Mutating admission controller that injects base64 encoded OpenCensus span context into the trace.kubernetes.io/context object annotation.
The trace context injected with this mutating controller can be used by Kubernetes components to export traces associated with object lifecycles. For more information on this effort, please refer to the official KEP.
The structure of this mutating admission controller was informed by the mutating admission webhook found here. The basic idea is as follows:
- Create an HTTPS-enabled server that takes Pod json from the API server, inserts encoded span context as an annotation, and returns it
- Run a deployment with this webhook server, and expose it as a service
- Create a
MutatingWebhookConfigurationwhich instructs the API server to send Pod objects to the aforementioned service upon creation
The included Makefile makes these steps straightforward and the available commands are as follows:
make docker: build local Docker imagemake cluster-up: apply certificate configuration and deployment configuration to cluster for the mutating webhookmake cluster-down: delete resources associated with the mutating webhook from the active cluster
There are example patches which can be used with kustomize to configure the deployment of this webhook into your cluster under deploy/base/overlays/example. This example custom configuration can be applied with:
kustomize build deploy/overlays/example | kubectl apply -f -
This can be used, for example, to set different sampling policies between production and staging clusters.