dash0hq · basti1302 · Sep 30, 2024 · Sep 30, 2024 · Sep 30, 2024
diff --git a/cmd/main.go b/cmd/main.go
@@ -78,6 +78,8 @@ const (
 
 	developmentModeEnvVarName = "DASH0_DEVELOPMENT_MODE"
 
+	oTelColResourceSpecConfigFile = "/etc/config/otelcolresources.yaml"
+
 	//nolint
 	mandatoryEnvVarMissingMessageTemplate = "cannot start the Dash0 operator, the mandatory environment variable \"%s\" is missing"
 
@@ -405,6 +407,14 @@ func readEnvironmentVariables() error {
 	return nil
 }
 
+func readConfiguration() (*otelcolresources.OTelColResourceSpecs, error) {
+	oTelColResourceSpec, err := otelcolresources.ReadOTelColResourcesConfiguration(oTelColResourceSpecConfigFile)
+	if err != nil {
+		return nil, fmt.Errorf("Cannot read configuration file %s: %w", oTelColResourceSpecConfigFile, err)
+	}
+	return oTelColResourceSpec, nil
+}
+
 func readOptionalPullPolicyFromEnvironmentVariable(envVarName string) corev1.PullPolicy {
 	pullPolicyRaw := os.Getenv(envVarName)
 	if pullPolicyRaw != "" {
@@ -428,6 +438,11 @@ func startDash0Controllers(
 	operatorConfiguration *startup.OperatorConfigurationValues,
 	developmentMode bool,
 ) error {
+	oTelColResourceSpecs, err := readConfiguration()
+	if err != nil {
+		os.Exit(1)
+	}
+
 	oTelCollectorBaseUrl :=
 		fmt.Sprintf(
 			"http://%s-opentelemetry-collector.%s.svc.cluster.local:4318",
@@ -470,6 +485,7 @@ func startDash0Controllers(
 		Scheme:                  mgr.GetScheme(),
 		DeploymentSelfReference: deploymentSelfReference,
 		OTelCollectorNamePrefix: envVars.oTelCollectorNamePrefix,
+		OTelColResourceSpecs:    oTelColResourceSpecs,
 		DevelopmentMode:         developmentMode,
 	}
 	backendConnectionManager := &backendconnection.BackendConnectionManager{

diff --git a/helm-chart/dash0-operator/templates/_helpers.tpl b/helm-chart/dash0-operator/templates/_helpers.tpl
@@ -42,6 +42,11 @@ helm.sh/chart: {{ include "dash0-operator.chartNameWithVersion" . }}
 {{- default (printf "%s-controller" (include "dash0-operator.chartName" .)) .Values.operator.serviceAccount.name }}
 {{- end }}
 
+{{/* otelcol resources config map name */}}
+{{- define "dash0-operator.collectorResourceConfigMapName" -}}
+{{ include "dash0-operator.chartName" . }}-collector-resources
+{{- end }}
+
 {{- define "dash0-operator.deploymentName" -}}
 {{ include "dash0-operator.chartName" . }}-controller
 {{- end }}

diff --git a/helm-chart/dash0-operator/templates/operator/deployment-and-webhooks.yaml b/helm-chart/dash0-operator/templates/operator/deployment-and-webhooks.yaml
@@ -21,6 +21,7 @@ kind: Secret
 type: kubernetes.io/tls
 metadata:
   name: {{ include "dash0-operator.chartName" . }}-certificates
+  namespace: {{ .Release.Namespace }}
   labels:
     app.kubernetes.io/name: dash0-operator
     app.kubernetes.io/component: certificates
@@ -152,11 +153,14 @@ spec:
           name: webhook-server
           protocol: TCP
         resources:
-          {{- toYaml .Values.operator.managerPodResources | nindent 10 }}
+          {{- toYaml .Values.operator.managerContainerResources | nindent 10 }}
         {{ include "dash0-operator.restrictiveContainerSecurityContext" . | nindent 8 }}
         volumeMounts:
-        - mountPath: /tmp/k8s-webhook-server/serving-certs
-          name: certificates
+        - name: certificates
+          mountPath: /tmp/k8s-webhook-server/serving-certs
+          readOnly: true
+        - name: config-volume
+          mountPath: /etc/config
           readOnly: true
         livenessProbe:
           httpGet:
@@ -182,7 +186,7 @@ spec:
           name: https
           protocol: TCP
         resources:
-          {{- toYaml .Values.operator.kubeRbacProxyPodResources | nindent 10 }}
+          {{- toYaml .Values.operator.kubeRbacProxyContainerResources | nindent 10 }}
         securityContext:
           allowPrivilegeEscalation: false
           capabilities:
@@ -204,11 +208,15 @@ spec:
         secret:
           defaultMode: 420
           secretName: {{ include "dash0-operator.chartName" . }}-certificates
+      - name: config-volume
+        configMap:
+          name: {{ template "dash0-operator.collectorResourceConfigMapName" . }}
 ---
 apiVersion: v1
 kind: Service
 metadata:
   name: {{ template "dash0-operator.chartName" . }}-webhook-service
+  namespace: {{ .Release.Namespace }}
   labels:
     app.kubernetes.io/name: dash0-operator
     app.kubernetes.io/component: webhook-service

diff --git a/helm-chart/dash0-operator/templates/operator/otelcol-resources-config-map.yaml b/helm-chart/dash0-operator/templates/operator/otelcol-resources-config-map.yaml
@@ -0,0 +1,24 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "dash0-operator.collectorResourceConfigMapName" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: dash0-operator
+    app.kubernetes.io/component: controller
+    app.kubernetes.io/instance: collector-resources-config-map
+    {{- include "dash0-operator.labels" . | nindent 4 }}
+
+data:
+  otelcolresources.yaml: |-
+    collectorDaemonSetCollectorContainerResources:
+      {{- toYaml .Values.operator.collectorDaemonSetCollectorContainerResources | nindent 6 }}
+    collectorDaemonSetConfigurationReloaderContainerResources:
+      {{- toYaml .Values.operator.collectorDaemonSetConfigurationReloaderContainerResources | nindent 6 }}
+    collectorDaemonSetFileLogOffsetSynchContainerResources:
+      {{- toYaml .Values.operator.collectorDaemonSetFileLogOffsetSynchContainerResources | nindent 6 }}
+
+    collectorDeploymentCollectorContainerResources:
+      {{- toYaml .Values.operator.collectorDeploymentCollectorContainerResources | nindent 6 }}
+    collectorDeploymentConfigurationReloaderContainerResources:
+      {{- toYaml .Values.operator.collectorDeploymentConfigurationReloaderContainerResources | nindent 6 }}
diff --git a/helm-chart/dash0-operator/templates/operator/pre-delete-hook.yaml b/helm-chart/dash0-operator/templates/operator/pre-delete-hook.yaml
@@ -32,7 +32,7 @@ spec:
             - "--uninstrument-all"
           {{ include "dash0-operator.restrictiveContainerSecurityContext" . | nindent 10 }}
           resources:
-            {{- toYaml .Values.operator.managerPodResources | nindent 12 }}
+            {{- toYaml .Values.operator.managerContainerResources | nindent 12 }}
       securityContext:
         runAsNonRoot: true
       serviceAccountName: {{ template "dash0-operator.serviceAccountName" . }}

diff --git a/helm-chart/dash0-operator/tests/operator/__snapshot__/deployment-and-webhooks_test.yaml.snap b/helm-chart/dash0-operator/tests/operator/__snapshot__/deployment-and-webhooks_test.yaml.snap
@@ -102,6 +102,9 @@ deployment should match snapshot (default values):
                 - mountPath: /tmp/k8s-webhook-server/serving-certs
                   name: certificates
                   readOnly: true
+                - mountPath: /etc/config
+                  name: config-volume
+                  readOnly: true
             - args:
                 - --secure-listen-address=0.0.0.0:8443
                 - --upstream=http://127.0.0.1:8080/
@@ -138,6 +141,9 @@ deployment should match snapshot (default values):
               secret:
                 defaultMode: 420
                 secretName: dash0-operator-certificates
+            - configMap:
+                name: dash0-operator-collector-resources
+              name: config-volume
 metrics service should match snapshot (default settings):
   1: |
     apiVersion: v1
@@ -177,6 +183,7 @@ webhook service should match snapshot (default settings):
         app.kubernetes.io/version: 0.0.0
         helm.sh/chart: dash0-operator-0.0.0
       name: dash0-operator-webhook-service
+      namespace: NAMESPACE
     spec:
       ports:
         - port: 443

diff --git a/...rt/dash0-operator/tests/operator/__snapshot__/otelcol-resources-config-map_test.yaml.snap b/...rt/dash0-operator/tests/operator/__snapshot__/otelcol-resources-config-map_test.yaml.snap
@@ -0,0 +1,48 @@
+otelcol resources config map should match snapshot:
+  1: |
+    apiVersion: v1
+    data:
+      otelcolresources.yaml: |-
+        collectorDaemonSetCollectorContainerResources:
+          gomemlimit: 400MiB
+          limits:
+            memory: 500Mi
+          requests:
+            memory: 500Mi
+        collectorDaemonSetConfigurationReloaderContainerResources:
+          gomemlimit: 8MiB
+          limits:
+            memory: 12Mi
+          requests:
+            memory: 12Mi
+        collectorDaemonSetFileLogOffsetSynchContainerResources:
+          gomemlimit: 24MiB
+          limits:
+            memory: 32Mi
+          requests:
+            memory: 32Mi
+
+        collectorDeploymentCollectorContainerResources:
+          gomemlimit: 400MiB
+          limits:
+            memory: 500Mi
+          requests:
+            memory: 500Mi
+        collectorDeploymentConfigurationReloaderContainerResources:
+          gomemlimit: 8MiB
+          limits:
+            memory: 12Mi
+          requests:
+            memory: 12Mi
+    kind: ConfigMap
+    metadata:
+      labels:
+        app.kubernetes.io/component: controller
+        app.kubernetes.io/instance: collector-resources-config-map
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: dash0-operator
+        app.kubernetes.io/part-of: dash0-operator
+        app.kubernetes.io/version: 0.0.0
+        helm.sh/chart: dash0-operator-0.0.0
+      name: dash0-operator-collector-resources
+      namespace: NAMESPACE
diff --git a/helm-chart/dash0-operator/tests/operator/deployment-and-webhooks_test.yaml b/helm-chart/dash0-operator/tests/operator/deployment-and-webhooks_test.yaml
@@ -99,7 +99,7 @@ tests:
           repository: custom-filelog-offset-synch-image
           tag: "13.14.15"
           pullPolicy: Never
-        managerPodResources:
+        managerContainerResources:
           limits:
             cpu: 123m
             memory: 456Mi

diff --git a/helm-chart/dash0-operator/tests/operator/otelcol-resources-config-map_test.yaml b/helm-chart/dash0-operator/tests/operator/otelcol-resources-config-map_test.yaml
@@ -0,0 +1,7 @@
+suite: test otelcol resources config map
+templates:
+  - operator/otelcol-resources-config-map.yaml
+tests:
+  - it: otelcol resources config map should match snapshot
+    asserts:
+      - matchSnapshot: {}
diff --git a/helm-chart/dash0-operator/values.yaml b/helm-chart/dash0-operator/values.yaml
@@ -89,8 +89,8 @@ operator:
   #   label2: "value 2"
   podLabels: {}
 
-  # resources for the controller manager pod(s)
-  managerPodResources:
+  # resources for the controller manager container
+  managerContainerResources:
     limits:
       cpu: 500m
       memory: 128Mi
@@ -100,8 +100,8 @@ operator:
       memory: 64Mi
       ephemeral-storage: 500Mi
 
-  # resources for the kube-rbac-proxy pod(s)
-  kubeRbacProxyPodResources:
+  # resources for the kube-rbac-proxy container
+  kubeRbacProxyContainerResources:
     limits:
       cpu: 500m
       memory: 128Mi
@@ -111,6 +111,68 @@ operator:
       memory: 64Mi
       ephemeral-storage: 500Mi
 
+  collectorDaemonSetCollectorContainerResources:
+    limits:
+      # cpu: (no cpu limit by default)
+      memory: 500Mi
+      # storage: (no storage limit by default)
+      # ephemeral-storage: (no ephemeral-storage limit by default)
+    gomemlimit: 400MiB
+    requests:
+      # cpu: (no cpu request by default)
+      memory: 500Mi
+      # storage: (no storage request by default)
+      # ephemeral-storage: (no ephemeral-storage request by default)
+  collectorDaemonSetConfigurationReloaderContainerResources:
+    limits:
+      # cpu: (no cpu limit by default)
+      memory: 12Mi
+      # storage: (no storage limit by default)
+      # ephemeral-storage: (no ephemeral-storage limit by default)
+    gomemlimit: 8MiB
+    requests:
+      # cpu: (no cpu request by default)
+      memory: 12Mi
+      # storage: (no storage request by default)
+      # ephemeral-storage: (no ephemeral-storage request by default)
+  collectorDaemonSetFileLogOffsetSynchContainerResources:
+    limits:
+      # cpu: (no cpu limit by default)
+      memory: 32Mi
+      # storage: (no storage limit by default)
+      # ephemeral-storage: (no ephemeral-storage limit by default)
+    gomemlimit: 24MiB
+    requests:
+      # cpu: (no cpu request by default)
+      memory: 32Mi
+      # storage: (no storage request by default)
+      # ephemeral-storage: (no ephemeral-storage request by default)
+
+  collectorDeploymentCollectorContainerResources:
+    limits:
+      # cpu: (no cpu limit by default)
+      memory: 500Mi
+      # storage: (no storage limit by default)
+      # ephemeral-storage: (no ephemeral-storage limit by default)
+    gomemlimit: 400MiB
+    requests:
+      # cpu: (no cpu request by default)
+      memory: 500Mi
+      # storage: (no storage request by default)
+      # ephemeral-storage: (no ephemeral-storage request by default)
+  collectorDeploymentConfigurationReloaderContainerResources:
+    limits:
+      # cpu: (no cpu limit by default)
+      memory: 12Mi
+      # storage: (no storage limit by default)
+      # ephemeral-storage: (no ephemeral-storage limit by default)
+    gomemlimit: 8MiB
+    requests:
+      # cpu: (no cpu request by default)
+      memory: 12Mi
+      # storage: (no storage request by default)
+      # ephemeral-storage: (no ephemeral-storage request by default)
+
   # the port for the metrics service
   metricsPort: 8443
 

diff --git a/internal/backendconnection/backendconnection_manager_test.go b/internal/backendconnection/backendconnection_manager_test.go
@@ -57,6 +57,7 @@ var _ = Describe("The backend connection manager", Ordered, func() {
 			Scheme:                  k8sClient.Scheme(),
 			DeploymentSelfReference: DeploymentSelfReference,
 			OTelCollectorNamePrefix: OTelCollectorNamePrefixTest,
+			OTelColResourceSpecs:    &otelcolresources.DefaultOTelColResourceSpecs,
 		}
 		manager = &BackendConnectionManager{
 			Client:                 k8sClient,