From 3a112e834ce7154ba5a5ec3c717b31a54910a08f Mon Sep 17 00:00:00 2001
From: Denis Khachyan <khachyanda@gmail.com>
Date: Tue, 30 Apr 2024 13:46:17 +0300
Subject: [PATCH] ingress-nginx: added ability to enable opentelemetry nginx
module (#11034)
---
.../ingress_nginx/defaults/main.yml | 1 +
.../ds-ingress-nginx-controller.yml.j2 | 36 +++++++++++++++++--
.../defaults/main/download.yml | 2 ++
3 files changed, 37 insertions(+), 2 deletions(-)
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/defaults/main.yml b/roles/kubernetes-apps/ingress_controller/ingress_nginx/defaults/main.yml
index c83c8c3ed..2650136d8 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/defaults/main.yml
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/defaults/main.yml
@@ -19,5 +19,6 @@ ingress_nginx_without_class: true
ingress_nginx_default: false
ingress_nginx_webhook_enabled: false
ingress_nginx_webhook_job_ttl: 1800
+ingress_nginx_opentelemetry_enabled: false
ingress_nginx_probe_initial_delay_seconds: 10
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2
index 7f419350b..c7657b621 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2
@@ -23,6 +23,26 @@ spec:
spec:
serviceAccountName: ingress-nginx
terminationGracePeriodSeconds: {{ ingress_nginx_termination_grace_period_seconds }}
+{% if ingress_nginx_opentelemetry_enabled %}
+ initContainers:
+ - name: opentelemetry
+ command:
+ - /init_module
+ image: {{ ingress_nginx_opentelemetry_image_repo }}:{{ ingress_nginx_opentelemetry_image_tag }}
+ securityContext:
+ runAsNonRoot: true
+ runAsUser: 65532
+ allowPrivilegeEscalation: false
+ seccompProfile:
+ type: RuntimeDefault
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ volumeMounts:
+ - mountPath: /modules_mount
+ name: modules
+{% endif %}
{% if ingress_nginx_host_network %}
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
@@ -127,15 +147,27 @@ spec:
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
-{% if ingress_nginx_webhook_enabled %}
+{% if ingress_nginx_webhook_enabled or ingress_nginx_opentelemetry_enabled %}
volumeMounts:
+{% if ingress_nginx_webhook_enabled %}
- mountPath: /usr/local/certificates/
name: webhook-cert
readOnly: true
{% endif %}
-{% if ingress_nginx_webhook_enabled %}
+{% if ingress_nginx_opentelemetry_enabled %}
+ - name: modules
+ mountPath: /modules_mount
+{% endif %}
+{% endif %}
+{% if ingress_nginx_webhook_enabled or ingress_nginx_opentelemetry_enabled %}
volumes:
+{% if ingress_nginx_webhook_enabled %}
- name: webhook-cert
secret:
secretName: ingress-nginx-admission
{% endif %}
+{% if ingress_nginx_opentelemetry_enabled %}
+ - name: modules
+ emptyDir: {}
+{% endif %}
+{% endif %}
diff --git a/roles/kubespray-defaults/defaults/main/download.yml b/roles/kubespray-defaults/defaults/main/download.yml
index 0e32e843e..eb598c62f 100644
--- a/roles/kubespray-defaults/defaults/main/download.yml
+++ b/roles/kubespray-defaults/defaults/main/download.yml
@@ -331,7 +331,9 @@ local_path_provisioner_image_repo: "{{ docker_image_repo }}/rancher/local-path-p
local_path_provisioner_image_tag: "{{ local_path_provisioner_version }}"
ingress_nginx_version: "v1.9.6"
ingress_nginx_controller_image_repo: "{{ kube_image_repo }}/ingress-nginx/controller"
+ingress_nginx_opentelemetry_image_repo: "{{ kube_image_repo }}/ingress-nginx/opentelemetry"
ingress_nginx_controller_image_tag: "{{ ingress_nginx_version }}"
+ingress_nginx_opentelemetry_image_tag: "v20230721-3e2062ee5"
ingress_nginx_kube_webhook_certgen_image_repo: "{{ kube_image_repo }}/ingress-nginx/kube-webhook-certgen"
ingress_nginx_kube_webhook_certgen_image_tag: "v20231011-8b53cabe0"
alb_ingress_image_repo: "{{ docker_image_repo }}/amazon/aws-alb-ingress-controller"
--
GitLab