From d6b96a247fd16af4aba1334d64ed65c0e59a0f19 Mon Sep 17 00:00:00 2001 From: Saylor Berman Date: Wed, 19 Apr 2023 12:38:54 -0600 Subject: [PATCH] Update NSM overlay --- .../nginx-service-mesh/overlay/app-readme.md | 30 +++---------------- .../nginx-service-mesh/overlay/questions.yaml | 5 ---- 2 files changed, 4 insertions(+), 31 deletions(-) diff --git a/packages/f5/nginx-service-mesh/overlay/app-readme.md b/packages/f5/nginx-service-mesh/overlay/app-readme.md index 998a66268..01cc33a0e 100644 --- a/packages/f5/nginx-service-mesh/overlay/app-readme.md +++ b/packages/f5/nginx-service-mesh/overlay/app-readme.md @@ -9,12 +9,13 @@ NGINX Service Mesh can integrate with a number of tracing services using OpenTel ### Using OpenTelemetry -Telemetry can only be enabled by editing the configuration YAML directly in the Rancher UI. When installing NGINX Service Mesh, select the `Edit YAML` option. To enable telemetry, set the `tracing` object to `{}` and fill out the `telemetry` object. +Telemetry can only be enabled by editing the configuration YAML directly in the Rancher UI. When installing NGINX Service Mesh, select the `Edit YAML` option. +To enable telemetry, fill out the `telemetry` object. The telemetry object expects a `samplerRatio`, and the `host` and `port` of your OTLP gRPC collector. + For example: ```yaml -tracing: {} telemetry: samplerRatio: 0.01 exporters: @@ -23,29 +24,6 @@ telemetry: port: 4317 ``` -### Using OpenTracing - -Note: OpenTracing is deprecated in favor of OpenTelemetry. - -Tracing can only be enabled if telemetry is not enabled. In order to enable tracing, edit the configuration YAML directly in the Rancher UI. When installing NGINX Service Mesh, select the `Edit YAML` option, set the `telemetry` object to `{}`, and fill out the `tracing` object. -The tracing object expects a `sampleRate`, an `address` and a `backend`. The three options for backend are "jaeger", "zipkin", and "datadog". - -For example: - -```yaml -telemetry: {} -tracing: - sampleRate: 1 - backend: "jaeger" - address: "jaeger.my-namespace:6831" -``` ### Automatic Sidecar Injection -We recommend deploying the mesh with auto-injection disabled globally. You can then opt-in the namespaces where you would like auto-injection enabled. This ensures that Pods are not automatically injected without your consent, especially in system namespaces. - -To opt-in a namespace you can label it with `injector.nsm.nginx.com/auto-inject=enabled` or provide a list of `enabledNamespaces` in YAML. For example: -```yaml -enabledNamespaces: -- namespace1 -- namespace2 -``` +To enable automatic sidecar injection for all Pods in a namespace, label the namespace with `injector.nsm.nginx.com/auto-inject=enabled`. diff --git a/packages/f5/nginx-service-mesh/overlay/questions.yaml b/packages/f5/nginx-service-mesh/overlay/questions.yaml index d169437c5..23848485d 100644 --- a/packages/f5/nginx-service-mesh/overlay/questions.yaml +++ b/packages/f5/nginx-service-mesh/overlay/questions.yaml @@ -86,11 +86,6 @@ questions: - "ec-p384" - "rsa-2048" - "rsa-4096" -- variable: disableAutoInjection - description: "Disable automatic sidecar injection upon resource creation." - label: Disable auto injection - type: boolean - group: "General Settings" - variable: accessControlMode description: "Default access control mode for service-to-service communication." label: Access control mode