Tracing KEP: Move to Implementable

[dashpole]

cc @kubernetes/sig-api-machinery-misc @lavalamp @logicalhan @deads2k @liggitt @mikedanese

[dashpole]

I decided to repurpose this PR as the PR to move the KEP to implementable, and will include other changes to address feedback in it.

cc @kubernetes/sig-instrumentation-api-reviews

[dashpole]

/assign @brancz

[brancz]

Any particular reason this is [WIP]?

[dashpole]

Removed the WIP tag. This is really a
/hold
for discussion on OT Collector.

[serathius]

I think we should follow similar versioning conversion like other annotations e.g. "alpha.trace.kubernetes.io/context"

[dashpole]

I think we should follow similar versioning conversion like other annotations e.g. "alpha.trace.kubernetes.io/context"

Makes sense. I'm going to wait until the discussion about updating annotations with subresource update is completed before updating.

[dashpole]

@BenTheElder can you take a pass on the testing paragraph? It should be straight-forward, but it would be good to get someone's eyes from sig-testing on it.

[kikisdeliveryservice]

If this is for #647 then the dir should be: 647-apiserver-tracing

KEP-647, etc...

As we track via the issue number and issue 34 that you are referencing seems to be something... completely different. :)

[dashpole]

@kikisdeliveryservice I updated the KEP number. The KEP was created when KEP numbers were based on a next kep number file...

[lavalamp]

Do you plan this to ever be conformance tested? This doesn't sound easy to conformance test.

[dashpole]

Yes, it would be good to have this conformance tested. I added it as a GA requirement. With the current configuration options, we can run the OTel Collector as a service in the cluster instead of on the master node.

[lavalamp]

The thing is, users likely won't be able to configure that config file. But yeah, I agree with testing via running this in the cluster.

[lavalamp]

Once the feature is GA and we remove the feature gate, how will one turn it off if it's not desired?

[dashpole]

I specified that if the configuration file path isn't specified, tracing is disabled. Alternatively, we can add a specific configuration option in the config to specify if it is disabled.

WDYT?

[lavalamp]

Yeah going off of the config file presence is fine.

[lavalamp]

Please expand this, how do clients do that?

[lavalamp]

I have an extremely strong interest in apiserver knowing when an incoming API call is re-entrant, and ideally, what its parent call is. Additionally, I'd like this to work in a multiple apiserver setup. So:

• Can the tracing header be reverse-engineered to figure this out?
• Can I pack metadata into the tracing header to make this possible?

[dashpole]

I gave an example of how a webhook would do that. The tracing header will tell you if it is a direct child of the API Server trace, but you can't tell if it is an indirect child (e.g. if the admission controller webhook adds a span in-between). You can pack metadata into the tracing header (well, it is a different header, but still), using "Baggage": https://github.com/open-telemetry/opentelemetry-specification/blob/master/specification/baggage/api.md#baggage-api.

[lavalamp]

Thanks, love the name "Baggage"

[lavalamp]

I think I'm OK for approving this for alpha; for beta I think @deads2k should also approve and at least one of us actually needs to look at the OT code, I haven't...

[dashpole]

Got it. I added a "revisit format" item for beta.

[evankanderson]

I just noticed this and the Structured Logging KEP.

I see this is listed as a non-goal:

Change metrics or logging (e.g. to support trace-metric correlation)

Having recently worked on observability for Knative, I discovered that having a common set of labels across all the observability components (metrics, logs, tracing) helped with both reducing boilerplate and increasing accuracy/coverage of labels. It's also really painful to align these after you've done a bunch of instrumentation work for each separately and downstream teams have taken dependencies on the specific labels.

(The interface I'm looking at extracts a logger from the context, and that logger can be augmented with trace labels before it is returned.)

It looks like KEP 1602 doesn't define many well-known keys (ts, v, err, msg), but the implementation (e.g. this PR https://github.com/kubernetes/kubernetes/pull/91576/files) seems to have a bunch more labels that might apply to tracing, including object, kind, objectUID, as well as some kind-specific strings such as service, node, and deployment.

https://github.com/kubernetes/kubernetes/pull/91773/files#diff-06ce45a2e81bbfd5d4ce7e3c67d49a84R47 also seems to introduce/use logTraceArgs that seems related.

[evankanderson]

(Don't consider my comment blocking, it's a drive-by because I was commenting on my experience and someone upstream pointed out this KEP.)

[dashpole]

@evankanderson thanks for the feedback; you make good points. I definitely agree with the value of having the same set of labels. One problem right now is that we have two different standards: the long-standing kubernetes instrumentation guidelines and the OpenTelemetry semantic conventions. The kubernetes standards suggest using "pod", and the OpenTelemetry standards suggest "k8s.pod", for example. I don't have a good answer, but I'll bring it up for discussion at next week's instrumentation meeting.

[lavalamp]

/lgtm
/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dashpole, lavalamp

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• keps/sig-instrumentation/OWNERS [dashpole]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[dashpole]

/hold cancel

[lavalamp]

I think we'll want to encourage clients as strongly as possible to pass those headers through.

Is it easy to describe in non-go terms what a client has to do? Hopefully just copy-paste some headers matching a particular name format?

[dashpole]

Is it easy to describe in non-go terms what a client has to do? Hopefully just copy-paste some headers matching a particular name format?

Yes. This describes the trace context header: https://www.w3.org/TR/trace-context/. And this describes the baggage header: https://w3c.github.io/baggage/. So you would have to copy the traceparent, baggage, and tracestate headers.

But in general, OpenTelemetry has broad language support, which should be easier than manually copying headers.