add k8s files

2024-12-10 09:50:58 +02:00 · 2020-05-14 11:11:51 +02:00 · 2020-05-14 11:11:51 +02:00 · e9f185c396
commit e9f185c396
parent 46477e2fa4
11 changed files with 10305 additions and 4 deletions
--- a/example/otel-collector/Makefile
+++ b/example/otel-collector/Makefile
@ -0,0 +1,34 @@
+create-k8s-namespace:
+	k apply -f k8s/namespace.yaml
+
+jaeger-operator-k8s:
+	# Create the jaeger operator and necessary artifacts in ns observability
+	kubectl apply -f k8s/jaeger/jaegertracing.io_jaegers_crd.yaml
+	kubectl apply -f k8s/jaeger/jaeger_service_account.yaml
+	kubectl apply -f k8s/jaeger/jaeger_role.yaml
+	kubectl apply -f k8s/jaeger/jaeger_role_binding.yaml
+	kubectl apply -f k8s/jaeger/jaeger_operator.yaml
+
+	# Create the cluster role & bindings
+	kubectl apply -f k8s/jaeger/jaeger_cluster_role.yaml
+	kubectl apply -f k8s/jaeger/jaeger_cluster_role_binding.yaml
+
+jaeger-k8s:
+	kubectl apply -f k8s/jaeger/jaeger.yaml
+
+otel-collector-k8s:
+	kubectl apply -f k8s/otel-collector.yaml
+
+clean-k8s:
+	kubectl delete -f k8s/otel-collector.yaml
+
+	kubectl delete -f k8s/jaeger/jaeger.yaml
+
+	kubectl delete -f k8s/jaeger/jaeger_cluster_role.yaml
+	kubectl delete -f k8s/jaeger/jaeger_cluster_role_binding.yaml
+	
+	kubectl delete -f k8s/jaeger/jaegertracing.io_jaegers_crd.yaml
+	kubectl delete -f k8s/jaeger/jaeger_service_account.yaml
+	kubectl delete -f k8s/jaeger/jaeger_role.yaml
+	kubectl delete -f k8s/jaeger/jaeger_role_binding.yaml
+	kubectl delete -f k8s/jaeger/jaeger_operator.yaml
--- a/example/otel-collector/k8s/jaeger/jaeger.yaml
+++ b/example/otel-collector/k8s/jaeger/jaeger.yaml
@ -0,0 +1,5 @@
+apiVersion: jaegertracing.io/v1
+kind: Jaeger
+metadata:
+  name: jaeger
+  namespace: observability
--- a/example/otel-collector/k8s/jaeger/jaeger_cluster_role.yaml
+++ b/example/otel-collector/k8s/jaeger/jaeger_cluster_role.yaml
@ -0,0 +1,189 @@
+## When using the operator in cluster-wide mode, this ClusterRole has to be created and bound to the jaeger-operator service account,
+## so that the operator can watch and create resources in every namespace in the cluster.
+## An alternative to this cluster role is to create one role binding for each namespace that the operator should watch
+## in that case, don't forget to add a comma-separated list of namespaces as WATCH_NAMESPACE in the operator's deployment.
+## Further down in this file there's another set of rules, with extra optional permissions
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: jaeger-operator
+rules:
+
+## our own custom resources
+- apiGroups:
+  - jaegertracing.io
+  resources:
+  - '*'
+  verbs:
+  - 'get'
+  - 'list'
+  - 'create'
+  - 'update'
+  - 'delete'
+  - 'watch'
+
+## for the operator's own deployment
+- apiGroups:
+  - apps
+  resourceNames:
+  - jaeger-operator
+  resources:
+  - deployments/finalizers
+  verbs:
+  - update
+
+## regular things the operator manages for an instance, as the result of processing CRs
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  - persistentvolumeclaims
+  - pods
+  - secrets
+  - serviceaccounts
+  - services
+  - services/finalizers
+  verbs:
+  - 'get'
+  - 'list'
+  - 'create'
+  - 'update'
+  - 'delete'
+  - 'watch'
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  - daemonsets
+  - replicasets
+  - statefulsets
+  verbs:
+  - 'get'
+  - 'list'
+  - 'create'
+  - 'update'
+  - 'delete'
+  - 'watch'
+- apiGroups:
+  - extensions
+  resources:
+  - ingresses
+  verbs:
+  - 'get'
+  - 'list'
+  - 'create'
+  - 'update'
+  - 'delete'
+  - 'watch'
+- apiGroups:
+  - batch
+  resources:
+  - jobs
+  - cronjobs
+  verbs:
+  - 'get'
+  - 'list'
+  - 'create'
+  - 'update'
+  - 'delete'
+  - 'watch'
+- apiGroups:
+  - route.openshift.io
+  resources:
+  - routes
+  verbs:
+  - 'get'
+  - 'list'
+  - 'create'
+  - 'update'
+  - 'delete'
+  - 'watch'
+- apiGroups:
+  - autoscaling
+  resources:
+  - horizontalpodautoscalers
+  verbs:
+  - 'get'
+  - 'list'
+  - 'create'
+  - 'update'
+  - 'delete'
+  - 'watch'
+
+## needed if you want the operator to create service monitors for the Jaeger instances
+- apiGroups:
+  - monitoring.coreos.com
+  resources:
+  - servicemonitors
+  verbs:
+  - 'get'
+  - 'list'
+  - 'create'
+  - 'update'
+  - 'delete'
+  - 'watch'
+
+## for the Elasticsearch auto-provisioning
+- apiGroups:
+  - logging.openshift.io
+  resources:
+  - elasticsearches
+  verbs:
+  - 'get'
+  - 'list'
+  - 'create'
+  - 'update'
+  - 'delete'
+  - 'watch'
+
+## for the Kafka auto-provisioning
+- apiGroups:
+  - kafka.strimzi.io
+  resources:
+  - kafkas
+  - kafkausers
+  verbs:
+  - 'get'
+  - 'list'
+  - 'create'
+  - 'update'
+  - 'delete'
+  - 'watch'
+
+## Extra permissions
+## This is an extra set of permissions that the Jaeger Operator might make use of if granted
+
+## needed if support for injecting sidecars based on namespace annotation is required
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - 'get'
+  - 'list'
+  - 'watch'
+
+## needed if support for injecting sidecars based on deployment annotation is required, across all namespaces
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  verbs:
+  - 'get'
+  - 'list'
+  - 'create'
+  - 'update'
+  - 'watch'
+
+## needed only when .Spec.Ingress.Openshift.DelegateUrls is used
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - clusterrolebindings
+  verbs:
+  - 'get'
+  - 'list'
+  - 'create'
+  - 'update'
+  - 'delete'
+  - 'watch'
--- a/example/otel-collector/k8s/jaeger/jaeger_cluster_role_binding.yaml
+++ b/example/otel-collector/k8s/jaeger/jaeger_cluster_role_binding.yaml
@ -0,0 +1,12 @@
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: jaeger-operator
+subjects:
+- kind: ServiceAccount
+  name: jaeger-operator
+  namespace: "observability" # change to point to the namespace you installed your operator
+roleRef:
+  kind: ClusterRole
+  name: jaeger-operator
+  apiGroup: rbac.authorization.k8s.io
--- a/example/otel-collector/k8s/jaeger/jaeger_operator.yaml
+++ b/example/otel-collector/k8s/jaeger/jaeger_operator.yaml
@ -0,0 +1,39 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: jaeger-operator
+  namespace: observability
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      name: jaeger-operator
+  template:
+    metadata:
+      labels:
+        name: jaeger-operator
+    spec:
+      serviceAccountName: jaeger-operator
+      containers:
+      - name: jaeger-operator
+        image: jaegertracing/jaeger-operator:1.17.1
+        ports:
+        - containerPort: 8383
+          name: metrics
+        args: ["start"]
+        imagePullPolicy: Always
+        env:
+        - name: WATCH_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: OPERATOR_NAME
+          value: "jaeger-operator"
--- a/example/otel-collector/k8s/jaeger/jaeger_role.yaml
+++ b/example/otel-collector/k8s/jaeger/jaeger_role.yaml
@ -0,0 +1,159 @@
+## this is a set of basic permissions the Jaeger Operator needs when restricted to work in specific namespaces
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: jaeger-operator
+  namespace: observability
+rules:
+
+## our own custom resources
+- apiGroups:
+  - jaegertracing.io
+  resources:
+  - '*'
+  verbs:
+  - 'get'
+  - 'list'
+  - 'create'
+  - 'update'
+  - 'delete'
+  - 'watch'
+
+## for the operator's own deployment
+- apiGroups:
+  - apps
+  resourceNames:
+  - jaeger-operator
+  resources:
+  - deployments/finalizers
+  verbs:
+  - update
+
+## regular things the operator manages for an instance, as the result of processing CRs
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  - persistentvolumeclaims
+  - pods
+  - secrets
+  - serviceaccounts
+  - services
+  - services/finalizers
+  verbs:
+  - 'get'
+  - 'list'
+  - 'create'
+  - 'update'
+  - 'delete'
+  - 'watch'
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  - daemonsets
+  - replicasets
+  - statefulsets
+  verbs:
+  - 'get'
+  - 'list'
+  - 'create'
+  - 'update'
+  - 'delete'
+  - 'watch'
+- apiGroups:
+  - extensions
+  resources:
+  - ingresses
+  verbs:
+  - 'get'
+  - 'list'
+  - 'create'
+  - 'update'
+  - 'delete'
+  - 'watch'
+- apiGroups:
+  - batch
+  resources:
+  - jobs
+  - cronjobs
+  verbs:
+  - 'get'
+  - 'list'
+  - 'create'
+  - 'update'
+  - 'delete'
+  - 'watch'
+- apiGroups:
+  - route.openshift.io
+  resources:
+  - routes
+  verbs:
+  - 'get'
+  - 'list'
+  - 'create'
+  - 'update'
+  - 'delete'
+  - 'watch'
+- apiGroups:
+  - image.openshift.io
+  resources:
+  - imagestreams
+  verbs:
+  - 'get'
+  - 'list'
+  - 'create'
+  - 'update'
+  - 'delete'
+  - 'watch'
+- apiGroups:
+  - autoscaling
+  resources:
+  - horizontalpodautoscalers
+  verbs:
+  - 'get'
+  - 'list'
+  - 'create'
+  - 'update'
+  - 'delete'
+  - 'watch'
+
+## needed if you want the operator to create service monitors for the Jaeger instances
+- apiGroups:
+  - monitoring.coreos.com
+  resources:
+  - servicemonitors
+  verbs:
+  - 'get'
+  - 'list'
+  - 'create'
+  - 'update'
+  - 'delete'
+  - 'watch'
+
+## for the Elasticsearch auto-provisioning
+- apiGroups:
+  - logging.openshift.io
+  resources:
+  - elasticsearches
+  verbs:
+  - 'get'
+  - 'list'
+  - 'create'
+  - 'update'
+  - 'delete'
+  - 'watch'
+
+## for the Kafka auto-provisioning
+- apiGroups:
+  - kafka.strimzi.io
+  resources:
+  - kafkas
+  - kafkausers
+  verbs:
+  - 'get'
+  - 'list'
+  - 'create'
+  - 'update'
+  - 'delete'
+  - 'watch'
--- a/example/otel-collector/k8s/jaeger/jaeger_role_binding.yaml
+++ b/example/otel-collector/k8s/jaeger/jaeger_role_binding.yaml
@ -0,0 +1,12 @@
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: jaeger-operator
+  namespace: observability
+subjects:
+- kind: ServiceAccount
+  name: jaeger-operator
+roleRef:
+  kind: Role
+  name: jaeger-operator
+  apiGroup: rbac.authorization.k8s.io
--- a/example/otel-collector/k8s/jaeger/jaeger_service_account.yaml
+++ b/example/otel-collector/k8s/jaeger/jaeger_service_account.yaml
@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: observability
+  name: jaeger-operator
--- a/example/otel-collector/k8s/jaeger/jaegertracing.io_jaegers_crd.yaml
+++ b/example/otel-collector/k8s/jaeger/jaegertracing.io_jaegers_crd.yaml
--- a/example/otel-collector/k8s/namespace.yaml
+++ b/example/otel-collector/k8s/namespace.yaml
@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: observability
--- a/example/otel-collector/k8s/otel-collector.yaml
+++ b/example/otel-collector/k8s/otel-collector.yaml
@ -2,6 +2,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
  name: otel-collector-conf
+  namespace: observability
  labels:
    app: opentelemetry
    component: otel-collector-conf
@ -17,7 +18,7 @@ data:
    exporters:
      jaeger:
        # Replace with a real endpoint.
-        endpoint: "simplest-collector.default.svc.cluster.local:14250"
+        endpoint: "jaeger-collector.observability.svc.cluster.local:14250"
    service:
      extensions: [health_check]
      pipelines:
@ -30,15 +31,20 @@ apiVersion: v1
 kind: Service
 metadata:
  name: otel-collector
+  namespace: observability
  labels:
-    app: opencensus
+    app: opentelemetry
    component: otel-collector
 spec:
  ports:
-  - name: otlp # Default endpoint for Opencensus receiver.
-    port: 55680
+  - name: otlp # Default endpoint for otlp receiver.
+    port: 8889
    protocol: TCP
    targetPort: 55680
+  - name: metrics # Default endpoint for metrics.
+    port: 8888
+    protocol: TCP
+    targetPort: 8888
  selector:
    component: otel-collector
 ---
@ -46,6 +52,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: otel-collector
+  namespace: observability
  labels:
    app: opentelemetry
    component: otel-collector