Fix

Signed-off-by: Pavol Loffay <[email protected]>

Author: pavolloffay

apis/v1alpha1/instrumentation_types.go

@@ -108,11 +108,16 @@ type Exporter struct {
 
 // TLS defines TLS configuration for exporter.
 type TLS struct {
-	// SecretName defines a secret name that will be used to configure TLS on the exporter.
+	// SecretName defines secret name that will be used to configure TLS on the exporter.
 	// It is user responsibility to create the secret in the namespace of the workload.
 	// The secret should contain keys ca.crt, tls.key, tls.crt
 	SecretName string `json:"secretName,omitempty"`
-	// CA defines the key of certificate in the secret or absolute path to a certificate.
+
+	// ConfigMapName defines configmap name with CA certificate. If it is not defined CA certificate will be
+	// used from the secret defined in SecretName.
+	ConfigMapName string `json:"configMapName,omitempty"`
+
+	// CA defines the key of certificate in the configmap map, secret or absolute path to a certificate.
 	// The absolute path can be used when certificate is already present on the workload filesystem e.g.
 	// /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt
 	CA string `json:"ca,omitempty"`

config/crd/bases/opentelemetry.io_instrumentations.yaml

@@ -413,6 +413,8 @@ spec:
                         type: string
                       cert:
                         type: string
+                      configMapName:
+                        type: string
                       key:
                         type: string
                       secretName:

config/manager/kustomization.yaml

@@ -1,2 +1,8 @@
 resources:
 - manager.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+images:
+- name: controller
+  newName: docker.io/pavolloffay/opentelemetry-operator
+  newTag: dev-0dde4db3-1728483172

pkg/instrumentation/exporter.go

@@ -0,0 +1,150 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package instrumentation
+
+import (
+	"fmt"
+	"github.com/open-telemetry/opentelemetry-operator/internal/naming"
+	"path/filepath"
+
+	corev1 "k8s.io/api/core/v1"
+
+	"github.com/open-telemetry/opentelemetry-operator/apis/v1alpha1"
+	"github.com/open-telemetry/opentelemetry-operator/pkg/constants"
+)
+
+func configureExporter(exporter v1alpha1.Exporter, pod *corev1.Pod, container *corev1.Container) {
+	if exporter.Endpoint != "" {
+		if getIndexOfEnv(container.Env, constants.EnvOTELExporterOTLPEndpoint) == -1 {
+			container.Env = append(container.Env, corev1.EnvVar{
+				Name:  constants.EnvOTELExporterOTLPEndpoint,
+				Value: exporter.Endpoint,
+			})
+		}
+	}
+	if exporter.TLS == nil {
+		return
+	}
+	// the name cannot be longer than 63 characters
+	secretVolumeName := naming.Truncate("%s-secret-%s", 63, volumeName, exporter.TLS.SecretName)
+	secretMountPath := fmt.Sprintf("/otel-auto-instrumentation-secret-%s", exporter.TLS.SecretName)
+	configMapVolumeName := naming.Truncate("%s-configmap-%s", 63, volumeName, exporter.TLS.ConfigMapName)
+	configMapMountPath := fmt.Sprintf("/otel-auto-instrumentation-configmap-%s", exporter.TLS.ConfigMapName)
+
+	if exporter.TLS.CA != "" {
+		mountPath := secretMountPath
+		if exporter.TLS.ConfigMapName != "" {
+			mountPath = configMapMountPath
+		}
+		envVarVal := fmt.Sprintf("%s/%s", mountPath, exporter.TLS.CA)
+		if filepath.IsAbs(exporter.TLS.CA) {
+			envVarVal = exporter.TLS.CA
+		}
+		if getIndexOfEnv(container.Env, constants.EnvOTELExporterCertificate) == -1 {
+			container.Env = append(container.Env, corev1.EnvVar{
+				Name:  constants.EnvOTELExporterCertificate,
+				Value: envVarVal,
+			})
+		}
+	}
+	if exporter.TLS.Cert != "" {
+		envVarVal := fmt.Sprintf("%s/%s", secretMountPath, exporter.TLS.Cert)
+		if filepath.IsAbs(exporter.TLS.Cert) {
+			envVarVal = exporter.TLS.Cert
+		}
+		if getIndexOfEnv(container.Env, constants.EnvOTELExporterClientCertificate) == -1 {
+			container.Env = append(container.Env, corev1.EnvVar{
+				Name:  constants.EnvOTELExporterClientCertificate,
+				Value: envVarVal,
+			})
+		}
+	}
+	if exporter.TLS.Key != "" {
+		envVarVar := fmt.Sprintf("%s/%s", secretMountPath, exporter.TLS.Key)
+		if filepath.IsAbs(exporter.TLS.Key) {
+			envVarVar = exporter.TLS.Key
+		}
+		if getIndexOfEnv(container.Env, constants.EnvOTELExporterClientKey) == -1 {
+			container.Env = append(container.Env, corev1.EnvVar{
+				Name:  constants.EnvOTELExporterClientKey,
+				Value: envVarVar,
+			})
+		}
+	}
+
+	if exporter.TLS.SecretName != "" {
+		addVolume := true
+		for _, vol := range pod.Spec.Volumes {
+			if vol.Name == secretVolumeName {
+				addVolume = false
+			}
+		}
+		if addVolume {
+			pod.Spec.Volumes = append(pod.Spec.Volumes, corev1.Volume{
+				Name: secretVolumeName,
+				VolumeSource: corev1.VolumeSource{
+					Secret: &corev1.SecretVolumeSource{
+						SecretName: exporter.TLS.SecretName,
+					},
+				}})
+		}
+		addVolumeMount := true
+		for _, vol := range container.VolumeMounts {
+			if vol.Name == secretVolumeName {
+				addVolumeMount = false
+			}
+		}
+		if addVolumeMount {
+			container.VolumeMounts = append(container.VolumeMounts, corev1.VolumeMount{
+				Name:      secretVolumeName,
+				MountPath: secretMountPath,
+				ReadOnly:  true,
+			})
+		}
+	}
+
+	if exporter.TLS.ConfigMapName != "" {
+		addVolume := true
+		for _, vol := range pod.Spec.Volumes {
+			if vol.Name == configMapVolumeName {
+				addVolume = false
+			}
+		}
+		if addVolume {
+			pod.Spec.Volumes = append(pod.Spec.Volumes, corev1.Volume{
+				Name: configMapVolumeName,
+				VolumeSource: corev1.VolumeSource{
+					ConfigMap: &corev1.ConfigMapVolumeSource{
+						LocalObjectReference: corev1.LocalObjectReference{
+							Name: exporter.TLS.ConfigMapName,
+						},
+					},
+				}})
+		}
+		addVolumeMount := true
+		for _, vol := range container.VolumeMounts {
+			if vol.Name == configMapVolumeName {
+				addVolumeMount = false
+			}
+		}
+		if addVolumeMount {
+			container.VolumeMounts = append(container.VolumeMounts, corev1.VolumeMount{
+				Name:      configMapVolumeName,
+				MountPath: configMapMountPath,
+				ReadOnly:  true,
+			})
+		}
+	}
+}

pkg/instrumentation/exporter_test.go

@@ -0,0 +1,209 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package instrumentation
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	corev1 "k8s.io/api/core/v1"
+
+	"github.com/open-telemetry/opentelemetry-operator/apis/v1alpha1"
+)
+
+func TestExporter(t *testing.T) {
+	tests := []struct {
+		name     string
+		exporter v1alpha1.Exporter
+		expected corev1.Pod
+	}{
+		{
+			name: "ca, crt and key from secret",
+			exporter: v1alpha1.Exporter{
+				Endpoint: "http://collector:4318",
+				TLS: &v1alpha1.TLS{
+					SecretName: "my-certs",
+					CA:         "ca.crt",
+					Cert:       "cert.crt",
+					Key:        "key.key",
+				},
+			},
+			expected: corev1.Pod{
+				Spec: corev1.PodSpec{
+					Volumes: []corev1.Volume{
+						{
+							Name: "opentelemetry-auto-instrumentation-secret-my-certs",
+							VolumeSource: corev1.VolumeSource{
+								Secret: &corev1.SecretVolumeSource{
+									SecretName: "my-certs",
+								},
+							},
+						},
+					},
+					Containers: []corev1.Container{
+						{
+							VolumeMounts: []corev1.VolumeMount{
+								{
+									Name:      "opentelemetry-auto-instrumentation-secret-my-certs",
+									ReadOnly:  true,
+									MountPath: "/otel-auto-instrumentation-secret-my-certs",
+								},
+							},
+							Env: []corev1.EnvVar{
+								{
+									Name:  "OTEL_EXPORTER_OTLP_ENDPOINT",
+									Value: "http://collector:4318",
+								},
+								{
+									Name:  "OTEL_EXPORTER_OTLP_CERTIFICATE",
+									Value: "/otel-auto-instrumentation-secret-my-certs/ca.crt",
+								},
+								{
+									Name:  "OTEL_EXPORTER_OTLP_CLIENT_CERTIFICATE",
+									Value: "/otel-auto-instrumentation-secret-my-certs/cert.crt",
+								},
+								{
+									Name:  "OTEL_EXPORTER_OTLP_CLIENT_KEY",
+									Value: "/otel-auto-instrumentation-secret-my-certs/key.key",
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+		{
+			name: "crt and key from secret and ca from configmap",
+			exporter: v1alpha1.Exporter{
+				Endpoint: "http://collector:4318",
+				TLS: &v1alpha1.TLS{
+					SecretName:    "my-certs",
+					ConfigMapName: "ca-bundle",
+					CA:            "ca.crt",
+					Cert:          "cert.crt",
+					Key:           "key.key",
+				},
+			},
+			expected: corev1.Pod{
+				Spec: corev1.PodSpec{
+					Volumes: []corev1.Volume{
+						{
+							Name: "opentelemetry-auto-instrumentation-secret-my-certs",
+							VolumeSource: corev1.VolumeSource{
+								Secret: &corev1.SecretVolumeSource{
+									SecretName: "my-certs",
+								},
+							},
+						},
+						{
+							Name: "opentelemetry-auto-instrumentation-configmap-ca-bundle",
+							VolumeSource: corev1.VolumeSource{
+								ConfigMap: &corev1.ConfigMapVolumeSource{
+									LocalObjectReference: corev1.LocalObjectReference{
+										Name: "ca-bundle",
+									},
+								},
+							},
+						},
+					},
+					Containers: []corev1.Container{
+						{
+							VolumeMounts: []corev1.VolumeMount{
+								{
+									Name:      "opentelemetry-auto-instrumentation-secret-my-certs",
+									ReadOnly:  true,
+									MountPath: "/otel-auto-instrumentation-secret-my-certs",
+								},
+								{
+									Name:      "opentelemetry-auto-instrumentation-configmap-ca-bundle",
+									ReadOnly:  true,
+									MountPath: "/otel-auto-instrumentation-configmap-ca-bundle",
+								},
+							},
+							Env: []corev1.EnvVar{
+								{
+									Name:  "OTEL_EXPORTER_OTLP_ENDPOINT",
+									Value: "http://collector:4318",
+								},
+								{
+									Name:  "OTEL_EXPORTER_OTLP_CERTIFICATE",
+									Value: "/otel-auto-instrumentation-configmap-ca-bundle/ca.crt",
+								},
+								{
+									Name:  "OTEL_EXPORTER_OTLP_CLIENT_CERTIFICATE",
+									Value: "/otel-auto-instrumentation-secret-my-certs/cert.crt",
+								},
+								{
+									Name:  "OTEL_EXPORTER_OTLP_CLIENT_KEY",
+									Value: "/otel-auto-instrumentation-secret-my-certs/key.key",
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+		{
+			name: "ca, crt key absolute paths",
+			exporter: v1alpha1.Exporter{
+				Endpoint: "http://collector:4318",
+				TLS: &v1alpha1.TLS{
+					CA:   "/ca.crt",
+					Cert: "/cert.crt",
+					Key:  "/key.key",
+				},
+			},
+			expected: corev1.Pod{
+				Spec: corev1.PodSpec{
+					Containers: []corev1.Container{
+						{
+							Env: []corev1.EnvVar{
+								{
+									Name:  "OTEL_EXPORTER_OTLP_ENDPOINT",
+									Value: "http://collector:4318",
+								},
+								{
+									Name:  "OTEL_EXPORTER_OTLP_CERTIFICATE",
+									Value: "/ca.crt",
+								},
+								{
+									Name:  "OTEL_EXPORTER_OTLP_CLIENT_CERTIFICATE",
+									Value: "/cert.crt",
+								},
+								{
+									Name:  "OTEL_EXPORTER_OTLP_CLIENT_KEY",
+									Value: "/key.key",
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+	}
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			pod := corev1.Pod{
+				Spec: corev1.PodSpec{
+					Containers: []corev1.Container{
+						{},
+					},
+				},
+			}
+			configureExporter(test.exporter, &pod, &pod.Spec.Containers[0])
+			assert.Equal(t, test.expected, pod)
+		})
+	}
+}