From 03d6db116f83a1baad6a16aa76df618cd40f1d52 Mon Sep 17 00:00:00 2001 From: Danny Seymour Date: Thu, 31 Oct 2024 18:05:36 -0700 Subject: [PATCH] feat: Add TargetAllocator MTLS configuration to operator chart --- Makefile | 8 ++++---- charts/opentelemetry-operator/Chart.yaml | 2 +- charts/opentelemetry-operator/UPGRADING.md | 6 +++++- .../operator-webhook-with-cert-manager.yaml | 4 ++-- .../default/rendered/certmanager.yaml | 4 ++-- .../default/rendered/clusterrole.yaml | 6 +++--- .../default/rendered/clusterrolebinding.yaml | 4 ++-- .../examples/default/rendered/deployment.yaml | 2 +- .../examples/default/rendered/role.yaml | 2 +- .../default/rendered/rolebinding.yaml | 2 +- .../examples/default/rendered/service.yaml | 4 ++-- .../default/rendered/serviceaccount.yaml | 2 +- .../tests/test-certmanager-connection.yaml | 2 +- .../tests/test-service-connection.yaml | 4 ++-- .../templates/_helpers.tpl | 6 ++++++ .../templates/clusterrole.yaml | 18 ++++++++++++++++++ .../templates/deployment.yaml | 6 ++++-- .../opentelemetry-operator/values.schema.json | 19 ++++++++++++++++++- charts/opentelemetry-operator/values.yaml | 5 +++++ 19 files changed, 79 insertions(+), 27 deletions(-) diff --git a/Makefile b/Makefile index cf958b186..b1ebd153c 100644 --- a/Makefile +++ b/Makefile @@ -7,7 +7,7 @@ generate-examples: for chart_name in $(CHARTS); do \ helm dependency build charts/$${chart_name}; \ EXAMPLES_DIR=charts/$${chart_name}/examples; \ - EXAMPLES=$$(find $${EXAMPLES_DIR} -type d -maxdepth 1 -mindepth 1 -exec basename \{\} \;); \ + EXAMPLES=$$(find $${EXAMPLES_DIR} -maxdepth 1 -mindepth 1 -type d -exec basename \{\} \;); \ for example in $${EXAMPLES}; do \ echo "Generating example: $${example}"; \ VALUES=$$(find $${EXAMPLES_DIR}/$${example} -name *values.yaml); \ @@ -17,7 +17,7 @@ generate-examples: mv $${EXAMPLES_DIR}/$${example}/rendered/$${chart_name}/templates/* "$${EXAMPLES_DIR}/$${example}/rendered"; \ SUBCHARTS_DIR=$${EXAMPLES_DIR}/$${example}/rendered/$${chart_name}/charts; \ if [ -d "$${SUBCHARTS_DIR}" ]; then \ - SUBCHARTS=$$(find $${SUBCHARTS_DIR} -type d -maxdepth 1 -mindepth 1 -exec basename \{\} \;); \ + SUBCHARTS=$$(find $${SUBCHARTS_DIR} -maxdepth 1 -mindepth 1 -type d -exec basename \{\} \;); \ for subchart in $${SUBCHARTS}; do \ mkdir -p "$${EXAMPLES_DIR}/$${example}/rendered/$${subchart}"; \ mv $${SUBCHARTS_DIR}/$${subchart}/templates/* "$${EXAMPLES_DIR}/$${example}/rendered/$${subchart}"; \ @@ -32,7 +32,7 @@ generate-examples: check-examples: for chart_name in $(CHARTS); do \ EXAMPLES_DIR=charts/$${chart_name}/examples; \ - EXAMPLES=$$(find $${EXAMPLES_DIR} -type d -maxdepth 1 -mindepth 1 -exec basename \{\} \;); \ + EXAMPLES=$$(find $${EXAMPLES_DIR} -maxdepth 1 -mindepth 1 -type d -exec basename \{\} \;); \ for example in $${EXAMPLES}; do \ echo "Checking example: $${example}"; \ VALUES=$$(find $${EXAMPLES_DIR}/$${example} -name *values.yaml); \ @@ -40,7 +40,7 @@ check-examples: helm dependency build charts/$${chart_name}; \ helm template example charts/$${chart_name} --namespace default --values $${value} --output-dir "${TMP_DIRECTORY}/$${example}"; \ SUBCHARTS_DIR=${TMP_DIRECTORY}/$${example}/$${chart_name}/charts; \ - SUBCHARTS=$$(find $${SUBCHARTS_DIR} -type d -maxdepth 1 -mindepth 1 -exec basename \{\} \;); \ + SUBCHARTS=$$(find $${SUBCHARTS_DIR} -maxdepth 1 -mindepth 1 -type d -exec basename \{\} \;); \ for subchart in $${SUBCHARTS}; do \ mkdir -p "${TMP_DIRECTORY}/$${example}/$${chart_name}/templates/$${subchart}"; \ mv ${TMP_DIRECTORY}/$${example}/$${chart_name}/charts/$${subchart}/templates/* "${TMP_DIRECTORY}/$${example}/$${chart_name}/templates/$${subchart}"; \ diff --git a/charts/opentelemetry-operator/Chart.yaml b/charts/opentelemetry-operator/Chart.yaml index 674adbefa..caa1804d7 100644 --- a/charts/opentelemetry-operator/Chart.yaml +++ b/charts/opentelemetry-operator/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: opentelemetry-operator -version: 0.72.0 +version: 0.72.1 description: OpenTelemetry Operator Helm chart for Kubernetes type: application home: https://opentelemetry.io/ diff --git a/charts/opentelemetry-operator/UPGRADING.md b/charts/opentelemetry-operator/UPGRADING.md index dd37048e3..18d276bc6 100644 --- a/charts/opentelemetry-operator/UPGRADING.md +++ b/charts/opentelemetry-operator/UPGRADING.md @@ -1,5 +1,9 @@ # Upgrade guidelines +## 0.72.0 to 0.72.1 + +Prior to 0.72.1, feature gates could be enabled via the `manager.featureGates` property. As feature gates may require extra configuration to work properly, e.g. deploying extra permissions on the ClusterRole, the chart has been updated to make use of the `manager.featureGatesMap` property which allows the chart to smartly configure feature gates. If the `manager.featureGatesMap` property is set, the old `manager.featureGates` property will be ignored. + ## 0.57.0 to 0.58.0 OpenTelemetry Operator [0.99.0](https://github.com/open-telemetry/opentelemetry-operator/releases/tag/v0.99.0) includes a new version of the `OpenTelemetryCollector` CRD. See [this document][v1beta1_migration] for upgrade instructions for the new Operator CRD. Please make sure you also follow the [helm upgrade instructions](./UPGRADING.md#0560-to-0570) for helm chart 0.57.0. @@ -29,7 +33,7 @@ You can also delete the CRDs and let Helm recreate them, but doing so will also ## 0.55.3 to 0.56.0 -> [!WARNING] +> [!WARNING] > As part of working towards using the [OpenTelemetry Collector Kubernetes Distro](https://github.com/open-telemetry/opentelemetry-collector-releases/tree/main/distributions/otelcol-k8s) by default, the chart now requires users to explicitly set a collector image repository. If you are already explicitly setting a collector image repository this breaking change does not affect you. If you are using a OpenTelemetry Community distribution of the Collector we recommend you use `otel/opentelemetry-collector-k8s`, but carefully review the [components included in this distribution](https://github.com/open-telemetry/opentelemetry-collector-releases/blob/main/distributions/otelcol-k8s/manifest.yaml) to make sure it includes all the components you use in your configuration. In the future this distribution will become the default image used for the chart. diff --git a/charts/opentelemetry-operator/examples/default/rendered/admission-webhooks/operator-webhook-with-cert-manager.yaml b/charts/opentelemetry-operator/examples/default/rendered/admission-webhooks/operator-webhook-with-cert-manager.yaml index a0612d583..db40c6041 100644 --- a/charts/opentelemetry-operator/examples/default/rendered/admission-webhooks/operator-webhook-with-cert-manager.yaml +++ b/charts/opentelemetry-operator/examples/default/rendered/admission-webhooks/operator-webhook-with-cert-manager.yaml @@ -6,7 +6,7 @@ metadata: annotations: cert-manager.io/inject-ca-from: default/example-opentelemetry-operator-serving-cert labels: - helm.sh/chart: opentelemetry-operator-0.72.0 + helm.sh/chart: opentelemetry-operator-0.72.1 app.kubernetes.io/name: opentelemetry-operator app.kubernetes.io/version: "0.111.0" app.kubernetes.io/managed-by: Helm @@ -91,7 +91,7 @@ metadata: annotations: cert-manager.io/inject-ca-from: default/example-opentelemetry-operator-serving-cert labels: - helm.sh/chart: opentelemetry-operator-0.72.0 + helm.sh/chart: opentelemetry-operator-0.72.1 app.kubernetes.io/name: opentelemetry-operator app.kubernetes.io/version: "0.111.0" app.kubernetes.io/managed-by: Helm diff --git a/charts/opentelemetry-operator/examples/default/rendered/certmanager.yaml b/charts/opentelemetry-operator/examples/default/rendered/certmanager.yaml index 114ad17ef..9fc462ec9 100644 --- a/charts/opentelemetry-operator/examples/default/rendered/certmanager.yaml +++ b/charts/opentelemetry-operator/examples/default/rendered/certmanager.yaml @@ -4,7 +4,7 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: labels: - helm.sh/chart: opentelemetry-operator-0.72.0 + helm.sh/chart: opentelemetry-operator-0.72.1 app.kubernetes.io/name: opentelemetry-operator app.kubernetes.io/version: "0.111.0" app.kubernetes.io/managed-by: Helm @@ -30,7 +30,7 @@ apiVersion: cert-manager.io/v1 kind: Issuer metadata: labels: - helm.sh/chart: opentelemetry-operator-0.72.0 + helm.sh/chart: opentelemetry-operator-0.72.1 app.kubernetes.io/name: opentelemetry-operator app.kubernetes.io/version: "0.111.0" app.kubernetes.io/managed-by: Helm diff --git a/charts/opentelemetry-operator/examples/default/rendered/clusterrole.yaml b/charts/opentelemetry-operator/examples/default/rendered/clusterrole.yaml index 39b77ddf3..22f2a18a6 100644 --- a/charts/opentelemetry-operator/examples/default/rendered/clusterrole.yaml +++ b/charts/opentelemetry-operator/examples/default/rendered/clusterrole.yaml @@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: - helm.sh/chart: opentelemetry-operator-0.72.0 + helm.sh/chart: opentelemetry-operator-0.72.1 app.kubernetes.io/name: opentelemetry-operator app.kubernetes.io/version: "0.111.0" app.kubernetes.io/managed-by: Helm @@ -223,7 +223,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: - helm.sh/chart: opentelemetry-operator-0.72.0 + helm.sh/chart: opentelemetry-operator-0.72.1 app.kubernetes.io/name: opentelemetry-operator app.kubernetes.io/version: "0.111.0" app.kubernetes.io/managed-by: Helm @@ -242,7 +242,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: - helm.sh/chart: opentelemetry-operator-0.72.0 + helm.sh/chart: opentelemetry-operator-0.72.1 app.kubernetes.io/name: opentelemetry-operator app.kubernetes.io/version: "0.111.0" app.kubernetes.io/managed-by: Helm diff --git a/charts/opentelemetry-operator/examples/default/rendered/clusterrolebinding.yaml b/charts/opentelemetry-operator/examples/default/rendered/clusterrolebinding.yaml index 3e584e7e9..4b3581528 100644 --- a/charts/opentelemetry-operator/examples/default/rendered/clusterrolebinding.yaml +++ b/charts/opentelemetry-operator/examples/default/rendered/clusterrolebinding.yaml @@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: opentelemetry-operator-0.72.0 + helm.sh/chart: opentelemetry-operator-0.72.1 app.kubernetes.io/name: opentelemetry-operator app.kubernetes.io/version: "0.111.0" app.kubernetes.io/managed-by: Helm @@ -26,7 +26,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: opentelemetry-operator-0.72.0 + helm.sh/chart: opentelemetry-operator-0.72.1 app.kubernetes.io/name: opentelemetry-operator app.kubernetes.io/version: "0.111.0" app.kubernetes.io/managed-by: Helm diff --git a/charts/opentelemetry-operator/examples/default/rendered/deployment.yaml b/charts/opentelemetry-operator/examples/default/rendered/deployment.yaml index 2c29b6f86..89829d154 100644 --- a/charts/opentelemetry-operator/examples/default/rendered/deployment.yaml +++ b/charts/opentelemetry-operator/examples/default/rendered/deployment.yaml @@ -4,7 +4,7 @@ apiVersion: apps/v1 kind: Deployment metadata: labels: - helm.sh/chart: opentelemetry-operator-0.72.0 + helm.sh/chart: opentelemetry-operator-0.72.1 app.kubernetes.io/name: opentelemetry-operator app.kubernetes.io/version: "0.111.0" app.kubernetes.io/managed-by: Helm diff --git a/charts/opentelemetry-operator/examples/default/rendered/role.yaml b/charts/opentelemetry-operator/examples/default/rendered/role.yaml index 44e899068..74cc1e239 100644 --- a/charts/opentelemetry-operator/examples/default/rendered/role.yaml +++ b/charts/opentelemetry-operator/examples/default/rendered/role.yaml @@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: - helm.sh/chart: opentelemetry-operator-0.72.0 + helm.sh/chart: opentelemetry-operator-0.72.1 app.kubernetes.io/name: opentelemetry-operator app.kubernetes.io/version: "0.111.0" app.kubernetes.io/managed-by: Helm diff --git a/charts/opentelemetry-operator/examples/default/rendered/rolebinding.yaml b/charts/opentelemetry-operator/examples/default/rendered/rolebinding.yaml index b93a65e65..66cd1bb83 100644 --- a/charts/opentelemetry-operator/examples/default/rendered/rolebinding.yaml +++ b/charts/opentelemetry-operator/examples/default/rendered/rolebinding.yaml @@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: - helm.sh/chart: opentelemetry-operator-0.72.0 + helm.sh/chart: opentelemetry-operator-0.72.1 app.kubernetes.io/name: opentelemetry-operator app.kubernetes.io/version: "0.111.0" app.kubernetes.io/managed-by: Helm diff --git a/charts/opentelemetry-operator/examples/default/rendered/service.yaml b/charts/opentelemetry-operator/examples/default/rendered/service.yaml index 5eb56698e..cc204f36f 100644 --- a/charts/opentelemetry-operator/examples/default/rendered/service.yaml +++ b/charts/opentelemetry-operator/examples/default/rendered/service.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: Service metadata: labels: - helm.sh/chart: opentelemetry-operator-0.72.0 + helm.sh/chart: opentelemetry-operator-0.72.1 app.kubernetes.io/name: opentelemetry-operator app.kubernetes.io/version: "0.111.0" app.kubernetes.io/managed-by: Helm @@ -32,7 +32,7 @@ apiVersion: v1 kind: Service metadata: labels: - helm.sh/chart: opentelemetry-operator-0.72.0 + helm.sh/chart: opentelemetry-operator-0.72.1 app.kubernetes.io/name: opentelemetry-operator app.kubernetes.io/version: "0.111.0" app.kubernetes.io/managed-by: Helm diff --git a/charts/opentelemetry-operator/examples/default/rendered/serviceaccount.yaml b/charts/opentelemetry-operator/examples/default/rendered/serviceaccount.yaml index 342c5f4ea..53debc854 100644 --- a/charts/opentelemetry-operator/examples/default/rendered/serviceaccount.yaml +++ b/charts/opentelemetry-operator/examples/default/rendered/serviceaccount.yaml @@ -6,7 +6,7 @@ metadata: name: opentelemetry-operator namespace: default labels: - helm.sh/chart: opentelemetry-operator-0.72.0 + helm.sh/chart: opentelemetry-operator-0.72.1 app.kubernetes.io/name: opentelemetry-operator app.kubernetes.io/version: "0.111.0" app.kubernetes.io/managed-by: Helm diff --git a/charts/opentelemetry-operator/examples/default/rendered/tests/test-certmanager-connection.yaml b/charts/opentelemetry-operator/examples/default/rendered/tests/test-certmanager-connection.yaml index 9fe9a1e15..5480ae05a 100644 --- a/charts/opentelemetry-operator/examples/default/rendered/tests/test-certmanager-connection.yaml +++ b/charts/opentelemetry-operator/examples/default/rendered/tests/test-certmanager-connection.yaml @@ -6,7 +6,7 @@ metadata: name: "example-opentelemetry-operator-cert-manager" namespace: default labels: - helm.sh/chart: opentelemetry-operator-0.72.0 + helm.sh/chart: opentelemetry-operator-0.72.1 app.kubernetes.io/name: opentelemetry-operator app.kubernetes.io/version: "0.111.0" app.kubernetes.io/managed-by: Helm diff --git a/charts/opentelemetry-operator/examples/default/rendered/tests/test-service-connection.yaml b/charts/opentelemetry-operator/examples/default/rendered/tests/test-service-connection.yaml index 85846156c..ef494a26e 100644 --- a/charts/opentelemetry-operator/examples/default/rendered/tests/test-service-connection.yaml +++ b/charts/opentelemetry-operator/examples/default/rendered/tests/test-service-connection.yaml @@ -6,7 +6,7 @@ metadata: name: "example-opentelemetry-operator-metrics" namespace: default labels: - helm.sh/chart: opentelemetry-operator-0.72.0 + helm.sh/chart: opentelemetry-operator-0.72.1 app.kubernetes.io/name: opentelemetry-operator app.kubernetes.io/version: "0.111.0" app.kubernetes.io/managed-by: Helm @@ -44,7 +44,7 @@ metadata: name: "example-opentelemetry-operator-webhook" namespace: default labels: - helm.sh/chart: opentelemetry-operator-0.72.0 + helm.sh/chart: opentelemetry-operator-0.72.1 app.kubernetes.io/name: opentelemetry-operator app.kubernetes.io/version: "0.111.0" app.kubernetes.io/managed-by: Helm diff --git a/charts/opentelemetry-operator/templates/_helpers.tpl b/charts/opentelemetry-operator/templates/_helpers.tpl index 6539a73f5..3fd4443c2 100644 --- a/charts/opentelemetry-operator/templates/_helpers.tpl +++ b/charts/opentelemetry-operator/templates/_helpers.tpl @@ -150,3 +150,9 @@ The image to use for opentelemetry-operator. {{- define "opentelemetry-operator.image" -}} {{- printf "%s:%s" .Values.manager.image.repository (default .Chart.AppVersion .Values.manager.image.tag) }} {{- end }} + +{{- define "opentelemetry-operator.featureGatesMap" -}} +{{- if .Values.manager.featureGatesMap.targetAllocatorMtls -}} +--feature-gates=operator.targetallocator.mtls=true +{{- end }} +{{- end }} diff --git a/charts/opentelemetry-operator/templates/clusterrole.yaml b/charts/opentelemetry-operator/templates/clusterrole.yaml index 1dd7786a3..91d265d6d 100644 --- a/charts/opentelemetry-operator/templates/clusterrole.yaml +++ b/charts/opentelemetry-operator/templates/clusterrole.yaml @@ -235,6 +235,24 @@ rules: - patch - update - watch + {{- if .Values.manager.featureGatesMap }} + {{- if .Values.manager.featureGatesMap.targetAllocatorMtls }} + - apiGroups: + - cert-manager.io + resources: + - issuers + - certificaterequests + - certificates + verbs: + - create + - get + - list + - watch + - update + - patch + - delete + {{- end }} + {{- end }} {{ if .Values.kubeRBACProxy.enabled }} --- diff --git a/charts/opentelemetry-operator/templates/deployment.yaml b/charts/opentelemetry-operator/templates/deployment.yaml index 32333f4b9..5f090ddcb 100644 --- a/charts/opentelemetry-operator/templates/deployment.yaml +++ b/charts/opentelemetry-operator/templates/deployment.yaml @@ -74,8 +74,10 @@ spec: {{- if and .Values.manager.autoInstrumentationImage.apacheHttpd.repository .Values.manager.autoInstrumentationImage.apacheHttpd.tag }} - --auto-instrumentation-apache-httpd-image={{ .Values.manager.autoInstrumentationImage.apacheHttpd.repository }}:{{ .Values.manager.autoInstrumentationImage.apacheHttpd.tag }} {{- end }} - {{- if .Values.manager.featureGates }} - - --feature-gates={{ .Values.manager.featureGates }} + {{- if and .Values.manager.featureGatesMap }} + - {{ include "opentelemetry-operator.featureGatesMap" . }} + {{- else if ne .Values.manager.featureGates "" }} + - --feature-gates={{ .Values.manager.featureGates | quote }} {{- end }} {{- if .Values.manager.extraArgs }} {{- .Values.manager.extraArgs | toYaml | nindent 12 }} diff --git a/charts/opentelemetry-operator/values.schema.json b/charts/opentelemetry-operator/values.schema.json index c96a1b76f..39725a034 100644 --- a/charts/opentelemetry-operator/values.schema.json +++ b/charts/opentelemetry-operator/values.schema.json @@ -512,9 +512,26 @@ "featureGates": { "type": "string", "default": "", + "title": "The featureGates to enable", + "examples": "" + }, + "featureGatesMap": { + "type": "object", + "default": {}, "title": "The featureGates Schema", + "additionalProperties": false, + "properties": { + "targetAllocatorMtls": { + "type": "boolean", + "default": false, + "title": "Whether to enable MTLS for Target Allocator communication", + "examples": [ + false + ] + } + }, "examples": [ - "" + {} ] }, "ports": { diff --git a/charts/opentelemetry-operator/values.yaml b/charts/opentelemetry-operator/values.yaml index d5652d9b4..c304f972d 100644 --- a/charts/opentelemetry-operator/values.yaml +++ b/charts/opentelemetry-operator/values.yaml @@ -74,7 +74,12 @@ manager: # Prefix a gate with '-' to disable support. # Prefixing a gate with '+' or no prefix will enable support. # A full list of valid identifiers can be found here: https://github.com/open-telemetry/opentelemetry-operator/blob/main/pkg/featuregate/featuregate.go + # NOTE: the featureGates value is deprecated and will be replaced by featureGatesMap in the future. featureGates: "" + # The featureGatesMap will enable or disable specific feature gates in the operator as well as deploy any prerequisites for the feature gate. + # If this property is not an empty map, the featureGates property will be ignored. + featureGatesMap: {} + # targetAllocatorMtls: false ports: metricsPort: 8080 webhookPort: 9443