mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-06 16:06:56 +00:00
62f4aa4271
* fix: customizable tracer configuration Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: harden rbac permissions (#7638) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump sigstore/cosign-installer from 3.0.5 to 3.1.0 (#7664) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.5 to 3.1.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](dd6b2e2b61...d13028333d) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#7663) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.3 to 2.2.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](80e868c13c...08b4669551) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * use resource.New instead of Merge Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix tabs Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * [Chore] bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 (#7650) * Bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 Signed-off-by: webstradev <e.s.westra.95@gmail.com> * fixed tests Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * added tests for repository Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: vscode debug config (#7653) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: pr updater workflow (#7665) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: add specific loaders from #7597 (#7671) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * feat: add cluster select and relabling config for ServiceMonitors (#7659) * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * feat: add cluster select and relabling config for ServiceMonitors Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> --------- Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: cleanup controller context from #7597 (#7672) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: cleanup controller rbac (#7669) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: migrate context loaders (part 1) from #7597 (#7676) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * refactor: migrate context loaders (part 2) from #7597 (#7677) * refactor: migrate context loaders (part 1) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate context loaders (part 2) from #7597 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * feat: add lazy loading feature flag (#7680) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: image verification (#7652) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * Fix deferred loading (#7597) * handle nested contexts Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add feature flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add kuttl tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix CLI regclient Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix: token permissions on report vulns workflow (#7611) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: token permissions (#7619) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: update the flag descriptions of the reports-controller (#7617) Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> * fix: panic if env var not defined (#7613) * fix: panic if env var not defined Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * use toggles instead of a flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update toggle name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix roles Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update manifests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove extra unlock Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix loader reset Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * propagate context Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cm resolver Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * level management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * address review comments Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add enableDeferredLoading to other controllers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * re-enable ACR credhelper Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove image registry client init Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check for invalid reset/restore Signed-off-by: Jim Bugwadia <jim@nirmata.com> * recursive kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add pre/post queries Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add check for a recursive match Signed-off-by: Jim Bugwadia <jim@nirmata.com> * new test suite Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * eval loaders at creation level Signed-off-by: Jim Bugwadia <jim@nirmata.com> * kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add an index for resolving deps in order Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve comment Signed-off-by: Jim Bugwadia <jim@nirmata.com> * extract remove method Signed-off-by: Jim Bugwadia <jim@nirmata.com> * merge main Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feature flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * two rules kuttl test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * revert Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checkpoint Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix mutate chained rules Signed-off-by: ShutingZhao <shuting@nirmata.com> * per rule checpoint/restore Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * log error Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * fix: factorise confimap informer code (#7667) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * chore(deps): bump sigstore/cosign-installer from 3.1.0 to 3.1.1 (#7689) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.1.0 to 3.1.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](d13028333d...6e04d228eb) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> * Update pkg/tracing/config.go Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Daniel Laszlo <laszlodaniel@icloud.com> Signed-off-by: Daniel Laszlo <daniel.laszlo@bitpanda.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: webstradev <e.s.westra.95@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: emmanuel-ferdman <emmanuelferdman@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: webstradev <e.s.westra.95@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
76 lines
2.4 KiB
Go
76 lines
2.4 KiB
Go
package tracing
|
|
|
|
import (
|
|
"context"
|
|
"time"
|
|
|
|
"github.com/go-logr/logr"
|
|
tlsutils "github.com/kyverno/kyverno/pkg/utils/tls"
|
|
"github.com/kyverno/kyverno/pkg/version"
|
|
"go.opentelemetry.io/otel"
|
|
"go.opentelemetry.io/otel/exporters/otlp/otlptrace"
|
|
"go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc"
|
|
"go.opentelemetry.io/otel/propagation"
|
|
"go.opentelemetry.io/otel/sdk/resource"
|
|
sdktrace "go.opentelemetry.io/otel/sdk/trace"
|
|
semconv "go.opentelemetry.io/otel/semconv/v1.17.0"
|
|
"k8s.io/client-go/kubernetes"
|
|
)
|
|
|
|
// NewTraceConfig generates the initial tracing configuration with 'address' as the endpoint to connect to the Opentelemetry Collector
|
|
func NewTraceConfig(log logr.Logger, tracerName, address, certs string, kubeClient kubernetes.Interface) (func(), error) {
|
|
ctx := context.Background()
|
|
var client otlptrace.Client
|
|
if certs != "" {
|
|
// here the certificates are stored as configmaps
|
|
transportCreds, err := tlsutils.FetchCert(ctx, certs, kubeClient)
|
|
if err != nil {
|
|
log.Error(err, "Error fetching certificate from secret")
|
|
}
|
|
client = otlptracegrpc.NewClient(
|
|
otlptracegrpc.WithEndpoint(address),
|
|
otlptracegrpc.WithTLSCredentials(transportCreds),
|
|
)
|
|
} else {
|
|
client = otlptracegrpc.NewClient(
|
|
otlptracegrpc.WithEndpoint(address),
|
|
otlptracegrpc.WithInsecure(),
|
|
)
|
|
}
|
|
// create New Exporter for exporting metrics
|
|
traceExp, err := otlptrace.New(ctx, client)
|
|
if err != nil {
|
|
log.Error(err, "Failed to create the collector exporter")
|
|
return nil, err
|
|
}
|
|
res, err := resource.New(
|
|
ctx,
|
|
resource.WithSchemaURL(semconv.SchemaURL),
|
|
resource.WithTelemetrySDK(),
|
|
resource.WithAttributes(
|
|
semconv.ServiceNameKey.String(tracerName),
|
|
semconv.ServiceVersionKey.String(version.BuildVersion),
|
|
),
|
|
resource.WithFromEnv(),
|
|
)
|
|
if err != nil {
|
|
log.Error(err, "failed creating resource")
|
|
return nil, err
|
|
}
|
|
// create controller and bind the exporter with it
|
|
tp := sdktrace.NewTracerProvider(
|
|
sdktrace.WithBatcher(traceExp),
|
|
sdktrace.WithResource(res),
|
|
)
|
|
// set global propagator to tracecontext (the default is no-op).
|
|
otel.SetTextMapPropagator(propagation.TraceContext{})
|
|
otel.SetTracerProvider(tp)
|
|
return func() {
|
|
ctx, cancel := context.WithTimeout(context.Background(), 20*time.Second)
|
|
defer cancel()
|
|
// pushes any last exports to the receiver
|
|
if err := tp.Shutdown(ctx); err != nil {
|
|
otel.Handle(err)
|
|
}
|
|
}, nil
|
|
}
|