OpenTelemetry Operator Chart
Introduction
The OpenTelemetry Operator is a Kubernetes operator that manages OpenTelemetry Collectors and auto-instrumentation of workloads. One of the ways to install the OpenTelemetry Operator is via the OpenTelemetry Operator Helm Chart.
For detailed use of the OpenTelemetry Operator visit its docs.
Installing the Chart
To install the chart with the release name my-opentelemetry-operator
, run the
following commands:
helm repo add open-telemetry https://open-telemetry.github.io/opentelemetry-helm-charts
helm install my-opentelemetry-operator open-telemetry/opentelemetry-operator \
--set "manager.collectorImage.repository=otel/opentelemetry-collector-k8s" \
--set admissionWebhooks.certManager.enabled=false \
--set admissionWebhooks.autoGenerateCert.enabled=true
This will install an OpenTelemetry Operator with a self-signed certificate and secret.
Configuration
The Operator helm chart’s default values.yaml
is ready to be installed, but it
expects that Cert Manager is already present on the Cluster.
In Kubernetes, in order for the API server to communicate with the webhook component, the webhook requires a TLS certificate that the API server is configured to trust. There are a few different ways you can use to generate/configure the required TLS certificate.
- The easiest and default method is to install the
cert-manager and set
admissionWebhooks.certManager.create
totrue
. In this way, cert-manager will generate a self-signed certificate. See cert-manager installation for more details. - You can provide your own Issuer by configuring the
admissionWebhooks.certManager.issuerRef
value. You will need to specify thekind
(Issuer or ClusterIssuer) and thename
. Note that this method also requires the installation of cert-manager. - You can use an automatically generated self-signed certificate by setting
admissionWebhooks.certManager.enabled
tofalse
andadmissionWebhooks.autoGenerateCert.enabled
totrue
. Helm will create a self-signed cert and a secret for you. - You can use your own generated self-signed certificate by setting both
admissionWebhooks.certManager.enabled
andadmissionWebhooks.autoGenerateCert.enabled
tofalse
. You should provide the necessary values toadmissionWebhooks.cert_file
,admissionWebhooks.key_file
, andadmissionWebhooks.ca_file
. - You can side-load custom webhooks and certificate by disabling
.Values.admissionWebhooks.create
andadmissionWebhooks.certManager.enabled
while setting your custom cert secret name inadmissionWebhooks.secretName
- You can disable webhooks all together by disabling
.Values.admissionWebhooks.create
and setting env var toENABLE_WEBHOOKS: "false"
All the configuration options (with comments) available in the chart can be viewed in its values.yaml file.
Feedback
Was this page helpful?
Thank you. Your feedback is appreciated!
Please let us know how we can improve this page. Your feedback is appreciated!