refactor(collector): removes 'operator.security.hostPID' feature flag after discussion in SIG deeming it redundant

olandr · olandr · commit 6eeced767ae0 · 2025-09-01T11:54:30.000+02:00
--------- on-behalf-of: @SAP Simon Olander (simon.olander@sap.com)
diff --git a/bundle/community/manifests/opentelemetry-operator.clusterserviceversion.yaml b/bundle/community/manifests/opentelemetry-operator.clusterserviceversion.yaml
@@ -99,7 +99,7 @@ metadata:
     categories: Logging & Tracing,Monitoring
     certified: "false"
     containerImage: ghcr.io/open-telemetry/opentelemetry-operator/opentelemetry-operator
-    createdAt: "2025-08-26T14:39:19Z"
+    createdAt: "2025-09-01T09:53:21Z"
     description: Provides the OpenTelemetry components, including the Collector
     operators.operatorframework.io/builder: operator-sdk-v1.29.0
     operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
@@ -540,7 +540,7 @@ spec:
                   valueFrom:
                     fieldRef:
                       fieldPath: metadata.namespace
-                image: ghcr.io/open-telemetry/opentelemetry-operator/opentelemetry-operator:0.131.0-36-ga732ae06
+                image: ghcr.io/open-telemetry/opentelemetry-operator/opentelemetry-operator:0.131.0-37-gfa6d1643
                 livenessProbe:
                   httpGet:
                     path: /healthz
diff --git a/bundle/openshift/manifests/opentelemetry-operator.clusterserviceversion.yaml b/bundle/openshift/manifests/opentelemetry-operator.clusterserviceversion.yaml
@@ -99,7 +99,7 @@ metadata:
     categories: Logging & Tracing,Monitoring
     certified: "false"
     containerImage: ghcr.io/open-telemetry/opentelemetry-operator/opentelemetry-operator
-    createdAt: "2025-08-26T14:39:25Z"
+    createdAt: "2025-09-01T09:53:26Z"
     description: Provides the OpenTelemetry components, including the Collector
     operators.operatorframework.io/builder: operator-sdk-v1.29.0
     operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
@@ -545,7 +545,7 @@ spec:
                   valueFrom:
                     fieldRef:
                       fieldPath: metadata.namespace
-                image: ghcr.io/open-telemetry/opentelemetry-operator/opentelemetry-operator:0.131.0-36-ga732ae06
+                image: ghcr.io/open-telemetry/opentelemetry-operator/opentelemetry-operator:0.131.0-37-gfa6d1643
                 livenessProbe:
                   httpGet:
                     path: /healthz
diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml
@@ -5,4 +5,4 @@ kind: Kustomization
 images:
 - name: controller
   newName: ghcr.io/open-telemetry/opentelemetry-operator/opentelemetry-operator
-  newTag: 0.131.0-36-ga732ae06
+  newTag: 0.131.0-37-gfa6d1643
diff --git a/internal/manifests/collector/daemonset.go b/internal/manifests/collector/daemonset.go
@@ -11,7 +11,6 @@ import (
 	"github.com/open-telemetry/opentelemetry-operator/internal/manifests"
 	"github.com/open-telemetry/opentelemetry-operator/internal/manifests/manifestutils"
 	"github.com/open-telemetry/opentelemetry-operator/internal/naming"
-	"github.com/open-telemetry/opentelemetry-operator/pkg/featuregate"
 )
 
 // DaemonSet builds the deployment for the given instance.
@@ -53,7 +52,7 @@ func DaemonSet(params manifests.Params) (*appsv1.DaemonSet, error) {
 					Tolerations:                   params.OtelCol.Spec.Tolerations,
 					NodeSelector:                  params.OtelCol.Spec.NodeSelector,
 					HostNetwork:                   params.OtelCol.Spec.HostNetwork,
-					HostPID:                       params.OtelCol.Spec.HostPID && featuregate.EnableAllowHostPIDSupport.IsEnabled(),
+					HostPID:                       params.OtelCol.Spec.HostPID,
 					ShareProcessNamespace:         &params.OtelCol.Spec.ShareProcessNamespace,
 					DNSPolicy:                     manifestutils.GetDNSPolicy(params.OtelCol.Spec.HostNetwork, params.OtelCol.Spec.PodDNSConfig),
 					DNSConfig:                     &params.OtelCol.Spec.PodDNSConfig,
diff --git a/internal/manifests/collector/daemonset_test.go b/internal/manifests/collector/daemonset_test.go
@@ -8,7 +8,6 @@ import (
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	colfg "go.opentelemetry.io/collector/featuregate"
 	appsv1 "k8s.io/api/apps/v1"
 	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -17,7 +16,6 @@ import (
 	"github.com/open-telemetry/opentelemetry-operator/apis/v1beta1"
 	"github.com/open-telemetry/opentelemetry-operator/internal/config"
 	"github.com/open-telemetry/opentelemetry-operator/internal/manifests"
-	"github.com/open-telemetry/opentelemetry-operator/pkg/featuregate"
 )
 
 func TestDaemonSetNewDefault(t *testing.T) {
@@ -663,58 +661,7 @@ func TestDaemonSetTerminationGracePeriodSeconds(t *testing.T) {
 	assert.Equal(t, gracePeriodSec, *d2.Spec.Template.Spec.TerminationGracePeriodSeconds)
 }
 
-func TestDaemonSetHostPIDIgnoredWhenFeatureFlagDisabled(t *testing.T) {
-	require.NoError(t, colfg.GlobalRegistry().Set(featuregate.EnableAllowHostPIDSupport.ID(), false))
-	assert.False(t, featuregate.EnableAllowHostPIDSupport.IsEnabled())
-
-	// Test the case where hostPID is not set, should default to false
-	otelcol1 := v1beta1.OpenTelemetryCollector{
-		ObjectMeta: metav1.ObjectMeta{
-			Name: "my-instance",
-		},
-	}
-
-	cfg := config.New()
-
-	params1 := manifests.Params{
-		Config:  cfg,
-		OtelCol: otelcol1,
-		Log:     testLogger,
-	}
-
-	d1, err := DaemonSet(params1)
-	require.NoError(t, err)
-	assert.False(t, d1.Spec.Template.Spec.HostPID)
-
-	// Test the case where hostPID is set to true
-	otelcol2 := v1beta1.OpenTelemetryCollector{
-		ObjectMeta: metav1.ObjectMeta{
-			Name: "my-instance-terminationGracePeriodSeconds",
-		},
-		Spec: v1beta1.OpenTelemetryCollectorSpec{
-			HostPID: true,
-		},
-	}
-
-	cfg = config.New()
-
-	params2 := manifests.Params{
-		Config:  cfg,
-		OtelCol: otelcol2,
-		Log:     testLogger,
-	}
-
-	d2, err := DaemonSet(params2)
-	require.NoError(t, err)
-	assert.NotNil(t, d2.Spec.Template.Spec.HostPID)
-	// The featureflag is not enabled so this should be false
-	assert.False(t, d2.Spec.Template.Spec.HostPID)
-
-}
-
-func TestDaemonSetHostPIDOnlyWhenFeatureFlagEnabled(t *testing.T) {
-	require.NoError(t, colfg.GlobalRegistry().Set(featuregate.EnableAllowHostPIDSupport.ID(), true))
-	assert.True(t, featuregate.EnableAllowHostPIDSupport.IsEnabled())
+func TestDaemonSetHostPIDCanBeSet(t *testing.T) {
 
 	// Test the case where hostPID is not set, should default to false
 	otelcol1 := v1beta1.OpenTelemetryCollector{
diff --git a/internal/manifests/collector/deployment.go b/internal/manifests/collector/deployment.go
@@ -11,7 +11,6 @@ import (
 	"github.com/open-telemetry/opentelemetry-operator/internal/manifests"
 	"github.com/open-telemetry/opentelemetry-operator/internal/manifests/manifestutils"
 	"github.com/open-telemetry/opentelemetry-operator/internal/naming"
-	"github.com/open-telemetry/opentelemetry-operator/pkg/featuregate"
 )
 
 // Deployment builds the deployment for the given instance.
@@ -54,7 +53,7 @@ func Deployment(params manifests.Params) (*appsv1.Deployment, error) {
 					DNSPolicy:                     manifestutils.GetDNSPolicy(params.OtelCol.Spec.HostNetwork, params.OtelCol.Spec.PodDNSConfig),
 					DNSConfig:                     &params.OtelCol.Spec.PodDNSConfig,
 					HostNetwork:                   params.OtelCol.Spec.HostNetwork,
-					HostPID:                       params.OtelCol.Spec.HostPID && featuregate.EnableAllowHostPIDSupport.IsEnabled(),
+					HostPID:                       params.OtelCol.Spec.HostPID,
 					ShareProcessNamespace:         &params.OtelCol.Spec.ShareProcessNamespace,
 					Tolerations:                   params.OtelCol.Spec.Tolerations,
 					NodeSelector:                  params.OtelCol.Spec.NodeSelector,
diff --git a/internal/manifests/collector/deployment_test.go b/internal/manifests/collector/deployment_test.go
@@ -8,7 +8,6 @@ import (
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	colfg "go.opentelemetry.io/collector/featuregate"
 	appsv1 "k8s.io/api/apps/v1"
 	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -18,7 +17,6 @@ import (
 	"github.com/open-telemetry/opentelemetry-operator/internal/config"
 	"github.com/open-telemetry/opentelemetry-operator/internal/manifests"
 	"github.com/open-telemetry/opentelemetry-operator/internal/manifests/manifestutils"
-	"github.com/open-telemetry/opentelemetry-operator/pkg/featuregate"
 )
 
 var testTolerationValues = []v1.Toleration{
@@ -811,56 +809,7 @@ func int32Ptr(i int32) *int32 {
 	return &i
 }
 
-func TestDeploymentHostPIDIgnoredWhenFeatureFlagDisabled(t *testing.T) {
-	require.NoError(t, colfg.GlobalRegistry().Set(featuregate.EnableAllowHostPIDSupport.ID(), false))
-	assert.False(t, featuregate.EnableAllowHostPIDSupport.IsEnabled())
-
-	// Test default
-	otelcol1 := v1beta1.OpenTelemetryCollector{
-		ObjectMeta: metav1.ObjectMeta{
-			Name: "my-instance",
-		},
-	}
-
-	cfg := config.New()
-
-	params1 := manifests.Params{
-		Config:  cfg,
-		OtelCol: otelcol1,
-		Log:     testLogger,
-	}
-
-	d1, err := Deployment(params1)
-	require.NoError(t, err)
-
-	assert.False(t, d1.Spec.Template.Spec.HostPID)
-
-	// Test hostPID=true
-	otelcol2 := v1beta1.OpenTelemetryCollector{
-		ObjectMeta: metav1.ObjectMeta{
-			Name: "my-instance-hostnetwork",
-		},
-		Spec: v1beta1.OpenTelemetryCollectorSpec{
-			HostPID: true,
-		},
-	}
-
-	cfg = config.New()
-
-	params2 := manifests.Params{
-		Config:  cfg,
-		OtelCol: otelcol2,
-		Log:     testLogger,
-	}
-
-	d2, err := Deployment(params2)
-	require.NoError(t, err)
-	assert.False(t, d2.Spec.Template.Spec.HostPID)
-}
-
-func TestDeploymentHostPIDOnlyWhenFeatureFlagEnabled(t *testing.T) {
-	require.NoError(t, colfg.GlobalRegistry().Set(featuregate.EnableAllowHostPIDSupport.ID(), true))
-	assert.True(t, featuregate.EnableAllowHostPIDSupport.IsEnabled())
+func TestDeploymentHostPIDCanBeSet(t *testing.T) {
 
 	// Test default
 	otelcol1 := v1beta1.OpenTelemetryCollector{
diff --git a/internal/manifests/collector/statefulset.go b/internal/manifests/collector/statefulset.go
@@ -11,7 +11,6 @@ import (
 	"github.com/open-telemetry/opentelemetry-operator/internal/manifests"
 	"github.com/open-telemetry/opentelemetry-operator/internal/manifests/manifestutils"
 	"github.com/open-telemetry/opentelemetry-operator/internal/naming"
-	"github.com/open-telemetry/opentelemetry-operator/pkg/featuregate"
 )
 
 // StatefulSet builds the statefulset for the given instance.
@@ -59,7 +58,7 @@ func StatefulSet(params manifests.Params) (*appsv1.StatefulSet, error) {
 					DNSPolicy:                     manifestutils.GetDNSPolicy(params.OtelCol.Spec.HostNetwork, params.OtelCol.Spec.PodDNSConfig),
 					DNSConfig:                     &params.OtelCol.Spec.PodDNSConfig,
 					HostNetwork:                   params.OtelCol.Spec.HostNetwork,
-					HostPID:                       params.OtelCol.Spec.HostPID && featuregate.EnableAllowHostPIDSupport.IsEnabled(),
+					HostPID:                       params.OtelCol.Spec.HostPID,
 					ShareProcessNamespace:         &params.OtelCol.Spec.ShareProcessNamespace,
 					Tolerations:                   params.OtelCol.Spec.Tolerations,
 					NodeSelector:                  params.OtelCol.Spec.NodeSelector,
diff --git a/internal/manifests/collector/statefulset_test.go b/internal/manifests/collector/statefulset_test.go
@@ -8,7 +8,6 @@ import (
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	colfg "go.opentelemetry.io/collector/featuregate"
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/resource"
@@ -17,7 +16,6 @@ import (
 	"github.com/open-telemetry/opentelemetry-operator/apis/v1beta1"
 	"github.com/open-telemetry/opentelemetry-operator/internal/config"
 	"github.com/open-telemetry/opentelemetry-operator/internal/manifests"
-	"github.com/open-telemetry/opentelemetry-operator/pkg/featuregate"
 )
 
 func TestStatefulSetNewDefault(t *testing.T) {
@@ -829,56 +827,7 @@ func TestStatefulSetServiceName(t *testing.T) {
 	}
 }
 
-func TestStatefulSetHostPIDIgnoredWhenFeatureFlagDisabled(t *testing.T) {
-	require.NoError(t, colfg.GlobalRegistry().Set(featuregate.EnableAllowHostPIDSupport.ID(), false))
-	assert.False(t, featuregate.EnableAllowHostPIDSupport.IsEnabled())
-
-	// Test default
-	otelcol1 := v1beta1.OpenTelemetryCollector{
-		ObjectMeta: metav1.ObjectMeta{
-			Name: "my-instance",
-		},
-	}
-
-	cfg := config.New()
-
-	params1 := manifests.Params{
-		OtelCol: otelcol1,
-		Config:  cfg,
-		Log:     testLogger,
-	}
-
-	d1, err := StatefulSet(params1)
-	require.NoError(t, err)
-
-	assert.False(t, d1.Spec.Template.Spec.HostPID)
-
-	// Test HostPID=true
-	otelcol2 := v1beta1.OpenTelemetryCollector{
-		ObjectMeta: metav1.ObjectMeta{
-			Name: "my-instance-HostPID",
-		},
-		Spec: v1beta1.OpenTelemetryCollectorSpec{
-			HostPID: true,
-		},
-	}
-
-	cfg = config.New()
-
-	params2 := manifests.Params{
-		OtelCol: otelcol2,
-		Config:  cfg,
-		Log:     testLogger,
-	}
-
-	d2, err := StatefulSet(params2)
-	require.NoError(t, err)
-	assert.False(t, d2.Spec.Template.Spec.HostPID)
-}
-
-func TestStatefulSetHostPIDOnlyWhenFeatureFlagEnabled(t *testing.T) {
-	require.NoError(t, colfg.GlobalRegistry().Set(featuregate.EnableAllowHostPIDSupport.ID(), true))
-	assert.True(t, featuregate.EnableAllowHostPIDSupport.IsEnabled())
+func TestStatefulSetHostPIDCanBeSet(t *testing.T) {
 
 	// Test default
 	otelcol1 := v1beta1.OpenTelemetryCollector{
diff --git a/pkg/featuregate/featuregate.go b/pkg/featuregate/featuregate.go
@@ -78,13 +78,6 @@ var (
 		featuregate.StageAlpha,
 		featuregate.WithRegisterDescription("enables the operator to create network policies for operands,  collector and target allocator are supported"),
 	)
-	// EnableAllowHostPIDSupport is the feature gate that enables the usage of spec.hostPID. If enabled the hostPID field is respected, if disabled the hostPID will be set to false.
-	EnableAllowHostPIDSupport = featuregate.GlobalRegistry().MustRegister(
-		"operator.security.hostpid",
-		featuregate.StageAlpha,
-		featuregate.WithRegisterDescription("enables the usage of spec.hostPID field. If enabled the field is respected (user specified value), if disabled the field is ignored (always false)"),
-		featuregate.WithRegisterFromVersion("v0.114.0"),
-	)
 )
 
 // Flags creates a new FlagSet that represents the available featuregate flags using the supplied featuregate registry.

Original file line number	Diff line number	Diff line change
`@@ -78,13 +78,6 @@ var (`
`78`	`78`	`featuregate.StageAlpha,`
`79`	`79`	`featuregate.WithRegisterDescription("enables the operator to create network policies for operands, collector and target allocator are supported"),`
`80`	`80`	`)`
`81`		`- // EnableAllowHostPIDSupport is the feature gate that enables the usage of spec.hostPID. If enabled the hostPID field is respected, if disabled the hostPID will be set to false.`
`82`		`- EnableAllowHostPIDSupport = featuregate.GlobalRegistry().MustRegister(`
`83`		`- "operator.security.hostpid",`
`84`		`- featuregate.StageAlpha,`
`85`		`- featuregate.WithRegisterDescription("enables the usage of spec.hostPID field. If enabled the field is respected (user specified value), if disabled the field is ignored (always false)"),`
`86`		`- featuregate.WithRegisterFromVersion("v0.114.0"),`
`87`		`- )`
`88`	`81`	`)`
`89`	`82`
`90`	`83`	`// Flags creates a new FlagSet that represents the available featuregate flags using the supplied featuregate registry.`