fix: OB-41415 send sidecar metrics to observe directly

Customers have been requesting that we support EKS fargate hosted clusters.
To do this, I add a new fargate mode (off my default) that will install an
otel operator, which will use a sidecar container to query metrics from the
pod it is attached to.

Author: obs-gh-virjramakrishnan

charts/agent/Chart.lock

@@ -20,8 +20,5 @@ dependencies:
 - name: opentelemetry-collector
   repository: https://open-telemetry.github.io/opentelemetry-helm-charts
   version: 0.130.2
-- name: opentelemetry-operator
-  repository: https://open-telemetry.github.io/opentelemetry-helm-charts
-  version: 0.93.1
-digest: sha256:b5548207946689a925841cca60cf59984043d00886dcb93b407c144630af909f
-generated: "2025-09-29T16:49:24.216039-07:00"
+digest: sha256:1463a6ca81d2cffd7c7cdf60a8bbc1f490ca721a50328f17a9b1f8d06a1dc6b1
+generated: "2025-08-26T11:41:10.527947-04:00"

charts/agent/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: agent
 description: Chart to install K8s collection stack based on Observe Agent
 type: application
-version: 0.70.3
+version: 0.71.0
 appVersion: "2.8.1"
 dependencies:
   - name: opentelemetry-collector
@@ -40,11 +40,6 @@ dependencies:
     repository: https://open-telemetry.github.io/opentelemetry-helm-charts
     alias: gateway
     condition: gatewayDeployment.enabled
-  - name: opentelemetry-operator
-    version: 0.93.1
-    repository: https://open-telemetry.github.io/opentelemetry-helm-charts
-    alias: fargate-sidecar-injector
-    condition: node.fargateMode
 maintainers:
   - name: Observe
     email: [email protected]

charts/agent/README.md

@@ -1,6 +1,6 @@
 # agent
 
-![Version: 0.70.3](https://img.shields.io/badge/Version-0.70.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.8.1](https://img.shields.io/badge/AppVersion-2.8.1-informational?style=flat-square)
+![Version: 0.71.0](https://img.shields.io/badge/Version-0.71.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.8.1](https://img.shields.io/badge/AppVersion-2.8.1-informational?style=flat-square)
 
 Chart to install K8s collection stack based on Observe Agent
 
@@ -555,6 +555,7 @@ This service is a *single-instance deployment*. It's critical that this service
 | node.containers.metrics.enabled | bool | `true` |  |
 | node.containers.metrics.interval | string | `"60s"` |  |
 | node.enabled | bool | `true` | Enables the node-logs-metrics agent daemonset for collection of node logs and metrics. The nodes on which metrics and logs are collected can be configured via `affinity` in the `node-logs-metrics` section below. This should be set to false to disable the node-log-metrics daemonset when running in a serverless environment (ex: EKS Fargate). |
+| node.fargateMode | bool | `false` | Enables collection of metrics from EKS Fargate pods. Off by default |
 | node.forwarder.enabled | bool | `true` |  |
 | node.forwarder.logs.enabled | bool | `true` |  |
 | node.forwarder.metrics.enabled | bool | `true` |  |

charts/agent/templates/_config-receivers.tpl

@@ -137,26 +137,3 @@ prometheus/cadvisor:
             replacement: /api/v1/nodes/$$1/proxy/metrics/cadvisor
 {{ end }}
 {{ end }}
-
-{{- define "config.receivers.prometheus.kubeletstats" -}}
-prometheus/kubeletstats:
-  config:
-    scrape_configs:
-      - job_name: 'kubernetes-nodes-kubeletstats'
-        scheme: https
-        tls_config:
-          ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-          insecure_skip_verify: true
-        bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
-
-        kubernetes_sd_configs:
-          - role: node
-
-        relabel_configs:
-          - target_label: __address__
-            replacement: kubernetes.default.svc:443
-          - source_labels: [__meta_kubernetes_node_name]
-            regex: (.+)
-            target_label: __metrics_path__
-            replacement: /api/v1/nodes/$$1/proxy/stats/summary
-{{- end -}}

charts/agent/templates/_kubeletstats-settings.tpl

@@ -0,0 +1,56 @@
+{{- define "observe.kubeletstats.receiver" -}}
+kubeletstats:
+  collection_interval: {{.Values.node.containers.metrics.interval}}
+  auth_type: 'serviceAccount'
+  endpoint: {{ .endpoint }}
+  node: '${env:K8S_NODE_NAME}'
+  insecure_skip_verify: true
+  k8s_api_config:
+      auth_type: serviceAccount
+  metric_groups:
+    - node
+    - pod
+    - container
+  metrics:
+    # The following metrics are optional and must be enabled manually as per:
+    # https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/receiver/kubeletstatsreceiver/documentation.md#optional-metrics
+    container.cpu.usage:
+      enabled: true
+    container.uptime:
+      enabled: true
+    k8s.container.cpu.node.utilization:
+      enabled: true
+    k8s.container.cpu_limit_utilization:
+      enabled: true
+    k8s.container.cpu_request_utilization:
+      enabled: true
+    k8s.container.memory.node.utilization:
+      enabled: true
+    k8s.container.memory_limit_utilization:
+      enabled: true
+    k8s.container.memory_request_utilization:
+      enabled: true
+    k8s.node.cpu.usage:
+      enabled: true
+    k8s.node.uptime:
+      enabled: true
+    k8s.pod.cpu.node.utilization:
+      enabled: true
+    k8s.pod.cpu.usage:
+      enabled: true
+    k8s.pod.cpu_limit_utilization:
+      enabled: true
+    k8s.pod.cpu_request_utilization:
+      enabled: true
+    k8s.pod.memory.node.utilization:
+      enabled: true
+    k8s.pod.memory_limit_utilization:
+      enabled: true
+    k8s.pod.memory_request_utilization:
+      enabled: true
+    k8s.pod.uptime:
+      enabled: true
+  extra_metadata_labels:
+    - container.id
+{{- end }}
+

charts/agent/templates/_kubeletstats-sidecar.tpl

@@ -1,73 +1,38 @@
 {{- define "observe.sidecar.fargateSidecarMetrics.config" -}}
 
-{{- $kubeletstatsExporters := (list "otlphttp" "debug") -}}
-
 receivers:
-  kubeletstats:
-    collection_interval: {{.Values.node.containers.metrics.interval}}
-    auth_type: 'serviceAccount'
-    endpoint: https://kubernetes.default.svc/api/v1/nodes/${env:K8S_NODE_NAME}/proxy
-    node: '${env:K8S_NODE_NAME}'
-    insecure_skip_verify: true
-    k8s_api_config:
-        auth_type: serviceAccount
-    metric_groups:
-      - node 
-      - pod
-      - container
-    metrics:
-      # The following metrics are optional and must be enabled manually as per:
-      # https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/receiver/kubeletstatsreceiver/documentation.md#optional-metrics
-      container.cpu.usage:
-        enabled: true
-      container.uptime:
-        enabled: true
-      k8s.container.cpu.node.utilization:
-        enabled: true
-      k8s.container.cpu_limit_utilization:
-        enabled: true
-      k8s.container.cpu_request_utilization:
-        enabled: true
-      k8s.container.memory.node.utilization:
-        enabled: true
-      k8s.container.memory_limit_utilization:
-        enabled: true
-      k8s.container.memory_request_utilization:
-        enabled: true
-      k8s.node.cpu.usage:
-        enabled: true
-      k8s.node.uptime:
-        enabled: true
-      k8s.pod.cpu.node.utilization:
-        enabled: true
-      k8s.pod.cpu.usage:
-        enabled: true
-      k8s.pod.cpu_limit_utilization:
-        enabled: true
-      k8s.pod.cpu_request_utilization:
-        enabled: true
-      k8s.pod.memory.node.utilization:
-        enabled: true
-      k8s.pod.memory_limit_utilization:
-        enabled: true
-      k8s.pod.memory_request_utilization:
-        enabled: true
-      k8s.pod.uptime:
-        enabled: true
-    extra_metadata_labels:
-      - container.id
+{{- include "observe.kubeletstats.receiver" (dict "Values" .Values "endpoint" "https://kubernetes.default.svc/api/v1/nodes/${env:K8S_NODE_NAME}/proxy") | nindent 2 }}
+
+processors:
+
+{{- include "config.processors.memory_limiter" . | nindent 2 }}
+{{- include "config.processors.batch" . | nindent 2 }}
+{{- include "config.processors.resource_detection.cloud" . | nindent 2 }}
+{{- include "config.processors.attributes.k8sattributes" . | nindent 2 }}
+{{- include "config.processors.resource.observe_common" . | nindent 2 }}
+{{- include "config.processors.deltatocumulative" . | nindent 2 }}
+{{- include "config.processors.attributes.add_empty_service_attributes" . | nindent 2 }}
+{{- include "config.processors.metricstransform.duplicate_k8s_cpu_metrics" . | nindent 2 }}
+{{- include "config.processors.attributes.sidecar_kubeletstats_metrics" . | nindent 2 }}
 
 exporters:
-  otlphttp:
-    endpoint: http://observe-agent-forwarder.observe.svc:4318
-  debug:
-    verbosity: detailed
+{{- include "config.exporters.debug" . | nindent 2 }}
+{{- include "config.exporters.prometheusremotewrite" . | nindent 2 }}
+
+{{ $kubeletstatsExporters := (list "prometheusremotewrite/observe") -}}
+
+{{- if eq .Values.agent.config.global.debug.enabled true }}
+  {{- $kubeletstatsExporters = concat $kubeletstatsExporters ( list "debug/override" ) | uniq }}
+{{- end }}
 
 service:
   pipelines:
     {{- if .Values.node.containers.metrics.enabled }}
       metrics/kubeletstats:
-        receivers: [kubeletstats] # should add processors back eventually
+        receivers: [kubeletstats]
+        processors: [memory_limiter, metricstransform/duplicate_k8s_cpu_metrics, k8sattributes, deltatocumulative/observe, batch, resourcedetection/cloud, resource/observe_common, attributes/debug_source_sidecar_kubeletstats_metrics]
         exporters: [{{ join ", " $kubeletstatsExporters }}]
-    {{- end -}}
-{{- end }}
+    {{- else }}
+      {{- fail "node.containers.metrics.enabled must be true for Fargate sidecar - otherwise no telemetry will be collected" }}
+    {{- end }}
+{{- end }}

charts/agent/templates/_node-logs-metrics-config.tpl

@@ -66,59 +66,13 @@ receivers:
       network: null
   {{ end -}}
   {{- if .Values.node.containers.metrics.enabled }}
-  kubeletstats:
-    collection_interval: {{.Values.node.containers.metrics.interval}}
-    auth_type: 'serviceAccount'
-    endpoint: {{ if .Values.node.kubeletstats.useNodeIp }}"${env:K8S_NODE_IP}:10250"{{ else }}"${env:K8S_NODE_NAME}:10250"{{ end }}
-    node: '${env:K8S_NODE_NAME}'
-    insecure_skip_verify: true
-    k8s_api_config:
-        auth_type: serviceAccount
-    metric_groups:
-      - node
-      - pod
-      - container
-    metrics:
-      # The following metrics are optional and must be enabled manually as per:
-      # https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/receiver/kubeletstatsreceiver/documentation.md#optional-metrics
-      container.cpu.usage:
-        enabled: true
-      container.uptime:
-        enabled: true
-      k8s.container.cpu.node.utilization:
-        enabled: true
-      k8s.container.cpu_limit_utilization:
-        enabled: true
-      k8s.container.cpu_request_utilization:
-        enabled: true
-      k8s.container.memory.node.utilization:
-        enabled: true
-      k8s.container.memory_limit_utilization:
-        enabled: true
-      k8s.container.memory_request_utilization:
-        enabled: true
-      k8s.node.cpu.usage:
-        enabled: true
-      k8s.node.uptime:
-        enabled: true
-      k8s.pod.cpu.node.utilization:
-        enabled: true
-      k8s.pod.cpu.usage:
-        enabled: true
-      k8s.pod.cpu_limit_utilization:
-        enabled: true
-      k8s.pod.cpu_request_utilization:
-        enabled: true
-      k8s.pod.memory.node.utilization:
-        enabled: true
-      k8s.pod.memory_limit_utilization:
-        enabled: true
-      k8s.pod.memory_request_utilization:
-        enabled: true
-      k8s.pod.uptime:
-        enabled: true
-    extra_metadata_labels:
-      - container.id
+  {{- $endpoint := "" }}
+  {{- if .Values.node.kubeletstats.useNodeIp }}
+    {{- $endpoint = "\"${env:K8S_NODE_IP}:10250\"" }}
+  {{- else }}
+    {{- $endpoint = "\"${env:K8S_NODE_NAME}:10250\"" }}
+  {{- end }}
+  {{- include "observe.kubeletstats.receiver" (dict "Values" .Values "endpoint" $endpoint) | nindent 2 }}
   {{ end -}}
   {{- if .Values.node.containers.logs.enabled }}
   filelog:

charts/agent/templates/kubeletstats-sidecar.yaml

@@ -1,15 +1,27 @@
-{{- if .Values.node.fargateSidecar.enabled }}
+{{- if .Values.node.fargateMode }}
 apiVersion: opentelemetry.io/v1beta1
 kind: OpenTelemetryCollector
 metadata:
   name: fargate-sidecar-metrics
 spec:
   mode: sidecar
+  image: "ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-contrib:latest"
   env:
     - name: K8S_NODE_NAME
       valueFrom:
         fieldRef:
           fieldPath: spec.nodeName
+    - name: OBSERVE_CLUSTER_NAME
+      value: "{{ .Values.cluster.name }}"
+    - name: OBSERVE_CLUSTER_UID
+      valueFrom:
+        configMapKeyRef:
+          name: cluster-info
+          key: id
+    - name: OBSERVE_PROMETHEUS_ENDPOINT
+      value: "{{ .Values.observe.collectionEndpoint.value }}v1/prometheus"
+    - name: OBSERVE_AUTHORIZATION_HEADER
+      value: "Bearer {{ .Values.observe.token.value }}"
   config:
     {{- include "observe.sidecar.applyFargateSidecarMetricsConfig" . | nindent 4 }}
   initContainers:

charts/agent/values.yaml

@@ -47,7 +47,8 @@ node:
   # -- Enables the node-logs-metrics agent daemonset for collection of node logs and metrics.
   # The nodes on which metrics and logs are collected can be configured via `affinity` in the `node-logs-metrics` section below.
   # This should be set to false to disable the node-log-metrics daemonset when running in a serverless environment (ex: EKS Fargate).
-  enabled: false
+  enabled: true
+  # -- Enables collection of metrics from EKS Fargate pods. Off by default
   fargateMode: false
   # collects host level metrics from node
   metrics:
@@ -101,7 +102,6 @@ node:
     # this resolves issues similar to https://github.com/open-telemetry/opentelemetry-collector-contrib/issues/26481#issuecomment-1720797914 for `no such host` or `connection refused`.
     useNodeIp: false
   forwarder:
-    mode: deployment
     enabled: true
     traces:
       enabled: true
@@ -231,10 +231,6 @@ agent:
     #       exporters:
     #         - otlphttp/extra
     #         - otlphttp/observe/forward/trace
-    
-    # -- Additional OTel collector config for fargate-sidecar-metrics custom resource
-    fargateSidecarMetrics:
-    # Put any OTel config overrides here.
 
     # -- Additional OTel collector config for gateway deployment
     gateway:
@@ -957,7 +953,7 @@ monitor:
 forwarder:
   # -- The forwarder is run as a daemonset by default, but can be run as a deployment by setting mode to "deployment". Deployment mode
   # must be used when running in a serverless environment (ex: EKS Fargate) where daemonsets are not supported.
-  mode: deployment
+  mode: daemonset
 
   # -- The `replicaCount` is only used when `mode` is set to "deployment". It is ignored when `mode` is set to "daemonset".
   # In deployment mode, this sets the number of replicas (ie the number of forwarder pods to run).
@@ -1251,27 +1247,3 @@ gateway:
     - name: observe-agent-deployment-config
       mountPath: /observe-agent-conf
   # ----------------------------------------- #
-image:
-  repository: "otel/opentelemetry-collector-k8s"
-
-
-fargate-sidecar-injector:
-
-  # -- This is an otel operator that will inject a sidecar container into all pods in the cluster. This is only needed when running 
-  # in a serverless environment (ex: EKS Fargate) where daemonsets are not supported.
-
-  replicaCount: 1
-
-  # ----------------------------------------- #
-  # Different for each deployment/daemonset #
-  nameOverride: "fargate-sidecar-injector"
-  # !!! IMPORTANT !!! This needs to have same value as namespaceOverride in cluster above
-  namespaceOverride: "observe"
-  # for now, use defaults for the rest of the values
-  # ----------------------------------------- #
-  manager:
-    collectorImage:
-      repository: observeinc/observe-agent
-      tag: 2.8.1
-
-