From f2d21b399bce5e5fae324f4781706f0a1299bf83 Mon Sep 17 00:00:00 2001
From: Justin Brooks <jsbroks@gmail.com>
Date: Sat, 21 Sep 2024 23:31:40 -0400
Subject: [PATCH] add otel agent to help deploy

---
 charts/ctrlplane/Chart.lock                   |   7 +-
 charts/ctrlplane/Chart.yaml                   |   5 +-
 charts/ctrlplane/charts/otel/.helmignore      |  23 +++
 charts/ctrlplane/charts/otel/Chart.yaml       |   7 +
 charts/ctrlplane/charts/otel/README.md        |   7 +
 .../charts/otel/templates/_config.tpl         |  99 ++++++++++
 .../charts/otel/templates/_helpers.tpl        | 102 ++++++++++
 .../charts/otel/templates/_receivers.tpl      | 178 ++++++++++++++++++
 .../charts/otel/templates/clusterrole.yaml    |  54 ++++++
 .../otel/templates/clusterrolebinding.yaml    |  23 +++
 .../charts/otel/templates/configmap.yaml      |  18 ++
 .../charts/otel/templates/deployment.yaml     |  91 +++++++++
 .../charts/otel/templates/service.yaml        |  35 ++++
 .../charts/otel/templates/serviceaccount.yaml |  15 ++
 charts/ctrlplane/charts/otel/trace_test.py    |  29 +++
 charts/ctrlplane/charts/otel/values.yaml      |  66 +++++++
 .../webservice/templates/deployment.yaml      |   2 +
 17 files changed, 758 insertions(+), 3 deletions(-)
 create mode 100644 charts/ctrlplane/charts/otel/.helmignore
 create mode 100644 charts/ctrlplane/charts/otel/Chart.yaml
 create mode 100644 charts/ctrlplane/charts/otel/README.md
 create mode 100644 charts/ctrlplane/charts/otel/templates/_config.tpl
 create mode 100644 charts/ctrlplane/charts/otel/templates/_helpers.tpl
 create mode 100644 charts/ctrlplane/charts/otel/templates/_receivers.tpl
 create mode 100644 charts/ctrlplane/charts/otel/templates/clusterrole.yaml
 create mode 100644 charts/ctrlplane/charts/otel/templates/clusterrolebinding.yaml
 create mode 100644 charts/ctrlplane/charts/otel/templates/configmap.yaml
 create mode 100644 charts/ctrlplane/charts/otel/templates/deployment.yaml
 create mode 100644 charts/ctrlplane/charts/otel/templates/service.yaml
 create mode 100644 charts/ctrlplane/charts/otel/templates/serviceaccount.yaml
 create mode 100644 charts/ctrlplane/charts/otel/trace_test.py
 create mode 100644 charts/ctrlplane/charts/otel/values.yaml

diff --git a/charts/ctrlplane/Chart.lock b/charts/ctrlplane/Chart.lock
index 28b7095..8267d47 100644
--- a/charts/ctrlplane/Chart.lock
+++ b/charts/ctrlplane/Chart.lock
@@ -11,5 +11,8 @@ dependencies:
 - name: event-worker
   repository: file://charts/event-worker
   version: 0.1.6
-digest: sha256:6ae2f2e02680d3694444d67aba248dfd3a0352678d7c58d2bce30c8bfdf7be1f
-generated: "2024-08-28T21:15:56.001463-05:00"
+- name: otel
+  repository: file://charts/otel
+  version: 0.1.0
+digest: sha256:a787c72024ab9ccde1b53b471ea5e8c23583f20649e8ae9bd9c48bcbc3a835f6
+generated: "2024-09-21T23:19:52.598333-04:00"
diff --git a/charts/ctrlplane/Chart.yaml b/charts/ctrlplane/Chart.yaml
index d7e17fb..52add12 100644
--- a/charts/ctrlplane/Chart.yaml
+++ b/charts/ctrlplane/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: ctrlplane
 description: Ctrlplane Helm chart for Kubernetes
 type: application
-version: 0.1.23
+version: 0.1.24
 appVersion: "1.16.0"
 
 maintainers:
@@ -26,3 +26,6 @@ dependencies:
   - name: event-worker
     version: "*.*.*"
     repository: "file://charts/event-worker"
+  - name: otel
+    version: "*.*.*"
+    repository: "file://charts/otel"
diff --git a/charts/ctrlplane/charts/otel/.helmignore b/charts/ctrlplane/charts/otel/.helmignore
new file mode 100644
index 0000000..0e8a0eb
--- /dev/null
+++ b/charts/ctrlplane/charts/otel/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/ctrlplane/charts/otel/Chart.yaml b/charts/ctrlplane/charts/otel/Chart.yaml
new file mode 100644
index 0000000..40908d6
--- /dev/null
+++ b/charts/ctrlplane/charts/otel/Chart.yaml
@@ -0,0 +1,7 @@
+apiVersion: v2
+name: otel
+type: application
+description: A Helm chart for Kubernetes
+
+version: 0.1.0
+appVersion: "0.109.0"
diff --git a/charts/ctrlplane/charts/otel/README.md b/charts/ctrlplane/charts/otel/README.md
new file mode 100644
index 0000000..ad713f6
--- /dev/null
+++ b/charts/ctrlplane/charts/otel/README.md
@@ -0,0 +1,7 @@
+We had to create a seperate chart, because the offical one does not support
+
+1. We need to send an otlphttp to the console server. The name of this service
+   is dynamic. TEL helm chart does not support dynamic pipeline values
+2. We could do the above as a config map, and pass it into the agent... however,
+   otel helm does not support using custom config maps names because they need
+   to be based on the release name.
diff --git a/charts/ctrlplane/charts/otel/templates/_config.tpl b/charts/ctrlplane/charts/otel/templates/_config.tpl
new file mode 100644
index 0000000..e42da8b
--- /dev/null
+++ b/charts/ctrlplane/charts/otel/templates/_config.tpl
@@ -0,0 +1,99 @@
+{{- define "otel.config" -}}
+{{- $data := deepCopy .Values.config }}
+{{- $config := .Values.config }}
+{{- if .Values.presets.receivers.hostMetrics }}
+{{- $config = mustMergeOverwrite (include "otel.hostMetricsReceiver" . | fromYaml) $config }}
+{{- end }}
+{{- if .Values.presets.receivers.logsCollection }}
+{{- $config = mustMergeOverwrite (include "otel.logsCollectionReceiver" . | fromYaml) $config }}
+{{- end }}
+{{- if .Values.presets.receivers.kubeletMetrics }}
+{{- $config = mustMergeOverwrite (include "otel.kubeletMetricsReceiver" . | fromYaml) $config }}
+{{- end }}
+{{- if .Values.presets.receivers.kubernetesEvent }}
+{{- $config = mustMergeOverwrite (include "otel.kubernetesEventReceiver" . | fromYaml) $config }}
+{{- end }}
+{{- if .Values.presets.receivers.kubernetesCluster }}
+{{- $config = mustMergeOverwrite (include "otel.kubernetesClusterReceiver" . | fromYaml) $config }}
+{{- end }}
+{{- if .Values.presets.receivers.statsd }}
+{{- $config = mustMergeOverwrite (include "otel.statsdReceiver" . | fromYaml) $config }}
+{{- end }}
+{{- if .Values.presets.receivers.otlp }}
+{{- $config = mustMergeOverwrite (include "otel.otlpReceiver" . | fromYaml) $config }}
+{{- end }}
+{{- $config = mustMergeOverwrite (include "otel.extensions" . | fromYaml) $config }}
+{{- $config = mustMergeOverwrite (include "otel.processors" . | fromYaml) $config }}
+{{- $config = mustMergeOverwrite (include "otel.service" . | fromYaml) $config }}
+{{- $config = mustMergeOverwrite (include "otel.exporter" . | fromYaml) $config }}
+{{- tpl (toYaml $config) . }}
+{{- end }}
+
+{{- define "otel.exporter" -}}
+exporters:
+  debug: {}
+  debug/detailed:
+    verbosity: detailed
+  prometheus:
+    endpoint: 0.0.0.0:9109
+{{- end }}
+
+{{- define "otel.extensions" -}}
+extensions:
+  health_check: {}
+  memory_ballast:
+    size_in_percentage: 40
+{{- end }}
+
+{{- define "otel.processors" -}}
+processors:
+  batch: {}
+  memory_limiter:
+    check_interval: 5s
+    limit_percentage: 80
+    spike_limit_percentage: 25
+  k8sattributes:
+    filter:
+      node_from_env_var: K8S_NODE_NAME
+    passthrough: false
+    pod_association:
+    - sources:
+      - from: resource_attribute
+        name: k8s.pod.ip
+    - sources:
+      - from: resource_attribute
+        name: k8s.pod.uid
+    - sources:
+      - from: connection
+    extract:
+      metadata:
+        - "k8s.namespace.name"
+        - "k8s.deployment.name"
+        - "k8s.statefulset.name"
+        - "k8s.daemonset.name"
+        - "k8s.cronjob.name"
+        - "k8s.job.name"
+        - "k8s.node.name"
+        - "k8s.pod.name"
+        - "k8s.pod.uid"
+        - "k8s.pod.start_time"
+      annotations:
+        - tag_name: $$1
+          key_regex: (.*)
+          from: pod
+      labels:
+        - tag_name: $$1
+          key_regex: (.*)
+          from: pod
+{{- end }}
+
+{{- define "otel.service" -}}
+service:
+  extensions:
+  - health_check
+  - memory_ballast
+  pipelines: {}
+  telemetry:
+    metrics:
+      address: ${env:POD_IP}:8888
+{{- end }}
\ No newline at end of file
diff --git a/charts/ctrlplane/charts/otel/templates/_helpers.tpl b/charts/ctrlplane/charts/otel/templates/_helpers.tpl
new file mode 100644
index 0000000..945fa6e
--- /dev/null
+++ b/charts/ctrlplane/charts/otel/templates/_helpers.tpl
@@ -0,0 +1,102 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "otel.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "otel.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "otel.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "otel.labels" -}}
+helm.sh/chart: {{ include "otel.chart" . }}
+{{ include "otel.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+ctrlplane.com/app-name: {{ include "otel.chart" . }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "otel.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "otel.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "otel.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "otel.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Returns the extraEnv keys and values to inject into containers.
+
+Global values will override any chart-specific values.
+*/}}
+{{- define "otel.extraEnv" -}}
+{{- $allExtraEnv := merge (default (dict) .local.extraEnv) .global.extraEnv -}}
+{{- range $key, $value := $allExtraEnv }}
+- name: {{ $key }}
+  value: {{ $value | quote }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Returns a list of _common_ labels to be shared across all
+app deployments and other shared objects.
+*/}}
+{{- define "otel.commonLabels" -}}
+{{- $commonLabels := default (dict) .Values.common.labels -}}
+{{- if $commonLabels }}
+{{-   range $key, $value := $commonLabels }}
+{{ $key }}: {{ $value | quote }}
+{{-   end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Returns a list of _pod_ labels to be shared across all
+app deployments.
+*/}}
+{{- define "otel.podLabels" -}}
+{{- range $key, $value := .Values.pod.labels }}
+{{ $key }}: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+
diff --git a/charts/ctrlplane/charts/otel/templates/_receivers.tpl b/charts/ctrlplane/charts/otel/templates/_receivers.tpl
new file mode 100644
index 0000000..cff369c
--- /dev/null
+++ b/charts/ctrlplane/charts/otel/templates/_receivers.tpl
@@ -0,0 +1,178 @@
+{{- define "otel.hostMetricsReceiver" -}}
+receivers:
+  hostmetrics:
+    root_path: /hostfs
+    collection_interval: 10s
+    scrapers:
+        cpu:
+        load:
+        memory:
+        disk:
+        filesystem:
+          exclude_mount_points:
+            mount_points:
+              - /dev/*
+              - /proc/*
+              - /sys/*
+              - /run/k3s/containerd/*
+              - /var/lib/docker/*
+              - /var/lib/kubelet/*
+              - /snap/*
+            match_type: regexp
+          exclude_fs_types:
+            fs_types:
+              - autofs
+              - binfmt_misc
+              - bpf
+              - cgroup2
+              - configfs
+              - debugfs
+              - devpts
+              - devtmpfs
+              - fusectl
+              - hugetlbfs
+              - iso9660
+              - mqueue
+              - nsfs
+              - overlay
+              - proc
+              - procfs
+              - pstore
+              - rpc_pipefs
+              - securityfs
+              - selinuxfs
+              - squashfs
+              - sysfs
+              - tracefs
+            match_type: strict
+        network:
+{{- end }}
+
+{{- define "otel.logsCollectionReceiver" -}}
+receivers:
+  filelog:
+    include: [ /var/log/pods/*/*/*.log ]
+    exclude: []
+    start_at: end
+    include_file_path: true
+    include_file_name: false
+    operators:
+      # Find out which format is used by kubernetes
+      - type: router
+        id: get-format
+        routes:
+          - output: parser-docker
+            expr: 'body matches "^\\{"'
+          - output: parser-crio
+            expr: 'body matches "^[^ Z]+ "'
+          - output: parser-containerd
+            expr: 'body matches "^[^ Z]+Z"'
+      # Parse CRI-O format
+      - type: regex_parser
+        id: parser-crio
+        regex: '^(?P<time>[^ Z]+) (?P<stream>stdout|stderr) (?P<logtag>[^ ]*) ?(?P<log>.*)$'
+        timestamp:
+          parse_from: attributes.time
+          layout_type: gotime
+          layout: '2006-01-02T15:04:05.999999999Z07:00'
+      - type: recombine
+        id: crio-recombine
+        output: extract_metadata_from_filepath
+        combine_field: attributes.log
+        source_identifier: attributes["log.file.path"]
+        is_last_entry: "attributes.logtag == 'F'"
+        combine_with: ""
+        max_log_size: 102400
+      # Parse CRI-Containerd format
+      - type: regex_parser
+        id: parser-containerd
+        regex: '^(?P<time>[^ ^Z]+Z) (?P<stream>stdout|stderr) (?P<logtag>[^ ]*) ?(?P<log>.*)$'
+        timestamp:
+          parse_from: attributes.time
+          layout: '%Y-%m-%dT%H:%M:%S.%LZ'
+      - type: recombine
+        id: containerd-recombine
+        output: extract_metadata_from_filepath
+        combine_field: attributes.log
+        source_identifier: attributes["log.file.path"]
+        is_last_entry: "attributes.logtag == 'F'"
+        combine_with: ""
+        max_log_size: 102400
+      # Parse Docker format
+      - type: json_parser
+        id: parser-docker
+        output: extract_metadata_from_filepath
+        timestamp:
+          parse_from: attributes.time
+          layout: '%Y-%m-%dT%H:%M:%S.%LZ'
+      # Extract metadata from file path
+      - type: regex_parser
+        id: extract_metadata_from_filepath
+        regex: '^.*\/(?P<namespace>[^_]+)_(?P<pod_name>[^_]+)_(?P<uid>[a-f0-9\-]+)\/(?P<container_name>[^\._]+)\/(?P<restart_count>\d+)\.log$'
+        parse_from: attributes["log.file.path"]
+      # Rename attributes
+      - type: move
+        from: attributes.stream
+        to: attributes["log.iostream"]
+      - type: move
+        from: attributes.container_name
+        to: resource["k8s.container.name"]
+      - type: move
+        from: attributes.namespace
+        to: resource["k8s.namespace.name"]
+      - type: move
+        from: attributes.pod_name
+        to: resource["k8s.pod.name"]
+      - type: move
+        from: attributes.restart_count
+        to: resource["k8s.container.restart_count"]
+      - type: move
+        from: attributes.uid
+        to: resource["k8s.pod.uid"]
+      # Clean up log body
+      - type: move
+        from: attributes.log
+        to: body
+{{- end }}
+
+{{- define "otel.kubeletMetricsReceiver" -}}
+receivers:
+  kubeletstats:
+    collection_interval: 20s
+    auth_type: "serviceAccount"
+    endpoint: "https://${env:K8S_NODE_NAME}:10250"
+    insecure_skip_verify: true
+{{- end }}
+
+{{- define "otel.kubernetesEventReceiver" -}}
+receivers:
+  k8sobjects:
+    objects:
+      - name: events
+        mode: "watch"
+        group: "events.k8s.io"
+        exclude_watch_type:
+          - "DELETED"
+{{- end }}
+
+{{- define "otel.kubernetesClusterReceiver" -}}
+receivers:
+  k8s_cluster:
+    collection_interval: 10s
+{{- end }}
+
+{{- define "otel.statsdReceiver" -}}
+receivers:
+  statsd:
+    endpoint: 0.0.0.0:8125
+{{- end }}
+
+{{- define "otel.otlpReceiver" -}}
+receivers:
+  otlp:
+    protocols:
+      grpc:
+        endpoint: 0.0.0.0:4317
+      http:
+        endpoint: 0.0.0.0:4318
+{{- end }}
\ No newline at end of file
diff --git a/charts/ctrlplane/charts/otel/templates/clusterrole.yaml b/charts/ctrlplane/charts/otel/templates/clusterrole.yaml
new file mode 100644
index 0000000..8de9a1e
--- /dev/null
+++ b/charts/ctrlplane/charts/otel/templates/clusterrole.yaml
@@ -0,0 +1,54 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "otel.fullname" . }}
+  namespace: {{ $.Release.Namespace }}
+  labels:
+    {{- include "ctrlplane.commonLabels" . | nindent 4 }}
+    {{- include "otel.commonLabels" . | nindent 4 }}
+    {{- include "otel.labels" . | nindent 4 }}
+    {{- if .Values.clusterRole.labels -}}
+    {{-   toYaml .Values.clusterRole.labels | nindent 4 }}
+    {{- end }}
+  annotations:
+    {{- if .Values.clusterRole.annotations -}}
+    {{-   toYaml .Values.clusterRole.annotations | nindent 4 }}
+    {{- end }}
+rules:
+  # kubernetesAttributes
+  - apiGroups: [""]
+    resources: ["pods", "namespaces"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups: ["apps"]
+    resources: ["replicasets"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["extensions"]
+    resources: ["replicasets"]
+    verbs: ["get", "list", "watch"]
+
+  # clusterMetrics
+  - apiGroups: [""]
+    resources: ["events", "namespaces", "namespaces/status", "nodes", "nodes/spec", "pods", "pods/status", "replicationcontrollers", "replicationcontrollers/status", "resourcequotas", "services" ]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["apps"]
+    resources: ["daemonsets", "deployments", "replicasets", "statefulsets"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["extensions"]
+    resources: ["daemonsets", "deployments", "replicasets"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["batch"]
+    resources: ["jobs", "cronjobs"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["autoscaling"]
+    resources: ["horizontalpodautoscalers"]
+    verbs: ["get", "list", "watch"]
+
+  # kubeletMetrics
+  - apiGroups: [""]
+    resources: ["nodes/stats"]
+    verbs: ["get", "watch", "list"]
+
+  # kubernetesEvents
+  - apiGroups: ["events.k8s.io"]
+    resources: ["events"]
+    verbs: ["watch", "list"]
\ No newline at end of file
diff --git a/charts/ctrlplane/charts/otel/templates/clusterrolebinding.yaml b/charts/ctrlplane/charts/otel/templates/clusterrolebinding.yaml
new file mode 100644
index 0000000..8e902da
--- /dev/null
+++ b/charts/ctrlplane/charts/otel/templates/clusterrolebinding.yaml
@@ -0,0 +1,23 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "otel.fullname" . }}
+  labels:
+    {{- include "ctrlplane.commonLabels" . | nindent 4 }}
+    {{- include "otel.commonLabels" . | nindent 4 }}
+    {{- include "otel.labels" . | nindent 4 }}
+    {{- if .Values.clusterRole.labels -}}
+    {{-   toYaml .Values.clusterRole.labels | nindent 4 }}
+    {{- end }}
+  annotations:
+    {{- if .Values.clusterRole.annotations -}}
+    {{-   toYaml .Values.clusterRole.annotations | nindent 4 }}
+    {{- end }}
+roleRef:
+  kind: ClusterRole
+  apiGroup: rbac.authorization.k8s.io
+  name: {{ include "otel.fullname" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "otel.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
diff --git a/charts/ctrlplane/charts/otel/templates/configmap.yaml b/charts/ctrlplane/charts/otel/templates/configmap.yaml
new file mode 100644
index 0000000..a9d5857
--- /dev/null
+++ b/charts/ctrlplane/charts/otel/templates/configmap.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "otel.fullname" . }}
+  labels:
+    {{- include "ctrlplane.commonLabels" . | nindent 4 }}
+    {{- include "otel.commonLabels" . | nindent 4 }}
+    {{- include "otel.labels" . | nindent 4 }}
+    {{- if .Values.configMap.labels -}}
+    {{-   toYaml .Values.configMap.labels | nindent 4 }}
+    {{- end }}
+  annotations:
+    {{- if .Values.configMap.annotations -}}
+    {{-   toYaml .Values.configMap.annotations | nindent 4 }}
+    {{- end }}
+data:
+  config: |
+    {{- include "otel.config" . | nindent 4 -}}
\ No newline at end of file
diff --git a/charts/ctrlplane/charts/otel/templates/deployment.yaml b/charts/ctrlplane/charts/otel/templates/deployment.yaml
new file mode 100644
index 0000000..5baef8b
--- /dev/null
+++ b/charts/ctrlplane/charts/otel/templates/deployment.yaml
@@ -0,0 +1,91 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "otel.fullname" . }}
+  labels:
+    {{- include "otel.labels" . | nindent 4 }}
+    {{- if .Values.deployment.labels -}}
+    {{-   toYaml .Values.deployment.labels | nindent 4 }}
+    {{- end }}
+  annotations:
+    {{- if .Values.deployment.annotations -}}
+    {{-   toYaml .Values.deployment.annotations | nindent 4 }}
+    {{- end }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      {{- include "ctrlplane.selectorLabels" $ | nindent 6 }}
+      {{- include "otel.labels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "otel.commonLabels" . | nindent 8 }}
+        {{- include "otel.podLabels" . | nindent 8 }}
+        {{- include "otel.labels" . | nindent 8 }}
+      annotations:
+        checksum/configmap: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum | trunc 63 }}
+        {{- if .Values.pod.annotations -}}
+        {{-   toYaml .Values.pod.annotations | nindent 4 }}
+        {{- end }}
+    spec:
+      serviceAccountName: {{ include "otel.serviceAccountName" . }}
+      {{- if .tolerations }}
+      tolerations:
+        {{- toYaml .tolerations | nindent 8 }}
+      {{- end }}
+      {{- include "ctrlplane.nodeSelector" . | nindent 6 }}
+      {{- include "ctrlplane.priorityClassName" . | nindent 6 }}
+      {{- include "ctrlplane.podSecurityContext" .Values.pod.securityContext | nindent 6 }}
+      containers:
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          command:
+            - /otelcol-contrib
+            - --config=/conf/config.yaml
+          ports:
+            - name: otlp
+              containerPort: 4317
+              protocol: TCP
+            - name: otlp-http
+              containerPort: 4318
+              protocol: TCP
+            - name: prometheus
+              containerPort: 9109
+              protocol: TCP
+            - name: statsd
+              containerPort: 8125
+              protocol: TCP
+          env:
+            - name: K8S_NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: status.podIP
+            {{- include "otel.extraEnv" (dict "global" $.Values.global "local" .Values) | nindent 12 }}
+            {{- include "ctrlplane.extraEnvFrom" (dict "root" $ "local" .) | nindent 12 }}
+          livenessProbe:
+            httpGet:
+              path: /
+              port: 13133
+          readinessProbe:
+            httpGet:
+              path: /
+              port: 13133
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          volumeMounts:
+            - mountPath: /conf
+              name: config
+      volumes:
+        - name: config
+          configMap:
+            name: {{ include "otel.fullname" . }}
+            items:
+              - key: config
+                path: config.yaml
+      hostNetwork: false
diff --git a/charts/ctrlplane/charts/otel/templates/service.yaml b/charts/ctrlplane/charts/otel/templates/service.yaml
new file mode 100644
index 0000000..55231b6
--- /dev/null
+++ b/charts/ctrlplane/charts/otel/templates/service.yaml
@@ -0,0 +1,35 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "otel.fullname" . }}
+  labels:
+    {{- include "ctrlplane.commonLabels" . | nindent 4 }}
+    {{- include "otel.labels" . | nindent 4 }}
+    {{- include "otel.commonLabels" . | nindent 4 }}
+    {{- if .Values.service.labels -}}
+    {{-   toYaml .Values.service.labels | nindent 4 }}
+    {{- end }}
+  annotations:
+    prometheus.io/scrape: 'true'
+    prometheus.io/path: '/metrics'
+    prometheus.io/port: '9109'
+    {{- if .Values.service.annotations -}}
+    {{-   toYaml .Values.service.annotations | nindent 4 }}
+    {{- end }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: 9109
+      protocol: TCP
+      name: otel-exporter
+    - port: 8125
+      protocol: TCP
+      name: statsd
+    - port: 4317
+      protocol: TCP
+      name: otlp-grpc
+    - port: 4318
+      protocol: TCP
+      name: otlp-http
+  selector:
+    {{- include "otel.labels" . | nindent 4 }}
\ No newline at end of file
diff --git a/charts/ctrlplane/charts/otel/templates/serviceaccount.yaml b/charts/ctrlplane/charts/otel/templates/serviceaccount.yaml
new file mode 100644
index 0000000..25ad13d
--- /dev/null
+++ b/charts/ctrlplane/charts/otel/templates/serviceaccount.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "otel.serviceAccountName" . }}
+  labels:
+    {{- include "ctrlplane.commonLabels" . | nindent 4 }}
+    {{- include "otel.commonLabels" . | nindent 4 }}
+    {{- include "otel.labels" . | nindent 4 }}
+    {{- if .Values.serviceAccount.labels -}}
+    {{-   toYaml .Values.serviceAccount.labels | nindent 4 }}
+    {{- end }}
+  annotations:
+    {{- if .Values.serviceAccount.annotations -}}
+    {{-   toYaml .Values.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
diff --git a/charts/ctrlplane/charts/otel/trace_test.py b/charts/ctrlplane/charts/otel/trace_test.py
new file mode 100644
index 0000000..22b1498
--- /dev/null
+++ b/charts/ctrlplane/charts/otel/trace_test.py
@@ -0,0 +1,29 @@
+# kubectl port-forward services/ctrlplane-otel 4317:4317
+# pip install opentelemetry-api opentelemetry-sdk opentelemetry-exporter-otlp-proto-grpc
+
+from opentelemetry import trace
+from opentelemetry.exporter.otlp.proto.grpc.trace_exporter import OTLPSpanExporter
+from opentelemetry.sdk.trace import TracerProvider
+from opentelemetry.sdk.trace.export import BatchSpanProcessor
+
+# Configure the tracer to export traces to OTLP endpoint
+otlp_exporter = OTLPSpanExporter(
+    # This example assumes you're using gRPC. For HTTP, use OTLPSpanExporter as well.
+    endpoint="localhost:4317",
+    insecure=True  # Use False for secure (TLS) communication
+)
+
+# Set the tracer provider and associate it with the OTLP exporter
+trace.set_tracer_provider(TracerProvider())
+trace.get_tracer_provider().add_span_processor(BatchSpanProcessor(otlp_exporter))
+
+# Create a tracer
+tracer = trace.get_tracer(__name__)
+
+# Start a span, this represents a single trace
+with tracer.start_as_current_span("sample-trace"):
+    # Simulate some processing...
+    print("This is a sample trace sent to OTLP endpoint.")
+
+# Note: In a real application, the script doesn't end immediately after a trace,
+# allowing the exporter to send the trace. Ensure proper shutdown in production code.
\ No newline at end of file
diff --git a/charts/ctrlplane/charts/otel/values.yaml b/charts/ctrlplane/charts/otel/values.yaml
new file mode 100644
index 0000000..b4c25e5
--- /dev/null
+++ b/charts/ctrlplane/charts/otel/values.yaml
@@ -0,0 +1,66 @@
+nameOverride: ""
+fullnameOverride: ""
+
+config: {}
+presets:
+  receivers:
+    hostMetrics: false
+    logsCollection: false
+    kubeletMetrics: false
+    kubernetesEvent: false
+    kubernetesCluster: false
+    statsd: true
+    otlp: true
+
+image:
+  repository: otel/opentelemetry-collector-contrib
+  tag: 0.109.0
+  pullPolicy: IfNotPresent
+  # pullSecrets: []
+
+# Tolerations for pod scheduling
+tolerations: []
+
+extraEnv: {}
+extraEnvFrom: {}
+
+extraCors: []
+
+service: {}
+
+pod:
+  securityContext:
+    fsGroup: 0
+    fsGroupChangePolicy: "OnRootMismatch"
+  labels: {}
+  annotations: {}
+
+clusterRole:
+  annotations: {}
+  labels: {}
+
+common:
+  labels: {}
+  annotations: {}
+
+deployment:
+  labels: {}
+  annotations: {}
+
+configMap:
+  annotations: {}
+  labels: {}
+
+resources:
+  requests:
+    cpu: 500m
+    memory: 300Mi
+  limits:
+    cpu: 1000m
+    memory: 750Mi
+
+serviceAccount:
+  create: true
+
+role: {}
+roleBinding: {}
diff --git a/charts/ctrlplane/charts/webservice/templates/deployment.yaml b/charts/ctrlplane/charts/webservice/templates/deployment.yaml
index 1009c41..d1ddebe 100644
--- a/charts/ctrlplane/charts/webservice/templates/deployment.yaml
+++ b/charts/ctrlplane/charts/webservice/templates/deployment.yaml
@@ -87,6 +87,8 @@ spec:
                 secretKeyRef:
                   name: {{ .secretRef }}
                   key: GITHUB_BOT_PRIVATE_KEY
+            - name: OTEL_EXPORTER_OTLP_ENDPOINT
+              value: http://{{ .Release.Name }}-otel:4318
             {{- end }}
             {{- include "ctrlplane.extraEnv" . | nindent 12 }}
             {{- include "ctrlplane.extraEnvFrom" (dict "root" $ "local" .) | nindent 12 }}