From 8490d3481da0b0665056a3fcdbdb226540f2e72c Mon Sep 17 00:00:00 2001 From: Alexander Schwartz Date: Thu, 15 Aug 2024 15:43:33 +0200 Subject: [PATCH] Using Keycloak's new built-in OTEL tracing (#921) Signed-off-by: Alexander Schwartz --- .../ROOT/pages/customizing-deployment.adoc | 6 +- .../modules/ROOT/pages/util/otel.adoc | 51 +---- provision/aws/efs/.gitignore | 3 - .../aws/efs/aws-efs-csi-driver-operator.yaml | 19 -- .../efs-csi-aws-com-cluster-csi-driver.yaml | 6 - provision/aws/efs/iam-policy.json | 44 ---- provision/aws/rosa_create_cluster.sh | 2 - provision/aws/rosa_delete_cluster.sh | 1 - provision/aws/rosa_efs_create.sh | 195 ------------------ provision/aws/rosa_efs_delete.sh | 118 ----------- provision/aws/rosa_efs_test.sh | 73 ------- provision/minikube/Taskfile.yaml | 8 +- provision/minikube/isup.sh | 10 +- .../minikube/jaeger/deployment-patch.yaml | 21 -- provision/minikube/jaeger/values.yaml | 13 +- .../keycloak/templates/keycloak-monitor.yaml | 14 -- .../minikube/keycloak/templates/keycloak.yaml | 76 ++----- provision/minikube/keycloak/values.yaml | 2 - provision/openshift/Taskfile.yaml | 15 +- provision/rosa-cross-dc/Taskfile.yaml | 15 +- 20 files changed, 58 insertions(+), 634 deletions(-) delete mode 100644 provision/aws/efs/.gitignore delete mode 100644 provision/aws/efs/aws-efs-csi-driver-operator.yaml delete mode 100644 provision/aws/efs/efs-csi-aws-com-cluster-csi-driver.yaml delete mode 100644 provision/aws/efs/iam-policy.json delete mode 100755 provision/aws/rosa_efs_create.sh delete mode 100755 provision/aws/rosa_efs_delete.sh delete mode 100755 provision/aws/rosa_efs_test.sh delete mode 100644 provision/minikube/jaeger/deployment-patch.yaml diff --git a/doc/kubernetes/modules/ROOT/pages/customizing-deployment.adoc b/doc/kubernetes/modules/ROOT/pages/customizing-deployment.adoc index b0f189e96..c835db26d 100644 --- a/doc/kubernetes/modules/ROOT/pages/customizing-deployment.adoc +++ b/doc/kubernetes/modules/ROOT/pages/customizing-deployment.adoc @@ -131,15 +131,15 @@ Default value: `true`. [[KC_OTEL,KC_OTEL]] KC_OTEL:: -If OpenTelemetry should be enabled for Keycloak to collect metrics and traces. +If OpenTelemetry should be enabled for Keycloak to collect traces. + Default value: `false` + Available options: + -- -* `true` -- enable OpenTelemetry. Download the OpenTelemetry Java agent and add it to Keycloak. See xref:util/otel.adoc[] for details. -* `false` -- disable OpenTelemetry. +* `true` -- enable Keycloak's built-in OpenTelemetry tracing. +* `false` -- disable OpenTelemetry tracing. -- [[KC_OTEL_SAMPLING_PERCENTAGE,KC_OTEL_SAMPLING_PERCENTAGE]] diff --git a/doc/kubernetes/modules/ROOT/pages/util/otel.adoc b/doc/kubernetes/modules/ROOT/pages/util/otel.adoc index 4bce92a51..914fd8449 100644 --- a/doc/kubernetes/modules/ROOT/pages/util/otel.adoc +++ b/doc/kubernetes/modules/ROOT/pages/util/otel.adoc @@ -7,10 +7,11 @@ OpenTelemetry provides high-quality, ubiquitous, and portable telemetry to enable effective observability. -This project uses it to collect metrics and traces from Keycloak: +This project uses it to collect traces from Keycloak: * The traces allow insights into Keycloak and break down a request into a tree of internal and database calls. -* The metrics allow durations and response code statistics for each endpoint of Keycloak. + +This uses the built-in OpenTelemetry functionality which is available in Keycloak 26 and later. Visit the https://opentelemetry.io/[OpenTelemetry website] for more information about the tool, and the sections below on how to access and use this information. @@ -21,17 +22,9 @@ It needs to be enabled via the customizing the setting `xref:customizing-deploym Depending on the setting `xref:customizing-deployment.adoc#KC_OTEL_SAMPLING_PERCENTAGE[KC_OTEL_SAMPLING_PERCENTAGE]`, only a percentage of traces might be recorded for performance reasons. -The setup is included in this project's Keycloak helm chart, which includes the following: - -. Download the OpenTelemetry Java agent using an init container to a persistent volume to cache it between runs. - -. Add the agent to the Java options, so it instruments Keycloak's Java classes at startup. - -. Add configuration parameters to expose metrics in the Prometheus format, and send traces to Jaeger for storage and retrieval. - [CAUTION] ==== -Contrary to other setups, this is not using an OpenTelemetry collector, but instead exposes the metrics directly via Prometheus and sends traces directly to Jaeger. +Contrary to other setups, this is not using an OpenTelemetry collector, but instead sends traces directly to Jaeger. ==== image::util/otel-runtime-view.dio.svg[] @@ -70,7 +63,7 @@ image::util/otel-jaeger-search-traces.png[] Once the Java agent is active, it creates trace IDs in all log lines in the MDC (mapped diagnostic context): ==== -\... "mdc":{"trace_flags":"01", "trace_id":"72b9fd1ac7229d417655a9c5e240e23b", "span_id":"6612116ac4f97aaa"} ... +\... "mdc":{"sampled":"true", "trace_id":"72b9fd1ac7229d417655a9c5e240e23b", "span_id":"6612116ac4f97aaa"} ... ==== When searching for logs in Grafana in Loki, there is a link to the connected trace which will then show on the right. @@ -80,37 +73,3 @@ Please note that this will work only on recorded traces which have a `trace_flag [.shadow] .Link from logs to traces image::util/otel-from-log-to-trace.png[] - -== Accessing OpenTelemetry metrics - -xref:util/prometheus.adoc[Prometheus] scrapes the metrics and stored them in its database. -The metrics are then available with the xref:util/grafana.adoc[Grafana UI] (preferred) or the Prometheus UI. - -Use the following query to filter for metrics reported by OpenTelemetry: - ----- -{job='keycloak/keycloak-otel'} ----- - -There are some additional metrics recorded via OpenTelemetry which are not available from the regular Keycloak metrics endpoint: - -`http_server_duration_seconds_bucket`:: For each URL, HTTP method and return code, it records buckets by duration. -Use this information to identify latency percentiles for URLs, and find URLs which return error codes. -+ -==== -http_server_duration_seconds_bucket{otel_scope_name="io.opentelemetry.netty-4.1",otel_scope_version="1.27.0-alpha",http_request_method="GET",http_response_status_code="200",http_route="/health/live",network_protocol_name="http",network_protocol_version="1.1",server_address="10.130.4.106",server_port="8443",url_scheme="https",le="0.01"} 2.0 -==== - -`worker_pool_queue_delay_bucket`:: Delay for executions in the worker pool, bucketed by the delay so tail latencies are available. -+ -==== -worker_pool_queue_delay_bucket{container="keycloak", endpoint="otel-prometheus", instance="172.17.0.8:9464", job="keycloak/keycloak-otel", le="10000.0", namespace="keycloak", otel_scope_name="io.opentelemetry.micrometer-1.5", pod="keycloak-0", pool_name="vert.x-worker-thread", pool_type="worker"} -781 -==== - -`worker_pool_queue_size`:: Current queue for the worker pool. -+ -==== -worker_pool_queue_size{container="keycloak", endpoint="otel-prometheus", instance="172.17.0.8:9464", job="keycloak/keycloak-otel", namespace="keycloak", otel_scope_name="io.opentelemetry.micrometer-1.5", pod="keycloak-0", pool_name="vert.x-internal-blocking", pool_type="worker"} -0 -==== diff --git a/provision/aws/efs/.gitignore b/provision/aws/efs/.gitignore deleted file mode 100644 index 4ba66b0fe..000000000 --- a/provision/aws/efs/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -manifests -ccoctl -iam-trust.json diff --git a/provision/aws/efs/aws-efs-csi-driver-operator.yaml b/provision/aws/efs/aws-efs-csi-driver-operator.yaml deleted file mode 100644 index 05620bb5e..000000000 --- a/provision/aws/efs/aws-efs-csi-driver-operator.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: operators.coreos.com/v1 -kind: OperatorGroup -metadata: - name: openshift-cluster-csi-drivers - namespace: openshift-cluster-csi-drivers ---- -apiVersion: operators.coreos.com/v1alpha1 -kind: Subscription -metadata: - labels: - operators.coreos.com/aws-efs-csi-driver-operator.openshift-cluster-csi-drivers: "" - name: aws-efs-csi-driver-operator - namespace: openshift-cluster-csi-drivers -spec: - channel: stable - installPlanApproval: Automatic - name: aws-efs-csi-driver-operator - source: redhat-operators - sourceNamespace: openshift-marketplace diff --git a/provision/aws/efs/efs-csi-aws-com-cluster-csi-driver.yaml b/provision/aws/efs/efs-csi-aws-com-cluster-csi-driver.yaml deleted file mode 100644 index 7a6399cea..000000000 --- a/provision/aws/efs/efs-csi-aws-com-cluster-csi-driver.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: operator.openshift.io/v1 -kind: ClusterCSIDriver -metadata: - name: efs.csi.aws.com -spec: - managementState: Managed diff --git a/provision/aws/efs/iam-policy.json b/provision/aws/efs/iam-policy.json deleted file mode 100644 index a05a723ad..000000000 --- a/provision/aws/efs/iam-policy.json +++ /dev/null @@ -1,44 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "elasticfilesystem:DescribeMountTargets", - "elasticfilesystem:DescribeAccessPoints", - "elasticfilesystem:DescribeFileSystems", - "elasticfilesystem:ClientMount", - "elasticfilesystem:ClientWrite", - "elasticfilesystem:CreateTags", - "elasticfilesystem:CreateMountTarget", - "elasticfilesystem:DeleteMountTarget", - "elasticfilesystem:DeleteTags", - "elasticfilesystem:TagResource", - "elasticfilesystem:UntagResource" - ], - "Resource": "*" - }, - { - "Effect": "Allow", - "Action": [ - "elasticfilesystem:CreateAccessPoint" - ], - "Resource": "*", - "Condition": { - "StringLike": { - "aws:RequestTag/efs.csi.aws.com/cluster": "true" - } - } - }, - { - "Effect": "Allow", - "Action": "elasticfilesystem:DeleteAccessPoint", - "Resource": "*", - "Condition": { - "StringEquals": { - "aws:ResourceTag/efs.csi.aws.com/cluster": "true" - } - } - } - ] -} diff --git a/provision/aws/rosa_create_cluster.sh b/provision/aws/rosa_create_cluster.sh index e881717a4..97e91bf00 100755 --- a/provision/aws/rosa_create_cluster.sh +++ b/provision/aws/rosa_create_cluster.sh @@ -68,8 +68,6 @@ fi cd ${SCRIPT_DIR} ./rosa_oc_login.sh -# EFS creation disabled due to https://issues.redhat.com/browse/CLOUDDST-22629 -# ./rosa_efs_create.sh ../infinispan/install_operator.sh # cryostat operator depends on certmanager operator diff --git a/provision/aws/rosa_delete_cluster.sh b/provision/aws/rosa_delete_cluster.sh index fef6948db..82561a688 100755 --- a/provision/aws/rosa_delete_cluster.sh +++ b/provision/aws/rosa_delete_cluster.sh @@ -21,7 +21,6 @@ if [ -z "$REGION" ]; then echo "Variable REGION needs to be set."; exit 1; fi # Cleanup might fail if Aurora/EFS hasn't been configured for the cluster. Ignore any failures and continue ./rds/aurora_delete_peering_connection.sh || true -./rosa_efs_delete.sh || true # Explicitly delete OSD Network Verifier that's sometimes created as it prevents VPC being deleted OSD_VERIFIER_SG=$(aws ec2 describe-security-groups \ diff --git a/provision/aws/rosa_efs_create.sh b/provision/aws/rosa_efs_create.sh deleted file mode 100755 index 43e610618..000000000 --- a/provision/aws/rosa_efs_create.sh +++ /dev/null @@ -1,195 +0,0 @@ -#!/usr/bin/env bash -# This automated the setup of EFS as a RWX storage in ROSA. It is based on the following information: -# * https://access.redhat.com/articles/6966373 -# * https://mobb.ninja/docs/rosa/aws-efs/ -# * https://docs.openshift.com/rosa/storage/container_storage_interface/osd-persistent-storage-aws-efs-csi.html - -set -eo pipefail - -if [[ "$RUNNER_DEBUG" == "1" ]]; then - set -x -fi - -if [ -f ./.env ]; then - source ./.env -fi - -AWS_REGION=${REGION} -OIDC_PROVIDER=$(oc get authentication.config.openshift.io cluster -o json \ - | jq -r .spec.serviceAccountIssuer| sed -e "s/^https:\/\///") -AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text) - -cd efs - -echo "Installing EFS CSI driver operator." -oc apply -f aws-efs-csi-driver-operator.yaml - -cat << EOF > iam-trust.json -{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Federated": "arn:aws:iam::${AWS_ACCOUNT_ID}:oidc-provider/${OIDC_PROVIDER}" - }, - "Action": "sts:AssumeRoleWithWebIdentity", - "Condition": { - "StringEquals": { - "${OIDC_PROVIDER}:sub": [ - "system:serviceaccount:openshift-cluster-csi-drivers:aws-efs-csi-driver-operator", - "system:serviceaccount:openshift-cluster-csi-drivers:aws-efs-csi-driver-controller-sa" - ] - } - } - } - ] -} -EOF - -ROLE_NAME="${CLUSTER_NAME}-aws-efs-csi-operator" -ROLE_ARN=$(aws iam get-role \ - --role-name ${ROLE_NAME} \ - --query "Role.Arn" \ - --output text \ - || echo "" -) -if [ -z "${ROLE_ARN}" ]; then - ROLE_ARN=$(aws iam create-role \ - --role-name ${ROLE_NAME} \ - --assume-role-policy-document file://iam-trust.json \ - --query "Role.Arn" \ - --output text - ) - - POLICY_ARN=$(aws iam create-policy \ - --policy-name "${CLUSTER_NAME}-rosa-efs-csi" \ - --policy-document file://iam-policy.json \ - --query 'Policy.Arn' \ - --output text - ) - - aws iam attach-role-policy \ - --role-name ${ROLE_NAME} \ - --policy-arn ${POLICY_ARN} -fi - -cat < .task/subtask-{{.TASK}}-patchfile.yaml - - kubectl patch deployment jaeger -n monitoring --patch-file .task/subtask-{{.TASK}}-patchfile.yaml + - > + helm upgrade --install jaeger jaegertracing/jaeger --version 3.1.2 -n monitoring -f ../minikube/jaeger/values.yaml + --set allInOne.extraEnv[0].value={{.KB_RETENTION}} sources: - jaeger/**/*.* - .task/subtask-{{.TASK}}.yaml diff --git a/provision/minikube/isup.sh b/provision/minikube/isup.sh index f36ef2f90..71710b357 100755 --- a/provision/minikube/isup.sh +++ b/provision/minikube/isup.sh @@ -1,5 +1,9 @@ #!/usr/bin/env bash -# set -x +set -e + +if [[ "$RUNNER_DEBUG" == "1" ]]; then + set -x +fi # when no arguments was given if [ $# -eq 0 ] @@ -53,12 +57,12 @@ for SERVICE in "${!SERVICES[@]}"; do if [ "${SERVICE}" == "jaeger.${HOST}" ] then - until curl -k -f -v https://${SERVICE}/${SERVICES[${SERVICE}]} -o - 2>/dev/null | grep "jaeger-query" >/dev/null 2>/dev/null + until curl -k -f -v https://${SERVICE}/${SERVICES[${SERVICE}]} -o - 2>/dev/null | grep "jaeger-all-in-one" >/dev/null 2>/dev/null do RETRIES=$(($RETRIES - 1)) if [ $RETRIES -eq 0 ] then - echo "Failed to see service jaeger-query in the list of Jaeger services" + echo "Failed to see service jaeger-all-in-one in the list of Jaeger services" exit 1 fi # wait a bit diff --git a/provision/minikube/jaeger/deployment-patch.yaml b/provision/minikube/jaeger/deployment-patch.yaml deleted file mode 100644 index 10b55284b..000000000 --- a/provision/minikube/jaeger/deployment-patch.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# can't configure the storage of traces for badger via the helm chart -spec: - template: - spec: - containers: - - name: jaeger - env: - # https://www.jaegertracing.io/docs/1.35/cli/#jaeger-all-in-one-badger - - name: SPAN_STORAGE_TYPE - value: badger - - name: BADGER_SPAN_STORE_TTL - value: ${KB_RETENTION} - - name: BADGER_EPHEMERAL - value: "false" - volumeMounts: - - name: storage-jaeger - mountPath: /go/bin/data - volumes: - - name: storage-jaeger - persistentVolumeClaim: - claimName: storage-jaeger diff --git a/provision/minikube/jaeger/values.yaml b/provision/minikube/jaeger/values.yaml index 1b599e809..5171e32ea 100644 --- a/provision/minikube/jaeger/values.yaml +++ b/provision/minikube/jaeger/values.yaml @@ -2,8 +2,9 @@ provisionDataStore: cassandra: false allInOne: + image: + registry: "quay.io" enabled: true - tag: 1.36.0 resources: limits: cpu: 500m @@ -11,8 +12,16 @@ allInOne: requests: cpu: 256m memory: 128Mi + extraEnv: + - name: "BADGER_SPAN_STORE_TTL" + value: "24h" storage: - type: none + type: badger + badger: + ephemeral: false + persistence: + mountPath: /go/bin/data + useExistingPvcName: "storage-jaeger" agent: enabled: false collector: diff --git a/provision/minikube/keycloak/templates/keycloak-monitor.yaml b/provision/minikube/keycloak/templates/keycloak-monitor.yaml index 0702bf1cb..41a195eed 100644 --- a/provision/minikube/keycloak/templates/keycloak-monitor.yaml +++ b/provision/minikube/keycloak/templates/keycloak-monitor.yaml @@ -13,18 +13,4 @@ spec: scheme: https tlsConfig: insecureSkipVerify: true ---- -{{ if .Values.otel }} -apiVersion: monitoring.coreos.com/v1 -kind: PodMonitor -metadata: - name: keycloak-otel - namespace: {{ .Values.namespace }} -spec: - selector: - matchLabels: - app: keycloak - podMetricsEndpoints: - - port: otel-prometheus -{{ end }} {{ end }} diff --git a/provision/minikube/keycloak/templates/keycloak.yaml b/provision/minikube/keycloak/templates/keycloak.yaml index b139a1ea5..5d31e37fa 100644 --- a/provision/minikube/keycloak/templates/keycloak.yaml +++ b/provision/minikube/keycloak/templates/keycloak.yaml @@ -77,6 +77,20 @@ spec: # tag::keycloak-ispn[] additionalOptions: # end::keycloak-ispn[] + {{ if .Values.otel }} + - name: tracing-enabled + value: "true" + - name: tracing-endpoint + value: "http://jaeger-collector.monitoring.svc:4317" + - name: tracing-sampler-ratio + value: {{ .Values.otelSamplingPercentage | quote }} + - name: tracing-sampler-type + value: "parentbased_traceidratio" + {{- end }} + {{- if .Values.persistentSessions }} + - name: spi-user-sessions-infinispan-use-caches + value: "false" + {{- end }} - name: http-metrics-histograms-enabled value: 'true' - name: http-metrics-slos @@ -159,25 +173,8 @@ spec: podTemplate: metadata: annotations: - checksum/config: {{ include (print $.Template.BasePath "/keycloak-providers-configmap.yaml") . | sha256sum }}-{{ include (print $.Template.BasePath "/postgres/postgres-deployment.yaml") . | sha256sum }}-{{ .Values.keycloakImage }}-{{ include (print $.Template.BasePath "/keycloak-infinispan-configmap.yaml") . | sha256sum }}-{{ .Values.otelVersion }} + checksum/config: {{ include (print $.Template.BasePath "/keycloak-providers-configmap.yaml") . | sha256sum }}-{{ include (print $.Template.BasePath "/postgres/postgres-deployment.yaml") . | sha256sum }}-{{ .Values.keycloakImage }}-{{ include (print $.Template.BasePath "/keycloak-infinispan-configmap.yaml") . | sha256sum }} spec: - {{ if .Values.otel }} - initContainers: - - name: download-otel - image: registry.access.redhat.com/ubi8/ubi-minimal - command: - - /bin/bash - args: - - -c - # language=bash - - | - if [ ! -e /otel/opentelemetry-javaagent-{{ .Values.otelVersion }}.jar ]; then - curl -f -L https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/download/{{ .Values.otelVersion }}/opentelemetry-javaagent.jar -o /otel/opentelemetry-javaagent-{{ .Values.otelVersion }}.jar - fi - volumeMounts: - - name: otel - mountPath: /otel - {{ end }} containers: - {{ if hasPrefix "localhost/" .Values.keycloakImage }} @@ -197,31 +194,6 @@ spec: name: keycloak-preconfigured-admin key: password optional: false -{{ if .Values.otel }} - # Instrumentation for the HTTP/2 protocol doesn't work yet - no metrics will be available, probably also no tracing - # As a workaround, force downgrade to HTTP/1.1 - # https://github.com/open-telemetry/opentelemetry-java-instrumentation/issues/8927 - - name: QUARKUS_HTTP_HTTP2 - value: 'false' - - name: OTEL_SEMCONV_STABILITY_OPT_IN - value: 'http' - # https://github.com/open-telemetry/opentelemetry-java-instrumentation - # https://github.com/open-telemetry/opentelemetry-java/blob/main/sdk-extensions/autoconfigure/README.md - - name: OTEL_RESOURCE_ATTRIBUTES - value: service.name=keycloak - - name: OTEL_TRACES_EXPORTER - # with otel+tempo 1.4.1 forwarding of traces works, but searching is not returning all values for now, for example delete users was missing - value: jaeger - - name: OTEL_EXPORTER_JAEGER_ENDPOINT - value: http://jaeger-collector.monitoring.svc:14250 - - name: OTEL_TRACES_SAMPLER - value: parentbased_traceidratio # always_on, parentbased_traceidratio, ... - - name: OTEL_TRACES_SAMPLER_ARG - value: {{ .Values.otelSamplingPercentage | quote }} - - name: OTEL_METRICS_EXPORTER - value: prometheus -{{ end }} - # JMX is disabled as it breaks Quarkus configuration. Issue is tracked in https://github.com/keycloak/keycloak-benchmark/issues/840 - name: JAVA_OPTS_APPEND # <5> value: > {{- if not (eq (int .Values.metaspaceInitMB) 96) }} @@ -233,17 +205,9 @@ spec: {{- if .Values.jvmDebug }} -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:8787 {{- end }} -{{- if .Values.otel }} - -javaagent:/otel/opentelemetry-javaagent-{{ .Values.otelVersion }}.jar -{{- end }} {{- if .Values.cryostat }} {{- end }} ports: -{{ if .Values.otel }} - - containerPort: 9464 - protocol: TCP - name: otel-prometheus -{{ end }} {{ if .Values.cryostat }} - containerPort: 9091 protocol: TCP @@ -275,21 +239,11 @@ spec: - name: cache-embedded-mtls-volume mountPath: /etc/cache-embedded-mtls readOnly: true -{{ end }} -{{ if .Values.otel }} - - name: otel - mountPath: /otel - readOnly: true {{ end }} volumes: - name: keycloak-providers configMap: name: keycloak-providers -{{ if .Values.otel }} - - name: otel - persistentVolumeClaim: - claimName: otel -{{ end }} {{ if .Values.infinispan.jgroupsTls }} - name: cache-embedded-mtls-volume secret: diff --git a/provision/minikube/keycloak/values.yaml b/provision/minikube/keycloak/values.yaml index 5d12cffd5..4dec02f0a 100644 --- a/provision/minikube/keycloak/values.yaml +++ b/provision/minikube/keycloak/values.yaml @@ -8,8 +8,6 @@ keycloakHostname: keycloakHealthHostname: monitoring: true otel: false -# https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases -otelVersion: v1.27.0 # 1.0 to sample everything (warning, lots of memory used in Jaeger backend!) otelSamplingPercentage: '0.001' cryostat: true diff --git a/provision/openshift/Taskfile.yaml b/provision/openshift/Taskfile.yaml index 35b9fba4a..8ecfc39ee 100644 --- a/provision/openshift/Taskfile.yaml +++ b/provision/openshift/Taskfile.yaml @@ -116,16 +116,17 @@ tasks: - common:env - openshift-env - grafana-sa - env: - KB_RETENTION: '{{.KB_RETENTION}}' cmds: - helm repo add jaegertracing https://jaegertracing.github.io/helm-charts - helm repo update - - helm upgrade --install jaeger jaegertracing/jaeger --version 0.58.0 -n monitoring -f ../minikube/jaeger/values.yaml - - envsubst < ../minikube/jaeger/deployment-patch.yaml > .task/subtask-{{.TASK}}-patchfile.yaml - - kubectl patch deployment jaeger -n monitoring --patch-file .task/subtask-{{.TASK}}-patchfile.yaml + - > + helm upgrade --install jaeger jaegertracing/jaeger --version 3.1.2 -n monitoring -f ../minikube/jaeger/values.yaml + --set allInOne.podSecurityContext.runAsUser=$(cat .task/monitoring-uids) + --set allInOne.podSecurityContext.runAsGroup=$(cat .task/monitoring-uids) + --set allInOne.podSecurityContext.fsGroup=$(cat .task/monitoring-uids) + --set allInOne.extraEnv[0].value={{.KB_RETENTION}} sources: - - jaeger/**/*.* + - ../minikube/jaeger/**/*.* - .task/subtask-{{.TASK}}.yaml - .task/var-KB_RETENTION - .task/var-KC_HOSTNAME_SUFFIX @@ -182,7 +183,7 @@ tasks: - grafana - jaeger cmds: - - helm upgrade --install monitoring monitoring + - helm upgrade -n monitoring --install monitoring monitoring sources: - monitoring/**/*.* - .task/subtask-{{.TASK}}.yaml diff --git a/provision/rosa-cross-dc/Taskfile.yaml b/provision/rosa-cross-dc/Taskfile.yaml index 6d37100d6..de884f022 100644 --- a/provision/rosa-cross-dc/Taskfile.yaml +++ b/provision/rosa-cross-dc/Taskfile.yaml @@ -576,20 +576,17 @@ tasks: - ROSA_CLUSTER_NAME vars: RETENTION: '{{.RETENTION | default "168h"}}' - JAEGER_VERSION: '{{.JAEGER_VERSION | default "0.58.0"}}' - env: - KB_RETENTION: '{{.RETENTION}}' + JAEGER_VERSION: '{{.JAEGER_VERSION | default "3.1.2"}}' cmds: - > KUBECONFIG="{{.ISPN_DIR}}/.task/kubecfg/{{.ROSA_CLUSTER_NAME}}" helm upgrade --install jaeger jaegertracing/jaeger --version {{.JAEGER_VERSION}} -n monitoring -f "{{.ROOT_DIR}}/../minikube/jaeger/values.yaml" - - envsubst < "{{.ROOT_DIR}}/../minikube/jaeger/deployment-patch.yaml" > .task/jaeger-{{.ROSA_CLUSTER_NAME}}-patchfile.yaml - - > - KUBECONFIG="{{.ISPN_DIR}}/.task/kubecfg/{{.ROSA_CLUSTER_NAME}}" - oc patch deployment jaeger -n monitoring --patch-file .task/jaeger-{{.ROSA_CLUSTER_NAME}}-patchfile.yaml + --set allInOne.podSecurityContext.runAsUser=$(cat .task/monitoring-uids-{{.ROSA_CLUSTER_NAME}}) + --set allInOne.podSecurityContext.runAsGroup=$(cat .task/monitoring-uids-{{.ROSA_CLUSTER_NAME}}) + --set allInOne.podSecurityContext.fsGroup=$(cat .task/monitoring-uids-{{.ROSA_CLUSTER_NAME}}) + --set allInOne.extraEnv[0].value={{.RETENTION}} sources: - - "{{.ROOT_DIR}}/../minikube/jaeger/values.yaml" - - "{{.ROOT_DIR}}/../minikube/jaeger/deployment-patch.yaml" + - "{{.ROOT_DIR}}/../minikube/jaeger/**/*" - "{{.ISPN_DIR}}/.task/kubecfg/{{.ROSA_CLUSTER_NAME}}" install-grafana-charts: