DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

configmap: option to not trust incoming tracing spans (#7045)

Browse source 
* validate the sender of tracing spans

* add location-specific setting
This commit is contained in:
Matthew Silverman 2021-10-24 17:36:21 -04:00 committed by GitHub
parent e4001df41e
commit 7d5452d00b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 124 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

10
docs/user-guide/nginx-configuration/annotations.md
View file

@ -112,6 +112,7 @@ You can add these Kubernetes annotations to specific Ingress objects to customiz
|[nginx.ingress.kubernetes.io/connection-proxy-header](#connection-proxy-header)|string|
|[nginx.ingress.kubernetes.io/enable-access-log](#enable-access-log)|"true" or "false"|
|[nginx.ingress.kubernetes.io/enable-opentracing](#enable-opentracing)|"true" or "false"|
|[nginx.ingress.kubernetes.io/opentracing-trust-incoming-span](#opentracing-trust-incoming-span)|"true" or "false"|
|[nginx.ingress.kubernetes.io/enable-influxdb](#influxdb)|"true" or "false"|
|[nginx.ingress.kubernetes.io/influxdb-measurement](#influxdb)|string|
|[nginx.ingress.kubernetes.io/influxdb-port](#influxdb)|string|
@ -768,6 +769,15 @@ to enable it or disable it for a specific ingress (e.g. to turn off tracing of e
nginx.ingress.kubernetes.io/enable-opentracing: "true"
```
### Opentracing Trust Incoming Span
The option to trust incoming trace spans can be enabled or disabled globally through the ConfigMap but this will
sometimes need to be overriden to enable it or disable it for a specific ingress (e.g. only enable on a private endpoint)
```yaml
nginx.ingress.kubernetes.io/opentracing-trust-incoming-span: "true"
```
### X-Forwarded-Prefix Header
To add the non-standard `X-Forwarded-Prefix` header to the upstream request with a string value, the following annotation can be used:

12
docs/user-guide/third-party-addons/opentracing.md
View file

@ -46,6 +46,9 @@ opentracing-operation-name
# specifies specifies the name to use for the location span
opentracing-location-operation-name
# sets whether or not to trust incoming tracing spans
opentracing-trust-incoming-span
# specifies the port to use when uploading traces, Default: 9411
zipkin-collector-port
@ -114,6 +117,15 @@ datadog-sample-rate
All these options (including host) allow environment variables, such as `$HOSTNAME` or `$HOST_IP`. In the case of Jaeger, if you have a Jaeger agent running on each machine in your cluster, you can use something like `$HOST_IP` (which can be 'mounted' with the `status.hostIP` fieldpath, as described [here](https://kubernetes.io/docs/tasks/inject-data-application/downward-api-volume-expose-pod-information/#capabilities-of-the-downward-api)) to make sure traces will be sent to the local agent.
Note that you can also set whether to trust incoming spans (global default is true) per-location using annotations like the following:
```
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/opentracing-trust-incoming-span: "true"
```
## Examples
The following examples show how to deploy and test different distributed tracing systems. These example can be performed using Minikube.