From 3b5713441cb4a21e9a9466cf008bd64e2056d886 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sandor=20Sz=C3=BCcs?= <sandor.szuecs@zalando.de>
Date: Tue, 4 Sep 2018 17:17:12 +0200
Subject: [PATCH 1/3] deploy lightstep skipper ingress
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Sandor Szücs <sandor.szuecs@zalando.de>
---
 cluster/config-defaults.yaml             | 7 +++++++
 cluster/manifests/skipper/daemonset.yaml | 8 ++++----
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/cluster/config-defaults.yaml b/cluster/config-defaults.yaml
index 3a1e7b6fe6..bc45c12b33 100644
--- a/cluster/config-defaults.yaml
+++ b/cluster/config-defaults.yaml
@@ -10,6 +10,13 @@ autoscaling_buffer_pods: "1"
 autoscaling_buffer_pods: "0"
 {{end}}
 
+# lightstep
+{{if eq .Environment "production"}}
+lightstep_token: "deployment-secret:2:stups:AQICAHgrx06TPoR1aNmcPHJjFu5mmoICT5KJkx2fsTJpmXmbNAH+8Ml18b8ZkUO/0KAwtIZTAAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMSf79AuT/RI5rvWWjAgEQgDuN7obV7JD4iBMnOJ4Th93DfM5j572dXjf+gWmHx4JKMTTJPX2w6hgfQXX3LjI49l0p479a6IXIlZJOSg=="
+{{else}}
+lightstep_token: "deployment-secret:2:stups:AQICAHgrx06TPoR1aNmcPHJjFu5mmoICT5KJkx2fsTJpmXmbNAHvvYXdV1r7NviF5S+Jyx5zAAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMQBqSQk/2TuQOsHGOAgEQgDsrNbCwF4AxoQXZuxXUOPnuQhFCY02EhWcB4xqmjFy8DelZtiCldRtxRdLyDL4uXiEyV8vOFyhxgqso/A=="
+{{end}}
+
 # tokeninfo
 {{if eq .Environment "production"}}
 tokeninfo_url: "https://info.services.auth.zalando.com/oauth2/tokeninfo"
diff --git a/cluster/manifests/skipper/daemonset.yaml b/cluster/manifests/skipper/daemonset.yaml
index 1044253f23..6b304a91b8 100644
--- a/cluster/manifests/skipper/daemonset.yaml
+++ b/cluster/manifests/skipper/daemonset.yaml
@@ -5,7 +5,7 @@ metadata:
   namespace: kube-system
   labels:
     application: skipper-ingress
-    version: v0.10.59
+    version: v0.10.71
     component: ingress
 spec:
   selector:
@@ -18,7 +18,7 @@ spec:
       name: skipper-ingress
       labels:
         application: skipper-ingress
-        version: v0.10.59
+        version: v0.10.71
         component: ingress
       annotations:
         kubernetes-log-watcher/scalyr-parser: |
@@ -33,13 +33,12 @@ spec:
       hostNetwork: true
       containers:
       - name: skipper-ingress
-        image: registry.opensource.zalan.do/pathfinder/skipper:v0.10.59
+        image: registry.opensource.zalan.do/pathfinder/skipper-lightstep:v0.10.71
         ports:
         - name: ingress-port
           containerPort: 9999
           hostPort: 9999
         args:
-          - "skipper"
           - "-kubernetes"
           - "-kubernetes-in-cluster"
           - "-kubernetes-path-mode=path-prefix"
@@ -55,6 +54,7 @@ spec:
           - "-enable-connection-metrics"
           - "-oauth2-tokeninfo-url={{ .ConfigItems.tokeninfo_url }}"
           - "-histogram-metric-buckets=.01,.025,.05,.075,.1,.2,.3,.4,.5,.75,1,2,3,4,5,7,10,15,20,30,60,120,300,600"
+          - "-opentracing=lightstep component-name=skipper-ingress token={{ .ConfigItems.lightstep_token }} collector=tracing.zmon.zalan.do:8444 cmd-line=skipper-ingress max-buffered-spans=4096"
         resources:
           limits:
             memory: 200Mi

From 2cf5e0c10d76674ef97b0f4a3a99facbfb99df24 Mon Sep 17 00:00:00 2001
From: Mikkel Oscar Lyderik Larsen <mikkel.larsen@zalando.de>
Date: Tue, 4 Sep 2018 19:20:15 +0200
Subject: [PATCH 2/3] Get lightstep token from secret

Signed-off-by: Mikkel Oscar Lyderik Larsen <mikkel.larsen@zalando.de>
---
 cluster/manifests/skipper/daemonset.yaml |  8 +++++++-
 cluster/manifests/skipper/secret.yaml    | 10 ++++++++++
 2 files changed, 17 insertions(+), 1 deletion(-)
 create mode 100644 cluster/manifests/skipper/secret.yaml

diff --git a/cluster/manifests/skipper/daemonset.yaml b/cluster/manifests/skipper/daemonset.yaml
index 6b304a91b8..c5ac315dd4 100644
--- a/cluster/manifests/skipper/daemonset.yaml
+++ b/cluster/manifests/skipper/daemonset.yaml
@@ -38,6 +38,12 @@ spec:
         - name: ingress-port
           containerPort: 9999
           hostPort: 9999
+        env:
+        - name: LIGHTSTEP_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: skipper-ingress
+              key: lightstep-token
         args:
           - "-kubernetes"
           - "-kubernetes-in-cluster"
@@ -54,7 +60,7 @@ spec:
           - "-enable-connection-metrics"
           - "-oauth2-tokeninfo-url={{ .ConfigItems.tokeninfo_url }}"
           - "-histogram-metric-buckets=.01,.025,.05,.075,.1,.2,.3,.4,.5,.75,1,2,3,4,5,7,10,15,20,30,60,120,300,600"
-          - "-opentracing=lightstep component-name=skipper-ingress token={{ .ConfigItems.lightstep_token }} collector=tracing.zmon.zalan.do:8444 cmd-line=skipper-ingress max-buffered-spans=4096"
+          - "-opentracing=tracing_lightstep component-name=skipper-ingress token=$(LIGHTSTEP_TOKEN) collector=tracing.zmon.zalan.do:8444 cmd-line=skipper-ingress max-buffered-spans=4096"
         resources:
           limits:
             memory: 200Mi
diff --git a/cluster/manifests/skipper/secret.yaml b/cluster/manifests/skipper/secret.yaml
new file mode 100644
index 0000000000..060b873ff2
--- /dev/null
+++ b/cluster/manifests/skipper/secret.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: skipper-ingress
+  namespace: kube-system
+  labels:
+    application: skipper-ingress
+type: Opaque
+data:
+  lightstep-token: "{{ .ConfigItems.lightstep_token | base64 }}"

From 368268c6791c2def8a4e10828b5941a777cfaf93 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sandor=20Sz=C3=BCcs?= <sandor.szuecs@zalando.de>
Date: Wed, 5 Sep 2018 13:16:11 +0200
Subject: [PATCH 3/3] change kms string prefix that is used by clm
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Sandor Szücs <sandor.szuecs@zalando.de>
---
 cluster/config-defaults.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cluster/config-defaults.yaml b/cluster/config-defaults.yaml
index bc45c12b33..aa5b638b1b 100644
--- a/cluster/config-defaults.yaml
+++ b/cluster/config-defaults.yaml
@@ -12,9 +12,9 @@ autoscaling_buffer_pods: "0"
 
 # lightstep
 {{if eq .Environment "production"}}
-lightstep_token: "deployment-secret:2:stups:AQICAHgrx06TPoR1aNmcPHJjFu5mmoICT5KJkx2fsTJpmXmbNAH+8Ml18b8ZkUO/0KAwtIZTAAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMSf79AuT/RI5rvWWjAgEQgDuN7obV7JD4iBMnOJ4Th93DfM5j572dXjf+gWmHx4JKMTTJPX2w6hgfQXX3LjI49l0p479a6IXIlZJOSg=="
+lightstep_token: "aws:kms:AQICAHgrx06TPoR1aNmcPHJjFu5mmoICT5KJkx2fsTJpmXmbNAH+8Ml18b8ZkUO/0KAwtIZTAAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMSf79AuT/RI5rvWWjAgEQgDuN7obV7JD4iBMnOJ4Th93DfM5j572dXjf+gWmHx4JKMTTJPX2w6hgfQXX3LjI49l0p479a6IXIlZJOSg=="
 {{else}}
-lightstep_token: "deployment-secret:2:stups:AQICAHgrx06TPoR1aNmcPHJjFu5mmoICT5KJkx2fsTJpmXmbNAHvvYXdV1r7NviF5S+Jyx5zAAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMQBqSQk/2TuQOsHGOAgEQgDsrNbCwF4AxoQXZuxXUOPnuQhFCY02EhWcB4xqmjFy8DelZtiCldRtxRdLyDL4uXiEyV8vOFyhxgqso/A=="
+lightstep_token: "aws:kms:AQICAHgrx06TPoR1aNmcPHJjFu5mmoICT5KJkx2fsTJpmXmbNAHvvYXdV1r7NviF5S+Jyx5zAAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMQBqSQk/2TuQOsHGOAgEQgDsrNbCwF4AxoQXZuxXUOPnuQhFCY02EhWcB4xqmjFy8DelZtiCldRtxRdLyDL4uXiEyV8vOFyhxgqso/A=="
 {{end}}
 
 # tokeninfo