Add otel-cloud-stack chart

[jaronoff97]

Why make this?

This PR serves to finally close #562. This PR creates a helm chart that takes some inspiration from the kube-prometheus-stack chart from the prometheus community repo to create a fully-fledged collector starter for Kubernetes. Prometheus services and CRDs are optionally included to allow users a near-drop-in replacement for the prometheus experience. For non-prometheus users, this provides an easy way to get started with opentelemetry's Kubernetes offerings. This is accomplished by utilizing some clever templating for the configuration for the collector, which I found to be easier to reason about than embedding config in a helper tpl.

Features

• Centralized tracing collector
• Autoinstrumentation
• Infrastructure metrics and logs collector
• standalone kubernetes cluster stats collector
• Allows for drop-in replacement for kube-prometheus-stack with a sharded statefulset collector
• Allows for custom collectors to be set and validated against an exhaustive schema

Next steps

• end to end testing to verify telemetry appears as expected between versions
• documentation for what to expect OOTB
• documentation for example configs (i include two samples below that are specific for my company)

For a config that gets you tracing, infra logs and metrics, kube cluster stats

clusterName: jacob-kind
opentelemetry-operator:
  enabled: true
collectors:
  tracing:
    env:
      - name: LS_TOKEN
        valueFrom:
          secretKeyRef:
            key: LS_TOKEN
            name: otel-collector-secret
    config:
      exporters:
        otlp:
          endpoint: ingest.lightstep.com:443
          headers:
            "lightstep-access-token": "${LS_TOKEN}"
      service:
        pipelines:
          traces:
            exporters: [otlp]
  daemon:
    env:
      - name: LS_TOKEN
        valueFrom:
          secretKeyRef:
            key: LS_TOKEN
            name: otel-collector-secret
    config:
      exporters:
        otlp:
          endpoint: ingest.lightstep.com:443
          headers:
            "lightstep-access-token": "${LS_TOKEN}"
      service:
        pipelines:
          metrics:
            exporters: [otlp]
          logs:
            exporters: [otlp]
  cluster:
    env:
      - name: LS_TOKEN
        valueFrom:
          secretKeyRef:
            key: LS_TOKEN
            name: otel-collector-secret
    config:
      exporters:
        otlp:
          endpoint: ingest.lightstep.com:443
          headers:
            "lightstep-access-token": "${LS_TOKEN}"
      service:
        pipelines:
          metrics:
            exporters: [otlp]
opAMPBridge:
  enabled: false

For a config that's a near drop in for kube-prometheus-stack

clusterName: jacob-kind
opentelemetry-operator:
  enabled: true
  manager:
    serviceMonitor:
      enabled: true
    extraArgs:
      - "--feature-gates=operator.observability.prometheus"
    image:
      tag: "v0.95.0"
collectors:
  tracing:
    enabled: false
  daemon:
    enabled: false
  cluster:
    enabled: false
  metrics:
    enabled: true
    targetAllocator:
      observability:
        metrics:
          enableMetrics: true
    observability:
      metrics:
        enableMetrics: true
    env:
      - name: LS_TOKEN
        valueFrom:
          secretKeyRef:
            key: LS_TOKEN
            name: otel-collector-secret
    config:
      exporters:
        otlp:
          endpoint: ingest.lightstep.com:443
          headers:
            "lightstep-access-token": "${LS_TOKEN}"
      service:
        pipelines:
          metrics:
            exporters: [otlp]
opAMPBridge:
  enabled: false
prometheus:
  customResources:
    enabled: true
kubernetesServiceMonitors:
  enabled: true
kubeApiServer:
  enabled: true
kubelet:
  enabled: true
kubeControllerManager:
  enabled: true
kubeDns:
  enabled: true
kubeEtcd:
  enabled: true
kubeScheduler:
  enabled: true
kubeProxy:
  enabled: true
kubeStateMetrics:
  enabled: true
nodeExporter:
  enabled: true

[jaronoff97]

okay. so now this thing actually does something!! Next week I have to test out the kube-otel-stack functionality. But you can try for yourself by layering this values file over the existing values. (obviously this works for LS and youll needd to change to your vendor of choice ;))

Here's that config

clusterName: jacob-kind
opentelemetry-operator:
  enabled: true
collectors:
  tracing:
    env:
      - name: LS_TOKEN
        valueFrom:
          secretKeyRef:
            key: LS_TOKEN
            name: otel-collector-secret
    config:
      exporters:
        otlp:
          endpoint: ingest.lightstep.com:443
          headers:
            "lightstep-access-token": "${LS_TOKEN}"
      service:
        pipelines:
          traces:
            exporters: [otlp]
  daemon:
    env:
      - name: LS_TOKEN
        valueFrom:
          secretKeyRef:
            key: LS_TOKEN
            name: otel-collector-secret
    config:
      exporters:
        otlp:
          endpoint: ingest.lightstep.com:443
          headers:
            "lightstep-access-token": "${LS_TOKEN}"
      service:
        pipelines:
          metrics:
            exporters: [otlp]
          logs:
            exporters: [otlp]
  cluster:
    env:
      - name: LS_TOKEN
        valueFrom:
          secretKeyRef:
            key: LS_TOKEN
            name: otel-collector-secret
    config:
      exporters:
        otlp:
          endpoint: ingest.lightstep.com:443
          headers:
            "lightstep-access-token": "${LS_TOKEN}"
      service:
        pipelines:
          metrics:
            exporters: [otlp]
opAMPBridge:
  enabled: false

[jaronoff97]

this matches what's done in kube-prometheus-stack such that we can install the necessary prometheus CRDs in the right order. the installation of this is entirely optional and disabled by default.

[bismarck]

@jaronoff97 it would be nice to have some self-monitoring of the operator and collectors? Not sure what form that would take (e.g. ServiceMonitor or static scrape job).

[jaronoff97]

this is actually already possible and you can take a look at that in my sample configs in the For a config that's a near drop in for kube-prometheus-stack section :)

[bismarck]

@jaronoff97 I see you can bring your own ServiceAccount for your collector and target allocator. However, the ClusterRoleBinding is using the ServiceAccount that the operator is generating, not your override.

[jaronoff97]

ah great catch! thank you.

[TylerHelmuth]

@jaronoff97 thanks for following through with this, I am very excited about it.

This is a large PR adding a lot of features. Is there anything we can do to make it smaller? My initial thought is we could start with it only installing the operator/collector and then in followup PRs introduce the target allocator and all the prom stuff.

Please add:

1. a README for the chart
2. a ci folder with an empty values.yaml so we can test the default install
3. please update the github workflow CI to test the chart.

[TylerHelmuth]

I'm guessing you used this to generate the schema file, do we need to check it in?

[jaronoff97]

nope, i was thinking it may be helpful for future schema generation! but am happy to leave it out :)

[TylerHelmuth]

I agree that it could be helpful in the future for all the charts. Let's add that in a separate pr.

[jaronoff97]

sounds good!

[TylerHelmuth]

I'd rather start with 0.0.1

[jaronoff97]

sounds good!

[TylerHelmuth]

Please list @TylerHelmuth @dmitryax and @Allex1. I'd love if you wanted to help maintain this chart and become an approver after it is merged, we did something similar with @puckpuck and the demo chart.

[jaronoff97]

can do!

[TylerHelmuth]

Let's use https://open-telemetry.github.io/opentelemetry-helm-charts, thats what we do for the demo.

[jaronoff97]

can do!

[TylerHelmuth]

This appversion corresponds with the collector, but the sources only list the operator.

[jaronoff97]

yeah i was thinking this would determine the version for everything this chart creates (read: collectors) but i also should pipe this in to the image used for the operator too

[TylerHelmuth]

What does this files do? It isn't part of template so it isn't included in any install of the chart. Is it an expected scrape config to use with the chart?

[jaronoff97]

this is actually included in the chart via the logic in the collector.yaml. The chart dynamically pulls these values in and appends them (or creates a new) prometheus scrape config in the prometheus receiver

[Allex1]

Should we move them in a configs folder?

[TylerHelmuth]

What does this files do? It isn't part of template so it isn't included in any install of the chart. Is it an expected scrape config to use with the chart?

[TylerHelmuth]

Should this be enabled by default? The goal of the chart is to install an operator/collector all in one go right?

[jaronoff97]

yep probably! for my testing it was easier to not have it by default initially, but i can change that.

[TylerHelmuth]

I think this name is misleading - it implies to me it configures the collector's configuration when it is configuring the OpenTelemetryCollector resource. Could we name it opentelemetry-collector?

[jaronoff97]

see comment below for why this is done, i agree this could probably have a better name. baseCollectorCRConfig?

[TylerHelmuth]

I'd prefer to nest all things related to the collector under 1 root section.

[jaronoff97]

the benefit of doing it this way is that anyone can add any collectors they want created to this key and they will be created as part of the chart. It also allows them to easily overlay values for specific collectors in different environments. i.e. if someone wanted to make a custom collector xcol and have a different sample rate in each env/region combo ([dev,prod] x [us-east-1, us-east-2]) they would be able to have a single xcol definition and only overlay the new sample rate rather than redefine the entire configuration.

[jaronoff97]

@TylerHelmuth i think i could split this up in to the following sections:

• hierarchical things (chart.yaml, unfilled values-yaml, some templates with nothing)
• embed operator deployment
• default collector configuration
• autoinstrumentation
• opamp bridge
• prometheus features
• some sample collector configurations for a true quickstart

do i need to also make a rendered folder to test that?

[TylerHelmuth]

@jaronoff97 I like that approach.

some sample collector configurations for a true quickstart

We can handle this via an example folder like the other charts.

[jaronoff97]

@TylerHelmuth I see, so we would have some files like example/kube-prom-stack which has the values files overrides for doing that? This, rather than baking in these defaults?

[TylerHelmuth]

I see, so we would have some files like example/kube-prom-stack which has the values files overrides for doing that? This, rather than baking in these defaults?

I am not sure yet, I need to understand the how the default config files are used. The examples folder is strictly for viewing, they shouldn't be used or referenced in any templates

[jaronoff97]

i see, in this case the chart is meant to serve as a quickstart with opentelemetry. Hopefully giving users full visibility in to their kube clusters the "otel" way. Or allowing people on prometheus with the kube-prometheus-stack a near exact replica but with the collector

[TylerHelmuth]

@jaronoff97 yup, I was referring to those yaml files. I may not understand what you meant by rendered folder.

Regardless, let's move forward with incremental PRs.

[jaronoff97]

Closing this for now in favor of the approach specified here