Skip to content

Commit 64b9f9b

Browse files
frzifusfrzifus
authored
Merge branch 'main' into add_atoulme_releasers
2 parents 963f51a + b22e994 commit 64b9f9b

28 files changed

+718
-123
lines changed

.chloggen/tls-profile.yaml

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,28 @@
1+
# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
2+
change_type: enhancement
3+
4+
# The name of the component, or a single word describing the area of concern, (e.g. collector, target allocator, auto-instrumentation, opamp, github action)
5+
component: operator, collector
6+
7+
# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`).
8+
note: Allow operator to get TLS settings from OpenShift `APIServer` CR and configure operands TLS settings.
9+
10+
# One or more tracking issues related to the change
11+
issues: [4669]
12+
13+
# (Optional) One or more lines of additional information to render under the primary note.
14+
# These lines will be padded with 2 spaces and then inserted directly into the document.
15+
# Use pipe (|) for multiline entries.
16+
subtext: |
17+
Added operator flag `--tls-cluster-profile` which obtains the TLS min version and cipher suites from the OpenShift `APIServer` `cluster` custom resource (CR).
18+
It overrides the `--tls-min-version` and `--tls-cipher-suites` flags if set.
19+
The flags is disabled by default on Kubernetes and enabled on OpenShift.
20+
21+
Added operator flag `--tls-configure-operands` which configures operands TLS settings (min version, cipher suites)
22+
based on the supplied operator TLS flags (`--tls-cipher-suites` and `--tls-min-version`) or from the OpenShift `APIServer` CR
23+
if `--tls-cluster-profile` is enabled.
24+
The flag is disabled by default on Kubernetes and enabled on OpenShift.
25+
26+
The `--tls-min-version` defaults to `TLSv1.2` which matches the collector's default.
27+
The `--tls-cipher-suites` is empty by default which matches the collector's default.
28+
Therefore enabling `--tls-configure-operands` with the default TLS flags should not change the collector's behavior.

apis/v1beta1/collector_webhook.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -102,6 +102,10 @@ func (c CollectorWebhook) Default(_ context.Context, obj runtime.Object) error {
102102
trueVal := true
103103
otelcol.Spec.NetworkPolicy.Enabled = &trueVal
104104
}
105+
// Apply config defaults (service pipelines, etc.) but NOT TLS.
106+
// TLS defaults are applied at reconciliation time (ConfigMap generation) so that
107+
// existing collectors automatically get updated TLS settings when the operator
108+
// restarts after a cluster TLS profile change.
105109
events, err := otelcol.Spec.Config.ApplyDefaults(c.logger)
106110
if err != nil {
107111
return err

apis/v1beta1/config.go

Lines changed: 9 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -265,8 +265,9 @@ func (c *Config) getEnvironmentVariablesForComponentKinds(logger logr.Logger, co
265265
}
266266

267267
// applyDefaultForComponentKinds applies defaults to the endpoints for the given ComponentKind(s).
268+
// If defaultsCfg.TLSProfile is set, TLS defaults are also applied via the Parser.GetDefaultConfig method.
268269
// Returns a list of events that should be recorded by the caller.
269-
func (c *Config) applyDefaultForComponentKinds(logger logr.Logger, componentKinds ...ComponentKind) ([]EventInfo, error) {
270+
func (c *Config) applyDefaultForComponentKinds(logger logr.Logger, parserOpts []components.DefaultOption, componentKinds ...ComponentKind) ([]EventInfo, error) {
270271
events, err := c.Service.ApplyDefaults(logger)
271272
if err != nil {
272273
return events, err
@@ -280,7 +281,8 @@ func (c *Config) applyDefaultForComponentKinds(logger logr.Logger, componentKind
280281
retriever = receivers.ReceiverFor
281282
cfg = c.Receivers
282283
case KindExporter, KindProcessor:
283-
continue
284+
retriever = exporters.ParserFor
285+
cfg = c.Exporters
284286
case KindExtension:
285287
if c.Extensions == nil {
286288
continue
@@ -291,7 +293,7 @@ func (c *Config) applyDefaultForComponentKinds(logger logr.Logger, componentKind
291293
for componentName := range enabledComponents[componentKind] {
292294
parser := retriever(componentName)
293295
componentConf := cfg.Object[componentName]
294-
newCfg, err := parser.GetDefaultConfig(logger, componentConf)
296+
newCfg, err := parser.GetDefaultConfig(logger, componentConf, parserOpts...)
295297
if err != nil {
296298
return events, err
297299
}
@@ -347,8 +349,10 @@ func (c *Config) GetAllRbacRules(logger logr.Logger) ([]rbacv1.PolicyRule, error
347349
return c.getRbacRulesForComponentKinds(logger, KindReceiver, KindExporter, KindProcessor, KindExtension)
348350
}
349351

350-
func (c *Config) ApplyDefaults(logger logr.Logger) ([]EventInfo, error) {
351-
return c.applyDefaultForComponentKinds(logger, KindReceiver, KindExtension)
352+
// ApplyDefaults applies default configuration values to the collector config.
353+
// Optional DefaultsOption arguments can be provided to customize behavior.
354+
func (c *Config) ApplyDefaults(logger logr.Logger, opts ...components.DefaultOption) ([]EventInfo, error) {
355+
return c.applyDefaultForComponentKinds(logger, opts, KindReceiver, KindExporter, KindExtension)
352356
}
353357

354358
// GetLivenessProbe gets the first enabled liveness probe. There should only ever be one extension enabled

autoinstrumentation/nodejs/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,6 @@
1313
},
1414
"dependencies": {
1515
"@opentelemetry/api": "1.9.0",
16-
"@opentelemetry/auto-instrumentations-node": "0.70.1"
16+
"@opentelemetry/auto-instrumentations-node": "0.71.0"
1717
}
1818
}

bundle/community/manifests/opentelemetry-operator.clusterserviceversion.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -99,7 +99,7 @@ metadata:
9999
categories: Logging & Tracing,Monitoring,Observability
100100
certified: "false"
101101
containerImage: ghcr.io/open-telemetry/opentelemetry-operator/opentelemetry-operator
102-
createdAt: "2026-03-04T09:54:20Z"
102+
createdAt: "2026-03-04T12:42:01Z"
103103
description: Provides the OpenTelemetry components, including the Collector
104104
operators.operatorframework.io/builder: operator-sdk-v1.29.0
105105
operators.operatorframework.io/project_layout: go.kubebuilder.io/v3

bundle/openshift/manifests/opentelemetry-operator.clusterserviceversion.yaml

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -99,7 +99,7 @@ metadata:
9999
categories: Logging & Tracing,Monitoring,Observability
100100
certified: "false"
101101
containerImage: ghcr.io/open-telemetry/opentelemetry-operator/opentelemetry-operator
102-
createdAt: "2026-03-04T09:54:21Z"
102+
createdAt: "2026-03-04T12:42:01Z"
103103
description: Provides the OpenTelemetry components, including the Collector
104104
operators.operatorframework.io/builder: operator-sdk-v1.29.0
105105
operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
@@ -572,6 +572,10 @@ spec:
572572
value: "true"
573573
- name: FEATURE_GATES
574574
value: operator.networkpolicy,operand.networkpolicy
575+
- name: TLS_CLUSTER_PROFILE
576+
value: "true"
577+
- name: TLS_CONFIGURE_OPERANDS
578+
value: "true"
575579
image: ghcr.io/open-telemetry/opentelemetry-operator/opentelemetry-operator:0.145.0
576580
livenessProbe:
577581
httpGet:

config/overlays/openshift/manager-patch.yaml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -58,3 +58,13 @@
5858
value:
5959
name: FEATURE_GATES
6060
value: "operator.networkpolicy,operand.networkpolicy"
61+
- op: add
62+
path: "/spec/template/spec/containers/0/env/-"
63+
value:
64+
name: TLS_CLUSTER_PROFILE
65+
value: "true"
66+
- op: add
67+
path: "/spec/template/spec/containers/0/env/-"
68+
value:
69+
name: TLS_CONFIGURE_OPERANDS
70+
value: "true"

0 commit comments

Comments
 (0)