Update otelcontribcol to latest

Makefile

@@ -89,7 +89,7 @@ COSIGN := $(BIN_DIR)/cosign
 GIT_SYNC_VERSION := v4.3.0-gke.4__linux_amd64
 GIT_SYNC_IMAGE_NAME := gcr.io/config-management-release/git-sync:$(GIT_SYNC_VERSION)
 
-OTELCONTRIBCOL_VERSION := v0.103.0-gke.6
+OTELCONTRIBCOL_VERSION := v0.115.0-gke.0
 OTELCONTRIBCOL_IMAGE_NAME := gcr.io/config-management-release/otelcontribcol:$(OTELCONTRIBCOL_VERSION)
 
 # Directory used for staging Docker contexts.

e2e/testdata/otel-collector/otel-cm-full-gcm.yaml

@@ -17,9 +17,10 @@ data:
   otel-collector-config.yaml: |-
     receivers:
       opencensus:
+        endpoint: 0.0.0.0:55678
     exporters:
       prometheus:
-        endpoint: :8675
+        endpoint: 0.0.0.0:8675
         namespace: config_sync
         resource_to_telemetry_conversion:
           enabled: true
@@ -303,6 +304,7 @@ data:
                 aggregation_type: max
     extensions:
       health_check:
+        endpoint: 0.0.0.0:13133
     service:
       extensions: [health_check]
       pipelines:

e2e/testdata/otel-collector/otel-cm-kustomize-rejected-labels.yaml

@@ -21,9 +21,10 @@ data:
   otel-collector-config.yaml: |-
     receivers:
       opencensus:
+        endpoint: 0.0.0.0:55678
     exporters:
       prometheus:
-        endpoint: :8675
+        endpoint: 0.0.0.0:8675
         namespace: config_sync
         resource_to_telemetry_conversion:
           enabled: true
@@ -258,6 +259,7 @@ data:
                 aggregation_type: max
     extensions:
       health_check:
+        endpoint: 0.0.0.0:13133
     service:
       extensions: [health_check]
       pipelines:

e2e/testdata/otel-collector/otel-cm-monarch-rejected-labels.yaml

@@ -21,9 +21,10 @@ data:
   otel-collector-config.yaml: |-
     receivers:
       opencensus:
+        endpoint: 0.0.0.0:55678
     exporters:
       prometheus:
-        endpoint: :8675
+        endpoint: 0.0.0.0:8675
         namespace: config_sync
         resource_to_telemetry_conversion:
           enabled: true
@@ -167,6 +168,7 @@ data:
           new_name: no_ssl_verify_count
     extensions:
       health_check:
+        endpoint: 0.0.0.0:13133
     service:
       extensions: [health_check]
       pipelines:

manifests/base/kustomization.yaml

@@ -23,6 +23,7 @@ resources:
 - ../ns-reconciler-base-cluster-role.yaml
 - ../root-reconciler-base-cluster-role.yaml
 - ../otel-agent-cm.yaml
+- ../otel-agent-reconciler-cm.yaml
 - ../reconciler-manager-service-account.yaml
 - ../reposync-crd.yaml
 - ../rootsync-crd.yaml

manifests/otel-agent-cm.yaml

@@ -26,43 +26,27 @@ data:
   otel-agent-config.yaml: |
     receivers:
       opencensus:
+        endpoint: 0.0.0.0:55678
     exporters:
       opencensus:
         endpoint: otel-collector.config-management-monitoring:55678
         tls:
           insecure: true
     processors:
-      # Attributes processor adds custom configsync metric labels to applicable
-      # metrics to identify the sync object used to configure this deployment.
-      #
-      # Note: configsync.sync.generation is explicitly excluded here, because it
-      # is high cardinality. So we don't want to send it as a label, only as a
-      # resource attribute. That way it's only propagated to Prometheus, and not
-      # Monarch or Cloud Monitoring, which ignore custom resource attributes.
-      attributes:
-        actions:
-          - key: configsync.sync.kind
-            action: upsert
-            value: $CONFIGSYNC_SYNC_KIND
-          - key: configsync.sync.name
-            action: upsert
-            value: $CONFIGSYNC_SYNC_NAME
-          - key: configsync.sync.namespace
-            action: upsert
-            value: $CONFIGSYNC_SYNC_NAMESPACE
       batch:
       # Populate resource attributes from OTEL_RESOURCE_ATTRIBUTES env var and
       # the GCE metadata service, if available.
       resourcedetection:
         detectors: [env, gcp]
     extensions:
       health_check:
+        endpoint: 0.0.0.0:13133
     service:
       extensions: [health_check]
       pipelines:
         metrics:
           receivers: [opencensus]
-          processors: [batch, resourcedetection, attributes]
+          processors: [batch, resourcedetection]
           exporters: [opencensus]
       telemetry:
         logs:

manifests/otel-agent-reconciler-cm.yaml

@@ -0,0 +1,71 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: otel-agent-reconciler
+  namespace: config-management-system
+  labels:
+    app: opentelemetry
+    component: otel-agent
+    configmanagement.gke.io/system: "true"
+    configmanagement.gke.io/arch: "csmr"
+data:
+  otel-agent-reconciler-config.yaml: |
+    receivers:
+      opencensus:
+        endpoint: 0.0.0.0:55678
+    exporters:
+      opencensus:
+        endpoint: otel-collector.config-management-monitoring:55678
+        tls:
+          insecure: true
+    processors:
+      # Attributes processor adds custom configsync metric labels to applicable
+      # metrics to identify the sync object used to configure this deployment.
+      #
+      # Note: configsync.sync.generation is explicitly excluded here, because it
+      # is high cardinality. So we don't want to send it as a label, only as a
+      # resource attribute. That way it's only propagated to Prometheus, and not
+      # Monarch or Cloud Monitoring, which ignore custom resource attributes.
+      attributes:
+        actions:
+          - key: configsync.sync.kind
+            action: upsert
+            value: ${CONFIGSYNC_SYNC_KIND}
+          - key: configsync.sync.name
+            action: upsert
+            value: ${CONFIGSYNC_SYNC_NAME}
+          - key: configsync.sync.namespace
+            action: upsert
+            value: ${CONFIGSYNC_SYNC_NAMESPACE}
+      batch:
+      # Populate resource attributes from OTEL_RESOURCE_ATTRIBUTES env var and
+      # the GCE metadata service, if available.
+      resourcedetection:
+        detectors: [env, gcp]
+    extensions:
+      health_check:
+        endpoint: 0.0.0.0:13133
+    service:
+      extensions: [health_check]
+      pipelines:
+        metrics:
+          receivers: [opencensus]
+          processors: [batch, resourcedetection, attributes]
+          exporters: [opencensus]
+      telemetry:
+        logs:
+          level: "INFO"

manifests/templates/otel-collector.yaml

@@ -26,16 +26,18 @@ data:
   otel-collector-config.yaml: |
     receivers:
       opencensus:
+        endpoint: 0.0.0.0:55678
     exporters:
       prometheus:
-        endpoint: :8675
+        endpoint: 0.0.0.0:8675
         namespace: config_sync
         resource_to_telemetry_conversion:
           enabled: true
     processors:
       batch:
     extensions:
       health_check:
+        endpoint: 0.0.0.0:13133
     service:
       extensions: [health_check]
       pipelines:
@@ -66,6 +68,25 @@ spec:
     port: 8888
   - name: metrics # Prometheus exporter metrics.
     port: 8675
+  - name: health-check
+    port: 13133
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-port-ingress
+  namespace: config-management-monitoring
+spec:
+  podSelector:
+    matchLabels:
+      app: opentelemetry
+      component: otel-collector
+  ingress:
+  - from:
+    - namespaceSelector: {}
+    ports:
+    - protocol: TCP
+      port: 55678
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -112,6 +133,7 @@ spec:
         - containerPort: 55678 # Default endpoint for OpenCensus receiver.
         - containerPort: 8888  # Default endpoint for querying metrics.
         - containerPort: 8675  # Prometheus exporter metrics.
+        - containerPort: 13133 # Health check
         securityContext:
           allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true

manifests/templates/reconciler-manager-configmap.yaml

@@ -175,7 +175,7 @@ data:
            command:
            - /otelcontribcol
            args:
-           - "--config=/conf/otel-agent-config.yaml"
+           - "--config=/conf/otel-agent-reconciler-config.yaml"
            # The prometheus transformer appends `_ratio` to gauge metrics: https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/v0.86.0/pkg/translator/prometheus/normalize_name.go#L149
            # Add the feature gate to enable metric suffix trimming.
            - "--feature-gates=-pkg.translator.prometheus.NormalizeName"
@@ -190,8 +190,10 @@ data:
              protocol: TCP
            - containerPort: 8888  # Metrics.
              protocol: TCP
+           - containerPort: 13133 # Health check
+             protocol: TCP
            volumeMounts:
-           - name: otel-agent-config-vol
+           - name: otel-agent-config-reconciler-vol
              mountPath: /conf
            readinessProbe:
              httpGet:
@@ -282,9 +284,9 @@ data:
            secret:
              secretName: git-creds
              defaultMode: 288
-         - name: otel-agent-config-vol
+         - name: otel-agent-config-reconciler-vol
            configMap:
-             name: otel-agent
+             name: otel-agent-reconciler
              defaultMode: 420
          - name: service-account
            emptyDir: {}

manifests/templates/reconciler-manager.yaml

@@ -81,6 +81,7 @@ spec:
         ports:
         - containerPort: 55678 # Default OpenCensus receiver port.
         - containerPort: 8888  # Metrics.
+        - containerPort: 13133 # Health check
         securityContext:
           allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true

manifests/templates/resourcegroup-manifest.yaml

@@ -155,6 +155,7 @@ data:
   otel-agent-config.yaml: |
     receivers:
       opencensus:
+        endpoint: 0.0.0.0:55678
     exporters:
       opencensus:
         endpoint: otel-collector.config-management-monitoring:55678
@@ -168,6 +169,7 @@ data:
         detectors: [env, gcp]
     extensions:
       health_check:
+        endpoint: 0.0.0.0:13133
     service:
       extensions: [health_check]
       pipelines:
@@ -272,6 +274,7 @@ spec:
         ports:
         - containerPort: 55678
         - containerPort: 8888
+        - containerPort: 13133
         readinessProbe:
           httpGet:
             path: /
@@ -301,3 +304,4 @@ spec:
         runAsNonRoot: true
         seccompProfile:
           type: RuntimeDefault
+

pkg/metrics/otel.go

@@ -34,9 +34,10 @@ const (
 	// the googlecloud exporter.
 	CollectorConfigGooglecloud = `receivers:
   opencensus:
+    endpoint: 0.0.0.0:55678
 exporters:
   prometheus:
-    endpoint: :8675
+    endpoint: 0.0.0.0:8675
     namespace: config_sync
     resource_to_telemetry_conversion:
       enabled: true
@@ -184,7 +185,9 @@ processors:
         new_name: current_declared_resources
         operations:
           - action: aggregate_labels
-            label_set: []
+            # Using a no_op_label to get around issue in the upstream
+            # https://github.com/open-telemetry/opentelemetry-collector-contrib/issues/34430
+            label_set: [no_op_label]
             aggregation_type: max
       - include: kcc_resource_count
         action: update
@@ -255,14 +258,18 @@ processors:
         new_name: resource_conflicts_count
         operations:
           - action: aggregate_labels
-            label_set: []
+            # Using a no_op_label to get around issue in the upstream
+            # https://github.com/open-telemetry/opentelemetry-collector-contrib/issues/34430
+            label_set: [no_op_label]
             aggregation_type: max
       - include: internal_errors_total
         action: update
         new_name: internal_errors_count
         operations:
           - action: aggregate_labels
-            label_set: []
+            # Using a no_op_label to get around issue in the upstream
+            # https://github.com/open-telemetry/opentelemetry-collector-contrib/issues/34430
+            label_set: [no_op_label]
             aggregation_type: max
       - include: remediate_duration_seconds
         action: update
@@ -322,16 +329,21 @@ processors:
         action: update
         operations:
           - action: aggregate_labels
-            label_set: []
+            # Using a no_op_label to get around issue in the upstream
+            # https://github.com/open-telemetry/opentelemetry-collector-contrib/issues/34430
+            label_set: [no_op_label]
             aggregation_type: max
       - include: kustomize_build_latency
         action: update
         operations:
           - action: aggregate_labels
-            label_set: []
+            # Using a no_op_label to get around issue in the upstream
+            # https://github.com/open-telemetry/opentelemetry-collector-contrib/issues/34430
+            label_set: [no_op_label]
             aggregation_type: max
 extensions:
   health_check:
+    endpoint: "0.0.0.0:13133"
 service:
   extensions: [health_check]
   pipelines:

pkg/reconcilermanager/controllers/otel_controller_test.go

@@ -49,7 +49,7 @@ const (
 	// otel-collector ConfigMap.
 	// See `CollectorConfigGooglecloud` in `pkg/metrics/otel.go`
 	// Used by TestOtelReconcilerGooglecloud.
-	depAnnotationGooglecloud = "c2f6078a9afe1f32721173e9e15bbab5"
+	depAnnotationGooglecloud = "5e22170ef10a382f587d3d7595fdaebc"
 	// depAnnotationGooglecloud is the expected hash of the custom
 	// otel-collector ConfigMap test artifact.
 	// Used by TestOtelReconcilerCustom.