-
Notifications
You must be signed in to change notification settings - Fork 8
Helm Chart Assessments
Structured assessment of each service's Helm chart, identifying the exact changes needed to support OTel (traces + metrics), Pyroscope, and Faro configuration injection.
| Tier | Description | Typical effort per phase |
|---|---|---|
| Standard | Single deployment, backend only — values.yaml additions + one template file |
~20–30 min |
| Multi-component | Multiple deployments or Faro required — multiple template files, Faro proxy code | ~45–90 min |
| Library | Chart is a shared library consumed by other services; instrumentation may need to target consuming service charts | Varies |
All charts implement this schema. Default values shown — all signals disabled by default, opt-in per environment.
otel:
enabled: false
serviceName: ""
endpoint: "http://alloy:4317" # gRPC; use :4318 for HTTP-only services
tracesExporter: "otlp" # OTEL_TRACES_EXPORTER
metricsExporter: "otlp" # OTEL_METRICS_EXPORTER
# Python services only:
pythonLogCorrelation: "true" # injects trace_id into stdout logs; not OTLP log export
pyroscope:
enabled: false
serverAddress: "http://alloy:12347"
faro: # frontend services only
enabled: false
collectorUrl: ""
proxy:
enabled: false
path: "/faro"
upstreamUrl: ""Note on logs: OTEL_LOGS_EXPORTER is intentionally not in this schema. Logs flow via pod stdout → Alloy scraping → Loki. pythonLogCorrelation / Node.js logging instrumentation injects trace_id into those existing log records — no separate log export pipeline needed.
{{- if .Values.otel.enabled }}
- name: OTEL_SERVICE_NAME
value: {{ .Values.otel.serviceName | quote }}
- name: OTEL_EXPORTER_OTLP_ENDPOINT
value: {{ .Values.otel.endpoint | quote }}
- name: OTEL_TRACES_EXPORTER
value: {{ .Values.otel.tracesExporter | quote }}
- name: OTEL_METRICS_EXPORTER
value: {{ .Values.otel.metricsExporter | quote }}
{{- end }}
{{- if .Values.pyroscope.enabled }}
- name: PYROSCOPE_SERVER_ADDRESS
value: {{ .Values.pyroscope.serverAddress | quote }}
{{- end }}- name: OTEL_PYTHON_LOG_CORRELATION
value: {{ .Values.otel.pythonLogCorrelation | quote }}Charts that include acapy or other instrumented charts as dependencies should pass config down via Helm sub-chart values rather than extraEnvVars:
# parent chart values.yaml
acapy:
otel:
enabled: true
serviceName: "traction-acapy"
endpoint: "http://alloy:4317"
tracesExporter: "otlp"
metricsExporter: "otlp"
pythonLogCorrelation: "true"This requires the dependency chart to implement the same schema natively.
| Chart | Manages | Tier | Faro | Phase 2 (OTel) | Phase 3 (Pyroscope/Faro) | Status |
|---|---|---|---|---|---|---|
| acapy-agent | acapy Deployment | Standard | No | ~20 min | ~10 min | Done |
| vc-authn-oidc | vc-authn-oidc Deployment | Standard | No | ~20 min | ~10 min | Done |
| endorser-service | acapy-endorser-api Deployment | Standard | No | ~20 min | ~10 min | Done |
| didcomm-mediator-credo | mediator Deployment | Standard | No | ~20 min | ~10 min | Done |
| traction | tenant-proxy + tenant-ui + acapy sub-chart | Multi-component | Yes | ~45 min | ~45 min | Done |
| didwebvh-server-py | didwebvh-server Deployment | Standard | Yes | ~20 min | ~30 min | Pending |
| bc-wallet-demo | server + frontend | Multi-component | Yes | ~45 min | ~45 min | Pending |
| credo-ts consuming service | consuming service host | Library | Yes (consumers) | TBD | TBD | Pending |
Manages: acapy Deployment (Python). Sub-charts: postgres, common (no action needed).
values.yaml:
otel:
enabled: false
serviceName: "acapy"
endpoint: "http://alloy:4317"
tracesExporter: "otlp"
metricsExporter: "otlp"
pythonLogCorrelation: "true"templates/deployment.yaml — insert into the acapy container env: block:
{{- if .Values.otel.enabled }}
- name: OTEL_SERVICE_NAME
value: {{ .Values.otel.serviceName | quote }}
- name: OTEL_EXPORTER_OTLP_ENDPOINT
value: {{ .Values.otel.endpoint | quote }}
- name: OTEL_TRACES_EXPORTER
value: {{ .Values.otel.tracesExporter | quote }}
- name: OTEL_METRICS_EXPORTER
value: {{ .Values.otel.metricsExporter | quote }}
- name: OTEL_PYTHON_LOG_CORRELATION
value: {{ .Values.otel.pythonLogCorrelation | quote }}
{{- end }}values.yaml:
pyroscope:
enabled: false
serverAddress: "http://alloy:12347"templates/deployment.yaml:
{{- if .Values.pyroscope.enabled }}
- name: PYROSCOPE_SERVER_ADDRESS
value: {{ .Values.pyroscope.serverAddress | quote }}
{{- end }}Manages: vc-authn-oidc Deployment (Python), vc-authn-oidc-cleanup CronJob. Sub-charts: acapy, mongodb (no action needed). No browser-facing frontend; Faro not applicable.
values.yaml:
otel:
enabled: false
serviceName: "vc-authn-oidc"
endpoint: "http://alloy:4317"
tracesExporter: "otlp"
metricsExporter: "otlp"
pythonLogCorrelation: "true"templates/deployment.yaml — insert into the vc-authn-oidc container env: block:
{{- if .Values.otel.enabled }}
- name: OTEL_SERVICE_NAME
value: {{ .Values.otel.serviceName | quote }}
- name: OTEL_EXPORTER_OTLP_ENDPOINT
value: {{ .Values.otel.endpoint | quote }}
- name: OTEL_TRACES_EXPORTER
value: {{ .Values.otel.tracesExporter | quote }}
- name: OTEL_METRICS_EXPORTER
value: {{ .Values.otel.metricsExporter | quote }}
- name: OTEL_PYTHON_LOG_CORRELATION
value: {{ .Values.otel.pythonLogCorrelation | quote }}
{{- end }}values.yaml:
pyroscope:
enabled: false
serverAddress: "http://alloy:12347"templates/deployment.yaml:
{{- if .Values.pyroscope.enabled }}
- name: PYROSCOPE_SERVER_ADDRESS
value: {{ .Values.pyroscope.serverAddress | quote }}
{{- end }}Manages: acapy-endorser-api Deployment (Python), caddy-proxy Deployment, migration-job. Sub-charts: acapy, postgres (no action needed). No frontend; Faro not applicable.
values.yaml:
otel:
enabled: false
serviceName: "endorser-service"
endpoint: "http://alloy:4317"
tracesExporter: "otlp"
metricsExporter: "otlp"
pythonLogCorrelation: "true"templates/api/deployment.yaml — insert into the acapy-endorser-api container env: block:
{{- if .Values.otel.enabled }}
- name: OTEL_SERVICE_NAME
value: {{ .Values.otel.serviceName | quote }}
- name: OTEL_EXPORTER_OTLP_ENDPOINT
value: {{ .Values.otel.endpoint | quote }}
- name: OTEL_TRACES_EXPORTER
value: {{ .Values.otel.tracesExporter | quote }}
- name: OTEL_METRICS_EXPORTER
value: {{ .Values.otel.metricsExporter | quote }}
- name: OTEL_PYTHON_LOG_CORRELATION
value: {{ .Values.otel.pythonLogCorrelation | quote }}
{{- end }}values.yaml:
pyroscope:
enabled: false
serverAddress: "http://alloy:12347"templates/api/deployment.yaml:
{{- if .Values.pyroscope.enabled }}
- name: PYROSCOPE_SERVER_ADDRESS
value: {{ .Values.pyroscope.serverAddress | quote }}
{{- end }}Manages: didcomm-mediator-credo Deployment (Node.js). Sub-chart: common (no action needed). No frontend; Faro not applicable. Uses HTTP OTLP (port 4318) due to existing Dockerfile constraints.
values.yaml:
otel:
enabled: false
serviceName: "didcomm-mediator-credo"
endpoint: "http://alloy:4318" # HTTP, not gRPC
tracesExporter: "otlp"
metricsExporter: "otlp"templates/deployment.yaml — insert into the didcomm-mediator-credo container env: block:
{{- if .Values.otel.enabled }}
- name: OTEL_SERVICE_NAME
value: {{ .Values.otel.serviceName | quote }}
- name: OTEL_EXPORTER_OTLP_ENDPOINT
value: {{ .Values.otel.endpoint | quote }}
- name: OTEL_TRACES_EXPORTER
value: {{ .Values.otel.tracesExporter | quote }}
- name: OTEL_METRICS_EXPORTER
value: {{ .Values.otel.metricsExporter | quote }}
{{- end }}values.yaml:
pyroscope:
enabled: false
serverAddress: "http://alloy:12347"templates/deployment.yaml:
{{- if .Values.pyroscope.enabled }}
- name: PYROSCOPE_SERVER_ADDRESS
value: {{ .Values.pyroscope.serverAddress | quote }}
{{- end }}Manages: tenant-proxy Deployment (Node.js), tenant-ui Deployment (Node.js + Vue 3 frontend). Sub-chart: acapy — pass OTel/Pyroscope values via acapy.otel and acapy.pyroscope once the acapy chart implements the shared schema (see sub-chart convention above).
values.yaml:
otel:
enabled: false
endpoint: "http://alloy:4317"
tracesExporter: "otlp"
metricsExporter: "otlp"
proxyServiceName: "traction-tenant-proxy"
uiServiceName: "traction-tenant-ui"
acapyServiceName: "traction-acapy"templates/proxy/deployment.yaml:
{{- if .Values.otel.enabled }}
- name: OTEL_SERVICE_NAME
value: {{ .Values.otel.proxyServiceName | quote }}
- name: OTEL_EXPORTER_OTLP_ENDPOINT
value: {{ .Values.otel.endpoint | quote }}
- name: OTEL_TRACES_EXPORTER
value: {{ .Values.otel.tracesExporter | quote }}
- name: OTEL_METRICS_EXPORTER
value: {{ .Values.otel.metricsExporter | quote }}
{{- end }}templates/ui/configmap.yaml:
{{- if .Values.otel.enabled }}
OTEL_SERVICE_NAME: {{ .Values.otel.uiServiceName | quote }}
OTEL_EXPORTER_OTLP_ENDPOINT: {{ .Values.otel.endpoint | quote }}
OTEL_TRACES_EXPORTER: {{ .Values.otel.tracesExporter | quote }}
OTEL_METRICS_EXPORTER: {{ .Values.otel.metricsExporter | quote }}
{{- end }}values.yaml:
pyroscope:
enabled: false
serverAddress: "http://alloy:12347"
faro:
enabled: false
collectorUrl: ""
proxy:
enabled: false
path: "/faro"
upstreamUrl: ""templates/proxy/deployment.yaml:
{{- if .Values.pyroscope.enabled }}
- name: PYROSCOPE_SERVER_ADDRESS
value: {{ .Values.pyroscope.serverAddress | quote }}
{{- end }}templates/ui/configmap.yaml:
{{- if .Values.pyroscope.enabled }}
PYROSCOPE_SERVER_ADDRESS: {{ .Values.pyroscope.serverAddress | quote }}
{{- end }}
{{- if .Values.faro.enabled }}
FRONTEND_FARO_COLLECTOR_URL: {{ .Values.faro.collectorUrl | quote }}
{{- if .Values.faro.proxy.enabled }}
FARO_PROXY_UPSTREAM: {{ .Values.faro.proxy.upstreamUrl | quote }}
{{- end }}
{{- end }}The tenant-ui backend picks up FRONTEND_* env vars at runtime and serves them to the browser bundle. Ensure the proxy route /faro → FARO_PROXY_UPSTREAM is implemented in the tenant-ui server code (see Phase 3).
Assessment pending.
Assessment pending.
Assessment pending. Note: credo-ts is a library chart — instrumentation configuration may need to target consuming service charts rather than this chart directly.