Merge pull request #352 from periklis/backport-pr-14279-5.9

[release-5.9] Backport PR grafana#14279
openshift · Oct 1, 2024 · a09b42c · a09b42c
2 parents 89fb029 + 2ea9c0c
commit a09b42c
Show file tree

Hide file tree

Showing 7 changed files with 148 additions and 53 deletions.
diff --git a/operator/CHANGELOG.md b/operator/CHANGELOG.md
@@ -1,5 +1,13 @@
 ## Main
 
+## Release 5.9.8
+
+- [14279](https://github.com/grafana/loki/pull/14279) **periklis**: fix(operator): Add missing groupBy label for all rules on OpenShift
+
+## Release 5.9.7
+
+No changes.
+
 ## Release 5.9.6
 
 - [14042](https://github.com/grafana/loki/pull/14042) **periklis**: feat(operator): Update Loki operand to v3.1.1

diff --git a/operator/internal/manifests/openshift/alertingrule.go b/operator/internal/manifests/openshift/alertingrule.go
@@ -5,23 +5,32 @@ import lokiv1 "github.com/grafana/loki/operator/apis/loki/v1"
 func AlertingRuleTenantLabels(ar *lokiv1.AlertingRule) {
 	switch ar.Spec.TenantID {
 	case tenantApplication:
-		for groupIdx, group := range ar.Spec.Groups {
-			group := group
-			for ruleIdx, rule := range group.Rules {
-				rule := rule
-				if rule.Labels == nil {
-					rule.Labels = map[string]string{}
-				}
-				rule.Labels[opaDefaultLabelMatcher] = ar.Namespace
-				group.Rules[ruleIdx] = rule
-			}
-			ar.Spec.Groups[groupIdx] = group
-		}
-	case tenantInfrastructure, tenantAudit:
-		// Do nothing
-	case tenantNetwork:
-		// Do nothing
+		appendAlertingRuleLabels(ar, map[string]string{
+			opaDefaultLabelMatcher:    ar.Namespace,
+			ocpMonitoringGroupByLabel: ar.Namespace,
+		})
+	case tenantInfrastructure, tenantAudit, tenantNetwork:
+		appendAlertingRuleLabels(ar, map[string]string{
+			ocpMonitoringGroupByLabel: ar.Namespace,
+		})
 	default:
 		// Do nothing
 	}
 }
+
+func appendAlertingRuleLabels(ar *lokiv1.AlertingRule, labels map[string]string) {
+	for groupIdx, group := range ar.Spec.Groups {
+		for ruleIdx, rule := range group.Rules {
+			if rule.Labels == nil {
+				rule.Labels = map[string]string{}
+			}
+
+			for name, value := range labels {
+				rule.Labels[name] = value
+			}
+
+			group.Rules[ruleIdx] = rule
+		}
+		ar.Spec.Groups[groupIdx] = group
+	}
+}
diff --git a/operator/internal/manifests/openshift/alertingrule_test.go b/operator/internal/manifests/openshift/alertingrule_test.go
@@ -46,7 +46,8 @@ func TestAlertingRuleTenantLabels(t *testing.T) {
 								{
 									Alert: "alert",
 									Labels: map[string]string{
-										opaDefaultLabelMatcher: "test-ns",
+										opaDefaultLabelMatcher:    "test-ns",
+										ocpMonitoringGroupByLabel: "test-ns",
 									},
 								},
 							},
@@ -57,6 +58,9 @@ func TestAlertingRuleTenantLabels(t *testing.T) {
 		},
 		{
 			rule: &lokiv1.AlertingRule{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: "test-ns",
+				},
 				Spec: lokiv1.AlertingRuleSpec{
 					TenantID: tenantInfrastructure,
 					Groups: []*lokiv1.AlertingRuleGroup{
@@ -72,6 +76,9 @@ func TestAlertingRuleTenantLabels(t *testing.T) {
 				},
 			},
 			want: &lokiv1.AlertingRule{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: "test-ns",
+				},
 				Spec: lokiv1.AlertingRuleSpec{
 					TenantID: tenantInfrastructure,
 					Groups: []*lokiv1.AlertingRuleGroup{
@@ -80,6 +87,9 @@ func TestAlertingRuleTenantLabels(t *testing.T) {
 							Rules: []*lokiv1.AlertingRuleGroupSpec{
 								{
 									Alert: "alert",
+									Labels: map[string]string{
+										ocpMonitoringGroupByLabel: "test-ns",
+									},
 								},
 							},
 						},
@@ -89,6 +99,9 @@ func TestAlertingRuleTenantLabels(t *testing.T) {
 		},
 		{
 			rule: &lokiv1.AlertingRule{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: "test-ns",
+				},
 				Spec: lokiv1.AlertingRuleSpec{
 					TenantID: tenantAudit,
 					Groups: []*lokiv1.AlertingRuleGroup{
@@ -104,6 +117,9 @@ func TestAlertingRuleTenantLabels(t *testing.T) {
 				},
 			},
 			want: &lokiv1.AlertingRule{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: "test-ns",
+				},
 				Spec: lokiv1.AlertingRuleSpec{
 					TenantID: tenantAudit,
 					Groups: []*lokiv1.AlertingRuleGroup{
@@ -112,6 +128,9 @@ func TestAlertingRuleTenantLabels(t *testing.T) {
 							Rules: []*lokiv1.AlertingRuleGroupSpec{
 								{
 									Alert: "alert",
+									Labels: map[string]string{
+										ocpMonitoringGroupByLabel: "test-ns",
+									},
 								},
 							},
 						},
@@ -121,6 +140,9 @@ func TestAlertingRuleTenantLabels(t *testing.T) {
 		},
 		{
 			rule: &lokiv1.AlertingRule{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: "test-ns",
+				},
 				Spec: lokiv1.AlertingRuleSpec{
 					TenantID: tenantNetwork,
 					Groups: []*lokiv1.AlertingRuleGroup{
@@ -136,6 +158,9 @@ func TestAlertingRuleTenantLabels(t *testing.T) {
 				},
 			},
 			want: &lokiv1.AlertingRule{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: "test-ns",
+				},
 				Spec: lokiv1.AlertingRuleSpec{
 					TenantID: tenantNetwork,
 					Groups: []*lokiv1.AlertingRuleGroup{
@@ -144,6 +169,9 @@ func TestAlertingRuleTenantLabels(t *testing.T) {
 							Rules: []*lokiv1.AlertingRuleGroupSpec{
 								{
 									Alert: "alert",
+									Labels: map[string]string{
+										ocpMonitoringGroupByLabel: "test-ns",
+									},
 								},
 							},
 						},
@@ -153,6 +181,9 @@ func TestAlertingRuleTenantLabels(t *testing.T) {
 		},
 		{
 			rule: &lokiv1.AlertingRule{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: "test-ns",
+				},
 				Spec: lokiv1.AlertingRuleSpec{
 					TenantID: "unknown",
 					Groups: []*lokiv1.AlertingRuleGroup{
@@ -168,6 +199,9 @@ func TestAlertingRuleTenantLabels(t *testing.T) {
 				},
 			},
 			want: &lokiv1.AlertingRule{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: "test-ns",
+				},
 				Spec: lokiv1.AlertingRuleSpec{
 					TenantID: "unknown",
 					Groups: []*lokiv1.AlertingRuleGroup{

diff --git a/operator/internal/manifests/openshift/opa_openshift.go b/operator/internal/manifests/openshift/opa_openshift.go
@@ -13,14 +13,15 @@ import (
 )
 
 const (
-	envRelatedImageOPA      = "RELATED_IMAGE_OPA"
-	defaultOPAImage         = "quay.io/observatorium/opa-openshift:latest"
-	opaContainerName        = "opa"
-	opaDefaultPackage       = "lokistack"
-	opaDefaultAPIGroup      = "loki.grafana.com"
-	opaMetricsPortName      = "opa-metrics"
-	opaDefaultLabelMatcher  = "kubernetes_namespace_name"
-	opaNetworkLabelMatchers = "SrcK8S_Namespace,DstK8S_Namespace"
+	envRelatedImageOPA        = "RELATED_IMAGE_OPA"
+	defaultOPAImage           = "quay.io/observatorium/opa-openshift:latest"
+	opaContainerName          = "opa"
+	opaDefaultPackage         = "lokistack"
+	opaDefaultAPIGroup        = "loki.grafana.com"
+	opaMetricsPortName        = "opa-metrics"
+	opaDefaultLabelMatcher    = "kubernetes_namespace_name"
+	opaNetworkLabelMatchers   = "SrcK8S_Namespace,DstK8S_Namespace"
+	ocpMonitoringGroupByLabel = "namespace"
 )
 
 func newOPAOpenShiftContainer(mode lokiv1.ModeType, secretVolumeName, tlsDir, minTLSVersion, ciphers string, withTLS bool, adminGroups []string) corev1.Container {

diff --git a/operator/internal/manifests/openshift/recordingrule.go b/operator/internal/manifests/openshift/recordingrule.go
@@ -0,0 +1,36 @@
+package openshift
+
+import lokiv1 "github.com/grafana/loki/operator/apis/loki/v1"
+
+func RecordingRuleTenantLabels(r *lokiv1.RecordingRule) {
+	switch r.Spec.TenantID {
+	case tenantApplication:
+		appendRecordingRuleLabels(r, map[string]string{
+			opaDefaultLabelMatcher:    r.Namespace,
+			ocpMonitoringGroupByLabel: r.Namespace,
+		})
+	case tenantInfrastructure, tenantAudit, tenantNetwork:
+		appendRecordingRuleLabels(r, map[string]string{
+			ocpMonitoringGroupByLabel: r.Namespace,
+		})
+	default:
+		// Do nothing
+	}
+}
+
+func appendRecordingRuleLabels(r *lokiv1.RecordingRule, labels map[string]string) {
+	for groupIdx, group := range r.Spec.Groups {
+		for ruleIdx, rule := range group.Rules {
+			if rule.Labels == nil {
+				rule.Labels = map[string]string{}
+			}
+
+			for name, value := range labels {
+				rule.Labels[name] = value
+			}
+
+			group.Rules[ruleIdx] = rule
+		}
+		r.Spec.Groups[groupIdx] = group
+	}
+}
diff --git a/operator/internal/manifests/openshift/recordingrule_test.go b/operator/internal/manifests/openshift/recordingrule_test.go
@@ -46,7 +46,8 @@ func TestRecordingRuleTenantLabels(t *testing.T) {
 								{
 									Record: "record",
 									Labels: map[string]string{
-										opaDefaultLabelMatcher: "test-ns",
+										opaDefaultLabelMatcher:    "test-ns",
+										ocpMonitoringGroupByLabel: "test-ns",
 									},
 								},
 							},
@@ -57,6 +58,9 @@ func TestRecordingRuleTenantLabels(t *testing.T) {
 		},
 		{
 			rule: &lokiv1.RecordingRule{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: "test-ns",
+				},
 				Spec: lokiv1.RecordingRuleSpec{
 					TenantID: tenantInfrastructure,
 					Groups: []*lokiv1.RecordingRuleGroup{
@@ -72,6 +76,9 @@ func TestRecordingRuleTenantLabels(t *testing.T) {
 				},
 			},
 			want: &lokiv1.RecordingRule{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: "test-ns",
+				},
 				Spec: lokiv1.RecordingRuleSpec{
 					TenantID: tenantInfrastructure,
 					Groups: []*lokiv1.RecordingRuleGroup{
@@ -80,6 +87,9 @@ func TestRecordingRuleTenantLabels(t *testing.T) {
 							Rules: []*lokiv1.RecordingRuleGroupSpec{
 								{
 									Record: "record",
+									Labels: map[string]string{
+										ocpMonitoringGroupByLabel: "test-ns",
+									},
 								},
 							},
 						},
@@ -89,6 +99,9 @@ func TestRecordingRuleTenantLabels(t *testing.T) {
 		},
 		{
 			rule: &lokiv1.RecordingRule{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: "test-ns",
+				},
 				Spec: lokiv1.RecordingRuleSpec{
 					TenantID: tenantAudit,
 					Groups: []*lokiv1.RecordingRuleGroup{
@@ -104,6 +117,9 @@ func TestRecordingRuleTenantLabels(t *testing.T) {
 				},
 			},
 			want: &lokiv1.RecordingRule{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: "test-ns",
+				},
 				Spec: lokiv1.RecordingRuleSpec{
 					TenantID: tenantAudit,
 					Groups: []*lokiv1.RecordingRuleGroup{
@@ -112,6 +128,9 @@ func TestRecordingRuleTenantLabels(t *testing.T) {
 							Rules: []*lokiv1.RecordingRuleGroupSpec{
 								{
 									Record: "record",
+									Labels: map[string]string{
+										ocpMonitoringGroupByLabel: "test-ns",
+									},
 								},
 							},
 						},
@@ -121,6 +140,9 @@ func TestRecordingRuleTenantLabels(t *testing.T) {
 		},
 		{
 			rule: &lokiv1.RecordingRule{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: "test-ns",
+				},
 				Spec: lokiv1.RecordingRuleSpec{
 					TenantID: tenantNetwork,
 					Groups: []*lokiv1.RecordingRuleGroup{
@@ -136,6 +158,9 @@ func TestRecordingRuleTenantLabels(t *testing.T) {
 				},
 			},
 			want: &lokiv1.RecordingRule{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: "test-ns",
+				},
 				Spec: lokiv1.RecordingRuleSpec{
 					TenantID: tenantNetwork,
 					Groups: []*lokiv1.RecordingRuleGroup{
@@ -144,6 +169,9 @@ func TestRecordingRuleTenantLabels(t *testing.T) {
 							Rules: []*lokiv1.RecordingRuleGroupSpec{
 								{
 									Record: "record",
+									Labels: map[string]string{
+										ocpMonitoringGroupByLabel: "test-ns",
+									},
 								},
 							},
 						},
@@ -153,6 +181,9 @@ func TestRecordingRuleTenantLabels(t *testing.T) {
 		},
 		{
 			rule: &lokiv1.RecordingRule{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: "test-ns",
+				},
 				Spec: lokiv1.RecordingRuleSpec{
 					TenantID: "unknown",
 					Groups: []*lokiv1.RecordingRuleGroup{
@@ -168,6 +199,9 @@ func TestRecordingRuleTenantLabels(t *testing.T) {
 				},
 			},
 			want: &lokiv1.RecordingRule{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: "test-ns",
+				},
 				Spec: lokiv1.RecordingRuleSpec{
 					TenantID: "unknown",
 					Groups: []*lokiv1.RecordingRuleGroup{

diff --git a/operator/internal/manifests/openshift/recordngrule.go b/operator/internal/manifests/openshift/recordngrule.go