diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/defaults/main.yml b/roles/kubernetes-apps/ingress_controller/ingress_nginx/defaults/main.yml index c83c8c3ed..2650136d8 100644 --- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/defaults/main.yml +++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/defaults/main.yml @@ -19,5 +19,6 @@ ingress_nginx_without_class: true ingress_nginx_default: false ingress_nginx_webhook_enabled: false ingress_nginx_webhook_job_ttl: 1800 +ingress_nginx_opentelemetry_enabled: false ingress_nginx_probe_initial_delay_seconds: 10 diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 index 7f419350b..c7657b621 100644 --- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 @@ -23,6 +23,26 @@ spec: spec: serviceAccountName: ingress-nginx terminationGracePeriodSeconds: {{ ingress_nginx_termination_grace_period_seconds }} +{% if ingress_nginx_opentelemetry_enabled %} + initContainers: + - name: opentelemetry + command: + - /init_module + image: {{ ingress_nginx_opentelemetry_image_repo }}:{{ ingress_nginx_opentelemetry_image_tag }} + securityContext: + runAsNonRoot: true + runAsUser: 65532 + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /modules_mount + name: modules +{% endif %} {% if ingress_nginx_host_network %} hostNetwork: true dnsPolicy: ClusterFirstWithHostNet @@ -127,15 +147,27 @@ spec: timeoutSeconds: 5 successThreshold: 1 failureThreshold: 3 -{% if ingress_nginx_webhook_enabled %} +{% if ingress_nginx_webhook_enabled or ingress_nginx_opentelemetry_enabled %} volumeMounts: +{% if ingress_nginx_webhook_enabled %} - mountPath: /usr/local/certificates/ name: webhook-cert readOnly: true {% endif %} -{% if ingress_nginx_webhook_enabled %} +{% if ingress_nginx_opentelemetry_enabled %} + - name: modules + mountPath: /modules_mount +{% endif %} +{% endif %} +{% if ingress_nginx_webhook_enabled or ingress_nginx_opentelemetry_enabled %} volumes: +{% if ingress_nginx_webhook_enabled %} - name: webhook-cert secret: secretName: ingress-nginx-admission {% endif %} +{% if ingress_nginx_opentelemetry_enabled %} + - name: modules + emptyDir: {} +{% endif %} +{% endif %} diff --git a/roles/kubespray-defaults/defaults/main/download.yml b/roles/kubespray-defaults/defaults/main/download.yml index 0e32e843e..eb598c62f 100644 --- a/roles/kubespray-defaults/defaults/main/download.yml +++ b/roles/kubespray-defaults/defaults/main/download.yml @@ -331,7 +331,9 @@ local_path_provisioner_image_repo: "{{ docker_image_repo }}/rancher/local-path-p local_path_provisioner_image_tag: "{{ local_path_provisioner_version }}" ingress_nginx_version: "v1.9.6" ingress_nginx_controller_image_repo: "{{ kube_image_repo }}/ingress-nginx/controller" +ingress_nginx_opentelemetry_image_repo: "{{ kube_image_repo }}/ingress-nginx/opentelemetry" ingress_nginx_controller_image_tag: "{{ ingress_nginx_version }}" +ingress_nginx_opentelemetry_image_tag: "v20230721-3e2062ee5" ingress_nginx_kube_webhook_certgen_image_repo: "{{ kube_image_repo }}/ingress-nginx/kube-webhook-certgen" ingress_nginx_kube_webhook_certgen_image_tag: "v20231011-8b53cabe0" alb_ingress_image_repo: "{{ docker_image_repo }}/amazon/aws-alb-ingress-controller"