fix(collector): remove prometheus annotations on disablePrometheusAnnotations update#5069
Conversation
|
This is a little dicey, because these annotations don't belong to the operator, but rather to Prometheus. If someone flips the attribute on and then adds their own, we'd remove them with this change. @open-telemetry/operator-approvers what do you think? We'd need to track the state in some way - for example add another annotation indicating that it was the operator who added these. |
E2E Test Results 38 files 261 suites 2h 14m 48s ⏱️ Results for commit 564b45c. ♻️ This comment has been updated with latest results. |
Yep. It makes sense. |
|
@swiatekm @iblancasa — agreed, the unconditional strip is too aggressive. The operator should only remove keys it planted. Plan for v2:
Migration shape:
Tests (
CI:
Will rework on the same branch — likely a force-push since the diff shape changes, unless you would prefer me to stack a second commit so the v1 → v2 evolution is visible in the PR history. Let me know which you prefer. If the meta-annotation key name ( |
|
Friendly ping @swiatekm @iblancasa when you have a moment. To recap where we left off: You both flagged that the current PR's unconditional strip of My proposed redesign (posted 2026-05-13):
Pending your ack on:
I'll start the rework as soon as I have either of those — happy to take whatever direction works best. |
|
This might be a pattern we adopt for other similar situations around reconciliation, so we'll have to discuss this during our SIG meeting on Thursday (see https://github.com/open-telemetry/community#sig-operator if you'd like to join). We'll get back to you with a direction afterwards. Sorry for the wait! |
|
@swiatekm @iblancasa gentle ping — has the operator-tracked-annotations approach we discussed on 2026-05-13 (track the keys the operator stamped so we only remove those, rather than the unconditional strip) gotten any SIG-meeting time since 2026-05-18? Happy to send a v2 implementing the "only remove keys we planted" pattern whenever you have direction. Thanks! |
564b45c to
b308274
Compare
|
Rebased onto current
No production code changes — |
Hey, sorry for making you wait. We've discussed it during the SIG meeting on 04.06.2026 and decided that we're ok with the tracked annotation approach. Essentially, we'd add our own annotation (let's say it's going to be |
|
Thanks for the update @swiatekm — and no apology needed, this kind of cross-cutting reconciliation question is exactly what SIG meetings are for. Confirming the design I'll send in v2:
I'll send v2 shortly. One small ask: any preference between |
|
@praveen9354 your design looks good to me. Let's start with |
…an removal When spec.observability.metrics.disablePrometheusAnnotations is toggled from false to true on an existing OpenTelemetryCollector, the pod template mutate path previously preserved any annotation that existed on the current resource but was absent from the desired render. This left the prometheus.io/scrape, prometheus.io/port, and prometheus.io/path annotations stuck on the rolled pods. The operator now stamps an ownership marker (collector.opentelemetry.io/prometheus-annotations-added=true) whenever PodAnnotations adds at least one default prometheus.io/* annotation. mutatePodTemplate consults that marker on the existing pod template and strips the prometheus.io/* keys + the marker only when the marker is present AND the keys are absent from the desired pod template. This preserves prometheus.io/* annotations the user set out of band on the same collector — the design @swiatekm landed at the 2026-06-04 SIG meeting. If the user pre-sets all three default prometheus.io/* values via metadata.annotations or spec.podAnnotations, the operator adds nothing on top and the marker is not stamped — the operator claims nothing. Upgrade compatibility: pre-upgrade collectors have no marker. On the first reconcile after upgrade with DisablePrometheusAnnotations=false, the marker is stamped and subsequent toggles work normally. If a user upgrades and immediately sets DisablePrometheusAnnotations=true, the operator never stamps the marker on the existing pod template (the stamp path is gated on !Disable), so the pre-upgrade prom annotations survive that single toggle as a documented one-time cost. The mutate test covers this scenario. Fixes open-telemetry#5043 Signed-off-by: praveen9354 <praveen9354@gmail.com>
b308274 to
b534908
Compare
|
Force-pushed b534908a implementing the marker-gated design from the 2026-06-04 SIG meeting. One naming change. The literal name you suggested — Key shape:
Upgrade compatibility (the piece worth flagging):
Tests:
|
❌ 1 Tests Failed:
View the top 1 failed test(s) by shortest run time
To view more test analytics, go to the Test Analytics Dashboard |
There was a problem hiding this comment.
This looks good to me now, thanks for making the changes. I looked into what annotations we use for tracking similar changes for Services, and I think what we should use here is operator.opentelemetry.io/prometheus-annotations-added. @open-telemetry/operator-approvers let me know if you disagree.
…r. prefix Per @swiatekm review on open-telemetry#5069, align the ownership-marker key with the operator.opentelemetry.io/ prefix already used for Service-tracking annotations in this repo (collector-headless-service, collector-monitoring-service, collector-service-type) rather than the collector.opentelemetry.io/ prefix introduced in the previous revision. Signed-off-by: praveen9354 <praveen9354@gmail.com>
|
Force-pushed 4bdcd203 with the rename to Single-commit rebase on top of |
|
@iblancasa — friendly nudge for a second approval slot when you have bandwidth. You agreed with the marker-annotation direction on 2026-05-12, and @swiatekm has now approved v3 ( |
|
Gentle nudge on the second approval, @iblancasa @jaronoff97 — @swiatekm approved 2026-06-23 and it's been waiting since. Happy to rebase or address any additional feedback. |
Fixes #5043
Description
When
spec.observability.metrics.disablePrometheusAnnotationsflipped fromfalse to true on an existing OpenTelemetryCollector, the operator's pod-
template mutate path preserved the prometheus.io/scrape, port, and path
annotations on the rolled pods.
The renderer in
manifestutils.PodAnnotationscorrectly omitted those keysfrom the desired pod template, but
mutatePodTemplateruns amergeWithOverride against the existing pod template's annotations — that
merge intentionally preserves any key present in existing but absent from
desired (the long-standing "external annotations on the pod template
should survive a reconcile" contract enforced by the Ingress mutate tests).
So the prometheus.io/* keys planted at create-time stuck around forever.
Fix: track a small fixed set of operator-managed pod-template annotation
keys (currently the three prometheus.io annotations) and strip those keys
from existing.Annotations before the merge runs, when they are absent from
desired. Keys outside that set continue to be preserved.
Adds three table-driven test cases against
mutatePodTemplate:Fixes #5043
Signed-off-by: praveen9354 praveen9354@gmail.com
Link to tracking Issue(s)
See description and commits above.
Testing
Local verification of the changed file's adjacent test suite.
Upstream CI runs the full matrix on push.
Documentation