From 8a86ecc9faa6810f406003818fcd027f3db0282c Mon Sep 17 00:00:00 2001 From: Cameron Boulton Date: Tue, 22 Aug 2023 12:54:25 -0700 Subject: [PATCH 1/9] [linkerd-jaeger] Add support for collector config merge and Deployment env Signed-off-by: Cameron Boulton --- jaeger/charts/linkerd-jaeger/README.md | 3 ++- .../linkerd-jaeger/templates/jaeger-injector.yaml | 4 ++-- jaeger/charts/linkerd-jaeger/templates/tracing.yaml | 10 +++++++++- jaeger/charts/linkerd-jaeger/values.yaml | 5 ++++- 4 files changed, 17 insertions(+), 5 deletions(-) diff --git a/jaeger/charts/linkerd-jaeger/README.md b/jaeger/charts/linkerd-jaeger/README.md index d11cf7e5cae92..853b18af6a0b3 100644 --- a/jaeger/charts/linkerd-jaeger/README.md +++ b/jaeger/charts/linkerd-jaeger/README.md @@ -74,8 +74,9 @@ Kubernetes: `>=1.21.0-0` |-----|------|---------|-------------| | clusterDomain | string | `"cluster.local"` | Kubernetes DNS Domain name to use | | collector.UID | string | `nil` | UID for the collector resource | -| collector.config | string | see `value.yaml` for actual configuration | OpenTelemetry Collector config, See the [Configuration docs](https://opentelemetry.io/docs/collector/configuration/) for more information | +| collector.config | object | see `value.yaml` for actual configuration | OpenTelemetry Collector config, See the [Configuration docs](https://opentelemetry.io/docs/collector/configuration/) for more information | | collector.enabled | bool | `true` | Set to false to exclude collector installation | +| collector.env | object | `{}` | Collector Deployment env | | collector.image.name | string | `"otel/opentelemetry-collector"` | | | collector.image.pullPolicy | string | `"Always"` | | | collector.image.version | string | `"0.59.0"` | | diff --git a/jaeger/charts/linkerd-jaeger/templates/jaeger-injector.yaml b/jaeger/charts/linkerd-jaeger/templates/jaeger-injector.yaml index 772b23b0fb72a..6d6a9462b8413 100644 --- a/jaeger/charts/linkerd-jaeger/templates/jaeger-injector.yaml +++ b/jaeger/charts/linkerd-jaeger/templates/jaeger-injector.yaml @@ -9,7 +9,7 @@ metadata: linkerd.io/extension: jaeger app.kubernetes.io/name: jaeger-injector app.kubernetes.io/part-of: Linkerd - app.kubernetes.io/version: {{default .Values.webhook.image.version .Values.cliVersion}} + app.kubernetes.io/version: {{default .Values.webhook.image.version .Values.linkerdVersion}} component: jaeger-injector {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }} name: jaeger-injector @@ -45,7 +45,7 @@ spec: - -cluster-domain={{.Values.clusterDomain}} - -linkerd-namespace={{.Values.linkerdNamespace}} - -enable-pprof={{.Values.enablePprof | default false}} - image: {{.Values.webhook.image.name}}:{{default .Values.webhook.image.version .Values.cliVersion}} + image: {{.Values.webhook.image.name}}:{{default .Values.webhook.image.version .Values.linkerdVersion}} imagePullPolicy: {{.Values.webhook.image.pullPolicy}} livenessProbe: httpGet: diff --git a/jaeger/charts/linkerd-jaeger/templates/tracing.yaml b/jaeger/charts/linkerd-jaeger/templates/tracing.yaml index 3aff91499b435..6037c452afe35 100644 --- a/jaeger/charts/linkerd-jaeger/templates/tracing.yaml +++ b/jaeger/charts/linkerd-jaeger/templates/tracing.yaml @@ -14,7 +14,7 @@ metadata: {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }} data: collector-config: | - {{- .Values.collector.config | trim | nindent 4 }} + {{- toYaml .Values.collector.config | trim | nindent 4 }} --- apiVersion: v1 kind: Service @@ -99,11 +99,19 @@ spec: env: - name: GOGC value: "80" + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP - name: POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + {{- range $name, $value := .Values.collector.env }} + - name: {{ $name }} + {{- toYaml $value | nindent 10 }} + {{- end }} image: {{.Values.collector.image.name}}:{{.Values.collector.image.version}} imagePullPolicy: {{.Values.collector.image.pullPolicy}} livenessProbe: diff --git a/jaeger/charts/linkerd-jaeger/values.yaml b/jaeger/charts/linkerd-jaeger/values.yaml index 6d771106138f1..d8000e06dcf98 100644 --- a/jaeger/charts/linkerd-jaeger/values.yaml +++ b/jaeger/charts/linkerd-jaeger/values.yaml @@ -76,7 +76,7 @@ collector: # [Configuration docs](https://opentelemetry.io/docs/collector/configuration/) # for more information # @default -- see `value.yaml` for actual configuration - config: | + config: receivers: otlp: protocols: @@ -107,6 +107,9 @@ collector: processors: [batch] exporters: [jaeger] + # -- Collector Deployment env + env: {} + jaeger: # -- Set to false to exclude all-in-one Jaeger installation enabled: true From b8adf8fc31744563e36abd46fc16c2e8e29355da Mon Sep 17 00:00:00 2001 From: Cameron Boulton Date: Tue, 22 Aug 2023 13:49:59 -0700 Subject: [PATCH 2/9] Consistent imagePullPolicy and fix test data Signed-off-by: Cameron Boulton --- .../linkerd-jaeger/templates/jaeger-injector.yaml | 4 +++- .../linkerd-jaeger/templates/namespace-metadata.yaml | 4 +++- jaeger/charts/linkerd-jaeger/templates/tracing.yaml | 8 ++++++-- jaeger/charts/linkerd-jaeger/values.yaml | 11 ++++------- jaeger/cmd/testdata/install_collector_disabled.golden | 2 -- jaeger/cmd/testdata/install_default.golden | 9 +++++---- jaeger/cmd/testdata/install_jaeger_disabled.golden | 8 +++++--- 7 files changed, 26 insertions(+), 20 deletions(-) diff --git a/jaeger/charts/linkerd-jaeger/templates/jaeger-injector.yaml b/jaeger/charts/linkerd-jaeger/templates/jaeger-injector.yaml index 6d6a9462b8413..2c0afe49bbc62 100644 --- a/jaeger/charts/linkerd-jaeger/templates/jaeger-injector.yaml +++ b/jaeger/charts/linkerd-jaeger/templates/jaeger-injector.yaml @@ -46,7 +46,9 @@ spec: - -linkerd-namespace={{.Values.linkerdNamespace}} - -enable-pprof={{.Values.enablePprof | default false}} image: {{.Values.webhook.image.name}}:{{default .Values.webhook.image.version .Values.linkerdVersion}} - imagePullPolicy: {{.Values.webhook.image.pullPolicy}} + {{- with .Values.webhook.image.pullPolicy }} + imagePullPolicy: {{.}} + {{- end }} livenessProbe: httpGet: path: /ping diff --git a/jaeger/charts/linkerd-jaeger/templates/namespace-metadata.yaml b/jaeger/charts/linkerd-jaeger/templates/namespace-metadata.yaml index ed0a475d4a5d7..e280c872b707c 100644 --- a/jaeger/charts/linkerd-jaeger/templates/namespace-metadata.yaml +++ b/jaeger/charts/linkerd-jaeger/templates/namespace-metadata.yaml @@ -40,7 +40,9 @@ spec: containers: - name: namespace-metadata image: {{.Values.namespaceMetadata.image.registry}}/{{.Values.namespaceMetadata.image.name}}:{{.Values.namespaceMetadata.image.tag}} - imagePullPolicy: {{.Values.namespaceMetadata.image.pullPolicy | default .Values.imagePullPolicy}} + {{- with .Values.namespaceMetadata.image.pullPolicy }} + imagePullPolicy: {{.}} + {{- end }} securityContext: allowPrivilegeEscalation: false capabilities: diff --git a/jaeger/charts/linkerd-jaeger/templates/tracing.yaml b/jaeger/charts/linkerd-jaeger/templates/tracing.yaml index 6037c452afe35..a38f8a10c2ea2 100644 --- a/jaeger/charts/linkerd-jaeger/templates/tracing.yaml +++ b/jaeger/charts/linkerd-jaeger/templates/tracing.yaml @@ -113,7 +113,9 @@ spec: {{- toYaml $value | nindent 10 }} {{- end }} image: {{.Values.collector.image.name}}:{{.Values.collector.image.version}} - imagePullPolicy: {{.Values.collector.image.pullPolicy}} + {{- with .Values.collector.image.pullPolicy }} + imagePullPolicy: {{.}} + {{- end }} livenessProbe: httpGet: path: / @@ -226,7 +228,9 @@ spec: - {{ . -}} {{ end }} image: {{.Values.jaeger.image.name}}:{{.Values.jaeger.image.version}} - imagePullPolicy: {{.Values.jaeger.image.pullPolicy}} + {{- with .Values.jaeger.image.pullPolicy }} + imagePullPolicy: {{.}} + {{- end }} name: jaeger ports: - containerPort: 14269 diff --git a/jaeger/charts/linkerd-jaeger/values.yaml b/jaeger/charts/linkerd-jaeger/values.yaml index d8000e06dcf98..53566a2cc3898 100644 --- a/jaeger/charts/linkerd-jaeger/values.yaml +++ b/jaeger/charts/linkerd-jaeger/values.yaml @@ -7,9 +7,6 @@ podLabels: {} # -- Labels to apply to all resources commonLabels: {} -# -- Docker imagePullPolicy for all jaeger components -imagePullPolicy: IfNotPresent - # -- Default nodeSelector section, See the # [K8S documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) for more information nodeSelector: &default_node_selector @@ -41,8 +38,8 @@ collector: enabled: true image: name: otel/opentelemetry-collector - version: 0.59.0 - pullPolicy: Always + version: 0.83.0 + pullPolicy: "" resources: cpu: @@ -116,7 +113,7 @@ jaeger: image: name: jaegertracing/all-in-one version: 1.31 - pullPolicy: Always + pullPolicy: "" # -- CLI arguments for Jaeger, See [Jaeger AIO Memory CLI reference](https://www.jaegertracing.io/docs/1.24/cli/#jaeger-all-in-one-memory) args: @@ -218,7 +215,7 @@ webhook: image: name: cr.l5d.io/linkerd/jaeger-webhook version: *linkerd_version - pullPolicy: IfNotPresent + pullPolicy: "" logLevel: info namespaceSelector: diff --git a/jaeger/cmd/testdata/install_collector_disabled.golden b/jaeger/cmd/testdata/install_collector_disabled.golden index 661af96b015be..f3fcdb4000ff1 100644 --- a/jaeger/cmd/testdata/install_collector_disabled.golden +++ b/jaeger/cmd/testdata/install_collector_disabled.golden @@ -50,7 +50,6 @@ spec: - -linkerd-namespace=linkerd - -enable-pprof=false image: cr.l5d.io/linkerd/jaeger-webhook:dev-undefined - imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /ping @@ -293,7 +292,6 @@ spec: - args: - --query.base-path=/jaeger image: jaegertracing/all-in-one:1.31 - imagePullPolicy: Always name: jaeger ports: - containerPort: 14269 diff --git a/jaeger/cmd/testdata/install_default.golden b/jaeger/cmd/testdata/install_default.golden index f80d4d6f26477..50eba83d69f99 100644 --- a/jaeger/cmd/testdata/install_default.golden +++ b/jaeger/cmd/testdata/install_default.golden @@ -50,7 +50,6 @@ spec: - -linkerd-namespace=linkerd - -enable-pprof=false image: cr.l5d.io/linkerd/jaeger-webhook:dev-undefined - imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /ping @@ -368,13 +367,16 @@ spec: env: - name: GOGC value: "80" + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP - name: POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: otel/opentelemetry-collector:0.59.0 - imagePullPolicy: Always + image: otel/opentelemetry-collector:0.83.0 livenessProbe: httpGet: path: / @@ -476,7 +478,6 @@ spec: - args: - --query.base-path=/jaeger image: jaegertracing/all-in-one:1.31 - imagePullPolicy: Always name: jaeger ports: - containerPort: 14269 diff --git a/jaeger/cmd/testdata/install_jaeger_disabled.golden b/jaeger/cmd/testdata/install_jaeger_disabled.golden index 012eace9d80d7..687f302b430da 100644 --- a/jaeger/cmd/testdata/install_jaeger_disabled.golden +++ b/jaeger/cmd/testdata/install_jaeger_disabled.golden @@ -50,7 +50,6 @@ spec: - -linkerd-namespace=linkerd - -enable-pprof=false image: cr.l5d.io/linkerd/jaeger-webhook:dev-undefined - imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /ping @@ -357,13 +356,16 @@ spec: env: - name: GOGC value: "80" + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP - name: POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: otel/opentelemetry-collector:0.59.0 - imagePullPolicy: Always + image: otel/opentelemetry-collector:0.83.0 livenessProbe: httpGet: path: / From 1878d98d81be33c44ffd786e2e3c4f2985a5be15 Mon Sep 17 00:00:00 2001 From: Cameron Boulton Date: Tue, 22 Aug 2023 14:28:52 -0700 Subject: [PATCH 3/9] Try collector image otel/opentelemetry-collector-contrib for included Kubernetes components Signed-off-by: Cameron Boulton --- jaeger/charts/linkerd-jaeger/values.yaml | 2 +- jaeger/cmd/testdata/install_default.golden | 2 +- jaeger/cmd/testdata/install_jaeger_disabled.golden | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/jaeger/charts/linkerd-jaeger/values.yaml b/jaeger/charts/linkerd-jaeger/values.yaml index 53566a2cc3898..9d9ef4a0fbc9f 100644 --- a/jaeger/charts/linkerd-jaeger/values.yaml +++ b/jaeger/charts/linkerd-jaeger/values.yaml @@ -37,7 +37,7 @@ collector: # -- Set to false to exclude collector installation enabled: true image: - name: otel/opentelemetry-collector + name: otel/opentelemetry-collector-contrib version: 0.83.0 pullPolicy: "" diff --git a/jaeger/cmd/testdata/install_default.golden b/jaeger/cmd/testdata/install_default.golden index 50eba83d69f99..1f93468e90ec7 100644 --- a/jaeger/cmd/testdata/install_default.golden +++ b/jaeger/cmd/testdata/install_default.golden @@ -376,7 +376,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: otel/opentelemetry-collector:0.83.0 + image: otel/opentelemetry-collector-contrib:0.83.0 livenessProbe: httpGet: path: / diff --git a/jaeger/cmd/testdata/install_jaeger_disabled.golden b/jaeger/cmd/testdata/install_jaeger_disabled.golden index 687f302b430da..a882c811945ec 100644 --- a/jaeger/cmd/testdata/install_jaeger_disabled.golden +++ b/jaeger/cmd/testdata/install_jaeger_disabled.golden @@ -365,7 +365,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: otel/opentelemetry-collector:0.83.0 + image: otel/opentelemetry-collector-contrib:0.83.0 livenessProbe: httpGet: path: / From f4dc94ae6249a7719dedb35e898edfb99d4b7779 Mon Sep 17 00:00:00 2001 From: Cameron Boulton Date: Tue, 22 Aug 2023 14:41:33 -0700 Subject: [PATCH 4/9] Try collector image otel/opentelemetry-collector-contrib for included Kubernetes components Signed-off-by: Cameron Boulton --- jaeger/charts/linkerd-jaeger/templates/tracing.yaml | 2 +- jaeger/cmd/testdata/install_default.golden | 2 +- jaeger/cmd/testdata/install_jaeger_disabled.golden | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/jaeger/charts/linkerd-jaeger/templates/tracing.yaml b/jaeger/charts/linkerd-jaeger/templates/tracing.yaml index a38f8a10c2ea2..b34f0029ee2af 100644 --- a/jaeger/charts/linkerd-jaeger/templates/tracing.yaml +++ b/jaeger/charts/linkerd-jaeger/templates/tracing.yaml @@ -94,7 +94,7 @@ spec: {{- include "linkerd.node-selector" (dict "Values" .Values.collector) | nindent 6 }} containers: - command: - - /otelcol + - /otelcol-contrib - --config=/conf/collector-config.yaml env: - name: GOGC diff --git a/jaeger/cmd/testdata/install_default.golden b/jaeger/cmd/testdata/install_default.golden index 1f93468e90ec7..80a47916a4169 100644 --- a/jaeger/cmd/testdata/install_default.golden +++ b/jaeger/cmd/testdata/install_default.golden @@ -362,7 +362,7 @@ spec: kubernetes.io/os: linux containers: - command: - - /otelcol + - /otelcol-contrib - --config=/conf/collector-config.yaml env: - name: GOGC diff --git a/jaeger/cmd/testdata/install_jaeger_disabled.golden b/jaeger/cmd/testdata/install_jaeger_disabled.golden index a882c811945ec..f9e1b529314a3 100644 --- a/jaeger/cmd/testdata/install_jaeger_disabled.golden +++ b/jaeger/cmd/testdata/install_jaeger_disabled.golden @@ -351,7 +351,7 @@ spec: kubernetes.io/os: linux containers: - command: - - /otelcol + - /otelcol-contrib - --config=/conf/collector-config.yaml env: - name: GOGC From 51ea3c227437505384d53bf04a572e33238af5e6 Mon Sep 17 00:00:00 2001 From: Cameron Boulton Date: Tue, 22 Aug 2023 15:46:54 -0700 Subject: [PATCH 5/9] Latest Signed-off-by: Cameron Boulton --- jaeger/charts/linkerd-jaeger/README.md | 12 ++++++------ jaeger/charts/linkerd-jaeger/templates/tracing.yaml | 9 +++++---- jaeger/charts/linkerd-jaeger/values.yaml | 1 + 3 files changed, 12 insertions(+), 10 deletions(-) diff --git a/jaeger/charts/linkerd-jaeger/README.md b/jaeger/charts/linkerd-jaeger/README.md index 853b18af6a0b3..bd78d5d413295 100644 --- a/jaeger/charts/linkerd-jaeger/README.md +++ b/jaeger/charts/linkerd-jaeger/README.md @@ -74,12 +74,13 @@ Kubernetes: `>=1.21.0-0` |-----|------|---------|-------------| | clusterDomain | string | `"cluster.local"` | Kubernetes DNS Domain name to use | | collector.UID | string | `nil` | UID for the collector resource | +| collector.command | string | `"/otelcol-contrib"` | | | collector.config | object | see `value.yaml` for actual configuration | OpenTelemetry Collector config, See the [Configuration docs](https://opentelemetry.io/docs/collector/configuration/) for more information | | collector.enabled | bool | `true` | Set to false to exclude collector installation | | collector.env | object | `{}` | Collector Deployment env | -| collector.image.name | string | `"otel/opentelemetry-collector"` | | -| collector.image.pullPolicy | string | `"Always"` | | -| collector.image.version | string | `"0.59.0"` | | +| collector.image.name | string | `"otel/opentelemetry-collector-contrib"` | | +| collector.image.pullPolicy | string | `""` | | +| collector.image.version | string | `"0.83.0"` | | | collector.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | NodeSelector section, See the [K8S documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) for more information | | collector.resources.cpu.limit | string | `nil` | Maximum amount of CPU units that the collector container can use | | collector.resources.cpu.request | string | `nil` | Amount of CPU units that the collector container requests | @@ -91,13 +92,12 @@ Kubernetes: `>=1.21.0-0` | commonLabels | object | `{}` | Labels to apply to all resources | | defaultUID | int | `2103` | Default UID for all the jaeger components | | enablePSP | bool | `false` | Create Roles and RoleBindings to associate this extension's ServiceAccounts to the control plane PSP resource. This requires that `enabledPSP` is set to true on the control plane install. Note PSP has been deprecated since k8s v1.21 | -| imagePullPolicy | string | `"IfNotPresent"` | Docker imagePullPolicy for all jaeger components | | imagePullSecrets | list | `[]` | For Private docker registries, authentication is needed. Registry secrets are applied to the respective service accounts | | jaeger.UID | string | `nil` | UID for the jaeger resource | | jaeger.args | list | `["--query.base-path=/jaeger"]` | CLI arguments for Jaeger, See [Jaeger AIO Memory CLI reference](https://www.jaegertracing.io/docs/1.24/cli/#jaeger-all-in-one-memory) | | jaeger.enabled | bool | `true` | Set to false to exclude all-in-one Jaeger installation | | jaeger.image.name | string | `"jaegertracing/all-in-one"` | | -| jaeger.image.pullPolicy | string | `"Always"` | | +| jaeger.image.pullPolicy | string | `""` | | | jaeger.image.version | float | `1.31` | | | jaeger.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | NodeSelector section, See the [K8S documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) for more information | | jaeger.resources.cpu.limit | string | `nil` | Maximum amount of CPU units that the jaeger container can use | @@ -126,7 +126,7 @@ Kubernetes: `>=1.21.0-0` | webhook.externalSecret | bool | `false` | Do not create a secret resource for the webhook. If this is set to `true`, the value `webhook.caBundle` must be set or the ca bundle must injected with cert-manager ca injector using `webhook.injectCaFrom` or `webhook.injectCaFromSecret` (see below). | | webhook.failurePolicy | string | `"Ignore"` | | | webhook.image.name | string | `"cr.l5d.io/linkerd/jaeger-webhook"` | | -| webhook.image.pullPolicy | string | `"IfNotPresent"` | | +| webhook.image.pullPolicy | string | `""` | | | webhook.image.version | string | `"linkerdVersionValue"` | | | webhook.injectCaFrom | string | `""` | Inject the CA bundle from a cert-manager Certificate. See the cert-manager [CA Injector Docs](https://cert-manager.io/docs/concepts/ca-injector/#injecting-ca-data-from-a-certificate-resource) for more information. | | webhook.injectCaFromSecret | string | `""` | Inject the CA bundle from a Secret. If set, the `cert-manager.io/inject-ca-from-secret` annotation will be added to the webhook. The Secret must have the CA Bundle stored in the `ca.crt` key and have the `cert-manager.io/allow-direct-injection` annotation set to `true`. See the cert-manager [CA Injector Docs](https://cert-manager.io/docs/concepts/ca-injector/#injecting-ca-data-from-a-secret-resource) for more information. | diff --git a/jaeger/charts/linkerd-jaeger/templates/tracing.yaml b/jaeger/charts/linkerd-jaeger/templates/tracing.yaml index b34f0029ee2af..317bcf5cab83d 100644 --- a/jaeger/charts/linkerd-jaeger/templates/tracing.yaml +++ b/jaeger/charts/linkerd-jaeger/templates/tracing.yaml @@ -76,13 +76,14 @@ spec: template: metadata: annotations: - linkerd.io/inject: enabled - config.linkerd.io/proxy-await: "enabled" + checksum/config: {{ toYaml .Values.collector.config | trim | sha256sum }} + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" config.alpha.linkerd.io/proxy-wait-before-exit-seconds: "0" + config.linkerd.io/proxy-await: "enabled" + linkerd.io/inject: enabled prometheus.io/path: /metrics prometheus.io/port: "8888" prometheus.io/scrape: "true" - cluster-autoscaler.kubernetes.io/safe-to-evict: "true" labels: linkerd.io/extension: jaeger component: collector @@ -94,7 +95,7 @@ spec: {{- include "linkerd.node-selector" (dict "Values" .Values.collector) | nindent 6 }} containers: - command: - - /otelcol-contrib + - {{ .Values.collector.command }} - --config=/conf/collector-config.yaml env: - name: GOGC diff --git a/jaeger/charts/linkerd-jaeger/values.yaml b/jaeger/charts/linkerd-jaeger/values.yaml index 9d9ef4a0fbc9f..a45c08cfb1fc9 100644 --- a/jaeger/charts/linkerd-jaeger/values.yaml +++ b/jaeger/charts/linkerd-jaeger/values.yaml @@ -40,6 +40,7 @@ collector: name: otel/opentelemetry-collector-contrib version: 0.83.0 pullPolicy: "" + command: /otelcol-contrib resources: cpu: From 1e62567823344e55a1c536c37dfdc0bd08d2f959 Mon Sep 17 00:00:00 2001 From: Cameron Boulton Date: Wed, 30 Aug 2023 12:14:29 -0700 Subject: [PATCH 6/9] Configure otel-collector for Linkerd traces only by default. Signed-off-by: Cameron Boulton --- jaeger/charts/linkerd-jaeger/README.md | 2 +- .../charts/linkerd-jaeger/templates/rbac.yaml | 34 ++++++++ .../linkerd-jaeger/templates/tracing.yaml | 5 +- jaeger/charts/linkerd-jaeger/values.yaml | 79 +++++++++++++++---- 4 files changed, 102 insertions(+), 18 deletions(-) diff --git a/jaeger/charts/linkerd-jaeger/README.md b/jaeger/charts/linkerd-jaeger/README.md index bd78d5d413295..44d812e58ab7b 100644 --- a/jaeger/charts/linkerd-jaeger/README.md +++ b/jaeger/charts/linkerd-jaeger/README.md @@ -77,7 +77,7 @@ Kubernetes: `>=1.21.0-0` | collector.command | string | `"/otelcol-contrib"` | | | collector.config | object | see `value.yaml` for actual configuration | OpenTelemetry Collector config, See the [Configuration docs](https://opentelemetry.io/docs/collector/configuration/) for more information | | collector.enabled | bool | `true` | Set to false to exclude collector installation | -| collector.env | object | `{}` | Collector Deployment env | +| collector.env | list | `[]` | Collector Deployment env | | collector.image.name | string | `"otel/opentelemetry-collector-contrib"` | | | collector.image.pullPolicy | string | `""` | | | collector.image.version | string | `"0.83.0"` | | diff --git a/jaeger/charts/linkerd-jaeger/templates/rbac.yaml b/jaeger/charts/linkerd-jaeger/templates/rbac.yaml index 4617529b24257..17c9ae87d6f81 100644 --- a/jaeger/charts/linkerd-jaeger/templates/rbac.yaml +++ b/jaeger/charts/linkerd-jaeger/templates/rbac.yaml @@ -14,6 +14,40 @@ metadata: {{- include "partials.image-pull-secrets" .Values.imagePullSecrets }} {{ end -}} --- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: collector + labels: + linkerd.io/extension: jaeger + {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }} +rules: +- apiGroups: [""] + resources: ["pods", "namespaces"] + verbs: ["get", "list", "watch"] +- apiGroups: ["apps"] + resources: ["daemonsets", "replicasets", "statefulsets"] + verbs: ["get", "list", "watch"] +- apiGroups: ["batch"] + resources: ["cronjobs", "jobs"] + verbs: ["get", "list", "watch"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: collector + labels: + linkerd.io/extension: jaeger + {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }} +subjects: +- kind: ServiceAccount + name: collector + namespace: {{.Release.Namespace}} +roleRef: + kind: ClusterRole + name: collector + apiGroup: rbac.authorization.k8s.io +--- ### ### Jaeger Injector RBAC ### diff --git a/jaeger/charts/linkerd-jaeger/templates/tracing.yaml b/jaeger/charts/linkerd-jaeger/templates/tracing.yaml index 317bcf5cab83d..5218ce3d71eb2 100644 --- a/jaeger/charts/linkerd-jaeger/templates/tracing.yaml +++ b/jaeger/charts/linkerd-jaeger/templates/tracing.yaml @@ -109,9 +109,8 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - {{- range $name, $value := .Values.collector.env }} - - name: {{ $name }} - {{- toYaml $value | nindent 10 }} + {{- with .Values.collector.env }} + {{- toYaml . | nindent 8 }} {{- end }} image: {{.Values.collector.image.name}}:{{.Values.collector.image.version}} {{- with .Values.collector.image.pullPolicy }} diff --git a/jaeger/charts/linkerd-jaeger/values.yaml b/jaeger/charts/linkerd-jaeger/values.yaml index a45c08cfb1fc9..fcc24a3565f61 100644 --- a/jaeger/charts/linkerd-jaeger/values.yaml +++ b/jaeger/charts/linkerd-jaeger/values.yaml @@ -76,20 +76,71 @@ collector: # @default -- see `value.yaml` for actual configuration config: receivers: - otlp: - protocols: - grpc: - http: opencensus: - zipkin: - jaeger: - protocols: - grpc: - thrift_http: - thrift_compact: - thrift_binary: processors: batch: + resource: + attributes: + - key: k8s.pod.name + from_attribute: host.name + action: insert + - key: k8s.namespace.name + from_attribute: linkerd.io/workload-ns + action: insert + k8sattributes: + auth_type: "serviceAccount" + pod_association: + - sources: + # - from: resource_attribute + # name: k8s.pod.ip + - from: resource_attribute + name: k8s.pod.name + - from: resource_attribute + name: k8s.namespace.name + extract: + metadata: + - k8s.pod.name + - k8s.pod.uid + - k8s.deployment.name + - k8s.node.name + - k8s.namespace.name + - k8s.pod.start_time + - k8s.replicaset.name + - k8s.replicaset.uid + - k8s.daemonset.name + - k8s.daemonset.uid + - k8s.job.name + - k8s.job.uid + - k8s.cronjob.name + - k8s.statefulset.name + - k8s.statefulset.uid + - container.image.name + - container.image.tag + - container.id + - k8s.container.name + - container.image.name + - container.image.tag + - container.id + + labels: + - tag_name: kube_app_name + key: app.kubernetes.io/name + from: pod + - tag_name: kube_app_instance + key: app.kubernetes.io/instance + from: pod + - tag_name: kube_app_version + key: app.kubernetes.io/version + from: pod + - tag_name: kube_app_component + key: app.kubernetes.io/component + from: pod + - tag_name: kube_app_part_of + key: app.kubernetes.io/part-of + from: pod + - tag_name: kube_app_managed_by + key: app.kubernetes.io/managed-by + from: pod extensions: health_check: exporters: @@ -101,12 +152,12 @@ collector: extensions: [health_check] pipelines: traces: - receivers: [otlp,opencensus,zipkin,jaeger] - processors: [batch] + receivers: [opencensus] + processors: [resource, k8sattributes, batch] exporters: [jaeger] # -- Collector Deployment env - env: {} + env: [] jaeger: # -- Set to false to exclude all-in-one Jaeger installation From c279129671ad14424ee869c13f600ca001b476e7 Mon Sep 17 00:00:00 2001 From: Cameron Boulton Date: Wed, 30 Aug 2023 14:40:24 -0700 Subject: [PATCH 7/9] Fix up tests. Signed-off-by: Cameron Boulton --- .../charts/linkerd-jaeger/templates/rbac.yaml | 4 +-- .../install_collector_disabled.golden | 2 +- jaeger/cmd/testdata/install_default.golden | 34 ++++++++++++++++++- .../testdata/install_jaeger_disabled.golden | 34 ++++++++++++++++++- 4 files changed, 69 insertions(+), 5 deletions(-) diff --git a/jaeger/charts/linkerd-jaeger/templates/rbac.yaml b/jaeger/charts/linkerd-jaeger/templates/rbac.yaml index 17c9ae87d6f81..cff1237b3f25f 100644 --- a/jaeger/charts/linkerd-jaeger/templates/rbac.yaml +++ b/jaeger/charts/linkerd-jaeger/templates/rbac.yaml @@ -11,8 +11,6 @@ metadata: labels: linkerd.io/extension: jaeger {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }} -{{- include "partials.image-pull-secrets" .Values.imagePullSecrets }} -{{ end -}} --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 @@ -47,6 +45,8 @@ roleRef: kind: ClusterRole name: collector apiGroup: rbac.authorization.k8s.io +{{- include "partials.image-pull-secrets" .Values.imagePullSecrets }} +{{ end -}} --- ### ### Jaeger Injector RBAC diff --git a/jaeger/cmd/testdata/install_collector_disabled.golden b/jaeger/cmd/testdata/install_collector_disabled.golden index f3fcdb4000ff1..c7bd520571daf 100644 --- a/jaeger/cmd/testdata/install_collector_disabled.golden +++ b/jaeger/cmd/testdata/install_collector_disabled.golden @@ -30,7 +30,7 @@ spec: template: metadata: annotations: - checksum/config: c5d4d160a7fd2febef85a7a02d2df5b5575dec35abc84d696e9afa8d3f8423e6 + checksum/config: 5718c80d1d4f55693ac04d829f42b9d44231dfb2d5e883002e8fb053da096c1b linkerd.io/inject: enabled config.linkerd.io/proxy-await: "enabled" config.alpha.linkerd.io/proxy-wait-before-exit-seconds: "0" diff --git a/jaeger/cmd/testdata/install_default.golden b/jaeger/cmd/testdata/install_default.golden index 80a47916a4169..cc0311773c608 100644 --- a/jaeger/cmd/testdata/install_default.golden +++ b/jaeger/cmd/testdata/install_default.golden @@ -30,7 +30,7 @@ spec: template: metadata: annotations: - checksum/config: 3fdd1946a20d2c03424324fdfd88d7fa77dcef0c5bedf314570ff74d0b49e981 + checksum/config: 59b9d7a68d62aabbd291fabf1aa9596df514c7d37853ba34cfd38a0ccb9365d5 linkerd.io/inject: enabled config.linkerd.io/proxy-await: "enabled" config.alpha.linkerd.io/proxy-wait-before-exit-seconds: "0" @@ -173,6 +173,38 @@ metadata: labels: linkerd.io/extension: jaeger --- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: collector + labels: + linkerd.io/extension: jaeger +rules: +- apiGroups: [""] + resources: ["pods", "namespaces"] + verbs: ["get", "list", "watch"] +- apiGroups: ["apps"] + resources: ["daemonsets", "replicasets", "statefulsets"] + verbs: ["get", "list", "watch"] +- apiGroups: ["batch"] + resources: ["cronjobs", "jobs"] + verbs: ["get", "list", "watch"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: collector + labels: + linkerd.io/extension: jaeger +subjects: +- kind: ServiceAccount + name: collector + namespace: {{.Release.Namespace}} +roleRef: + kind: ClusterRole + name: collector + apiGroup: rbac.authorization.k8s.io +--- ### ### Jaeger Injector RBAC ### diff --git a/jaeger/cmd/testdata/install_jaeger_disabled.golden b/jaeger/cmd/testdata/install_jaeger_disabled.golden index f9e1b529314a3..70433610abe3c 100644 --- a/jaeger/cmd/testdata/install_jaeger_disabled.golden +++ b/jaeger/cmd/testdata/install_jaeger_disabled.golden @@ -30,7 +30,7 @@ spec: template: metadata: annotations: - checksum/config: b8ce5fb085b648e293a23ee74978b9bf316e40dacddd262c6877b2a7691be716 + checksum/config: 33e744466fd4a94faf5e7cd42d65af7b75beedcdfdb5264667f97b0299e8724e linkerd.io/inject: enabled config.linkerd.io/proxy-await: "enabled" config.alpha.linkerd.io/proxy-wait-before-exit-seconds: "0" @@ -173,6 +173,38 @@ metadata: labels: linkerd.io/extension: jaeger --- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: collector + labels: + linkerd.io/extension: jaeger +rules: +- apiGroups: [""] + resources: ["pods", "namespaces"] + verbs: ["get", "list", "watch"] +- apiGroups: ["apps"] + resources: ["daemonsets", "replicasets", "statefulsets"] + verbs: ["get", "list", "watch"] +- apiGroups: ["batch"] + resources: ["cronjobs", "jobs"] + verbs: ["get", "list", "watch"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: collector + labels: + linkerd.io/extension: jaeger +subjects: +- kind: ServiceAccount + name: collector + namespace: {{.Release.Namespace}} +roleRef: + kind: ClusterRole + name: collector + apiGroup: rbac.authorization.k8s.io +--- ### ### Jaeger Injector RBAC ### From 327a8536df43dc441f601be54e9bd10bc959f4be Mon Sep 17 00:00:00 2001 From: Cameron Boulton Date: Wed, 30 Aug 2023 14:46:56 -0700 Subject: [PATCH 8/9] Fix partials.image-pull-secrets position. Signed-off-by: Cameron Boulton --- jaeger/charts/linkerd-jaeger/templates/rbac.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jaeger/charts/linkerd-jaeger/templates/rbac.yaml b/jaeger/charts/linkerd-jaeger/templates/rbac.yaml index cff1237b3f25f..5e0aa86024dc9 100644 --- a/jaeger/charts/linkerd-jaeger/templates/rbac.yaml +++ b/jaeger/charts/linkerd-jaeger/templates/rbac.yaml @@ -11,6 +11,7 @@ metadata: labels: linkerd.io/extension: jaeger {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }} +{{- include "partials.image-pull-secrets" .Values.imagePullSecrets }} --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 @@ -45,7 +46,6 @@ roleRef: kind: ClusterRole name: collector apiGroup: rbac.authorization.k8s.io -{{- include "partials.image-pull-secrets" .Values.imagePullSecrets }} {{ end -}} --- ### From 13ff12bc2e2232a54572cfc868db963e649efce1 Mon Sep 17 00:00:00 2001 From: Cameron Boulton Date: Wed, 30 Aug 2023 15:37:02 -0700 Subject: [PATCH 9/9] Fix up tests. Signed-off-by: Cameron Boulton --- jaeger/charts/linkerd-jaeger/values.yaml | 2 +- .../install_collector_disabled.golden | 2 +- jaeger/cmd/testdata/install_default.golden | 105 +++++++++++++----- .../testdata/install_jaeger_disabled.golden | 105 +++++++++++++----- 4 files changed, 162 insertions(+), 52 deletions(-) diff --git a/jaeger/charts/linkerd-jaeger/values.yaml b/jaeger/charts/linkerd-jaeger/values.yaml index fcc24a3565f61..9536f6e556072 100644 --- a/jaeger/charts/linkerd-jaeger/values.yaml +++ b/jaeger/charts/linkerd-jaeger/values.yaml @@ -88,7 +88,7 @@ collector: from_attribute: linkerd.io/workload-ns action: insert k8sattributes: - auth_type: "serviceAccount" + auth_type: serviceAccount pod_association: - sources: # - from: resource_attribute diff --git a/jaeger/cmd/testdata/install_collector_disabled.golden b/jaeger/cmd/testdata/install_collector_disabled.golden index c7bd520571daf..f3fcdb4000ff1 100644 --- a/jaeger/cmd/testdata/install_collector_disabled.golden +++ b/jaeger/cmd/testdata/install_collector_disabled.golden @@ -30,7 +30,7 @@ spec: template: metadata: annotations: - checksum/config: 5718c80d1d4f55693ac04d829f42b9d44231dfb2d5e883002e8fb053da096c1b + checksum/config: c5d4d160a7fd2febef85a7a02d2df5b5575dec35abc84d696e9afa8d3f8423e6 linkerd.io/inject: enabled config.linkerd.io/proxy-await: "enabled" config.alpha.linkerd.io/proxy-wait-before-exit-seconds: "0" diff --git a/jaeger/cmd/testdata/install_default.golden b/jaeger/cmd/testdata/install_default.golden index cc0311773c608..39f407119f2fb 100644 --- a/jaeger/cmd/testdata/install_default.golden +++ b/jaeger/cmd/testdata/install_default.golden @@ -199,7 +199,7 @@ metadata: subjects: - kind: ServiceAccount name: collector - namespace: {{.Release.Namespace}} + namespace: linkerd-jaeger roleRef: kind: ClusterRole name: collector @@ -291,35 +291,89 @@ metadata: component: collector data: collector-config: | - receivers: - otlp: - protocols: - grpc: - http: - opencensus: - zipkin: - jaeger: - protocols: - grpc: - thrift_http: - thrift_compact: - thrift_binary: - processors: - batch: - extensions: - health_check: exporters: jaeger: endpoint: jaeger.${POD_NAMESPACE}:14250 tls: insecure: true + extensions: + health_check: null + processors: + batch: null + k8sattributes: + auth_type: serviceAccount + extract: + labels: + - from: pod + key: app.kubernetes.io/name + tag_name: kube_app_name + - from: pod + key: app.kubernetes.io/instance + tag_name: kube_app_instance + - from: pod + key: app.kubernetes.io/version + tag_name: kube_app_version + - from: pod + key: app.kubernetes.io/component + tag_name: kube_app_component + - from: pod + key: app.kubernetes.io/part-of + tag_name: kube_app_part_of + - from: pod + key: app.kubernetes.io/managed-by + tag_name: kube_app_managed_by + metadata: + - k8s.pod.name + - k8s.pod.uid + - k8s.deployment.name + - k8s.node.name + - k8s.namespace.name + - k8s.pod.start_time + - k8s.replicaset.name + - k8s.replicaset.uid + - k8s.daemonset.name + - k8s.daemonset.uid + - k8s.job.name + - k8s.job.uid + - k8s.cronjob.name + - k8s.statefulset.name + - k8s.statefulset.uid + - container.image.name + - container.image.tag + - container.id + - k8s.container.name + - container.image.name + - container.image.tag + - container.id + pod_association: + - sources: + - from: resource_attribute + name: k8s.pod.name + - from: resource_attribute + name: k8s.namespace.name + resource: + attributes: + - action: insert + from_attribute: host.name + key: k8s.pod.name + - action: insert + from_attribute: linkerd.io/workload-ns + key: k8s.namespace.name + receivers: + opencensus: null service: - extensions: [health_check] + extensions: + - health_check pipelines: traces: - receivers: [otlp,opencensus,zipkin,jaeger] - processors: [batch] - exporters: [jaeger] + exporters: + - jaeger + processors: + - resource + - k8sattributes + - batch + receivers: + - opencensus --- apiVersion: v1 kind: Service @@ -379,13 +433,14 @@ spec: template: metadata: annotations: - linkerd.io/inject: enabled - config.linkerd.io/proxy-await: "enabled" + checksum/config: 319d95c61f89ff68538c097cca12358ac58383e2c1d93fe3d92e35c501b0541a + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" config.alpha.linkerd.io/proxy-wait-before-exit-seconds: "0" + config.linkerd.io/proxy-await: "enabled" + linkerd.io/inject: enabled prometheus.io/path: /metrics prometheus.io/port: "8888" prometheus.io/scrape: "true" - cluster-autoscaler.kubernetes.io/safe-to-evict: "true" labels: linkerd.io/extension: jaeger component: collector diff --git a/jaeger/cmd/testdata/install_jaeger_disabled.golden b/jaeger/cmd/testdata/install_jaeger_disabled.golden index 70433610abe3c..84a506f3e373c 100644 --- a/jaeger/cmd/testdata/install_jaeger_disabled.golden +++ b/jaeger/cmd/testdata/install_jaeger_disabled.golden @@ -199,7 +199,7 @@ metadata: subjects: - kind: ServiceAccount name: collector - namespace: {{.Release.Namespace}} + namespace: linkerd-jaeger roleRef: kind: ClusterRole name: collector @@ -280,35 +280,89 @@ metadata: component: collector data: collector-config: | - receivers: - otlp: - protocols: - grpc: - http: - opencensus: - zipkin: - jaeger: - protocols: - grpc: - thrift_http: - thrift_compact: - thrift_binary: - processors: - batch: - extensions: - health_check: exporters: jaeger: endpoint: jaeger.${POD_NAMESPACE}:14250 tls: insecure: true + extensions: + health_check: null + processors: + batch: null + k8sattributes: + auth_type: serviceAccount + extract: + labels: + - from: pod + key: app.kubernetes.io/name + tag_name: kube_app_name + - from: pod + key: app.kubernetes.io/instance + tag_name: kube_app_instance + - from: pod + key: app.kubernetes.io/version + tag_name: kube_app_version + - from: pod + key: app.kubernetes.io/component + tag_name: kube_app_component + - from: pod + key: app.kubernetes.io/part-of + tag_name: kube_app_part_of + - from: pod + key: app.kubernetes.io/managed-by + tag_name: kube_app_managed_by + metadata: + - k8s.pod.name + - k8s.pod.uid + - k8s.deployment.name + - k8s.node.name + - k8s.namespace.name + - k8s.pod.start_time + - k8s.replicaset.name + - k8s.replicaset.uid + - k8s.daemonset.name + - k8s.daemonset.uid + - k8s.job.name + - k8s.job.uid + - k8s.cronjob.name + - k8s.statefulset.name + - k8s.statefulset.uid + - container.image.name + - container.image.tag + - container.id + - k8s.container.name + - container.image.name + - container.image.tag + - container.id + pod_association: + - sources: + - from: resource_attribute + name: k8s.pod.name + - from: resource_attribute + name: k8s.namespace.name + resource: + attributes: + - action: insert + from_attribute: host.name + key: k8s.pod.name + - action: insert + from_attribute: linkerd.io/workload-ns + key: k8s.namespace.name + receivers: + opencensus: null service: - extensions: [health_check] + extensions: + - health_check pipelines: traces: - receivers: [otlp,opencensus,zipkin,jaeger] - processors: [batch] - exporters: [jaeger] + exporters: + - jaeger + processors: + - resource + - k8sattributes + - batch + receivers: + - opencensus --- apiVersion: v1 kind: Service @@ -368,13 +422,14 @@ spec: template: metadata: annotations: - linkerd.io/inject: enabled - config.linkerd.io/proxy-await: "enabled" + checksum/config: 319d95c61f89ff68538c097cca12358ac58383e2c1d93fe3d92e35c501b0541a + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" config.alpha.linkerd.io/proxy-wait-before-exit-seconds: "0" + config.linkerd.io/proxy-await: "enabled" + linkerd.io/inject: enabled prometheus.io/path: /metrics prometheus.io/port: "8888" prometheus.io/scrape: "true" - cluster-autoscaler.kubernetes.io/safe-to-evict: "true" labels: linkerd.io/extension: jaeger component: collector