Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add an option to turn off pod webhook #1115

Open
pureklkl opened this issue Apr 3, 2024 · 3 comments
Open

Add an option to turn off pod webhook #1115

pureklkl opened this issue Apr 3, 2024 · 3 comments
Labels
chart:operator Issue related to opentelemetry-operator helm chart

Comments

@pureklkl
Copy link

pureklkl commented Apr 3, 2024

The admission webhook to monitor the pod creation may cause performance burden on k8s api server. Thus before resolving the performance problem, please add an option to turn it off.

The problem webhook
https://github.com/open-telemetry/opentelemetry-helm-charts/blob/opentelemetry-operator-0.53.0/charts/opentelemetry-operator/templates/admission-webhooks/operator-webhook.yaml#L128

When significant amount of pods created at the same time, the performance burden will bring down the opentelemetry operator and the following k8s api server which killed the entire cluster. Even though we turnt off the instrumentation, it will cause unnecessary cost on k8s api server. Unlike the instrumentation and opentelemetry collector resource webhook, the performance cost of the pod webhook scaled with the cluster size.

The only optionsthat provide the similar function are namespace/object selector, but they are ideal as just remove this webhook when not used.
This was referenced Apr 3, 2024
Closed
Closed
@swiatekm-sumo
Copy link
Contributor

Could you go into some more detail about the problem you ran into? How many Pods you were creating, how much resources the operator was using, and what happened to the API Server as a result?

@TylerHelmuth TylerHelmuth added the chart:operator Issue related to opentelemetry-operator helm chart label Apr 4, 2024
@jcdauchy
Copy link

A newbie suestion, what is the purpose of the webhook ?
And what would be the potential problem to disable it ?
Thanks in advance.

@swiatekm-sumo
Copy link
Contributor

swiatekm-sumo commented Apr 18, 2024
edited

The purpose of the webhook is to make changes to Pods before they're created. For the operator this involves injecting autoinstrumentation or sidecar Otel Collector containers. As Pods are immutable, this can only happen when they're created. The API Server calls the webhook on every Pod creation, and the operator gets to decide if it wants to make any changes to the Pod manifest.

Webhooks can also be used for other things, like doing validation, but for Pods specifically, the operator only does what I outlined above.

It's not invalid to want to disable them, but this is fairly advanced customization of the operator, and can get you in trouble if you don't fully understand what you're doing. As a proper solution to @pureklkl's problem, I'd prefer to optimize the webhook so it can easily cope with large bursts of requests.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
chart:operator Issue related to opentelemetry-operator helm chart
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jcdauchy @TylerHelmuth @pureklkl @swiatekm-sumo