From 7863fde552dc7821d96914d88c209aa351b68ccc Mon Sep 17 00:00:00 2001 From: Ugur Can Ozturk <57688057+ugur99@users.noreply.github.com> Date: Thu, 25 Jan 2024 10:24:35 +0100 Subject: [PATCH] [apiserver-kubelet/tracing]: add distributed tracing config variables (#10795) * [apiserver-kubelet/tracing]: add distributed tracing config flags Signed-off-by: Ugur Ozturk * [apiserver-kubelet/tracing]: add distributed tracing config flags - fix Signed-off-by: Ugur Ozturk * [apiserver-kubelet/tracing]: add distributed tracing config flags - fix Signed-off-by: Ugur Ozturk --------- Signed-off-by: Ugur Ozturk --- .../control-plane/defaults/main/main.yml | 5 +++++ .../control-plane/tasks/kubeadm-setup.yml | 14 ++++++++++++++ .../templates/apiserver-tracing.yaml.j2 | 4 ++++ .../templates/kubeadm-config.v1beta3.yaml.j2 | 10 ++++++++++ roles/kubernetes/node/defaults/main.yml | 6 ++++++ .../node/templates/kubelet-config.v1beta1.yaml.j2 | 5 +++++ 6 files changed, 44 insertions(+) create mode 100644 roles/kubernetes/control-plane/templates/apiserver-tracing.yaml.j2 diff --git a/roles/kubernetes/control-plane/defaults/main/main.yml b/roles/kubernetes/control-plane/defaults/main/main.yml index 7c2171327..fd7047767 100644 --- a/roles/kubernetes/control-plane/defaults/main/main.yml +++ b/roles/kubernetes/control-plane/defaults/main/main.yml @@ -235,3 +235,8 @@ kubeadm_upgrade_auto_cert_renewal: true # Bash alias of kubectl to interact with Kubernetes cluster much easier # kubectl_alias: k + +## Enable distributed tracing for kube-apiserver +kube_apiserver_tracing: false +kube_apiserver_tracing_endpoint: 0.0.0.0:4317 +kube_apiserver_tracing_sampling_rate_per_million: 100 diff --git a/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml b/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml index dcad832ba..1f4ff20a3 100644 --- a/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml +++ b/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml @@ -68,6 +68,20 @@ mode: 0640 when: kubernetes_audit_webhook | default(false) +- name: Create apiserver tracing config directory + file: + path: "{{ kube_config_dir }}/tracing" + state: directory + mode: 0640 + when: kube_apiserver_tracing + +- name: Write apiserver tracing config yaml + template: + src: apiserver-tracing.yaml.j2 + dest: "{{ kube_config_dir }}/tracing/apiserver-tracing.yaml" + mode: 0640 + when: kube_apiserver_tracing + # Nginx LB(default), If kubeadm_config_api_fqdn is defined, use other LB by kubeadm controlPlaneEndpoint. - name: Set kubeadm_config_api_fqdn define set_fact: diff --git a/roles/kubernetes/control-plane/templates/apiserver-tracing.yaml.j2 b/roles/kubernetes/control-plane/templates/apiserver-tracing.yaml.j2 new file mode 100644 index 000000000..98decde86 --- /dev/null +++ b/roles/kubernetes/control-plane/templates/apiserver-tracing.yaml.j2 @@ -0,0 +1,4 @@ +apiVersion: apiserver.config.k8s.io/v1beta1 +kind: TracingConfiguration +endpoint: {{ kube_apiserver_tracing_endpoint }} +samplingRatePerMillion: {{ kube_apiserver_tracing_sampling_rate_per_million }} \ No newline at end of file diff --git a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2 b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2 index cbb221823..b11fb3343 100644 --- a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2 +++ b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2 @@ -227,6 +227,9 @@ apiServer: {% if kubelet_rotate_server_certificates %} kubelet-certificate-authority: {{ kube_cert_dir }}/ca.crt {% endif %} +{% if kube_apiserver_tracing %} + tracing-config-file: {{ kube_config_dir }}/tracing/apiserver-tracing.yaml +{% endif %} {% if kubernetes_audit or kube_token_auth | default(true) or kube_webhook_token_auth | default(false) or ( cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "gce"] ) or apiserver_extra_volumes or ssl_ca_dirs | length %} extraVolumes: {% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "gce"] %} @@ -267,6 +270,13 @@ apiServer: readOnly: false pathType: DirectoryOrCreate {% endif %} +{% if kube_apiserver_tracing %} + - name: tracing + hostPath: {{ kube_config_dir }}/tracing + mountPath: {{ kube_config_dir }}/tracing + readOnly: true + pathType: DirectoryOrCreate +{% endif %} {% for volume in apiserver_extra_volumes %} - name: {{ volume.name }} hostPath: {{ volume.hostPath }} diff --git a/roles/kubernetes/node/defaults/main.yml b/roles/kubernetes/node/defaults/main.yml index 643551d9e..b3f8fbf10 100644 --- a/roles/kubernetes/node/defaults/main.yml +++ b/roles/kubernetes/node/defaults/main.yml @@ -253,3 +253,9 @@ kube_proxy_ipvs_modules: conntrack_modules: - nf_conntrack - nf_conntrack_ipv4 + + +## Enable distributed tracing for kubelet +kubelet_tracing: false +kubelet_tracing_endpoint: 0.0.0.0:4317 +kubelet_tracing_sampling_rate_per_million: 100 \ No newline at end of file diff --git a/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2 b/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2 index 1cd00992a..ba90fc9c8 100644 --- a/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2 +++ b/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2 @@ -166,3 +166,8 @@ topologyManagerPolicy: {{ kubelet_topology_manager_policy }} {% if kubelet_topology_manager_scope is defined %} topologyManagerScope: {{ kubelet_topology_manager_scope }} {% endif %} +{% if kubelet_tracing %} +tracing: + endpoint: {{ kubelet_tracing_endpoint }} + samplingRatePerMillion: {{ kubelet_tracing_sampling_rate_per_million }} +{% endif %} \ No newline at end of file