Merge branch 'log-5224' of github.com:JoaoBraveCoding/multi-cluster-o…

…bservability-addon into log-5224

deploy/resources/cluster-management-addon.yaml

@@ -11,7 +11,6 @@ spec:
   supportedConfigs:
     # Describes the general addon configuration applicable for all managed clusters. It includes:
     # - Default subscription channel name for install the `Red Hat OpenShift Logging` operator on each managed cluster.
-    # - Default subscription channel name for install the `Red Hat OpenShift distributed tracing data collection` operator on each managed cluster.
     - group: addon.open-cluster-management.io
       resource: addondeploymentconfigs
       defaultConfig:
@@ -36,4 +35,4 @@ spec:
           - group: opentelemetry.io
             resource: opentelemetrycollectors
             name: instance
-            namespace: open-cluster-management
+            namespace: open-cluster-management

hack/addon-install/Chart.yaml

@@ -2,4 +2,4 @@ apiVersion: v1
 description: A Helm chart to help testing the mcoa addon
 name: addon-testing
 version: 1.0.0
-appVersion: "1.0.0"
+appVersion: "1.0.0"

hack/addon-install/templates/aws-secret.yaml

@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: aws-credentials
-  namespace: spoke
+  namespace: {{ .Values.spokeClusterName }}
 type: Opaque
 data:
   access_key_id: {{ .Values.awsCredentials.accessKeyID | b64enc }}

hack/addon-install/templates/instance.yaml → hack/addon-install/templates/clf-instance.yaml

@@ -19,4 +19,4 @@ spec:
      inputRefs:
      - infrastructure
      outputRefs:
-     - cw
+     - cw

hack/addon-install/templates/otelcol-instance.yaml

@@ -0,0 +1,47 @@
+apiVersion: opentelemetry.io/v1alpha1
+kind: OpenTelemetryCollector
+metadata:
+  name: instance
+  namespace: open-cluster-management
+  annotations:
+    authentication.mcoa.openshift.io/otlp: ExistingSecret
+spec:
+  config: |
+    exporters:
+      debug:
+      otlp:
+        endpoint: {{ .Values.hubCollector.route }}
+        headers:
+            x-scope-orgid: {{ .Values.spokeClusterName }}
+        tls:
+          ca_file: /tracing-otlp-auth/ca-bundle.crt
+          cert_file: /tracing-otlp-auth/tls.crt
+          insecure: false
+          key_file: /tracing-otlp-auth/tls.key
+    processors:
+    receivers:
+      jaeger:
+        protocols:
+            grpc:
+      otlp:
+        protocols:
+          grpc:
+          http:
+    service:
+      pipelines:
+        traces:
+          exporters:
+            - otlp
+            - debug
+          processors: []
+          receivers:
+            - jaeger
+            - otlp
+  mode: deployment
+  volumeMounts:
+  - mountPath: /tracing-otlp-auth
+    name: tracing-otlp-auth
+  volumes:
+  - name: tracing-otlp-auth
+    secret:
+      secretName: tracing-otlp-auth

hack/addon-install/values.yaml

@@ -1,5 +1,8 @@
-spokeClusterName: spoke
+spokeClusterName: spoke-1
 
 awsCredentials:
   accessKeyID: XXXXXXX
   accessKeySecret: XXXXXX
+
+hubCollector:
+  route: XXXXXXX

internal/addon/authentication/provider.go

@@ -113,7 +113,7 @@ func (sp *secretsProvider) getSecretReference(ctx context.Context, secretName st
 
 // buildAuthenticationFromAnnotations given a set of annotations this function
 // will return a map that has as keys the Targets and values AuthenticationTypes.
-// The annotation used is defined in the contant "AnnotationAuthOutput" 
+// The annotation used is defined in the contant "AnnotationAuthOutput"
 func buildAuthenticationFromAnnotations(annotations map[string]string) (map[Target]AuthenticationType, error) {
 	result := make(map[Target]AuthenticationType)
 	for annotation, annValue := range annotations {

internal/tracing/handlers/handler.go

@@ -2,12 +2,16 @@ package handlers
 
 import (
 	"context"
+	"fmt"
+	"strings"
 
 	otelv1alpha1 "github.com/open-telemetry/opentelemetry-operator/apis/v1alpha1"
 	"github.com/rhobs/multicluster-observability-addon/internal/addon"
 	"github.com/rhobs/multicluster-observability-addon/internal/addon/authentication"
 	"github.com/rhobs/multicluster-observability-addon/internal/tracing/manifests"
 	"github.com/rhobs/multicluster-observability-addon/internal/tracing/manifests/otelcol"
+	v1 "k8s.io/api/core/v1"
+	"k8s.io/klog/v2"
 	addonapiv1alpha1 "open-cluster-management.io/api/addon/v1alpha1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
@@ -16,6 +20,12 @@ const (
 	opentelemetryCollectorResource = "opentelemetrycollectors"
 )
 
+var (
+	errNoExportersFound       = fmt.Errorf("no exporters found")
+	errNoMountPathFound       = fmt.Errorf("mountpath not found in any secret")
+	errNoVolumeMountForSecret = fmt.Errorf("no volumemount found for secret")
+)
+
 func BuildOptions(k8s client.Client, mcAddon *addonapiv1alpha1.ManagedClusterAddOn, adoc *addonapiv1alpha1.AddOnDeploymentConfig) (manifests.Options, error) {
 	resources := manifests.Options{
 		AddOnDeploymentConfig: adoc,
@@ -28,19 +38,11 @@ func BuildOptions(k8s client.Client, mcAddon *addonapiv1alpha1.ManagedClusterAdd
 		return resources, err
 	}
 	resources.OpenTelemetryCollector = otelCol
-	cfg, err := otelcol.ConfigFromString(otelCol.Spec.Config)
-	if err != nil {
-		return resources, err
-	}
-	exporters, err := otelcol.GetExporters(cfg)
-	if err != nil {
-		return resources, err
-	}
+	klog.Info("OpenTelemetry Collector template found")
 
-	targetSecretName := make(map[authentication.Target]string)
-	for exporterName := range exporters {
-		// TODO @iblancas help!
-		targetSecretName[authentication.Target(exporterName)] = "TODO"
+	targetSecretName, err := buildExportersSecrets(otelCol)
+	if err != nil {
+		return resources, nil
 	}
 
 	ctx := context.Background()
@@ -57,3 +59,78 @@ func BuildOptions(k8s client.Client, mcAddon *addonapiv1alpha1.ManagedClusterAdd
 
 	return resources, nil
 }
+
+func buildExportersSecrets(otelCol *otelv1alpha1.OpenTelemetryCollector) (map[authentication.Target]string, error) {
+	exporterSecrets := map[authentication.Target]string{}
+
+	exporters, err := getExporters(otelCol)
+	if err != nil {
+		return exporterSecrets, err
+	}
+
+	if len(exporters) == 0 {
+		return exporterSecrets, errNoExportersFound
+	}
+
+	for _, vol := range otelCol.Spec.Volumes {
+		// We only care about volumes created from secrets
+		if vol.Secret != nil {
+			vm, err := getVolumeMount(otelCol, vol.Secret.SecretName)
+			if err != nil {
+				return exporterSecrets, err
+			}
+			exporter, err := searchVolumeMountInExporter(vm, exporters)
+			if err != nil {
+				klog.Warning(err)
+				continue
+			}
+			klog.Info("exporter ", exporter, " uses secret ", vol.Secret.SecretName)
+			exporterSecrets[authentication.Target(exporter)] = vol.Secret.SecretName
+		}
+	}
+	return exporterSecrets, nil
+}
+
+// getVolumeMount gets the VolumeMount associated to a secret.
+func getVolumeMount(otelCol *otelv1alpha1.OpenTelemetryCollector, secretName string) (v1.VolumeMount, error) {
+	for _, vm := range otelCol.Spec.VolumeMounts {
+		if vm.Name == secretName {
+			return vm, nil
+		}
+	}
+	return v1.VolumeMount{}, errNoVolumeMountForSecret
+}
+
+// searchVolumeMountInExporter checks if the VolumeMount is used in any exporter
+func searchVolumeMountInExporter(vm v1.VolumeMount, exporters map[string]interface{}) (string, error) {
+	for name, eMap := range exporters {
+		if eMap == nil {
+			continue
+		}
+
+		t, ok := eMap.(map[string]interface{})["tls"]
+		if !ok {
+			continue
+		}
+		tls := t.(map[string]interface{})
+		if strings.HasPrefix(tls["cert_file"].(string), vm.MountPath) ||
+			strings.HasPrefix(tls["key_file"].(string), vm.MountPath) ||
+			strings.HasPrefix(tls["ca_file"].(string), vm.MountPath) {
+			return name, nil
+		}
+	}
+	return "", errNoMountPathFound
+}
+
+// getExporters gets the exporters from the OpenTelemetryCollector
+func getExporters(otelCol *otelv1alpha1.OpenTelemetryCollector) (map[string]interface{}, error) {
+	var exporters map[string]interface{}
+
+	cfg, err := otelcol.ConfigFromString(otelCol.Spec.Config)
+	if err != nil {
+		return exporters, err
+	}
+
+	exporters, err = otelcol.GetExporters(cfg)
+	return exporters, err
+}

internal/tracing/helm_test.go

@@ -183,7 +183,7 @@ func Test_Tracing_AllConfigsTogether_AllResources(t *testing.T) {
 	// Render manifests and return them as k8s runtime objects
 	objects, err := tracingAgentAddon.Manifests(managedCluster, managedClusterAddOn)
 	require.NoError(t, err)
-	require.Equal(t, 6, len(objects))
+	require.Equal(t, 5, len(objects))
 
 	for _, obj := range objects {
 		switch obj := obj.(type) {