Setup OTEL initial implementation

Signed-off-by: Adrian Fernandez De La Torre <adri1197@gmail.com>

Author: Adrian Fernandez De La Torre

go.mod

@@ -41,6 +41,12 @@ require (
 	github.com/spf13/pflag v1.0.6
 	github.com/stretchr/testify v1.10.0
 	gitlab.com/gitlab-org/api/client-go v0.134.0
+	go.opentelemetry.io/otel v1.37.0
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.33.0
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.33.0
+	go.opentelemetry.io/otel/sdk v1.36.0
+	go.opentelemetry.io/otel/trace v1.37.0
 	golang.org/x/oauth2 v0.30.0
 	golang.org/x/text v0.27.0
 	google.golang.org/api v0.241.0
@@ -78,6 +84,7 @@ require (
 	github.com/blang/semver/v4 v4.0.0 // indirect
 	github.com/bradleyfalzon/ghinstallation/v2 v2.16.0 // indirect
 	github.com/carapace-sh/carapace-shlex v1.0.1 // indirect
+	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/chai2010/gettext-go v1.0.2 // indirect
 	github.com/cloudevents/sdk-go/v2 v2.15.2 // indirect
@@ -122,6 +129,7 @@ require (
 	github.com/googleapis/gax-go/v2 v2.14.2 // indirect
 	github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect
 	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-version v1.7.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
@@ -167,9 +175,8 @@ require (
 	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect
-	go.opentelemetry.io/otel v1.37.0 // indirect
 	go.opentelemetry.io/otel/metric v1.37.0 // indirect
-	go.opentelemetry.io/otel/trace v1.37.0 // indirect
+	go.opentelemetry.io/proto/otlp v1.4.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
 	go.yaml.in/yaml/v2 v2.4.2 // indirect

go.sum

@@ -74,6 +74,8 @@ github.com/carapace-sh/carapace-shlex v1.0.1 h1:ww0JCgWpOVuqWG7k3724pJ18Lq8gh5pH
 github.com/carapace-sh/carapace-shlex v1.0.1/go.mod h1:lJ4ZsdxytE0wHJ8Ta9S7Qq0XpjgjU0mdfCqiI2FHx7M=
 github.com/cdevents/sdk-go v0.4.1 h1:Cr/iH/I51Z+slxKRx9AV7stn6hr2pjRHQ5wpPJhRLTU=
 github.com/cdevents/sdk-go v0.4.1/go.mod h1:3IhWLoY4vsyUEzv7XJbyr0BRQ0KPgvNx+wiD2hQGFNU=
+github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
+github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
@@ -260,6 +262,8 @@ github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 h1:JeSE6pjso5T
 github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674/go.mod h1:r4w70xmWCQKmi1ONH4KIaBptdivuRPyosB9RmPlGEwA=
 github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA=
 github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0 h1:TmHmbvxPmaegwhDubVz0lICL0J5Ka2vwTzhoePEXsGE=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0/go.mod h1:qztMSjm835F2bXf+5HKAPIS5qsmQDqZna/PgVt4rWtI=
 github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
 github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k=
@@ -418,6 +422,12 @@ go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 h1:F7Jx+6h
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0/go.mod h1:UHB22Z8QsdRDrnAtX4PntOl36ajSxcdUMt1sF7Y6E7Q=
 go.opentelemetry.io/otel v1.37.0 h1:9zhNfelUvx0KBfu/gb+ZgeAfAgtWrfHJZcAqFC228wQ=
 go.opentelemetry.io/otel v1.37.0/go.mod h1:ehE/umFRLnuLa/vSccNq9oS1ErUlkkK71gMcN34UG8I=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0 h1:Vh5HayB/0HHfOQA7Ctx69E/Y/DcQSMPpKANYVMQ7fBA=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0/go.mod h1:cpgtDBaqD/6ok/UG0jT15/uKjAY8mRA53diogHBg3UI=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.33.0 h1:5pojmb1U1AogINhN3SurB+zm/nIcusopeBNp42f45QM=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.33.0/go.mod h1:57gTHJSE5S1tqg+EKsLPlTWhpHMsWlVmer+LA926XiA=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.33.0 h1:wpMfgF8E1rkrT1Z6meFh1NDtownE9Ii3n3X2GJYjsaU=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.33.0/go.mod h1:wAy0T/dUbs468uOlkT31xjvqQgEVXv58BRFWEgn5v/0=
 go.opentelemetry.io/otel/metric v1.37.0 h1:mvwbQS5m0tbmqML4NqK+e3aDiO02vsf/WgbsdpcPoZE=
 go.opentelemetry.io/otel/metric v1.37.0/go.mod h1:04wGrZurHYKOc+RKeye86GwKiTb9FKm1WHtO+4EVr2E=
 go.opentelemetry.io/otel/sdk v1.36.0 h1:b6SYIuLRs88ztox4EyrvRti80uXIFy+Sqzoh9kFULbs=
@@ -426,6 +436,8 @@ go.opentelemetry.io/otel/sdk/metric v1.36.0 h1:r0ntwwGosWGaa0CrSt8cuNuTcccMXERFw
 go.opentelemetry.io/otel/sdk/metric v1.36.0/go.mod h1:qTNOhFDfKRwX0yXOqJYegL5WRaW376QbB7P4Pb0qva4=
 go.opentelemetry.io/otel/trace v1.37.0 h1:HLdcFNbRQBE2imdSEgm/kwqmQj1Or1l/7bW6mxVK7z4=
 go.opentelemetry.io/otel/trace v1.37.0/go.mod h1:TlgrlQ+PtQO5XFerSPUYG0JSgGyryXewPGyayAWSBS0=
+go.opentelemetry.io/proto/otlp v1.4.0 h1:TA9WRvW6zMwP+Ssb6fLoUIuirti1gGbP28GcKG1jgeg=
+go.opentelemetry.io/proto/otlp v1.4.0/go.mod h1:PPBWZIP98o2ElSqI35IHfu7hIhSwvc5N38Jw8pXuGFY=
 go.uber.org/automaxprocs v1.6.0 h1:O3y2/QNTOdbF+e/dpXNNW7Rx2hZ4sTIPyybbxyNqTUs=
 go.uber.org/automaxprocs v1.6.0/go.mod h1:ifeIMSnPZuznNm6jmdzmU3/bfk01Fe2fotchwEFJ8r8=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=

internal/server/event_handlers.go

@@ -18,6 +18,9 @@ package server
 
 import (
 	"context"
+	"crypto/sha256"
+	"encoding/base64"
+	"encoding/hex"
 	"errors"
 	"fmt"
 	"net/http"
@@ -27,6 +30,15 @@ import (
 	"strings"
 	"time"
 
+	"go.opentelemetry.io/otel"
+	"go.opentelemetry.io/otel/attribute"
+	"go.opentelemetry.io/otel/codes"
+	"go.opentelemetry.io/otel/exporters/otlp/otlptrace"
+	"go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc"
+	"go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp"
+	sdktrace "go.opentelemetry.io/otel/sdk/trace"
+	semconv "go.opentelemetry.io/otel/semconv/v1.17.0"
+	"go.opentelemetry.io/otel/trace"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/labels"
@@ -88,11 +100,24 @@ func (s *EventServer) handleEvent() func(w http.ResponseWriter, r *http.Request)
 					"providerName": alert.Spec.ProviderRef.Name,
 				})
 			ctx := log.IntoContext(ctx, alertLogger)
+			// OTEL processing
+			var provider apiv1beta3.Provider
+			providerName := types.NamespacedName{
+				Namespace: alert.Namespace,
+				Name:      alert.Spec.ProviderRef.Name,
+			}
+			if err := s.kubeClient.Get(ctx, providerName, &provider); err == nil {
+				s.processTracing(ctx, event, alert, &provider)
+			}
+
 			if err := s.dispatchNotification(ctx, event, alert); err != nil {
 				alertLogger.Error(err, "failed to dispatch notification")
 				s.Eventf(alert, corev1.EventTypeWarning, "NotificationDispatchFailed",
 					"failed to dispatch notification for %s: %s", involvedObjectString(event.InvolvedObject), err)
 			}
+			// else {
+
+			// }
 		}
 
 		w.WriteHeader(http.StatusAccepted)
@@ -609,3 +634,182 @@ func excludeInternalMetadata(event *eventv1.Event) {
 		delete(event.Metadata, key)
 	}
 }
+
+// Add this function to generate root span ID
+func generateRootSpanID(alertUID, sourceRevision string) string {
+	input := fmt.Sprintf("%s:%s", alertUID, sourceRevision)
+	hash := sha256.Sum256([]byte(input))
+	return hex.EncodeToString(hash[:])
+}
+
+// Add this function to check if provider supports OTLP
+func isOTLPProvider(providerType string) bool {
+	otlpProviders := []string{"jaeger", "tempo", "otlp", "generic"}
+	return slices.Contains(otlpProviders, providerType)
+}
+
+// Add this function to process tracing
+func (s *EventServer) processTracing(ctx context.Context, event *eventv1.Event, alert *apiv1beta3.Alert, provider *apiv1beta3.Provider) {
+
+	if isOTLPProvider(provider.Spec.Type) {
+		s.setupOTLPExporter(ctx, provider)
+		s.sendOTLPTrace(ctx, event, alert, provider)
+	} else {
+		s.logTraceWarning(ctx, event, alert)
+	}
+}
+
+// Add this function to send OTLP traces
+func (s *EventServer) sendOTLPTrace(ctx context.Context, event *eventv1.Event, alert *apiv1beta3.Alert, provider *apiv1beta3.Provider) {
+	revision, hasRevision := event.GetRevision()
+	if !hasRevision {
+		return
+	}
+
+	var spanCtx context.Context = ctx
+	spanID := generateRootSpanID(string(alert.UID), revision)
+	tracer := otel.Tracer("flux-notification-controller")
+
+	// If a source kind is considered a potential root span
+	if isSourceKind(event.InvolvedObject.Kind) {
+		if !s.spanExists(ctx, spanID, provider) {
+			spanCtx = context.Background() // Create root span
+		}
+	}
+
+	_, span := tracer.Start(spanCtx, event.InvolvedObject.Kind)
+	defer span.End()
+
+	span.SetAttributes(
+		semconv.ServiceName("flux-notification-controller"),
+		attribute.String("flux.trace.id", spanID),
+		attribute.String("flux.object.kind", event.InvolvedObject.Kind),
+		attribute.String("flux.object.name", event.InvolvedObject.Name),
+		attribute.String("flux.object.namespace", event.InvolvedObject.Namespace),
+		attribute.String("flux.event.reason", event.Reason),
+	)
+
+	span.AddEvent(event.Message, trace.WithTimestamp(event.Timestamp.Time))
+	if event.Severity == "error" {
+		span.SetStatus(codes.Error, event.Message)
+	}
+}
+
+func (s *EventServer) setupOTLPExporter(ctx context.Context, provider *apiv1beta3.Provider) {
+	httpOptions := []otlptracehttp.Option{otlptracehttp.WithEndpoint(provider.Spec.Address)}
+	grpcOptions := []otlptracegrpc.Option{otlptracegrpc.WithEndpoint(provider.Spec.Address)}
+
+	// NOTE: Posibly reuse extractAuthFromSecret()
+	// Add authentication if secretRef is set
+	if provider.Spec.SecretRef != nil {
+		var secret corev1.Secret
+		secretName := types.NamespacedName{
+			Namespace: provider.Namespace,
+			Name:      provider.Spec.SecretRef.Name,
+		}
+		if err := s.kubeClient.Get(ctx, secretName, &secret); err == nil {
+			var headers map[string]string
+			if token, ok := secret.Data["token"]; ok {
+				headers = map[string]string{"Authorization": "Bearer " + string(token)}
+
+			} else {
+				user, userOk := secret.Data["username"]
+				pass, passOk := secret.Data["password"]
+				if userOk && passOk {
+					auth := base64.StdEncoding.EncodeToString([]byte(string(user) + ":" + string(pass)))
+					headers = map[string]string{"Authorization": "Basic " + auth}
+				}
+			}
+			httpOptions = append(httpOptions, otlptracehttp.WithHeaders(headers))
+			grpcOptions = append(grpcOptions, otlptracegrpc.WithHeaders(headers))
+		}
+	}
+
+	var exporter *otlptrace.Exporter
+	var err error
+
+	if err != nil {
+		return
+	}
+
+	if strings.HasPrefix(provider.Spec.Address, "http") {
+		httpOptions = append(httpOptions, otlptracehttp.WithInsecure())
+		exporter, err = otlptracehttp.New(ctx, httpOptions...)
+	} else {
+		grpcOptions = append(grpcOptions, otlptracegrpc.WithInsecure())
+		exporter, err = otlptracegrpc.New(ctx, grpcOptions...)
+	}
+
+	if err != nil {
+		return
+	}
+
+	defer exporter.Shutdown(ctx)
+
+	tp := sdktrace.NewTracerProvider(sdktrace.WithBatcher(exporter))
+	otel.SetTracerProvider(tp)
+	defer tp.Shutdown(ctx)
+}
+
+// Query to get the spanID
+func (s *EventServer) spanExists(ctx context.Context, spanID string, provider *apiv1beta3.Provider) bool {
+	if !isOTLPProvider(provider.Spec.Type) {
+		return false
+	}
+
+	queryURL := fmt.Sprintf("%s/api/traces/%s", provider.Spec.Address, spanID)
+	req, err := http.NewRequestWithContext(ctx, "GET", queryURL, nil)
+	if err != nil {
+		return false
+	}
+
+	if provider.Spec.SecretRef != nil {
+		var secret corev1.Secret
+		secretName := types.NamespacedName{
+			Namespace: provider.Namespace,
+			Name:      provider.Spec.SecretRef.Name,
+		}
+		if err := s.kubeClient.Get(ctx, secretName, &secret); err == nil {
+			if token, ok := secret.Data["token"]; ok {
+				req.Header.Set("Authorization", "Bearer "+string(token))
+			} else {
+				user, userOk := secret.Data["username"]
+				pass, passOk := secret.Data["password"]
+				if userOk && passOk {
+					req.SetBasicAuth(string(user), string(pass))
+				}
+			}
+		}
+	}
+
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		return false
+	}
+	defer resp.Body.Close()
+
+	return resp.StatusCode == http.StatusOK
+}
+
+// Add this function to log trace warnings for non-OTLP providers
+func (s *EventServer) logTraceWarning(ctx context.Context, event *eventv1.Event, alert *apiv1beta3.Alert) {
+	logger := log.FromContext(ctx)
+	spanType := "child"
+	if isSourceKind(event.InvolvedObject.Kind) {
+		spanType = "root"
+	}
+
+	logger.Info("trace information (provider does not support OTLP)",
+		"spanType", spanType,
+		"alertUID", string(alert.UID),
+		"eventReason", event.Reason,
+		"objectKind", event.InvolvedObject.Kind,
+		"objectName", event.InvolvedObject.Name,
+		"objectNamespace", event.InvolvedObject.Namespace,
+	)
+}
+
+func isSourceKind(kind string) bool {
+	sourceKinds := []string{"GitRepository", "OCIRepository", "HelmRepository", "Bucket"}
+	return slices.Contains(sourceKinds, kind)
+}