Add support for KeylessAuth, Support for truncation limits and suppor…

…t for helm deployment (#6)

* * Add support for multiple auth types
* * Add support for no truncation
* * Update kusto config
* * Add helm charts,
* * Add sample values file

---------

Co-authored-by: Abhishek Saharn <[email protected]>

.gitignore

@@ -20,3 +20,5 @@ jaeger-kusto
 .idea/
 
 jaeger-kusto-config.json
+kompose
+build/server/helm/values.yaml

README.md

@@ -25,7 +25,9 @@ Extending the authentication table provided in the Jaeger plugin, the applicatio
   "database": "<database>",
   "endpoint": "https://<cluster>.<region>.kusto.windows.net",
   "tenantId": "",
-  "traceTableName":"<trace_table>" // defaults to `OTELTraces` if not provided
+  "traceTableName":"<trace_table>",// defaults to `OTELTraces` if not provided
+  "useManagedIdentity": false, // defaults to false, if true, the plugin will use managed identity to authenticate. Use the clientId field to pass the clientId of the managed identity
+  "useWorkloadIdentity": false // defaults to false, if true, the plugin will use WorkloadIdentity to authenticate. Note that the plugin will use the default credentials of the VM/Container to authenticate, it will first look for Azure environment variables to authenticate, followed by the workload identity
 }
 ```
 
@@ -38,6 +40,52 @@ Plugin can be started as a standalone app (GRPC server):
 * Standalone app (as grpc server). For this mode, use `docker compose --file build/server/docker-compose.yml up --build`
 Once this is done, you can run the Jaeger UI on <http://localhost:16686> and see the traces in the UI.
 
+
+# Deploying to Kubernetes
+
+The plugin and Jaeger can be deployed to Kubernetes using the provided Helm chart. The Helm chart is available in the `build/server/helm` folder. The properties can be customized through values.yaml file.
+
+The list of properties that can be customized are:
+
+```yaml
+baseConfig:
+  logLevel: 
+  logJson: 
+  readNoTruncation: 
+  readNoTimeout:
+authConfig:
+  clientId: 
+  useManagedIdentity: 
+  database: 
+  clusterUrl: 
+  tenantId: 
+  traceTableName: 
+```
+
+
+table of yaml properties:
+ 
+| Property | Description | Default |
+| --- | --- | --- |
+logLevel | Log level for the plugin | info |
+logJson | Log format | false |
+readNoTruncation | In case [KustoQueryLimits](aka.ms/kustoquerylimits) are hit, use this property to enable no-truncation | false |
+readNoTimeout | The default query timeout is 10 minutes which should be sufficient for most cases. In case this needs to be extended to no-timeout | false |
+clientId | Client ID for the plugin, represents the ClientId in case of ManagedIdentity. Set it to the AAD APP Id to use AAD Auth | "" |
+clientSecret | If AAD Auth is used, set this to the AAD APP Secret for the APP Id| "" |
+tenantId | The AAD tenant to use for authentication | "" |
+useManagedIdentity | Use managed identity for authentication (Keyless , recommended) | false |
+useWorkloadIdentity | Use Azure default credentials (uses workload identity in case it is defined) for authentication | false |
+database | Database name to query the traces | "" |
+clusterUrl | Cluster URL where the OTEL traces have been ingested | "" |
+traceTableName | Trace table name to query | "OTELTraces" |
+image.repository | The repository to pull the kusto-jaeger plugin | e.g. agramachandran/jaeger-kusto |
+image.tag | The tag of kusto-jaeger-plugin to use  | e.g. "1.1.0-Preview" |
+image.pullPolicy | Image pull policy | "IfNotPresent" |
+
+
+
+
 ## Known Limitations
 
 The plugin is in early development stage (alpha) has the following known limitations:

build/server/helm/Chart.yaml

@@ -0,0 +1,8 @@
+name: kusto-jaeger-plugin
+description: A generated Helm Chart for kusto-jaeger-plugin
+version: 0.0.1
+apiVersion: v2
+keywords:
+  - kusto-jaeger-plugin
+sources:
+home:

build/server/helm/README.md

@@ -0,0 +1 @@
+This chart was created by Kompose

build/server/helm/templates/jaeger-deployment.yaml

@@ -0,0 +1,39 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    kompose.version: 1.33.0 (3ce457399)
+  labels:
+    io.kompose.service: jaeger
+  name: jaeger
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: jaeger
+  template:
+    metadata:
+      annotations:
+        kompose.version: 1.33.0 (3ce457399)
+      labels:
+        io.kompose.network/server-default: "true"
+        io.kompose.service: jaeger
+    spec:
+      containers:
+        - args:
+            - --grpc-storage.server=kusto-jaeger-plugin:8989
+            - --grpc-storage.connection-timeout=60s
+            - --grpc-storage.tls.enabled=false
+          env:
+            - name: SPAN_STORAGE_TYPE
+              value: grpc-plugin
+          image: jaegertracing/all-in-one:1.56
+          name: jaeger
+          ports:
+            - containerPort: 16686
+              hostPort: 16686
+              protocol: TCP
+            - containerPort: 16687
+              hostPort: 16687
+              protocol: TCP
+      restartPolicy: Always

build/server/helm/templates/jaeger-service.yaml

@@ -0,0 +1,36 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    kompose.version: 1.33.0 (3ce457399)
+  labels:
+    io.kompose.service: jaeger
+  name: jaeger
+spec:
+  ports:
+    - name: "5775"
+      port: 5775
+      protocol: UDP
+      targetPort: 5775
+    - name: "6831"
+      port: 6831
+      protocol: UDP
+      targetPort: 6831
+    - name: "6832"
+      port: 6832
+      protocol: UDP
+      targetPort: 6832
+    - name: "5778"
+      port: 5778
+      targetPort: 5778
+    - name: "16686"
+      port: 16686
+      targetPort: 16686
+    - name: "14268"
+      port: 14268
+      targetPort: 14268
+    - name: "14250"
+      port: 14250
+      targetPort: 14250
+  selector:
+    io.kompose.service: jaeger

build/server/helm/templates/kusto-plugin-auth-configmap.yaml

@@ -0,0 +1,24 @@
+apiVersion: v1
+data:
+  jaeger-kusto-config.json: |-
+    {
+        "clientId": {{ .Values.authConfig.clientId | quote}},
+        {{- if .Values.authConfig.clientSecret }}
+        "clientSecret": {{ .Values.authConfig.clientSecret | quote}},
+        {{- end }}
+        {{- if .Values.authConfig.traceTableName }}
+        "traceTableName": {{ .Values.authConfig.traceTableName | quote}},
+        {{- end }}
+        "useWorkloadIdentity": {{default false .Values.authConfig.useWorkloadIdentity }},
+        "useManagedIdentity": {{default false .Values.authConfig.useManagedIdentity}},
+        "database": {{ .Values.authConfig.database  | quote}},
+        "endpoint": {{ .Values.authConfig.clusterUrl | quote}},
+        "tenantId": {{ .Values.authConfig.tenantId | quote}}
+    }
+kind: ConfigMap
+metadata:
+  annotations:
+    use-subpath: "true"
+  labels:
+    io.kompose.service: kusto-jaeger-plugin
+  name: plugin-auth-config

build/server/helm/templates/kusto-plugin-base-configmap.yaml

@@ -0,0 +1,21 @@
+apiVersion: v1
+data:
+  jaeger-kusto-plugin-config.json: |-
+    {
+        "diagnosticsProfilingEnabled": false,
+        "kustoConfigPath": "/config/jaeger-kusto-config.json",
+        "tracingRPCMetrics": false,
+        "logLevel": {{ .Values.baseConfig.logLevel | quote | default "info"}},
+        "logJson": {{ default true .Values.baseConfig.logJson }},
+        "remoteMode": {{ default true .Values.baseConfig.remoteMode }},
+        "tracingSamplerPercentage":   {{ default 0.0 .Values.baseConfig.tracingSamplerPercentage }},
+        "readNoTruncation": {{ default false .Values.baseConfig.readNoTruncation }},
+        "readNoTimeout": {{ default false .Values.baseConfig.readNoTimeout }}
+    }
+kind: ConfigMap
+metadata:
+  annotations:
+    use-subpath: "true"
+  labels:
+    io.kompose.service: kusto-jaeger-plugin
+  name: plugin-base-config

build/server/helm/templates/kusto-plugin-deployment.yaml

@@ -0,0 +1,49 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  annotations:
+    kompose.version: 1.33.0 (3ce457399)
+  labels:
+    io.kompose.network/server-default: "true"
+    io.kompose.service: kusto-jaeger-plugin
+  name: plugin
+spec:
+  containers:
+    - args:
+        - --config=/config/jaeger-kusto-plugin-config.json
+      env:
+        - name: JAEGER_AGENT_HOST
+          value: jaeger
+        - name: JAEGER_AGENT_PORT
+          value: "6831"
+      image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
+      imagePullPolicy: {{ .Values.image.pullPolicy }}
+      name: kusto-jaeger-plugin
+      ports:
+        - containerPort: 6060
+          hostPort: 6060
+          protocol: TCP
+        - containerPort: 8989
+          hostPort: 8989
+          protocol: TCP
+      volumeMounts:
+        - mountPath: /config/jaeger-kusto-config.json
+          name: plugin-auth-config
+          subPath: jaeger-kusto-config.json
+        - mountPath: /config/jaeger-kusto-plugin-config.json
+          name: plugin-base-config
+          subPath: jaeger-kusto-plugin-config.json
+  restartPolicy: Never
+  volumes:
+    - configMap:
+        items:
+          - key: jaeger-kusto-config.json
+            path: jaeger-kusto-config.json
+        name: plugin-auth-config
+      name: plugin-auth-config
+    - configMap:
+        items:
+          - key: jaeger-kusto-plugin-config.json
+            path: jaeger-kusto-plugin-config.json
+        name: plugin-base-config
+      name: plugin-base-config

build/server/helm/templates/kusto-plugin-service.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    kompose.version: 1.33.0 (3ce457399)
+  labels:
+    io.kompose.service: kusto-jaeger-plugin
+  name: kusto-jaeger-plugin
+spec:
+  ports:
+    - name: "6060"
+      port: 6060
+      targetPort: 6060
+    - name: "8989"
+      port: 8989
+      targetPort: 8989
+  selector:
+    io.kompose.service: kusto-jaeger-plugin

build/server/helm/values.yaml.template

@@ -0,0 +1,16 @@
+image:
+  repository: agramachandran/jaeger-kusto
+  tag: 1.1.0-Preview
+  pullPolicy: IfNotPresent
+baseConfig:
+  logLevel: info
+  logJson: true
+  remoteMode: true
+  readNoTruncation: true
+authConfig:
+  clientId: 
+  useManagedIdentity: true
+  database: 
+  clusterUrl: https://<cluster>.<region>.kusto.windows.net
+  tenantId: 
+  traceTableName: OTELTraces

config/kusto_config.go

@@ -2,21 +2,27 @@ package config
 
 import (
 	"errors"
+
+	"github.com/Azure/azure-kusto-go/kusto"
 )
 
 // KustoConfig contains AzureAD service principal and Kusto cluster configs
 type KustoConfig struct {
-	ClientID       string `json:"clientId"`
-	ClientSecret   string `json:"clientSecret"`
-	TenantID       string `json:"tenantId"`
-	Endpoint       string `json:"endpoint"`
-	Database       string `json:"database"`
-	TraceTableName string `json:"traceTableName"`
+	ClientID             string              `json:"clientId"`
+	ClientSecret         string              `json:"clientSecret"`
+	TenantID             string              `json:"tenantId"`
+	UseManagedIdentity   bool                `json:"useManagedIdentity,omitempty"`
+	UseWorkloadIdentity  bool                `json:"useWorkloadIdentity,omitempty"`
+	Endpoint             string              `json:"endpoint"`
+	Database             string              `json:"database"`
+	TraceTableName       string              `json:"traceTableName"`
+	ClientRequestOptions []kusto.QueryOption `json:"clientRequestOptions,omitempty"`
 }
 
 // ParseKustoConfig reads file at path and returns instance of KustoConfig or error
-func ParseKustoConfig(path string) (*KustoConfig, error) {
+func ParseKustoConfig(path string, requestNoTruncation bool, requestNoTimeout bool) (*KustoConfig, error) {
 	c := &KustoConfig{}
+	queryOptions := make([]kusto.QueryOption, 0)
 
 	if err := load(path, c); err != nil {
 		return nil, err
@@ -26,6 +32,16 @@ func ParseKustoConfig(path string) (*KustoConfig, error) {
 		return nil, err
 	}
 
+	if requestNoTruncation {
+		queryOptions = append(queryOptions, kusto.NoTruncation())
+
+	}
+	if requestNoTimeout {
+		queryOptions = append(queryOptions, kusto.NoRequestTimeout())
+	}
+
+	queryOptions = append(queryOptions, kusto.Application("azure-kusto-jaeger-plugin"))
+	c.ClientRequestOptions = queryOptions
 	return c, nil
 }
 
@@ -37,8 +53,11 @@ func (kc *KustoConfig) Validate() error {
 	if kc.Endpoint == "" {
 		return errors.New("missing endpoint in kusto configuration")
 	}
-	if kc.ClientID == "" || kc.ClientSecret == "" || kc.TenantID == "" {
-		return errors.New("missing client configuration (ClientId, ClientSecret, TenantId) for kusto")
+	// If the config indicates a non ManagedIdentity or WorkloadIdentity, then the ClientID, ClientSecret, and TenantID must be provided.
+	if !kc.UseManagedIdentity && !kc.UseWorkloadIdentity {
+		if kc.ClientID == "" || kc.ClientSecret == "" || kc.TenantID == "" {
+			return errors.New("missing client configuration (ClientId, ClientSecret, TenantId) & ManagedIdentity is missing for kusto")
+		}
 	}
 	//if no Tracetable name provided, default to OTELTraces.
 	if kc.TraceTableName == "" {

config/plugin_config.go

@@ -21,6 +21,8 @@ type PluginConfig struct {
 	WriterSpanBufferSize        int     `json:"writerSpanBufferSize"`
 	WriterWorkersCount          int     `json:"writerWorkersCount"`
 	DisableJaegerUiTraces       bool    `json:"disableJaegerUiTraces"`
+	ReadNoTruncation            bool    `json:"readNoTruncation"`
+	ReadNoTimeout               bool    `json:"readNoTimeout"`
 }
 
 // NewDefaultPluginConfig returns default configuration options
@@ -40,6 +42,8 @@ func NewDefaultPluginConfig() *PluginConfig {
 		WriterSpanBufferSize:        100,
 		WriterWorkersCount:          5,
 		DisableJaegerUiTraces:       true, //disable UI logs of jaeger into OTELTraces. No traces from Jaeger UI will be sent
+		ReadNoTruncation:            false,
+		ReadNoTimeout:               false,
 	}
 }
 

go.mod

@@ -14,6 +14,7 @@ require (
 )
 
 require (
+	github.com/google/uuid v1.6.0
 	github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645
 	github.com/opentracing/opentracing-go v1.2.0
 	github.com/tushar2708/altcsv v0.0.0-20230512192735-3e4f3291a680
@@ -46,7 +47,6 @@ require (
 	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
 	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
-	github.com/google/uuid v1.6.0 // indirect
 	github.com/hashicorp/go-plugin v1.6.0 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/hashicorp/yamux v0.1.1 // indirect