Investigate the adoption of the downwards API to inject the Kubernetes Pod ID as env var

lumigo-io / opentelemetry-java-distro

Lumigo OpenTelemetry auto-instrumentation and instrumentation libraries for Java

https://opentelemetry.io

Apache License 2.0

10 stars 0 forks source link

Investigate the adoption of the downwards API to inject the Kubernetes Pod ID as env var #22

Open mmanciop opened 1 year ago

mmanciop commented 1 year ago

Currently we detect the pod id by looking up implementation details of the cgroups. We should investigate whether we can reliably use the downwards API and use that in the Lumigo Kubernetes Operator as an additional way of ensuring that the Pod ID is known to the tracer.

The most important part of this PoC is to evaluate whether using the downwards API in a cluster that does not expose it breaks the resource.

AlmogBaku commented 1 year ago

https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/

It doesn't seem like you can disable the downward api

AlmogBaku commented 1 year ago

also, I couldn't find any evidence that this can be restricted from a security setting, or that some distribution of k8s doesn't includes it.

I'll check the src code now

AlmogBaku commented 1 year ago

I traced the existence of fieldRef to at least 2015 https://github.com/kubernetes/kubernetes/issues/7018