Fix auto-instrumentation with multi annotation

Signed-off-by: Yuri Oliveira <yurimsa@gmail.com>

Author: yuriolisa

.chloggen/fix-auto-instrumentation-annotations.yaml

@@ -0,0 +1,16 @@
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: 'bug_fix'
+
+# The name of the component, or a single word describing the area of concern, (e.g. collector, target allocator, auto-instrumentation, opamp, github action)
+component: operator
+
+# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: It fix a case when the auto instrumentation fails with annotations set on both namespace and pod with different valid values
+
+# One or more tracking issues related to the change
+issues: [3407]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext:

pkg/instrumentation/annotation.go

@@ -61,6 +61,11 @@ func annotationValue(ns metav1.ObjectMeta, pod metav1.ObjectMeta, annotation str
 		return podAnnValue
 	}
 
+	// if both are 'true' or a defined instance-name, pod takes precedence
+	if !strings.EqualFold(nsAnnValue, "false") && !strings.EqualFold(podAnnValue, "false") {
+		return podAnnValue
+	}
+
 	// by now, the pod annotation is 'true', and the namespace annotation is either true or an instance name
 	// so, the namespace annotation can be used
 	return nsAnnValue

pkg/instrumentation/annotation_test.go

@@ -39,7 +39,7 @@ func TestEffectiveAnnotationValue(t *testing.T) {
 
 		{
 			"ns-has-concrete-instance",
-			"some-instance",
+			"true",
 			corev1.Pod{
 				ObjectMeta: metav1.ObjectMeta{
 					Annotations: map[string]string{

tests/e2e-instrumentation/instrumentation-dotnet-multiannotation/00-install-collector.yaml

@@ -0,0 +1,31 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: my-other-dotnet-ns
+  annotations:
+    instrumentation.opentelemetry.io/inject-sdk: "true"
+---
+apiVersion: opentelemetry.io/v1alpha1
+kind: OpenTelemetryCollector
+metadata:
+  name: sidecar
+  namespace: my-other-dotnet-ns
+spec:
+  config: |
+    receivers:
+      otlp:
+        protocols:
+          grpc:
+          http:
+    processors:
+
+    exporters:
+      debug:
+
+    service:
+      pipelines:
+        traces:
+          receivers: [otlp]
+          exporters: [debug]
+  mode: sidecar

tests/e2e-instrumentation/instrumentation-dotnet-multiannotation/00-install-instrumentation.yaml

@@ -0,0 +1,28 @@
+---
+apiVersion: opentelemetry.io/v1alpha1
+kind: Instrumentation
+metadata:
+  name: dotnet-multi
+  namespace: my-other-dotnet-ns
+spec:
+  env:
+    - name: OTEL_TRACES_EXPORTER
+      value: otlp
+    - name: OTEL_EXPORTER_OTLP_ENDPOINT
+      value: http://localhost:4317
+    - name: OTEL_EXPORTER_OTLP_TIMEOUT
+      value: "20"
+    - name: OTEL_TRACES_SAMPLER
+      value: parentbased_traceidratio
+    - name: OTEL_TRACES_SAMPLER_ARG
+      value: "0.85"
+    - name: SPLUNK_TRACE_RESPONSE_HEADER_ENABLED
+      value: "true"
+  exporter:
+    endpoint: http://localhost:4317
+  propagators:
+    - jaeger
+    - b3multi
+  sampler:
+    type: parentbased_traceidratio
+    argument: "0.25"

tests/e2e-instrumentation/instrumentation-dotnet-multiannotation/01-assert.yaml

@@ -0,0 +1,86 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  namespace: my-other-dotnet-ns
+  annotations:
+    instrumentation.opentelemetry.io/inject-dotnet: "true"
+    sidecar.opentelemetry.io/inject: "true"
+  labels:
+    app: my-dotnet
+spec:
+  containers:
+  - env:
+    - name: OTEL_NODE_IP
+      valueFrom:
+        fieldRef:
+          fieldPath: status.hostIP
+    - name: OTEL_POD_IP
+      valueFrom:
+        fieldRef:
+          fieldPath: status.podIP
+    - name: ASPNETCORE_URLS
+      value: http://+:8080
+    - name: CORECLR_ENABLE_PROFILING
+      value: "1"
+    - name: CORECLR_PROFILER
+      value: '{918728DD-259F-4A6A-AC2B-B85E1B658318}'
+    - name: CORECLR_PROFILER_PATH
+      value: /otel-auto-instrumentation-dotnet/linux-x64/OpenTelemetry.AutoInstrumentation.Native.so
+    - name: DOTNET_STARTUP_HOOKS
+      value: /otel-auto-instrumentation-dotnet/net/OpenTelemetry.AutoInstrumentation.StartupHook.dll
+    - name: DOTNET_ADDITIONAL_DEPS
+      value: /otel-auto-instrumentation-dotnet/AdditionalDeps
+    - name: OTEL_DOTNET_AUTO_HOME
+      value: /otel-auto-instrumentation-dotnet
+    - name: DOTNET_SHARED_STORE
+      value: /otel-auto-instrumentation-dotnet/store
+    - name: OTEL_TRACES_EXPORTER
+      value: otlp
+    - name: OTEL_EXPORTER_OTLP_ENDPOINT
+      value: http://localhost:4317
+    - name: OTEL_EXPORTER_OTLP_TIMEOUT
+      value: "20"
+    - name: OTEL_TRACES_SAMPLER
+      value: parentbased_traceidratio
+    - name: OTEL_TRACES_SAMPLER_ARG
+      value: "0.85"
+    - name: SPLUNK_TRACE_RESPONSE_HEADER_ENABLED
+      value: "true"
+    - name: OTEL_SERVICE_NAME
+      value: my-dotnet
+    - name: OTEL_RESOURCE_ATTRIBUTES_POD_NAME
+      valueFrom:
+        fieldRef:
+          apiVersion: v1
+          fieldPath: metadata.name
+    - name: OTEL_RESOURCE_ATTRIBUTES_NODE_NAME
+      valueFrom:
+        fieldRef:
+          apiVersion: v1
+          fieldPath: spec.nodeName
+    - name: OTEL_PROPAGATORS
+      value: jaeger,b3multi
+    - name: OTEL_RESOURCE_ATTRIBUTES
+    name: myapp
+    volumeMounts:
+    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
+      readOnly: true
+    - mountPath: /otel-auto-instrumentation-dotnet
+      name: opentelemetry-auto-instrumentation-dotnet
+  - args:
+    - --config=env:OTEL_CONFIG
+    name: otc-container
+  initContainers:
+  - name: opentelemetry-auto-instrumentation-dotnet
+status:
+  containerStatuses:
+  - name: myapp
+    ready: true
+    started: true
+  - name: otc-container
+    ready: true
+    started: true
+  initContainerStatuses:
+  - name: opentelemetry-auto-instrumentation-dotnet
+    ready: true
+  phase: Running

tests/e2e-instrumentation/instrumentation-dotnet-multiannotation/01-install-app.yaml

@@ -0,0 +1,32 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: my-dotnet
+  namespace: my-other-dotnet-ns
+spec:
+  selector:
+    matchLabels:
+      app: my-dotnet
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: my-dotnet
+      annotations:
+        sidecar.opentelemetry.io/inject: "true"
+        instrumentation.opentelemetry.io/inject-dotnet: "true"
+    spec:
+      securityContext:
+        runAsUser: 1000
+        runAsGroup: 3000
+        fsGroup: 3000
+      containers:
+      - name: myapp
+        image: ghcr.io/open-telemetry/opentelemetry-operator/e2e-test-app-dotnet:main
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop: ["ALL"]
+        env:
+        - name: ASPNETCORE_URLS
+          value: "http://+:8080"

tests/e2e-instrumentation/instrumentation-dotnet-multiannotation/02-assert.yaml

@@ -0,0 +1,59 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  namespace: my-other-dotnet-ns
+  annotations:
+    instrumentation.opentelemetry.io/inject-sdk: "true"
+    sidecar.opentelemetry.io/inject: "true"
+  labels:
+    app: my-sdk
+spec:
+  containers:
+  - env:
+    - name: OTEL_NODE_IP
+      valueFrom:
+        fieldRef:
+          fieldPath: status.hostIP
+    - name: OTEL_POD_IP
+      valueFrom:
+        fieldRef:
+          fieldPath: status.podIP
+    - name: SPLUNK_TRACE_RESPONSE_HEADER_ENABLED
+      value: "true"
+    - name: OTEL_SERVICE_NAME
+      value: my-sdk
+    - name: OTEL_EXPORTER_OTLP_ENDPOINT
+      value: http://localhost:4317
+    - name: OTEL_RESOURCE_ATTRIBUTES_POD_NAME
+      valueFrom:
+        fieldRef:
+          apiVersion: v1
+          fieldPath: metadata.name
+    - name: OTEL_RESOURCE_ATTRIBUTES_NODE_NAME
+      valueFrom:
+        fieldRef:
+          apiVersion: v1
+          fieldPath: spec.nodeName
+    - name: OTEL_PROPAGATORS
+      value: jaeger,b3
+    - name: OTEL_TRACES_SAMPLER
+      value: parentbased_traceidratio
+    - name: OTEL_TRACES_SAMPLER_ARG
+      value: "0.25"
+    - name: OTEL_RESOURCE_ATTRIBUTES
+    name: myapp
+    volumeMounts:
+    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
+      readOnly: true
+  - args:
+    - --config=env:OTEL_CONFIG
+    name: otc-container
+status:
+  containerStatuses:
+  - name: myapp
+    ready: true
+    started: true
+  - name: otc-container
+    ready: true
+    started: true
+  phase: Running

tests/e2e-instrumentation/instrumentation-dotnet-multiannotation/02-install-app.yaml

@@ -0,0 +1,24 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: my-sdk
+  namespace: my-other-dotnet-ns
+spec:
+  selector:
+    matchLabels:
+      app: my-sdk
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: my-sdk
+      annotations:
+        sidecar.opentelemetry.io/inject: "true"
+    spec:
+      securityContext:
+        runAsUser: 1000
+        runAsGroup: 3000
+        fsGroup: 3000
+      containers:
+      - name: myapp
+        image: ghcr.io/open-telemetry/opentelemetry-operator/e2e-test-app-python:main

tests/e2e-instrumentation/instrumentation-dotnet-multiannotation/chainsaw-test.yaml

@@ -0,0 +1,49 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/kyverno/chainsaw/main/.schemas/json/test-chainsaw-v1alpha1.json
+apiVersion: chainsaw.kyverno.io/v1alpha1
+kind: Test
+metadata:
+  creationTimestamp: null
+  name: instrumentation-dotnet-multiannotation
+spec:
+  steps:
+  - name: step-00
+    try:
+    # In OpenShift, when a namespace is created, all necessary SCC annotations are automatically added. However, if a namespace is created using a resource file with only selected SCCs, the other auto-added SCCs are not included. Therefore, the UID-range and supplemental groups SCC annotations must be set after the namespace is created.
+    - command:
+        entrypoint: kubectl
+        args:
+        - annotate
+        - namespace
+        - ${NAMESPACE}
+        - openshift.io/sa.scc.uid-range=1000/1000
+        - --overwrite
+    - command:
+        entrypoint: kubectl
+        args:
+        - annotate
+        - namespace
+        - ${NAMESPACE}
+        - openshift.io/sa.scc.supplemental-groups=3000/3000
+        - --overwrite
+    - apply:
+        file: 00-install-collector.yaml
+    - apply:
+        file: 00-install-instrumentation.yaml
+  - name: step-01
+    try:
+    - apply:
+        file: 01-install-app.yaml
+    - assert:
+        file: 01-assert.yaml
+    catch:
+      - podLogs:
+          selector: app=my-dotnet
+  - name: step-02
+    try:
+    - apply:
+        file: 02-install-app.yaml
+    - assert:
+        file: 02-assert.yaml
+    catch:
+      - podLogs:
+          selector: app=my-sdk