OpenTelemetry

[overheadhunter]

This pull request migrates the Cryptomator Hub backend and Helm chart from Micrometer/Prometheus metrics to OpenTelemetry (OTel) for metrics, traces, and logs. It removes the /q/metrics scrape endpoint and all related configuration, replacing it with OTLP push-based telemetry. The Helm chart and documentation are updated to reflect these changes, including new configuration options for OTLP endpoints and authentication.

Backend migration to OpenTelemetry:

• Replaced Micrometer dependencies with OpenTelemetry (quarkus-opentelemetry) in pom.xml and updated all metric instrumentation in SystemUsageMetrics and VaultUnlockMetrics to use the OTel API instead of Micrometer. [1] [2] [3] [4] [5] [6]
• Updated application.properties to remove Micrometer/Prometheus settings and enable OTel metrics/logs.

Helm chart and deployment changes:

• Removed all /q/metrics endpoint, ingress, and secret management for Prometheus scraping; added configuration for OTLP endpoint, protocol, resource attributes, and authentication headers. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12]
• Updated deployment to inject OTel configuration and authentication headers when enabled. [1] [2] [3]

Documentation updates:

• Updated README.md to document the migration from metrics scraping to push-based OTel telemetry, including new configuration options and removal of legacy endpoints. [1] [2]

Other:

• Changed default ingress controller in example from contour to nginx.
• Added helm.sh/resource-policy: keep annotation to secrets for improved resource management. [1] [2]

These changes modernize telemetry support, improve compatibility with observability platforms, and simplify metrics configuration and deployment.

[coderabbitai]

Warning

Rate limit exceeded

@overheadhunter has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 32 minutes and 30 seconds before requesting another review.

To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 6f26ecdf-e688-47f8-b46b-098df30405cd

📥 Commits

Reviewing files that changed from the base of the PR and between 59978d2 and 5590460.

📒 Files selected for processing (9)

• charts/cryptomator-hub/README.md
• charts/cryptomator-hub/templates/NOTES.txt
• charts/cryptomator-hub/templates/hub-configmap.yaml
• charts/cryptomator-hub/templates/hub-metrics-secret.yaml
• charts/cryptomator-hub/templates/hub-secret.yaml
• charts/cryptomator-hub/templates/keycloak-secret.yaml
• charts/cryptomator-hub/templates/postgres-secret.yaml
• charts/cryptomator-hub/values-dev.yaml
• charts/cryptomator-hub/values.yaml

Walkthrough

Replaces Micrometer/Prometheus observability with OpenTelemetry: swaps POM dependency to quarkus-opentelemetry, refactors metrics classes to use OpenTelemetry Meter and observable instruments, removes scheduled Micrometer polling, adds OTLP config to application properties and Helm charts, removes Prometheus metrics ingress and basic-auth secret handling, adds OpenTelemetry @WithSpan annotations to multiple services/repositories, and updates chart values/resource annotations.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• add micrometer metrics support #399: Directly related — previous Micrometer-based metrics and configuration that this PR migrates to OpenTelemetry.
• SQL optimizations #372: Overlaps changes to KeycloakAuthorityPuller and EffectiveGroupMembership touched by added tracing instrumentation.
• Add user and group management UI #376: Modifies KeycloakAdminService methods that receive new @WithSpan annotations here.

Suggested reviewers

• SailReal
• tobihagemann

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 11.54% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The title 'OpenTelemetry' is vague and generic; it names the technology being introduced but doesn't convey the main change (migration from Micrometer to OpenTelemetry).	Consider a more specific title like 'Migrate from Micrometer to OpenTelemetry' to clearly describe the main change and intent of the PR.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description check	✅ Passed	The description comprehensively explains the migration from Micrometer/Prometheus to OpenTelemetry across backend, Helm chart, and documentation with clear rationale and specific changes.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feature/otel

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Review rate limit: 0/1 reviews remaining, refill in 32 minutes and 30 seconds.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@charts/cryptomator-hub/README.md`:
- Line 32: Update the Quick Start sentence that mentions "contour" to reference
"nginx" so it matches the command flag ingress.controller=nginx shown in the
diff; locate the README.md Quick Start paragraph and replace the word "contour"
(or any reference to Contour) with "nginx" to ensure the description and the
--set ingress.controller=nginx flag are consistent.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 1df676fb-17f4-4249-a718-078ffb28538b

📥 Commits

Reviewing files that changed from the base of the PR and between 914d389 and ce6b95a.

📒 Files selected for processing (17)

• backend/pom.xml
• backend/src/main/java/org/cryptomator/hub/metrics/SystemUsageMetrics.java
• backend/src/main/java/org/cryptomator/hub/metrics/VaultUnlockMetrics.java
• backend/src/main/resources/application.properties
• charts/cryptomator-hub/README.md
• charts/cryptomator-hub/templates/NOTES.txt
• charts/cryptomator-hub/templates/_helpers.tpl
• charts/cryptomator-hub/templates/hub-configmap.yaml
• charts/cryptomator-hub/templates/hub-deployment.yaml
• charts/cryptomator-hub/templates/hub-metrics-secret.yaml
• charts/cryptomator-hub/templates/hub-secret.yaml
• charts/cryptomator-hub/templates/ingress-contour.yaml
• charts/cryptomator-hub/templates/ingress-nginx.yaml
• charts/cryptomator-hub/templates/ingress-traefik.yaml
• charts/cryptomator-hub/templates/keycloak-secret.yaml
• charts/cryptomator-hub/templates/postgres-secret.yaml
• charts/cryptomator-hub/values.yaml

💤 Files with no reviewable changes (4)

• charts/cryptomator-hub/templates/ingress-nginx.yaml
• charts/cryptomator-hub/templates/ingress-contour.yaml
• charts/cryptomator-hub/templates/_helpers.tpl
• charts/cryptomator-hub/templates/ingress-traefik.yaml

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@charts/cryptomator-hub/values-prod.yaml`:
- Around line 11-16: The production Helm values set the Hub pod resources to
cpu: 50m, memory requests: 16Mi and limits: 32Mi which is far too low for a JVM
service; update the resources block (resources -> requests.memory and resources
-> limits.memory) for the Hub to realistic values (suggest at least
requests.memory: 256Mi and limits.memory: 512Mi or align with Keycloak’s
512Mi/1Gi) and confirm these are intentional rather than a typo (e.g.,
160Mi/320Mi); keep cpu as needed and ensure the changes appear in the same
resources/requests and resources/limits keys so they apply correctly.

In `@charts/cryptomator-hub/values.yaml`:
- Around line 39-49: The chart disables telemetry by default causing
QUARKUS_OTEL_SDK_DISABLED to be set and breaking observability; update
charts/cryptomator-hub/values.yaml so metrics.enabled defaults to true (i.e. set
metrics.enabled: true) and ensure any related defaults or templating that sets
QUARKUS_OTEL_SDK_DISABLED honor metrics.enabled (check templates that reference
hub.metrics.enabled or QUARKUS_OTEL_SDK_DISABLED) so fresh installs/exporters
remain active unless explicitly turned off.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: dc49c902-1232-48f6-b68b-fa01b1c9d4ac

📥 Commits

Reviewing files that changed from the base of the PR and between 63024bb and 59978d2.

📒 Files selected for processing (4)

• charts/cryptomator-hub/Chart.yaml
• charts/cryptomator-hub/values-dev.yaml
• charts/cryptomator-hub/values-prod.yaml
• charts/cryptomator-hub/values.yaml

💤 Files with no reviewable changes (1)

• charts/cryptomator-hub/values-dev.yaml

✅ Files skipped from review due to trivial changes (1)

• charts/cryptomator-hub/Chart.yaml

[Copilot]

Pull request overview

This PR migrates the Hub backend and Helm chart from Micrometer/Prometheus scraping (/q/metrics) to OpenTelemetry (OTel) with OTLP push-based telemetry (metrics/traces/logs), and updates chart/docs accordingly.

Changes:

• Replaced Micrometer/Prometheus dependencies and instrumentation with OpenTelemetry metrics API and added span annotations to key operations.
• Updated Helm chart to remove the metrics ingress/scrape endpoint and configure OTLP exporter settings + optional Basic Auth headers.
• Updated chart documentation and defaults to reflect the new telemetry model.

Reviewed changes

Copilot reviewed 26 out of 26 changed files in this pull request and generated 10 comments.

Show a summary per file

File	Description
charts/cryptomator-hub/values.yaml	Replaces metrics scrape settings with OTLP telemetry configuration; adjusts default resource requests/limits.
charts/cryptomator-hub/values-prod.yaml	Updates production resource requests/limits to match new defaults.
charts/cryptomator-hub/values-dev.yaml	Removes dev postgres resource overrides.
charts/cryptomator-hub/templates/postgres-secret.yaml	Adds helm.sh/resource-policy: keep annotation to secret.
charts/cryptomator-hub/templates/keycloak-secret.yaml	Adds helm.sh/resource-policy: keep annotation to secret.
charts/cryptomator-hub/templates/hub-secret.yaml	Adds helm.sh/resource-policy: keep annotation to secret.
charts/cryptomator-hub/templates/hub-metrics-secret.yaml	Changes to OTLP Basic Auth secret + derived OTLP headers value; adds keep policy.
charts/cryptomator-hub/templates/hub-deployment.yaml	Injects OTLP headers env var and secret checksum when Basic Auth is configured.
charts/cryptomator-hub/templates/hub-configmap.yaml	Switches from Micrometer env var to OTel OTLP exporter/env configuration.
charts/cryptomator-hub/templates/ingress-traefik.yaml	Removes metrics ingress/middleware for /q/metrics.
charts/cryptomator-hub/templates/ingress-nginx.yaml	Removes metrics ingress/auth for /q/metrics.
charts/cryptomator-hub/templates/ingress-contour.yaml	Removes metrics routing for /q/metrics.
charts/cryptomator-hub/templates/_helpers.tpl	Removes helper for auto-generated metrics password (no longer needed).
charts/cryptomator-hub/templates/NOTES.txt	Removes metrics endpoint/credentials output; adds telemetry output.
charts/cryptomator-hub/README.md	Updates chart docs from scrape-based metrics to OTLP telemetry configuration.
charts/cryptomator-hub/Chart.yaml	Updates appVersion (image tag source) to a short SHA.
backend/src/main/resources/application.properties	Removes Micrometer config; enables OTel metrics/logs and disables OTel SDK in tests.
backend/src/main/java/org/cryptomator/hub/metrics/VaultUnlockMetrics.java	Replaces Micrometer counter/gauges with OTel instruments.
backend/src/main/java/org/cryptomator/hub/metrics/SystemUsageMetrics.java	Replaces scheduled Micrometer gauges with OTel observable gauges and callbacks.
backend/src/main/java/org/cryptomator/hub/license/LicenseHolder.java	Adds @WithSpan to key license flows.
backend/src/main/java/org/cryptomator/hub/keycloak/KeycloakAuthorityPuller.java	Adds @WithSpan to scheduled sync.
backend/src/main/java/org/cryptomator/hub/keycloak/KeycloakAdminService.java	Adds @WithSpan to key admin operations.
backend/src/main/java/org/cryptomator/hub/entities/EffectiveVaultAccess.java	Adds @WithSpan to a repository query method.
backend/src/main/java/org/cryptomator/hub/entities/EffectiveGroupMembership.java	Adds @WithSpan to repository update methods.
backend/src/main/java/org/cryptomator/hub/api/AuditLogResource.java	Adds @WithSpan to audit log endpoint handler.
backend/pom.xml	Replaces Micrometer dependencies with quarkus-opentelemetry.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.