feat(checkrules): manage check rules via the operator

.golangci.yml

@@ -38,3 +38,7 @@ linters:
     - unconvert
     - unparam
     - unused
+linters-settings:
+  errcheck:
+    exclude-functions:
+      - fmt.Fprintf

cmd/main.go

@@ -17,6 +17,7 @@ import (
 
 	"github.com/go-logr/logr"
 	persesv1alpha1 "github.com/perses/perses-operator/api/v1alpha1"
+	prometheusv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1"
 	semconv "go.opentelemetry.io/collector/semconv/v1.27.0"
 	otelmetric "go.opentelemetry.io/otel/metric"
 	appsv1 "k8s.io/api/apps/v1"
@@ -105,9 +106,10 @@ func init() {
 	utilruntime.Must(clientgoscheme.AddToScheme(scheme))
 	utilruntime.Must(dash0v1alpha1.AddToScheme(scheme))
 
-	// for perses dashboard controller, prometheus scrape config controller etc.
+	// required for Perses dashboard controller and Prometheus rules controller.
 	utilruntime.Must(apiextensionsv1.AddToScheme(scheme))
 	utilruntime.Must(persesv1alpha1.AddToScheme(scheme))
+	utilruntime.Must(prometheusv1.AddToScheme(scheme))
 }
 
 func main() {
@@ -529,16 +531,30 @@ func startDash0Controllers(
 		metricNamePrefix,
 		&setupLog,
 	)
+	prometheusRuleCrdReconciler := &controller.PrometheusRuleCrdReconciler{
+		AuthToken: envVars.selfMonitoringAndApiAuthToken,
+	}
+	if err := prometheusRuleCrdReconciler.SetupWithManager(ctx, mgr, startupTasksK8sClient, &setupLog); err != nil {
+		return fmt.Errorf("unable to set up the Prometheus rule reconciler: %w", err)
+	}
+	prometheusRuleCrdReconciler.InitializeSelfMonitoringMetrics(
+		meter,
+		metricNamePrefix,
+		&setupLog,
+	)
 
 	operatorConfigurationReconciler := &controller.OperatorConfigurationReconciler{
-		Client:                       k8sClient,
-		Clientset:                    clientset,
-		PersesDashboardCrdReconciler: persesDashboardCrdReconciler,
-		Scheme:                       mgr.GetScheme(),
-		Recorder:                     mgr.GetEventRecorderFor("dash0-operator-configuration-controller"),
-		DeploymentSelfReference:      deploymentSelfReference,
-		Images:                       images,
-		DevelopmentMode:              developmentMode,
+		Client:    k8sClient,
+		Clientset: clientset,
+		ApiClients: []controller.ApiClient{
+			persesDashboardCrdReconciler,
+			prometheusRuleCrdReconciler,
+		},
+		Scheme:                  mgr.GetScheme(),
+		Recorder:                mgr.GetEventRecorderFor("dash0-operator-configuration-controller"),
+		DeploymentSelfReference: deploymentSelfReference,
+		Images:                  images,
+		DevelopmentMode:         developmentMode,
 	}
 	if err := operatorConfigurationReconciler.SetupWithManager(mgr); err != nil {
 		return fmt.Errorf("unable to set up the operator configuration reconciler: %w", err)

config/rbac/role.yaml

@@ -65,6 +65,14 @@ rules:
   - delete
   - get
   - list
+- apiGroups:
+  - monitoring.coreos.com
+  resources:
+  - prometheusrules
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - operator.dash0.com
   resources:

go.mod

@@ -12,6 +12,7 @@ require (
 	github.com/onsi/ginkgo/v2 v2.20.2
 	github.com/onsi/gomega v1.34.2
 	github.com/perses/perses-operator v0.0.0-20240402153734-4ccf03f6c8e6
+	github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.77.1
 	github.com/wI2L/jsondiff v0.6.0
 	go.opentelemetry.io/collector/pdata v1.17.0
 	go.opentelemetry.io/collector/semconv v0.111.0

go.sum

@@ -115,6 +115,8 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.77.1 h1:XGoEXT6WTTihO+MD8MAao+YaQIH905HbK0WK2lyo28k=
+github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.77.1/go.mod h1:D0KY8md81DQKdaR/cXwnhoWB3MYYyc/UjvqE8GFkIvA=
 github.com/prometheus/client_golang v1.20.0 h1:jBzTZ7B099Rg24tny+qngoynol8LtVYlA2bqx3vEloI=
 github.com/prometheus/client_golang v1.20.0/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE=
 github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=

helm-chart/dash0-operator/templates/operator/cluster-roles.yaml

@@ -10,7 +10,7 @@ metadata:
 
 rules:
 
-# Permissions required to watch for the foreign CRD (Perses dashboards, Prometheus scrape configs).
+# Permissions required to watch for the third-party CRD (Perses dashboards, Prometheus check rules):
 - apiGroups:
   - apiextensions.k8s.io
   resources:
@@ -20,7 +20,7 @@ rules:
   - list
   - watch
 
-# Permissions required to instrument workloads in the apps API group.
+# Permissions required to instrument workloads in the apps API group:
 - apiGroups:
   - apps
   resources:
@@ -35,7 +35,7 @@ rules:
   - update
   - watch
 
-# Permissions required to instrument workloads in the batch API group.
+# Permissions required to instrument workloads in the batch API group:
 - apiGroups:
   - batch
   resources:
@@ -48,7 +48,7 @@ rules:
   - update
   - watch
 
-# Pmrmissions required top create a Dash0 operator configuration resources
+# Pmrmissions required to create a Dash0 operator configuration resource:
 - apiGroups:
   - ""
   resources:
@@ -57,7 +57,7 @@ rules:
   - get
 
 # Permissions required to queue events to report about the operator's actions, and to attach dangling events to their
-# respective involved objects.
+# respective involved objects:
 - apiGroups:
   - ""
   resources:
@@ -75,7 +75,7 @@ rules:
   - get
 
 # Permissions required to automatically restart (i.e. delete) pods when instrumenting replicasets that are not part of a
-# higher order workload (e.g. a deployment, daemonset).
+# higher order workload (e.g. a deployment, daemonset):
 - apiGroups:
   - ""
   resources:
@@ -85,7 +85,7 @@ rules:
   - get
   - list
 
-# Permissions required to watch for the Perses dashboard resources.
+# Permissions required to watch Perses dashboard resources:
 - apiGroups:
   - perses.dev
   resources:
@@ -95,7 +95,17 @@ rules:
   - list
   - watch
 
-# Permissions required to manage the Dash0 monitoring resource, its finalizers and status.
+# Permissions required to watch Prometheus rule resources:
+- apiGroups:
+  - monitoring.coreos.com
+  resources:
+  - prometheusrules
+  verbs:
+  - get
+  - list
+  - watch
+
+# Permissions required to manage the Dash0 monitoring resource, its finalizers and status:
 - apiGroups:
   - operator.dash0.com
   resources:
@@ -110,15 +120,15 @@ rules:
   - update
   - watch
 
-# Permissions required to manage the Dash0 monitoring resource, its finalizers and status.
+# Permissions required to manage the Dash0 monitoring resource, its finalizers and status:
 - apiGroups:
   - operator.dash0.com
   resources:
   - dash0monitorings/finalizers
   verbs:
   - update
 
-# Permissions required to manage the Dash0 monitoring resource, its finalizers and status.
+# Permissions required to manage the Dash0 monitoring resource, its finalizers and status:
 - apiGroups:
   - operator.dash0.com
   resources:
@@ -128,7 +138,7 @@ rules:
   - patch
   - update
 
-# Permissions required to manage the Dash0 operator configuration resource, its finalizers and status.
+# Permissions required to manage the Dash0 operator configuration resource, its finalizers and status:
 - apiGroups:
   - operator.dash0.com
   resources:
@@ -143,15 +153,15 @@ rules:
   - update
   - watch
 
-# Permissions required to manage the Dash0 operator configuration resource, its finalizers and status.
+# Permissions required to manage the Dash0 operator configuration resource, its finalizers and status:
 - apiGroups:
   - operator.dash0.com
   resources:
   - dash0operatorconfigurations/finalizers
   verbs:
   - update
 
-# Permissions required to manage the Dash0 operator configuration resource, its finalizers and status.
+# Permissions required to manage the Dash0 operator configuration resource, its finalizers and status:
 - apiGroups:
   - operator.dash0.com
   resources:
@@ -161,7 +171,7 @@ rules:
   - patch
   - update
 
-# Permissions required to manage OTel collector resources.
+# Permissions required to manage OTel collector resources:
 - apiGroups:
   - ""
   resources:

helm-chart/dash0-operator/tests/operator/__snapshot__/cluster-roles_test.yaml.snap

@@ -82,6 +82,14 @@ cluster roles should match snapshot:
           - get
           - list
           - watch
+      - apiGroups:
+          - monitoring.coreos.com
+        resources:
+          - prometheusrules
+        verbs:
+          - get
+          - list
+          - watch
       - apiGroups:
           - operator.dash0.com
         resources:

internal/backendconnection/otelcolresources/collector_config_maps.go

@@ -121,7 +121,7 @@ func ConvertExportSettingsToExporterList(export dash0v1alpha1.Export) ([]OtlpExp
 			Name:  util.AuthorizationHeaderName,
 			Value: authHeaderValue,
 		}}
-		if d0.Dataset != "" && d0.Dataset != "default" {
+		if d0.Dataset != "" && d0.Dataset != util.DatasetDefault {
 			headers = append(headers, dash0v1alpha1.Header{
 				Name:  util.Dash0DatasetHeaderName,
 				Value: d0.Dataset,

internal/dash0/controller/operator_configuration_controller.go

@@ -25,14 +25,14 @@ import (
 
 type OperatorConfigurationReconciler struct {
 	client.Client
-	Clientset                    *kubernetes.Clientset
-	PersesDashboardCrdReconciler *PersesDashboardCrdReconciler
-	Scheme                       *runtime.Scheme
-	Recorder                     record.EventRecorder
-	DeploymentSelfReference      *appsv1.Deployment
-	DanglingEventsTimeouts       *util.DanglingEventsTimeouts
-	Images                       util.Images
-	DevelopmentMode              bool
+	Clientset               *kubernetes.Clientset
+	ApiClients              []ApiClient
+	Scheme                  *runtime.Scheme
+	Recorder                record.EventRecorder
+	DeploymentSelfReference *appsv1.Deployment
+	DanglingEventsTimeouts  *util.DanglingEventsTimeouts
+	Images                  util.Images
+	DevelopmentMode         bool
 }
 
 const (
@@ -163,16 +163,20 @@ func (r *OperatorConfigurationReconciler) Reconcile(ctx context.Context, req ctr
 	if resource.HasDash0ApiAccessConfigured() {
 		dataset := resource.Spec.Export.Dash0.Dataset
 		if dataset == "" {
-			dataset = "default"
+			dataset = util.DatasetDefault
+		}
+		for _, apiClient := range r.ApiClients {
+			apiClient.SetApiEndpointAndDataset(&ApiConfig{
+				Endpoint: resource.Spec.Export.Dash0.ApiEndpoint,
+				Dataset:  dataset,
+			}, &logger)
 		}
-		r.PersesDashboardCrdReconciler.SetApiEndpointAndDataset(&ApiConfig{
-			Endpoint: resource.Spec.Export.Dash0.ApiEndpoint,
-			Dataset:  dataset,
-		}, &logger)
 	} else {
-		logger.Info("Settings required for managing dashboards via the operator are missing, the operator will not " +
-			"update dashboards in Dash0.")
-		r.PersesDashboardCrdReconciler.RemoveApiEndpointAndDataset()
+		logger.Info("Settings required for managing dashboards or check rules via the operator are missing, the " +
+			"operator will not update dashboards nor check rules in Dash0.")
+		for _, apiClient := range r.ApiClients {
+			apiClient.RemoveApiEndpointAndDataset()
+		}
 	}
 
 	currentSelfMonitoringAndApiAccessConfiguration, err :=

internal/dash0/controller/operator_configuration_controller_test.go

@@ -8,6 +8,7 @@ import (
 	"fmt"
 	"reflect"
 
+	"github.com/go-logr/logr"
 	json "github.com/json-iterator/go"
 	"github.com/wI2L/jsondiff"
 	appsv1 "k8s.io/api/apps/v1"
@@ -40,6 +41,8 @@ type SelfMonitoringTestConfig struct {
 
 var (
 	reconciler *OperatorConfigurationReconciler
+	apiClient1 ApiClient
+	apiClient2 ApiClient
 )
 
 var _ = Describe("The operation configuration resource controller", Ordered, func() {
@@ -51,6 +54,11 @@ var _ = Describe("The operation configuration resource controller", Ordered, fun
 		EnsureOperatorNamespaceExists(ctx, k8sClient)
 	})
 
+	BeforeEach(func() {
+		apiClient1 = &DummyApiClient{}
+		apiClient2 = &DummyApiClient{}
+	})
+
 	Describe("updates the controller deployment", func() {
 		AfterEach(func() {
 			RemoveOperatorConfigurationResource(ctx, k8sClient)
@@ -797,17 +805,18 @@ func cleanUpDeploymentSpecForDiff(spec *appsv1.DeploymentSpec) {
 }
 
 func createReconciler(controllerDeployment *appsv1.Deployment) *OperatorConfigurationReconciler {
-	persesDashboardCrdReconciler := &PersesDashboardCrdReconciler{
-		persesDashboardReconciler: &PersesDashboardReconciler{},
-	}
+
 	return &OperatorConfigurationReconciler{
-		Client:                       k8sClient,
-		Clientset:                    clientset,
-		Recorder:                     recorder,
-		PersesDashboardCrdReconciler: persesDashboardCrdReconciler,
-		DeploymentSelfReference:      controllerDeployment,
-		DanglingEventsTimeouts:       &DanglingEventsTimeoutsTest,
-		Images:                       TestImages,
+		Client:    k8sClient,
+		Clientset: clientset,
+		Recorder:  recorder,
+		ApiClients: []ApiClient{
+			apiClient1,
+			apiClient2,
+		},
+		DeploymentSelfReference: controllerDeployment,
+		DanglingEventsTimeouts:  &DanglingEventsTimeoutsTest,
+		Images:                  TestImages,
 	}
 }
 
@@ -932,3 +941,19 @@ func verifyNoSelfMonitoringButAuthTokenEnvVarFromSecretRef(
 	g.Expect(container.Env).To(
 		ContainElement(MatchEnvVarValueFrom("SELF_MONITORING_AND_API_AUTH_TOKEN", "secret-ref", "key")))
 }
+
+type DummyApiClient struct {
+	setCalls    int
+	removeCalls int
+	apiConfig   *ApiConfig
+}
+
+func (c *DummyApiClient) SetApiEndpointAndDataset(apiConfig *ApiConfig, _ *logr.Logger) {
+	c.setCalls++
+	c.apiConfig = apiConfig
+}
+
+func (c *DummyApiClient) RemoveApiEndpointAndDataset() {
+	c.removeCalls++
+	c.apiConfig = nil
+}