Ta update configs to enable mtls #3015
Draft
+1,132
−75
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps [github.com/gin-gonic/gin](https://github.com/gin-gonic/gin) from 1.9.1 to 1.10.0. - [Release notes](https://github.com/gin-gonic/gin/releases) - [Changelog](https://github.com/gin-gonic/gin/blob/master/CHANGELOG.md) - [Commits](gin-gonic/gin@v1.9.1...v1.10.0) --- updated-dependencies: - dependency-name: github.com/gin-gonic/gin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…elemetry#2951) Bumps the prometheus group with 1 update: [github.com/prometheus/prometheus](https://github.com/prometheus/prometheus). Updates `github.com/prometheus/prometheus` from 0.51.2 to 0.52.0 - [Release notes](https://github.com/prometheus/prometheus/releases) - [Changelog](https://github.com/prometheus/prometheus/blob/main/CHANGELOG.md) - [Commits](prometheus/prometheus@v0.51.2...v0.52.0) --- updated-dependencies: - dependency-name: github.com/prometheus/prometheus dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prometheus ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* enable readiness Probe for otel operator Signed-off-by: Janario Oliveira <janario.oliveira@gmail.com> * generate CRD and controller changes Signed-off-by: Janario Oliveira <janario.oliveira@gmail.com> * Adjusted code to be similar to Liveness logic Signed-off-by: Janario Oliveira <janario.oliveira@gmail.com> * Generated manifests Signed-off-by: Janario Oliveira <janario.oliveira@gmail.com> * Add changelog Signed-off-by: Janario Oliveira <janario.oliveira@gmail.com> * Fix lint Signed-off-by: Janario Oliveira <janario.oliveira@gmail.com> * Removed readinessProbe from alpha CRD Signed-off-by: Janario Oliveira <janario.oliveira@gmail.com> * Generated manifests Signed-off-by: Janario Oliveira <janario.oliveira@gmail.com> * Fix lint Signed-off-by: Janario Oliveira <janario.oliveira@gmail.com> * Centralized probe validation Signed-off-by: Janario Oliveira <janario.oliveira@gmail.com> --------- Signed-off-by: Janario Oliveira <janario.oliveira@gmail.com> Co-authored-by: hesam.hamdarsi <hesam.hamdarsi@gmail.com>
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 26.0.1+incompatible to 26.0.2+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](moby/moby@v26.0.1...v26.0.2) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Added new Log Enconder Config Signed-off-by: Yuri Sa <yurimsa@gmail.com> * Added new Log Enconder Config Signed-off-by: Yuri Sa <yurimsa@gmail.com> * Added new Log Enconder Config Signed-off-by: Yuri Sa <yurimsa@gmail.com> * Added new Log Enconder Config Signed-off-by: Yuri Sa <yurimsa@gmail.com> * Added new Log Enconder Config Signed-off-by: Yuri Sa <yurimsa@gmail.com> * Added new Log Enconder Config Signed-off-by: Yuri Sa <yurimsa@gmail.com> * Added new Debug doc Signed-off-by: Yuri Sa <yurimsa@gmail.com> --------- Signed-off-by: Yuri Sa <yurimsa@gmail.com>
Signed-off-by: Juraci Paixão Kröhling <juraci@kroehling.de>
* Fix Signed-off-by: Pavol Loffay <p.loffay@gmail.com> * Fix Signed-off-by: Pavol Loffay <p.loffay@gmail.com> * Fix Signed-off-by: Pavol Loffay <p.loffay@gmail.com> * Fix Signed-off-by: Pavol Loffay <p.loffay@gmail.com> * Add test Signed-off-by: Pavol Loffay <p.loffay@gmail.com> --------- Signed-off-by: Pavol Loffay <p.loffay@gmail.com>
Signed-off-by: Yuri Sa <yurimsa@gmail.com>
…ility check (open-telemetry#2964) * Verify ServiceMonitor and PodMonitor are installed in prom cr availability check * Added changelog
…try#2968) Bumps [kyverno/action-install-chainsaw](https://github.com/kyverno/action-install-chainsaw) from 0.2.0 to 0.2.1. - [Release notes](https://github.com/kyverno/action-install-chainsaw/releases) - [Commits](kyverno/action-install-chainsaw@v0.2.0...v0.2.1) --- updated-dependencies: - dependency-name: kyverno/action-install-chainsaw dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Create a separate Service Monitor when the Prometheus exporter is present Signed-off-by: Israel Blancas <iblancasa@gmail.com> * Improve changelog Signed-off-by: Israel Blancas <iblancasa@gmail.com> * Fix prometheus-cr E2E test Signed-off-by: Israel Blancas <iblancasa@gmail.com> * Remove unused target Signed-off-by: Israel Blancas <iblancasa@gmail.com> * Add docstring Signed-off-by: Israel Blancas <iblancasa@gmail.com> * Fix typo Signed-off-by: Israel Blancas <iblancasa@gmail.com> * Change the label name Signed-off-by: Israel Blancas <iblancasa@gmail.com> * Change changelog description Signed-off-by: Israel Blancas <iblancasa@gmail.com> * Recover removed labels Signed-off-by: Israel Blancas <iblancasa@gmail.com> * Add missing labels Signed-off-by: Israel Blancas <iblancasa@gmail.com> * Remove wrong labels Signed-off-by: Israel Blancas <iblancasa@gmail.com> --------- Signed-off-by: Israel Blancas <iblancasa@gmail.com>
* Prepare release 0.100.0 Signed-off-by: Vineeth Pothulapati <vineethpothulapati@outlook.com> * update the chlog * update the chlog with open-telemetry#2877 merge --------- Signed-off-by: Vineeth Pothulapati <vineethpothulapati@outlook.com>
* Refactor consistent-hashing strategy * Refactor per-node strategy * Refactor least-weighted strategy * Minor allocation strategy refactor * Add some common allocation strategy tests * Fix collector and target reassignment * Minor allocator fixes * Add changelog entry * Fix an incorrect comment
* add back webhook port * chlog
Signed-off-by: Pavol Loffay <p.loffay@gmail.com>
* Support for kubernetes 1.30 version * Update makefile
…or, target allocator, opamp bridge (open-telemetry#2933) * set things * fix kustomize shim * restore, better chlog
Bumps alpine from 3.19 to 3.20. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…emetry#2991) Bumps alpine from 3.19 to 3.20. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/go-logr/logr](https://github.com/go-logr/logr) from 1.4.1 to 1.4.2. - [Release notes](https://github.com/go-logr/logr/releases) - [Changelog](https://github.com/go-logr/logr/blob/master/CHANGELOG.md) - [Commits](go-logr/logr@v1.4.1...v1.4.2) --- updated-dependencies: - dependency-name: github.com/go-logr/logr dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…try#2989) Bumps [kyverno/action-install-chainsaw](https://github.com/kyverno/action-install-chainsaw) from 0.2.1 to 0.2.2. - [Release notes](https://github.com/kyverno/action-install-chainsaw/releases) - [Commits](kyverno/action-install-chainsaw@v0.2.1...v0.2.2) --- updated-dependencies: - dependency-name: kyverno/action-install-chainsaw dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the otel group with 5 updates: | Package | From | To | | --- | --- | --- | | [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) | `1.26.0` | `1.27.0` | | [go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp](https://github.com/open-telemetry/opentelemetry-go) | `1.26.0` | `1.27.0` | | [go.opentelemetry.io/otel/metric](https://github.com/open-telemetry/opentelemetry-go) | `1.26.0` | `1.27.0` | | [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) | `1.26.0` | `1.27.0` | | [go.opentelemetry.io/otel/sdk/metric](https://github.com/open-telemetry/opentelemetry-go) | `1.26.0` | `1.27.0` | Updates `go.opentelemetry.io/otel` from 1.26.0 to 1.27.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.26.0...v1.27.0) Updates `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp` from 1.26.0 to 1.27.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.26.0...v1.27.0) Updates `go.opentelemetry.io/otel/metric` from 1.26.0 to 1.27.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.26.0...v1.27.0) Updates `go.opentelemetry.io/otel/sdk` from 1.26.0 to 1.27.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.26.0...v1.27.0) Updates `go.opentelemetry.io/otel/sdk/metric` from 1.26.0 to 1.27.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.26.0...v1.27.0) --- updated-dependencies: - dependency-name: go.opentelemetry.io/otel dependency-type: direct:production update-type: version-update:semver-minor dependency-group: otel - dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp dependency-type: direct:production update-type: version-update:semver-minor dependency-group: otel - dependency-name: go.opentelemetry.io/otel/metric dependency-type: direct:production update-type: version-update:semver-minor dependency-group: otel - dependency-name: go.opentelemetry.io/otel/sdk dependency-type: direct:production update-type: version-update:semver-minor dependency-group: otel - dependency-name: go.opentelemetry.io/otel/sdk/metric dependency-type: direct:production update-type: version-update:semver-minor dependency-group: otel ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
swiatekm
reviewed
Jun 6, 2024
| initContainers := params.OtelCol.Spec.InitContainers | ||
|
|
||
| if params.Config.CertManagerAvailability() == certmanager.Available { | ||
| initContainers = append(initContainers, corev1.Container{ |
There was a problem hiding this comment.
These certs are already included in all the images:
opentelemetry-operator/Dockerfile
Line 14 in 4cd4454
There was a problem hiding this comment.
We need to add the ca.crt cert to the client trust store, and from what i understand it is best to let update-ca-certificates do that as opposed to touch the /etc/ssl/certs/ca-certificates.crt file directly.
There was a problem hiding this comment.
If we do want the CA cert here, do we need to merge it with the existing store, even? Neither side of the collector -> ta connection needs to to accept any other certs.
There was a problem hiding this comment.
Not that i know of, but then why would it be there to begin with? maybe for outgoing endpoints? exporters?
There was a problem hiding this comment.
For the collector, so it can connect to the outside world. For target allocator I don't think it's necessary right now, but there's no harm in including it.
|
Ok, I'd like to make sure I understand the process here:
Is that correct? |
100% |
swiatekm
reviewed
Jun 7, 2024
go.mod
Outdated
| @@ -28,7 +28,7 @@ require ( | |||
| github.com/shirou/gopsutil v3.21.11+incompatible | |||
| github.com/spf13/pflag v1.0.5 | |||
| github.com/stretchr/testify v1.9.0 | |||
| go.opentelemetry.io/collector/featuregate v1.5.0 | |||
There was a problem hiding this comment.
Are these gomod changes necessary here?
There was a problem hiding this comment.
Result of running go mod tidy. Issue?
There was a problem hiding this comment.
It shouldn't happen in an unrelated PR. #3028 will take care of the featuregate package. Can you also move the one dependency you're adding to the top require section?
|
@jaronoff97 @pavolloffay do you reckon we should add a featuregate for this? Right now, it affects any target allocator user with cert-manager installed, which may be risky. |
|
@swiatekm-sumo i think in that case, yes we should featuregate it. It would be good to get this out so the interested users can test this as well. |
|
@ItielOlenick to add a feature gate, have a look at https://github.com/open-telemetry/opentelemetry-operator/blob/main/pkg/featuregate/featuregate.go. Feature gates are different from normal command-line flags in that they have a lifecycle and the intent is to eventually enable them unconditionally. |
|
@ItielOlenick if you want to run E2E tests with your feature flag enabled, have a look at how this is done for existing flags: . I think it'd be fine to just the tests undere2e-targetallocator with the flag enabled.
|
|
@swiatekm-sumo Thanks, Ill checkit out. |
|
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description:
Link to tracking Issue(s):
2nd PR towards a solution for #1669
Testing:
Documentation: