You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
- Elastic Stack (self-managed or [Elastic Cloud](https://www.elastic.co/cloud)) version 8.16.0 or higher, or an [Elasticsearch serverless](https://www.elastic.co/docs/current/serverless/elasticsearch/get-started) project.
23
23
24
24
- A Kubernetes version supported by the OpenTelemetry Operator (refer to the operator's [compatibility matrix](https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/compatibility.md#compatibility-matrix) for more details).
25
25
26
+
- If you opt for automatic certificate generation and renewal on the OpenTelemetry Operator, you need to install [cert-manager](https://cert-manager.io/docs/installation/) in the Kubernetes cluster. By default, the operator installation uses a self-signed certificate and **doesn't require** cert-manager.
27
+
26
28
## Compatibility Matrix
27
29
28
30
The minimum supported version of the Elastic Stack for OpenTelemetry-based monitoring on Kubernetes is `8.16.0`. Different Elastic Stack releases support specific versions of the [kube-stack Helm Chart](https://github.com/open-telemetry/opentelemetry-helm-charts/tree/main/charts/opentelemetry-kube-stack).
@@ -42,10 +44,10 @@ When [installing the release](#manual-deployment-of-all-components), ensure you
42
44
43
45
The OpenTelemetry Operator is a [Kubernetes Operator](https://kubernetes.io/docs/concepts/extend-kubernetes/operator/) implementation designed to manage OpenTelemetry resources in a Kubernetes environment. It defines and oversees the following Custom Resource Definitions (CRDs):
44
46
45
-
-[OpenTelemetry Collectors](https://github.com/open-telemetry/opentelemetry-collector): Agents responsible for receiving, processing and exporting telemetry data such as logs, metrics, and traces.
46
-
-[Instrumentation](https://opentelemetry.io/docs/kubernetes/operator/automatic): Used for the atomatic instrumentation of workloads by leveraging OpenTelemetry instrumentation libraries.
47
+
-[OpenTelemetry Collectors](https://github.com/open-telemetry/opentelemetry-collector): Agents responsible for receiving, processing, and exporting telemetry data such as logs, metrics, and traces.
48
+
-[Instrumentation](https://opentelemetry.io/docs/kubernetes/operator/automatic): Leverages OpenTelemetry instrumentation libraries to automatically instrument workloads.
47
49
48
-
All signals including logs, metrics, traces are processed by the collectors and sent directly to Elasticsearch via the ES exporter. A collector's processor pipeline replaces the traditional APM server functionality for handling application traces.
50
+
All signals including logs, metrics, and traces are processed by the collectors and sent directly to Elasticsearch using the ES exporter. A collector's processor pipeline replaces the traditional APM server functionality for handling application traces.
49
51
50
52
### Kube-stack Helm Chart
51
53
@@ -83,17 +85,21 @@ The Helm Chart is configured to enable zero-code instrumentation using the [Oper
83
85
- Python
84
86
- .NET
85
87
86
-
## Deploying components using Kibana Onboarding UX
88
+
## Deploy components using the guided onboarding
87
89
88
-
The preferred method for deploying all components is through the Kibana Onboarding UX. Follow these steps:
90
+
The guided onboarding simplifies deploying your Kubernetes components by setting up an [API Key](https://www.elastic.co/guide/en/kibana/current/api-keys.html) and the needed [Integrations](https://www.elastic.co/docs/current/en/integrations) in the background. Follow these steps to use the guided onboarding:
89
91
90
-
1.Navigate in Kibanato **Observability**-->**Add data**
92
+
1.In Kibana, navigate to **Observability**→**Add data**.
91
93
2. Select **Kubernetes**, then choose **Kubernetes monitoring with EDOT Collector**.
92
94
3. Follow the on-screen instructions to install the OpenTelemetry Operator using the Helm Chart and the provided `values.yaml`.
93
95
94
-
Notes:
95
-
- If the `elastic_endpoint` showed by the UI is not valid for your environment, replace it with the correct Elasticsearch endpoint.
96
-
- The displayed `elastic_api_key` corresponds to an API key that is automatically generated when the onboarding process is initiated.
96
+
Notes on installing the OpenTelemetry Operator:
97
+
- Make sure the `elastic_endpoint` shown in the installation command is valid for your environment. If not, replace it with the correct Elasticsearch endpoint.
98
+
- The `elastic_api_key` shown in the installation command corresponds to an API key created by Kibana when the onboarding process is initiated.
99
+
100
+
> [!NOTE]
101
+
> The default installation deploys an OpenTelemetry Operator with a self-signed TLS certificate.
102
+
> To automatically generate and renew publicly trusted certificates, refer to [cert-manager integrated installation](#cert-manager) for instructions on customizing the `values.yaml` file before running the `helm install` command.
97
103
98
104
## Manual deployment of all components
99
105
@@ -173,28 +179,52 @@ where ``<LANGUAGE>`` is one of: `go` , `java`, `nodejs`, `python`, `dotnet`
173
179
174
180
For detailed instructions and examples on how to instrument applications in Kubernetes using the OpenTelemetry Operator, refer to [Instrumenting applications](/docs/kubernetes/operator/instrumenting-applications.md).
175
181
176
-
For troubleshooing details and verification steps, refer to [Troubleshooting auto-instrumentation](/docs/kubernetes/operator/troubleshoot-auto-instrumentation.md).
182
+
For troubleshooting details and verification steps, refer to [Troubleshooting auto-instrumentation](/docs/kubernetes/operator/troubleshoot-auto-instrumentation.md).
177
183
178
-
## Limitations
184
+
<!-- Do not change this anchor name as it's used by Kibana OTel+k8s Onboarding UX -->
185
+
<a name="cert-manager"></a>
179
186
180
-
### Certmanager
187
+
## Cert-manager integrated installation
181
188
182
-
In Kubernetes, in order for the API server to communicate with the webhook component (created by the Operator), the webhook requires a TLS certificate that the API server is configured to trust. The previous provided configurations sets the Helm Chart to auto generate the required TLS certificates with an expiration policy of 365 days. These certificates **won't be renewed** if the Helm Chart's release is not manually updated. For production environments, it is highly recommended to use a certificate manger like [cert-manager](https://cert-manager.io/docs/installation/).
189
+
In Kubernetes, for the API server to communicate with the webhook component (created by the operator), the webhook requires a TLS certificate that the API server is configured to trust. The default provided configuration sets the Helm Chart to auto generate the required certificate as a self-signed certificate with an expiration policy of 365 days. These certificates **won't be renewed** if the Helm Chart's release is not manually updated. For production environments, we highly recommend using a certificate manager like [cert-manager](https://cert-manager.io/docs/installation/).
183
190
184
-
If `cert-manager` CRDs are already present in your Kubernetes environment, you can configure the Operator to use them with the following modifications in the values file:
191
+
Integrating the operator with [cert-manager](https://cert-manager.io/) enables automatic generation and renewal of publicly trusted TLS certificates. This section assumes that cert-manager and its CRDs are already installed in your Kubernetes environment. If that's not the case, refer to the [cert-manager installation guide](https://cert-manager.io/docs/installation/) before continuing.
185
192
193
+
Follow any of the following options to install the OpenTelemetry Operator Helm Chart integrated with `cert-manager`:
186
194
187
-
```diff
188
-
opentelemetry-operator:
189
-
manager:
190
-
extraArgs:
191
-
- --enable-go-instrumentation
192
-
admissionWebhooks:
193
-
certManager:
194
-
- enabled: false
195
-
+ enabled: true
195
+
* Add `--set opentelemetry-operator.admissionWebhooks.certManager.enabled=true --set opentelemetry-operator.autoGenerateCert=null` to the installation command. For example:
* Keep an updated copy of the `values.yaml` file by following these steps:
204
+
205
+
1. **Update** the `values.yaml` file with the following changes:
206
+
207
+
- **Enable cert-manager integration for admission webhooks.**
208
+
209
+
```yaml
210
+
opentelemetry-operator:
211
+
admissionWebhooks:
212
+
certManager:
213
+
enabled: true # Change from `false` to `true`
214
+
```
215
+
216
+
- **Remove the generation of a self-signed certificate.**
217
+
218
+
```yaml
219
+
# Remove the following lines:
220
+
autoGenerateCert:
221
+
enabled: true
222
+
recreate: true
223
+
```
224
+
225
+
2. Run the installation (or upgrade) command pointing to the updated file. For example, assuming that the updated file has been saved as `values_cert-manager.yaml`:
Copy file name to clipboardexpand all lines: resources/kubernetes/operator/helm/values.yaml
+23-1
Original file line number
Diff line number
Diff line change
@@ -682,6 +682,28 @@ collectors:
682
682
- tag_name: app.label.version
683
683
key: app.kubernetes.io/version
684
684
from: pod
685
+
k8sattributes/ecs:
686
+
filter:
687
+
# Only retrieve pods running on the same node as the collector
688
+
node_from_env_var: OTEL_K8S_NODE_NAME
689
+
passthrough: false
690
+
pod_association:
691
+
# Below association takes a look at the k8s.pod.ip and k8s.pod.uid resource attributes or connection's context, and tries to match it with the pod having the same attribute.
0 commit comments