andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update NSM overlay

pull/727/head
Saylor Berman 2023-04-19 12:38:54 -06:00
parent 99420a8672
commit d6b96a247f
No known key found for this signature in database
GPG Key ID: 98859B2076E3FEE3
2 changed files with 4 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
packages/f5/nginx-service-mesh/overlay/app-readme.md
View File

@ -9,12 +9,13 @@ NGINX Service Mesh can integrate with a number of tracing services using OpenTel
### Using OpenTelemetry
Telemetry can only be enabled by editing the configuration YAML directly in the Rancher UI. When installing NGINX Service Mesh, select the `Edit YAML` option. To enable telemetry, set the `tracing` object to `{}` and fill out the `telemetry` object.
Telemetry can only be enabled by editing the configuration YAML directly in the Rancher UI. When installing NGINX Service Mesh, select the `Edit YAML` option.
To enable telemetry, fill out the `telemetry` object.
The telemetry object expects a `samplerRatio`, and the `host` and `port` of your OTLP gRPC collector.
For example:
```yaml
tracing: {}
telemetry:
samplerRatio: 0.01
exporters:
@ -23,29 +24,6 @@ telemetry:
port: 4317
```
### Using OpenTracing
Note: OpenTracing is deprecated in favor of OpenTelemetry.
Tracing can only be enabled if telemetry is not enabled. In order to enable tracing, edit the configuration YAML directly in the Rancher UI. When installing NGINX Service Mesh, select the `Edit YAML` option, set the `telemetry` object to `{}`, and fill out the `tracing` object.
The tracing object expects a `sampleRate`, an `address` and a `backend`. The three options for backend are "jaeger", "zipkin", and "datadog".
For example:
```yaml
telemetry: {}
tracing:
sampleRate: 1
backend: "jaeger"
address: "jaeger.my-namespace:6831"
```
### Automatic Sidecar Injection
We recommend deploying the mesh with auto-injection disabled globally. You can then opt-in the namespaces where you would like auto-injection enabled. This ensures that Pods are not automatically injected without your consent, especially in system namespaces.
To opt-in a namespace you can label it with `injector.nsm.nginx.com/auto-inject=enabled` or provide a list of `enabledNamespaces` in YAML. For example:
```yaml
enabledNamespaces:
- namespace1
- namespace2
```
To enable automatic sidecar injection for all Pods in a namespace, label the namespace with `injector.nsm.nginx.com/auto-inject=enabled`.

5
packages/f5/nginx-service-mesh/overlay/questions.yaml
View File

@ -86,11 +86,6 @@ questions:
- "ec-p384"
- "rsa-2048"
- "rsa-4096"
- variable: disableAutoInjection
description: "Disable automatic sidecar injection upon resource creation."
label: Disable auto injection
type: boolean
group: "General Settings"
- variable: accessControlMode
description: "Default access control mode for service-to-service communication."
label: Access control mode