otterize · omris94 · Jan 2, 2025 · Jan 9, 2025 · Jan 9, 2025
diff --git a/helm-charts b/helm-charts
diff --git a/src/operator/api/v1alpha2/kafkaserverconfig_types.go b/src/operator/api/v1alpha2/kafkaserverconfig_types.go
@@ -100,7 +100,7 @@ func (ksc *KafkaServerConfig) ConvertTo(dstRaw conversion.Hub) error {
 	dst.ObjectMeta = ksc.ObjectMeta
 	dst.Spec = v2alpha1.KafkaServerConfigSpec{}
 	dst.Spec.Addr = ksc.Spec.Addr
-	dst.Spec.Service = v2alpha1.Workload{Name: ksc.Spec.Service.Name}
+	dst.Spec.Workload = v2alpha1.Workload{Name: ksc.Spec.Service.Name}
 	dst.Spec.NoAutoCreateIntentsForOperator = ksc.Spec.NoAutoCreateIntentsForOperator
 	dst.Spec.TLS = v2alpha1.TLSSource{
 		CertFile:   ksc.Spec.TLS.CertFile,
@@ -124,7 +124,7 @@ func (ksc *KafkaServerConfig) ConvertFrom(srcRaw conversion.Hub) error {
 	ksc.ObjectMeta = src.ObjectMeta
 	ksc.Spec = KafkaServerConfigSpec{}
 	ksc.Spec.Addr = src.Spec.Addr
-	ksc.Spec.Service = Service{Name: src.Spec.Service.Name}
+	ksc.Spec.Service = Service{Name: src.Spec.Workload.Name}
 	ksc.Spec.NoAutoCreateIntentsForOperator = src.Spec.NoAutoCreateIntentsForOperator
 	ksc.Spec.TLS = TLSSource{
 		CertFile:   src.Spec.TLS.CertFile,

diff --git a/src/operator/api/v1alpha3/webhooks.go b/src/operator/api/v1alpha3/webhooks.go
@@ -107,8 +107,8 @@ func (ksc *KafkaServerConfig) ConvertTo(dstRaw conversion.Hub) error {
 	dst := dstRaw.(*v2alpha1.KafkaServerConfig)
 	dst.ObjectMeta = ksc.ObjectMeta
 	// convert each spec attribute
-	dst.Spec.Service.Name = ksc.Spec.Service.Name
-	dst.Spec.Service.Kind = ksc.Spec.Service.Kind
+	dst.Spec.Workload.Name = ksc.Spec.Service.Name
+	dst.Spec.Workload.Kind = ksc.Spec.Service.Kind
 	dst.Spec.NoAutoCreateIntentsForOperator = ksc.Spec.NoAutoCreateIntentsForOperator
 	dst.Spec.Addr = ksc.Spec.Addr
 	dst.Spec.TLS = v2alpha1.TLSSource{
@@ -130,8 +130,8 @@ func (ksc *KafkaServerConfig) ConvertFrom(srcRaw conversion.Hub) error {
 	src := srcRaw.(*v2alpha1.KafkaServerConfig)
 	ksc.ObjectMeta = src.ObjectMeta
 	// convert each spec attribute
-	ksc.Spec.Service.Name = src.Spec.Service.Name
-	ksc.Spec.Service.Kind = src.Spec.Service.Kind
+	ksc.Spec.Service.Name = src.Spec.Workload.Name
+	ksc.Spec.Service.Kind = src.Spec.Workload.Kind
 	ksc.Spec.NoAutoCreateIntentsForOperator = src.Spec.NoAutoCreateIntentsForOperator
 	ksc.Spec.Addr = src.Spec.Addr
 	ksc.Spec.TLS = TLSSource{

diff --git a/src/operator/api/v1beta1/webhooks.go b/src/operator/api/v1beta1/webhooks.go
@@ -107,8 +107,8 @@ func (ksc *KafkaServerConfig) ConvertTo(dstRaw conversion.Hub) error {
 	dst := dstRaw.(*v2alpha1.KafkaServerConfig)
 	dst.ObjectMeta = ksc.ObjectMeta
 	// convert each spec attribute
-	dst.Spec.Service.Name = ksc.Spec.Service.Name
-	dst.Spec.Service.Kind = ksc.Spec.Service.Kind
+	dst.Spec.Workload.Name = ksc.Spec.Service.Name
+	dst.Spec.Workload.Kind = ksc.Spec.Service.Kind
 	dst.Spec.NoAutoCreateIntentsForOperator = ksc.Spec.NoAutoCreateIntentsForOperator
 	dst.Spec.Addr = ksc.Spec.Addr
 	dst.Spec.TLS = v2alpha1.TLSSource{
@@ -130,8 +130,8 @@ func (ksc *KafkaServerConfig) ConvertFrom(srcRaw conversion.Hub) error {
 	src := srcRaw.(*v2alpha1.KafkaServerConfig)
 	ksc.ObjectMeta = src.ObjectMeta
 	// convert each spec attribute
-	ksc.Spec.Service.Name = src.Spec.Service.Name
-	ksc.Spec.Service.Kind = src.Spec.Service.Kind
+	ksc.Spec.Service.Name = src.Spec.Workload.Name
+	ksc.Spec.Service.Kind = src.Spec.Workload.Kind
 	ksc.Spec.NoAutoCreateIntentsForOperator = src.Spec.NoAutoCreateIntentsForOperator
 	ksc.Spec.Addr = src.Spec.Addr
 	ksc.Spec.TLS = TLSSource{

diff --git a/src/operator/api/v2alpha1/kafkaserverconfig_types.go b/src/operator/api/v2alpha1/kafkaserverconfig_types.go
@@ -51,7 +51,7 @@ type KafkaServerConfigSpec struct {
 	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
 	// Important: Run "make" to regenerate code after modifying this file
 
-	Service Workload `json:"service,omitempty" yaml:"service,omitempty"`
+	Workload Workload `json:"workload,omitempty" yaml:"workload,omitempty"`
 	// If Intents for network policies are enabled, and there are other Intents to this Kafka server,
 	// will automatically create an Target so that the Intents Operator can connect. Set to true to disable.
 	NoAutoCreateIntentsForOperator bool   `json:"noAutoCreateIntentsForOperator,omitempty" yaml:"noAutoCreateIntentsForOperator,omitempty"`

diff --git a/src/operator/api/v2alpha1/zz_generated.deepcopy.go b/src/operator/api/v2alpha1/zz_generated.deepcopy.go
diff --git a/src/operator/config/crd/k8s.otterize.com_kafkaserverconfigs.patched b/src/operator/config/crd/k8s.otterize.com_kafkaserverconfigs.patched
@@ -310,15 +310,6 @@ spec:
                     If Intents for network policies are enabled, and there are other Intents to this Kafka server,
                     will automatically create an Target so that the Intents Operator can connect. Set to true to disable.
                   type: boolean
-                service:
-                  properties:
-                    kind:
-                      type: string
-                    name:
-                      type: string
-                  required:
-                    - name
-                  type: object
                 tls:
                   properties:
                     certFile:
@@ -353,6 +344,15 @@ spec:
                       - topic
                     type: object
                   type: array
+                workload:
+                  properties:
+                    kind:
+                      type: string
+                    name:
+                      type: string
+                  required:
+                    - name
+                  type: object
               type: object
             status:
               description: KafkaServerConfigStatus defines the observed state of KafkaServerConfig

diff --git a/src/operator/config/crd/k8s.otterize.com_kafkaserverconfigs.yaml b/src/operator/config/crd/k8s.otterize.com_kafkaserverconfigs.yaml
@@ -296,15 +296,6 @@ spec:
                   If Intents for network policies are enabled, and there are other Intents to this Kafka server,
                   will automatically create an Target so that the Intents Operator can connect. Set to true to disable.
                 type: boolean
-              service:
-                properties:
-                  kind:
-                    type: string
-                  name:
-                    type: string
-                required:
-                - name
-                type: object
               tls:
                 properties:
                   certFile:
@@ -339,6 +330,15 @@ spec:
                   - topic
                   type: object
                 type: array
+              workload:
+                properties:
+                  kind:
+                    type: string
+                  name:
+                    type: string
+                required:
+                - name
+                type: object
             type: object
           status:
             description: KafkaServerConfigStatus defines the observed state of KafkaServerConfig

diff --git a/src/operator/config/rbac/manifests-patched.yaml b/src/operator/config/rbac/manifests-patched.yaml
@@ -253,6 +253,19 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - policy.linkerd.io
+  resources:
+  - '*'
+  verbs:
+  - create
+  - delete
+  - deletecollection
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - security.istio.io
   resources:

diff --git a/src/operator/config/rbac/role.yaml b/src/operator/config/rbac/role.yaml
@@ -253,6 +253,19 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - policy.linkerd.io
+  resources:
+  - '*'
+  verbs:
+  - create
+  - delete
+  - deletecollection
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - security.istio.io
   resources:

diff --git a/src/operator/controllers/external_traffic/network_policy.go b/src/operator/controllers/external_traffic/network_policy.go
@@ -344,12 +344,12 @@ func (r *NetworkPolicyHandler) handlePod(ctx context.Context, pod *corev1.Pod) e
 //	external traffic policy will be created (if there were no other intents affecting the service before then) or
 //	deleted (if no intents network policies refer to the pods backing the service any longer).
 //
-//	 When HandleEndpoints is called, and the Service is of type LoadBalancer, NodePort, or is referenced by an Ingress,
+//	 When HandleEndpoints is called, and the Workload is of type LoadBalancer, NodePort, or is referenced by an Ingress,
 //		   it checks if the backing pods are affected by Otterize Intents Network Policies.
 //		   If so, and the reconciler is enabled, it will create network policies to allow external traffic to those pods.
 //		   If the Endpoints (= Services) update port, it will update the port specified in the corresponding network policy.
 //		   If the Endpoints no longer refer to pods affected by Intents, then the network policy will be deleted.
-//		   If the Service is deleted completely, then the corresponding network policy will be deleted, since it is owned
+//		   If the Workload is deleted completely, then the corresponding network policy will be deleted, since it is owned
 //		   by the service.
 func (r *NetworkPolicyHandler) HandleEndpoints(ctx context.Context, endpoints *corev1.Endpoints) error {
 	svc := corev1.Service{}

diff --git a/src/operator/controllers/intents_reconcilers/kafka_acls_test.go b/src/operator/controllers/intents_reconcilers/kafka_acls_test.go
@@ -87,7 +87,7 @@ func (s *KafkaACLReconcilerTestSuite) SetupSuite() {
 func (s *KafkaACLReconcilerTestSuite) setupServerStore(serviceName string) *kafkaacls.ServersStoreImpl {
 	serverConfig := &otterizev2alpha1.KafkaServerConfig{
 		Spec: otterizev2alpha1.KafkaServerConfigSpec{
-			Service: otterizev2alpha1.Workload{
+			Workload: otterizev2alpha1.Workload{
 				Name: serviceName,
 			},
 			Topics: []otterizev2alpha1.TopicConfig{{

diff --git a/...erator/controllers/kafka_server_config_reconcilers/kafka_server_config_controller_test.go b/...erator/controllers/kafka_server_config_reconcilers/kafka_server_config_controller_test.go
@@ -78,7 +78,7 @@ func (s *KafkaServerConfigReconcilerTestSuite) TearDownTest() {
 func (s *KafkaServerConfigReconcilerTestSuite) setupServerStore(serviceName string) kafkaacls.ServersStore {
 	serverConfig := &otterizev2alpha1.KafkaServerConfig{
 		Spec: otterizev2alpha1.KafkaServerConfigSpec{
-			Service: otterizev2alpha1.Workload{
+			Workload: otterizev2alpha1.Workload{
 				Name: serviceName,
 			},
 			Topics: []otterizev2alpha1.TopicConfig{{
@@ -113,7 +113,7 @@ func (s *KafkaServerConfigReconcilerTestSuite) generateKafkaServerConfig() otter
 		},
 		Spec: otterizev2alpha1.KafkaServerConfigSpec{
 			NoAutoCreateIntentsForOperator: true,
-			Service: otterizev2alpha1.Workload{
+			Workload: otterizev2alpha1.Workload{
 				Name: kafkaServiceName,
 			},
 			Topics: []otterizev2alpha1.TopicConfig{

diff --git a/src/operator/controllers/kafka_server_config_reconcilers/kafka_server_config_reconciler.go b/src/operator/controllers/kafka_server_config_reconcilers/kafka_server_config_reconciler.go
@@ -76,7 +76,7 @@ func (r *KafkaServerConfigReconciler) removeKafkaServerFromStore(kafkaServerConf
 		},
 	)
 
-	intentsAdmin, err := r.ServersStore.Get(kafkaServerConfig.Spec.Service.Name, kafkaServerConfig.Namespace)
+	intentsAdmin, err := r.ServersStore.Get(kafkaServerConfig.Spec.Workload.Name, kafkaServerConfig.Namespace)
 	if err != nil && errors.Is(err, kafkaacls.ServerSpecNotFound) {
 		logger.Info("Kafka server not registered to servers store")
 		return nil
@@ -92,7 +92,7 @@ func (r *KafkaServerConfigReconciler) removeKafkaServerFromStore(kafkaServerConf
 	}
 
 	logger.Info("Removing Kafka server from store")
-	r.ServersStore.Remove(kafkaServerConfig.Spec.Service.Name, kafkaServerConfig.Namespace)
+	r.ServersStore.Remove(kafkaServerConfig.Spec.Workload.Name, kafkaServerConfig.Namespace)
 	return nil
 }
 
@@ -154,7 +154,7 @@ func (r *KafkaServerConfigReconciler) createIntentsFromOperatorToKafkaServer(ctx
 			},
 			Targets: []otterizev2alpha1.Target{{
 				Kafka: &otterizev2alpha1.KafkaTarget{
-					Name: fmt.Sprintf("%s.%s", config.Spec.Service.Name, config.Namespace),
+					Name: fmt.Sprintf("%s.%s", config.Spec.Workload.Name, config.Namespace),
 					Topics: []otterizev2alpha1.KafkaTopic{{
 						Name: "*",
 						Operations: []otterizev2alpha1.KafkaOperation{
@@ -230,7 +230,7 @@ func (r *KafkaServerConfigReconciler) reconcileObject(ctx context.Context, kafka
 
 	r.ServersStore.Add(kafkaServerConfig)
 
-	kafkaIntentsAdmin, err := r.ServersStore.Get(kafkaServerConfig.Spec.Service.Name, kafkaServerConfig.Namespace)
+	kafkaIntentsAdmin, err := r.ServersStore.Get(kafkaServerConfig.Spec.Workload.Name, kafkaServerConfig.Namespace)
 	if err != nil {
 		return ctrl.Result{}, errors.Wrap(err)
 	}
@@ -292,7 +292,7 @@ func kafkaServerConfigCRDToCloudModel(kafkaServerConfig otterizev2alpha1.KafkaSe
 	}
 
 	input := graphqlclient.KafkaServerConfigInput{
-		Name:      kafkaServerConfig.Spec.Service.Name,
+		Name:      kafkaServerConfig.Spec.Workload.Name,
 		Namespace: kafkaServerConfig.Namespace,
 		Address:   kafkaServerConfig.Spec.Addr,
 		Topics:    topics,

diff --git a/src/operator/controllers/kafka_server_config_reconcilers/telemetry_reconciler.go b/src/operator/controllers/kafka_server_config_reconcilers/telemetry_reconciler.go
@@ -40,7 +40,7 @@ func (r *TelemetryReconciler) Reconcile(ctx context.Context, req reconcile.Reque
 
 	anonymizedServerName := telemetrysender.Anonymize(fmt.Sprintf("%s/%s",
 		kafkaServerConfig.Namespace,
-		kafkaServerConfig.Spec.Service.Name,
+		kafkaServerConfig.Spec.Workload.Name,
 	))
 
 	if !kafkaServerConfig.DeletionTimestamp.IsZero() {

diff --git a/src/operator/controllers/kafka_server_config_reconcilers/telemetry_reconciler_test.go b/src/operator/controllers/kafka_server_config_reconcilers/telemetry_reconciler_test.go
@@ -45,7 +45,7 @@ func (s *CountReconcilerTestSuite) TestAppliedProtectedServices() {
 			Namespace: testNamespace,
 		},
 		Spec: otterizev2alpha1.KafkaServerConfigSpec{
-			Service: otterizev2alpha1.Workload{
+			Workload: otterizev2alpha1.Workload{
 				Name: server,
 			},
 		},
@@ -63,7 +63,7 @@ func (s *CountReconcilerTestSuite) TestAppliedProtectedServices() {
 			Namespace: testNamespace,
 		},
 		Spec: otterizev2alpha1.KafkaServerConfigSpec{
-			Service: otterizev2alpha1.Workload{
+			Workload: otterizev2alpha1.Workload{
 				Name: anotherServer,
 			},
 		},
@@ -77,7 +77,7 @@ func (s *CountReconcilerTestSuite) TestAppliedProtectedServices() {
 			Namespace: testNamespace,
 		},
 		Spec: otterizev2alpha1.KafkaServerConfigSpec{
-			Service: otterizev2alpha1.Workload{
+			Workload: otterizev2alpha1.Workload{
 				Name: server,
 			},
 		},
@@ -91,7 +91,7 @@ func (s *CountReconcilerTestSuite) TestAppliedProtectedServices() {
 			Namespace: anotherNamespace,
 		},
 		Spec: otterizev2alpha1.KafkaServerConfigSpec{
-			Service: otterizev2alpha1.Workload{
+			Workload: otterizev2alpha1.Workload{
 				Name: server,
 			},
 		},
@@ -105,7 +105,7 @@ func (s *CountReconcilerTestSuite) TestAppliedProtectedServices() {
 			Namespace: anotherNamespace,
 		},
 		Spec: otterizev2alpha1.KafkaServerConfigSpec{
-			Service: otterizev2alpha1.Workload{
+			Workload: otterizev2alpha1.Workload{
 				Name: anotherServer,
 			},
 		},

diff --git a/src/operator/controllers/kafkaacls/intents_admin.go b/src/operator/controllers/kafkaacls/intents_admin.go
@@ -262,7 +262,7 @@ func (a *KafkaIntentsAdminImpl) deleteACLsByPrincipal(principal string) (int, er
 func (a *KafkaIntentsAdminImpl) logACLs() error {
 	logger := logrus.WithFields(
 		logrus.Fields{
-			"serverName":      a.kafkaServer.Spec.Service,
+			"serverName":      a.kafkaServer.Spec.Workload,
 			"serverNamespace": a.kafkaServer.Namespace,
 		})
 
@@ -305,7 +305,7 @@ func (a *KafkaIntentsAdminImpl) ApplyClientIntents(clientName string, clientName
 	logger := logrus.WithFields(
 		logrus.Fields{
 			"principal":       principal,
-			"serverName":      a.kafkaServer.Spec.Service,
+			"serverName":      a.kafkaServer.Spec.Workload,
 			"serverNamespace": a.kafkaServer.Namespace,
 		})
 
@@ -366,7 +366,7 @@ func (a *KafkaIntentsAdminImpl) RemoveClientIntents(clientName string, clientNam
 	logger := logrus.WithFields(
 		logrus.Fields{
 			"principal":       principal,
-			"serverName":      a.kafkaServer.Spec.Service,
+			"serverName":      a.kafkaServer.Spec.Workload,
 			"serverNamespace": a.kafkaServer.Namespace,
 		})
 	countDeleted, err := a.deleteACLsByPrincipal(principal)
@@ -384,7 +384,7 @@ func (a *KafkaIntentsAdminImpl) RemoveClientIntents(clientName string, clientNam
 func (a *KafkaIntentsAdminImpl) RemoveServerIntents(topicsConf []otterizev2alpha1.TopicConfig) error {
 	logger := logrus.WithFields(
 		logrus.Fields{
-			"serverName":      a.kafkaServer.Spec.Service,
+			"serverName":      a.kafkaServer.Spec.Workload,
 			"serverNamespace": a.kafkaServer.Namespace,
 		})
 
@@ -559,7 +559,7 @@ func (a *KafkaIntentsAdminImpl) deleteResourceAcls(resourceAclsToDelete []*saram
 func (a *KafkaIntentsAdminImpl) ApplyServerTopicsConf(topicsConf []otterizev2alpha1.TopicConfig) error {
 	logger := logrus.WithFields(
 		logrus.Fields{
-			"serverName":      a.kafkaServer.Spec.Service,
+			"serverName":      a.kafkaServer.Spec.Workload,
 			"serverNamespace": a.kafkaServer.Namespace,
 		})
 

diff --git a/src/operator/controllers/kafkaacls/intents_admin_test.go b/src/operator/controllers/kafkaacls/intents_admin_test.go
@@ -40,7 +40,7 @@ func (s *IntentAdminSuite) TestApplyServerConfig() {
 			Namespace: testNamespace,
 		},
 		Spec: otterizev2alpha1.KafkaServerConfigSpec{
-			Service: otterizev2alpha1.Workload{
+			Workload: otterizev2alpha1.Workload{
 				Name: serverName,
 			},
 			Addr: serverAddress,
@@ -105,7 +105,7 @@ func (s *IntentAdminSuite) TestApplyServerConfigPermissionExists() {
 			Namespace: testNamespace,
 		},
 		Spec: otterizev2alpha1.KafkaServerConfigSpec{
-			Service: otterizev2alpha1.Workload{
+			Workload: otterizev2alpha1.Workload{
 				Name: serverName,
 			},
 			Addr: serverAddress,
@@ -200,7 +200,7 @@ func (s *IntentAdminSuite) TestDeleteServerConfig() {
 			DeletionTimestamp: lo.ToPtr(metav1.Date(2021, 6, 13, 0, 0, 0, 0, time.UTC)),
 		},
 		Spec: otterizev2alpha1.KafkaServerConfigSpec{
-			Service: otterizev2alpha1.Workload{
+			Workload: otterizev2alpha1.Workload{
 				Name: serverName,
 			},
 			Addr: serverAddress,
+11 −3		.github/workflows/e2e-test.yaml
+2 −2		.github/workflows/lint.yml
+2 −2		credentials-operator/Chart.yaml
+25 −22		credentials-operator/README.md
+22 −2		credentials-operator/templates/credentials-operator-deployment.yaml
+10 −2		credentials-operator/values.yaml
+2 −2		intents-operator/Chart.yaml
+28 −20		intents-operator/README.md
+9 −1		intents-operator/templates/extended-config-configmap.yaml
+2 −2		intents-operator/templates/intents-operator-controller-manager-metrics-service.yaml
+45 −8		intents-operator/templates/intents-operator-deployment.yaml
+65 −0		intents-operator/templates/intents-operator-manager-clusterrole.yaml
+30 −3		intents-operator/values.yaml
+2 −2		network-mapper/Chart.yaml
+40 −34		network-mapper/README.md
+6 −0		network-mapper/templates/_helpers.tpl
+25 −0		network-mapper/templates/agent-clusterrole.yaml
+162 −0		network-mapper/templates/agent-daemonset.yaml
+39 −0		network-mapper/templates/agent-serviceaccount.yaml
+7 −0		network-mapper/templates/iamlive-deployment.yaml
+11 −1		network-mapper/templates/kafka-watcher-deployment.yaml
+19 −3		network-mapper/templates/mapper-deployment.yaml
+70 −0		network-mapper/templates/pii-detector-deployment.yaml
+22 −0		network-mapper/templates/pii-detector-service.yaml
+16 −0		network-mapper/templates/pii-detector-serviceaccount.yaml
+12 −1		network-mapper/templates/sniffer-daemonset.yaml
+54 −32		network-mapper/values.yaml
+1 −1		otterize-kubernetes/Chart.yaml
+29 −28		otterize-kubernetes/README.md
+4 −2		otterize-kubernetes/values.yaml
+0 −292		tests/azureiam/files/terraform/terraform.tfstate
+1 −1		tests/base_suite.go
+1 −1		tests/databases/mysql/client/Dockerfile
+1 −1		tests/databases/postgresql/client/Dockerfile
+23 −25		tests/go.mod
+99 −68		tests/go.sum