Add Correlation Context header for extension #47
Conversation
RichardChen820
force-pushed
the
user/junbchen/correlationContext
branch
6 times, most recently
from
2b34d8a to
6b98edc
Compare
| @@ -311,7 +311,6 @@ func (reconciler *AzureAppConfigurationProviderReconciler) verifyTargetObjectExi | |||
| } | |||
|
|
|||
| func (reconciler *AzureAppConfigurationProviderReconciler) logAndSetFailStatus( | |||
| ctx context.Context, | |||
There was a problem hiding this comment.
Just remove the unused parameter here.
RichardChen820
force-pushed
the
user/junbchen/correlationContext
branch
from
6b98edc to
3c98201
Compare
RichardChen820
force-pushed
the
user/junbchen/correlationContext
branch
from
3c98201 to
8e812f7
Compare
| header := http.Header{} | ||
| output := make([]string, 0) | ||
|
|
||
| if provider.Spec.Configuration.Refresh != nil { |
There was a problem hiding this comment.
Spec.Configuration can be nil
There was a problem hiding this comment.
Refresh.Enabled can be false, need to check it when Configuration.Refresh section has been set.
| enabled := true | ||
| enabled, _ = strconv.ParseBool(value) | ||
|
|
||
| if enabled { |
There was a problem hiding this comment.
It can be simplified to if enabled, _ := strconv.ParseBool(value); enabled {
| @@ -55,6 +55,15 @@ spec: | |||
| value: "{{ .Values.workloadIdentity.enabled }}" | |||
| - name: WORKLOAD_IDENTITY_DISABLE_GLOBAL_SERVICE_ACCOUNT | |||
| value: "{{ .Values.workloadIdentity.disableGlobalServiceAccount }}" | |||
| {{- if and (hasKey .Values "global") | |||
| (hasKey .Values.global "azure") | |||
There was a problem hiding this comment.
Not sure, will these values like global, azure, extension and name be added during the extension installation?
There was a problem hiding this comment.
Yes, this is what will be passed by the extension
RichardChen820
force-pushed
the
user/junbchen/correlationContext
branch
from
015056e to
5b4b626
Compare
|
|
||
| if provider.Spec.FeatureFlag.Refresh != nil && | ||
| provider.Spec.FeatureFlag.Refresh.Enabled { | ||
| output = append(output, "RefreshesFeatureFlag") |
There was a problem hiding this comment.
Feature flag by nature should be refreshed. This is not useful to collect.
The purpose of RefreshesKeyVault is to understand how many stores use appconfig for automatic secret rotation.
| @@ -743,3 +759,51 @@ func MergeSecret(secret map[string]corev1.Secret, newSecret map[string]corev1.Se | |||
|
|
|||
| return nil | |||
| } | |||
|
|
|||
| func createCorrelationContextHeader(provider acpv1.AzureAppConfigurationProvider, clientManager ClientManager) http.Header { | |||
There was a problem hiding this comment.
Can we also report RequestType, Host, and Filter?
There was a problem hiding this comment.
@zhenlan Added the RequestType and Host. In terms of the Filter, it's not cheap to report it from k8s provider, not trivial in K8s provider, two main reasons:
- We currently don't parse the feature flags in K8s provider, we just get them and put into configMap, if we need to report the filters, we need to parse the feature flag values to know what filters are set.
- K8s provider manages all yaml resouces, we need to let the controller can remember/manage all filter usage information for each resource.
How do you think about it? We add the Filter for now, or add in the future on demand?
There was a problem hiding this comment.
If we are going to do dedup, we may parse it already. cc: @linglingye001
There was a problem hiding this comment.
We don't parse feature flag now, the implementation of feature flag deduplication is based on feature flag key.
There was a problem hiding this comment.
I think Zhenlan's view is that we need to dedup by id/name, then drives us having to parse it. But I have different idea about how to dedup(composition) featureFlag in provider. I will reply your email thread
|
Can we update |
internal/loader/request_tracing.go
Outdated
|
|
||
| if provider.Spec.Configuration.Refresh != nil && | ||
| provider.Spec.Configuration.Refresh.Enabled { | ||
| output = append(output, "RefreshesKeyValue") |
There was a problem hiding this comment.
Not needed. We don't have this in .NET either.
There was a problem hiding this comment.
I'm wondering why there is RefreshesKeyVault in dotnet provider but not RefreshesKeyValue?
There was a problem hiding this comment.
We know customers like dynamic config. We don't need to collect telemetry to know it.
I explained the reason for key vault refresh here #47 (comment).
| } | ||
|
|
||
| if provider.Spec.FeatureFlag != nil { | ||
| output = append(output, "UsesFeatureFlag") |
There was a problem hiding this comment.
Not needed. We can tell from requests.
Yes, I will update it another PR |
| @@ -224,6 +224,10 @@ func (reconciler *AzureAppConfigurationProviderReconciler) Reconcile(ctx context | |||
| retriever = reconciler.Retriever | |||
| } | |||
|
|
|||
| ctx = context.WithValue(ctx, loader.RequestTracingKey, loader.RequestTracing{ | |||
| IsStartUp: reconciler.ProvidersReconcileState[req.NamespacedName].ConfigMapResourceVersion != nil, | |||
There was a problem hiding this comment.
Is ConfigMapResourceVersion nil when starting up?
There was a problem hiding this comment.
My bad.. updated
RichardChen820
force-pushed
the
user/junbchen/correlationContext
branch
from
9c6c60d to
e9dfdeb
Compare
| @@ -88,6 +91,7 @@ const ( | |||
| CertTypePfx string = "application/x-pkcs12" | |||
| TlsKey string = "tls.key" | |||
| TlsCrt string = "tls.crt" | |||
| RequestTracingEnabled string = "REQUEST_TRACING_ENABLED" | |||
There was a problem hiding this comment.
How does a customer disable the tracing? What about the AKS extension customer?
There was a problem hiding this comment.
They can set requestTracing.enabled=false while installling the provider. Same to the extension customer.
There was a problem hiding this comment.
You mean in the yaml file?
There was a problem hiding this comment.
There was a problem hiding this comment.
This is the parameter a user pass to the helm install? If so, how can an extension user pass the parameter?
There was a problem hiding this comment.
Extension essentially use helm to do the installation, it supports all the helm values. You can consider there are no difference
There was a problem hiding this comment.
I understand. My question is how an extension user can customize the helm install command and pass the extra parameter.
There was a problem hiding this comment.
LIke how replicaCount can be set:
https://learn.microsoft.com/en-us/azure/aks/azure-app-configuration-settings#configure-the-replica-count
User can customize using this command while install the extension.
az k8s-extension create --cluster-type managedClusters
--cluster-name myAKSCluster
--resource-group myResourceGroup
--name appconfigurationkubernetesprovider
--extension-type Microsoft.AppConfiguration
--configuration-settings "requestTracing.enabled=false"
There was a problem hiding this comment.
Okay, so it's a different command. I am curious how you plan to explain this to customers.
| @@ -15,6 +15,9 @@ imagePullSecrets: [] | |||
| nameOverride: "appconfig-provider" | |||
| fullnameOverride: "az-appconfig-k8s-provider" | |||
|
|
|||
| requestTracing: | |||
There was a problem hiding this comment.
Set requestTracing.enabled at installation time
* Not running on windows node (#30) * Bump up version to 2.0.0-preview (#42) * Workload identity support namespaced service account (#39) * Workload identity support namespaced service account * feedback * Feedback * Upgrade package (#44) * fix vulnerability * fix go version * update * update * update * update * update * update controller runtime * upgrade azsecrets package * update ci * update patched version * update * revert version * upgrade packages * update ci * revert * deduplicate feature flags (#50) * Treat get settings from one client failure as warning (#48) * Add node affinity and toleration configuration (#46) * K8s provider conformance test plugin (#43) * k8s provider conformance test plugin * rename * remove docker hub dependency * replace curl with wget * add version file * Setup golangci lint action (#51) * setup golangci lint action * fix linting error * update ci * update * add lint in makefile * Add Correlation Context header for extension (#47) * Add Correlation Context header for extension * Add more context * Add Host and RequestType in correlation context * Remove the kv refresh * update extension test plugin conformance file (#52) * added timeout parameter in golintCI (#54) * Revise the error message for selector object verification (#56) * Bump up version to 2.0.0 (#58) * Add data collection section in readme (#57) * Require to opt-in for the global service account (#60) * Require to opt in the global service account * Rename * Fix vulnerability (#68) * fix vulnerability * specify go version in golang lint ci --------- Co-authored-by: Richard chen <[email protected]>
Add Correlation Context header for extension