linkerd · adleong · Sep 14, 2023 · Aug 22, 2023 · Aug 22, 2023 · Aug 22, 2023
@@ -74,11 +74,13 @@ Kubernetes: `>=1.21.0-0`
 |-----|------|---------|-------------|
 | clusterDomain | string | `"cluster.local"` | Kubernetes DNS Domain name to use |
 | collector.UID | string | `nil` | UID for the collector resource |
-| collector.config | string | see `value.yaml` for actual configuration | OpenTelemetry Collector config, See the [Configuration docs](https://opentelemetry.io/docs/collector/configuration/) for more information |
+| collector.command | string | `"/otelcol-contrib"` |  |
+| collector.config | object | see `value.yaml` for actual configuration | OpenTelemetry Collector config, See the [Configuration docs](https://opentelemetry.io/docs/collector/configuration/) for more information |
 | collector.enabled | bool | `true` | Set to false to exclude collector installation |
-| collector.image.name | string | `"otel/opentelemetry-collector"` |  |
-| collector.image.pullPolicy | string | `"Always"` |  |
-| collector.image.version | string | `"0.59.0"` |  |
+| collector.env | list | `[]` | Collector Deployment env |
+| collector.image.name | string | `"otel/opentelemetry-collector-contrib"` |  |
+| collector.image.pullPolicy | string | `""` |  |
+| collector.image.version | string | `"0.83.0"` |  |
 | collector.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | NodeSelector section, See the [K8S documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) for more information |
 | collector.resources.cpu.limit | string | `nil` | Maximum amount of CPU units that the collector container can use |
 | collector.resources.cpu.request | string | `nil` | Amount of CPU units that the collector container requests |
@@ -90,13 +92,12 @@ Kubernetes: `>=1.21.0-0`
 | commonLabels | object | `{}` | Labels to apply to all resources |
 | defaultUID | int | `2103` | Default UID for all the jaeger components |
 | enablePSP | bool | `false` | Create Roles and RoleBindings to associate this extension's ServiceAccounts to the control plane PSP resource. This requires that `enabledPSP` is set to true on the control plane install. Note PSP has been deprecated since k8s v1.21 |
-| imagePullPolicy | string | `"IfNotPresent"` | Docker imagePullPolicy for all jaeger components |
 | imagePullSecrets | list | `[]` | For Private docker registries, authentication is needed.  Registry secrets are applied to the respective service accounts |
 | jaeger.UID | string | `nil` | UID for the jaeger resource |
 | jaeger.args | list | `["--query.base-path=/jaeger"]` | CLI arguments for Jaeger, See [Jaeger AIO Memory CLI reference](https://www.jaegertracing.io/docs/1.24/cli/#jaeger-all-in-one-memory) |
 | jaeger.enabled | bool | `true` | Set to false to exclude all-in-one Jaeger installation |
 | jaeger.image.name | string | `"jaegertracing/all-in-one"` |  |
-| jaeger.image.pullPolicy | string | `"Always"` |  |
+| jaeger.image.pullPolicy | string | `""` |  |
 | jaeger.image.version | float | `1.31` |  |
 | jaeger.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | NodeSelector section, See the [K8S documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) for more information |
 | jaeger.resources.cpu.limit | string | `nil` | Maximum amount of CPU units that the jaeger container can use |
@@ -125,7 +126,7 @@ Kubernetes: `>=1.21.0-0`
 | webhook.externalSecret | bool | `false` | Do not create a secret resource for the webhook. If this is set to `true`, the value `webhook.caBundle` must be set or the ca bundle must injected with cert-manager ca injector using `webhook.injectCaFrom` or `webhook.injectCaFromSecret` (see below). |
 | webhook.failurePolicy | string | `"Ignore"` |  |
 | webhook.image.name | string | `"cr.l5d.io/linkerd/jaeger-webhook"` |  |
-| webhook.image.pullPolicy | string | `"IfNotPresent"` |  |
+| webhook.image.pullPolicy | string | `""` |  |
 | webhook.image.version | string | `"linkerdVersionValue"` |  |
 | webhook.injectCaFrom | string | `""` | Inject the CA bundle from a cert-manager Certificate. See the cert-manager [CA Injector Docs](https://cert-manager.io/docs/concepts/ca-injector/#injecting-ca-data-from-a-certificate-resource) for more information. |
 | webhook.injectCaFromSecret | string | `""` | Inject the CA bundle from a Secret. If set, the `cert-manager.io/inject-ca-from-secret` annotation will be added to the webhook. The Secret must have the CA Bundle stored in the `ca.crt` key and have the `cert-manager.io/allow-direct-injection` annotation set to `true`. See the cert-manager [CA Injector Docs](https://cert-manager.io/docs/concepts/ca-injector/#injecting-ca-data-from-a-secret-resource) for more information. |

@@ -9,7 +9,7 @@ metadata:
     linkerd.io/extension: jaeger
     app.kubernetes.io/name: jaeger-injector
     app.kubernetes.io/part-of: Linkerd
-    app.kubernetes.io/version: {{default .Values.webhook.image.version .Values.cliVersion}}
+    app.kubernetes.io/version: {{default .Values.webhook.image.version .Values.linkerdVersion}}
     component: jaeger-injector
     {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
   name: jaeger-injector
@@ -45,8 +45,10 @@ spec:
         - -cluster-domain={{.Values.clusterDomain}}
         - -linkerd-namespace={{.Values.linkerdNamespace}}
         - -enable-pprof={{.Values.enablePprof | default false}}
-        image: {{.Values.webhook.image.name}}:{{default .Values.webhook.image.version .Values.cliVersion}}
-        imagePullPolicy: {{.Values.webhook.image.pullPolicy}}
+        image: {{.Values.webhook.image.name}}:{{default .Values.webhook.image.version .Values.linkerdVersion}}
+        {{- with .Values.webhook.image.pullPolicy }}
+        imagePullPolicy: {{.}}
+        {{- end }}
         livenessProbe:
           httpGet:
             path: /ping

@@ -40,7 +40,9 @@ spec:
       containers:
       - name: namespace-metadata
         image: {{.Values.namespaceMetadata.image.registry}}/{{.Values.namespaceMetadata.image.name}}:{{.Values.namespaceMetadata.image.tag}}
-        imagePullPolicy: {{.Values.namespaceMetadata.image.pullPolicy | default .Values.imagePullPolicy}}
+        {{- with .Values.namespaceMetadata.image.pullPolicy }}
+        imagePullPolicy: {{.}}
+        {{- end }}
         securityContext:
           allowPrivilegeEscalation: false
           capabilities:

@@ -12,6 +12,40 @@ metadata:
     linkerd.io/extension: jaeger
     {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
 {{- include "partials.image-pull-secrets" .Values.imagePullSecrets }}
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: collector
+  labels:
+    linkerd.io/extension: jaeger
+    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
+rules:
+- apiGroups: [""]
+  resources: ["pods", "namespaces"]
+  verbs: ["get", "list", "watch"]
+- apiGroups: ["apps"]
+  resources: ["daemonsets", "replicasets", "statefulsets"]
+  verbs: ["get", "list", "watch"]
+- apiGroups: ["batch"]
+  resources: ["cronjobs", "jobs"]
+  verbs: ["get", "list", "watch"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: collector
+  labels:
+    linkerd.io/extension: jaeger
+    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
+subjects:
+- kind: ServiceAccount
+  name: collector
+  namespace: {{.Release.Namespace}}
+roleRef:
+  kind: ClusterRole
+  name: collector
+  apiGroup: rbac.authorization.k8s.io
 {{ end -}}
 ---
 ###

@@ -14,7 +14,7 @@ metadata:
     {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
 data:
   collector-config: |
-    {{- .Values.collector.config | trim | nindent 4 }}
+    {{- toYaml .Values.collector.config | trim | nindent 4 }}
 ---
 apiVersion: v1
 kind: Service
@@ -76,13 +76,14 @@ spec:
   template:
     metadata:
       annotations:
-        linkerd.io/inject: enabled
-        config.linkerd.io/proxy-await: "enabled"
+        checksum/config: {{ toYaml .Values.collector.config | trim | sha256sum }}
+        cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
         config.alpha.linkerd.io/proxy-wait-before-exit-seconds: "0"
+        config.linkerd.io/proxy-await: "enabled"
+        linkerd.io/inject: enabled
         prometheus.io/path: /metrics
         prometheus.io/port: "8888"
         prometheus.io/scrape: "true"
-        cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
       labels:
         linkerd.io/extension: jaeger
         component: collector
@@ -94,18 +95,27 @@ spec:
       {{- include "linkerd.node-selector" (dict "Values" .Values.collector) | nindent 6 }}
       containers:
       - command:
-        - /otelcol
+        - {{ .Values.collector.command }}
         - --config=/conf/collector-config.yaml
         env:
         - name: GOGC
           value: "80"
+        - name: HOST_IP
+          valueFrom:
+            fieldRef:
+              fieldPath: status.hostIP
         - name: POD_NAMESPACE
           valueFrom:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
+        {{- with .Values.collector.env }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
         image: {{.Values.collector.image.name}}:{{.Values.collector.image.version}}
-        imagePullPolicy: {{.Values.collector.image.pullPolicy}}
+        {{- with .Values.collector.image.pullPolicy }}
+        imagePullPolicy: {{.}}
+        {{- end }}
         livenessProbe:
           httpGet:
             path: /
@@ -218,7 +228,9 @@ spec:
         - {{ . -}}
         {{ end }}
         image: {{.Values.jaeger.image.name}}:{{.Values.jaeger.image.version}}
-        imagePullPolicy: {{.Values.jaeger.image.pullPolicy}}
+        {{- with .Values.jaeger.image.pullPolicy }}
+        imagePullPolicy: {{.}}
+        {{- end }}
         name: jaeger
         ports:
         - containerPort: 14269

@@ -7,9 +7,6 @@ podLabels: {}
 # -- Labels to apply to all resources
 commonLabels: {}
 
-# -- Docker imagePullPolicy for all jaeger components
-imagePullPolicy: IfNotPresent
-
 # -- Default nodeSelector section, See the
 # [K8S documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) for more information
 nodeSelector: &default_node_selector
@@ -40,9 +37,10 @@ collector:
   # -- Set to false to exclude collector installation
   enabled: true
   image:
-    name: otel/opentelemetry-collector
-    version: 0.59.0
-    pullPolicy: Always
+    name: otel/opentelemetry-collector-contrib
+    version: 0.83.0
+    pullPolicy: ""
+  command: /otelcol-contrib
 
   resources:
     cpu:
@@ -76,22 +74,73 @@ collector:
   # [Configuration docs](https://opentelemetry.io/docs/collector/configuration/)
   # for more information
   # @default -- see `value.yaml` for actual configuration
-  config: |
+  config:
     receivers:
-      otlp:
-        protocols:
-          grpc:
-          http:
       opencensus:
-      zipkin:
-      jaeger:
-        protocols:
-          grpc:
-          thrift_http:
-          thrift_compact:
-          thrift_binary:
     processors:
       batch:
+      resource:
+        attributes:
+          - key: k8s.pod.name
+            from_attribute: host.name
+            action: insert
+          - key: k8s.namespace.name
+            from_attribute: linkerd.io/workload-ns
+            action: insert
+      k8sattributes:
+        auth_type: serviceAccount
+        pod_association:
+        - sources:
+          # - from: resource_attribute
+          #   name: k8s.pod.ip
+          - from: resource_attribute
+            name: k8s.pod.name
+          - from: resource_attribute
+            name: k8s.namespace.name
+        extract:
+          metadata:
+            - k8s.pod.name
+            - k8s.pod.uid
+            - k8s.deployment.name
+            - k8s.node.name
+            - k8s.namespace.name
+            - k8s.pod.start_time
+            - k8s.replicaset.name
+            - k8s.replicaset.uid
+            - k8s.daemonset.name
+            - k8s.daemonset.uid
+            - k8s.job.name
+            - k8s.job.uid
+            - k8s.cronjob.name
+            - k8s.statefulset.name
+            - k8s.statefulset.uid
+            - container.image.name
+            - container.image.tag
+            - container.id
+            - k8s.container.name
+            - container.image.name
+            - container.image.tag
+            - container.id
+
+          labels:
+          - tag_name: kube_app_name
+            key: app.kubernetes.io/name
+            from: pod
+          - tag_name: kube_app_instance
+            key: app.kubernetes.io/instance
+            from: pod
+          - tag_name: kube_app_version
+            key: app.kubernetes.io/version
+            from: pod
+          - tag_name: kube_app_component
+            key: app.kubernetes.io/component
+            from: pod
+          - tag_name: kube_app_part_of
+            key: app.kubernetes.io/part-of
+            from: pod
+          - tag_name: kube_app_managed_by
+            key: app.kubernetes.io/managed-by
+            from: pod
     extensions:
       health_check:
     exporters:
@@ -103,17 +152,20 @@ collector:
       extensions: [health_check]
       pipelines:
         traces:
-          receivers: [otlp,opencensus,zipkin,jaeger]
-          processors: [batch]
+          receivers: [opencensus]
+          processors: [resource, k8sattributes, batch]
           exporters: [jaeger]
 
+  # -- Collector Deployment env
+  env: []
+
 jaeger:
   # -- Set to false to exclude all-in-one Jaeger installation
   enabled: true
   image:
     name: jaegertracing/all-in-one
     version: 1.31
-    pullPolicy: Always
+    pullPolicy: ""
 
   # -- CLI arguments for Jaeger, See [Jaeger AIO Memory CLI reference](https://www.jaegertracing.io/docs/1.24/cli/#jaeger-all-in-one-memory)
   args:
@@ -215,7 +267,7 @@ webhook:
   image:
     name: cr.l5d.io/linkerd/jaeger-webhook
     version: *linkerd_version
-    pullPolicy: IfNotPresent
+    pullPolicy: ""
   logLevel: info
 
   namespaceSelector: