Merge branch 'master' into remove_spot

Author: Muni10

README.md

@@ -89,7 +89,7 @@ can be sent to a Kafka topic. There's a few prerequisites to develop with this e
 #### Update and compile Protobuf definition
 
 Whenever the Protobuf definition is updated you can update using `make proto`. It will download the definitions, compile
-and place them in the correct packages. 
+and place them in the correct packages.
 
 ### Code generation
 

charts/naiserator/Feature.yaml

@@ -169,6 +169,11 @@ values:
   naiserator.observability.otel.enabled:
     computed:
       template: '{{ne .Kind "onprem"}}'
+  naiserator.observability.otel.auto-instrumentation.enabled:
+    config:
+      type: bool
+    ignoreKind:
+      - onprem
   naiserator.observability.logging.destinations:
     computed:
       # Find all logging_*_default_flow environment variables and use for configuration of available log destinations

charts/naiserator/values.yaml

@@ -59,6 +59,9 @@ naiserator:
   observability:
     otel:
       enabled: false
+      auto-instrumentation:
+        enabled: false
+        app-config: "nais-system/apps"
       collector:
         labels:
           - "app.kubernetes.io/name=opentelemetry-collector"

go.mod

@@ -13,7 +13,7 @@ require (
 	github.com/magiconair/properties v1.8.7
 	github.com/mitchellh/hashstructure v1.1.0
 	github.com/mitchellh/mapstructure v1.5.0
-	github.com/nais/liberator v0.0.0-20240220103506-4507fc2aaa3c
+	github.com/nais/liberator v0.0.0-20240223134957-13b72a76ba9d
 	github.com/novln/docker-parser v1.0.0
 	github.com/prometheus/client_golang v1.17.0
 	github.com/sirupsen/logrus v1.9.3

go.sum

@@ -244,8 +244,8 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/nais/liberator v0.0.0-20240220103506-4507fc2aaa3c h1:heFDGaSKO/ZIVNwGfybuqTXUOfaT0NXJ64Yety4B+qg=
-github.com/nais/liberator v0.0.0-20240220103506-4507fc2aaa3c/go.mod h1:cWThp1WBBbkRFhMI2DQMvBTTEN+6GPzmmh+Xjv8vffE=
+github.com/nais/liberator v0.0.0-20240223134957-13b72a76ba9d h1:NA//xj14122osF306Q19oARHyg9JW7g4qJReFO1O3Ds=
+github.com/nais/liberator v0.0.0-20240223134957-13b72a76ba9d/go.mod h1:cWThp1WBBbkRFhMI2DQMvBTTEN+6GPzmmh+Xjv8vffE=
 github.com/novln/docker-parser v1.0.0 h1:PjEBd9QnKixcWczNGyEdfUrP6GR0YUilAqG7Wksg3uc=
 github.com/novln/docker-parser v1.0.0/go.mod h1:oCeM32fsoUwkwByB5wVjsrsVQySzPWkl3JdlTn1txpE=
 github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=

pkg/naiserator/config/config.go

@@ -70,8 +70,14 @@ type Observability struct {
 }
 
 type Otel struct {
-	Enabled   bool          `json:"enabled"`
-	Collector OtelCollector `json:"collector"`
+	Enabled             bool                `json:"enabled"`
+	Collector           OtelCollector       `json:"collector"`
+	AutoInstrumentation AutoInstrumentation `json:"auto-instrumentation"`
+}
+
+type AutoInstrumentation struct {
+	Enabled   bool   `json:"enabled"`
+	AppConfig string `json:"app-config"`
 }
 
 type OtelCollector struct {
@@ -173,67 +179,69 @@ type Config struct {
 }
 
 const (
-	AivenProject                        = "aiven-project"
-	AivenRange                          = "aiven-range"
-	ApiServerIp                         = "api-server-ip"
-	Bind                                = "bind"
-	HealthProbeBindAddress              = "health-probe-bind-address"
-	ClusterName                         = "cluster-name"
-	DryRun                              = "dry-run"
-	NaisNamespace                       = "nais-namespace"
-	FeaturesAccessPolicyNotAllowedCIDRs = "features.access-policy-not-allowed-cidrs"
-	FeaturesAzurerator                  = "features.azurerator"
-	FeaturesGCP                         = "features.gcp"
-	FeaturesIDPorten                    = "features.idporten"
-	FeaturesJwker                       = "features.jwker"
-	FeaturesCNRM                        = "features.cnrm"
-	FeaturesKafkarator                  = "features.kafkarator"
-	FeaturesLinkerd                     = "features.linkerd"
-	FeaturesMaskinporten                = "features.maskinporten"
-	FeaturesNetworkPolicy               = "features.network-policy"
-	FeaturesPrometheusOperator          = "features.prometheus-operator"
-	FeaturesVault                       = "features.vault"
-	FeaturesWebhook                     = "features.webhook"
-	FeaturesWonderwall                  = "features.wonderwall"
-	FeaturesLegacyGCP                   = "features.legacy-gcp"
-	FQDNPolicyEnabled                   = "fqdn-policy.enabled"
-	GoogleCloudSQLProxyContainerImage   = "google-cloud-sql-proxy-container-image"
-	GoogleProjectId                     = "google-project-id"
-	InformerFullSynchronizationInterval = "informer.full-sync-interval"
-	KafkaBrokers                        = "kafka.brokers"
-	KafkaEnabled                        = "kafka.enabled"
-	KafkaLogVerbosity                   = "kafka.log-verbosity"
-	KafkaTLSCAPath                      = "kafka.tls.ca-path"
-	KafkaTLSCertificatePath             = "kafka.tls.certificate-path"
-	KafkaTLSEnabled                     = "kafka.tls.enabled"
-	KafkaTLSInsecure                    = "kafka.tls.insecure"
-	KafkaTLSPrivateKeyPath              = "kafka.tls.private-key-path"
-	KafkaTopic                          = "kafka.topic"
-	KubeConfig                          = "kubeconfig"
-	LeaderElectionImage                 = "leader-election.image"
-	MaxConcurrentReconciles             = "max-concurrent-reconciles"
-	ObservabilityLoggingDestinations    = "observability.logging.destinations"
-	ObservabilityOtelCollectorLabels    = "observability.otel.collector.labels"
-	ObservabilityOtelCollectorNamespace = "observability.otel.collector.namespace"
-	ObservabilityOtelCollectorPort      = "observability.otel.collector.port"
-	ObservabilityOtelCollectorProtocol  = "observability.otel.collector.protocol"
-	ObservabilityOtelCollectorService   = "observability.otel.collector.service"
-	ObservabilityOtelCollectorTLS       = "observability.otel.collector.tls"
-	ObservabilityOtelEnabled            = "observability.otel.enabled"
-	ProxyAddress                        = "proxy.address"
-	ProxyExclude                        = "proxy.exclude"
-	RateLimitBurst                      = "ratelimit.burst"
-	RateLimitQPS                        = "ratelimit.qps"
-	SecurelogsConfigMapReloadImage      = "securelogs.configmap-reload-image"
-	SecurelogsFluentdImage              = "securelogs.fluentd-image"
-	SynchronizerRolloutCheckInterval    = "synchronizer.rollout-check-interval"
-	SynchronizerRolloutTimeout          = "synchronizer.rollout-timeout"
-	SynchronizerSynchronizationTimeout  = "synchronizer.synchronization-timeout"
-	VaultAddress                        = "vault.address"
-	VaultAuthPath                       = "vault.auth-path"
-	VaultInitContainerImage             = "vault.init-container-image"
-	VaultKvPath                         = "vault.kv-path"
-	WonderwallImage                     = "wonderwall.image"
+	AivenProject                                  = "aiven-project"
+	AivenRange                                    = "aiven-range"
+	ApiServerIp                                   = "api-server-ip"
+	Bind                                          = "bind"
+	HealthProbeBindAddress                        = "health-probe-bind-address"
+	ClusterName                                   = "cluster-name"
+	DryRun                                        = "dry-run"
+	NaisNamespace                                 = "nais-namespace"
+	FeaturesAccessPolicyNotAllowedCIDRs           = "features.access-policy-not-allowed-cidrs"
+	FeaturesAzurerator                            = "features.azurerator"
+	FeaturesGCP                                   = "features.gcp"
+	FeaturesIDPorten                              = "features.idporten"
+	FeaturesJwker                                 = "features.jwker"
+	FeaturesCNRM                                  = "features.cnrm"
+	FeaturesKafkarator                            = "features.kafkarator"
+	FeaturesLinkerd                               = "features.linkerd"
+	FeaturesMaskinporten                          = "features.maskinporten"
+	FeaturesNetworkPolicy                         = "features.network-policy"
+	FeaturesPrometheusOperator                    = "features.prometheus-operator"
+	FeaturesVault                                 = "features.vault"
+	FeaturesWebhook                               = "features.webhook"
+	FeaturesWonderwall                            = "features.wonderwall"
+	FeaturesLegacyGCP                             = "features.legacy-gcp"
+	FQDNPolicyEnabled                             = "fqdn-policy.enabled"
+	GoogleCloudSQLProxyContainerImage             = "google-cloud-sql-proxy-container-image"
+	GoogleProjectId                               = "google-project-id"
+	InformerFullSynchronizationInterval           = "informer.full-sync-interval"
+	KafkaBrokers                                  = "kafka.brokers"
+	KafkaEnabled                                  = "kafka.enabled"
+	KafkaLogVerbosity                             = "kafka.log-verbosity"
+	KafkaTLSCAPath                                = "kafka.tls.ca-path"
+	KafkaTLSCertificatePath                       = "kafka.tls.certificate-path"
+	KafkaTLSEnabled                               = "kafka.tls.enabled"
+	KafkaTLSInsecure                              = "kafka.tls.insecure"
+	KafkaTLSPrivateKeyPath                        = "kafka.tls.private-key-path"
+	KafkaTopic                                    = "kafka.topic"
+	KubeConfig                                    = "kubeconfig"
+	LeaderElectionImage                           = "leader-election.image"
+	MaxConcurrentReconciles                       = "max-concurrent-reconciles"
+	ObservabilityLoggingDestinations              = "observability.logging.destinations"
+	ObservabilityOtelCollectorLabels              = "observability.otel.collector.labels"
+	ObservabilityOtelCollectorNamespace           = "observability.otel.collector.namespace"
+	ObservabilityOtelCollectorPort                = "observability.otel.collector.port"
+	ObservabilityOtelCollectorProtocol            = "observability.otel.collector.protocol"
+	ObservabilityOtelCollectorService             = "observability.otel.collector.service"
+	ObservabilityOtelCollectorTLS                 = "observability.otel.collector.tls"
+	ObservabilityOtelEnabled                      = "observability.otel.enabled"
+	ObservabilityOtelAutoInstrumentationAppConfig = "observability.otel.auto-instrumentation.app-config"
+	ObservabilityOtelAutoInstrumentationEnabled   = "observability.otel.auto-instrumentation.enabled"
+	ProxyAddress                                  = "proxy.address"
+	ProxyExclude                                  = "proxy.exclude"
+	RateLimitBurst                                = "ratelimit.burst"
+	RateLimitQPS                                  = "ratelimit.qps"
+	SecurelogsConfigMapReloadImage                = "securelogs.configmap-reload-image"
+	SecurelogsFluentdImage                        = "securelogs.fluentd-image"
+	SynchronizerRolloutCheckInterval              = "synchronizer.rollout-check-interval"
+	SynchronizerRolloutTimeout                    = "synchronizer.rollout-timeout"
+	SynchronizerSynchronizationTimeout            = "synchronizer.synchronization-timeout"
+	VaultAddress                                  = "vault.address"
+	VaultAuthPath                                 = "vault.auth-path"
+	VaultInitContainerImage                       = "vault.init-container-image"
+	VaultKvPath                                   = "vault.kv-path"
+	WonderwallImage                               = "wonderwall.image"
 )
 
 func bindNAIS() {
@@ -302,6 +310,8 @@ func init() {
 	flag.String(ObservabilityOtelCollectorNamespace, "nais-system", "namespace of the OpenTelemetry collector")
 	flag.String(ObservabilityOtelCollectorService, "opentelmetry-collector", "service name of the OpenTelemetry collector")
 	flag.String(ObservabilityOtelCollectorProtocol, "grpc", "protocol used by the OpenTelemetry collector")
+	flag.Bool(ObservabilityOtelAutoInstrumentationEnabled, false, "enable OpenTelemetry auto-instrumentation")
+	flag.String(ObservabilityOtelAutoInstrumentationAppConfig, "nais-system/apps", "path to OpenTelemetry auto-instrumentation config")
 	flag.Int(ObservabilityOtelCollectorPort, 4317, "port used by the OpenTelemetry collector")
 	flag.Bool(ObservabilityOtelCollectorTLS, false, "use TLS for the OpenTelemetry collector")
 	flag.StringArray(ObservabilityOtelCollectorLabels, []string{}, "list of labels to be used by the OpenTelemetry collector")

pkg/resourcecreator/observability/observability.go

@@ -37,6 +37,9 @@ const otelExporterInsecure = "OTEL_EXPORTER_OTLP_INSECURE"
 const logLabelDefault = "logs.nais.io/flow-default"
 const logLabelPrefix = "logs.nais.io/flow-"
 
+const autoInstrumentationInjectAnnotationPrefix = "instrumentation.opentelemetry.io/inject-"
+const autoInstrumentationContainerNamesAnnotation = "instrumentation.opentelemetry.io/container-names"
+
 func otelEndpointFromConfig(collector config.OtelCollector) string {
 	schema := "http"
 	if collector.Tls {
@@ -73,7 +76,17 @@ func otelEnvVars(source Source, otel config.Otel) []corev1.EnvVar {
 	}
 }
 
-func labelsFromCollectorConfig(collector config.OtelCollector) map[string]string {
+func otelAutoInstrumentAnnotations(source Source, otel config.Otel) map[string]string {
+	runtime := source.GetObservability().AutoInstrumentation.Runtime
+	autoInstrumentationInjectAnnotation := autoInstrumentationInjectAnnotationPrefix + runtime
+
+	return map[string]string{
+		autoInstrumentationInjectAnnotation:         otel.AutoInstrumentation.AppConfig,
+		autoInstrumentationContainerNamesAnnotation: source.GetName(),
+	}
+}
+
+func netpolLabelsFromCollectorConfig(collector config.OtelCollector) map[string]string {
 	labels := collector.Labels
 	labelMap := make(map[string]string, len(labels))
 	for _, label := range labels {
@@ -86,7 +99,29 @@ func labelsFromCollectorConfig(collector config.OtelCollector) map[string]string
 	return labelMap
 }
 
-func tracingNetpol(source Source, otel config.Otel) (*networkingv1.NetworkPolicy, error) {
+func logLabels(obs *nais_io_v1.Observability, cfg config.Logging) (map[string]string, error) {
+	if !obs.Logging.Enabled {
+		return map[string]string{logLabelDefault: "false"}, nil
+	}
+
+	labels := map[string]string{}
+
+	if len(obs.Logging.Destinations) > 0 {
+		labels[logLabelDefault] = "false"
+
+		for _, destination := range obs.Logging.Destinations {
+			if !slices.Contains(cfg.Destinations, destination.ID) {
+				return nil, fmt.Errorf("logging destination %q does not exist in cluster", destination.ID)
+			}
+
+			labels[logLabelPrefix+destination.ID] = "true"
+		}
+	}
+
+	return labels, nil
+}
+
+func otelNetpol(source Source, otel config.Otel) (*networkingv1.NetworkPolicy, error) {
 	name, err := namegen.ShortName(source.GetName()+"-"+"tracing", validation.DNS1035LabelMaxLength)
 	if err != nil {
 		return nil, err
@@ -96,7 +131,7 @@ func tracingNetpol(source Source, otel config.Otel) (*networkingv1.NetworkPolicy
 	objectMeta.Name = name
 
 	protocolTCP := corev1.ProtocolTCP
-	collectorLabels := labelsFromCollectorConfig(otel.Collector)
+	collectorLabels := netpolLabelsFromCollectorConfig(otel.Collector)
 
 	return &networkingv1.NetworkPolicy{
 		ObjectMeta: objectMeta,
@@ -147,36 +182,42 @@ func Create(source Source, ast *resource.Ast, config Config) error {
 		return nil
 	}
 
-	if obs.Tracing != nil && obs.Tracing.Enabled {
+	if obs.AutoInstrumentation != nil && obs.AutoInstrumentation.Enabled && obs.Tracing != nil && obs.Tracing.Enabled {
+		return fmt.Errorf("auto-instrumentation and tracing cannot be enabled at the same time")
+	}
+
+	if (obs.Tracing != nil && obs.Tracing.Enabled) || (obs.AutoInstrumentation != nil && obs.AutoInstrumentation.Enabled) {
 		if !cfg.Otel.Enabled {
-			return fmt.Errorf("tracing is not supported in this cluster configuration")
+			return fmt.Errorf("opentelemetry is not supported for this cluster")
 		}
 
-		netpol, err := tracingNetpol(source, cfg.Otel)
+		if !cfg.Otel.AutoInstrumentation.Enabled && obs.AutoInstrumentation != nil && obs.AutoInstrumentation.Enabled {
+			return fmt.Errorf("auto-instrumentation is not supported for this cluster")
+		}
+
+		netpol, err := otelNetpol(source, cfg.Otel)
 		if err != nil {
 			return err
 		}
 
+		if obs.AutoInstrumentation != nil && obs.AutoInstrumentation.Enabled {
+			for k, v := range otelAutoInstrumentAnnotations(source, cfg.Otel) {
+				ast.Annotations[k] = v
+			}
+		}
+
 		ast.Env = append(ast.Env, otelEnvVars(source, cfg.Otel)...)
 		ast.AppendOperation(resource.OperationCreateOrUpdate, netpol)
 	}
 
 	if obs.Logging != nil {
-		if !obs.Logging.Enabled {
-			ast.Labels[logLabelDefault] = "false"
-			return nil
+		logLabels, err := logLabels(obs, cfg.Logging)
+		if err != nil {
+			return err
 		}
 
-		if len(obs.Logging.Destinations) > 0 {
-			ast.Labels[logLabelDefault] = "false"
-
-			for _, destination := range obs.Logging.Destinations {
-				if !slices.Contains(cfg.Logging.Destinations, destination.ID) {
-					return fmt.Errorf("logging destination %q does not exist in cluster", destination.ID)
-				}
-
-				ast.Labels[logLabelPrefix+destination.ID] = "true"
-			}
+		for k, v := range logLabels {
+			ast.Labels[k] = v
 		}
 	}