diff --git a/argocd/apps/alloy-tracing-ringtail.yaml b/argocd/apps/alloy-tracing-ringtail.yaml new file mode 100644 index 0000000..78d02e3 --- /dev/null +++ b/argocd/apps/alloy-tracing-ringtail.yaml @@ -0,0 +1,17 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: alloy-tracing-ringtail + namespace: argocd +spec: + project: default + source: + repoURL: ssh://forgejo@forge.ops.eblu.me:2222/eblume/blumeops.git + targetRevision: main + path: argocd/manifests/alloy-tracing-ringtail + destination: + server: https://ringtail.tail8d86e.ts.net:6443 + namespace: alloy + syncPolicy: + syncOptions: + - CreateNamespace=true diff --git a/argocd/manifests/alloy-tracing-ringtail/config.alloy b/argocd/manifests/alloy-tracing-ringtail/config.alloy new file mode 100644 index 0000000..d3f0445 --- /dev/null +++ b/argocd/manifests/alloy-tracing-ringtail/config.alloy @@ -0,0 +1,93 @@ +// Alloy tracing configuration for ringtail +// Uses Beyla eBPF to auto-instrument HTTP services and export traces to Tempo on indri + +// ============== BEYLA eBPF AUTO-INSTRUMENTATION ============== + +beyla.ebpf "http_services" { + discovery { + // Instrument HTTP services on common ports + instrument { + open_ports = "80-9999" + } + + // Exclude infrastructure pods + exclude_instrument { + kubernetes { + namespace = "kube-system" + } + } + exclude_instrument { + kubernetes { + namespace = "tailscale" + } + } + exclude_instrument { + kubernetes { + pod_labels = { app = "alloy" } + } + } + exclude_instrument { + kubernetes { + pod_labels = { app = "alloy-tracing" } + } + } + exclude_instrument { + kubernetes { + pod_labels = { app = "kube-state-metrics" } + } + } + exclude_instrument { + kubernetes { + pod_labels = { "app.kubernetes.io/name" = "nvidia-device-plugin" } + } + } + } + + attributes { + kubernetes { + enable = "true" + cluster_name = "ringtail" + } + } + + traces { + instrumentations = ["http"] + } + + output { + traces = [otelcol.processor.batch.default.input] + } +} + +// ============== OTEL TRACE PIPELINE ============== + +// Batch traces before export +otelcol.processor.batch "default" { + output { + traces = [otelcol.processor.attributes.add_cluster.input] + } +} + +// Add cluster label to all spans +otelcol.processor.attributes "add_cluster" { + action { + key = "cluster" + value = "ringtail" + action = "upsert" + } + + output { + traces = [otelcol.exporter.otlphttp.tempo.input] + } +} + +// Export traces to Tempo on indri via Tailscale +otelcol.exporter.otlphttp "tempo" { + client { + endpoint = "https://tempo-otlp.tail8d86e.ts.net" + + tls { + insecure_skip_verify = true + } + } +} diff --git a/argocd/manifests/alloy-tracing-ringtail/daemonset.yaml b/argocd/manifests/alloy-tracing-ringtail/daemonset.yaml new file mode 100644 index 0000000..93c7d3e --- /dev/null +++ b/argocd/manifests/alloy-tracing-ringtail/daemonset.yaml @@ -0,0 +1,56 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: alloy-tracing + namespace: alloy + labels: + app: alloy-tracing +spec: + selector: + matchLabels: + app: alloy-tracing + template: + metadata: + labels: + app: alloy-tracing + spec: + serviceAccountName: alloy-tracing + hostPID: true + containers: + - name: alloy + image: grafana/alloy + args: + - run + - --server.http.listen-addr=0.0.0.0:12346 + - --storage.path=/var/lib/alloy/data + - /etc/alloy/config.alloy + ports: + - containerPort: 12346 + name: http + env: + - name: HOSTNAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + resources: + requests: + cpu: 100m + memory: 256Mi + limits: + cpu: "1" + memory: 1Gi + volumeMounts: + - name: config + mountPath: /etc/alloy + - name: data + mountPath: /var/lib/alloy/data + securityContext: + privileged: true + tolerations: + - operator: Exists + volumes: + - name: config + configMap: + name: alloy-tracing-config + - name: data + emptyDir: {} diff --git a/argocd/manifests/alloy-tracing-ringtail/kustomization.yaml b/argocd/manifests/alloy-tracing-ringtail/kustomization.yaml new file mode 100644 index 0000000..6956f14 --- /dev/null +++ b/argocd/manifests/alloy-tracing-ringtail/kustomization.yaml @@ -0,0 +1,17 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: alloy + +resources: + - rbac.yaml + - daemonset.yaml + +images: + - name: grafana/alloy + newTag: v1.13.1 + +configMapGenerator: + - name: alloy-tracing-config + files: + - config.alloy diff --git a/argocd/manifests/alloy-tracing-ringtail/rbac.yaml b/argocd/manifests/alloy-tracing-ringtail/rbac.yaml new file mode 100644 index 0000000..656c5f6 --- /dev/null +++ b/argocd/manifests/alloy-tracing-ringtail/rbac.yaml @@ -0,0 +1,30 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: alloy-tracing + namespace: alloy +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: alloy-tracing +rules: + - apiGroups: [""] + resources: ["pods", "services", "endpoints", "nodes", "namespaces"] + verbs: ["get", "list", "watch"] + - apiGroups: ["apps"] + resources: ["deployments", "replicasets", "statefulsets", "daemonsets"] + verbs: ["get", "list", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: alloy-tracing +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: alloy-tracing +subjects: + - kind: ServiceAccount + name: alloy-tracing + namespace: alloy