Merge branch 'update-migration-script' of https://github.com/opendevstack/ods-core into update-migration-script

Author: BraisVQ

CHANGELOG.md

@@ -7,13 +7,18 @@
 
 ### Changed
 - Nexus storage change ([#1341](https://github.com/opendevstack/ods-core/issues/1341))
-- Security improvements ([#1328](https://github.com/opendevstack/ods-core/pull/1328))
-- Update Aqua cli to 760 ([#1344](https://github.com/opendevstack/ods-core/pull/1344))
 - Update PVC migration script, adding threads to rsync execution ([#1345](https://github.com/opendevstack/ods-core/pull/1345))
+- Update Aqua cli to 760 ([#1344](https://github.com/opendevstack/ods-core/pull/1344))
+
 
 ### Fixed
 
 
+## [4.9.0] - 2025-8-06
+
+- Security improvements ([#1328](https://github.com/opendevstack/ods-core/pull/1328))
+- Added Helm Opentelemetry Collector Infrastructure configuration (([#1339](https://github.com/opendevstack/ods-core/issues/1339))
+
 ## [4.8.0] - 2025-4-10
 
 ### Added

Makefile

@@ -163,6 +163,22 @@ configure-nexus:
 ### configure-nexus is not part of install-nexus because it is not idempotent yet.
 
 
+# OPENTELEMETRY COLLECTOR
+## Install or update Opentelemetry Collector.
+install-opentelemetry-collector: apply-opentelemetry-collector-chart start-opentelemetry-collector-build
+.PHONY: opentelemetry-collector
+
+## Apply OpenShift resources related to the Opentelemetry Collector.
+apply-opentelemetry-collector-chart:
+	cd opentelemetry-collector/chart && envsubst < values.yaml.template > values.yaml && helm upgrade --install --namespace $(ODS_NAMESPACE) opentelemetry-collector . && rm values.yaml
+.PHONY: apply-opentelemetry-collector-chart
+
+## Start build of BuildConfig "Opentelemetry Collector".
+start-opentelemetry-collector-build:
+	ocp-scripts/start-and-follow-build.sh --namespace $(ODS_NAMESPACE) --build-config opentelemetry-collector
+.PHONY: start-opentelemetry-collector-build
+
+
 # BACKUP
 ## Create a backup of the current state.
 backup: backup-sonarqube backup-ocp-config

configuration-sample/ods-core.env.sample

@@ -426,3 +426,31 @@ AQUA_ALERT_EMAILS=
 
 # The name of a Nexus repository to store the reports generated by Aqua
 AQUA_NEXUS_REPOSITORY=leva-documentation
+
+##########################
+# Opentelemety Collector #
+##########################
+# The docker image used to build the Opentelemetry Collector
+OPENTELEMETRY_COLLECTOR_IMAGE=otel/opentelemetry-collector-k8s
+
+# The docker image tag used to build the Opentelemetry Collector
+OPENTELEMETRY_COLLECTOR_IMAGE_TAG=0.123.0-amd64
+
+# The Go memory limit for the Opentelemetry Collector
+OPENTELEMETRY_COLLECTOR_GOMEMLIMIT=128MiB
+
+# The endpoint to send telemetry data using the OpenTelemetry Protocol (OTLP)
+OPENTELEMETRY_COLLECTOR_OTLP_API_ENDPOINT=https://fake-jaeger/v1/traces
+
+# The Authorization Token used to authenticate requests sent to the OTLP_API_ENDPOINT
+OPENTELEMETRY_COLLECTOR_OTLP_API_TOKEN=Api-Token fakeJaegerIDToken
+
+# The Host of the Opentelemetry Collector
+OPENTELEMETRY_COLLECTOR_INGRESS_HOST=fake.opentelemetry-collector.com
+
+# Resource requests and limits for the Opentelemetry Collector
+OPENTELEMETRY_COLLECTOR_CPU_REQUEST=200m
+OPENTELEMETRY_COLLECTOR_MEMORY_REQUEST=128Mi
+OPENTELEMETRY_COLLECTOR_CPU_LIMIT=1
+OPENTELEMETRY_COLLECTOR_MEMORY_LIMIT=256Mi
+

opentelemetry-collector/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

opentelemetry-collector/README.md

@@ -0,0 +1,22 @@
+# Opentelemetry Collector
+
+The OpenTelemetry Collector is a vendor-agnostic way to receive, process, and export telemetry data. It supports various data formats and protocols, making it easy to collect and distribute your observability data.
+
+## Setup
+
+The OpenShift templates are located in the chart directory and can be compared with the OC cluster using Helm. For example, run cd chart && helm secrets diff upgrade to see if there is any drift between the current and desired state.
+
+To install the OpenTelemetry Collector, run:
+
+`helm install opentelemetry-collector .`
+
+## Configuration
+
+All the relevant configuration of the Opentelemetry Collector is store in the config map named collector-config in the same namespace where is running the pod.
+
+## Building a new image
+
+Push to this repository, then go to the build config in OC and start a new build.
+
+Aditionally you can run `make start-opentelemetry-collector-build`.
+

opentelemetry-collector/chart/Chart.yaml

@@ -0,0 +1,25 @@
+apiVersion: v2
+name: opentelemetry-collector
+description: A Helm chart for Kubernetes that defines a Opentelemetry Collector
+icon: https://opentelemetry.io/img/logos/opentelemetry-horizontal-color.svg
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "0.123.0-amd64"

opentelemetry-collector/chart/templates/NOTES.txt

@@ -0,0 +1,22 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+  {{- range .paths }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
+  {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "opentelemetry-collector.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "opentelemetry-collector.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "opentelemetry-collector.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "opentelemetry-collector.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
+{{- end }}

opentelemetry-collector/chart/templates/_helpers.tpl

@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "opentelemetry-collector.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "opentelemetry-collector.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "opentelemetry-collector.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "opentelemetry-collector.labels" -}}
+helm.sh/chart: {{ include "opentelemetry-collector.chart" . }}
+{{ include "opentelemetry-collector.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "opentelemetry-collector.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "opentelemetry-collector.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "opentelemetry-collector.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "opentelemetry-collector.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

opentelemetry-collector/chart/templates/buildconfig.yaml

@@ -0,0 +1,39 @@
+apiVersion: build.openshift.io/v1
+kind: BuildConfig
+metadata:
+  labels:
+    app: {{ .Values.collector.name }}
+  name: {{ .Values.collector.name }}
+spec:
+  failedBuildsHistoryLimit: 5
+  nodeSelector: null
+  output:
+    to:
+      kind: ImageStreamTag
+      name: {{ printf "%s:%s" .Values.collector.name .Values.global.odsImageTag }}
+  postCommit: {}
+  resources:
+    limits:
+      cpu: {{ .Values.buildConfig.cpuLimit }}
+      memory: {{ .Values.buildConfig.memLimit }}
+    requests:
+      cpu: {{ .Values.buildConfig.cpuRequest }}
+      memory: {{ .Values.buildConfig.memRequest }}
+  runPolicy: Serial
+  source:
+    contextDir: opentelemetry-collector/docker
+    git:
+      uri: {{ .Values.global.repoBase }}/{{ .Values.global.odsBitBucketProject }}/ods-core.git
+      ref: {{ .Values.global.odsGitRef }}
+    sourceSecret:
+      name: cd-user-token
+    type: Git
+  strategy:
+    type: Docker
+    dockerStrategy:
+      from:
+        kind: DockerImage
+        name: {{ .Values.collector.image }}:{{ .Values.collector.imageTag }}
+      forcePull: true
+      noCache: true
+  successfulBuildsHistoryLimit: 5

opentelemetry-collector/chart/templates/configmap.yaml

@@ -0,0 +1,48 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: collector-config
+data:
+  otel-collector-config.yaml: |
+    receivers:
+      otlp:
+        protocols:
+          grpc:
+            endpoint: 0.0.0.0:4317
+          http:
+            endpoint: 0.0.0.0:4318
+    exporters:
+      otlphttp:
+        endpoint: ${OTLP_API_ENDPOINT}
+        headers:
+          Authorization: "${OTLP_API_TOKEN}"
+      debug:
+        verbosity: normal
+    extensions:
+      health_check:
+        endpoint: ${env:MY_POD_IP}:13133
+    processors:
+      batch: {}
+      memory_limiter:
+        check_interval: 5s
+        limit_percentage: 80
+        spike_limit_percentage: 25
+    service:
+      extensions:
+      - health_check
+      pipelines:
+        traces:
+          receivers: [otlp]
+          processors: []
+          exporters: [debug, otlphttp]
+        metrics:
+          exporters: [debug]
+          processors: [memory_limiter, batch]
+          receivers: [otlp]
+        logs:
+          receivers: [otlp]
+          processors: [memory_limiter, batch]
+          exporters: [debug]
+      telemetry:
+        metrics:
+          address: ${env:MY_POD_IP}:8888