[apiserver-kubelet/tracing]: add distributed tracing config variables (#10795)

* [apiserver-kubelet/tracing]: add distributed tracing config flags

Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>

* [apiserver-kubelet/tracing]: add distributed tracing config flags - fix

Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>

* [apiserver-kubelet/tracing]: add distributed tracing config flags - fix

Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>

---------

Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>

roles/kubernetes/control-plane/defaults/main/main.yml

@@ -235,3 +235,8 @@ kubeadm_upgrade_auto_cert_renewal: true
 
 # Bash alias of kubectl to interact with Kubernetes cluster much easier
 # kubectl_alias: k
+
+## Enable distributed tracing for kube-apiserver
+kube_apiserver_tracing: false
+kube_apiserver_tracing_endpoint: 0.0.0.0:4317
+kube_apiserver_tracing_sampling_rate_per_million: 100

roles/kubernetes/control-plane/tasks/kubeadm-setup.yml

@@ -68,6 +68,20 @@
     mode: 0640
   when: kubernetes_audit_webhook | default(false)
 
+- name: Create apiserver tracing config directory
+  file:
+    path: "{{ kube_config_dir }}/tracing"
+    state: directory
+    mode: 0640
+  when: kube_apiserver_tracing
+
+- name: Write apiserver tracing config yaml
+  template:
+    src: apiserver-tracing.yaml.j2
+    dest: "{{ kube_config_dir }}/tracing/apiserver-tracing.yaml"
+    mode: 0640
+  when: kube_apiserver_tracing
+
 # Nginx LB(default), If kubeadm_config_api_fqdn is defined, use other LB by kubeadm controlPlaneEndpoint.
 - name: Set kubeadm_config_api_fqdn define
   set_fact:

roles/kubernetes/control-plane/templates/apiserver-tracing.yaml.j2

@@ -0,0 +1,4 @@
+apiVersion: apiserver.config.k8s.io/v1beta1
+kind: TracingConfiguration
+endpoint: {{ kube_apiserver_tracing_endpoint }}
+samplingRatePerMillion: {{ kube_apiserver_tracing_sampling_rate_per_million }}

roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2

@@ -227,6 +227,9 @@ apiServer:
 {% if kubelet_rotate_server_certificates %}
     kubelet-certificate-authority: {{ kube_cert_dir }}/ca.crt
 {% endif %}
+{% if kube_apiserver_tracing %}
+    tracing-config-file: {{ kube_config_dir }}/tracing/apiserver-tracing.yaml
+{% endif %}
 {% if kubernetes_audit or kube_token_auth | default(true) or kube_webhook_token_auth | default(false) or ( cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "gce"] ) or apiserver_extra_volumes or ssl_ca_dirs | length %}
   extraVolumes:
 {% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "gce"] %}
@@ -267,6 +270,13 @@ apiServer:
     readOnly: false
     pathType: DirectoryOrCreate
 {% endif %}
+{% if kube_apiserver_tracing %}
+  - name: tracing
+    hostPath: {{ kube_config_dir }}/tracing
+    mountPath: {{ kube_config_dir }}/tracing
+    readOnly: true
+    pathType: DirectoryOrCreate
+{% endif %}
 {% for volume in apiserver_extra_volumes %}
   - name: {{ volume.name }}
     hostPath: {{ volume.hostPath }}

roles/kubernetes/node/defaults/main.yml

@@ -253,3 +253,9 @@ kube_proxy_ipvs_modules:
 conntrack_modules:
   - nf_conntrack
   - nf_conntrack_ipv4
+
+
+## Enable distributed tracing for kubelet
+kubelet_tracing: false
+kubelet_tracing_endpoint: 0.0.0.0:4317
+kubelet_tracing_sampling_rate_per_million: 100

roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2

@@ -166,3 +166,8 @@ topologyManagerPolicy: {{ kubelet_topology_manager_policy }}
 {% if kubelet_topology_manager_scope is defined %}
 topologyManagerScope: {{ kubelet_topology_manager_scope }}
 {% endif %}
+{% if kubelet_tracing %}
+tracing:
+  endpoint: {{ kubelet_tracing_endpoint }}
+  samplingRatePerMillion: {{ kubelet_tracing_sampling_rate_per_million }}
+{% endif %}