Merge branch 'main' into migration-to-new-runtimedetails-approach

cli/cmd/install.go

@@ -35,6 +35,7 @@ var (
 	skipWait                   bool
 	telemetryEnabled           bool
 	openshiftEnabled           bool
+	skipWebhookIssuerCreation  bool
 	psp                        bool
 	userInputIgnoredNamespaces []string
 	userInputIgnoredContainers []string
@@ -203,17 +204,18 @@ func createOdigosConfig(odigosTier common.OdigosTier) common.OdigosConfiguration
 	}
 
 	return common.OdigosConfiguration{
-		ConfigVersion:     1, // config version starts at 1 and incremented on every config change
-		TelemetryEnabled:  telemetryEnabled,
-		OpenshiftEnabled:  openshiftEnabled,
-		IgnoredNamespaces: fullIgnoredNamespaces,
-		IgnoredContainers: fullIgnoredContainers,
-		Psp:               psp,
-		ImagePrefix:       imagePrefix,
-		OdigletImage:      odigletImage,
-		InstrumentorImage: instrumentorImage,
-		AutoscalerImage:   autoScalerImage,
-		Profiles:          selectedProfiles,
+		ConfigVersion:             1, // config version starts at 1 and incremented on every config change
+		TelemetryEnabled:          telemetryEnabled,
+		OpenshiftEnabled:          openshiftEnabled,
+		IgnoredNamespaces:         fullIgnoredNamespaces,
+		IgnoredContainers:         fullIgnoredContainers,
+		SkipWebhookIssuerCreation: skipWebhookIssuerCreation,
+		Psp:                       psp,
+		ImagePrefix:               imagePrefix,
+		OdigletImage:              odigletImage,
+		InstrumentorImage:         instrumentorImage,
+		AutoscalerImage:           autoScalerImage,
+		Profiles:                  selectedProfiles,
 	}
 }
 
@@ -235,6 +237,7 @@ func init() {
 	installCmd.Flags().BoolVar(&skipWait, "nowait", false, "skip waiting for odigos pods to be ready")
 	installCmd.Flags().BoolVar(&telemetryEnabled, "telemetry", true, "send general telemetry regarding Odigos usage")
 	installCmd.Flags().BoolVar(&openshiftEnabled, "openshift", false, "configure selinux on openshift nodes")
+	installCmd.Flags().BoolVar(&skipWebhookIssuerCreation, "skip-webhook-issuer-creation", false, "Skip creating the Issuer and Certificate for the Instrumentor pod webhook if cert-manager is installed.")
 	installCmd.Flags().StringVar(&odigletImage, "odiglet-image", "", "odiglet container image name")
 	installCmd.Flags().StringVar(&instrumentorImage, "instrumentor-image", "keyval/odigos-instrumentor", "instrumentor container image name")
 	installCmd.Flags().StringVar(&autoScalerImage, "autoscaler-image", "keyval/odigos-autoscaler", "autoscaler container image name")

cli/cmd/resources/instrumentor.go

@@ -601,8 +601,7 @@ func (a *instrumentorResourceManager) InstallFromScratch(ctx context.Context) er
 		NewInstrumentorDeployment(a.ns, a.odigosVersion, a.config.TelemetryEnabled, a.config.ImagePrefix, a.config.InstrumentorImage),
 		NewInstrumentorService(a.ns),
 	}
-
-	if certManagerInstalled {
+	if certManagerInstalled && a.config.SkipWebhookIssuerCreation != true {
 		resources = append([]kube.Object{NewInstrumentorIssuer(a.ns),
 			NewInstrumentorCertificate(a.ns),
 			NewMutatingWebhookConfiguration(a.ns, nil),

common/odigos_config.go

@@ -89,20 +89,21 @@ type CollectorGatewayConfiguration struct {
 
 // OdigosConfiguration defines the desired state of OdigosConfiguration
 type OdigosConfiguration struct {
-	ConfigVersion         int                            `json:"configVersion"`
-	TelemetryEnabled      bool                           `json:"telemetryEnabled,omitempty"`
-	OpenshiftEnabled      bool                           `json:"openshiftEnabled,omitempty"`
-	IgnoredNamespaces     []string                       `json:"ignoredNamespaces,omitempty"`
-	IgnoredContainers     []string                       `json:"ignoredContainers,omitempty"`
-	Psp                   bool                           `json:"psp,omitempty"`
-	ImagePrefix           string                         `json:"imagePrefix,omitempty"`
-	OdigletImage          string                         `json:"odigletImage,omitempty"`
-	InstrumentorImage     string                         `json:"instrumentorImage,omitempty"`
-	AutoscalerImage       string                         `json:"autoscalerImage,omitempty"`
-	CollectorGateway      *CollectorGatewayConfiguration `json:"collectorGateway,omitempty"`
-	CollectorNode         *CollectorNodeConfiguration    `json:"collectorNode,omitempty"`
-	Profiles              []ProfileName                  `json:"profiles,omitempty"`
-	AllowConcurrentAgents *bool                          `json:"allowConcurrentAgents,omitempty"`
+	ConfigVersion             int                            `json:"configVersion"`
+	TelemetryEnabled          bool                           `json:"telemetryEnabled,omitempty"`
+	OpenshiftEnabled          bool                           `json:"openshiftEnabled,omitempty"`
+	IgnoredNamespaces         []string                       `json:"ignoredNamespaces,omitempty"`
+	IgnoredContainers         []string                       `json:"ignoredContainers,omitempty"`
+	Psp                       bool                           `json:"psp,omitempty"`
+	ImagePrefix               string                         `json:"imagePrefix,omitempty"`
+	OdigletImage              string                         `json:"odigletImage,omitempty"`
+	InstrumentorImage         string                         `json:"instrumentorImage,omitempty"`
+	AutoscalerImage           string                         `json:"autoscalerImage,omitempty"`
+	SkipWebhookIssuerCreation bool                           `json:"skipWebhookIssuerCreation,omitempty"`
+	CollectorGateway          *CollectorGatewayConfiguration `json:"collectorGateway,omitempty"`
+	CollectorNode             *CollectorNodeConfiguration    `json:"collectorNode,omitempty"`
+	Profiles                  []ProfileName                  `json:"profiles,omitempty"`
+	AllowConcurrentAgents     *bool                          `json:"allowConcurrentAgents,omitempty"`
 	// this is internal currently, and is not exposed on the CLI / helm
 	// used for odigos enterprise
 	GoAutoIncludeCodeAttributes bool `json:"goAutoIncludeCodeAttributes,omitempty"`

helm/odigos/templates/_helpers.tpl

@@ -1,12 +1,16 @@
 {{- define "utils.certManagerApiVersion" -}}
-{{- if .Capabilities.APIVersions.Has "cert-manager.io/v1" -}}
+{{- if not (eq .Values.instrumentor.skipWebhookIssuerCreation true) -}} 
+  {{- if .Capabilities.APIVersions.Has "cert-manager.io/v1" -}}
 cert-manager.io/v1
-{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1beta1" -}}
+  {{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1beta1" -}}
 cert-manager.io/v1beta1
-{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1alpha2" -}}
+  {{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1alpha2" -}}
 cert-manager.io/v1alpha2
-{{- else if .Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1" -}}
+  {{- else if .Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1" -}}
 certmanager.k8s.io/v1alpha1
+  {{- else -}}
+{{- print "" -}}
+  {{- end -}}
 {{- else -}}
 {{- print "" -}}
 {{- end -}}

helm/odigos/values.yaml

@@ -135,6 +135,17 @@ instrumentor:
     kubernetes.io/os: linux
   tolerations: []
   affinity: {}
+# skipWebhookIssuerCreation:
+#   - This flag controls whether the chart should skip creating an Issuer
+#     and associated Certificate for securing the mutating webhook communication.
+#   - Setting this to "true" will skip the creation of an Issuer and Certificate, 
+#     even if cert-manager is detected in the cluster and the required API version is available.
+#   - In some cases, the Issuer and Certificate are necessary for the instrumentor service 
+#     to run its pod mutating webhook, which requires a signed certificate to comply with 
+#     Kubernetes' TLS requirements.
+#   - If cert-manager is not installed or detected, no Issuer or Certificate will be created 
+#     regardless of this flag.
+  skipWebhookIssuerCreation: false
 
 odiglet:
   image: