feat(tracing): Add proxy tracing configuration to control plane helm chart

Previously, this would require the `linkerd-jaeger` extension to be installed. This comes with its own set of issues, namely managing yet another component of linkerd.

Since the tracing config is basically just environment variables and one volume mount, hoisting them up into the main control plane helm chart for the proxy injector to handle is likely the simplest and most maintainable path going forward.

The injector from the `linkerd-jaeger` extension will still work for the time being, and is interoprable to some degree as long as the injector in the extension is disabled. A follow-up to this PR should add documentation around this and how users can migrate from the extension to these configs.

Signed-off-by: Scott Fleener <[email protected]>

Author: sfleen

charts/linkerd-control-plane/templates/destination.yaml

@@ -447,3 +447,6 @@ spec:
       - {{- include "partials.proxy.volumes.service-account-token" . | indent 8 | trimPrefix (repeat 7 " ") }}
       {{ end -}}
       - {{- include "partials.proxy.volumes.identity" . | indent 8 | trimPrefix (repeat 7 " ") }}
+      {{if .Values.proxy.tracing.enabled -}}
+      - {{- include "partials.proxy.volumes.podinfo" . | indent 8 | trimPrefix (repeat 7 " ") }}
+      {{ end }}

charts/linkerd-control-plane/templates/identity.yaml

@@ -270,8 +270,11 @@ spec:
       {{ if not .Values.cniEnabled -}}
       - {{- include "partials.proxyInit.volumes.xtables" . | indent 8 | trimPrefix (repeat 7 " ") }}
       {{ end -}}
-      {{if .Values.identity.serviceAccountTokenProjection -}}
+      {{ if .Values.identity.serviceAccountTokenProjection -}}
       - {{- include "partials.proxy.volumes.service-account-token" . | indent 8 | trimPrefix (repeat 7 " ") }}
       {{ end -}}
       - {{- include "partials.proxy.volumes.identity" . | indent 8 | trimPrefix (repeat 7 " ") }}
+      {{ if .Values.proxy.tracing.enabled -}}
+      - {{- include "partials.proxy.volumes.podinfo" . | indent 8 | trimPrefix (repeat 7 " ") }}
+      {{ end }}
 {{end -}}

charts/linkerd-control-plane/templates/proxy-injector.yaml

@@ -185,6 +185,9 @@ spec:
       - {{- include "partials.proxy.volumes.service-account-token" . | indent 8 | trimPrefix (repeat 7 " ") }}
       {{ end -}}
       - {{- include "partials.proxy.volumes.identity" . | indent 8 | trimPrefix (repeat 7 " ") }}
+      {{if .Values.proxy.tracing.enabled -}}
+      - {{- include "partials.proxy.volumes.podinfo" . | indent 8 | trimPrefix (repeat 7 " ") }}
+      {{ end }}
 ---
 kind: Service
 apiVersion: v1

charts/linkerd-control-plane/values.yaml

@@ -284,6 +284,20 @@ proxy:
   metrics:
       # -- Whether or not to export hostname labels in outbound request metrics.
       hostnameLabels: false
+  # Configures tracing in the proxy and how they are exported
+  tracing:
+    # -- Enables trace collection and export in the proxy
+    enable: false
+    # -- Protocol to export traces with. Currently supported are
+    # "opentelemetry" (default) and "opencensus" (deprecated)
+    protocol: opentelemetry
+    traceServiceName: linkerd-proxy
+    collector:
+      # -- The collector endpoint to send traces to.
+      endpoint: ""
+      # -- The identity of the collector in the linkerd mesh. If the collector
+      # is unmeshed (recommended), this should remain unset.
+      meshIdentity: ""
   inbound:
     server:
       http2:

charts/partials/templates/_proxy.tpl

@@ -144,6 +144,24 @@ env:
   value: 30s
 - name: LINKERD2_PROXY_OUTBOUND_METRICS_HOSTNAME_LABELS
   value: {{ .Values.proxy.metrics.hostnameLabels | quote }}
+{{ if .Values.proxy.tracing.enable -}}
+- name: LINKERD2_PROXY_TRACE_ATTRIBUTES_PATH
+  value: /var/run/linkerd/podinfo/labels
+- name: LINKERD2_PROXY_TRACE_PROTOCOL
+  value: {{ .Values.proxy.tracing.protocol }}
+- name: LINKERD2_PROXY_TRACE_SERVICE_NAME
+  value: {{ .Values.proxy.tracing.traceServiceName }}
+- name: LINKERD2_PROXY_TRACE_COLLECTOR_SVC_ADDR
+  value: {{ .Values.proxy.tracing.collector.endpoint }}
+{{ if .Values.proxy.tracing.collector.meshIdentity -}}
+- name: LINKERD2_PROXY_TRACE_COLLECTOR_SVC_NAME
+  value: {{ .Values.proxy.tracing.collector.meshIdentity }}.serviceaccount.identity.{{.Release.Namespace}}.{{ .Values.clusterDomain }}
+{{ end -}}
+- name: LINKERD2_PROXY_TRACE_EXTRA_ATTRIBUTES
+  value: |
+    k8s.pod.uid=$(_pod_uid)
+    k8s.container.name=$(_pod_containerName)
+{{ end -}}
 {{- /* Configure inbound and outbound parameters, e.g. for HTTP/2 servers. */}}
 {{ range $proxyK, $proxyV := (dict "inbound" .Values.proxy.inbound "outbound" .Values.proxy.outbound) -}}
 {{   range $scopeK, $scopeV := $proxyV -}}
@@ -284,6 +302,10 @@ lifecycle:
 volumeMounts:
 - mountPath: /var/run/linkerd/identity/end-entity
   name: linkerd-identity-end-entity
+{{- if .Values.proxy.tracing.enable }}
+- mountPath: /var/run/linkerd/podinfo
+  name: linkerd-podinfo
+{{- end }}
 {{- if .Values.identity.serviceAccountTokenProjection }}
 - mountPath: /var/run/secrets/tokens
   name: linkerd-identity-token

charts/partials/templates/_volumes.tpl

@@ -4,6 +4,15 @@ emptyDir:
 name: linkerd-identity-end-entity
 {{- end -}}
 
+{{- define "partials.proxy.volumes.podinfo" -}}
+name: linkerd-podinfo
+downwardAPI:
+  items:
+    - path: labels
+      fieldRef:
+        fieldPath: metadata.labels
+{{- end -}}
+
 {{ define "partials.proxyInit.volumes.xtables" -}}
 emptyDir: {}
 name: {{ .Values.proxyInit.xtMountPath.name }}
@@ -38,4 +47,4 @@ projected:
           apiVersion: v1
           fieldPath: metadata.namespace
         path: namespace
-{{- end -}}
+{{- end -}}

charts/patch/templates/patch.json

@@ -103,6 +103,25 @@ structs.
       }
     }
   },
+  {{- if .Values.proxy.tracing.enable }}
+  {
+    "op": "add",
+    "path": "{{$prefix}}/spec/volumes/-",
+    "value": {
+       "downwardAPI": {
+         "items": [
+            {
+              "fieldRef": {
+                "fieldPath": "metadata.labels"
+              },
+              "path": "labels"
+            }
+          ]
+       },
+       "name": "linkerd-podinfo"
+     }
+  },
+  {{- end }}
   {{- if .Values.identity.serviceAccountTokenProjection}}
   {
     "op": "add",

cli/cmd/install_test.go

@@ -119,6 +119,15 @@ func TestRender(t *testing.T) {
 			Metrics: &charts.ProxyMetrics{
 				HostnameLabels: false,
 			},
+			Tracing: &charts.ProxyTracing{
+				Enable:           false,
+				Protocol:         "opentelemetry",
+				TraceServiceName: "linkerd-proxy",
+				Collector: &charts.ProxyTracingCollector{
+					Endpoint:     "",
+					MeshIdentity: "",
+				},
+			},
 			LivenessProbe: &charts.Probe{
 				InitialDelaySeconds: 10,
 				TimeoutSeconds:      1,