-
Notifications
You must be signed in to change notification settings - Fork 463
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add handling of environment variables from ConfigMaps and Secrets #3373
base: main
Are you sure you want to change the base?
Conversation
506a78c
to
c17e0e8
Compare
Tested ConfigMaps with custom built image |
Handling Secrets requires updated permissions, otherwise it ends up with:
Please suggest what to do. Thanks. EDIT: Where does release asset Installation manifest for Kubernetes come from exactly? I am not able to find it in sources, so I cannot patch it. It differs from
while release asset:
|
So the Secrets code works fine with the following kustomize patch to the Release asset (it syncs value to
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can you adjust an E2E test to ensure this logic works as expected?
You mean to add e2e tests for ConfigMaps and Secrets to ensure it works, right? Sure. |
@pavolloffay If I read it correctly, this is a solution for appending to an existing value and only when defined directly in the POD's env itself. I am solving wider issue - my code is able to actually read ConfigMaps and Secrets, so when for example Also it allows defining |
So, to summarise. Your PR solves issue for the case when the environemntal variable is defined via |
Conceptually, I don't like the fact that this PR effectively reimplements Kubernetes' environment variable mounting logic in the operator. This really shouldn't be necessary. In my mind, what the operator should do is add the env variables if the user hasn't set them, with some language-specific exceptions where it should concatenate the values instead. As #3379 shows, we don't actually need to read external ConfigMaps and Secrets to achieve the latter. I do believe the operator may override some env variables set by the user in the CR, and we should fix that. But it's sufficient to add user-defined variables to the end of the list to do this, without need for all the elaborate machinery in this PR. |
We use ConfigMaps in base directory and customize them with |
You cannot put the Kubernetes can load the whole ConfigMap with This is a long-standing maintaintenance pain for us - this Kubernetes feature works otherwise fine, but OTEL Operator misses it. Please consider adding this feature. |
Allright, that makes sense. I'd like to support what you're asking for, but I'd really like to avoid all the machinery in this PR. We'll discuss it during our next SIG meeting and hopefully find some alternative. For the Java and Node option variables specifically, I think #3379 can solve it as-is:
A slightly annoying workaround, but it should be easy to add to your kustomize base. |
For like 100 services with 50 overlays each, it is better to have the values present just once. It is also easier to grep for the value afterwards when necessary. So if I have to choose between two JAVA_TOOL_OPTIONS (one placeholder value in the deployment, one actual value in the ConfigMap) and direct value in the deployment, I will choose the direct value in the deployment and skip the ConfigMap altogether. That is because not all services have JAVA_TOOL_OPTIONS, not all services have OTEL_SERVICE_NAME and so on - some have the value just in test overlays, some in base, some override it just for test environments and the like. It is really per-service and per-environment decision. Before OpenTelemetry we used just ConfigMaps and were “happy” (almost, you know). |
I have rebased the code and added e2e tests. |
Currently when environment variable is defined in ConfigMap, it is like being invisible to OpenTelemetry Operator. Improve this by adding a common class handling the environment variables, which is also able to load the referenced ConfigMaps. Signed-off-by: Oldřich Jedlička <[email protected]>
Load also environment variables defined in Secret to make them visible to OpenTelemetry Operator. Signed-off-by: Oldřich Jedlička <[email protected]>
This is the current behavior of the operator. It checks all env vars and if any
The #3379 solves this issue as well by setting e.g. Overall it's not clear what are the benefits of this PR compared to simpler #3379 |
This is not how it works. If you define My colleague just faced the issue (again, sigh!) and had to move the |
I see what you mean https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#configure-all-key-value-pairs-in-a-configmap-as-container-environment-variables
This will define all configmap keys as env vars. |
Yes, exactly. I have added e2e tests today into this PR, so you can find examples there too. |
Description:
Added detection and reading of environment variables defined in PODs resources like ConfigMaps and Secrets. Supports both
envFrom
andvalueFrom
forms.Link to tracking Issue(s):
Testing:
Added
kubebuilder
tests for new code, tested by deploying the generated image to OpenShift cluster.Documentation:
This is an enhancement, which can be read also as a bug fix (missing feature), so I have not added any documentation.
Implementation notes/questions:
ConfigMap
support is in first commit, theSecret
support is in the second commit. They work the same, they both support “if exists” checks and are able to extend the existing value (append) into a newly created (or updated) environment variable.Container
class naming (or have some common methods prefix?), so please suggest how the main class/file should be named - I can change it easily. The class handles everything regarding environment variables on the container currently.sdkInjector.inject
method gets one in arguments, but Apache and Nginx auto-instrumentations are ignoring it and taking namespace name from POD definition or from PODs resource map, which looks wrong (at minimum this is suspicious). I took the namespace name from the POD and if not found, I fall back to the one supplied as a parameter toinject
method.