Merge branch 'main' into instr-vol

.chloggen/TA-update-configs-to-enable-mtls.yaml → .chloggen/3305-persistentVolumeClaimRetentionPolicy.yaml

@@ -2,17 +2,15 @@
 change_type: enhancement
 
 # The name of the component, or a single word describing the area of concern, (e.g. collector, target allocator, auto-instrumentation, opamp, github action)
-component: target allocator, collector
+component: collector
 
 # A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`).
-note: "Enable mTLS between the TA and collector for passing secrets in the scrape_config securely"
+note: "Add support for persistentVolumeClaimRetentionPolicy field"
 
 # One or more tracking issues related to the change
-issues: [1669]
+issues: [3305]
 
 # (Optional) One or more lines of additional information to render under the primary note.
 # These lines will be padded with 2 spaces and then inserted directly into the document.
 # Use pipe (|) for multiline entries.
-subtext: |
-  This change enables mTLS between the collector and the target allocator (requires cert-manager).
-  This is necessary for passing secrets securely from the TA to the collector for scraping endpoints that have authentication.
+subtext:

.chloggen/fix_validation-stabilizationWindowSeconds.yaml → .chloggen/nodejs-ibm-platforms.yaml

@@ -1,18 +1,16 @@
 # One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
-change_type: bug_fix
+change_type: enhancement
 
 # The name of the component, or a single word describing the area of concern, (e.g. collector, target allocator, auto-instrumentation, opamp, github action)
-component: collector-webhook
+component: auto-instrumentation
 
 # A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`).
-note: "Fixed validation of `stabilizationWindowSeconds` in autoscaler behaviour"
+note: Add Nodejs auto-instrumentation image builds for linux/s390x,linux/ppc64le.
 
 # One or more tracking issues related to the change
-issues: [3345]
+issues: [3322]
 
 # (Optional) One or more lines of additional information to render under the primary note.
 # These lines will be padded with 2 spaces and then inserted directly into the document.
 # Use pipe (|) for multiline entries.
-subtext: |
-  The validation of `stabilizationWindowSeconds` in the `autoscaler.behaviour.scale[Up|Down]` incorrectly rejected 0 as an invalid value.
-  This has been fixed to ensure that the value is validated correctly (should be >=0 and <=3600) and the error messsage has been updated to reflect this.
+subtext:

.github/workflows/e2e.yaml

@@ -46,6 +46,9 @@ jobs:
            setup: "add-operator-arg OPERATOR_ARG='--feature-gates=operator.targetallocator.mtls' add-certmanager-permissions prepare-e2e"
          - group: e2e-automatic-rbac
            setup: "add-rbac-permissions-to-operator prepare-e2e"
+         - group: e2e-native-sidecar
+           setup: "add-operator-arg OPERATOR_ARG='--feature-gates=operator.sidecarcontainers.native' prepare-e2e"
+           kube-version: "1.29"
     steps:
     - name: Check out code into the Go module directory
       uses: actions/checkout@v4
@@ -59,8 +62,6 @@ jobs:
       with:
         path: bin
         key: ${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('Makefile') }}-${{ steps.setup-go.outputs.go-version }}
-    - name: Install chainsaw
-      uses: kyverno/[email protected]
     - name: Install tools
       run: make install-tools
     - name: Prepare e2e tests

.github/workflows/publish-autoinstrumentation-nodejs.yaml

@@ -71,7 +71,7 @@ jobs:
         uses: docker/build-push-action@v6
         with:
           context: autoinstrumentation/nodejs
-          platforms: linux/amd64,linux/arm64
+          platforms: linux/amd64,linux/arm64,linux/s390x,linux/ppc64le
           push: ${{ github.event_name == 'push' }}
           build-args: version=${{ env.VERSION }}
           tags: ${{ steps.meta.outputs.tags }}

.github/workflows/reusable-operator-hub-release.yaml

@@ -56,7 +56,7 @@ jobs:
         env:
           VERSION: ${{ env.version }}
         run: |
-          mkdir operators/opentelemetry-operator/${VERSION} 
+          mkdir operators/opentelemetry-operator/${VERSION}
           cp -R ./tmp/bundle/${{ inputs.folder }}/* operators/opentelemetry-operator/${VERSION}
           rm -rf ./tmp
 
@@ -73,7 +73,7 @@ jobs:
           message="Update the opentelemetry to $VERSION"
           body="Release opentelemetry-operator \`$VERSION\`.
 
-          cc @pavolloffay @frzifus @yuriolisa @jaronoff97 @TylerHelmuth @swiatekm
+          cc @pavolloffay @frzifus @yuriolisa @jaronoff97 @TylerHelmuth @swiatekm @iblancasa
           "
           branch="update-opentelemetry-operator-to-${VERSION}"
 

CHANGELOG.md

@@ -2,6 +2,73 @@
 
 <!-- next version -->
 
+## 0.111.0
+
+### 💡 Enhancements 💡
+
+- `auto-instrumentation`: set OTEL_LOGS_EXPORTER env var to otlp in python instrumentation (#3330)
+
+- `collector`: Expose the Collector telemetry endpoint by default. (#3361)
+
+  The collector v0.111.0 changes the default binding of the telemetry metrics endpoint from `0.0.0.0` to `localhost`.
+  To avoid any disruption we fallback to `0.0.0.0:{PORT}` as default address.
+  Details can be found here: [opentelemetry-collector#11251](https://github.com/open-telemetry/opentelemetry-collector/pull/11251)
+
+
+- `auto-instrumentation`: Add support for specifying exporter TLS certificates in auto-instrumentation. (#3338)
+
+  Now Instrumentation CR supports specifying TLS certificates for exporter:
+  ```yaml
+  spec:
+    exporter:
+      endpoint: https://otel-collector:4317
+      tls:
+        secretName: otel-tls-certs
+        configMapName: otel-ca-bundle
+        # otel-ca-bundle
+        ca_file: ca.crt
+        # present in otel-tls-certs
+        cert_file: tls.crt
+        # present in otel-tls-certs
+        key_file: tls.key
+  ```
+
+  * Propagating secrets across namespaces can be done with https://github.com/EmberStack/kubernetes-reflector or https://github.com/zakkg3/ClusterSecret
+  * Restarting workloads on certificate renewal can be done with https://github.com/stakater/Reloader or https://github.com/wave-k8s/wave
+
+- `collector`: Add native sidecar injection behind a feature gate which is disabled by default. (#2376)
+
+  Native sidecars are supported since Kubernetes version `1.28` and are availabe by default since `1.29`.
+  To use native sidecars on Kubernetes v1.28 make sure the "SidecarContainers" feature gate on kubernetes is enabled.
+  If native sidecars are available, the operator can be advised to use them by adding
+  the `--feature-gates=operator.sidecarcontainers.native` to the Operator args.
+  In the future this may will become availabe as deployment mode on the Collector CR. See [#3356](https://github.com/open-telemetry/opentelemetry-operator/issues/3356)
+
+- `target allocator, collector`: Enable mTLS between the TA and collector for passing secrets in the scrape_config securely (#1669)
+
+  This change enables mTLS between the collector and the target allocator (requires cert-manager).
+  This is necessary for passing secrets securely from the TA to the collector for scraping endpoints that have authentication. Use the `operator.targetallocator.mtls` to enable this feature. See the target allocator [documentation](https://github.com/open-telemetry/opentelemetry-operator/tree/main/cmd/otel-allocator#service--pod-monitor-endpoint-credentials) for more details.
+
+### 🧰 Bug fixes 🧰
+
+- `collector-webhook`: Fixed validation of `stabilizationWindowSeconds` in autoscaler behaviour (#3345)
+
+  The validation of `stabilizationWindowSeconds` in the `autoscaler.behaviour.scale[Up|Down]` incorrectly rejected 0 as an invalid value.
+  This has been fixed to ensure that the value is validated correctly (should be >=0 and <=3600) and the error messsage has been updated to reflect this.
+
+### Components
+
+* [OpenTelemetry Collector - v0.111.0](https://github.com/open-telemetry/opentelemetry-collector/releases/tag/v0.111.0)
+* [OpenTelemetry Contrib - v0.111.0](https://github.com/open-telemetry/opentelemetry-collector-contrib/releases/tag/v0.111.0)
+* [Java auto-instrumentation - v1.33.5](https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/tag/v1.33.5)
+* [.NET auto-instrumentation - v1.2.0](https://github.com/open-telemetry/opentelemetry-dotnet-instrumentation/releases/tag/v1.2.0)
+* [Node.JS - v0.53.0](https://github.com/open-telemetry/opentelemetry-js/releases/tag/experimental%2Fv0.53.0)
+* [Python - v0.48b0](https://github.com/open-telemetry/opentelemetry-python-contrib/releases/tag/v0.48b0)
+* [Go - v0.15.0-alpha](https://github.com/open-telemetry/opentelemetry-go-instrumentation/releases/tag/v0.15.0-alpha)
+* [ApacheHTTPD - 1.0.4](https://github.com/open-telemetry/opentelemetry-cpp-contrib/releases/tag/webserver%2Fv1.0.4)
+* [Nginx - 1.0.4](https://github.com/open-telemetry/opentelemetry-cpp-contrib/releases/tag/webserver%2Fv1.0.4)
+
+
 ## 0.110.0
 
 ### 🛑 Breaking changes 🛑

Makefile

@@ -267,6 +267,13 @@ generate: controller-gen
 e2e: chainsaw
 	$(CHAINSAW) test --test-dir ./tests/e2e
 
+# e2e-native-sidecar
+# NOTE: make sure the k8s featuregate "SidecarContainers" is set to true.
+# NOTE: make sure the operator featuregate "operator.sidecarcontainers.native" is enabled.
+.PHONY: e2e-native-sidecar
+e2e-native-sidecar: chainsaw
+	$(CHAINSAW) test --test-dir ./tests/e2e-native-sidecar
+
 # end-to-end-test for testing automatic RBAC creation
 .PHONY: e2e-automatic-rbac
 e2e-automatic-rbac: chainsaw
@@ -466,7 +473,7 @@ KUSTOMIZE_VERSION ?= v5.0.3
 CONTROLLER_TOOLS_VERSION ?= v0.16.1
 GOLANGCI_LINT_VERSION ?= v1.57.2
 KIND_VERSION ?= v0.20.0
-CHAINSAW_VERSION ?= v0.2.5
+CHAINSAW_VERSION ?= v0.2.8
 
 .PHONY: install-tools
 install-tools: kustomize golangci-lint kind controller-gen envtest crdoc kind operator-sdk chainsaw
@@ -486,12 +493,12 @@ kind: ## Download kind locally if necessary.
 .PHONY: controller-gen
 controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary.
 $(CONTROLLER_GEN): $(LOCALBIN)
-	@test -s $(LOCALBIN)/controller-gen && $(LOCALBIN)/controller-gen --version | grep -q $(CONTROLLER_TOOLS_VERSION) || GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-tools/cmd/controller-gen@$(CONTROLLER_TOOLS_VERSION)
+	$(call go-get-tool,$(CONTROLLER_GEN), sigs.k8s.io/controller-tools/cmd/controller-gen,$(CONTROLLER_TOOLS_VERSION))
 
 .PHONY: envtest
 envtest: $(ENVTEST) ## Download envtest-setup locally if necessary.
 $(ENVTEST): $(LOCALBIN)
-	@test -s $(LOCALBIN)/setup-envtest || GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
+	$(call go-get-tool,$(ENVTEST), sigs.k8s.io/controller-runtime/tools/setup-envtest,latest)
 
 CRDOC = $(shell pwd)/bin/crdoc
 .PHONY: crdoc

README.md

@@ -608,7 +608,7 @@ spec:
   mode: statefulset
   targetAllocator:
     enabled: true
-  config: 
+  config:
     receivers:
       prometheus:
         config:
@@ -740,7 +740,7 @@ spec:
 
 ### Configure resource attributes with labels
 
-You can also use common labels to set resource attributes. 
+You can also use common labels to set resource attributes.
 
 The following labels are supported:
 - `app.kubernetes.io/name` becomes `service.name`
@@ -782,12 +782,12 @@ The priority for setting resource attributes is as follows (first found wins):
 
 1. Resource attributes set via `OTEL_RESOURCE_ATTRIBUTES` and `OTEL_SERVICE_NAME` environment variables
 2. Resource attributes set via annotations (with the `resource.opentelemetry.io/` prefix)
-3. Resource attributes set via labels (e.g. `app.kubernetes.io/name`) 
+3. Resource attributes set via labels (e.g. `app.kubernetes.io/name`)
    if the `Instrumentation` CR has defaults.useLabelsForResourceAttributes=true (see above)
 4. Resource attributes calculated from the pod's metadata (e.g. `k8s.pod.name`)
 5. Resource attributes set via the `Instrumentation` CR (in the `spec.resource.resourceAttributes` section)
 
-This priority is applied for each resource attribute separately, so it is possible to set some attributes via 
+This priority is applied for each resource attribute separately, so it is possible to set some attributes via
 annotations and others via labels.
 
 ## Compatibility matrix
@@ -807,12 +807,13 @@ We strive to be compatible with the widest range of Kubernetes versions as possi
 We use `cert-manager` for some features of this operator and the third column shows the versions of the `cert-manager` that are known to work with this operator's versions.
 
 The Target Allocator supports prometheus-operator CRDs like ServiceMonitor, and it does so by using packages imported from prometheus-operator itself. The table shows which version is shipped with a given operator version.
-Generally speaking, these are backwards compatible, but specific features require the appropriate package versions. 
+Generally speaking, these are backwards compatible, but specific features require the appropriate package versions.
 
 The OpenTelemetry Operator _might_ work on versions outside of the given range, but when opening new issues, please make sure to test your scenario on a supported version.
 
 | OpenTelemetry Operator | Kubernetes     | Cert-Manager | Prometheus-Operator |
 |------------------------|----------------| ------------ |---------------------|
+| v0.111.0               | v1.23 to v1.31 | v1           | v0.76.0             |
 | v0.110.0               | v1.23 to v1.31 | v1           | v0.76.0             |
 | v0.109.0               | v1.23 to v1.31 | v1           | v0.76.0             |
 | v0.108.0               | v1.23 to v1.31 | v1           | v0.76.0             |
@@ -836,7 +837,6 @@ The OpenTelemetry Operator _might_ work on versions outside of the given range,
 | v0.90.0                | v1.23 to v1.28 | v1           | v0.69.1             |
 | v0.89.0                | v1.23 to v1.28 | v1           | v0.69.1             |
 | v0.88.0                | v1.23 to v1.28 | v1           | v0.68.0             |
-| v0.87.0                | v1.23 to v1.28 | v1           | v0.68.0             |
 
 ## Contributing and Developing
 
@@ -849,6 +849,7 @@ Approvers ([@open-telemetry/operator-approvers](https://github.com/orgs/open-tel
 - [Benedikt Bongartz](https://github.com/frzifus), Red Hat
 - [Tyler Helmuth](https://github.com/TylerHelmuth), Honeycomb
 - [Yuri Oliveira Sa](https://github.com/yuriolisa), Red Hat
+- [Israel Blancas](https://github.com/iblancasa), Red Hat
 
 Emeritus Approvers:
 

RELEASE.md

@@ -44,9 +44,10 @@ The operator should be released within a week after the [OpenTelemetry collector
 
 | Version  | Release manager |
 |----------|-----------------|
-| v0.111.0 | @frzifus        |
 | v0.112.0 | @yuriolisa      |
 | v0.113.0 | @pavolloffay    |
 | v0.114.0 | @TylerHelmuth   |
 | v0.115.0 | @jaronoff97     |
-| v0.116.0 | @swiatekm       |
+| v0.116.0 | @swiatekm       |
+| v0.117.0 | @iblancasa      |
+| v0.118.0 | @frzifus        |

apis/v1alpha1/instrumentation_types.go

@@ -121,13 +121,13 @@ type TLS struct {
 	// CA defines the key of certificate (e.g. ca.crt) in the configmap map, secret or absolute path to a certificate.
 	// The absolute path can be used when certificate is already present on the workload filesystem e.g.
 	// /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt
-	CA string `json:"ca,omitempty"`
+	CA string `json:"ca_file,omitempty"`
 	// Cert defines the key (e.g. tls.crt) of the client certificate in the secret or absolute path to a certificate.
 	// The absolute path can be used when certificate is already present on the workload filesystem.
-	Cert string `json:"cert,omitempty"`
+	Cert string `json:"cert_file,omitempty"`
 	// Key defines a key (e.g. tls.key) of the private key in the secret or absolute path to a certificate.
 	// The absolute path can be used when certificate is already present on the workload filesystem.
-	Key string `json:"key,omitempty"`
+	Key string `json:"key_file,omitempty"`
 }
 
 // Sampler defines sampling configuration.

apis/v1beta1/collector_webhook.go

@@ -188,6 +188,11 @@ func (c CollectorWebhook) Validate(ctx context.Context, r *OpenTelemetryCollecto
 		return warnings, fmt.Errorf("the OpenTelemetry Collector mode is set to %s, which does not support the attribute 'volumeClaimTemplates'", r.Spec.Mode)
 	}
 
+	// validate persistentVolumeClaimRetentionPolicy
+	if r.Spec.Mode != ModeStatefulSet && r.Spec.PersistentVolumeClaimRetentionPolicy != nil {
+		return warnings, fmt.Errorf("the OpenTelemetry Collector mode is set to %s, which does not support the attribute 'persistentVolumeClaimRetentionPolicy'", r.Spec.Mode)
+	}
+
 	// validate tolerations
 	if r.Spec.Mode == ModeSidecar && len(r.Spec.Tolerations) > 0 {
 		return warnings, fmt.Errorf("the OpenTelemetry Collector mode is set to %s, which does not support the attribute 'tolerations'", r.Spec.Mode)