From c823a21a7a1a119c775d51b13a718c6b792c012a Mon Sep 17 00:00:00 2001 From: Benedikt Bongartz Date: Thu, 11 Jan 2024 00:43:41 +0100 Subject: [PATCH] apply public endpoint filter only for kubelet-readonly Signed-off-by: Benedikt Bongartz --- pkg/kubelet/server/server.go | 21 +++++++++++++-------- pkg/kubelet/server/server_test.go | 2 -- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/pkg/kubelet/server/server.go b/pkg/kubelet/server/server.go index 2b0e7ec858e..777fe48ddd7 100644 --- a/pkg/kubelet/server/server.go +++ b/pkg/kubelet/server/server.go @@ -160,7 +160,12 @@ func ListenAndServeKubeletServer( address := netutils.ParseIPSloppy(kubeCfg.Address) port := uint(kubeCfg.Port) klog.InfoS("Starting to listen", "address", address, "port", port) - handler := NewServer(host, resourceAnalyzer, auth, tp, kubeCfg) + handler := NewServer(host, resourceAnalyzer, auth, kubeCfg) + + if utilfeature.DefaultFeatureGate.Enabled(features.KubeletTracing) { + handler.InstallTracingFilter(tp) + } + s := &http.Server{ Addr: net.JoinHostPort(address.String(), strconv.FormatUint(uint64(port), 10)), Handler: &handler, @@ -193,7 +198,11 @@ func ListenAndServeKubeletReadOnlyServer( port uint, tp oteltrace.TracerProvider) { klog.InfoS("Starting to listen read-only", "address", address, "port", port) - s := NewServer(host, resourceAnalyzer, nil, tp, nil) + s := NewServer(host, resourceAnalyzer, nil, nil) + + if utilfeature.DefaultFeatureGate.Enabled(features.KubeletTracing) { + s.InstallTracingFilter(tp, otelrestful.WithPublicEndpoint()) + } server := &http.Server{ Addr: net.JoinHostPort(address.String(), strconv.FormatUint(uint64(port), 10)), @@ -270,7 +279,6 @@ func NewServer( host HostInterface, resourceAnalyzer stats.ResourceAnalyzer, auth AuthInterface, - tp oteltrace.TracerProvider, kubeCfg *kubeletconfiginternal.KubeletConfiguration) Server { server := Server{ @@ -284,9 +292,6 @@ func NewServer( if auth != nil { server.InstallAuthFilter() } - if utilfeature.DefaultFeatureGate.Enabled(features.KubeletTracing) { - server.InstallTracingFilter(tp) - } server.InstallDefaultHandlers() if kubeCfg != nil && kubeCfg.EnableDebuggingHandlers { server.InstallDebuggingHandlers() @@ -340,8 +345,8 @@ func (s *Server) InstallAuthFilter() { } // InstallTracingFilter installs OpenTelemetry tracing filter with the restful Container. -func (s *Server) InstallTracingFilter(tp oteltrace.TracerProvider) { - s.restfulCont.Filter(otelrestful.OTelFilter("kubelet", otelrestful.WithTracerProvider(tp), otelrestful.WithPublicEndpoint())) +func (s *Server) InstallTracingFilter(tp oteltrace.TracerProvider, opts ...otelrestful.Option) { + s.restfulCont.Filter(otelrestful.OTelFilter("kubelet", append(opts, otelrestful.WithTracerProvider(tp))...)) } // addMetricsBucketMatcher adds a regexp matcher and the relevant bucket to use when diff --git a/pkg/kubelet/server/server_test.go b/pkg/kubelet/server/server_test.go index 8adabf6fe79..a80aec65db3 100644 --- a/pkg/kubelet/server/server_test.go +++ b/pkg/kubelet/server/server_test.go @@ -37,7 +37,6 @@ import ( cadvisorapiv2 "github.com/google/cadvisor/info/v2" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - oteltrace "go.opentelemetry.io/otel/trace" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" @@ -371,7 +370,6 @@ func newServerTestWithDebuggingHandlers(kubeCfg *kubeletconfiginternal.KubeletCo fw.fakeKubelet, stats.NewResourceAnalyzer(fw.fakeKubelet, time.Minute, &record.FakeRecorder{}), fw.fakeAuth, - oteltrace.NewNoopTracerProvider(), kubeCfg, ) fw.serverUnderTest = &server