[LFXv2-608] Add OpenTelemetry tracing support

charts/lfx-v2-auth-service/Chart.yaml

@@ -5,5 +5,5 @@ apiVersion: v2
 name: lfx-v2-auth-service
 description: LFX Platform V2 Auth Service chart
 type: application
-version: 0.3.4
+version: 0.3.5
 appVersion: "latest"

charts/lfx-v2-auth-service/templates/deployment.yaml

@@ -35,6 +35,49 @@ spec:
               {{- toYaml $config.valueFrom | nindent 14 }}
             {{- end }}
           {{- end }}
+          {{- with .Values.app.extraEnv }}
+          {{- toYaml . | nindent 10 }}
+          {{- end }}
+          {{- if .Values.app.otel.serviceName }}
+          - name: OTEL_SERVICE_NAME
+            value: {{ .Values.app.otel.serviceName | quote }}
+          {{- end }}
+          {{- if .Values.app.otel.serviceVersion }}
+          - name: OTEL_SERVICE_VERSION
+            value: {{ .Values.app.otel.serviceVersion | quote }}
+          {{- end }}
+          {{- if .Values.app.otel.endpoint }}
+          - name: OTEL_EXPORTER_OTLP_ENDPOINT
+            value: {{ .Values.app.otel.endpoint | quote }}
+          {{- end }}
+          {{- if .Values.app.otel.protocol }}
+          - name: OTEL_EXPORTER_OTLP_PROTOCOL
+            value: {{ .Values.app.otel.protocol | quote }}
+          {{- end }}
+          {{- if .Values.app.otel.insecure }}
+          - name: OTEL_EXPORTER_OTLP_INSECURE
+            value: {{ .Values.app.otel.insecure | quote }}
+          {{- end }}
+          {{- if .Values.app.otel.tracesExporter }}
+          - name: OTEL_TRACES_EXPORTER
+            value: {{ .Values.app.otel.tracesExporter | quote }}
+          {{- end }}
+          {{- if .Values.app.otel.tracesSampleRatio }}
+          - name: OTEL_TRACES_SAMPLE_RATIO
+            value: {{ .Values.app.otel.tracesSampleRatio | quote }}
+          {{- end }}
+          {{- if .Values.app.otel.metricsExporter }}
+          - name: OTEL_METRICS_EXPORTER
+            value: {{ .Values.app.otel.metricsExporter | quote }}
+          {{- end }}
+          {{- if .Values.app.otel.logsExporter }}
+          - name: OTEL_LOGS_EXPORTER
+            value: {{ .Values.app.otel.logsExporter | quote }}
+          {{- end }}
+          {{- if .Values.app.otel.propagators }}
+          - name: OTEL_PROPAGATORS
+            value: {{ .Values.app.otel.propagators | quote }}
+          {{- end }}
           ports:
             - containerPort: {{ .Values.service.port }}
               name: web

charts/lfx-v2-auth-service/values.yaml

@@ -138,3 +138,41 @@ app:
       value: authelia-users
     AUTHELIA_OIDC_USERINFO_URL:
       value: https://auth.k8s.orb.local/api/oidc/userinfo
+  # extraEnv allows injecting additional environment variables before
+  # other configurations
+  extraEnv: []
+  # otel is the configuration for OpenTelemetry tracing
+  otel:
+    # serviceName is the service name for OpenTelemetry resource identification
+    # (default: "lfx-v2-auth-service")
+    serviceName: ""
+    # serviceVersion is the service version for OpenTelemetry resource
+    # identification
+    # (default: "1.0.0")
+    serviceVersion: ""
+    # protocol specifies the OTLP protocol: "grpc" or "http"
+    # (default: "grpc")
+    protocol: "grpc"
+    # endpoint is the OTLP collector endpoint
+    # For gRPC: typically "host:4317", for HTTP: typically "host:4318"
+    endpoint: ""
+    # insecure disables TLS for the OTLP connection
+    # Set to "true" for in-cluster communication without TLS
+    insecure: "false"
+    # tracesExporter specifies the traces exporter: "otlp" or "none"
+    # (default: "none")
+    tracesExporter: "none"
+    # tracesSampleRatio specifies the sampling ratio for traces (0.0 to 1.0)
+    # A value of 1.0 means all traces are sampled, 0.5 means 50% are sampled
+    # (default: "1.0")
+    tracesSampleRatio: "1.0"
+    # metricsExporter specifies the metrics exporter: "otlp" or "none"
+    # (default: "none")
+    metricsExporter: "none"
+    # logsExporter specifies the logs exporter: "otlp" or "none"
+    # (default: "none")
+    logsExporter: "none"
+    # propagators specifies the propagators to use, comma-separated
+    # Supported values: "tracecontext", "baggage", "jaeger"
+    # (default: "tracecontext,baggage")
+    propagators: "tracecontext,baggage,jaeger"

cmd/server/http.go

@@ -13,6 +13,7 @@ import (
 	authservice "github.com/linuxfoundation/lfx-v2-auth-service/gen/auth_service"
 	authserver "github.com/linuxfoundation/lfx-v2-auth-service/gen/http/auth_service/server"
 
+	"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp"
 	"goa.design/clue/debug"
 	goahttp "goa.design/goa/v3/http"
 )
@@ -60,6 +61,8 @@ func handleHTTPServer(ctx context.Context, host string, authEndpoints *authservi
 		// Log query and response bodies if debug logs are enabled.
 		handler = debug.HTTP()(handler)
 	}
+	// Wrap the handler with OpenTelemetry instrumentation
+	handler = otelhttp.NewHandler(handler, "auth-service")
 
 	// Start HTTP server using default configuration, change the code to
 	// configure the server as required by your service.

cmd/server/main.go

@@ -18,6 +18,7 @@ import (
 
 	authservice "github.com/linuxfoundation/lfx-v2-auth-service/gen/auth_service"
 	logging "github.com/linuxfoundation/lfx-v2-auth-service/pkg/log"
+	"github.com/linuxfoundation/lfx-v2-auth-service/pkg/utils"
 )
 
 const (
@@ -47,6 +48,21 @@ func main() {
 	flag.Parse()
 
 	ctx := context.Background()
+
+	// Set up OpenTelemetry SDK.
+	otelConfig := utils.OTelConfigFromEnv()
+	otelShutdown, err := utils.SetupOTelSDKWithConfig(ctx, otelConfig)
+	if err != nil {
+		slog.ErrorContext(ctx, "error setting up OpenTelemetry SDK", "error", err)
+		os.Exit(1)
+	}
+	// Handle shutdown properly so nothing leaks.
+	defer func() {
+		if shutdownErr := otelShutdown(context.Background()); shutdownErr != nil {
+			slog.ErrorContext(ctx, "error shutting down OpenTelemetry SDK", "error", shutdownErr)
+		}
+	}()
+
 	slog.InfoContext(ctx, "Starting auth service",
 		"bind", *bind,
 		"http-port", *port,

go.mod

@@ -11,7 +11,22 @@ require (
 	github.com/google/uuid v1.6.0
 	github.com/lestrrat-go/jwx/v2 v2.1.6
 	github.com/nats-io/nats.go v1.45.0
+	github.com/remychantenay/slog-otel v1.3.4
 	github.com/stretchr/testify v1.11.1
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0
+	go.opentelemetry.io/contrib/propagators/jaeger v1.39.0
+	go.opentelemetry.io/otel v1.39.0
+	go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.15.0
+	go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.15.0
+	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.38.0
+	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.38.0
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.38.0
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.38.0
+	go.opentelemetry.io/otel/log v0.15.0
+	go.opentelemetry.io/otel/sdk v1.39.0
+	go.opentelemetry.io/otel/sdk/log v0.15.0
+	go.opentelemetry.io/otel/sdk/metric v1.39.0
+	go.opentelemetry.io/otel/trace v1.39.0
 	go.yaml.in/yaml/v2 v2.4.2
 	goa.design/clue v1.2.3
 	goa.design/goa/v3 v3.23.3
@@ -26,13 +41,17 @@ require (
 require (
 	github.com/PuerkitoBio/rehttp v1.4.0 // indirect
 	github.com/aws/smithy-go v1.23.0 // indirect
+	github.com/cenkalti/backoff/v5 v5.0.3 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0 // indirect
 	github.com/dimfeld/httppath v0.0.0-20170720192232-ee938bf73598 // indirect
 	github.com/emicklei/go-restful/v3 v3.12.2 // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/fxamacker/cbor/v2 v2.9.0 // indirect
 	github.com/go-chi/chi/v5 v5.2.3 // indirect
 	github.com/go-logr/logr v1.4.3 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-openapi/jsonpointer v0.21.0 // indirect
 	github.com/go-openapi/jsonreference v0.20.2 // indirect
 	github.com/go-openapi/swag v0.23.0 // indirect
@@ -41,6 +60,7 @@ require (
 	github.com/gohugoio/hashstructure v0.6.0 // indirect
 	github.com/google/gnostic-models v0.7.0 // indirect
 	github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/compress v1.18.0 // indirect
@@ -62,17 +82,20 @@ require (
 	github.com/spf13/pflag v1.0.6 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	go.devnw.com/structs v1.0.0 // indirect
-	go.opentelemetry.io/otel v1.38.0 // indirect
-	go.opentelemetry.io/otel/trace v1.38.0 // indirect
+	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0 // indirect
+	go.opentelemetry.io/otel/metric v1.39.0 // indirect
+	go.opentelemetry.io/proto/otlp v1.9.0 // indirect
 	go.yaml.in/yaml/v3 v3.0.4 // indirect
 	golang.org/x/mod v0.30.0 // indirect
 	golang.org/x/net v0.47.0 // indirect
-	golang.org/x/sys v0.38.0 // indirect
+	golang.org/x/sys v0.39.0 // indirect
 	golang.org/x/term v0.37.0 // indirect
 	golang.org/x/text v0.31.0 // indirect
 	golang.org/x/time v0.9.0 // indirect
 	golang.org/x/tools v0.39.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20251124214823-79d6a2a48846 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 // indirect
 	google.golang.org/grpc v1.77.0 // indirect
 	google.golang.org/protobuf v1.36.10 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect