Otel collector integration (#519)

* adding otel integration

* fixing naming, configuration, mounts for netdata-otel feat

* changes to docs, checks, otel values

* fixing deployment template for otel

* Removing debug log level from otel, testing doc checks

* Updating documentation

* values table in non-html

* removing long desc from some values

* changes to workflows - release and checks

install steps in cheks now wait for resources, archive is no longer in
the branch - it is pulled during the tests and release.

* adding security context

* removing helm install step from release (not needed)

* updates to docs

* streamlining port change for netdataopentelemetry

---------

Co-authored-by: Mateusz <m4itee@bularz.net>

Author: M4itee

.github/workflows/checks.yml

@@ -32,6 +32,26 @@ jobs:
             echo "changed=true" >> $GITHUB_OUTPUT
           fi
 
+      - name: Install helm-docs
+        run: |
+          GOBIN=/usr/local/bin/ go install github.com/norwoodj/helm-docs/cmd/helm-docs@v1.14.2
+
+      - name: Add helm repo for otel
+        run: |
+          helm repo add opentelemetry-collector https://open-telemetry.github.io/opentelemetry-helm-charts
+
+      - name: Build chart dependencies
+        run: |
+          helm dependency build charts/netdata
+
+      - name: Check documentation is up-to-date
+        run: |
+          ./generate-documentation.sh
+          if ! git diff --exit-code charts/netdata/README.md; then
+            echo "::error::README.md is out of date. Please run ./generate-documentation.sh and commit the changes."
+            exit 1
+          fi
+
       - name: Run chart-testing (lint)
         run: ct lint --check-version-increment=false --validate-maintainers=false --target-branch ${{ github.event.repository.default_branch }}
 
@@ -41,3 +61,6 @@ jobs:
 
       - name: Run chart-testing (install)
         run: ct install --target-branch ${{ github.event.repository.default_branch }}
+
+      - name: Run chart-testing (install with OpenTelemetry)
+        run: ct install --target-branch ${{ github.event.repository.default_branch }} --helm-extra-set-args "--set netdataOpentelemetry.enabled=true --set otel-collector.enabled=true"

.github/workflows/release.yml

@@ -29,6 +29,14 @@ jobs:
           git config --global user.name Netdatabot
           git config --global user.email bot@netdata.cloud
 
+      - name: Add helm repo for dependencies
+        run: |
+          helm repo add opentelemetry-collector https://open-telemetry.github.io/opentelemetry-helm-charts
+
+      - name: Build chart dependencies
+        run: |
+          helm dependency build charts/netdata
+
       - name: Get current version
         id: get_current_var
         run: echo "current_version=$(.github/scripts/update_versions.py get_chart_version)" >> $GITHUB_OUTPUT

charts/netdata/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: opentelemetry-collector
+  repository: https://open-telemetry.github.io/opentelemetry-helm-charts
+  version: 0.144.0
+digest: sha256:4386d6f39c3aacd5eeb07d40dcc23404d33001d1c6a90e8843d5fa9bd1b34f24
+generated: "2026-01-29T13:37:43.621411516+01:00"

charts/netdata/Chart.yaml

@@ -16,3 +16,9 @@ maintainers:
     email: cloud-sre@netdata.cloud
 icon: https://netdata.github.io/helmchart/logo.png
 appVersion: v2.9.0
+dependencies:
+  - name: opentelemetry-collector
+    alias: otel-collector
+    version: "0.144.0"
+    repository: "https://open-telemetry.github.io/opentelemetry-helm-charts"
+    condition: otel-collector.enabled

charts/netdata/README.md

@@ -160,3 +160,31 @@ Return the secret data for the k8s state configuration, when you setup storedTyp
 {{- end -}}
 {{- end -}}
 {{- end -}}
+
+{{/*
+Return the configmap data for the netdata OpenTelemetry configuration. Configmap is the default choice for storing configuration.
+*/}}
+{{- define "netdata.netdataOpentelemetry.configs.configmap" -}}
+{{- range $name, $config := .Values.netdataOpentelemetry.configs -}}
+{{- $found := false -}}
+{{- if and $config.enabled (eq $config.storedType "configmap") -}}
+{{- $found = true -}}
+{{- else if and $config.enabled (ne $config.storedType "secret") -}}
+{{- $found = true -}}
+{{- end -}}
+{{- if $found }}
+{{ $name }}: {{ tpl $config.data $ | toYaml | indent 4 | trim }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the secret data for the netdata OpenTelemetry configuration, when you setup storedType as a secret.
+*/}}
+{{- define "netdata.netdataOpentelemetry.configs.secret" -}}
+{{- range $name, $config := .Values.netdataOpentelemetry.configs -}}
+{{- if and $config.enabled (eq $config.storedType "secret") }}
+{{ $name }}: {{ tpl $config.data $ | b64enc }}
+{{- end -}}
+{{- end -}}
+{{- end -}}

charts/netdata/templates/_helpers.tpl

@@ -0,0 +1,16 @@
+{{- $configmapOtel := include "netdata.netdataOpentelemetry.configs.configmap" . }}
+{{- if and .Values.netdataOpentelemetry.enabled $configmapOtel }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: netdata-conf-otel
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ template "netdata.name" . }}
+    chart: {{ template "netdata.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+data:
+  {{ $configmapOtel | indent 2 }}
+{{- end }}

charts/netdata/templates/netdata-otel/configmap.yaml

@@ -0,0 +1,183 @@
+{{- if .Values.netdataOpentelemetry.enabled }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "netdata.name" . }}-otel
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ template "netdata.name" . }}
+    chart: {{ template "netdata.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+    role: otel
+spec:
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: {{ template "netdata.name" . }}
+      release: {{ .Release.Name }}
+      role: otel
+  template:
+    metadata:
+      annotations:
+      {{- if .Values.netdataOpentelemetry.podAnnotationAppArmor.enabled }}
+        container.apparmor.security.beta.kubernetes.io/{{ .Chart.Name }}: unconfined
+      {{- end }}
+        checksum/config: {{ print (include (print $.Template.BasePath "/netdata-otel/configmap.yaml") .) (include (print $.Template.BasePath "/netdata-otel/secrets.yaml") .) | sha256sum }}
+{{- with .Values.netdataOpentelemetry.podAnnotations }}
+{{ toYaml . | trim | indent 8 }}
+{{- end }}
+      labels:
+        app: {{ template "netdata.name" . }}
+        release: {{ .Release.Name }}
+        role: otel
+{{- with .Values.netdataOpentelemetry.podLabels }}
+{{ toYaml . | trim | indent 8 }}
+{{- end }}
+    spec:
+      securityContext:
+          fsGroup: {{ .Values.netdataOpentelemetry.securityContext.fsGroup }}
+      serviceAccountName: {{ .Values.serviceAccount.name }}
+      restartPolicy: Always
+      {{- if .Values.netdataOpentelemetry.priorityClassName }}
+      priorityClassName: "{{ .Values.netdataOpentelemetry.priorityClassName }}"
+      {{- end }}
+      {{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+{{ toYaml .Values.imagePullSecrets | indent 8 }}
+      {{- end }}
+      initContainers:
+      {{- if .Values.sysctlInitContainer.enabled }}
+        - name: init-sysctl
+          image: "{{ .Values.initContainersImage.repository }}:{{ .Values.initContainersImage.tag }}"
+          imagePullPolicy: {{ .Values.initContainersImage.pullPolicy }}
+          command:
+{{ toYaml .Values.sysctlInitContainer.command | indent 12 }}
+          securityContext:
+            runAsNonRoot: false
+            privileged: true
+            runAsUser: 0
+          resources:
+{{ toYaml .Values.sysctlInitContainer.resources | indent 12 }}
+      {{- end }}
+      containers:
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}:{{ tpl .Values.image.tag . }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          env:
+            - name: MY_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: MY_POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- if .Values.netdataOpentelemetry.claiming.enabled }}
+            - name: NETDATA_CLAIM_URL
+              value: "{{ .Values.netdataOpentelemetry.claiming.url }}"
+            {{- if .Values.netdataOpentelemetry.claiming.token }}
+            - name: NETDATA_CLAIM_TOKEN
+              value: "{{ .Values.netdataOpentelemetry.claiming.token }}"
+            {{- end }}
+            {{- if .Values.netdataOpentelemetry.claiming.rooms }}
+            - name: NETDATA_CLAIM_ROOMS
+              value: "{{ .Values.netdataOpentelemetry.claiming.rooms }}"
+            {{- end }}
+            {{- end }}
+            - name: NETDATA_LISTENER_PORT
+              value: '{{ tpl (.Values.netdataOpentelemetry.port | toString) . }}'
+            {{- range $key, $value := .Values.netdataOpentelemetry.env }}
+            - name: {{ $key }}
+              value: {{ $value | quote }}
+            {{- end }}
+          {{- with .Values.netdataOpentelemetry.envFrom }}
+          envFrom:
+{{ toYaml . | indent 12 }}
+          {{- end }}
+          ports:
+            - name: http
+              containerPort: {{ tpl (.Values.netdataOpentelemetry.port | toString) . }}
+              protocol: TCP
+            - name: otel
+              containerPort: {{ tpl (.Values.netdataOpentelemetry.service.port | toString) . }}
+              protocol: TCP
+          livenessProbe:
+            exec:
+              command:
+                - /usr/sbin/netdatacli
+                - ping
+            initialDelaySeconds: {{ .Values.netdataOpentelemetry.livenessProbe.initialDelaySeconds }}
+            failureThreshold: {{ .Values.netdataOpentelemetry.livenessProbe.failureThreshold }}
+            periodSeconds: {{ .Values.netdataOpentelemetry.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.netdataOpentelemetry.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.netdataOpentelemetry.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            exec:
+              command:
+                - /usr/sbin/netdatacli
+                - ping
+            initialDelaySeconds: {{ .Values.netdataOpentelemetry.readinessProbe.initialDelaySeconds }}
+            failureThreshold: {{ .Values.netdataOpentelemetry.readinessProbe.failureThreshold }}
+            periodSeconds: {{ .Values.netdataOpentelemetry.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.netdataOpentelemetry.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.netdataOpentelemetry.readinessProbe.timeoutSeconds }}
+          securityContext:
+            runAsUser: {{ .Values.netdataOpentelemetry.securityContext.runAsUser }}
+            runAsGroup: {{ .Values.netdataOpentelemetry.securityContext.runAsGroup }}
+          volumeMounts:
+            - name: os-release
+              mountPath: /host/etc/os-release
+            {{- range $name, $config := .Values.netdataOpentelemetry.configs }}
+            {{- if $config.enabled }}
+            - name: {{ ternary "configmap" "configsecret" (ne $config.storedType "secret") }}
+              mountPath: {{ $config.path }}
+              subPath: {{ $name }}
+            {{- end }}
+            {{- end }}
+            {{- if .Values.netdataOpentelemetry.persistence.enabled }}
+            - name: varlog
+              mountPath: /var/log/netdata/otel
+            {{- end }}
+            {{- if .Values.netdataOpentelemetry.extraVolumeMounts -}}
+{{ toYaml .Values.netdataOpentelemetry.extraVolumeMounts | nindent 12 }}
+            {{- end }}
+          resources:
+{{ toYaml .Values.netdataOpentelemetry.resources | indent 12 }}
+    {{- with .Values.netdataOpentelemetry.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.netdataOpentelemetry.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.netdataOpentelemetry.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.netdataOpentelemetry.terminationGracePeriodSeconds }}
+      volumes:
+        - name: os-release
+          hostPath:
+            path: /etc/os-release
+        - name: configmap
+          configMap:
+            name: netdata-conf-otel
+            optional: true
+        - name: configsecret
+          secret:
+            secretName: netdata-conf-otel
+            optional: true
+        {{- if .Values.netdataOpentelemetry.persistence.enabled }}
+        - name: varlog
+          persistentVolumeClaim:
+            claimName: {{ template "netdata.name" . }}-otel-varlog
+        {{- end }}
+        {{- if .Values.netdataOpentelemetry.extraVolumes }}
+{{ toYaml .Values.netdataOpentelemetry.extraVolumes | indent 8}}
+        {{- end }}
+      dnsPolicy: {{ .Values.netdataOpentelemetry.dnsPolicy }}
+{{- end }}

charts/netdata/templates/netdata-otel/deployment.yaml

@@ -0,0 +1,22 @@
+{{- if and .Values.netdataOpentelemetry.enabled .Values.netdataOpentelemetry.persistence.enabled }}
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ template "netdata.name" . }}-otel-varlog
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ template "netdata.name" . }}
+    chart: {{ template "netdata.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+    role: otel
+spec:
+  accessModes: [ "ReadWriteOnce" ]
+  {{- if (ne "-" .Values.netdataOpentelemetry.persistence.storageclass) }}
+  storageClassName: "{{ .Values.netdataOpentelemetry.persistence.storageclass }}"
+  {{- end }}
+  resources:
+    requests:
+      storage: {{ .Values.netdataOpentelemetry.persistence.volumesize }}
+{{- end }}

charts/netdata/templates/netdata-otel/persistentvolumeclaim.yaml

@@ -0,0 +1,17 @@
+{{- $secretOtel := include "netdata.netdataOpentelemetry.configs.secret" . }}
+{{- if and .Values.netdataOpentelemetry.enabled $secretOtel }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: netdata-conf-otel
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ template "netdata.name" . }}
+    chart: {{ template "netdata.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+type: Opaque
+data:
+  {{ $secretOtel | indent 2 }}
+{{- end }}