DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Images: Remove OpenTelemetry. (#12024)

Browse source
This commit is contained in:
Marco Ebert 2024-09-29 17:31:04 +02:00 committed by GitHub
parent f369ffb073
commit 3f6e6aef78
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
19 changed files with 18 additions and 668 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
.github/workflows/images.yaml vendored
View file

@ -37,7 +37,6 @@ jobs:
ext-auth-example-authsvc: ${{ steps.filter.outputs.ext-auth-example-authsvc }}
nginx: ${{ steps.filter.outputs.nginx }}
nginx125: ${{ steps.filter.outputs.nginx125 }}
opentelemetry: ${{ steps.filter.outputs.opentelemetry }}
steps:
- name: Checkout
@ -65,8 +64,6 @@ jobs:
- 'images/ext-auth-example-authsvc/**'
nginx:
- 'images/nginx/**'
opentelemetry:
- 'images/opentelemetry/**'
nginx125:
- 'images/nginx-1.25/TAG'
@ -166,23 +163,6 @@ jobs:
run: |
cd images/ && make NAME=kube-webhook-certgen test test-e2e
opentelemetry:
runs-on: ubuntu-latest
env:
PLATFORMS: linux/amd64,linux/arm,linux/arm64
needs: changes
if: |
(needs.changes.outputs.opentelemetry == 'true')
strategy:
matrix:
nginx: ['1.25.3', '1.21.6']
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: image build
run: |
cd images/opentelemetry && make NGINX_VERSION=${{ matrix.nginx }} build
nginx125:
permissions:
contents: write

17
charts/ingress-nginx/README.md
View file

@ -310,7 +310,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
| controller.extraContainers | list | `[]` | Additional containers to be added to the controller pod. See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example. |
| controller.extraEnvs | list | `[]` | Additional environment variables to set |
| controller.extraInitContainers | list | `[]` | Containers, which are run before the app containers are started. |
| controller.extraModules | list | `[]` | Modules, which are mounted into the core nginx image. See values.yaml for a sample to add opentelemetry module |
| controller.extraModules | list | `[]` | Modules, which are mounted into the core nginx image. |
| controller.extraVolumeMounts | list | `[]` | Additional volumeMounts to the controller main container. |
| controller.extraVolumes | list | `[]` | Additional volumes to the controller pod. |
| controller.healthCheckHost | string | `""` | Address to bind the health check endpoint. It is better to set this option to the internal node address if the Ingress-Nginx Controller is running in the `hostNetwork: true` mode. |
@ -393,21 +393,6 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
| controller.name | string | `"controller"` | |
| controller.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not |
| controller.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for controller pod assignment # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ # |
| controller.opentelemetry.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | |
| controller.opentelemetry.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | |
| controller.opentelemetry.containerSecurityContext.readOnlyRootFilesystem | bool | `true` | |
| controller.opentelemetry.containerSecurityContext.runAsGroup | int | `65532` | |
| controller.opentelemetry.containerSecurityContext.runAsNonRoot | bool | `true` | |
| controller.opentelemetry.containerSecurityContext.runAsUser | int | `65532` | The image's default user, inherited from its base image `cgr.dev/chainguard/static`. |
| controller.opentelemetry.containerSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | |
| controller.opentelemetry.enabled | bool | `false` | |
| controller.opentelemetry.image.digest | string | `"sha256:f7604ac0547ed64d79b98d92133234e66c2c8aade3c1f4809fed5eec1fb7f922"` | |
| controller.opentelemetry.image.distroless | bool | `true` | |
| controller.opentelemetry.image.image | string | `"ingress-nginx/opentelemetry-1.25.3"` | |
| controller.opentelemetry.image.registry | string | `"registry.k8s.io"` | |
| controller.opentelemetry.image.tag | string | `"v20240813-b933310d"` | |
| controller.opentelemetry.name | string | `"opentelemetry"` | |
| controller.opentelemetry.resources | object | `{}` | |
| controller.podAnnotations | object | `{}` | Annotations to be added to controller pods # |
| controller.podLabels | object | `{}` | Labels to add to the pod container metadata |
| controller.podSecurityContext | object | `{}` | Security context for controller pods |

30
charts/ingress-nginx/ci/controller-daemonset-extra-modules-values.yaml
View file

@ -1,30 +0,0 @@
controller:
image:
repository: ingress-controller/controller
tag: 1.0.0-dev
digest: null
service:
type: ClusterIP
kind: DaemonSet
extraModules:
- name: opentelemetry
image:
registry: registry.k8s.io
image: ingress-nginx/opentelemetry-1.25.3
tag: v20240813-b933310d
digest: sha256:f7604ac0547ed64d79b98d92133234e66c2c8aade3c1f4809fed5eec1fb7f922
distroless: true
containerSecurityContext:
runAsNonRoot: true
runAsUser: 65532
runAsGroup: 65532
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true

13
charts/ingress-nginx/ci/controller-daemonset-opentelemetry-values.yaml
View file

@ -1,13 +0,0 @@
controller:
image:
repository: ingress-controller/controller
tag: 1.0.0-dev
digest: null
service:
type: ClusterIP
kind: DaemonSet
opentelemetry:
enabled: true

30
charts/ingress-nginx/ci/controller-deployment-extra-modules-values.yaml
View file

@ -1,30 +0,0 @@
controller:
image:
repository: ingress-controller/controller
tag: 1.0.0-dev
digest: null
service:
type: ClusterIP
kind: Deployment
extraModules:
- name: opentelemetry
image:
registry: registry.k8s.io
image: ingress-nginx/opentelemetry-1.25.3
tag: v20240813-b933310d
digest: sha256:f7604ac0547ed64d79b98d92133234e66c2c8aade3c1f4809fed5eec1fb7f922
distroless: true
containerSecurityContext:
runAsNonRoot: true
runAsUser: 65532
runAsGroup: 65532
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true

13
charts/ingress-nginx/ci/controller-deployment-opentelemetry-values.yaml
View file

@ -1,13 +0,0 @@
controller:
image:
repository: ingress-controller/controller
tag: 1.0.0-dev
digest: null
service:
type: ClusterIP
kind: Deployment
opentelemetry:
enabled: true

16
charts/ingress-nginx/templates/controller-daemonset.yaml
View file

@ -144,9 +144,9 @@ spec:
hostPort: {{ $key }}
{{- end }}
{{- end }}
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }}
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraModules) }}
volumeMounts:
{{- if (or .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }}
{{- if .Values.controller.extraModules }}
- name: modules
{{- if .Values.controller.image.chroot }}
mountPath: /chroot/modules_mount
@ -174,7 +174,7 @@ spec:
{{- if .Values.controller.extraContainers }}
{{- toYaml .Values.controller.extraContainers | nindent 8 }}
{{- end }}
{{- if (or .Values.controller.extraInitContainers .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }}
{{- if (or .Values.controller.extraInitContainers .Values.controller.extraModules) }}
initContainers:
{{- if .Values.controller.extraInitContainers }}
{{- toYaml .Values.controller.extraInitContainers | nindent 8 }}
@ -185,12 +185,6 @@ spec:
{{- include "extraModules" (dict "name" .name "image" .image "containerSecurityContext" $containerSecurityContext "resources" .resources) | nindent 8 }}
{{- end }}
{{- end }}
{{- if .Values.controller.opentelemetry.enabled }}
{{- with .Values.controller.opentelemetry }}
{{- $containerSecurityContext := .containerSecurityContext | default $.Values.controller.containerSecurityContext }}
{{- include "extraModules" (dict "name" .name "image" .image "containerSecurityContext" $containerSecurityContext "resources" .resources) | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.controller.hostNetwork }}
hostNetwork: {{ .Values.controller.hostNetwork }}
@ -209,9 +203,9 @@ spec:
{{- end }}
serviceAccountName: {{ template "ingress-nginx.serviceAccountName" . }}
terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }}
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes .Values.controller.extraModules) }}
volumes:
{{- if (or .Values.controller.extraModules .Values.controller.opentelemetry.enabled)}}
{{- if .Values.controller.extraModules }}
- name: modules
emptyDir: {}
{{- end }}

16
charts/ingress-nginx/templates/controller-deployment.yaml
View file

@ -150,9 +150,9 @@ spec:
hostPort: {{ $key }}
{{- end }}
{{- end }}
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }}
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraModules) }}
volumeMounts:
{{- if (or .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }}
{{- if .Values.controller.extraModules }}
- name: modules
{{- if .Values.controller.image.chroot }}
mountPath: /chroot/modules_mount
@ -180,7 +180,7 @@ spec:
{{- if .Values.controller.extraContainers }}
{{- toYaml .Values.controller.extraContainers | nindent 8 }}
{{- end }}
{{- if (or .Values.controller.extraInitContainers .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }}
{{- if (or .Values.controller.extraInitContainers .Values.controller.extraModules) }}
initContainers:
{{- if .Values.controller.extraInitContainers }}
{{- toYaml .Values.controller.extraInitContainers | nindent 8 }}
@ -191,12 +191,6 @@ spec:
{{- include "extraModules" (dict "name" .name "image" .image "containerSecurityContext" $containerSecurityContext "resources" .resources) | nindent 8 }}
{{- end }}
{{- end }}
{{- if .Values.controller.opentelemetry.enabled }}
{{- with .Values.controller.opentelemetry }}
{{- $containerSecurityContext := .containerSecurityContext | default $.Values.controller.containerSecurityContext }}
{{- include "extraModules" (dict "name" .name "image" .image "containerSecurityContext" $containerSecurityContext "resources" .resources) | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.controller.hostNetwork }}
hostNetwork: {{ .Values.controller.hostNetwork }}
@ -215,9 +209,9 @@ spec:
{{- end }}
serviceAccountName: {{ template "ingress-nginx.serviceAccountName" . }}
terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }}
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes .Values.controller.extraModules) }}
volumes:
{{- if (or .Values.controller.extraModules .Values.controller.opentelemetry.enabled)}}
{{- if .Values.controller.extraModules }}
- name: modules
emptyDir: {}
{{- end }}

27
charts/ingress-nginx/values.yaml
View file

@ -682,7 +682,7 @@ controller:
# image: busybox
# command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;']
# -- Modules, which are mounted into the core nginx image. See values.yaml for a sample to add opentelemetry module
# -- Modules, which are mounted into the core nginx image.
extraModules: []
# - name: mytestmodule
# image:
@ -711,31 +711,6 @@ controller:
# will be executed as initContainers, to move its config files within the
# mounted volume.
opentelemetry:
enabled: false
name: opentelemetry
image:
registry: registry.k8s.io
image: ingress-nginx/opentelemetry-1.25.3
## for backwards compatibility consider setting the full image url via the repository value below
## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
## repository:
tag: v20240813-b933310d
digest: sha256:f7604ac0547ed64d79b98d92133234e66c2c8aade3c1f4809fed5eec1fb7f922
distroless: true
containerSecurityContext:
runAsNonRoot: true
# -- The image's default user, inherited from its base image `cgr.dev/chainguard/static`.
runAsUser: 65532
runAsGroup: 65532
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
resources: {}
admissionWebhooks:
name: admission
annotations: {}

22
docs/user-guide/third-party-addons/opentelemetry.md
View file

@ -147,17 +147,7 @@ graph TB
To install the example and collectors run:
1. Enable Ingress addon with:
```yaml
opentelemetry:
enabled: true
image: registry.k8s.io/ingress-nginx/opentelemetry-1.25.3:v20240813-b933310d@sha256:f7604ac0547ed64d79b98d92133234e66c2c8aade3c1f4809fed5eec1fb7f922
containerSecurityContext:
allowPrivilegeEscalation: false
```
2. Enable OpenTelemetry and set the otlp-collector-host:
1. Enable OpenTelemetry and set the otlp-collector-host:
```yaml
$ echo '
@ -183,7 +173,7 @@ To install the example and collectors run:
' | kubectl replace -f -
```
4. Deploy otel-collector, grafana and Jaeger backend:
2. Deploy otel-collector, grafana and Jaeger backend:
```bash
# add helm charts needed for grafana and OpenTelemetry collector
@ -218,7 +208,7 @@ To install the example and collectors run:
make deploy-app
```
5. Make a few requests to the Service:
4. Make a few requests to the Service:
```bash
kubectl port-forward --namespace=ingress-nginx service/ingress-nginx-controller 8090:80
@ -247,7 +237,7 @@ To install the example and collectors run:
RawContentLength : 21
```
6. View the Grafana UI:
5. View the Grafana UI:
```bash
kubectl port-forward --namespace=observability service/grafana 3000:80
@ -255,7 +245,7 @@ To install the example and collectors run:
In the Grafana interface we can see the details:
![grafana screenshot](../../images/otel-grafana-demo.png "grafana screenshot")
7. View the Jaeger UI:
6. View the Jaeger UI:
```bash
kubectl port-forward --namespace=observability service/jaeger-all-in-one-query 16686:16686
@ -263,7 +253,7 @@ To install the example and collectors run:
In the Jaeger interface we can see the details:
![Jaeger screenshot](../../images/otel-jaeger-demo.png "Jaeger screenshot")
8. View the Zipkin UI:
7. View the Zipkin UI:
```bash
kubectl port-forward --namespace=observability service/zipkin 9411:9411

69
images/opentelemetry/Makefile
View file

@ -1,69 +0,0 @@
# Copyright 2024 The Kubernetes Authors. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
.DEFAULT_GOAL:=build
# set default shell
SHELL=/bin/bash -o pipefail -o errexit
DIR:=$(strip $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))))
INIT_BUILDX=$(DIR)/../../hack/init-buildx.sh
# 0.0.0 shouldn't clobber any released builds
SHORT_SHA ?=$(shell git rev-parse --short HEAD)
TAG ?=v$(shell date +%Y%m%d)-$(SHORT_SHA)
REGISTRY ?= gcr.io/k8s-staging-ingress-nginx
IMAGE = $(REGISTRY)/opentelemetry
# required to enable buildx
export DOCKER_CLI_EXPERIMENTAL=enabled
# build with buildx
PLATFORMS?=linux/amd64,linux/arm,linux/arm64
OUTPUT=
PROGRESS=plain
precheck:
ifndef NGINX_VERSION
$(error NGINX_VERSION variable is required)
endif
build: precheck ensure-buildx
docker buildx build \
--label=org.opencontainers.image.source=https://github.com/kubernetes/ingress-nginx \
--label=org.opencontainers.image.licenses=Apache-2.0 \
--label=org.opencontainers.image.description="Ingress NGINX Opentelemetry image" \
--platform=${PLATFORMS} $(OUTPUT) \
--progress=$(PROGRESS) \
--build-arg=NGINX_VERSION=$(NGINX_VERSION) \
--pull \
--tag $(IMAGE)-$(NGINX_VERSION):$(TAG) rootfs
# push the cross built image
push: OUTPUT=--push
push: build
# enable buildx
ensure-buildx:
# this is required for cloudbuild
ifeq ("$(wildcard $(INIT_BUILDX))","")
@curl -sSL https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/hack/init-buildx.sh | bash
else
@exec $(INIT_BUILDX)
endif
@echo "done"
.PHONY: build precheck push ensure-buildx

1
images/opentelemetry/TAG
View file

@ -1 +0,0 @@
v1.0.0

14
images/opentelemetry/cloudbuild.yaml
View file

@ -1,14 +0,0 @@
options:
# Increase machine type for multi-arch builds.
machineType: E2_HIGHCPU_8
# Ignore Prow provided substitutions.
substitution_option: ALLOW_LOOSE
steps:
- name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20240523-a15ad90fc9
env:
- REGISTRY=gcr.io/k8s-staging-ingress-nginx
entrypoint: bash
args:
- -c
- gcloud auth configure-docker && cd images/opentelemetry && make NGINX_VERSION=1.21.6 push && make NGINX_VERSION=1.25.3 push
timeout: 1800s

74
images/opentelemetry/rootfs/CMakeLists.txt
View file

@ -1,74 +0,0 @@
#!/bin/bash
# Copyright 2021 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
cmake_minimum_required(VERSION 3.11 FATAL_ERROR)
project(
dependencies
LANGUAGES CXX
VERSION 0.0.1)
set(CMAKE_CXX_STANDARD 17)
set(CMAKE_CXX_EXTENSIONS OFF)
set(CMAKE_CXX_STANDARD_REQUIRED ON)
set(CMAKE_CXX_FLAGS "-O2 -fpic")
set(CMAKE_VERBOSE_MAKEFILE ON CACHE BOOL "ON" FORCE)
set(CMAKE_BUILD_TYPE
Release
CACHE STRING "Build type" FORCE)
include(GNUInstallDirs)
set(CMAKE_ARCHIVE_OUTPUT_DIRECTORY
${PROJECT_BINARY_DIR}/${CMAKE_INSTALL_LIBDIR})
set(CMAKE_LIBRARY_OUTPUT_DIRECTORY
${PROJECT_BINARY_DIR}/${CMAKE_INSTALL_LIBDIR})
set(CMAKE_RUNTIME_OUTPUT_DIRECTORY
${PROJECT_BINARY_DIR}/${CMAKE_INSTALL_BINDIR})
set(INSTALL_LIBDIR
${CMAKE_INSTALL_LIBDIR}
CACHE PATH "directory for libraries")
set(INSTALL_BINDIR
${CMAKE_INSTALL_BINDIR}
CACHE PATH "directory for executables")
set(INSTALL_INCLUDEDIR
${CMAKE_INSTALL_INCLUDEDIR}
CACHE PATH "directory for header files")
set(DEF_INSTALL_CMAKEDIR share/cmake/${PROJECT_NAME})
set(INSTALL_CMAKEDIR
${DEF_INSTALL_CMAKEDIR}
CACHE PATH "directory for CMake files")
set_property(DIRECTORY PROPERTY EP_BASE ${CMAKE_BINARY_DIR}/subs)
set(STAGED_INSTALL_PREFIX ${CMAKE_BINARY_DIR}/stage)
message(STATUS "${PROJECT_NAME} staged install: ${STAGED_INSTALL_PREFIX}")
find_package(OpenSSL REQUIRED)
message("OpenSSL include dir: ${OPENSSL_INCLUDE_DIR}")
message("OpenSSL libraries: ${OPENSSL_LIBRARIES}")
find_package(Protobuf REQUIRED)
find_package(gRPC REQUIRED)
find_package(OpentelemetryCPP REQUIRED)
install(
DIRECTORY ${STAGED_INSTALL_PREFIX}/
DESTINATION .
USE_SOURCE_PERMISSIONS)

46
images/opentelemetry/rootfs/Dockerfile
View file

@ -1,46 +0,0 @@
# Copyright 2021 The Kubernetes Authors. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
FROM alpine:3.20 AS base
RUN mkdir -p /opt/third_party/install
COPY . /opt/third_party/
# install build tools
RUN apk update \
&& apk upgrade \
&& apk add -U bash \
&& bash /opt/third_party/build.sh -p
ENV NINJA_STATUS="[%p/%f/%t] "
# install otel_ngx_module.so
FROM base AS nginx
ARG NGINX_VERSION=1.25.3
RUN bash /opt/third_party/build.sh -n ${NGINX_VERSION}
FROM golang:1.22.7-bullseye AS build-init
WORKDIR /go/src/app
COPY . .
RUN go mod download
RUN CGO_ENABLED=0 go build -o /go/bin/init_module
FROM gcr.io/distroless/static-debian11 AS final
COPY --from=build-init /go/bin/init_module /
COPY --from=nginx /etc/nginx/modules /etc/nginx/modules
CMD ["/init_module"]

165
images/opentelemetry/rootfs/build.sh
View file

@ -1,165 +0,0 @@
#!/bin/bash
# Copyright 2021 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -o errexit
set -o nounset
set -o pipefail
set -x
# Check for recent changes: https://github.com/open-telemetry/opentelemetry-cpp/compare/v1.2.0...main
export OPENTELEMETRY_CPP_VERSION=${OPENTELEMETRY_CPP_VERSION:="v1.11.0"}
export INSTALL_DIR=/opt/third_party/install
export NGINX_VERSION=${NGINX_VERSION:="1.25.3"}
# improve compilation times
CORES=$(($(grep -c ^processor /proc/cpuinfo) - 1))
rm -rf \
/var/cache/debconf/* \
/var/lib/apt/lists/* \
/var/log/* \
/tmp/* \
/var/tmp/*
export BUILD_PATH=/tmp/build
mkdir --verbose -p "$BUILD_PATH"
Help()
{
# Display Help
echo "Add description of the script functions here."
echo
echo "Syntax: scriptTemplate [-h|o|n|p|]"
echo "options:"
echo "h Print Help."
echo "o OpenTelemetry git tag"
echo "n install nginx"
echo "p prepare"
echo
}
prepare()
{
echo "https://dl-cdn.alpinelinux.org/alpine/edge/main" >> /etc/apk/repositories
echo "https://dl-cdn.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories
echo "https://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories
apk add \
linux-headers \
cmake \
ninja \
openssl \
curl-dev \
openssl-dev \
gtest-dev \
c-ares-dev \
pcre-dev \
curl \
git \
build-base \
coreutils \
build-base \
openssl-dev \
pkgconfig \
c-ares-dev \
re2-dev \
grpc-dev \
protobuf-dev \
opentelemetry-cpp-dev
git config --global http.version HTTP/1.1
git config --global http.postBuffer 157286400
}
install_otel()
{
cd ${BUILD_PATH}
export LD_LIBRARY_PATH="${LD_LIBRARY_PATH:+LD_LIBRARY_PATH:}${INSTALL_DIR}/lib:/usr/local"
export PATH="${PATH}:${INSTALL_DIR}/bin"
git clone --recurse-submodules -j ${CORES} --depth=1 -b \
${OPENTELEMETRY_CPP_VERSION} https://github.com/open-telemetry/opentelemetry-cpp.git opentelemetry-cpp-${OPENTELEMETRY_CPP_VERSION}
cd "opentelemetry-cpp-${OPENTELEMETRY_CPP_VERSION}"
mkdir -p .build
cd .build
cmake -DCMAKE_BUILD_TYPE=Release \
-G Ninja \
-DCMAKE_CXX_STANDARD=17 \
-DCMAKE_POSITION_INDEPENDENT_CODE=TRUE \
-DWITH_ZIPKIN=OFF \
-DCMAKE_INSTALL_PREFIX=${INSTALL_DIR} \
-DBUILD_TESTING=OFF \
-DWITH_BENCHMARK=OFF \
-DWITH_FUNC_TESTS=OFF \
-DBUILD_SHARED_LIBS=OFF \
-DWITH_OTLP_GRPC=ON \
-DWITH_OTLP_HTTP=OFF \
-DWITH_ABSEIL=ON \
-DWITH_EXAMPLES=OFF \
-DWITH_NO_DEPRECATED_CODE=ON \
..
cmake --build . -j ${CORES} --target install
}
install_nginx()
{
# Check for recent changes: https://github.com/open-telemetry/opentelemetry-cpp-contrib/compare/e11348bb400d5472bf1da5d6128bead66fa111ff...main
export OPENTELEMETRY_CONTRIB_COMMIT=e11348bb400d5472bf1da5d6128bead66fa111ff
mkdir -p /etc/nginx
cd "$BUILD_PATH"
# TODO fix curl
# get_src 0528e793a97f942868616449d49326160f9cb67b2253fb2c4864603ac6ab09a9 \
# "https://github.com/open-telemetry/opentelemetry-cpp-contrib/archive/$OPENTELEMETRY_CONTRIB_COMMIT.tar.gz"
git clone https://github.com/open-telemetry/opentelemetry-cpp-contrib.git \
opentelemetry-cpp-contrib-${OPENTELEMETRY_CONTRIB_COMMIT}
cd ${BUILD_PATH}/opentelemetry-cpp-contrib-${OPENTELEMETRY_CONTRIB_COMMIT}
git reset --hard ${OPENTELEMETRY_CONTRIB_COMMIT}
cd ${BUILD_PATH}/opentelemetry-cpp-contrib-${OPENTELEMETRY_CONTRIB_COMMIT}/instrumentation/nginx
mkdir -p build
cd build
cmake -DCMAKE_BUILD_TYPE=Release \
-G Ninja \
-DCMAKE_CXX_STANDARD=17 \
-DCMAKE_INSTALL_PREFIX=${INSTALL_DIR} \
-DBUILD_SHARED_LIBS=ON \
-DNGINX_VERSION=${NGINX_VERSION} \
..
cmake --build . -j ${CORES} --target install
mkdir -p /etc/nginx/modules
cp ${INSTALL_DIR}/otel_ngx_module.so /etc/nginx/modules/otel_ngx_module.so
}
while getopts ":phn:" option; do
case $option in
h) # display Help
Help
exit;;
p) # prepare
prepare
exit;;
n) # install nginx
NGINX_VERSION=${OPTARG}
install_nginx
exit;;
\?)
Help
exit;;
esac
done

3
images/opentelemetry/rootfs/go.mod
View file

@ -1,3 +0,0 @@
module init-otel
go 1.22.7

103
images/opentelemetry/rootfs/init_module.go
View file

@ -1,103 +0,0 @@
/*
Copyright 2023 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package main
import (
"fmt"
"io"
"os"
"path/filepath"
)
func main() {
// Enable error handling for all operations
err := run()
if err != nil {
fmt.Fprintf(os.Stderr, "Error: %v\n", err)
os.Exit(1)
}
}
func run() error {
// Create the target directory if it doesn't exist
targetDir := "/modules_mount/etc/nginx/modules/otel"
err := os.MkdirAll(targetDir, os.ModePerm)
if err != nil {
return fmt.Errorf("failed to create target directory: %w", err)
}
// Copy files from source directory to target directory
sourceDir := "/etc/nginx/modules/"
err = filepath.Walk(sourceDir, func(path string, info os.FileInfo, err error) error {
if err != nil {
return err
}
// Skip directories
if info.IsDir() {
return nil
}
// Calculate the destination path
relPath, err := filepath.Rel(sourceDir, path)
if err != nil {
return err
}
destPath := filepath.Join(targetDir, relPath)
// Create the destination directory if it doesn't exist
destDir := filepath.Dir(destPath)
err = os.MkdirAll(destDir, os.ModePerm)
if err != nil {
return err
}
// Copy the file
err = copyFile(path, destPath)
if err != nil {
return err
}
return nil
})
if err != nil {
return fmt.Errorf("failed to copy files: %w", err)
}
return nil
}
func copyFile(sourcePath, destPath string) error {
sourceFile, err := os.Open(sourcePath)
if err != nil {
return err
}
defer sourceFile.Close()
destFile, err := os.Create(destPath)
if err != nil {
return err
}
defer destFile.Close()
_, err = io.Copy(destFile, sourceFile)
if err != nil {
return err
}
return nil
}

7
magefiles/utils/helm.go
View file

@ -207,13 +207,6 @@ type IngressChartValue struct {
ExtraVolumes []interface{} `yaml:"extraVolumes"`
ExtraInitContainers []interface{} `yaml:"extraInitContainers"`
ExtraModules []interface{} `yaml:"extraModules"`
Opentelemetry struct {
Enabled bool `yaml:"enabled"`
Image string `yaml:"image"`
ContainerSecurityContext struct {
AllowPrivilegeEscalation bool `yaml:"allowPrivilegeEscalation"`
} `yaml:"containerSecurityContext"`
} `yaml:"opentelemetry"`
AdmissionWebhooks struct {
Annotations struct{} `yaml:"annotations"`
Enabled bool `yaml:"enabled"`