From 7863fde552dc7821d96914d88c209aa351b68ccc Mon Sep 17 00:00:00 2001
From: Ugur Can Ozturk <57688057+ugur99@users.noreply.github.com>
Date: Thu, 25 Jan 2024 10:24:35 +0100
Subject: [PATCH] [apiserver-kubelet/tracing]: add distributed tracing config
variables (#10795)
* [apiserver-kubelet/tracing]: add distributed tracing config flags
Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>
* [apiserver-kubelet/tracing]: add distributed tracing config flags - fix
Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>
* [apiserver-kubelet/tracing]: add distributed tracing config flags - fix
Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>
---------
Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>
---
.../control-plane/defaults/main/main.yml | 5 +++++
.../control-plane/tasks/kubeadm-setup.yml | 14 ++++++++++++++
.../templates/apiserver-tracing.yaml.j2 | 4 ++++
.../templates/kubeadm-config.v1beta3.yaml.j2 | 10 ++++++++++
roles/kubernetes/node/defaults/main.yml | 6 ++++++
.../node/templates/kubelet-config.v1beta1.yaml.j2 | 5 +++++
6 files changed, 44 insertions(+)
create mode 100644 roles/kubernetes/control-plane/templates/apiserver-tracing.yaml.j2
diff --git a/roles/kubernetes/control-plane/defaults/main/main.yml b/roles/kubernetes/control-plane/defaults/main/main.yml
index 7c2171327..fd7047767 100644
--- a/roles/kubernetes/control-plane/defaults/main/main.yml
+++ b/roles/kubernetes/control-plane/defaults/main/main.yml
@@ -235,3 +235,8 @@ kubeadm_upgrade_auto_cert_renewal: true
# Bash alias of kubectl to interact with Kubernetes cluster much easier
# kubectl_alias: k
+
+## Enable distributed tracing for kube-apiserver
+kube_apiserver_tracing: false
+kube_apiserver_tracing_endpoint: 0.0.0.0:4317
+kube_apiserver_tracing_sampling_rate_per_million: 100
diff --git a/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml b/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
index dcad832ba..1f4ff20a3 100644
--- a/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
+++ b/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
@@ -68,6 +68,20 @@
mode: 0640
when: kubernetes_audit_webhook | default(false)
+- name: Create apiserver tracing config directory
+ file:
+ path: "{{ kube_config_dir }}/tracing"
+ state: directory
+ mode: 0640
+ when: kube_apiserver_tracing
+
+- name: Write apiserver tracing config yaml
+ template:
+ src: apiserver-tracing.yaml.j2
+ dest: "{{ kube_config_dir }}/tracing/apiserver-tracing.yaml"
+ mode: 0640
+ when: kube_apiserver_tracing
+
# Nginx LB(default), If kubeadm_config_api_fqdn is defined, use other LB by kubeadm controlPlaneEndpoint.
- name: Set kubeadm_config_api_fqdn define
set_fact:
diff --git a/roles/kubernetes/control-plane/templates/apiserver-tracing.yaml.j2 b/roles/kubernetes/control-plane/templates/apiserver-tracing.yaml.j2
new file mode 100644
index 000000000..98decde86
--- /dev/null
+++ b/roles/kubernetes/control-plane/templates/apiserver-tracing.yaml.j2
@@ -0,0 +1,4 @@
+apiVersion: apiserver.config.k8s.io/v1beta1
+kind: TracingConfiguration
+endpoint: {{ kube_apiserver_tracing_endpoint }}
+samplingRatePerMillion: {{ kube_apiserver_tracing_sampling_rate_per_million }}
\ No newline at end of file
diff --git a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2 b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2
index cbb221823..b11fb3343 100644
--- a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2
+++ b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2
@@ -227,6 +227,9 @@ apiServer:
{% if kubelet_rotate_server_certificates %}
kubelet-certificate-authority: {{ kube_cert_dir }}/ca.crt
{% endif %}
+{% if kube_apiserver_tracing %}
+ tracing-config-file: {{ kube_config_dir }}/tracing/apiserver-tracing.yaml
+{% endif %}
{% if kubernetes_audit or kube_token_auth | default(true) or kube_webhook_token_auth | default(false) or ( cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "gce"] ) or apiserver_extra_volumes or ssl_ca_dirs | length %}
extraVolumes:
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "gce"] %}
@@ -267,6 +270,13 @@ apiServer:
readOnly: false
pathType: DirectoryOrCreate
{% endif %}
+{% if kube_apiserver_tracing %}
+ - name: tracing
+ hostPath: {{ kube_config_dir }}/tracing
+ mountPath: {{ kube_config_dir }}/tracing
+ readOnly: true
+ pathType: DirectoryOrCreate
+{% endif %}
{% for volume in apiserver_extra_volumes %}
- name: {{ volume.name }}
hostPath: {{ volume.hostPath }}
diff --git a/roles/kubernetes/node/defaults/main.yml b/roles/kubernetes/node/defaults/main.yml
index 643551d9e..b3f8fbf10 100644
--- a/roles/kubernetes/node/defaults/main.yml
+++ b/roles/kubernetes/node/defaults/main.yml
@@ -253,3 +253,9 @@ kube_proxy_ipvs_modules:
conntrack_modules:
- nf_conntrack
- nf_conntrack_ipv4
+
+
+## Enable distributed tracing for kubelet
+kubelet_tracing: false
+kubelet_tracing_endpoint: 0.0.0.0:4317
+kubelet_tracing_sampling_rate_per_million: 100
\ No newline at end of file
diff --git a/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2 b/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2
index 1cd00992a..ba90fc9c8 100644
--- a/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2
+++ b/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2
@@ -166,3 +166,8 @@ topologyManagerPolicy: {{ kubelet_topology_manager_policy }}
{% if kubelet_topology_manager_scope is defined %}
topologyManagerScope: {{ kubelet_topology_manager_scope }}
{% endif %}
+{% if kubelet_tracing %}
+tracing:
+ endpoint: {{ kubelet_tracing_endpoint }}
+ samplingRatePerMillion: {{ kubelet_tracing_sampling_rate_per_million }}
+{% endif %}
\ No newline at end of file
--
GitLab