feat(controller): hard fork

oliverbaehler · oliverbaehler · commit ef8a254fc0ae · 2025-03-01T02:00:18.000+01:00
Signed-off-by: Oliver Bähler &lt;oliverbaehler@hotmail.com&gt;
diff --git a/charts/cortex-proxy/README.md b/charts/cortex-proxy/README.md
@@ -66,6 +66,7 @@ The following Values are available for this chart.
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
+| config.backend | object | `{"auth":{"password":"","username":""},"url":"http://cortex-distributor.cortex.svc:8080/api/v1/push"}` | Configure the backend to redirect all the requests to |
 | config.backend.auth.password | string | `""` | Password |
 | config.backend.auth.username | string | `""` | Username |
 | config.backend.url | string | `"http://cortex-distributor.cortex.svc:8080/api/v1/push"` | Where to send the modified requests (Cortex) |
@@ -74,6 +75,7 @@ The following Values are available for this chart.
 | config.maxConnectionDuration | string | `"0s"` | Maximum duration to keep outgoing connections alive (to Cortex/Mimir) Useful for resetting L4 load-balancer state Use 0 to keep them indefinitely |
 | config.maxConnectionsPerHost | int | `64` | This parameter sets the limit for the count of outgoing concurrent connections to Cortex / Mimir. By default it's 64 and if all of these connections are busy you will get errors when pushing from Prometheus. If your `target` is a DNS name that resolves to several IPs then this will be a per-IP limit. |
 | config.metadata | bool | `false` | Whether to forward metrics metadata from Prometheus to Cortex Since metadata requests have no timeseries in them - we cannot divide them into tenants So the metadata requests will be sent to the default tenant only, if one is not defined - they will be dropped |
+| config.selector | object | `{}` | Specify which tenants should be selected for this proxy. Tenants not matching the labels are not considered by the controller. |
 | config.tenant.acceptAll | bool | `false` | Enable if you want all metrics from Prometheus to be accepted with a 204 HTTP code regardless of the response from Cortex. This can lose metrics if Cortex is throwing rejections. |
 | config.tenant.default | string | `"cortex-tenant-default"` | Which tenant ID to use if the label is missing in any of the timeseries If this is not set or empty then the write request with missing tenant label will be rejected with HTTP code 400 |
 | config.tenant.header | string | `"X-Scope-OrgID"` | To which header to add the tenant ID |
diff --git a/charts/cortex-proxy/values.schema.json b/charts/cortex-proxy/values.schema.json
@@ -90,6 +90,10 @@
                 "metadata": {
                     "type": "boolean"
                 },
+                "selector": {
+                    "properties": {},
+                    "type": "object"
+                },
                 "tenant": {
                     "properties": {
                         "acceptAll": {
diff --git a/charts/cortex-proxy/values.yaml b/charts/cortex-proxy/values.yaml
@@ -32,7 +32,7 @@ config:
   # By default it's 64 and if all of these connections are busy you will get errors when pushing from Prometheus.
   # If your `target` is a DNS name that resolves to several IPs then this will be a per-IP limit.
   maxConnectionsPerHost: 64
-
+  # -- Configure the backend to redirect all the requests to
   backend:
     # -- Where to send the modified requests (Cortex)
     url: http://cortex-distributor.cortex.svc:8080/api/v1/push
@@ -42,7 +42,10 @@ config:
       username: ""
       # -- Password
       password: ""
-
+  # -- Specify which tenants should be selected for this proxy.
+  # Tenants not matching the labels are not considered by the controller.
+  selector: {}
+  # Tenant Properties
   tenant:
     # -- List of labels examined for tenant information. If set takes precedent over `label`
     labels: []
diff --git a/cmd/main.go b/cmd/main.go
@@ -100,8 +100,9 @@ func main() {
 	metricsRecorder := metrics.MustMakeRecorder()
 
 	tenants := &controllers.TenantController{
-		Client: mgr.GetClient(),
-		Scheme: mgr.GetScheme(),
+		Client:   mgr.GetClient(),
+		Scheme:   mgr.GetScheme(),
+		Selector: cfg.Selector.Selector(),
 		// Log:     ctrl.Log.WithName("Store").WithName("Config"),
 		Metrics: metricsRecorder,
 		Store:   store,
diff --git a/config.yml b/config.yml
@@ -1,28 +1,24 @@
-listen: 0.0.0.0:8080
-
 backend:
   url: http://127.0.0.1:9091/receive
   auth:
-    egress:
-      username: foo
-      password: bar
-
-enable_ipv6: false
-max_conns_per_host: 64
-
+    username: foo
+    password: bar
+# selector:
+#   matchLabels:
+#     test: me
+ipv6: false
+maxConnectionsPerHost: 64
 timeout: 10s
-timeout_shutdown: 0s
+timeoutShutdown: 0s
 concurrency: 10
 metadata: false
-log_response_errors: true
-
 tenant:
   labels:
     - tenant
     - other_tenant
   prefix: ""
-  prefix_prefer_source: false
-  label_remove: true
+  prefixPreferSource: false
+  labelRemove: true
   header: X-Scope-OrgID
   default: ""
-  accept_all: false
+  acceptAll: false
diff --git a/internal/config/config.go b/internal/config/config.go
@@ -15,6 +15,8 @@ type Config struct {
 
 	EnableIPv6 bool `yaml:"ipv6"`
 
+	Selector LabelSelector `yaml:"selector,omitempty"`
+
 	Timeout         time.Duration `yaml:"timeout"`
 	TimeoutShutdown time.Duration `yaml:"timeoutShutdown"`
 	Concurrency     int           `yaml:"concurrency"`
diff --git a/internal/config/config_test.go b/internal/config/config_test.go
@@ -35,6 +35,9 @@ timeout: 7s
 timeoutShutdown: 2s
 maxConnectionDuration: 10s
 maxConnectionsPerHost: 128
+selector:
+  matchLabels:
+    special: "tenants"
 `
 		tmpFile, err := os.CreateTemp("", "config-test-*.yaml")
 		Expect(err).NotTo(HaveOccurred())
diff --git a/internal/config/selector.go b/internal/config/selector.go
@@ -0,0 +1,31 @@
+package config
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+type LabelSelector struct {
+	MatchLabels      map[string]string          `yaml:"matchLabels,omitempty"`
+	MatchExpressions []LabelSelectorRequirement `yaml:"matchExpressions,omitempty"`
+}
+
+type LabelSelectorRequirement struct {
+	Key      string   `yaml:"key"`
+	Operator string   `yaml:"operator"`
+	Values   []string `yaml:"values,omitempty"`
+}
+
+func (l *LabelSelector) Selector() *metav1.LabelSelector {
+	r := &metav1.LabelSelector{
+		MatchLabels: l.MatchLabels,
+	}
+	for _, req := range l.MatchExpressions {
+		r.MatchExpressions = append(r.MatchExpressions, metav1.LabelSelectorRequirement{
+			Key:      req.Key,
+			Operator: metav1.LabelSelectorOperator(req.Operator),
+			Values:   req.Values,
+		})
+	}
+
+	return r
+}
diff --git a/internal/controllers/reconciler.go b/internal/controllers/reconciler.go
@@ -9,24 +9,50 @@ import (
 	"github.com/projectcapsule/cortex-proxy/internal/metrics"
 	"github.com/projectcapsule/cortex-proxy/internal/stores"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/apimachinery/pkg/runtime"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/event"
+	"sigs.k8s.io/controller-runtime/pkg/predicate"
 )
 
-// CapsuleArgocdReconciler reconciles a CapsuleArgocd object.
 type TenantController struct {
 	client.Client
-	Metrics *metrics.Recorder
-	Scheme  *runtime.Scheme
-	Store   *stores.TenantStore
-	Log     logr.Logger
+	Metrics  *metrics.Recorder
+	Scheme   *runtime.Scheme
+	Store    *stores.TenantStore
+	Log      logr.Logger
+	Selector *metav1.LabelSelector
 }
 
 func (r *TenantController) SetupWithManager(mgr ctrl.Manager) error {
-	return ctrl.NewControllerManagedBy(mgr).
-		For(&capsulev1beta2.Tenant{}).
-		Complete(r)
+	builder := ctrl.NewControllerManagedBy(mgr).For(&capsulev1beta2.Tenant{})
+
+	// If a selector is provided, add an event filter so that only matching tenants trigger reconcile.
+	if r.Selector != nil {
+		selector, err := metav1.LabelSelectorAsSelector(r.Selector)
+		if err != nil {
+			return fmt.Errorf("invalid label selector: %w", err)
+		}
+
+		builder = builder.WithEventFilter(predicate.Funcs{
+			CreateFunc: func(e event.CreateEvent) bool {
+				return selector.Matches(labels.Set(e.Object.GetLabels()))
+			},
+			UpdateFunc: func(e event.UpdateEvent) bool {
+				return selector.Matches(labels.Set(e.ObjectNew.GetLabels()))
+			},
+			DeleteFunc: func(e event.DeleteEvent) bool {
+				return selector.Matches(labels.Set(e.Object.GetLabels()))
+			},
+			GenericFunc: func(e event.GenericEvent) bool {
+				return selector.Matches(labels.Set(e.Object.GetLabels()))
+			},
+		})
+	}
+
+	return builder.Complete(r)
 }
 
 func (r *TenantController) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
@@ -48,10 +74,22 @@ func (r *TenantController) Reconcile(ctx context.Context, req ctrl.Request) (ctr
 }
 
 // First execttion of the controller to load the settings (without manager cache).
-func (r *TenantController) Init(ctx context.Context, client client.Client) (err error) {
+func (r *TenantController) Init(ctx context.Context, c client.Client) (err error) {
 	tnts := &capsulev1beta2.TenantList{}
 
-	if err := client.List(ctx, tnts); err != nil {
+	var opts []client.ListOption
+
+	// If a selector is provided, add it as a list option.
+	if r.Selector != nil {
+		selector, err := metav1.LabelSelectorAsSelector(r.Selector)
+		if err != nil {
+			return fmt.Errorf("invalid label selector: %w", err)
+		}
+
+		opts = append(opts, client.MatchingLabelsSelector{Selector: selector})
+	}
+
+	if err := c.List(ctx, tnts, opts...); err != nil {
 		return fmt.Errorf("could not load tenants: %w", err)
 	}
 
