From e2f594f7eb4d92bdd690216eb4389ca76f8fc447 Mon Sep 17 00:00:00 2001 From: RJ Sampson Date: Wed, 15 Jan 2025 16:27:41 -0700 Subject: [PATCH] fix: Stream OTel plugin with ingress nginx The plugin needs to be built with the version set to the exact version of nginx shipped with the controller. Get rid of the standalone package and build inline with ingress nginx Signed-off-by: RJ Sampson --- ingress-nginx-controller-1.12.yaml | 76 ++++++++++++++++++- opentelemetry-plugin-nginx.yaml | 115 ----------------------------- 2 files changed, 74 insertions(+), 117 deletions(-) delete mode 100644 opentelemetry-plugin-nginx.yaml diff --git a/ingress-nginx-controller-1.12.yaml b/ingress-nginx-controller-1.12.yaml index 47215c0deb0..2b66f6e9f9c 100644 --- a/ingress-nginx-controller-1.12.yaml +++ b/ingress-nginx-controller-1.12.yaml @@ -3,7 +3,7 @@ package: name: ingress-nginx-controller-1.12 version: 1.12.0 # There are manual changes to review between each package update. See 'vars:' section. - epoch: 0 + epoch: 1 description: "Ingress-NGINX Controller for Kubernetes" copyright: - license: Apache-2.0 @@ -54,12 +54,14 @@ var-transforms: environment: contents: packages: + - abseil-cpp-dev - autoconf - automake - bash - bison - brotli-dev - busybox + - c-ares-dev - ca-certificates - ca-certificates-bundle - clang-15 @@ -72,7 +74,9 @@ environment: - gcc - gd-dev - git + - glibc-dev - go + - icu-dev - libaio-dev - libcap - libcap-utils @@ -111,13 +115,17 @@ environment: - openssh-client - openssl - openssl-dev + - opentelemetry-cpp-dev - patch - pcre-dev - perl-dev - pkgconf + - protobuf-dev - python3 + - re2-dev - scanelf - ssdeep + - systemd-dev - util-linux - wget - wolfi-base @@ -148,7 +156,9 @@ vars: NGX_BROTLI_SHA: 63ca02abdcf79c9e788d2eedcc388d2335902e52 # TODO: ModSecurity-nginx needs a release beyond v1.0.3 to work properly # see https://github.com/owasp-modsecurity/ModSecurity-nginx/issues/324 - MODSECURITY_NGINX_VERSION: "ef64996aedd4bb5fa1831631361244813d48b82f" + MODSECURITY_NGINX_VERSION: "fb678c5b4456c733e011d4bd6ad0888baca8c124" + # Instrumentation for nginx plugin: https://github.com/open-telemetry/opentelemetry-cpp-contrib + OTEL_SHA: "a4d3681626082234abb71f118cb9be6e71fc52eb" pipeline: - uses: git-checkout @@ -492,6 +502,7 @@ subpackages: provides: - ingress-nginx-controller-compat=${{package.full-version}} runtime: + - ingress-nginx-opentelemetry-plugin-${{vars.nginx-ingress-major-minor}} - modsecurity-config pipeline: - runs: | @@ -535,6 +546,33 @@ subpackages: modroot: ./images/kube-webhook-certgen/rootfs packages: . + - name: ingress-nginx-opentelemetry-plugin-${{vars.nginx-ingress-major-minor}} + description: OTel plugin for ingress nginx controller ${{vars.nginx-ingress-major-minor}} + dependencies: + provides: + - ingress-nginx-opentelemetry-plugin=${{package.full-version}} + runtime: + - ingress-nginx-controller-${{vars.nginx-ingress-major-minor}} + pipeline: + - uses: git-checkout + with: + repository: https://github.com/open-telemetry/opentelemetry-cpp-contrib + branch: main + expected-commit: ${{vars.OTEL_SHA}} + - working-directory: instrumentation/nginx + runs: | + mkdir build + cd build + + # This must be set to whatever ingress nginx is using + cmake -DNGINX_VERSION=${{vars.NGINX_VERSION}} .. + make + + # Copy over plugin + mkdir -p ${{targets.contextdir}}/etc/nginx/modules + cp -p otel_ngx_module.so ${{targets.contextdir}}/etc/nginx/modules/ + - uses: strip + update: enabled: true manual: true @@ -544,6 +582,10 @@ update: tag-filter: "controller-v1.12" test: + environment: + contents: + packages: + - ingress-nginx-controller-compat-${{vars.nginx-ingress-major-minor}} pipeline: - runs: | /usr/bin/nginx -v @@ -552,3 +594,33 @@ test: nginx -h nginx-dbg --help nginx-ingress-controller --version + - runs: | + cat < /etc/nginx/nginx.conf + load_module /etc/nginx/modules/otel_ngx_module.so; + + http { + opentelemetry_service_name "nginx-proxy"; + opentelemetry_otlp_traces_endpoint "http://collector:4318/v1/traces"; + + server { + listen 80; + server_name otel_example; + + root /var/www/html; + + location = / { + opentelemetry_operation_name my_example_backend; + opentelemetry_propagate; + proxy_pass http://localhost:3501/; + } + } + } + events {} + EOF + + # Not sure why this isn't included in main package. + mkdir -p /var/lib/nginx/tmp/ + adduser -D -H -s /sbin/nologin www-data + # -T: test the configuration file: nginx checks the configuration for correct syntax, and then tries to open files referred in the configuration. + # additionally dump configuration files to standard output (1.9.2). + - runs: nginx -T diff --git a/opentelemetry-plugin-nginx.yaml b/opentelemetry-plugin-nginx.yaml deleted file mode 100644 index 09aeeda90a1..00000000000 --- a/opentelemetry-plugin-nginx.yaml +++ /dev/null @@ -1,115 +0,0 @@ -#nolint:valid-pipeline-git-checkout-tag -package: - name: opentelemetry-plugin-nginx - version: "0_git20250115" - epoch: 0 - description: Adds OpenTelemetry distributed tracing support to nginx. This is the otel community plugin for nginx, not the official nginx plugin for otel. - copyright: - - license: Apache-2.0 - dependencies: - runtime: - - opentelemetry-cpp - -environment: - contents: - packages: - - abseil-cpp-dev - - busybox - - c-ares-dev - - cmake - - curl-dev - - gcc - - glibc-dev - - icu-dev - - make - - opentelemetry-cpp-dev - - pcre-dev - - protobuf-dev - - re2-dev - - systemd-dev - -pipeline: - - uses: git-checkout - with: - repository: https://github.com/open-telemetry/opentelemetry-cpp-contrib - branch: main - expected-commit: a4d3681626082234abb71f118cb9be6e71fc52eb - - - working-directory: instrumentation/nginx - runs: | - mkdir build - cd build - - # This must be set to whatever ingress nginx is using - cmake -DNGINX_VERSION=1.25.5 .. - make - - # Copy over plugin - mkdir -p ${{targets.contextdir}}/usr/share/nginx/modules - cp -p otel_ngx_module.so ${{targets.contextdir}}/usr/share/nginx/modules/ - - - uses: strip - -subpackages: - - name: ${{package.name}}-compat - pipeline: - - runs: | - mkdir -p ${{targets.contextdir}}/etc/nginx/modules - ln -s /usr/share/nginx/modules/otel_ngx_module.so ${{targets.contextdir}}/etc/nginx/modules/ - - # This exists to satisfy ingress-nginx-opentelemetry, which ships an image but doesn't expect this - # library to work until it's copied over into another image that already has already has all - # other dependencies installed. - - name: ${{package.name}}-nodepends - description: "WARNING: This package is not usable by itself. This is the same as the opentelemetry-plugin-nginx package, but without any dependencies." - options: - no-depends: true - pipeline: - - runs: | - mkdir -p ${{targets.contextdir}}/usr/share/nginx/modules - cp -p otel_ngx_module.so ${{targets.contextdir}}/usr/share/nginx/modules/ - working-directory: instrumentation/nginx/build - -update: - enabled: true - git: {} - schedule: - period: weekly - reason: shared contrib repo that doesn't maintain tags for this component - -test: - environment: - contents: - packages: - - nginx~1.25.5 - pipeline: - - runs: | - cat < /etc/nginx/nginx.conf - load_module /usr/share/nginx/modules/otel_ngx_module.so; - - http { - opentelemetry_service_name "nginx-proxy"; - opentelemetry_otlp_traces_endpoint "http://collector:4318/v1/traces"; - - server { - listen 80; - server_name otel_example; - - root /var/www/html; - - location = / { - opentelemetry_operation_name my_example_backend; - opentelemetry_propagate; - proxy_pass http://localhost:3501/; - } - } - } - events {} - EOF - - # Not sure why this isn't included in main package. - mkdir -p /var/lib/nginx/tmp/ - adduser -D -H -s /sbin/nologin nginx - # -T: test the configuration file: nginx checks the configuration for correct syntax, and then tries to open files referred in the configuration. - # additionally dump configuration files to standard output (1.9.2). - - runs: nginx -T