Merge branch 'main' into TA-update-configs-to-enable-mtls

Author: ItielOlenick

.chloggen/3090-enable-multiinstrumentation-by-default.yaml

@@ -0,0 +1,30 @@
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: 'breaking'
+
+# The name of the component, or a single word describing the area of concern, (e.g. collector, target allocator, auto-instrumentation, opamp, github action)
+component: auto-instrumentation
+
+# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: Enable multi instrumentation by default.
+
+# One or more tracking issues related to the change
+issues: [3090]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext: |
+  Starting with this release, the OpenTelemetry Operator now enables multi-instrumentation by default.
+  This enhancement allows instrumentation of multiple containers in a pod with language-specific configurations.|
+  Key Changes:
+    - Single Instrumentation (Default Behavior): If no container names are specified using the
+      `instrumentation.opentelemetry.io/container-names` annotation, instrumentation will be applied to the first container in
+      the pod spec by default. This only applies when single instrumentation injection is configured.
+    - Multi-Container Pods: In scenarios where different containers in a pod use distinct technologies, users must specify the
+      container(s) for instrumentation using language-specific annotations. Without this specification, the default behavior may
+      not work as expected for multi-container environments.
+  Compatibility:
+    - Users already utilizing the `instrumentation.opentelemetry.io/container-names` annotation do not need to take any action.
+      Their existing setup will continue to function as before.
+    - Important: Users who attempt to configure both `instrumentation.opentelemetry.io/container-names` and language-specific annotations
+      (for multi-instrumentation) simultaneously will encounter an error, as this configuration is not supported.

.chloggen/3149-add-must-gather.yaml

@@ -0,0 +1,25 @@
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: enhancement
+
+# The name of the component, or a single word describing the area of concern, (e.g. collector, target allocator, auto-instrumentation, opamp, github action)
+component: auto-instrumentation, collector
+
+# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: "Add a must gather utility to help troubleshoot"
+
+# One or more tracking issues related to the change
+issues: [3149]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext: |
+  The new utility is available as part of a new container image.
+
+  To use the image in a running OpenShift cluster, you need to run the following command:
+
+  ```sh
+  oc adm must-gather --image=ghcr.io/open-telemetry/opentelemetry-operator/must-gather -- /usr/bin/must-gather --operator-namespace opentelemetry-operator-system
+  ```
+
+  See the [README](https://github.com/open-telemetry/opentelemetry-operator/blob/main/cmd/gather/README.md) for more details.

.chloggen/container-names.yaml

@@ -0,0 +1,16 @@
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: bug_fix
+
+# The name of the component, or a single word describing the area of concern, (e.g. collector, target allocator, auto-instrumentation, opamp, github action)
+component: auto-instrumentation
+
+# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: Fix ApacheHttpd, Nginx and SDK injectors to honour their container-names annotations.
+
+# One or more tracking issues related to the change
+issues: [3313]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext: This is a breaking change if anyone is accidentally using the enablement flag with container names for these 3 injectors.

.chloggen/fips.yaml

@@ -0,0 +1,19 @@
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: enhancement
+
+# The name of the component, or a single word describing the area of concern, (e.g. collector, target allocator, auto-instrumentation, opamp, github action)
+component: collector
+
+# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: Add flag to disable components when operator runs on FIPS enabled cluster.
+
+# One or more tracking issues related to the change
+issues: [3315]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext: |
+  Flag `--fips-disabled-components=receiver.otlp,exporter.otlp,processor.batch,extension.oidc` can be used to disable
+  components when operator runs on FIPS enabled cluster. The operator uses `/proc/sys/crypto/fips_enabled` to check
+  if FIPS is enabled.

.chloggen/improve-probe-parsing.yaml

@@ -0,0 +1,16 @@
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: enhancement
+
+# The name of the component, or a single word describing the area of concern, (e.g. collector, target allocator, auto-instrumentation, opamp, github action)
+component: collector
+
+# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: Improves healthcheck parsing capabilities, allowing for future extensions to configure a healthcheck other than the v1 healthcheck extension.
+
+# One or more tracking issues related to the change
+issues: [3184]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext:

.chloggen/resource-attribute-from-annotations.yaml

@@ -0,0 +1,24 @@
+change_type: enhancement
+
+component: auto-instrumentation
+
+note: Add support for k8s labels such as app.kubernetes.io/name for resource attributes
+
+issues: [3112]
+
+subtext: |
+  You can opt-in as follows:
+  ```yaml
+  apiVersion: opentelemetry.io/v1alpha1
+  kind: Instrumentation
+  metadata:
+    name: my-instrumentation
+  spec:
+    defaults:
+      useLabelsForResourceAttributes: true
+  ```
+  The following labels are supported:
+    - `app.kubernetes.io/name` becomes `service.name`
+    - `app.kubernetes.io/version` becomes `service.version`
+    - `app.kubernetes.io/part-of` becomes `service.namespace`
+    - `app.kubernetes.io/instance` becomes `service.instance.id`

.github/workflows/e2e.yaml

@@ -39,7 +39,7 @@ jobs:
          - group: e2e-instrumentation
            setup: "add-instrumentation-params prepare-e2e"
          - group: e2e-multi-instrumentation
-           setup: "add-multi-instrumentation-params prepare-e2e"
+           setup: "add-instrumentation-params prepare-e2e"
          - group: e2e-metadata-filters
            setup: "add-operator-arg OPERATOR_ARG='--annotations-filter=.*filter.out --annotations-filter=config.*.gke.io.* --labels-filter=.*filter.out' prepare-e2e"
          - group: e2e-ta-collector-mtls
@@ -60,7 +60,7 @@ jobs:
         path: bin
         key: ${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('Makefile') }}-${{ steps.setup-go.outputs.go-version }}
     - name: Install chainsaw
-      uses: kyverno/[email protected].10
+      uses: kyverno/[email protected].11
     - name: Install tools
       run: make install-tools
     - name: Prepare e2e tests

.github/workflows/publish-must-gather.yaml

@@ -0,0 +1,86 @@
+name: "Publish must-gather image"
+
+on:
+  push:
+    branches: [ main ]
+    tags: [ 'v*' ]
+
+  workflow_dispatch:
+
+env:
+  PLATFORMS: linux/amd64,linux/arm64,linux/s390x,linux/ppc64le
+
+jobs:
+  publish:
+    name: Publish must-gather container image
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-go@v5
+        with:
+          go-version: '~1.22.4'
+
+      - name: Unshallow
+        run: git fetch --prune --unshallow
+
+      - name: Build the binary for each supported architecture
+        run: |
+          for platform in $(echo $PLATFORMS | tr "," "\n"); do
+            arch=${platform#*/}
+            echo "Building must-gather for $arch"
+            make must-gather ARCH=$arch
+          done
+
+      - name: Docker meta
+        id: docker_meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ghcr.io/open-telemetry/opentelemetry-operator/must-gather
+          tags: |
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{raw}}
+            type=ref,event=branch
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Cache Docker layers
+        uses: actions/cache@v4
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-
+
+      - name: Log into Docker.io
+        uses: docker/login-action@v3
+        if: ${{ github.event_name == 'push' }}
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Login to GitHub Package Registry
+        uses: docker/login-action@v3
+        if: ${{ github.event_name == 'push' }}
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push must-gather image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ./cmd/gather/Dockerfile
+          platforms: ${{ env.PLATFORMS }}
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.docker_meta.outputs.tags }}
+          labels: ${{ steps.docker_meta.outputs.labels }}
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache

Makefile

@@ -38,6 +38,8 @@ OPERATOROPAMPBRIDGE_IMG ?= ${IMG_PREFIX}/${OPERATOROPAMPBRIDGE_IMG_REPO}:$(addpr
 BRIDGETESTSERVER_IMG_REPO ?= e2e-test-app-bridge-server
 BRIDGETESTSERVER_IMG ?= ${IMG_PREFIX}/${BRIDGETESTSERVER_IMG_REPO}:ve2e
 
+MUSTGATHER_IMG ?= ${IMG_PREFIX}/must-gather
+
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
 ifeq (,$(shell go env GOBIN))
 GOBIN=$(shell go env GOPATH)/bin
@@ -143,6 +145,10 @@ ci: generate fmt vet test ensure-generate-is-noop
 manager: generate
 	CGO_ENABLED=0 GOOS=$(GOOS) GOARCH=$(ARCH) go build -o bin/manager_${ARCH} -ldflags "${COMMON_LDFLAGS} ${OPERATOR_LDFLAGS}" main.go
 
+.PHONY: must-gather
+must-gather:
+	CGO_ENABLED=0 GOOS=$(GOOS) GOARCH=$(ARCH) go build -o bin/must-gather_${ARCH} -ldflags "${COMMON_LDFLAGS}" ./cmd/gather/main.go
+
 # Build target allocator binary
 .PHONY: targetallocator
 targetallocator:
@@ -374,6 +380,15 @@ container-bridge-test-server: GOOS = linux
 container-bridge-test-server:
 	docker build --load -t ${BRIDGETESTSERVER_IMG} tests/test-e2e-apps/bridge-server
 
+.PHONY: container-must-gather
+container-must-gather: GOOS = linux
+container-must-gather: must-gather
+	docker build -f cmd/gather/Dockerfile --load -t ${MUSTGATHER_IMG} .
+
+.PHONY: container-must-gather-push
+container-must-gather-push:
+	docker push ${MUSTGATHER_IMG}
+
 .PHONY: start-kind
 start-kind: kind
 ifeq (true,$(START_KIND_CLUSTER))
@@ -400,7 +415,6 @@ else
 	$(MAKE) container-push
 endif
 
-
 .PHONY: load-image-target-allocator
 load-image-target-allocator: container-target-allocator kind
 ifeq (true,$(START_KIND_CLUSTER))

README.md

@@ -717,7 +717,9 @@ spec:
 EOF
 ```
 
-### Setting instrumentation resource attributes via namespace annotations
+## Configure resource attributes
+
+### Configure resource attributes with annotations
 
 This example shows a pod configuration with OpenTelemetry annotations using the `resource.opentelemetry.io/` prefix. These annotations can be used to add resource attributes to data produced by OpenTelemetry instrumentation.
 
@@ -734,7 +736,59 @@ spec:
   containers:
   - name: main-container
     image: your-image:tag
- ```
+```
+
+### Configure resource attributes with labels
+
+You can also use common labels to set resource attributes. 
+
+The following labels are supported:
+- `app.kubernetes.io/name` becomes `service.name`
+- `app.kubernetes.io/version` becomes `service.version`
+- `app.kubernetes.io/part-of` becomes `service.namespace`
+- `app.kubernetes.io/instance` becomes `service.instance.id`
+
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: example-pod
+  labels:
+    app.kubernetes.io/name: "my-service"
+    app.kubernetes.io/version: "1.0.0"
+    app.kubernetes.io/part-of: "shop"
+    app.kubernetes.io/instance: "my-service-123"
+spec:
+  containers:
+  - name: main-container
+    image: your-image:tag
+```
+
+This requires an explicit opt-in as follows:
+
+```yaml
+apiVersion: opentelemetry.io/v1alpha1
+kind: Instrumentation
+metadata:
+  name: my-instrumentation
+spec:
+  defaults:
+    useLabelsForResourceAttributes: true
+```
+
+### Priority for setting resource attributes
+
+The priority for setting resource attributes is as follows (first found wins):
+
+1. Resource attributes set via `OTEL_RESOURCE_ATTRIBUTES` and `OTEL_SERVICE_NAME` environment variables
+2. Resource attributes set via annotations (with the `resource.opentelemetry.io/` prefix)
+3. Resource attributes set via labels (e.g. `app.kubernetes.io/name`) 
+   if the `Instrumentation` CR has defaults.useLabelsForResourceAttributes=true (see above)
+4. Resource attributes calculated from the pod's metadata (e.g. `k8s.pod.name`)
+5. Resource attributes set via the `Instrumentation` CR (in the `spec.resource.resourceAttributes` section)
+
+This priority is applied for each resource attribute separately, so it is possible to set some attributes via 
+annotations and others via labels.
 
 ## Compatibility matrix
 

apis/v1alpha1/instrumentation_types.go

@@ -40,6 +40,9 @@ type InstrumentationSpec struct {
 	// +optional
 	Sampler `json:"sampler,omitempty"`
 
+	// Defaults defines default values for the instrumentation.
+	Defaults Defaults `json:"defaults,omitempty"`
+
 	// Env defines common env vars. There are four layers for env vars' definitions and
 	// the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`.
 	// If the former var had been defined, then the other vars would be ignored.
@@ -114,6 +117,16 @@ type Sampler struct {
 	Argument string `json:"argument,omitempty"`
 }
 
+// Defaults defines default values for the instrumentation.
+type Defaults struct {
+	// UseLabelsForResourceAttributes defines whether to use common labels for resource attributes:
+	//   - `app.kubernetes.io/name` becomes `service.name`
+	//   - `app.kubernetes.io/version` becomes `service.version`
+	//   - `app.kubernetes.io/part-of` becomes `service.namespace`
+	//   - `app.kubernetes.io/instance` becomes `service.instance.id`
+	UseLabelsForResourceAttributes bool `json:"useLabelsForResourceAttributes,omitempty"`
+}
+
 // Java defines Java SDK and instrumentation configuration.
 type Java struct {
 	// Image is a container image with javaagent auto-instrumentation JAR.