Change CICD for common chart and and auto-instrument with opentelemet…

…ry operator

.github/workflows/helm-package.yaml

@@ -12,6 +12,8 @@ on:
 
 jobs:
   packing:
+    permissions:
+      contents: write
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
@@ -22,6 +24,7 @@ jobs:
       - uses: azure/setup-helm@v3
         with:
           token: ${{ secrets.GITHUB_TOKEN }} # only needed if version is 'latest'
+
       - name: check linting
         run: |
           helm lint charts/*
@@ -39,7 +42,7 @@ jobs:
         
       - name: Helm repo login
         run: |
-          helm registry login ${{ secrets.ACR_URL }} --username ${{ secrets.ACR_USERNAME }} --password ${{ secrets.ACR_PASSWORD }}
+          helm registry login ghcr.io --username USERNAME --password ${{ secrets.GITHUB_TOKEN }}
       
       - name: 'Auto Increase Helm Version'
         run: |
@@ -76,7 +79,7 @@ jobs:
             echo "$dir"
             helm package $dir
             version=$(cat $dir/Chart.yaml | grep "version: " | cut -d " " -f 2)
-            helm push $dir-$version.tgz oci://${{ secrets.ACR_URL }}/helm
+            helm push $dir-$version.tgz oci://ghcr.io/jan/charts
           done
       - name: 'Commit new version to main and create tag'
         run: |

charts/common/templates/deployment.yaml

@@ -12,7 +12,7 @@
 {{- $chartAppVersion := .Chart.AppVersion -}}
 
 {{- range $key, $value := .Values.workloads }}
----
+
 apiVersion: argoproj.io/v1alpha1
 kind: Rollout
 metadata:
@@ -159,4 +159,5 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+---
 {{- end}}

charts/common/templates/external-secret.yaml

@@ -39,4 +39,65 @@ spec:
 
 {{- end }}
 
+{{- if eq .Values.externalSecret.backendType "secretsManager" }}
+apiVersion: "kubernetes-client.io/v1"
+kind: ExternalSecret
+metadata:
+  name: {{ include "common.externalSecretName" . }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+  {{- with .Values.externalSecret.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  backendType: {{ .Values.externalSecret.backendType }}
+  {{- if .Values.externalSecret.roleArn }}
+  roleArn: {{ .Values.externalSecret.roleArn }}
+  {{- end }}
+  {{- if .Values.externalSecret.controllerId }}
+  controllerId: {{ .Values.externalSecret.controllerId }}
+  {{- end }}
+  {{- if .Values.externalSecret.region }}
+  region: {{ .Values.externalSecret.region }}
+  {{- end }}
+  {{- with .Values.externalSecret.data }}
+  data:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.externalSecret.dataFrom }}
+  dataFrom:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.externalSecret.template }}
+  template:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
+
+{{- if eq .Values.externalSecret.backendType "vaults" }}
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: {{ include "common.externalSecretName" . }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+  {{- with .Values.externalSecret.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  refreshInterval: 15s
+  secretStoreRef:
+    name: vault-secret-manager
+    kind: ClusterSecretStore
+  target:
+    name: {{ .Values.externalSecret.name }}
+    creationPolicy: Owner
+  dataFrom:
+  - extract:
+      key: {{ .Values.externalSecret.dataFrom }}
+
+{{- end }}
+
 {{- end }}

charts/common/templates/hpa.yaml

@@ -4,7 +4,7 @@
 
 
 {{- range $key, $value := .Values.workloads }}
----
+
 {{- if $value.autoscaling.enabled }}
 apiVersion: autoscaling/v2
 kind: HorizontalPodAutoscaler
@@ -38,4 +38,5 @@ spec:
           type: Utilization
     {{- end }}
 {{- end }}
+---
 {{- end }}

charts/common/templates/ingress.yaml

@@ -3,7 +3,6 @@
 {{- $capabilities := .Capabilities -}}
 
 {{- range $key, $value := .Values.workloads }}
----
 
 {{- if $value.ingress.enabled -}}
 {{- $svcPort := $value.service.port -}}
@@ -66,4 +65,5 @@ spec:
           {{- end }}
     {{- end }}
 {{- end }}
+---
 {{- end }}

charts/common/templates/instrumentation.yaml

@@ -0,0 +1,164 @@
+{{- range $key, $value := .Values.workloads }}
+---
+{{- if $value.instrumentation.enabled -}}
+{{- if eq $value.instrumentation.type "python" }}
+apiVersion: opentelemetry.io/v1alpha1
+kind: Instrumentation
+metadata:
+  name: {{ $value.instrumentation.name }}
+spec:
+  env:
+    - name: OTEL_EXPORTER_OTLP_TIMEOUT
+      value: "20"
+    - name: OTEL_TRACES_SAMPLER
+      value: parentbased_traceidratio
+    - name: OTEL_TRACES_SAMPLER_ARG
+      value: "{{ $value.instrumentation.sampler | default "1"  }}"
+    - name: SPLUNK_TRACE_RESPONSE_HEADER_ENABLED
+      value: "true"
+  exporter:
+    endpoint: {{ $value.instrumentation.endpoint }}
+  propagators:
+    {{- if $value.instrumentation.xray }}
+      - xray
+    {{- else }}
+      - tracecontext
+      - baggage
+    {{- end }}
+  sampler:
+    type: parentbased_traceidratio
+    argument: "{{ $value.instrumentation.sampler | default "1"  }}"
+  python:
+    env:
+      {{- if $value.instrumentation.xray }}
+      - name: OTEL_PYTHON_ID_GENERATOR
+        value: xray
+      {{- end }}
+      - name: OTEL_PYTHON_INSTRUMENTATION_SANITIZE_REDIS
+        value: "true"
+      - name: OTEL_PYTHON_LOG_CORRELATION
+        value: "true"
+      - name: OTEL_LOG_LEVEL
+        value: "debug"
+      - name: OTEL_PYTHON_LOG_LEVEL
+        value: "debug"
+      - name: OTEL_TRACES_EXPORTER
+        value: otlp_proto_http
+      - name: OTEL_METRICS_EXPORTER
+        value: none
+      - name: OTEL_LOG_EXPORTER
+        value: otlp_proto_http
+      - name: OTEL_EXPORTER_OTLP_LOGS_PROTOCOL
+        value: "http/protobuf"
+      - name: OTEL_EXPORTER_OTLP_ENDPOINT
+        value: {{ $value.instrumentation.endpoint }}
+      - name: OTEL_SERVICE_NAME
+        value: {{ $value.instrumentation.servicename }}
+    image: {{ $value.instrumentation.image }}
+{{- end }}
+
+{{- if eq $value.instrumentation.type "dotnet" }}
+apiVersion: opentelemetry.io/v1alpha1
+kind: Instrumentation
+metadata:
+  name: {{ $value.instrumentation.name }}
+spec:
+  env:
+    - name: OTEL_EXPORTER_OTLP_TIMEOUT
+      value: "20"
+    - name: OTEL_TRACES_SAMPLER
+      value: parentbased_traceidratio
+    - name: OTEL_TRACES_SAMPLER_ARG
+      value: "{{ $value.instrumentation.sampler | default "1"  }}"
+    - name: SPLUNK_TRACE_RESPONSE_HEADER_ENABLED
+      value: "true"
+  exporter:
+    endpoint: {{ $value.instrumentation.endpoint }}
+  propagators:
+    {{- if $value.instrumentation.xray }}
+      - xray
+    {{- else }}
+      - tracecontext
+      - baggage
+    {{- end }}
+  sampler:
+    type: parentbased_traceidratio
+    argument: "{{ $value.instrumentation.sampler | default "1"  }}"
+  dotnet:
+    env:
+      - name: OTEL_EXPORTER_OTLP_ENDPOINT
+        value: {{ $value.instrumentation.endpoint }}
+      - name: OTEL_SERVICE_NAME
+        value: {{ $value.instrumentation.servicename }}
+    image: {{ $value.instrumentation.image }}
+
+{{- end }}
+
+{{- if eq $value.instrumentation.type "nodejs" }}
+apiVersion: opentelemetry.io/v1alpha1
+kind: Instrumentation
+metadata:
+  name: {{ $value.instrumentation.name }}
+spec:
+  env:
+    - name: OTEL_EXPORTER_OTLP_TIMEOUT
+      value: "20"
+    - name: OTEL_TRACES_SAMPLER
+      value: parentbased_traceidratio
+    - name: OTEL_TRACES_SAMPLER_ARG
+      value: "{{ $value.instrumentation.sampler | default "1"  }}"
+    - name: SPLUNK_TRACE_RESPONSE_HEADER_ENABLED
+      value: "true"
+  exporter:
+    endpoint: {{ $value.instrumentation.endpoint }}
+  propagators:
+    {{- if $value.instrumentation.xray }}
+      - xray
+    {{- else }}
+      - tracecontext
+      - baggage
+    {{- end }}
+  sampler:
+    type: parentbased_traceidratio
+    argument: "{{ $value.instrumentation.sampler | default "1"  }}"
+  nodejs:
+    env:
+      - name: OTEL_EXPORTER_OTLP_ENDPOINT
+        value: {{ $value.instrumentation.endpoint }}
+      - name: OTEL_SERVICE_NAME
+        value: {{ $value.instrumentation.servicename }}
+
+{{- end }}
+
+{{- if eq $value.instrumentation.type "nginx" }}
+apiVersion: opentelemetry.io/v1alpha1
+kind: Instrumentation
+metadata:
+  name: {{ $value.instrumentation.name }}
+spec:
+  exporter:
+    endpoint: {{ $value.instrumentation.endpoint }}
+  propagators:
+    {{- if $value.instrumentation.xray }}
+      - xray
+    {{- else }}
+      - tracecontext
+      - baggage
+    {{- end }}
+  sampler:
+    type: parentbased_traceidratio
+    argument: "{{ $value.instrumentation.sampler | default "1"  }}"
+  nginx:
+    configFile: {{ $value.instrumentation.nginxConfigPath }}
+    attrs:
+    - name: NginxModuleServiceName
+      value: {{ $value.instrumentation.servicename }}
+    - name: NginxModuleServiceNamespace
+      value: {{ $value.instrumentation.servicename }}
+    - name: NginxModuleServiceInstanceId
+      value: {{ $value.instrumentation.servicename }}
+
+{{- end }}
+
+{{- end }}
+{{- end }}

charts/common/templates/keda-auto-scale.yaml

@@ -4,7 +4,7 @@
 
 
 {{- range $key, $value := .Values.workloads }}
----
+
 {{- if not $value.autoscaling.enabled }}
 {{- if $value.kedaScaling.enabled }}
 apiVersion: keda.sh/v1alpha1
@@ -32,4 +32,5 @@ spec:
       type: prometheus
 {{- end }}
 {{- end }}
+---
 {{- end }}

charts/common/templates/security-pod.yaml

@@ -3,7 +3,7 @@
 {{- $selectorLabels := include "common.selectorLabels" . -}}
 
 {{- range $key, $value := .Values.workloads }}
----
+
 {{- if $value.podSecurityGroup.enabled -}}
 apiVersion: vpcresources.k8s.aws/v1beta1
 kind: SecurityGroupPolicy
@@ -19,4 +19,5 @@ spec:
     groupIds: 
       {{- toYaml $value.podSecurityGroup.securitygroupid | nindent 6 }}
 {{- end}}
+---
 {{- end}}

charts/common/templates/service-preview.yaml

@@ -4,7 +4,7 @@
 {{- $selectorLabels := include "common.selectorLabels" . -}}
 
 {{- range $key, $value := .Values.workloads }}
----
+
 apiVersion: v1
 kind: Service
 metadata:
@@ -23,5 +23,5 @@ spec:
     {{- $selectorLabels | nindent 4 }}
     app.kubernetes.io/component: {{ $value.name }}
     app.kubernetes.io/name: {{ $name }}-{{ $value.name }}
-
+---
 {{- end }}

charts/common/templates/service.yaml

@@ -4,7 +4,7 @@
 {{- $selectorLabels := include "common.selectorLabels" . -}}
 
 {{- range $key, $value := .Values.workloads }}
----
+
 apiVersion: v1
 kind: Service
 metadata:
@@ -26,5 +26,5 @@ spec:
     {{- $selectorLabels | nindent 4 }}
     app.kubernetes.io/component: {{ $value.name }}
     app.kubernetes.io/name: {{ $name }}-{{ $value.name }}
-
+---
 {{- end }}