apiVersion: v1
kind: ServiceAccount
metadata:
name: otel-collector-deployment
You can set up and use the Red Hat build of OpenTelemetry to send traces to the OpenTelemetry Collector or the TempoStack.
To configure forwarding traces to a TempoStack, you can deploy and configure the OpenTelemetry Collector. You can deploy the OpenTelemetry Collector in the deployment mode by using the specified processors, receivers, and exporters. For other modes, see the OpenTelemetry Collector documentation linked in Additional resources.
The Red Hat build of OpenTelemetry Operator is installed.
The Tempo Operator is installed.
A TempoStack is deployed on the cluster.
Create a service account for the OpenTelemetry Collector.
apiVersion: v1
kind: ServiceAccount
metadata:
name: otel-collector-deployment
Create a cluster role for the service account.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: otel-collector
rules:
(1)
(2)
- apiGroups: ["", "config.openshift.io"]
resources: ["pods", "namespaces", "infrastructures", "infrastructures/status"]
verbs: ["get", "watch", "list"]
1 | The k8sattributesprocessor requires permissions for pods and namespaces resources. |
2 | The resourcedetectionprocessor requires permissions for infrastructures and status. |
Bind the cluster role to the service account.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: otel-collector
subjects:
- kind: ServiceAccount
name: otel-collector-deployment
namespace: otel-collector-example
roleRef:
kind: ClusterRole
name: otel-collector
apiGroup: rbac.authorization.k8s.io
Create the YAML file to define the OpenTelemetryCollector
custom resource (CR).
apiVersion: opentelemetry.io/v1alpha1
kind: OpenTelemetryCollector
metadata:
name: otel
spec:
mode: deployment
serviceAccount: otel-collector-deployment
config: |
receivers:
jaeger:
protocols:
grpc:
thrift_binary:
thrift_compact:
thrift_http:
opencensus:
otlp:
protocols:
grpc:
http:
zipkin:
processors:
batch:
k8sattributes:
memory_limiter:
check_interval: 1s
limit_percentage: 50
spike_limit_percentage: 30
resourcedetection:
detectors: [openshift]
exporters:
otlp:
endpoint: "tempo-simplest-distributor:4317" (1)
tls:
insecure: true
service:
pipelines:
traces:
receivers: [jaeger, opencensus, otlp, zipkin] (2)
processors: [memory_limiter, k8sattributes, resourcedetection, batch]
exporters: [otlp]
1 | The Collector exporter is configured to export OTLP and points to the Tempo distributor endpoint, "tempo-simplest-distributor:4317" in this example, which is already created. |
2 | The Collector is configured with a receiver for Jaeger traces, OpenCensus traces over the OpenCensus protocol, Zipkin traces over the Zipkin protocol, and OTLP traces over the GRPC protocol. |
You can deploy
|
Sending traces and metrics to the OpenTelemetry Collector is possible with or without sidecar injection.
You can set up sending telemetry data to an OpenTelemetry Collector instance with sidecar injection.
The Red Hat build of OpenTelemetry Operator allows sidecar injection into deployment workloads and automatic configuration of your instrumentation to send telemetry data to the OpenTelemetry Collector.
The Red Hat OpenShift distributed tracing platform (Tempo) is installed, and a TempoStack instance is deployed.
You have access to the cluster through the web console or the OpenShift CLI (oc
):
You are logged in to the web console as a cluster administrator with the cluster-admin
role.
An active OpenShift CLI (oc
) session by a cluster administrator with the cluster-admin
role.
For Red Hat OpenShift Dedicated, you must have an account with the dedicated-admin
role.
Create a project for an OpenTelemetry Collector instance.
apiVersion: project.openshift.io/v1
kind: Project
metadata:
name: observability
Create a service account.
apiVersion: v1
kind: ServiceAccount
metadata:
name: otel-collector-sidecar
namespace: observability
Grant the permissions to the service account for the k8sattributes
and resourcedetection
processors.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: otel-collector
rules:
- apiGroups: ["", "config.openshift.io"]
resources: ["pods", "namespaces", "infrastructures", "infrastructures/status"]
verbs: ["get", "watch", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: otel-collector
subjects:
- kind: ServiceAccount
name: otel-collector-sidecar
namespace: observability
roleRef:
kind: ClusterRole
name: otel-collector
apiGroup: rbac.authorization.k8s.io
Deploy the OpenTelemetry Collector as a sidecar.
apiVersion: opentelemetry.io/v1alpha1
kind: OpenTelemetryCollector
metadata:
name: otel
namespace: observability
spec:
serviceAccount: otel-collector-sidecar
mode: sidecar
config: |
serviceAccount: otel-collector-sidecar
receivers:
otlp:
protocols:
grpc:
http:
processors:
batch:
memory_limiter:
check_interval: 1s
limit_percentage: 50
spike_limit_percentage: 30
resourcedetection:
detectors: [openshift]
timeout: 2s
exporters:
otlp:
endpoint: "tempo-<example>-gateway:8090" (1)
tls:
insecure: true
service:
pipelines:
traces:
receivers: [jaeger]
processors: [memory_limiter, resourcedetection, batch]
exporters: [otlp]
1 | This points to the Gateway of the TempoStack instance deployed by using the <example> Tempo Operator. |
Create your deployment using the otel-collector-sidecar
service account.
Add the sidecar.opentelemetry.io/inject: "true"
annotation to your deployment
object. This will inject all the needed environment variables to send data from your workloads to the OpenTelemetry Collector instance.
You can set up sending telemetry data to an OpenTelemetry Collector instance without sidecar injection, which involves manually setting several environment variables.
The Red Hat OpenShift distributed tracing platform (Tempo) is installed, and a TempoStack instance is deployed.
You have access to the cluster through the web console or the OpenShift CLI (oc
):
You are logged in to the web console as a cluster administrator with the cluster-admin
role.
An active OpenShift CLI (oc
) session by a cluster administrator with the cluster-admin
role.
For Red Hat OpenShift Dedicated, you must have an account with the dedicated-admin
role.
Create a project for an OpenTelemetry Collector instance.
apiVersion: project.openshift.io/v1
kind: Project
metadata:
name: observability
Create a service account.
apiVersion: v1
kind: ServiceAccount
metadata:
name: otel-collector-deployment
namespace: observability
Grant the permissions to the service account for the k8sattributes
and resourcedetection
processors.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: otel-collector
rules:
- apiGroups: ["", "config.openshift.io"]
resources: ["pods", "namespaces", "infrastructures", "infrastructures/status"]
verbs: ["get", "watch", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: otel-collector
subjects:
- kind: ServiceAccount
name: otel-collector
namespace: observability
roleRef:
kind: ClusterRole
name: otel-collector
apiGroup: rbac.authorization.k8s.io
Deploy the OpenTelemetry Collector instance with the OpenTelemetryCollector
custom resource.
apiVersion: opentelemetry.io/v1alpha1
kind: OpenTelemetryCollector
metadata:
name: otel
namespace: observability
spec:
mode: deployment
serviceAccount: otel-collector-deployment
config: |
receivers:
jaeger:
protocols:
grpc:
thrift_binary:
thrift_compact:
thrift_http:
opencensus:
otlp:
protocols:
grpc:
http:
zipkin:
processors:
batch:
k8sattributes:
memory_limiter:
check_interval: 1s
limit_percentage: 50
spike_limit_percentage: 30
resourcedetection:
detectors: [openshift]
exporters:
otlp:
endpoint: "tempo-<example>-distributor:4317" (1)
tls:
insecure: true
service:
pipelines:
traces:
receivers: [jaeger, opencensus, otlp, zipkin]
processors: [memory_limiter, k8sattributes, resourcedetection, batch]
exporters: [otlp]
1 | This points to the Gateway of the TempoStack instance deployed by using the <example> Tempo Operator. |
Set the environment variables in the container with your instrumented application.
Name | Description | Default value |
---|---|---|
OTEL_SERVICE_NAME |
Sets the value of the |
|
OTEL_EXPORTER_OTLP_ENDPOINT |
Base endpoint URL for any signal type with an optionally specified port number. |
|
OTEL_EXPORTER_OTLP_CERTIFICATE |
Path to the certificate file for the TLS credentials of the gRPC client. |
|
OTEL_TRACES_SAMPLER |
Sampler to be used for traces. |
|
OTEL_EXPORTER_OTLP_PROTOCOL |
Transport protocol for the OTLP exporter. |
|
OTEL_EXPORTER_OTLP_TIMEOUT |
Maximum time interval for the OTLP exporter to wait for each batch export. |
|
OTEL_EXPORTER_OTLP_INSECURE |
Disables client transport security for gRPC requests. An HTTPS schema overrides it. |
|