Merge branch 'main' of https://github.com/open-telemetry/opentelemetr…

…y-operator into 2947-updating-ds-sf-depl-mutation

.chloggen/fips.yaml → .chloggen/TA-update-configs-to-enable-mtls.yaml

@@ -2,18 +2,17 @@
 change_type: enhancement
 
 # The name of the component, or a single word describing the area of concern, (e.g. collector, target allocator, auto-instrumentation, opamp, github action)
-component: collector
+component: target allocator, collector
 
 # A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`).
-note: Add flag to disable components when operator runs on FIPS enabled cluster.
+note: "Enable mTLS between the TA and collector for passing secrets in the scrape_config securely"
 
 # One or more tracking issues related to the change
-issues: [3315]
+issues: [1669]
 
 # (Optional) One or more lines of additional information to render under the primary note.
 # These lines will be padded with 2 spaces and then inserted directly into the document.
 # Use pipe (|) for multiline entries.
 subtext: |
-  Flag `--fips-disabled-components=receiver.otlp,exporter.otlp,processor.batch,extension.oidc` can be used to disable
-  components when operator runs on FIPS enabled cluster. The operator uses `/proc/sys/crypto/fips_enabled` to check
-  if FIPS is enabled.
+  This change enables mTLS between the collector and the target allocator (requires cert-manager).
+  This is necessary for passing secrets securely from the TA to the collector for scraping endpoints that have authentication.

.github/workflows/e2e.yaml

@@ -34,13 +34,16 @@ jobs:
          - e2e-upgrade
          - e2e-multi-instrumentation
          - e2e-metadata-filters
+         - e2e-ta-collector-mtls
        include:
          - group: e2e-instrumentation
            setup: "add-instrumentation-params prepare-e2e"
          - group: e2e-multi-instrumentation
            setup: "add-instrumentation-params prepare-e2e"
          - group: e2e-metadata-filters
            setup: "add-operator-arg OPERATOR_ARG='--annotations-filter=.*filter.out --annotations-filter=config.*.gke.io.* --labels-filter=.*filter.out' prepare-e2e"
+         - group: e2e-ta-collector-mtls
+           setup: "add-operator-arg OPERATOR_ARG='--feature-gates=operator.targetallocator.mtls' add-certmanager-permissions prepare-e2e"
          - group: e2e-automatic-rbac
            setup: "add-rbac-permissions-to-operator prepare-e2e"
     steps:
@@ -57,7 +60,7 @@ jobs:
         path: bin
         key: ${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('Makefile') }}-${{ steps.setup-go.outputs.go-version }}
     - name: Install chainsaw
-      uses: kyverno/[email protected].10
+      uses: kyverno/[email protected].11
     - name: Install tools
       run: make install-tools
     - name: Prepare e2e tests

.github/workflows/publish-must-gather.yaml

@@ -0,0 +1,86 @@
+name: "Publish must-gather image"
+
+on:
+  push:
+    branches: [ main ]
+    tags: [ 'v*' ]
+
+  workflow_dispatch:
+
+env:
+  PLATFORMS: linux/amd64,linux/arm64,linux/s390x,linux/ppc64le
+
+jobs:
+  publish:
+    name: Publish must-gather container image
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-go@v5
+        with:
+          go-version: '~1.22.4'
+
+      - name: Unshallow
+        run: git fetch --prune --unshallow
+
+      - name: Build the binary for each supported architecture
+        run: |
+          for platform in $(echo $PLATFORMS | tr "," "\n"); do
+            arch=${platform#*/}
+            echo "Building must-gather for $arch"
+            make must-gather ARCH=$arch
+          done
+
+      - name: Docker meta
+        id: docker_meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ghcr.io/open-telemetry/opentelemetry-operator/must-gather
+          tags: |
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{raw}}
+            type=ref,event=branch
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Cache Docker layers
+        uses: actions/cache@v4
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-
+
+      - name: Log into Docker.io
+        uses: docker/login-action@v3
+        if: ${{ github.event_name == 'push' }}
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Login to GitHub Package Registry
+        uses: docker/login-action@v3
+        if: ${{ github.event_name == 'push' }}
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push must-gather image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ./cmd/gather/Dockerfile
+          platforms: ${{ env.PLATFORMS }}
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.docker_meta.outputs.tags }}
+          labels: ${{ steps.docker_meta.outputs.labels }}
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache

.gitignore

@@ -1,4 +1,3 @@
-
 # Binaries for programs and plugins
 *.exe
 *.exe~
@@ -39,8 +38,9 @@ config/manager/kustomization.yaml
 kubeconfig
 tests/_build/
 config/rbac/extra-permissions-operator/
+config/rbac/certmanager-permissions/
 
 # autoinstrumentation artifacts
 build
 node_modules
-package-lock.json
+package-lock.json

CHANGELOG.md

@@ -2,6 +2,115 @@
 
 <!-- next version -->
 
+## 0.110.0
+
+### 🛑 Breaking changes 🛑
+
+- `auto-instrumentation`: Enable multi instrumentation by default. (#3090)
+
+  Starting with this release, the OpenTelemetry Operator now enables multi-instrumentation by default.
+  This enhancement allows instrumentation of multiple containers in a pod with language-specific configurations.
+
+  Key Changes:
+    - Single Instrumentation (Default Behavior): If no container names are specified using the
+      `instrumentation.opentelemetry.io/container-names` annotation, instrumentation will be applied to the first container in
+      the pod spec by default. This only applies when single instrumentation injection is configured.
+    - Multi-Container Pods: In scenarios where different containers in a pod use distinct technologies, users must specify the
+      container(s) for instrumentation using language-specific annotations. Without this specification, the default behavior may
+      not work as expected for multi-container environments.
+
+  Compatibility:
+    - Users already utilizing the `instrumentation.opentelemetry.io/container-names` annotation do not need to take any action.
+      Their existing setup will continue to function as before.
+    - Important: Users who attempt to configure both `instrumentation.opentelemetry.io/container-names` and language-specific annotations
+      (for multi-instrumentation) simultaneously will encounter an error, as this configuration is not supported.
+
+- `collector`: Remove ComponentUseLocalHostAsDefaultHost collector feature gate. (#3306)
+
+  This change may break setups where receiver endpoints are not explicitly configured to listen on e.g. 0.0.0.0.
+  Change \#3333 attempts to address this issue for a known set of components.
+  The operator performs the adjustment for the following receivers:
+  - otlp
+  - skywalking
+  - jaeger
+  - loki
+  - opencensus
+  - zipkin
+  - tcplog
+  - udplog
+  - fluentforward
+  - statsd
+  - awsxray/UDP
+  - carbon
+  - collectd
+  - sapm
+  - signalfx
+  - splunk_hec
+  - wavefront
+
+
+### 💡 Enhancements 💡
+
+- `auto-instrumentation, collector`: Add a must gather utility to help troubleshoot (#3149)
+
+  The new utility is available as part of a new container image.
+
+  To use the image in a running OpenShift cluster, you need to run the following command:
+
+  ```sh
+  oc adm must-gather --image=ghcr.io/open-telemetry/opentelemetry-operator/must-gather -- /usr/bin/must-gather --operator-namespace opentelemetry-operator-system
+  ```
+
+  See the [README](https://github.com/open-telemetry/opentelemetry-operator/blob/main/cmd/gather/README.md) for more details.
+
+- `collector`: set default address for all parsed receivers (#3126)
+
+  This feature is enabled by default. It can be disabled by specifying
+  `--feature-gates=-operator.collector.default.config`.
+- `operator`: Use 0.0.0.0 as otlp receiver default address (#3126)
+- `collector`: Add flag to disable components when operator runs on FIPS enabled cluster. (#3315)
+  Flag `--fips-disabled-components=receiver.otlp,exporter.otlp,processor.batch,extension.oidc` can be used to disable
+  components when operator runs on FIPS enabled cluster. The operator uses `/proc/sys/crypto/fips_enabled` to check
+  if FIPS is enabled.
+
+- `collector`: Improves healthcheck parsing capabilities, allowing for future extensions to configure a healthcheck other than the v1 healthcheck extension. (#3184)
+- `auto-instrumentation`: Add support for k8s labels such as app.kubernetes.io/name for resource attributes (#3112)
+
+  You can opt-in as follows:
+  ```yaml
+  apiVersion: opentelemetry.io/v1alpha1
+  kind: Instrumentation
+  metadata:
+    name: my-instrumentation
+  spec:
+    defaults:
+      useLabelsForResourceAttributes: true
+  ```
+  The following labels are supported:
+    - `app.kubernetes.io/name` becomes `service.name`
+    - `app.kubernetes.io/version` becomes `service.version`
+    - `app.kubernetes.io/part-of` becomes `service.namespace`
+    - `app.kubernetes.io/instance` becomes `service.instance.id`
+
+
+### 🧰 Bug fixes 🧰
+
+- `auto-instrumentation`: Fix ApacheHttpd, Nginx and SDK injectors to honour their container-names annotations. (#3313)
+
+  This is a breaking change if anyone is accidentally using the enablement flag with container names for these 3 injectors.
+
+### Components
+
+* [OpenTelemetry Collector - v0.110.0](https://github.com/open-telemetry/opentelemetry-collector/releases/tag/v0.110.0)
+* [OpenTelemetry Contrib - v0.110.0](https://github.com/open-telemetry/opentelemetry-collector-contrib/releases/tag/v0.110.0)
+* [Java auto-instrumentation - v1.33.5](https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/tag/v1.33.5)
+* [.NET auto-instrumentation - v1.2.0](https://github.com/open-telemetry/opentelemetry-dotnet-instrumentation/releases/tag/v1.2.0)
+* [Node.JS - v0.52.1](https://github.com/open-telemetry/opentelemetry-js/releases/tag/experimental%2Fv0.52.1)
+* [Python - v0.48b0](https://github.com/open-telemetry/opentelemetry-python-contrib/releases/tag/v0.48b0)
+* [Go - v0.14.0-alpha](https://github.com/open-telemetry/opentelemetry-go-instrumentation/releases/tag/v0.14.0-alpha)
+* [ApacheHTTPD - 1.0.4](https://github.com/open-telemetry/opentelemetry-cpp-contrib/releases/tag/webserver%2Fv1.0.4)
+* [Nginx - 1.0.4](https://github.com/open-telemetry/opentelemetry-cpp-contrib/releases/tag/webserver%2Fv1.0.4)
+
 ## 0.109.0
 
 ### 🚩 Deprecations 🚩