Add cert-manager as a subchart, expand operator to opentelemetry-oper…

…ator
signalfx · Apr 7, 2023 · 4aac145 · 4aac145
1 parent ddefbae
commit 4aac145
Show file tree

Hide file tree

Showing 21 changed files with 4,594 additions and 160 deletions.
diff --git a/RELEASE.md b/RELEASE.md
@@ -19,6 +19,8 @@ To make a new release of the helm chart:
   - Look for a new version at https://github.com/open-telemetry/opentelemetry-operator/releases.
   - If needed, in the [Chart.yaml](helm-charts/splunk-otel-collector/Chart.yaml)
     update the operator version and run `helm dependency build`.
+  - If the cert-manager subchart is updated, the helm-charts/splunk-otel-collector/crds/cert-manager.crds.yaml file
+    will need to be updated as well to match. You can run `wget -P helm-charts/splunk-otel-collector/crds https://github.com/cert-manager/cert-manager/releases/download/{VERSION}/cert-manager.crds.yaml"`.
 3. Run `make render` to render all the examples with the latest changes.
 4. Create PR and request review from the team.
 5. When the PR gets merged, the release will automatically be made and the helm repo updated.

diff --git a/docs/auto-instrumentation-install.md b/docs/auto-instrumentation-install.md
@@ -23,34 +23,27 @@ these frameworks often have pre-built instrumentation capabilities already avail
 
 ## Getting started with auto-instrumentation
 
-### 1. If the cert-manager available in the cluster, deploy it
+### 1. Deploy the Helm Chart with the Operator enabled
 
+If a cert-manager is not available in the cluster, then you'll need to deploy it using `--set cert-manager.enabled=true`.
 The cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the
-process of obtaining, renewing and using those certificates. You can use the following make commands to deploy the
-cert-manager.
+process of obtaining, renewing and using those certificates. The operator requires a certificates from the cert-manager
+or other source. You can pass `--set opentelemetry-operator.enabled=true` when deploying the chart to enable the
+operator. You can use commands like in the following example to run these steps..
 
 ```
-make cert-manager
-
-# If make is not availabe, you can use these commands.
+# Check if cert-manager is already installed, don't deploy a second cert-manager.
 kubectl get pods -l app=cert-manager --all-namespaces
-kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.10.0/cert-manager.yaml
-```
-
-### 2. Deploy the Helm Chart with the Operator enabled
 
-You can pass `--set operator.enabled=true` when deploying the chart to enable the operator. You can also use commands
-like in the following example.
-
-```
-VALUES_FILE=examples/enable-operator-and-auto-instrumentation/enable-operator-and-auto-instrumentation-values.yaml
 helm install splunk-otel-collector \
--f $VALUES_FILE \
+-f ./my_values.yaml \
+--set cert-manager.enabled=true \
+--set opentelemetry-operator.enabled=true \
 -n monitoring \
 helm-charts/splunk-otel-collector
 ```
 
-### 3. Deploy the opentelemetry.io/v1alpha1 Instrumentation
+### 2. Deploy the opentelemetry.io/v1alpha1 Instrumentation
 
 This Instrumentation object is a spec to configure what instrumentation libraries to use for instrumentation. An
 Instrumentation object must be available to the target pod for auto-instrumentation to function. Here is an example
@@ -94,24 +87,26 @@ kubectl apply -f splunk-instrumentation.yaml
 kubectl get otelint -o yaml
 ```
 
-### 4. Verify all the OpenTelemetry resources (collector, operator, webhook, instrumentation) are deployed successfully
+### 3. Verify all the OpenTelemetry resources (collector, operator, webhook, instrumentation) are deployed successfully
 
 <details open>
 <summary>Expand for sample output to verify against</summary>
 
 ```
 kubectl  get pods -n monitoring
 # NAME                                                          READY
-# STATUS    RESTARTS   AGE
-# splunk-otel-collector-agent-9ccgn                             2/2     Running   0          3m
-# splunk-otel-collector-agent-ft4xc                             2/2     Running   0          3m
-# splunk-otel-collector-k8s-cluster-receiver-56f7c9cf5b-mgsbj   1/1     Running   0          3m
-# splunk-otel-collector-operator-6dffc898df-5jjkp               2/2     Running   0          3m
+# NAMESPACE     NAME                                                            READY   STATUS
+# monitoring    splunk-otel-collector-agent-lfthw                               2/2     Running
+# monitoring    splunk-otel-collector-cert-manager-6b9fb8b95f-2lmv4             1/1     Running
+# monitoring    splunk-otel-collector-cert-manager-cainjector-6d65b6d4c-khcrc   1/1     Running
+# monitoring    splunk-otel-collector-cert-manager-webhook-87b7ffffc-xp4sr      1/1     Running
+# monitoring    splunk-otel-collector-k8s-cluster-receiver-856f5fbcf9-pqkwg     1/1     Running
+# monitoring    splunk-otel-collector-opentelemetry-operator-56c4ddb4db-zcjgh   2/2     Running
 
 kubectl get mutatingwebhookconfiguration.admissionregistration.k8s.io -n monitoring
 # NAME                                      WEBHOOKS   AGE
-# cert-manager-webhook                      1          8m
-# splunk-otel-collector-operator-mutation   3          2m
+# splunk-otel-collector-cert-manager-webhook              1          14m
+# splunk-otel-collector-opentelemetry-operator-mutation   3          14m
 
 kubectl get otelinst -n spring-petclinic
 # NAME                          AGE   ENDPOINT

diff --git a/...le-operator-and-auto-instrumentation/enable-operator-and-auto-instrumentation-values.yaml b/...le-operator-and-auto-instrumentation/enable-operator-and-auto-instrumentation-values.yaml
@@ -7,5 +7,5 @@ splunkObservability:
 clusterName: CHANGEME
 environment: CHANGEME
 
-operator:
+opentelemetry-operator:
   enabled: true
diff --git a/...s/operator-webhook-with-cert-manager.yaml → ...s/operator-webhook-with-cert-manager.yaml b/...s/operator-webhook-with-cert-manager.yaml → ...s/operator-webhook-with-cert-manager.yaml
@@ -1,24 +1,24 @@
 ---
-# Source: splunk-otel-collector/charts/operator/templates/admission-webhooks/operator-webhook-with-cert-manager.yaml
+# Source: splunk-otel-collector/charts/opentelemetry-operator/templates/admission-webhooks/operator-webhook-with-cert-manager.yaml
 apiVersion: admissionregistration.k8s.io/v1
 kind: MutatingWebhookConfiguration
 metadata:
   annotations:
-    cert-manager.io/inject-ca-from: default/default-operator-serving-cert
+    cert-manager.io/inject-ca-from: default/default-opentelemetry-operator-serving-cert
   labels:
-    helm.sh/chart: operator-0.24.0
-    app.kubernetes.io/name: operator
+    helm.sh/chart: opentelemetry-operator-0.24.0
+    app.kubernetes.io/name: opentelemetry-operator
     app.kubernetes.io/version: "0.70.0"
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/instance: default
     app.kubernetes.io/component: webhook
-  name: default-operator-mutation
+  name: default-opentelemetry-operator-mutation
 webhooks:
   - admissionReviewVersions:
       - v1
     clientConfig:
       service:
-        name: default-operator-webhook
+        name: default-opentelemetry-operator-webhook
         namespace: default
         path: /mutate-opentelemetry-io-v1alpha1-instrumentation
     failurePolicy: Fail
@@ -39,7 +39,7 @@ webhooks:
       - v1
     clientConfig:
       service:
-        name: default-operator-webhook
+        name: default-opentelemetry-operator-webhook
         namespace: default
         path: /mutate-opentelemetry-io-v1alpha1-opentelemetrycollector
     failurePolicy: Fail
@@ -60,7 +60,7 @@ webhooks:
       - v1
     clientConfig:
       service:
-        name: default-operator-webhook
+        name: default-opentelemetry-operator-webhook
         namespace: default
         path: /mutate-v1-pod
     failurePolicy: Ignore
@@ -78,26 +78,26 @@ webhooks:
     sideEffects: None
     timeoutSeconds: 10
 ---
-# Source: splunk-otel-collector/charts/operator/templates/admission-webhooks/operator-webhook-with-cert-manager.yaml
+# Source: splunk-otel-collector/charts/opentelemetry-operator/templates/admission-webhooks/operator-webhook-with-cert-manager.yaml
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
   annotations:
-    cert-manager.io/inject-ca-from: default/default-operator-serving-cert
+    cert-manager.io/inject-ca-from: default/default-opentelemetry-operator-serving-cert
   labels:
-    helm.sh/chart: operator-0.24.0
-    app.kubernetes.io/name: operator
+    helm.sh/chart: opentelemetry-operator-0.24.0
+    app.kubernetes.io/name: opentelemetry-operator
     app.kubernetes.io/version: "0.70.0"
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/instance: default
     app.kubernetes.io/component: webhook
-  name: default-operator-validation
+  name: default-opentelemetry-operator-validation
 webhooks:
   - admissionReviewVersions:
       - v1
     clientConfig:
       service:
-        name: default-operator-webhook
+        name: default-opentelemetry-operator-webhook
         namespace: default
         path: /validate-opentelemetry-io-v1alpha1-instrumentation
     failurePolicy: Fail
@@ -118,7 +118,7 @@ webhooks:
       - v1
     clientConfig:
       service:
-        name: default-operator-webhook
+        name: default-opentelemetry-operator-webhook
         namespace: default
         path: /validate-opentelemetry-io-v1alpha1-instrumentation
     failurePolicy: Ignore
@@ -138,7 +138,7 @@ webhooks:
       - v1
     clientConfig:
       service:
-        name: default-operator-webhook
+        name: default-opentelemetry-operator-webhook
         namespace: default
         path: /validate-opentelemetry-io-v1alpha1-opentelemetrycollector
     failurePolicy: Fail
@@ -159,7 +159,7 @@ webhooks:
       - v1
     clientConfig:
       service:
-        name: default-operator-webhook
+        name: default-opentelemetry-operator-webhook
         namespace: default
         path: /validate-opentelemetry-io-v1alpha1-opentelemetrycollector
     failurePolicy: Ignore

diff --git a/...rator-and-auto-instrumentation/rendered_manifests/opentelemetry-operator/certmanager.yaml b/...rator-and-auto-instrumentation/rendered_manifests/opentelemetry-operator/certmanager.yaml
@@ -0,0 +1,41 @@
+---
+# Source: splunk-otel-collector/charts/opentelemetry-operator/templates/certmanager.yaml
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  labels:
+    helm.sh/chart: opentelemetry-operator-0.24.0
+    app.kubernetes.io/name: opentelemetry-operator
+    app.kubernetes.io/version: "0.70.0"
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/instance: default
+    app.kubernetes.io/component: webhook
+  name: default-opentelemetry-operator-serving-cert
+  namespace: default
+spec:
+  dnsNames:
+    - default-opentelemetry-operator-webhook.default.svc
+    - default-opentelemetry-operator-webhook.default.svc.cluster.local
+  issuerRef:
+    kind: Issuer
+    name: default-opentelemetry-operator-selfsigned-issuer
+  secretName: default-opentelemetry-operator-controller-manager-service-cert
+  subject:
+    organizationalUnits:
+      - default-opentelemetry-operator
+---
+# Source: splunk-otel-collector/charts/opentelemetry-operator/templates/certmanager.yaml
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  labels:
+    helm.sh/chart: opentelemetry-operator-0.24.0
+    app.kubernetes.io/name: opentelemetry-operator
+    app.kubernetes.io/version: "0.70.0"
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/instance: default
+    app.kubernetes.io/component: webhook
+  name: default-opentelemetry-operator-selfsigned-issuer
+  namespace: default
+spec:
+  selfSigned: {}
diff --git a/...dered_manifests/operator/clusterrole.yaml → ...s/opentelemetry-operator/clusterrole.yaml b/...dered_manifests/operator/clusterrole.yaml → ...s/opentelemetry-operator/clusterrole.yaml
@@ -1,16 +1,16 @@
 ---
-# Source: splunk-otel-collector/charts/operator/templates/clusterrole.yaml
+# Source: splunk-otel-collector/charts/opentelemetry-operator/templates/clusterrole.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   labels:
-    helm.sh/chart: operator-0.24.0
-    app.kubernetes.io/name: operator
+    helm.sh/chart: opentelemetry-operator-0.24.0
+    app.kubernetes.io/name: opentelemetry-operator
     app.kubernetes.io/version: "0.70.0"
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/instance: default
     app.kubernetes.io/component: controller-manager
-  name: default-operator-manager
+  name: default-opentelemetry-operator-manager
 rules:
   - apiGroups:
       - ""
@@ -188,36 +188,36 @@ rules:
     - update
     - watch
 ---
-# Source: splunk-otel-collector/charts/operator/templates/clusterrole.yaml
+# Source: splunk-otel-collector/charts/opentelemetry-operator/templates/clusterrole.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   labels:
-    helm.sh/chart: operator-0.24.0
-    app.kubernetes.io/name: operator
+    helm.sh/chart: opentelemetry-operator-0.24.0
+    app.kubernetes.io/name: opentelemetry-operator
     app.kubernetes.io/version: "0.70.0"
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/instance: default
     app.kubernetes.io/component: controller-manager
-  name: default-operator-metrics
+  name: default-opentelemetry-operator-metrics
 rules:
   - nonResourceURLs:
       - /metrics
     verbs:
       - get
 ---
-# Source: splunk-otel-collector/charts/operator/templates/clusterrole.yaml
+# Source: splunk-otel-collector/charts/opentelemetry-operator/templates/clusterrole.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   labels:
-    helm.sh/chart: operator-0.24.0
-    app.kubernetes.io/name: operator
+    helm.sh/chart: opentelemetry-operator-0.24.0
+    app.kubernetes.io/name: opentelemetry-operator
     app.kubernetes.io/version: "0.70.0"
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/instance: default
     app.kubernetes.io/component: controller-manager
-  name: default-operator-proxy
+  name: default-opentelemetry-operator-proxy
 rules:
   - apiGroups:
       - authentication.k8s.io

diff --git a/...anifests/operator/clusterrolebinding.yaml → ...elemetry-operator/clusterrolebinding.yaml b/...anifests/operator/clusterrolebinding.yaml → ...elemetry-operator/clusterrolebinding.yaml
@@ -1,42 +1,42 @@
 ---
-# Source: splunk-otel-collector/charts/operator/templates/clusterrolebinding.yaml
+# Source: splunk-otel-collector/charts/opentelemetry-operator/templates/clusterrolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   labels:
-    helm.sh/chart: operator-0.24.0
-    app.kubernetes.io/name: operator
+    helm.sh/chart: opentelemetry-operator-0.24.0
+    app.kubernetes.io/name: opentelemetry-operator
     app.kubernetes.io/version: "0.70.0"
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/instance: default
     app.kubernetes.io/component: controller-manager
-  name: default-operator-manager
+  name: default-opentelemetry-operator-manager
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: default-operator-manager
+  name: default-opentelemetry-operator-manager
 subjects:
   - kind: ServiceAccount
-    name: operator
+    name: opentelemetry-operator
     namespace: default
 ---
-# Source: splunk-otel-collector/charts/operator/templates/clusterrolebinding.yaml
+# Source: splunk-otel-collector/charts/opentelemetry-operator/templates/clusterrolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   labels:
-    helm.sh/chart: operator-0.24.0
-    app.kubernetes.io/name: operator
+    helm.sh/chart: opentelemetry-operator-0.24.0
+    app.kubernetes.io/name: opentelemetry-operator
     app.kubernetes.io/version: "0.70.0"
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/instance: default
     app.kubernetes.io/component: controller-manager
-  name: default-operator-proxy
+  name: default-opentelemetry-operator-proxy
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: default-operator-proxy
+  name: default-opentelemetry-operator-proxy
 subjects:
   - kind: ServiceAccount
-    name: operator
+    name: opentelemetry-operator
     namespace: default