Ta update configs to enable mtls #3015
Conversation
Bumps [github.com/gin-gonic/gin](https://github.com/gin-gonic/gin) from 1.9.1 to 1.10.0. - [Release notes](https://github.com/gin-gonic/gin/releases) - [Changelog](https://github.com/gin-gonic/gin/blob/master/CHANGELOG.md) - [Commits](gin-gonic/gin@v1.9.1...v1.10.0) --- updated-dependencies: - dependency-name: github.com/gin-gonic/gin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…elemetry#2951) Bumps the prometheus group with 1 update: [github.com/prometheus/prometheus](https://github.com/prometheus/prometheus). Updates `github.com/prometheus/prometheus` from 0.51.2 to 0.52.0 - [Release notes](https://github.com/prometheus/prometheus/releases) - [Changelog](https://github.com/prometheus/prometheus/blob/main/CHANGELOG.md) - [Commits](prometheus/prometheus@v0.51.2...v0.52.0) --- updated-dependencies: - dependency-name: github.com/prometheus/prometheus dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prometheus ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* enable readiness Probe for otel operator Signed-off-by: Janario Oliveira <[email protected]> * generate CRD and controller changes Signed-off-by: Janario Oliveira <[email protected]> * Adjusted code to be similar to Liveness logic Signed-off-by: Janario Oliveira <[email protected]> * Generated manifests Signed-off-by: Janario Oliveira <[email protected]> * Add changelog Signed-off-by: Janario Oliveira <[email protected]> * Fix lint Signed-off-by: Janario Oliveira <[email protected]> * Removed readinessProbe from alpha CRD Signed-off-by: Janario Oliveira <[email protected]> * Generated manifests Signed-off-by: Janario Oliveira <[email protected]> * Fix lint Signed-off-by: Janario Oliveira <[email protected]> * Centralized probe validation Signed-off-by: Janario Oliveira <[email protected]> --------- Signed-off-by: Janario Oliveira <[email protected]> Co-authored-by: hesam.hamdarsi <[email protected]>
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 26.0.1+incompatible to 26.0.2+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](moby/moby@v26.0.1...v26.0.2) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Added new Log Enconder Config Signed-off-by: Yuri Sa <[email protected]> * Added new Log Enconder Config Signed-off-by: Yuri Sa <[email protected]> * Added new Log Enconder Config Signed-off-by: Yuri Sa <[email protected]> * Added new Log Enconder Config Signed-off-by: Yuri Sa <[email protected]> * Added new Log Enconder Config Signed-off-by: Yuri Sa <[email protected]> * Added new Log Enconder Config Signed-off-by: Yuri Sa <[email protected]> * Added new Debug doc Signed-off-by: Yuri Sa <[email protected]> --------- Signed-off-by: Yuri Sa <[email protected]>
Signed-off-by: Juraci Paixão Kröhling <[email protected]>
* Fix Signed-off-by: Pavol Loffay <[email protected]> * Fix Signed-off-by: Pavol Loffay <[email protected]> * Fix Signed-off-by: Pavol Loffay <[email protected]> * Fix Signed-off-by: Pavol Loffay <[email protected]> * Add test Signed-off-by: Pavol Loffay <[email protected]> --------- Signed-off-by: Pavol Loffay <[email protected]>
Signed-off-by: Yuri Sa <[email protected]>
…ility check (open-telemetry#2964) * Verify ServiceMonitor and PodMonitor are installed in prom cr availability check * Added changelog
…try#2968) Bumps [kyverno/action-install-chainsaw](https://github.com/kyverno/action-install-chainsaw) from 0.2.0 to 0.2.1. - [Release notes](https://github.com/kyverno/action-install-chainsaw/releases) - [Commits](kyverno/action-install-chainsaw@v0.2.0...v0.2.1) --- updated-dependencies: - dependency-name: kyverno/action-install-chainsaw dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Create a separate Service Monitor when the Prometheus exporter is present Signed-off-by: Israel Blancas <[email protected]> * Improve changelog Signed-off-by: Israel Blancas <[email protected]> * Fix prometheus-cr E2E test Signed-off-by: Israel Blancas <[email protected]> * Remove unused target Signed-off-by: Israel Blancas <[email protected]> * Add docstring Signed-off-by: Israel Blancas <[email protected]> * Fix typo Signed-off-by: Israel Blancas <[email protected]> * Change the label name Signed-off-by: Israel Blancas <[email protected]> * Change changelog description Signed-off-by: Israel Blancas <[email protected]> * Recover removed labels Signed-off-by: Israel Blancas <[email protected]> * Add missing labels Signed-off-by: Israel Blancas <[email protected]> * Remove wrong labels Signed-off-by: Israel Blancas <[email protected]> --------- Signed-off-by: Israel Blancas <[email protected]>
* Prepare release 0.100.0 Signed-off-by: Vineeth Pothulapati <[email protected]> * update the chlog * update the chlog with open-telemetry#2877 merge --------- Signed-off-by: Vineeth Pothulapati <[email protected]>
* Refactor consistent-hashing strategy * Refactor per-node strategy * Refactor least-weighted strategy * Minor allocation strategy refactor * Add some common allocation strategy tests * Fix collector and target reassignment * Minor allocator fixes * Add changelog entry * Fix an incorrect comment
* add back webhook port * chlog
Signed-off-by: Pavol Loffay <[email protected]>
* Support for kubernetes 1.30 version * Update makefile
…or, target allocator, opamp bridge (open-telemetry#2933) * set things * fix kustomize shim * restore, better chlog
Bumps alpine from 3.19 to 3.20. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…emetry#2991) Bumps alpine from 3.19 to 3.20. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/go-logr/logr](https://github.com/go-logr/logr) from 1.4.1 to 1.4.2. - [Release notes](https://github.com/go-logr/logr/releases) - [Changelog](https://github.com/go-logr/logr/blob/master/CHANGELOG.md) - [Commits](go-logr/logr@v1.4.1...v1.4.2) --- updated-dependencies: - dependency-name: github.com/go-logr/logr dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…try#2989) Bumps [kyverno/action-install-chainsaw](https://github.com/kyverno/action-install-chainsaw) from 0.2.1 to 0.2.2. - [Release notes](https://github.com/kyverno/action-install-chainsaw/releases) - [Commits](kyverno/action-install-chainsaw@v0.2.1...v0.2.2) --- updated-dependencies: - dependency-name: kyverno/action-install-chainsaw dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the otel group with 5 updates: | Package | From | To | | --- | --- | --- | | [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) | `1.26.0` | `1.27.0` | | [go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp](https://github.com/open-telemetry/opentelemetry-go) | `1.26.0` | `1.27.0` | | [go.opentelemetry.io/otel/metric](https://github.com/open-telemetry/opentelemetry-go) | `1.26.0` | `1.27.0` | | [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) | `1.26.0` | `1.27.0` | | [go.opentelemetry.io/otel/sdk/metric](https://github.com/open-telemetry/opentelemetry-go) | `1.26.0` | `1.27.0` | Updates `go.opentelemetry.io/otel` from 1.26.0 to 1.27.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.26.0...v1.27.0) Updates `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp` from 1.26.0 to 1.27.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.26.0...v1.27.0) Updates `go.opentelemetry.io/otel/metric` from 1.26.0 to 1.27.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.26.0...v1.27.0) Updates `go.opentelemetry.io/otel/sdk` from 1.26.0 to 1.27.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.26.0...v1.27.0) Updates `go.opentelemetry.io/otel/sdk/metric` from 1.26.0 to 1.27.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.26.0...v1.27.0) --- updated-dependencies: - dependency-name: go.opentelemetry.io/otel dependency-type: direct:production update-type: version-update:semver-minor dependency-group: otel - dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp dependency-type: direct:production update-type: version-update:semver-minor dependency-group: otel - dependency-name: go.opentelemetry.io/otel/metric dependency-type: direct:production update-type: version-update:semver-minor dependency-group: otel - dependency-name: go.opentelemetry.io/otel/sdk dependency-type: direct:production update-type: version-update:semver-minor dependency-group: otel - dependency-name: go.opentelemetry.io/otel/sdk/metric dependency-type: direct:production update-type: version-update:semver-minor dependency-group: otel ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jacob Aronoff <[email protected]>
There was a problem hiding this comment.
I think this looks good overall. I commented on some minor issues and missing (fairly trivial) unit tests, but otherwise I think we're almost good to go.
@ItielOlenick we still need to wait for the prometheus receiver fix in 0.108.0, right? Are you planning on adding a test that verifies it works?
The fix is already present in 0.108.0, and I've added it to the e2e test's image override until operator is bumped to that version - so we are already testing that in the current e2e tests for this branch. |
There was a problem hiding this comment.
👍 Thank you for all the work you've put into this change (and the related ones elsewhere)! I've left some questions about config handling in the Target Allocator, but I'm fine merging this PR as-is.
Do note that we have to wait until 0.108.0 is released before actually merging, as we depend on that collector version.
My pleasure! Quite the journey. |
We're going to be releasing 0.108.0 very soon, and merging this afterwards will also let us avoid having to explicitly set the collector image in E2E tests, so I'd prefer to wait. I'd also like to give @jaronoff97 and @pavolloffay a bit of time to review and raise any concerns. |
There was a problem hiding this comment.
We should be good to go after you resolve conflicts and update collector versions. @jaronoff97 @pavolloffay can you also review? I'd like to get this in before 0.109.0.
Removed collector image override for e2e test
Co-authored-by: Mikołaj Świątek <[email protected]>
There was a problem hiding this comment.
Looking REALLY GOOD @ItielOlenick Thank you so much for your work here. A few minor things, once resolved I think we should be g2g :D
| @@ -91,6 +93,14 @@ func Container(cfg config.Config, logger logr.Logger, otelcol v1beta1.OpenTeleme | |||
| }) | |||
| } | |||
|
|
|||
| if cfg.CertManagerAvailability() == certmanager.Available && featuregate.EnableTargetAllocatorMTLS.IsEnabled() { | |||
There was a problem hiding this comment.
thought (take it or leave it) we could move this featuregate check to the CertManagerAvailability call/package so we would only update there, idk how necessary though so feel free to ignore :)
| @@ -257,10 +259,31 @@ func AddHTTPSDConfigToPromConfig(prometheus map[interface{}]interface{}, taServi | |||
| return prometheus, nil | |||
| } | |||
|
|
|||
| func WithTLSConfig(caFile, certFile, keyFile, taServiceName string) TAOption { | |||
There was a problem hiding this comment.
this is fine for now, but I do want to simplify this in the future with a similar pattern to #3206
internal/manifests/targetallocator/adapters/config_to_prom_config_test.go
Outdated
Show resolved
Hide resolved
| Spec: cmv1.CertificateSpec{ | ||
| DNSNames: []string{ | ||
| naming.TAService(params.TargetAllocator.Name), | ||
| fmt.Sprintf("%s.%s.svc", naming.TAService(params.TargetAllocator.Name), params.TargetAllocator.Namespace), |
There was a problem hiding this comment.
I half-feel like users who want to proxy connections to the API Server should just set GOPROXY and be done with it, but I'm not sure how this is usually solved.
There was a problem hiding this comment.
I thought goproxy was only for modules? Maybe i misunderstand what that is for though...
There was a problem hiding this comment.
Sorry, I meant HTTP_PROXY and the like.
Sure thing! Currently on vacation, will get on it once I get back. |
Description: When CertManager and secrets RBAC permissions are granted, mTLS will be used between the target allocator and the collector so that the latter can retrieve authentication secrets for endpoints that require them.
Link to Tracking Issue(s):
Second PR towards a solution for #1669
Testing: Unit tests added. E2E tests added. Tested in-cluster locally.
Documentation: Added documentation