Page MenuHomePhabricator
Create Task
Maniphest T364477

Upgrade jaeger helm chart version to latest upstream
Closed, ResolvedPublic
Actions

Description

Unfortunately there's no changelog, but most of the changes look either unimpactful/not relevant (e.g. many changes to the operator), or look like pretty simple bugfixes. There were some changes to the defaults of and/or semantics of specifying otlp ports, for instance https://github.com/jaegertracing/helm-charts/pull/491 and https://github.com/jaegertracing/helm-charts/pull/479. Might be something to watch out for, but also probably fine.

Upstream also now includes a fix for T358111: oauth2-proxy config changes don't cause any change in the helm Deployment -- our corresponding patch against deployment-charts was actually never merged, and I'll just abandon it once this task is done.

Details

SubjectRepoBranchLines +/-
jaeger: add back port names for otlpoperations/deployment-chartsmaster+2 -0
jaeger: update bitnami/common to 2.19.2operations/deployment-chartsmaster+556 -217
jaeger: update aux valuesoperations/deployment-chartsmaster+20 -7
jaeger: update chart to 3.0.7 / f3c883908e576operations/deployment-chartsmaster+784 -241
Customize query in gerrit

Related Objects
Search...

Event Timeline

CDanis created this task.Wed, May 8, 2:27 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptWed, May 8, 2:27 PM
CDanis added a parent task: T320549: distributed tracing v0 [minimum viable].Wed, May 8, 2:28 PM
CDanis updated the task description. (Show Details)Thu, May 9, 1:30 PM
gerritbot added a comment.Mon, May 13, 1:09 PM

Change #1030950 had a related patch set uploaded (by Filippo Giunchedi; author: Filippo Giunchedi):

[operations/deployment-charts@master] jaeger: update chart to 3.0.7 / f3c883908e576

https://gerrit.wikimedia.org/r/1030950

gerritbot added a project: Patch-For-Review.Mon, May 13, 1:09 PM

Change #1030951 had a related patch set uploaded (by Filippo Giunchedi; author: Filippo Giunchedi):

[operations/deployment-charts@master] jaeger: update aux values

https://gerrit.wikimedia.org/r/1030951

gerritbot added a comment.Mon, May 13, 1:09 PM

Change #1030952 had a related patch set uploaded (by Filippo Giunchedi; author: Filippo Giunchedi):

[operations/deployment-charts@master] jaeger: update bitnami/common to 2.19.2

https://gerrit.wikimedia.org/r/1030952

fgiunchedi added a project: User-fgiunchedi.Tue, May 14, 12:38 PM
fgiunchedi moved this task from Backlog to Doing on the User-fgiunchedi board.
gerritbot added a comment.Wed, May 15, 8:05 AM

Change #1030950 merged by Filippo Giunchedi:

[operations/deployment-charts@master] jaeger: update chart to 3.0.7 / f3c883908e576

https://gerrit.wikimedia.org/r/1030950

gerritbot added a comment.Wed, May 15, 8:05 AM

Change #1030951 merged by Filippo Giunchedi:

[operations/deployment-charts@master] jaeger: update aux values

https://gerrit.wikimedia.org/r/1030951

gerritbot added a comment.Wed, May 15, 8:06 AM

Change #1030952 merged by Filippo Giunchedi:

[operations/deployment-charts@master] jaeger: update bitnami/common to 2.19.2

https://gerrit.wikimedia.org/r/1030952

gerritbot added a comment.Wed, May 15, 8:13 AM

Change #1031805 had a related patch set uploaded (by Filippo Giunchedi; author: Filippo Giunchedi):

[operations/deployment-charts@master] jaeger: add back port names for otlp

https://gerrit.wikimedia.org/r/1031805

gerritbot added a comment.Wed, May 15, 8:15 AM

Change #1031805 merged by Filippo Giunchedi:

[operations/deployment-charts@master] jaeger: add back port names for otlp

https://gerrit.wikimedia.org/r/1031805

fgiunchedi closed this task as Resolved.Wed, May 15, 8:18 AM

This is done! Latest chart version is deployed

For posterity' sake this is the full diff helm applied today:

jaeger, main-jaeger-collector, Deployment (apps) has changed:
  # Source: jaeger/templates/collector-deploy.yaml
  apiVersion: apps/v1
  kind: Deployment
  metadata:
    name: main-jaeger-collector
    labels:
-     helm.sh/chart: jaeger-0.69.4
+     helm.sh/chart: jaeger-3.0.7
      app.kubernetes.io/name: jaeger
      app.kubernetes.io/instance: main
-     app.kubernetes.io/version: "1.42.0"
+     app.kubernetes.io/version: "1.53.0"
      app.kubernetes.io/managed-by: Helm
      app.kubernetes.io/component: collector
  spec:
    replicas: 1
    selector:
      matchLabels:
        app.kubernetes.io/name: jaeger
        app.kubernetes.io/instance: main
        app.kubernetes.io/component: collector
    template:
      metadata:
        annotations:
          checksum/config-env: 75a11da44c802486bc6f65640aa48a730f0f684c5c07a42ba3cd1735eb3fb070
          prometheus.io/port: "14269"
          prometheus.io/scrape: "true"
        labels:
          app.kubernetes.io/name: jaeger
          app.kubernetes.io/instance: main
          app.kubernetes.io/component: collector
      spec:
        securityContext:
          {}
        serviceAccountName: default
+       
        containers:
        - name: main-jaeger-collector
          securityContext:
            {}
          image: docker-registry.discovery.wmnet/jaeger-collector:1.56-1
          imagePullPolicy: IfNotPresent
          args:
            
            
            - --collector.grpc.tls.cert=/tls/tls.crt
            - --collector.grpc.tls.enabled=true
            - --collector.grpc.tls.key=/tls/tls.key
            - --collector.http.tls.cert=/tls/tls.crt
            - --collector.http.tls.enabled=true
            - --collector.http.tls.key=/tls/tls.key
            - --collector.otlp.grpc.tls.cert=/tls/tls.crt
            - --collector.otlp.grpc.tls.enabled=true
            - --collector.otlp.grpc.tls.key=/tls/tls.key
            - --collector.otlp.http.tls.cert=/tls/tls.crt
            - --collector.otlp.http.tls.enabled=true
            - --collector.otlp.http.tls.key=/tls/tls.key
            - --es.index-date-separator=.
            - --es.num-replicas=2
            - --es.num-shards=1
            - --es.tls.enabled=true
            
          env:
            - name: COLLECTOR_OTLP_ENABLED
              value: "true"
            - name: SPAN_STORAGE_TYPE
              value: elasticsearch
            - name: ES_SERVER_URLS
              value: https://logs-api.svc.eqiad.wmnet:443
            - name: ES_USERNAME
              value: jaeger-prod
            - name: ES_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: main-jaeger-elasticsearch
                  key: password
          ports:
          - containerPort: 14250
            name: grpc
            protocol: TCP
          - containerPort: 14268
            name: http
            protocol: TCP
          - containerPort: 14269
            name: admin
            protocol: TCP
          - containerPort: 4317
            name: otlp-grpc
            protocol: TCP
          - containerPort: 4318
            name: otlp-http
            protocol: TCP
          readinessProbe:
            httpGet:
              path: /
              port: admin
          livenessProbe:
            httpGet:
              path: /
              port: admin
          resources:
            limits:
              cpu: 2
              memory: 1Gi
          volumeMounts:
            - name: jaeger-tls
              mountPath: /tls
              subPath: 
              readOnly: true
        dnsPolicy: ClusterFirst
        restartPolicy: Always
        volumes:
          - name: jaeger-tls
            secret:
              secretName: main-jaeger-collector
jaeger, main-jaeger-collector, Service (v1) has changed:
  # Source: jaeger/templates/collector-svc.yaml
  apiVersion: v1
  kind: Service
  metadata:
    name: main-jaeger-collector
    labels:
-     helm.sh/chart: jaeger-0.69.4
+     helm.sh/chart: jaeger-3.0.7
      app.kubernetes.io/name: jaeger
      app.kubernetes.io/instance: main
-     app.kubernetes.io/version: "1.42.0"
+     app.kubernetes.io/version: "1.53.0"
      app.kubernetes.io/managed-by: Helm
      app.kubernetes.io/component: collector
  spec:
    ports:
    - name: grpc
      port: 14250
      protocol: TCP
      targetPort: grpc
+     appProtocol: grpc
    - name: http
      port: 14268
      protocol: TCP
      targetPort: http
+     appProtocol: http
    - name: otlp-grpc
      port: 4317
      protocol: TCP
      targetPort: otlp-grpc
    - name: otlp-http
      port: 4318
      protocol: TCP
      targetPort: otlp-http
    - name: admin
      port: 14269
      targetPort: admin
    selector:
      app.kubernetes.io/name: jaeger
      app.kubernetes.io/instance: main
      app.kubernetes.io/component: collector
    type: ClusterIP
jaeger, main-jaeger-collector-egress, NetworkPolicy (networking.k8s.io) has changed:
  # Source: jaeger/templates/collector-networkpolicy-egress.yaml
  apiVersion: networking.k8s.io/v1
  kind: NetworkPolicy
  metadata:
    name: main-jaeger-collector-egress
    namespace: jaeger
    labels:
      app.kubernetes.io/component: collector
-     helm.sh/chart: jaeger-0.69.4
+     helm.sh/chart: jaeger-3.0.7
      app.kubernetes.io/name: jaeger
      app.kubernetes.io/instance: main
-     app.kubernetes.io/version: "1.42.0"
+     app.kubernetes.io/version: "1.53.0"
      app.kubernetes.io/managed-by: Helm
  spec:
    podSelector:
      matchLabels:
        app.kubernetes.io/component: collector
    policyTypes:
    - Egress
    egress:
    - ports:
      - port: 443
        protocol: TCP
      to:
      - ipBlock:
          cidr: 10.2.2.79/32
jaeger, main-jaeger-collector-ingress, NetworkPolicy (networking.k8s.io) has changed:
  # Source: jaeger/templates/collector-networkpolicy-ingress.yaml
  apiVersion: networking.k8s.io/v1
  kind: NetworkPolicy
  metadata:
    name: main-jaeger-collector-ingress
    namespace: jaeger
    labels:
      app.kubernetes.io/component: collector
-     helm.sh/chart: jaeger-0.69.4
+     helm.sh/chart: jaeger-3.0.7
      app.kubernetes.io/name: jaeger
      app.kubernetes.io/instance: main
-     app.kubernetes.io/version: "1.42.0"
+     app.kubernetes.io/version: "1.53.0"
      app.kubernetes.io/managed-by: Helm
  spec:
    podSelector:
      matchLabels:
        app.kubernetes.io/component: collector
    policyTypes:
    - Ingress
    ingress:
    - from:
      - namespaceSelector:
          matchLabels:
            kubernetes.io/metadata.name: istio-system
        podSelector:
          matchLabels:
            istio: ingressgateway
      ports:
      - port: 4317
        protocol: TCP
      - port: 4318
        protocol: TCP
    - ports:
      - port: 14269
        protocol: TCP
jaeger, main-jaeger-elasticsearch, Secret (v1) has changed:
  # Source: jaeger/templates/elasticsearch-secret.yaml
  apiVersion: v1
  kind: Secret
  metadata:
    annotations:
      helm.sh/hook: pre-install,pre-upgrade
      helm.sh/hook-delete-policy: before-hook-creation
      helm.sh/hook-weight: "-1"
      helm.sh/resource-policy: keep
    labels:
      app.kubernetes.io/instance: main
      app.kubernetes.io/managed-by: Helm
      app.kubernetes.io/name: jaeger
-     app.kubernetes.io/version: 1.42.0
-     helm.sh/chart: jaeger-0.69.4
+     app.kubernetes.io/version: 1.53.0
+     helm.sh/chart: jaeger-3.0.7
    name: main-jaeger-elasticsearch
  data:
    password: 'REDACTED # (20 bytes)'
  type: Opaque
  
jaeger, main-jaeger-es-index-cleaner-egress, NetworkPolicy (networking.k8s.io) has been removed:
- # Source: jaeger/templates/es-index-cleaner-networkpolicy-egress.yaml
- apiVersion: networking.k8s.io/v1
- kind: NetworkPolicy
- metadata:
-   name: main-jaeger-es-index-cleaner-egress
-   namespace: jaeger
-   labels:
-     app.kubernetes.io/component: es-index-cleaner
-     helm.sh/chart: jaeger-0.69.4
-     app.kubernetes.io/name: jaeger
-     app.kubernetes.io/instance: main
-     app.kubernetes.io/version: "1.42.0"
-     app.kubernetes.io/managed-by: Helm
- spec:
-   podSelector:
-     matchLabels:
-       app.kubernetes.io/component: es-index-cleaner
-   policyTypes:
-   - Egress
-   egress:
-   - ports:
-     - port: 443
-       protocol: TCP
-     to:
-     - ipBlock:
-         cidr: 10.2.2.79/32
+ 
jaeger, main-jaeger-oauth-configuration, ConfigMap (v1) has changed:
  # Source: jaeger/templates/oauth-sidecar-configmap.yaml
  apiVersion: v1
  kind: ConfigMap
  metadata:
    name: main-jaeger-oauth-configuration
    labels:
-     helm.sh/chart: jaeger-0.69.4
+     helm.sh/chart: jaeger-3.0.7
      app.kubernetes.io/name: jaeger
      app.kubernetes.io/instance: main
-     app.kubernetes.io/version: "1.42.0"
+     app.kubernetes.io/version: "1.53.0"
      app.kubernetes.io/managed-by: Helm
      app.kubernetes.io/component: query
  data:
    oauth2-proxy.cfg: |-
      provider = "oidc"
      https_address = ":4180"
      upstreams = ["https://localhost:16686"]
      client_id = "jaeger"
      redirect_url = "https://trace.wikimedia.org/oauth2/callback"
      cookie_domains = "trace.wikimedia.org"
      oidc_issuer_url = "https://idp.wikimedia.org/oidc"
      cookie_secure = "true"
      email_domains = "*"
      skip_provider_button = "true"
      code_challenge_method = "plain"
      tls_cert_file = "/tls/tls.crt"
      tls_key_file = "/tls/tls.key"
      ssl_upstream_insecure_skip_verify = true
jaeger, main-jaeger-query, Deployment (apps) has changed:
  # Source: jaeger/templates/query-deploy.yaml
  apiVersion: apps/v1
  kind: Deployment
  metadata:
    name: main-jaeger-query
    labels:
-     helm.sh/chart: jaeger-0.69.4
+     helm.sh/chart: jaeger-3.0.7
      app.kubernetes.io/name: jaeger
      app.kubernetes.io/instance: main
-     app.kubernetes.io/version: "1.42.0"
+     app.kubernetes.io/version: "1.53.0"
      app.kubernetes.io/managed-by: Helm
      app.kubernetes.io/component: query
  spec:
    replicas: 1
    selector:
      matchLabels:
        app.kubernetes.io/name: jaeger
        app.kubernetes.io/instance: main
        app.kubernetes.io/component: query
    template:
      metadata:
        annotations:
+         checksum/oauth2-config: 682c3ff7e067040451bd31ed44866b09d7aa9cf5bddeb463582ed0e7f5ec4471
          prometheus.io/port: "16687"
          prometheus.io/scrape: "true"
        labels:
          app.kubernetes.io/name: jaeger
          app.kubernetes.io/instance: main
          app.kubernetes.io/component: query
      spec:
        securityContext:
          {}
        serviceAccountName: default
+        
        containers:
        - name: main-jaeger-query
          securityContext:
            {}
          image: docker-registry.discovery.wmnet/jaeger-query:1.56-1
          imagePullPolicy: IfNotPresent
          args:
            
            
            - --es.index-date-separator=.
            - --es.max-span-age=336h0m0s
            - --es.num-replicas=2
            - --es.num-shards=1
            - --es.tls.enabled=true
            - --query.http.tls.cert=/tls/tls.crt
            - --query.http.tls.enabled=true
            - --query.http.tls.key=/tls/tls.key
            
          env:
            - name: SPAN_STORAGE_TYPE
              value: elasticsearch
            - name: ES_SERVER_URLS
              value: https://logs-api.svc.eqiad.wmnet:443
            - name: ES_USERNAME
              value: jaeger-prod
            - name: ES_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: main-jaeger-elasticsearch
                  key: password
            - name: QUERY_BASE_PATH
              value: "/"
            - name: JAEGER_AGENT_PORT
              value: "6831"
          ports:
          - name: query
            containerPort: 16686
            protocol: TCP
          - name: grpc
            containerPort: 16685
            protocol: TCP
          - name: admin
            containerPort: 16687
            protocol: TCP
          resources:
            limits:
              cpu: 2
              memory: 1Gi
          volumeMounts:
            - name: jaeger-tls
              mountPath: /tls
              subPath: 
              readOnly: true
          livenessProbe:
            httpGet:
              path: /
              port: admin
          readinessProbe:
            httpGet:
              path: /
              port: admin
        - name: main-jaeger-agent-oauth2-sidecar
          image: docker-registry.discovery.wmnet/oauth2-proxy:7.5.1-1-20240201
          imagePullPolicy: IfNotPresent
          args:
          env:
            - name: OAUTH2_PROXY_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  key: client-secret-key
                  name: oauth2-proxy
            - name: OAUTH2_PROXY_COOKIE_SECRET
              valueFrom:
                secretKeyRef:
                  key: cookie-secret-key
                  name: oauth2-proxy
          volumeMounts:
            - name: tls
              mountPath: /tls
              subPath: 
              readOnly: true
            - name: jaeger-oauth-configuration
              mountPath: /etc/oauth2-proxy
          ports:
            - containerPort: 4180
              name: oauth-proxy
          resources:
            limits:
              cpu: 1
        dnsPolicy: ClusterFirst
        restartPolicy: Always
        volumes:
          - name: jaeger-tls
            secret:
              secretName: main-jaeger-query
          - name: tls
            secret:
              secretName: main-jaeger-query
          - name: jaeger-oauth-configuration
            configMap:
              name: main-jaeger-oauth-configuration
jaeger, main-jaeger-query, Service (v1) has changed:
  # Source: jaeger/templates/query-svc.yaml
  apiVersion: v1
  kind: Service
  metadata:
    name: main-jaeger-query
    labels:
-     helm.sh/chart: jaeger-0.69.4
+     helm.sh/chart: jaeger-3.0.7
      app.kubernetes.io/name: jaeger
      app.kubernetes.io/instance: main
-     app.kubernetes.io/version: "1.42.0"
+     app.kubernetes.io/version: "1.53.0"
      app.kubernetes.io/managed-by: Helm
      app.kubernetes.io/component: query
  spec:
    ports:
    - name: query
      port: 16686
      protocol: TCP
      targetPort: oauth-proxy
    - name: grpc
      port: 16685
      protocol: TCP
      targetPort: grpc
    - name: admin
      port: 16687
      protocol: TCP
      targetPort: admin
    selector:
      app.kubernetes.io/name: jaeger
      app.kubernetes.io/instance: main
      app.kubernetes.io/component: query
    type: ClusterIP
jaeger, main-jaeger-query-egress, NetworkPolicy (networking.k8s.io) has changed:
  # Source: jaeger/templates/query-networkpolicy-egress.yaml
  apiVersion: networking.k8s.io/v1
  kind: NetworkPolicy
  metadata:
    name: main-jaeger-query-egress
    namespace: jaeger
    labels:
      app.kubernetes.io/component: query
-     helm.sh/chart: jaeger-0.69.4
+     helm.sh/chart: jaeger-3.0.7
      app.kubernetes.io/name: jaeger
      app.kubernetes.io/instance: main
-     app.kubernetes.io/version: "1.42.0"
+     app.kubernetes.io/version: "1.53.0"
      app.kubernetes.io/managed-by: Helm
  spec:
    podSelector:
      matchLabels:
        app.kubernetes.io/component: query
    policyTypes:
    - Egress
    egress:
    - ports:
      - port: 443
        protocol: TCP
      to:
      - ipBlock:
          cidr: 10.2.2.79/32
    - ports:
      - port: 443
        protocol: TCP
      to:
      - ipBlock:
          cidr: 208.80.153.12/32
      - ipBlock:
          cidr: 2620:0:860:4:208:80:153:12/128
      - ipBlock:
          cidr: 208.80.153.108/32
      - ipBlock:
          cidr: 2620:0:860:4:208:80:153:108/128
      - ipBlock:
          cidr: 208.80.154.146/32
      - ipBlock:
          cidr: 2620:0:861:2:208:80:154:146/128
jaeger, main-jaeger-query-ingress, NetworkPolicy (networking.k8s.io) has changed:
  # Source: jaeger/templates/query-networkpolicy-ingress.yaml
  apiVersion: networking.k8s.io/v1
  kind: NetworkPolicy
  metadata:
    name: main-jaeger-query-ingress
    namespace: jaeger
    labels:
      app.kubernetes.io/component: query
-     helm.sh/chart: jaeger-0.69.4
+     helm.sh/chart: jaeger-3.0.7
      app.kubernetes.io/name: jaeger
      app.kubernetes.io/instance: main
-     app.kubernetes.io/version: "1.42.0"
+     app.kubernetes.io/version: "1.53.0"
      app.kubernetes.io/managed-by: Helm
  spec:
    podSelector:
      matchLabels:
        app.kubernetes.io/component: query
    policyTypes:
    - Ingress
    ingress:
    - from:
      - namespaceSelector:
          matchLabels:
            kubernetes.io/metadata.name: istio-system
        podSelector:
          matchLabels:
            istio: ingressgateway
      ports:
      - port: 16686
        protocol: TCP
      - port: 4180
        protocol: TCP
    - ports:
      - port: 16687
        protocol: TCP
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL