingWebhookConfiguration 4 | metadata: 5 | name: mutating-webhook-configuration 6 | webhooks: 7 | - admissionReviewVersions: 8 | - v1 9 | clientConfig: 10 | service: 11 | name: webhook-service 12 | namespace: system 13 | path: /mutate--v1-pod 14 | failurePolicy: Fail 15 | name: minstrumenter.kb.io 16 | rules: 17 | - apiGroups: 18 | - "" 19 | apiVersions: 20 | - v1 21 | operations: 22 | - CREATE 23 | - UPDATE 24 | resources: 25 | - pods 26 | sideEffects: NoneOnDryRun 27 | -------------------------------------------------------------------------------- /config/webhook/service.yaml: -------------------------------------------------------------------------------- 1 | 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | labels: 6 | app.kubernetes.io/name: service 7 | app.kubernetes.io/instance: webhook-service 8 | app.kubernetes.io/component: webhook 9 | app.kubernetes.io/created-by: ebpf-autoinstrument-operator 10 | app.kubernetes.io/part-of: ebpf-autoinstrument-operator 11 | app.kubernetes.io/managed-by: kustomize 12 | name: webhook-service 13 | namespace: system 14 | spec: 15 | ports: 16 | - port: 443 17 | protocol: TCP 18 | targetPort: 9443 19 | selector: 20 | control-plane: controller-manager 21 | -------------------------------------------------------------------------------- /controllers/instrumenter_controller.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2023 Grafana Labs . 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package controllers 18 | 19 | import ( 20 | "context" 21 | "fmt" 22 | 23 | corev1 "k8s.io/api/core/v1" 24 | "k8s.io/apimachinery/pkg/api/errors" 25 | "k8s.io/apimachinery/pkg/runtime" 26 | ctrl "sigs.k8s.io/controller-runtime" 27 | "sigs.k8s.io/controller-runtime/pkg/client" 28 | "sigs.k8s.io/controller-runtime/pkg/log" 29 | 30 | appo11yv1alpha1 "github.com/grafana/ebpf-autoinstrument-operator/api/v1alpha1" 31 | "github.com/grafana/ebpf-autoinstrument-operator/pkg/helper/lvl" 32 | ) 33 | 34 | // InstrumenterReconciler reconciles a Instrumenter object 35 | type InstrumenterReconciler struct { 36 | client.Client 37 | Scheme *runtime.Scheme 38 | } 39 | 40 | //+kubebuilder:rbac:groups=appo11y.grafana.com,resources=instrumenters,verbs=get;list;watch;create;update;patch;delete 41 | //+kubebuilder:rbac:groups=appo11y.grafana.com,resources=instrumenters/status,verbs=get;update;patch 42 | //+kubebuilder:rbac:groups=appo11y.grafana.com,resources=instrumenters/finalizers,verbs=update 43 | //+kubebuilder:rbac:groups="",resources=pods,verbs=get;list;watch;update;delete 44 | 45 | // Reconcile is part of the main kubernetes reconciliation loop which aims to 46 | // move the current state of the cluster closer to the desired state. 47 | func (r *InstrumenterReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { 48 | logger := log.FromContext(ctx) 49 | logger.Info("reconcile loop", "request", req) 50 | 51 | instr := appo11yv1alpha1.Instrumenter{} 52 | if err := r.Get(ctx, req.NamespacedName, &instr); err != nil { 53 | if errors.IsNotFound(err) { 54 | return r.onDeletion(ctx, req) 55 | } 56 | return ctrl.Result{}, fmt.Errorf("reading instrumenter: %w", err) 57 | } 58 | 59 | if !instr.ObjectMeta.DeletionTimestamp.IsZero() { 60 | return r.onDeletion(ctx, req) 61 | } 62 | 63 | return r.onCreateUpdate(ctx, &instr) 64 | } 65 | 66 | // SetupWithManager sets up the controller with the Manager. 67 | func (r *InstrumenterReconciler) SetupWithManager(mgr ctrl.Manager) error { 68 | return ctrl.NewControllerManagedBy(mgr). 69 | For(&appo11yv1alpha1.Instrumenter{}). 70 | Owns(&corev1.Pod{}). 71 | Complete(r) 72 | } 73 | 74 | func (r *InstrumenterReconciler) onDeletion(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { 75 | logger := log.FromContext(ctx, "name", req.Name, "namespace", req.Namespace) 76 | logger.Info("deleted instrumenter") 77 | dbg := logger.V(lvl.Debug) 78 | // Look for all the pods in the NS that are instrumented by the removed Instrumenter 79 | podList := corev1.PodList{} 80 | if err := r.List(ctx, &podList, 81 | client.InNamespace(req.Namespace), 82 | client.HasLabels{appo11yv1alpha1.InstrumentedLabel}); err != nil { 83 | return ctrl.Result{Requeue: true}, fmt.Errorf("reading pods: %w", err) 84 | } 85 | dbg.Info("going to remove all the pods whose "+appo11yv1alpha1.InstrumentedLabel+" points to the deleted instrumenter", 86 | "candidatePods", len(podList.Items)) 87 | for i := range podList.Items { 88 | p := &podList.Items[i] 89 | if instrumenterName := p.Labels[appo11yv1alpha1.InstrumentedLabel]; instrumenterName == req.Name { 90 | dbg := dbg.WithValues("podName", p.Name, "podNamespace", p.Namespace) 91 | dbg.Info("removing Pod") 92 | if err := r.Delete(ctx, p); err != nil { 93 | return ctrl.Result{Requeue: true}, fmt.Errorf("deleting pod: %w", err) 94 | } 95 | // Pods belonging to a Service or ReplicaSet will be recreated automatically. Simple Pods 96 | // need to be explicitly recreated 97 | if len(p.OwnerReferences) == 0 { 98 | dbg.Info("Recreating pod") 99 | // Pods belonging to a Service or ReplicaSet will be recreated automatically. Simple Pods 100 | // need to be created again 101 | if len(p.OwnerReferences) == 0 { 102 | dbg.Info("Recreating pod") 103 | appo11yv1alpha1.RemoveInstrumenter(p) 104 | p.ResourceVersion = "" 105 | p.UID = "" 106 | p.Status = corev1.PodStatus{} 107 | if err := r.Create(ctx, p); err != nil { 108 | return ctrl.Result{}, fmt.Errorf("can't recreate Pod %s/%s: %w", p.Namespace, p.Name, err) 109 | } 110 | } 111 | } 112 | } else { 113 | dbg.Info("this Pod is instumented by another instrumenter. Skipping", 114 | "instrumentedBy", instrumenterName, "podName", p.Name, "podNamespace", p.Namespace) 115 | } 116 | } 117 | 118 | return ctrl.Result{}, nil 119 | } 120 | 121 | func (r *InstrumenterReconciler) onCreateUpdate(ctx context.Context, instr *appo11yv1alpha1.Instrumenter) (ctrl.Result, error) { 122 | logger := log.FromContext(ctx, "name", instr.Name, "namespace", instr.Namespace) 123 | dbg := logger.V(lvl.Debug) 124 | dbg.Info("onCreateUpdate", "spec", instr.Spec) 125 | 126 | podList := corev1.PodList{} 127 | if err := r.List(ctx, &podList, 128 | client.InNamespace(instr.Namespace), 129 | client.HasLabels{instr.Spec.Selector.PortLabel}); err != nil { 130 | return ctrl.Result{}, fmt.Errorf("reading pods: %w", err) 131 | } 132 | 133 | dbg.Info("list of pods to instrument", "len", len(podList.Items)) 134 | 135 | for i := range podList.Items { 136 | pod := &podList.Items[i] 137 | podLog := dbg.WithValues("podName", pod.Name, "podNamespace", pod.Namespace) 138 | podLog.Info("checking if Pod needs to be instrumented") 139 | if sidec, ok := appo11yv1alpha1.NeedsInstrumentation(instr, pod); ok { 140 | podLog.Info("Destroying Pod to recreate it with an instrumenter sidecar") 141 | if err := r.Delete(ctx, pod); err != nil { 142 | return ctrl.Result{}, fmt.Errorf("deleting Pod %s/%s: %w", pod.Namespace, pod.Name, err) 143 | } 144 | // Pods belonging to a Service or ReplicaSet will be recreated automatically. Simple Pods 145 | // need to be explicitly recreated 146 | if len(pod.OwnerReferences) == 0 { 147 | podLog.Info("Recreating pod") 148 | pod.ResourceVersion = "" 149 | pod.UID = "" 150 | pod.Status = corev1.PodStatus{} 151 | appo11yv1alpha1.AddInstrumenter(instr.Name, sidec, pod) 152 | if err := r.Create(ctx, pod); err != nil { 153 | return ctrl.Result{}, fmt.Errorf("can't recreate Pod %s/%s: %w", pod.Namespace, pod.Name, err) 154 | } 155 | } 156 | } 157 | } 158 | 159 | return ctrl.Result{}, nil 160 | } 161 | -------------------------------------------------------------------------------- /controllers/instrumenter_test.go: -------------------------------------------------------------------------------- 1 | package controllers 2 | 3 | import ( 4 | "fmt" 5 | "time" 6 | 7 | appsv1 "k8s.io/api/apps/v1" 8 | 9 | "github.com/grafana/ebpf-autoinstrument-operator/pkg/helper" 10 | "github.com/mariomac/gostream/stream" 11 | "k8s.io/apimachinery/pkg/api/errors" 12 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 13 | 14 | "k8s.io/apimachinery/pkg/types" 15 | 16 | "github.com/grafana/ebpf-autoinstrument-operator/api/v1alpha1" 17 | . "github.com/onsi/ginkgo/v2" 18 | . "github.com/onsi/gomega" 19 | v1 "k8s.io/api/core/v1" 20 | controllerruntime "sigs.k8s.io/controller-runtime" 21 | "sigs.k8s.io/controller-runtime/pkg/client" 22 | ) 23 | 24 | const ( 25 | timeout = time.Second * 10 26 | interval = 50 * time.Millisecond 27 | 28 | defaultNS = "default" 29 | ) 30 | 31 | var _ = Describe("Instrumenter Controller", Ordered, Serial, func() { 32 | singleTestPodTemplate := v1.Pod{ 33 | ObjectMeta: controllerruntime.ObjectMeta{ 34 | Name: "instrumentable-pod", 35 | Namespace: defaultNS, 36 | Labels: map[string]string{ 37 | "grafana.com/instrument-port": "8080", 38 | }, 39 | }, 40 | Spec: v1.PodSpec{ 41 | Containers: []v1.Container{{ 42 | Name: "my-pod-container", 43 | Image: "foo-image", 44 | }}, 45 | }, 46 | } 47 | instrumenterTemplate := v1alpha1.Instrumenter{ 48 | ObjectMeta: controllerruntime.ObjectMeta{ 49 | Name: "my-instrumenter", 50 | Namespace: defaultNS, 51 | }, 52 | Spec: v1alpha1.InstrumenterSpec{ 53 | Selector: v1alpha1.Selector{PortLabel: "grafana.com/instrument-port"}, 54 | }, 55 | } 56 | Context("Instrumeting single Pod", func() { 57 | singleTestPod, instrumenter := singleTestPodTemplate, instrumenterTemplate 58 | It("should add an instrumenter sidecar to that Pod", func() { 59 | By("Creating target Pod") 60 | Expect(k8sClient.Create(ctx, &singleTestPod)).To(Succeed()) 61 | 62 | By("Deploying an instrumenter instance") 63 | Expect(k8sClient.Create(ctx, &instrumenter)).To(Succeed()) 64 | 65 | By("waiting to the Pod to be restarted and regenerated") 66 | Eventually(func() error { 67 | pod := v1.Pod{} 68 | if err := k8sClient.Get(ctx, 69 | types.NamespacedName{Name: "instrumentable-pod", Namespace: defaultNS}, 70 | &pod); err != nil { 71 | return err 72 | } 73 | return assertPod(&pod) 74 | }, timeout, interval).Should(Succeed()) 75 | }) 76 | It("should properly remove the created resources", func() { 77 | Expect(k8sClient.Delete(ctx, &singleTestPod)).Should(Succeed()) 78 | Expect(k8sClient.Delete(ctx, &instrumenter)).Should(Succeed()) 79 | expectNotFound(&instrumenter) 80 | }) 81 | }) 82 | 83 | Context("Uninstrumenting Pod after Instrumenter removal", func() { 84 | singleTestPod, instrumenter := singleTestPodTemplate, instrumenterTemplate 85 | It("Prerequisite: running an instrumented Pod, and an instrumenter", func() { 86 | Expect(k8sClient.Create(ctx, &singleTestPod)).To(Succeed()) 87 | Expect(k8sClient.Create(ctx, &instrumenter)).To(Succeed()) 88 | Eventually(func() error { 89 | pod := v1.Pod{} 90 | if err := k8sClient.Get(ctx, 91 | types.NamespacedName{Name: "instrumentable-pod", Namespace: defaultNS}, 92 | &pod); err != nil { 93 | return err 94 | } 95 | return assertPod(&pod) 96 | }, timeout, interval).Should(Succeed()) 97 | }) 98 | 99 | It("should remove instrumenter sidecar", func() { 100 | By("Removing instrumenter") 101 | Expect(k8sClient.Delete(ctx, &instrumenter)).To(Succeed()) 102 | 103 | By("waiting to the Pod to be restarted and regenerated") 104 | Eventually(func() error { 105 | pod := v1.Pod{} 106 | if err := k8sClient.Get(ctx, 107 | types.NamespacedName{Name: "instrumentable-pod", Namespace: defaultNS}, 108 | &pod); err != nil { 109 | return err 110 | } 111 | if len(pod.Spec.Containers) > 1 { 112 | return fmt.Errorf("expecting Pod to have a single container. Has %d", len(pod.Spec.Containers)) 113 | } 114 | if len(pod.Labels) > 0 && pod.Labels[v1alpha1.InstrumentedLabel] != "" { 115 | return fmt.Errorf("unexpected label %s: %q", 116 | v1alpha1.InstrumentedLabel, pod.Labels[v1alpha1.InstrumentedLabel]) 117 | } 118 | return nil 119 | }, timeout, interval).Should(Succeed()) 120 | }) 121 | It("should properly remove the created resources", func() { 122 | Expect(k8sClient.Delete(ctx, &singleTestPod)).Should(Succeed()) 123 | }) 124 | }) 125 | 126 | Context("Ignoring pods that aren't labeled", func() { 127 | ignorablePod, instrumenter := singleTestPodTemplate, instrumenterTemplate 128 | ignorablePod.Labels = nil 129 | It("should NOT add an instrumenter sidecar to that Pod", func() { 130 | By("Creating ignorable Pod") 131 | Expect(k8sClient.Create(ctx, &ignorablePod)).To(Succeed()) 132 | 133 | By("Deploying an instrumenter instance") 134 | Expect(k8sClient.Create(ctx, &instrumenter)).To(Succeed()) 135 | 136 | Consistently(func() interface{} { 137 | pod := &v1.Pod{} 138 | if err := k8sClient.Get(ctx, types.NamespacedName{ 139 | Name: ignorablePod.Name, 140 | Namespace: ignorablePod.Namespace, 141 | }, pod); err != nil { 142 | return err 143 | } 144 | return pod.Spec.Containers 145 | }).Should(HaveLen(1)) 146 | }) 147 | It("should properly remove the created resources", func() { 148 | Expect(k8sClient.Delete(ctx, &ignorablePod)).Should(Succeed()) 149 | Expect(k8sClient.Delete(ctx, &instrumenter)).Should(Succeed()) 150 | expectNotFound(&instrumenter) 151 | }) 152 | }) 153 | 154 | Context("Ignoring pods in another namespace", func() { 155 | ignorablePod, instrumenter := singleTestPodTemplate, instrumenterTemplate 156 | ignorablePod.Namespace = "chachacha" 157 | It("should NOT add an instrumenter sidecar to that Pod", func() { 158 | By("Creating another namespace") 159 | Expect(k8sClient.Create(ctx, &v1.Namespace{ObjectMeta: controllerruntime.ObjectMeta{ 160 | Name: ignorablePod.Namespace}})).To(Succeed()) 161 | 162 | By("Creating ignorable Pod") 163 | Expect(k8sClient.Create(ctx, &ignorablePod)).To(Succeed()) 164 | 165 | By("Deploying an instrumenter instance") 166 | Expect(k8sClient.Create(ctx, &instrumenter)).To(Succeed()) 167 | 168 | Consistently(func() interface{} { 169 | pod := &v1.Pod{} 170 | if err := k8sClient.Get(ctx, types.NamespacedName{ 171 | Name: ignorablePod.Name, 172 | Namespace: ignorablePod.Namespace, 173 | }, pod); err != nil { 174 | return err 175 | } 176 | return pod.Spec.Containers 177 | }).Should(HaveLen(1)) 178 | }) 179 | It("should properly remove the created resources", func() { 180 | Expect(k8sClient.Delete(ctx, &ignorablePod)).Should(Succeed()) 181 | Expect(k8sClient.Delete(ctx, &instrumenter)).Should(Succeed()) 182 | expectNotFound(&instrumenter) 183 | }) 184 | }) 185 | 186 | Context("Instrumenting ReplicaSets", func() { 187 | replicaSet := appsv1.ReplicaSet{ 188 | ObjectMeta: controllerruntime.ObjectMeta{ 189 | Name: "my-rs", 190 | Namespace: defaultNS, 191 | }, 192 | Spec: appsv1.ReplicaSetSpec{ 193 | Replicas: helper.Ptr[int32](3), 194 | Selector: &metav1.LabelSelector{MatchLabels: map[string]string{"app": "test"}}, 195 | Template: v1.PodTemplateSpec{ 196 | ObjectMeta: controllerruntime.ObjectMeta{Labels: map[string]string{ 197 | "app": "test", 198 | "grafana.com/instrument-port": "8080", 199 | }}, 200 | Spec: singleTestPodTemplate.Spec, 201 | }, 202 | }, 203 | } 204 | instrumenter := instrumenterTemplate 205 | It("should add an instrumenter sidecar to the labeled Pods of a given ReplicaSet", func() { 206 | 207 | Skip("TO DO: move this whole Context to an e2e test, as EnvTest create Pods after deploying a ReplicaSet") 208 | 209 | By("creating a ReplicaSet") 210 | Expect(k8sClient.Create(ctx, &replicaSet)).To(Succeed()) 211 | 212 | By("Deploying an instrumenter instance") 213 | Expect(k8sClient.Create(ctx, &instrumenter)).To(Succeed()) 214 | 215 | By("waiting to all ReplicaSet Pods to be restarted and regenerated") 216 | Eventually(func() error { 217 | podsList := v1.PodList{} 218 | if err := k8sClient.List(ctx, 219 | &podsList, 220 | client.InNamespace(defaultNS), 221 | ); err != nil { 222 | return err 223 | } 224 | rsPods := stream.OfSlice(podsList.Items).Filter(func(pod v1.Pod) bool { 225 | return len(pod.OwnerReferences) > 0 && pod.OwnerReferences[0].Name == "my-rs" 226 | }).ToSlice() 227 | if len(rsPods) != 3 { 228 | return fmt.Errorf("expecting 3 matching pods. Got %d", len(rsPods)) 229 | } 230 | for _, pod := range rsPods { 231 | if err := assertPod(&pod); err != nil { 232 | return err 233 | } 234 | } 235 | return nil 236 | }, timeout, interval).Should(Succeed()) 237 | }) 238 | }) 239 | }) 240 | 241 | func assertPod(pod *v1.Pod) error { 242 | if len(pod.Spec.Containers) != 2 { 243 | return fmt.Errorf("expecting to have 2 containers. Got %d", len(pod.Spec.Containers)) 244 | } 245 | instrum := pod.Spec.Containers[1] 246 | if instrum.Name != "grafana-ebpf-autoinstrumenter" { 247 | return fmt.Errorf("invalid name: %s", instrum.Name) 248 | } 249 | if instrum.Image != "grafana/ebpf-autoinstrument:latest" { 250 | return fmt.Errorf("invalid name: %s", instrum.Name) 251 | } 252 | if pod.Spec.ShareProcessNamespace == nil || *pod.Spec.ShareProcessNamespace != true { 253 | return fmt.Errorf("expecting ShareProcessNamespace=true. Got %v", pod.Spec.ShareProcessNamespace) 254 | } 255 | return assertEnvContains(instrum.Env, map[string]string{ 256 | "OPEN_PORT": "8080", 257 | "SERVICE_NAME": "instrumentable-pod", 258 | "SERVICE_NAMESPACE": "default", 259 | "PROMETHEUS_SERVICE_NAME": "instrumentable-pod", 260 | "PROMETHEUS_PORT": "9102", 261 | "PROMETHEUS_PATH": "/metrics", 262 | }) 263 | } 264 | 265 | func assertEnvContains(slice []v1.EnvVar, values map[string]string) error { 266 | env := map[string]string{} 267 | for _, e := range slice { 268 | env[e.Name] = e.Value 269 | } 270 | for k, v := range values { 271 | if env[k] != v { 272 | return fmt.Errorf("expecting env %v to contain %v=%v. Got: %v", 273 | env, k, v, env[k]) 274 | } 275 | } 276 | return nil 277 | } 278 | 279 | func expectNotFound(obj client.Object) { 280 | Eventually(func() error { 281 | err := k8sClient.Get(ctx, types.NamespacedName{ 282 | Name: obj.GetName(), 283 | Namespace: obj.GetNamespace(), 284 | }, obj) 285 | if err == nil || !errors.IsNotFound(err) { 286 | return fmt.Errorf("expecting Not Found error. Got: %w", err) 287 | } 288 | return nil 289 | }, timeout, interval).Should(Succeed()) 290 | } 291 | -------------------------------------------------------------------------------- /controllers/suite_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2023 Grafana Labs . 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package controllers 18 | 19 | import ( 20 | "context" 21 | "path/filepath" 22 | "testing" 23 | 24 | ctrl "sigs.k8s.io/controller-runtime" 25 | 26 | . "github.com/onsi/ginkgo/v2" 27 | . "github.com/onsi/gomega" 28 | 29 | "k8s.io/client-go/kubernetes/scheme" 30 | "k8s.io/client-go/rest" 31 | "sigs.k8s.io/controller-runtime/pkg/client" 32 | "sigs.k8s.io/controller-runtime/pkg/envtest" 33 | logf "sigs.k8s.io/controller-runtime/pkg/log" 34 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 35 | 36 | appo11yv1alpha1 "github.com/grafana/ebpf-autoinstrument-operator/api/v1alpha1" 37 | //+kubebuilder:scaffold:imports 38 | ) 39 | 40 | // These tests use Ginkgo (BDD-style Go testing framework). Refer to 41 | // http://onsi.github.io/ginkgo/ to learn more about Ginkgo. 42 | 43 | var ( 44 | cfg *rest.Config 45 | cancelCtx func() 46 | ctx context.Context 47 | k8sClient client.Client 48 | testEnv *envtest.Environment 49 | ) 50 | 51 | func TestAPIs(t *testing.T) { 52 | RegisterFailHandler(Fail) 53 | 54 | RunSpecs(t, "Controller Suite") 55 | } 56 | 57 | var _ = BeforeSuite(func() { 58 | logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true))) 59 | ctx, cancelCtx = context.WithCancel(context.Background()) 60 | 61 | By("bootstrapping test environment") 62 | testEnv = &envtest.Environment{ 63 | CRDDirectoryPaths: []string{ 64 | filepath.Join("..", "config", "crd", "bases"), 65 | filepath.Join("..", "test-assets"), 66 | }, 67 | ErrorIfCRDPathMissing: true, 68 | } 69 | 70 | var err error 71 | // cfg is defined in this file globally. 72 | cfg, err = testEnv.Start() 73 | Expect(err).NotTo(HaveOccurred()) 74 | Expect(cfg).NotTo(BeNil()) 75 | 76 | err = appo11yv1alpha1.AddToScheme(scheme.Scheme) 77 | Expect(err).NotTo(HaveOccurred()) 78 | 79 | //+kubebuilder:scaffold:scheme 80 | 81 | // create a client for the CRUD test operations 82 | k8sClient, err = client.New(cfg, client.Options{Scheme: scheme.Scheme}) 83 | Expect(err).NotTo(HaveOccurred()) 84 | Expect(k8sClient).NotTo(BeNil()) 85 | 86 | // Instantiating the manager to be tested 87 | k8sManager, err := ctrl.NewManager(cfg, ctrl.Options{ 88 | Scheme: scheme.Scheme, 89 | }) 90 | Expect(err).ToNot(HaveOccurred()) 91 | 92 | err = (&InstrumenterReconciler{ 93 | Client: k8sManager.GetClient(), 94 | Scheme: k8sManager.GetScheme(), 95 | }).SetupWithManager(k8sManager) 96 | Expect(err).ToNot(HaveOccurred()) 97 | 98 | go func() { 99 | defer GinkgoRecover() 100 | err = k8sManager.Start(ctx) 101 | Expect(err).ToNot(HaveOccurred(), "failed to run manager") 102 | }() 103 | }) 104 | 105 | var _ = AfterSuite(func() { 106 | cancelCtx() 107 | 108 | By("tearing down the test environment") 109 | err := testEnv.Stop() 110 | Expect(err).NotTo(HaveOccurred()) 111 | }) 112 | -------------------------------------------------------------------------------- /examples/deploy-with-grafana-agent.yml: -------------------------------------------------------------------------------- 1 | # The autoinstrumenter is configured to expose the metrics as prometheus 2 | # The Grafana Agent is also deployed to submit the information to Grafana Cloud 3 | apiVersion: v1 4 | kind: Secret 5 | metadata: 6 | name: grafana-secret 7 | type: Opaque 8 | stringData: 9 | mimir-endpoint: "prometheus-.grafana.net" 10 | mimir-user: "" 11 | grafana-api-key: "" 12 | --- 13 | apiVersion: v1 14 | kind: ConfigMap 15 | metadata: 16 | name: grafana-agent-config 17 | data: 18 | agent-config.river: | 19 | prometheus.scrape "default" { 20 | targets = [{"__address__" = "localhost:12345"}] 21 | forward_to = [prometheus.remote_write.mimir.receiver] 22 | } 23 | 24 | prometheus.remote_write "mimir" { 25 | endpoint { 26 | url = "https://" + env("MIMIR_USER") + ":" + env("GRAFANA_API_KEY") + "@" + env("MIMIR_ENDPOINT") + "/api/prom/push" 27 | } 28 | } 29 | --- 30 | apiVersion: apps/v1 31 | kind: Deployment 32 | metadata: 33 | name: grafana-agent 34 | labels: 35 | app: grafana-agent 36 | spec: 37 | replicas: 1 38 | selector: 39 | matchLabels: 40 | app: grafana-agent 41 | template: 42 | metadata: 43 | labels: 44 | app: grafana-agent 45 | spec: 46 | volumes: 47 | - name: grafana-agent-config 48 | configMap: 49 | name: grafana-agent-config 50 | containers: 51 | - name: grafana-agent 52 | image: grafana/agent:main 53 | command: 54 | - "/usr/bin/grafana-agent" 55 | - "run" 56 | - "/grafana-agent-config/agent-config.river" 57 | env: 58 | - name: AGENT_MODE 59 | value: flow 60 | - name: TEMPO_ENDPOINT 61 | valueFrom: 62 | secretKeyRef: 63 | key: tempo-endpoint 64 | name: grafana-secret 65 | - name: TEMPO_USER 66 | valueFrom: 67 | secretKeyRef: 68 | key: tempo-user 69 | name: grafana-secret 70 | - name: MIMIR_ENDPOINT 71 | valueFrom: 72 | secretKeyRef: 73 | key: mimir-endpoint 74 | name: grafana-secret 75 | - name: MIMIR_USER 76 | valueFrom: 77 | secretKeyRef: 78 | key: mimir-user 79 | name: grafana-secret 80 | - name: GRAFANA_API_KEY 81 | valueFrom: 82 | secretKeyRef: 83 | key: grafana-api-key 84 | name: grafana-secret 85 | ports: 86 | - containerPort: 4318 87 | protocol: TCP 88 | name: http-traces 89 | volumeMounts: 90 | - mountPath: /grafana-agent-config 91 | readOnly: true 92 | name: grafana-agent-config 93 | --- 94 | apiVersion: v1 95 | kind: Service 96 | metadata: 97 | name: grafana-agent 98 | spec: 99 | selector: 100 | app: grafana-agent 101 | ports: 102 | - port: 4318 103 | protocol: TCP 104 | targetPort: http-traces -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module github.com/grafana/ebpf-autoinstrument-operator 2 | 3 | go 1.19 4 | 5 | require ( 6 | github.com/mariomac/gostream v0.8.1 7 | github.com/onsi/ginkgo/v2 v2.6.0 8 | github.com/onsi/gomega v1.24.1 9 | k8s.io/api v0.26.0 10 | k8s.io/apimachinery v0.26.0 11 | k8s.io/client-go v0.26.0 12 | sigs.k8s.io/controller-runtime v0.14.1 13 | ) 14 | 15 | require ( 16 | github.com/beorn7/perks v1.0.1 // indirect 17 | github.com/cespare/xxhash/v2 v2.1.2 // indirect 18 | github.com/davecgh/go-spew v1.1.1 // indirect 19 | github.com/emicklei/go-restful/v3 v3.9.0 // indirect 20 | github.com/evanphx/json-patch/v5 v5.6.0 // indirect 21 | github.com/fsnotify/fsnotify v1.6.0 // indirect 22 | github.com/go-logr/logr v1.2.3 // indirect 23 | github.com/go-logr/zapr v1.2.3 // indirect 24 | github.com/go-openapi/jsonpointer v0.19.5 // indirect 25 | github.com/go-openapi/jsonreference v0.20.0 // indirect 26 | github.com/go-openapi/swag v0.19.14 // indirect 27 | github.com/gogo/protobuf v1.3.2 // indirect 28 | github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect 29 | github.com/golang/protobuf v1.5.2 // indirect 30 | github.com/google/gnostic v0.5.7-v3refs // indirect 31 | github.com/google/go-cmp v0.5.9 // indirect 32 | github.com/google/gofuzz v1.1.0 // indirect 33 | github.com/google/uuid v1.1.2 // indirect 34 | github.com/imdario/mergo v0.3.6 // indirect 35 | github.com/josharian/intern v1.0.0 // indirect 36 | github.com/json-iterator/go v1.1.12 // indirect 37 | github.com/mailru/easyjson v0.7.6 // indirect 38 | github.com/matttproud/golang_protobuf_extensions v1.0.2 // indirect 39 | github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect 40 | github.com/modern-go/reflect2 v1.0.2 // indirect 41 | github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect 42 | github.com/pkg/errors v0.9.1 // indirect 43 | github.com/prometheus/client_golang v1.14.0 // indirect 44 | github.com/prometheus/client_model v0.3.0 // indirect 45 | github.com/prometheus/common v0.37.0 // indirect 46 | github.com/prometheus/procfs v0.8.0 // indirect 47 | github.com/spf13/pflag v1.0.5 // indirect 48 | go.uber.org/atomic v1.7.0 // indirect 49 | go.uber.org/multierr v1.6.0 // indirect 50 | go.uber.org/zap v1.24.0 // indirect 51 | golang.org/x/exp v0.0.0-20220328175248-053ad81199eb // indirect 52 | golang.org/x/net v0.3.1-0.20221206200815-1e63c2f08a10 // indirect 53 | golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect 54 | golang.org/x/sys v0.3.0 // indirect 55 | golang.org/x/term v0.3.0 // indirect 56 | golang.org/x/text v0.5.0 // indirect 57 | golang.org/x/time v0.3.0 // indirect 58 | gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect 59 | google.golang.org/appengine v1.6.7 // indirect 60 | google.golang.org/protobuf v1.28.1 // indirect 61 | gopkg.in/inf.v0 v0.9.1 // indirect 62 | gopkg.in/yaml.v2 v2.4.0 // indirect 63 | gopkg.in/yaml.v3 v3.0.1 // indirect 64 | k8s.io/apiextensions-apiserver v0.26.0 // indirect 65 | k8s.io/component-base v0.26.0 // indirect 66 | k8s.io/klog/v2 v2.80.1 // indirect 67 | k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 // indirect 68 | k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 // indirect 69 | sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect 70 | sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect 71 | sigs.k8s.io/yaml v1.3.0 // indirect 72 | ) 73 | -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- 1 | cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= 2 | cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= 3 | cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= 4 | cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= 5 | cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= 6 | cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= 7 | cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= 8 | cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= 9 | cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= 10 | cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= 11 | cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= 12 | cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk= 13 | cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= 14 | cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= 15 | cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= 16 | cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= 17 | cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= 18 | cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= 19 | cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= 20 | cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= 21 | cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= 22 | cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= 23 | cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= 24 | cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= 25 | cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= 26 | cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= 27 | cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= 28 | cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= 29 | cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= 30 | cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= 31 | cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= 32 | cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= 33 | dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= 34 | github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= 35 | github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= 36 | github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= 37 | github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= 38 | github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= 39 | github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= 40 | github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= 41 | github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8= 42 | github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= 43 | github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= 44 | github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= 45 | github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= 46 | github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= 47 | github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= 48 | github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= 49 | github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE= 50 | github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= 51 | github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= 52 | github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= 53 | github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= 54 | github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= 55 | github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= 56 | github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= 57 | github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 58 | github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= 59 | github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 60 | github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= 61 | github.com/emicklei/go-restful/v3 v3.9.0 h1:XwGDlfxEnQZzuopoqxwSEllNcCOM9DhhFyhFIIGKwxE= 62 | github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= 63 | github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= 64 | github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= 65 | github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= 66 | github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= 67 | github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMikGIFbs31qQ= 68 | github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84= 69 | github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww= 70 | github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= 71 | github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= 72 | github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= 73 | github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= 74 | github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= 75 | github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= 76 | github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= 77 | github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= 78 | github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= 79 | github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0= 80 | github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= 81 | github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= 82 | github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= 83 | github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs= 84 | github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= 85 | github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= 86 | github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0= 87 | github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= 88 | github.com/go-logr/zapr v1.2.3 h1:a9vnzlIBPQBBkeaR9IuMUfmVOrQlkoC4YfPoFkX3T7A= 89 | github.com/go-logr/zapr v1.2.3/go.mod h1:eIauM6P8qSvTw5o2ez6UEAfGjQKrxQTl5EoK+Qa2oG4= 90 | github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= 91 | github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY= 92 | github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= 93 | github.com/go-openapi/jsonreference v0.20.0 h1:MYlu0sBgChmCfJxxUKZ8g1cPWFOB37YSZqewK7OKeyA= 94 | github.com/go-openapi/jsonreference v0.20.0/go.mod h1:Ag74Ico3lPc+zR+qjn4XBUmXymS4zJbYVCZmcgkasdo= 95 | github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= 96 | github.com/go-openapi/swag v0.19.14 h1:gm3vOOXfiuw5i9p5N9xJvfjvuofpyvLA9Wr6QfK5Fng= 97 | github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= 98 | github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= 99 | github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= 100 | github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= 101 | github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= 102 | github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= 103 | github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= 104 | github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= 105 | github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= 106 | github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= 107 | github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= 108 | github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= 109 | github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= 110 | github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= 111 | github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= 112 | github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= 113 | github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= 114 | github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= 115 | github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= 116 | github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= 117 | github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= 118 | github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= 119 | github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= 120 | github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= 121 | github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= 122 | github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= 123 | github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= 124 | github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= 125 | github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= 126 | github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= 127 | github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= 128 | github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= 129 | github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= 130 | github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= 131 | github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= 132 | github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= 133 | github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= 134 | github.com/google/gnostic v0.5.7-v3refs h1:FhTMOKj2VhjpouxvWJAV1TL304uMlb9zcDqkl6cEI54= 135 | github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ= 136 | github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= 137 | github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= 138 | github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= 139 | github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= 140 | github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= 141 | github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= 142 | github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= 143 | github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= 144 | github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= 145 | github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= 146 | github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= 147 | github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= 148 | github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g= 149 | github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= 150 | github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= 151 | github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= 152 | github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= 153 | github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= 154 | github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= 155 | github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= 156 | github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= 157 | github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= 158 | github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= 159 | github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= 160 | github.com/google/uuid v1.1.2 h1:EVhdT+1Kseyi1/pUmXKaFxYsDNy9RQYkMWRH68J/W7Y= 161 | github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= 162 | github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= 163 | github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= 164 | github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= 165 | github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= 166 | github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= 167 | github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28= 168 | github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= 169 | github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= 170 | github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= 171 | github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= 172 | github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= 173 | github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= 174 | github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= 175 | github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= 176 | github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= 177 | github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= 178 | github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= 179 | github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= 180 | github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= 181 | github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= 182 | github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= 183 | github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= 184 | github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= 185 | github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= 186 | github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= 187 | github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= 188 | github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= 189 | github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= 190 | github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= 191 | github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= 192 | github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= 193 | github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= 194 | github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= 195 | github.com/mailru/easyjson v0.7.6 h1:8yTIVnZgCoiM1TgqoeTl+LfU5Jg6/xL3QhGQnimLYnA= 196 | github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= 197 | github.com/mariomac/gostream v0.8.1 h1:umH0vv4LFXqMDnEhjEKr84VfIFGMhM49Oi9NOEhLZBw= 198 | github.com/mariomac/gostream v0.8.1/go.mod h1:aU11yntiBpx27cGc3nf4Mpn+W8pPQojszRBIdysCPyQ= 199 | github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= 200 | github.com/matttproud/golang_protobuf_extensions v1.0.2 h1:hAHbPm5IJGijwng3PWk09JkG9WeqChjprR5s9bBZ+OM= 201 | github.com/matttproud/golang_protobuf_extensions v1.0.2/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= 202 | github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= 203 | github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= 204 | github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= 205 | github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= 206 | github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= 207 | github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= 208 | github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= 209 | github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= 210 | github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= 211 | github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= 212 | github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= 213 | github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs= 214 | github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= 215 | github.com/onsi/ginkgo/v2 v2.6.0 h1:9t9b9vRUbFq3C4qKFCGkVuq/fIHji802N1nrtkh1mNc= 216 | github.com/onsi/ginkgo/v2 v2.6.0/go.mod h1:63DOGlLAH8+REH8jUGdL3YpCpu7JODesutUjdENfUAc= 217 | github.com/onsi/gomega v1.24.1 h1:KORJXNNTzJXzu4ScJWssJfJMnJ+2QJqhoQSRwNlze9E= 218 | github.com/onsi/gomega v1.24.1/go.mod h1:3AOiACssS3/MajrniINInwbfOOtfZvplPzuRSmvt1jM= 219 | github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= 220 | github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= 221 | github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= 222 | github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= 223 | github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= 224 | github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= 225 | github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= 226 | github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= 227 | github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= 228 | github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= 229 | github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= 230 | github.com/prometheus/client_golang v1.14.0 h1:nJdhIvne2eSX/XRAFV9PcvFFRbrjbcTUj0VP62TMhnw= 231 | github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y= 232 | github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= 233 | github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= 234 | github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= 235 | github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= 236 | github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4= 237 | github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w= 238 | github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= 239 | github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= 240 | github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= 241 | github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= 242 | github.com/prometheus/common v0.37.0 h1:ccBbHCgIiT9uSoFY0vX8H3zsNR5eLt17/RQLUvn8pXE= 243 | github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA= 244 | github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= 245 | github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= 246 | github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= 247 | github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= 248 | github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= 249 | github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo= 250 | github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4= 251 | github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= 252 | github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= 253 | github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= 254 | github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= 255 | github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= 256 | github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= 257 | github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= 258 | github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= 259 | github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= 260 | github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= 261 | github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= 262 | github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= 263 | github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= 264 | github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= 265 | github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= 266 | github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk= 267 | github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= 268 | github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= 269 | github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= 270 | github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= 271 | go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= 272 | go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= 273 | go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= 274 | go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= 275 | go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= 276 | go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw= 277 | go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= 278 | go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= 279 | go.uber.org/goleak v1.2.0 h1:xqgm/S+aQvhWFTtR0XK3Jvg7z8kGV8P4X14IzwN3Eqk= 280 | go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4= 281 | go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= 282 | go.uber.org/zap v1.19.0/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI= 283 | go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60= 284 | go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg= 285 | golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= 286 | golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= 287 | golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= 288 | golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= 289 | golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= 290 | golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= 291 | golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= 292 | golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= 293 | golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= 294 | golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= 295 | golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= 296 | golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= 297 | golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= 298 | golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= 299 | golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= 300 | golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= 301 | golang.org/x/exp v0.0.0-20220328175248-053ad81199eb h1:pC9Okm6BVmxEw76PUu0XUbOTQ92JX11hfvqTjAV3qxM= 302 | golang.org/x/exp v0.0.0-20220328175248-053ad81199eb/go.mod h1:lgLbSvA5ygNOMpwM/9anMpWVlVJ7Z+cHWq/eFuinpGE= 303 | golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= 304 | golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= 305 | golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= 306 | golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= 307 | golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= 308 | golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= 309 | golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= 310 | golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= 311 | golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= 312 | golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= 313 | golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= 314 | golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= 315 | golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= 316 | golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= 317 | golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= 318 | golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= 319 | golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= 320 | golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= 321 | golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= 322 | golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= 323 | golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= 324 | golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= 325 | golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= 326 | golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= 327 | golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= 328 | golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= 329 | golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= 330 | golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= 331 | golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= 332 | golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= 333 | golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 334 | golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 335 | golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 336 | golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 337 | golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 338 | golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 339 | golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 340 | golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 341 | golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 342 | golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 343 | golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= 344 | golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= 345 | golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= 346 | golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= 347 | golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= 348 | golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= 349 | golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= 350 | golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= 351 | golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= 352 | golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= 353 | golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= 354 | golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= 355 | golang.org/x/net v0.3.1-0.20221206200815-1e63c2f08a10 h1:Frnccbp+ok2GkUS2tC84yAq/U9Vg+0sIO7aRL3T4Xnc= 356 | golang.org/x/net v0.3.1-0.20221206200815-1e63c2f08a10/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= 357 | golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= 358 | golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= 359 | golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= 360 | golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= 361 | golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= 362 | golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= 363 | golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b h1:clP8eMhB30EHdc0bd2Twtq6kgU7yl5ub2cQLSdrv1Dg= 364 | golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= 365 | golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 366 | golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 367 | golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 368 | golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 369 | golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 370 | golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 371 | golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 372 | golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 373 | golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 374 | golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 375 | golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 376 | golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 377 | golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 378 | golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 379 | golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 380 | golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 381 | golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 382 | golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 383 | golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 384 | golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 385 | golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 386 | golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 387 | golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 388 | golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 389 | golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 390 | golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 391 | golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 392 | golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 393 | golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 394 | golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 395 | golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 396 | golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 397 | golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 398 | golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 399 | golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 400 | golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 401 | golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 402 | golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 403 | golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 404 | golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 405 | golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 406 | golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 407 | golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 408 | golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 409 | golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 410 | golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 411 | golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 412 | golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 413 | golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 414 | golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 415 | golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ= 416 | golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 417 | golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= 418 | golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= 419 | golang.org/x/term v0.3.0 h1:qoo4akIqOcDME5bhc/NgxUdovd6BSS2uMsVjB56q1xI= 420 | golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= 421 | golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= 422 | golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= 423 | golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= 424 | golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= 425 | golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= 426 | golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= 427 | golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= 428 | golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM= 429 | golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= 430 | golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= 431 | golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= 432 | golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= 433 | golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= 434 | golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= 435 | golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= 436 | golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= 437 | golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= 438 | golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= 439 | golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= 440 | golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= 441 | golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= 442 | golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= 443 | golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= 444 | golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= 445 | golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= 446 | golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= 447 | golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 448 | golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 449 | golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 450 | golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 451 | golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 452 | golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 453 | golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 454 | golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 455 | golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 456 | golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= 457 | golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= 458 | golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= 459 | golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= 460 | golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= 461 | golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= 462 | golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= 463 | golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= 464 | golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= 465 | golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= 466 | golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= 467 | golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= 468 | golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= 469 | golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= 470 | golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= 471 | golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= 472 | golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= 473 | golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= 474 | golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= 475 | golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= 476 | golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= 477 | golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= 478 | golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= 479 | golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= 480 | golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= 481 | golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= 482 | gomodules.xyz/jsonpatch/v2 v2.2.0 h1:4pT439QV83L+G9FkcCriY6EkpcK6r6bK+A5FBUMI7qY= 483 | gomodules.xyz/jsonpatch/v2 v2.2.0/go.mod h1:WXp+iVDkoLQqPudfQ9GBlwB2eZ5DKOnjQZCYdOS8GPY= 484 | google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= 485 | google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= 486 | google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= 487 | google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= 488 | google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= 489 | google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= 490 | google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= 491 | google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= 492 | google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= 493 | google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= 494 | google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= 495 | google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= 496 | google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= 497 | google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= 498 | google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= 499 | google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= 500 | google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= 501 | google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= 502 | google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= 503 | google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= 504 | google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= 505 | google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= 506 | google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= 507 | google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= 508 | google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= 509 | google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= 510 | google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= 511 | google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= 512 | google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= 513 | google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= 514 | google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= 515 | google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= 516 | google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= 517 | google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= 518 | google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= 519 | google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= 520 | google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= 521 | google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= 522 | google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= 523 | google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= 524 | google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= 525 | google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= 526 | google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= 527 | google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= 528 | google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= 529 | google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= 530 | google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= 531 | google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= 532 | google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= 533 | google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= 534 | google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= 535 | google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= 536 | google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= 537 | google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= 538 | google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= 539 | google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= 540 | google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= 541 | google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= 542 | google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= 543 | google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= 544 | google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= 545 | google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= 546 | google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= 547 | google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= 548 | google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= 549 | google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= 550 | google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= 551 | google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= 552 | google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= 553 | google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= 554 | google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= 555 | google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= 556 | google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= 557 | google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= 558 | google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= 559 | google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= 560 | google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= 561 | google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= 562 | google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= 563 | google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= 564 | gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= 565 | gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= 566 | gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= 567 | gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= 568 | gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU= 569 | gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= 570 | gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= 571 | gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= 572 | gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= 573 | gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= 574 | gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= 575 | gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= 576 | gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= 577 | gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= 578 | gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= 579 | gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= 580 | gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= 581 | gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= 582 | gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= 583 | gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= 584 | gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= 585 | gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= 586 | honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= 587 | honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= 588 | honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= 589 | honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= 590 | honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= 591 | honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= 592 | honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= 593 | k8s.io/api v0.26.0 h1:IpPlZnxBpV1xl7TGk/X6lFtpgjgntCg8PJ+qrPHAC7I= 594 | k8s.io/api v0.26.0/go.mod h1:k6HDTaIFC8yn1i6pSClSqIwLABIcLV9l5Q4EcngKnQg= 595 | k8s.io/apiextensions-apiserver v0.26.0 h1:Gy93Xo1eg2ZIkNX/8vy5xviVSxwQulsnUdQ00nEdpDo= 596 | k8s.io/apiextensions-apiserver v0.26.0/go.mod h1:7ez0LTiyW5nq3vADtK6C3kMESxadD51Bh6uz3JOlqWQ= 597 | k8s.io/apimachinery v0.26.0 h1:1feANjElT7MvPqp0JT6F3Ss6TWDwmcjLypwoPpEf7zg= 598 | k8s.io/apimachinery v0.26.0/go.mod h1:tnPmbONNJ7ByJNz9+n9kMjNP8ON+1qoAIIC70lztu74= 599 | k8s.io/client-go v0.26.0 h1:lT1D3OfO+wIi9UFolCrifbjUUgu7CpLca0AD8ghRLI8= 600 | k8s.io/client-go v0.26.0/go.mod h1:I2Sh57A79EQsDmn7F7ASpmru1cceh3ocVT9KlX2jEZg= 601 | k8s.io/component-base v0.26.0 h1:0IkChOCohtDHttmKuz+EP3j3+qKmV55rM9gIFTXA7Vs= 602 | k8s.io/component-base v0.26.0/go.mod h1:lqHwlfV1/haa14F/Z5Zizk5QmzaVf23nQzCwVOQpfC8= 603 | k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4= 604 | k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= 605 | k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 h1:+70TFaan3hfJzs+7VK2o+OGxg8HsuBr/5f6tVAjDu6E= 606 | k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4= 607 | k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 h1:KTgPnR10d5zhztWptI952TNtt/4u5h3IzDXkdIMuo2Y= 608 | k8s.io/utils v0.0.0-20221128185143-99ec85e7a448/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= 609 | rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= 610 | rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= 611 | rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= 612 | sigs.k8s.io/controller-runtime v0.14.1 h1:vThDes9pzg0Y+UbCPY3Wj34CGIYPgdmspPm2GIpxpzM= 613 | sigs.k8s.io/controller-runtime v0.14.1/go.mod h1:GaRkrY8a7UZF0kqFFbUKG7n9ICiTY5T55P1RiE3UZlU= 614 | sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k= 615 | sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= 616 | sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= 617 | sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= 618 | sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= 619 | sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= 620 | -------------------------------------------------------------------------------- /hack/boilerplate.go.txt: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2023 Grafana Labs . 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ -------------------------------------------------------------------------------- /main.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2023 Grafana Labs . 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package main 18 | 19 | import ( 20 | "flag" 21 | "os" 22 | 23 | // Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.) 24 | // to ensure that exec-entrypoint and run can make use of them. 25 | _ "k8s.io/client-go/plugin/pkg/client/auth" 26 | 27 | "k8s.io/apimachinery/pkg/runtime" 28 | utilruntime "k8s.io/apimachinery/pkg/util/runtime" 29 | clientgoscheme "k8s.io/client-go/kubernetes/scheme" 30 | ctrl "sigs.k8s.io/controller-runtime" 31 | "sigs.k8s.io/controller-runtime/pkg/healthz" 32 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 33 | 34 | appo11yv1alpha1 "github.com/grafana/ebpf-autoinstrument-operator/api/v1alpha1" 35 | "github.com/grafana/ebpf-autoinstrument-operator/controllers" 36 | //+kubebuilder:scaffold:imports 37 | ) 38 | 39 | var ( 40 | scheme = runtime.NewScheme() 41 | setupLog = ctrl.Log.WithName("setup") 42 | ) 43 | 44 | func init() { 45 | utilruntime.Must(clientgoscheme.AddToScheme(scheme)) 46 | 47 | utilruntime.Must(appo11yv1alpha1.AddToScheme(scheme)) 48 | //+kubebuilder:scaffold:scheme 49 | } 50 | 51 | func main() { 52 | var metricsAddr string 53 | var enableLeaderElection bool 54 | var probeAddr string 55 | flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.") 56 | flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.") 57 | flag.BoolVar(&enableLeaderElection, "leader-elect", false, 58 | "Enable leader election for controller manager. "+ 59 | "Enabling this will ensure there is only one active controller manager.") 60 | opts := zap.Options{ 61 | Development: true, 62 | } 63 | opts.BindFlags(flag.CommandLine) 64 | flag.Parse() 65 | 66 | ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts))) 67 | 68 | mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{ 69 | Scheme: scheme, 70 | MetricsBindAddress: metricsAddr, 71 | Port: 9443, 72 | HealthProbeBindAddress: probeAddr, 73 | LeaderElection: enableLeaderElection, 74 | LeaderElectionID: "857efcb6.grafana.com", 75 | // LeaderElectionReleaseOnCancel defines if the leader should step down voluntarily 76 | // when the Manager ends. This requires the binary to immediately end when the 77 | // Manager is stopped, otherwise, this setting is unsafe. Setting this significantly 78 | // speeds up voluntary leader transitions as the new leader don't have to wait 79 | // LeaseDuration time first. 80 | // 81 | // In the default scaffold provided, the program ends immediately after 82 | // the manager stops, so would be fine to enable this option. However, 83 | // if you are doing or is intended to do any operation such as perform cleanups 84 | // after the manager stops then its usage might be unsafe. 85 | // LeaderElectionReleaseOnCancel: true, 86 | }) 87 | if err != nil { 88 | setupLog.Error(err, "unable to start manager") 89 | os.Exit(1) 90 | } 91 | 92 | if err = (&controllers.InstrumenterReconciler{ 93 | Client: mgr.GetClient(), 94 | Scheme: mgr.GetScheme(), 95 | }).SetupWithManager(mgr); err != nil { 96 | setupLog.Error(err, "unable to create controller", "controller", "Instrumenter") 97 | os.Exit(1) 98 | } 99 | if err = appo11yv1alpha1.SetupWebhookWithManager(mgr); err != nil { 100 | setupLog.Error(err, "unable to create webhook", "webhook", "Instrumenter") 101 | os.Exit(1) 102 | } 103 | //+kubebuilder:scaffold:builder 104 | 105 | if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil { 106 | setupLog.Error(err, "unable to set up health check") 107 | os.Exit(1) 108 | } 109 | if err := mgr.AddReadyzCheck("readyz", healthz.Ping); err != nil { 110 | setupLog.Error(err, "unable to set up ready check") 111 | os.Exit(1) 112 | } 113 | 114 | setupLog.Info("starting manager") 115 | if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil { 116 | setupLog.Error(err, "problem running manager") 117 | os.Exit(1) 118 | } 119 | } 120 | -------------------------------------------------------------------------------- /pkg/helper/helper.go: -------------------------------------------------------------------------------- 1 | package helper 2 | 3 | // Ptr is a helper function to create pointers from literals 4 | func Ptr[T any](v T) *T { 5 | return &v 6 | } 7 | -------------------------------------------------------------------------------- /pkg/helper/lvl/level.go: -------------------------------------------------------------------------------- 1 | package lvl 2 | 3 | const ( 4 | Info = 0 5 | Debug = 1 6 | ) 7 | -------------------------------------------------------------------------------- /test-assets/prometheus.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: prometheus 5 | --- 6 | apiVersion: v1 7 | kind: ConfigMap 8 | metadata: 9 | name: prometheus 10 | namespace: prometheus 11 | data: 12 | prometheus-config.yml: | 13 | global: 14 | evaluation_interval: 30s 15 | scrape_interval: 5s 16 | scrape_configs: 17 | - job_name: "kubernetes-pods" 18 | kubernetes_sd_configs: 19 | - role: pod 20 | relabel_configs: 21 | - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] 22 | action: keep 23 | regex: true 24 | - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] 25 | action: replace 26 | target_label: __metrics_path__ 27 | regex: (.+) 28 | - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] 29 | action: replace 30 | regex: ([^:]+)(?::\d+)?;(\d+) 31 | replacement: $1:$2 32 | target_label: __address__ 33 | - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scheme] 34 | action: replace 35 | target_label: __scheme__ 36 | regex: (.+) 37 | 38 | --- 39 | apiVersion: apps/v1 40 | kind: Deployment 41 | metadata: 42 | name: prometheus 43 | namespace: prometheus 44 | spec: 45 | selector: 46 | matchLabels: 47 | app: prometheus 48 | template: 49 | metadata: 50 | labels: 51 | app: prometheus 52 | spec: 53 | serviceAccountName: prometheus 54 | volumes: 55 | - name: prometheus-config 56 | configMap: 57 | name: prometheus 58 | containers: 59 | - name: prometheus 60 | image: quay.io/prometheus/prometheus:v2.34.0 61 | args: 62 | - --storage.tsdb.retention.time=30m 63 | - --config.file=/etc/prometheus/prometheus-config.yml 64 | - --storage.tsdb.path=/prometheus 65 | - --web.enable-lifecycle 66 | - --web.route-prefix=/ 67 | volumeMounts: 68 | - mountPath: /etc/prometheus 69 | name: prometheus-config 70 | ports: 71 | - containerPort: 9090 72 | name: http 73 | --- 74 | apiVersion: v1 75 | kind: Service 76 | metadata: 77 | name: prometheus 78 | namespace: prometheus 79 | spec: 80 | selector: 81 | app: prometheus 82 | ports: 83 | - port: 9090 84 | protocol: TCP 85 | targetPort: http 86 | --- 87 | apiVersion: v1 88 | kind: ServiceAccount 89 | metadata: 90 | name: prometheus 91 | namespace: prometheus 92 | --- 93 | kind: ClusterRole 94 | apiVersion: rbac.authorization.k8s.io/v1 95 | metadata: 96 | name: prometheus 97 | namespace: prometheus 98 | rules: 99 | - apiGroups: [""] 100 | resources: ["pods"] 101 | verbs: ["get", "watch", "list"] 102 | --- 103 | kind: ClusterRoleBinding 104 | apiVersion: rbac.authorization.k8s.io/v1 105 | metadata: 106 | name: prometheus 107 | namespace: prometheus 108 | subjects: 109 | - kind: ServiceAccount 110 | name: prometheus 111 | namespace: prometheus 112 | roleRef: 113 | apiGroup: rbac.authorization.k8s.io 114 | kind: ClusterRole 115 | name: prometheus -------------------------------------------------------------------------------- /test-assets/sample-svc.yml: -------------------------------------------------------------------------------- 1 | 2 | # Feel free to replace the demo app by something different, 3 | # but it needs to bring the autoinstrumenter as a sidecar container 4 | apiVersion: apps/v1 5 | kind: Deployment 6 | metadata: 7 | name: goblog 8 | labels: 9 | app: goblog 10 | spec: 11 | replicas: 1 12 | selector: 13 | matchLabels: 14 | app: goblog 15 | template: 16 | metadata: 17 | labels: 18 | app: goblog 19 | grafana.com/instrument-port: "8443" 20 | spec: 21 | # required so the sidecar instrumenter can access the service process 22 | containers: 23 | - name: goblog 24 | image: mariomac/goblog:dev 25 | imagePullPolicy: IfNotPresent 26 | command: [ "/goblog" ] 27 | env: 28 | - name: "GOBLOG_CONFIG" 29 | value: "/sample/config.yml" 30 | ports: 31 | - containerPort: 8443 32 | name: https 33 | --- 34 | apiVersion: v1 35 | kind: Service 36 | metadata: 37 | name: goblog 38 | spec: 39 | selector: 40 | app: goblog 41 | ports: 42 | - port: 8443 43 | protocol: TCP 44 | targetPort: https 45 | --------------------------------------------------------------------------------