Ta update configs to enable mtls #3015
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps [github.com/gin-gonic/gin](https://github.com/gin-gonic/gin) from 1.9.1 to 1.10.0. - [Release notes](https://github.com/gin-gonic/gin/releases) - [Changelog](https://github.com/gin-gonic/gin/blob/master/CHANGELOG.md) - [Commits](gin-gonic/gin@v1.9.1...v1.10.0) --- updated-dependencies: - dependency-name: github.com/gin-gonic/gin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…elemetry#2951) Bumps the prometheus group with 1 update: [github.com/prometheus/prometheus](https://github.com/prometheus/prometheus). Updates `github.com/prometheus/prometheus` from 0.51.2 to 0.52.0 - [Release notes](https://github.com/prometheus/prometheus/releases) - [Changelog](https://github.com/prometheus/prometheus/blob/main/CHANGELOG.md) - [Commits](prometheus/prometheus@v0.51.2...v0.52.0) --- updated-dependencies: - dependency-name: github.com/prometheus/prometheus dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prometheus ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* enable readiness Probe for otel operator Signed-off-by: Janario Oliveira <janario.oliveira@gmail.com> * generate CRD and controller changes Signed-off-by: Janario Oliveira <janario.oliveira@gmail.com> * Adjusted code to be similar to Liveness logic Signed-off-by: Janario Oliveira <janario.oliveira@gmail.com> * Generated manifests Signed-off-by: Janario Oliveira <janario.oliveira@gmail.com> * Add changelog Signed-off-by: Janario Oliveira <janario.oliveira@gmail.com> * Fix lint Signed-off-by: Janario Oliveira <janario.oliveira@gmail.com> * Removed readinessProbe from alpha CRD Signed-off-by: Janario Oliveira <janario.oliveira@gmail.com> * Generated manifests Signed-off-by: Janario Oliveira <janario.oliveira@gmail.com> * Fix lint Signed-off-by: Janario Oliveira <janario.oliveira@gmail.com> * Centralized probe validation Signed-off-by: Janario Oliveira <janario.oliveira@gmail.com> --------- Signed-off-by: Janario Oliveira <janario.oliveira@gmail.com> Co-authored-by: hesam.hamdarsi <hesam.hamdarsi@gmail.com>
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 26.0.1+incompatible to 26.0.2+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](moby/moby@v26.0.1...v26.0.2) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Added new Log Enconder Config Signed-off-by: Yuri Sa <yurimsa@gmail.com> * Added new Log Enconder Config Signed-off-by: Yuri Sa <yurimsa@gmail.com> * Added new Log Enconder Config Signed-off-by: Yuri Sa <yurimsa@gmail.com> * Added new Log Enconder Config Signed-off-by: Yuri Sa <yurimsa@gmail.com> * Added new Log Enconder Config Signed-off-by: Yuri Sa <yurimsa@gmail.com> * Added new Log Enconder Config Signed-off-by: Yuri Sa <yurimsa@gmail.com> * Added new Debug doc Signed-off-by: Yuri Sa <yurimsa@gmail.com> --------- Signed-off-by: Yuri Sa <yurimsa@gmail.com>
Signed-off-by: Juraci Paixão Kröhling <juraci@kroehling.de>
* Fix Signed-off-by: Pavol Loffay <p.loffay@gmail.com> * Fix Signed-off-by: Pavol Loffay <p.loffay@gmail.com> * Fix Signed-off-by: Pavol Loffay <p.loffay@gmail.com> * Fix Signed-off-by: Pavol Loffay <p.loffay@gmail.com> * Add test Signed-off-by: Pavol Loffay <p.loffay@gmail.com> --------- Signed-off-by: Pavol Loffay <p.loffay@gmail.com>
Signed-off-by: Yuri Sa <yurimsa@gmail.com>
…ility check (open-telemetry#2964) * Verify ServiceMonitor and PodMonitor are installed in prom cr availability check * Added changelog
…try#2968) Bumps [kyverno/action-install-chainsaw](https://github.com/kyverno/action-install-chainsaw) from 0.2.0 to 0.2.1. - [Release notes](https://github.com/kyverno/action-install-chainsaw/releases) - [Commits](kyverno/action-install-chainsaw@v0.2.0...v0.2.1) --- updated-dependencies: - dependency-name: kyverno/action-install-chainsaw dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Create a separate Service Monitor when the Prometheus exporter is present Signed-off-by: Israel Blancas <iblancasa@gmail.com> * Improve changelog Signed-off-by: Israel Blancas <iblancasa@gmail.com> * Fix prometheus-cr E2E test Signed-off-by: Israel Blancas <iblancasa@gmail.com> * Remove unused target Signed-off-by: Israel Blancas <iblancasa@gmail.com> * Add docstring Signed-off-by: Israel Blancas <iblancasa@gmail.com> * Fix typo Signed-off-by: Israel Blancas <iblancasa@gmail.com> * Change the label name Signed-off-by: Israel Blancas <iblancasa@gmail.com> * Change changelog description Signed-off-by: Israel Blancas <iblancasa@gmail.com> * Recover removed labels Signed-off-by: Israel Blancas <iblancasa@gmail.com> * Add missing labels Signed-off-by: Israel Blancas <iblancasa@gmail.com> * Remove wrong labels Signed-off-by: Israel Blancas <iblancasa@gmail.com> --------- Signed-off-by: Israel Blancas <iblancasa@gmail.com>
* Prepare release 0.100.0 Signed-off-by: Vineeth Pothulapati <vineethpothulapati@outlook.com> * update the chlog * update the chlog with open-telemetry#2877 merge --------- Signed-off-by: Vineeth Pothulapati <vineethpothulapati@outlook.com>
* Refactor consistent-hashing strategy * Refactor per-node strategy * Refactor least-weighted strategy * Minor allocation strategy refactor * Add some common allocation strategy tests * Fix collector and target reassignment * Minor allocator fixes * Add changelog entry * Fix an incorrect comment
* add back webhook port * chlog
Signed-off-by: Pavol Loffay <p.loffay@gmail.com>
* Support for kubernetes 1.30 version * Update makefile
…or, target allocator, opamp bridge (open-telemetry#2933) * set things * fix kustomize shim * restore, better chlog
Bumps alpine from 3.19 to 3.20. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…emetry#2991) Bumps alpine from 3.19 to 3.20. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/go-logr/logr](https://github.com/go-logr/logr) from 1.4.1 to 1.4.2. - [Release notes](https://github.com/go-logr/logr/releases) - [Changelog](https://github.com/go-logr/logr/blob/master/CHANGELOG.md) - [Commits](go-logr/logr@v1.4.1...v1.4.2) --- updated-dependencies: - dependency-name: github.com/go-logr/logr dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…try#2989) Bumps [kyverno/action-install-chainsaw](https://github.com/kyverno/action-install-chainsaw) from 0.2.1 to 0.2.2. - [Release notes](https://github.com/kyverno/action-install-chainsaw/releases) - [Commits](kyverno/action-install-chainsaw@v0.2.1...v0.2.2) --- updated-dependencies: - dependency-name: kyverno/action-install-chainsaw dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the otel group with 5 updates: | Package | From | To | | --- | --- | --- | | [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) | `1.26.0` | `1.27.0` | | [go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp](https://github.com/open-telemetry/opentelemetry-go) | `1.26.0` | `1.27.0` | | [go.opentelemetry.io/otel/metric](https://github.com/open-telemetry/opentelemetry-go) | `1.26.0` | `1.27.0` | | [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) | `1.26.0` | `1.27.0` | | [go.opentelemetry.io/otel/sdk/metric](https://github.com/open-telemetry/opentelemetry-go) | `1.26.0` | `1.27.0` | Updates `go.opentelemetry.io/otel` from 1.26.0 to 1.27.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.26.0...v1.27.0) Updates `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp` from 1.26.0 to 1.27.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.26.0...v1.27.0) Updates `go.opentelemetry.io/otel/metric` from 1.26.0 to 1.27.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.26.0...v1.27.0) Updates `go.opentelemetry.io/otel/sdk` from 1.26.0 to 1.27.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.26.0...v1.27.0) Updates `go.opentelemetry.io/otel/sdk/metric` from 1.26.0 to 1.27.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.26.0...v1.27.0) --- updated-dependencies: - dependency-name: go.opentelemetry.io/otel dependency-type: direct:production update-type: version-update:semver-minor dependency-group: otel - dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp dependency-type: direct:production update-type: version-update:semver-minor dependency-group: otel - dependency-name: go.opentelemetry.io/otel/metric dependency-type: direct:production update-type: version-update:semver-minor dependency-group: otel - dependency-name: go.opentelemetry.io/otel/sdk dependency-type: direct:production update-type: version-update:semver-minor dependency-group: otel - dependency-name: go.opentelemetry.io/otel/sdk/metric dependency-type: direct:production update-type: version-update:semver-minor dependency-group: otel ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
swiatekm
approved these changes
Sep 10, 2024
There was a problem hiding this comment.
We should be good to go after you resolve conflicts and update collector versions. @jaronoff97 @pavolloffay can you also review? I'd like to get this in before 0.109.0.
Removed collector image override for e2e test
Co-authored-by: Mikołaj Świątek <mail@mikolajswiatek.com>
jaronoff97
reviewed
Sep 10, 2024
There was a problem hiding this comment.
Looking REALLY GOOD @ItielOlenick Thank you so much for your work here. A few minor things, once resolved I think we should be g2g :D
| @@ -91,6 +93,14 @@ func Container(cfg config.Config, logger logr.Logger, otelcol v1beta1.OpenTeleme | |||
| }) | |||
| } | |||
|
|
|||
| if cfg.CertManagerAvailability() == certmanager.Available && featuregate.EnableTargetAllocatorMTLS.IsEnabled() { | |||
There was a problem hiding this comment.
thought (take it or leave it) we could move this featuregate check to the CertManagerAvailability call/package so we would only update there, idk how necessary though so feel free to ignore :)
| @@ -257,10 +259,31 @@ func AddHTTPSDConfigToPromConfig(prometheus map[interface{}]interface{}, taServi | |||
| return prometheus, nil | |||
| } | |||
|
|
|||
| func WithTLSConfig(caFile, certFile, keyFile, taServiceName string) TAOption { | |||
There was a problem hiding this comment.
this is fine for now, but I do want to simplify this in the future with a similar pattern to #3206
internal/manifests/targetallocator/adapters/config_to_prom_config_test.go
Outdated
Show resolved
Hide resolved
| Spec: cmv1.CertificateSpec{ | ||
| DNSNames: []string{ | ||
| naming.TAService(params.TargetAllocator.Name), | ||
| fmt.Sprintf("%s.%s.svc", naming.TAService(params.TargetAllocator.Name), params.TargetAllocator.Namespace), |
There was a problem hiding this comment.
I half-feel like users who want to proxy connections to the API Server should just set GOPROXY and be done with it, but I'm not sure how this is usually solved.
There was a problem hiding this comment.
I thought goproxy was only for modules? Maybe i misunderstand what that is for though...
There was a problem hiding this comment.
Sorry, I meant HTTP_PROXY and the like.
Sure thing! Currently on vacation, will get on it once I get back. |
jaronoff97
approved these changes
Sep 25, 2024
swiatekm
approved these changes
Sep 25, 2024
This comment was marked as duplicate.
This comment was marked as duplicate.
Sorry, something went wrong.
pavolloffay
reviewed
Oct 8, 2024
swiatekm
reviewed
Oct 9, 2024
Co-authored-by: Mikołaj Świątek <mail@mikolajswiatek.com>
pavolloffay
approved these changes
Oct 10, 2024
|
@ItielOlenick thank you so much for your incredible work here! I really appreciate you for taking the time to get this in. |
Thank you! It was a great learning experience working on this feature. I appreciate the time, effort, and guidance the team put into reviewing my work. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description: When CertManager and secrets RBAC permissions are granted, mTLS will be used between the target allocator and the collector so that the latter can retrieve authentication secrets for endpoints that require them.
Link to Tracking Issue(s):
Second PR towards a solution for #1669
Testing: Unit tests added. E2E tests added. Tested in-cluster locally.
Documentation: Added documentation