Add opentelemetry to Armada by nikola-jokic · Pull Request #4973 · armadaproject/armada

nikola-jokic · 2026-06-19T13:23:40Z

What type of PR is this?

Enhancement

What this PR does / why we need it

Improve observability of armada services and their interactions

greptile-apps · 2026-06-19T13:32:01Z

Greptile Summary

This PR adds OpenTelemetry distributed tracing to all Armada services, wiring up OTLP exporters, gRPC/HTTP instrumentation, a span attribute policy processor, and a local dev stack with Jaeger + otel-collector.

OTel lifecycle: observability.InitOTel / ShutdownOTel are called in each service's main.go or startup function; the tracer provider is fail-open (unreachable collector falls back to noop) and protected by a mutex.
Instrumentation: otelgrpc stats handlers are added server-side in grpc.go and client-side in connection.go; REST is wrapped with otelhttp in gateway.go; Logger.WithContext injects trace_id/span_id into log lines.
Attribute policy: a new SpanAttributePolicyProcessor enforces a deny-list (PII/sensitive keys), allow-list (rpc.*, http.*, armada.*, etc.), and a 1000-value cardinality cap on non-exempt attributes.

Confidence Score: 3/5

Two concrete defects need fixing before merge: duplicate otelgrpc handlers on one code path produce double spans, and the cardinality guard will silently corrupt job-level trace attributes in any production-scale deployment.

The duplicate otelgrpc.NewClientHandler() registration in server.go + connection.go means every RPC from the server's internal API connection generates two client spans and doubles gRPC metrics. The cardinality tracker caps all armada.* attributes at 1000 unique values; since job IDs are unique per job, traces will show [HIGH_CARDINALITY] for job-identifying attributes after the first thousand jobs, making the tracing essentially useless for its primary use case in production.

internal/server/server.go (duplicate stats handler), internal/common/observability/attribute_policy.go (cardinality exemption for armada.* attributes)

Important Files Changed

Filename	Overview
internal/common/observability/lifecycle.go	New file: initializes/shuts down global OTel tracer provider with mutex-protected state, fail-open design, and protocol-aware exporter selection. Previously flagged issues addressed in this version.
internal/common/observability/attribute_policy.go	New file: span attribute sanitization processor. Two issues: armada.* attributes not cardinality-exempt (job IDs replaced after 1000 unique values), and bare 'key' in deniedContains over-matches legitimate names.
internal/common/observability/config.go	New file: ObservabilityConfig struct and validation — correct and well-tested.
internal/server/server.go	Adds otelgrpc client handler, but connection.go already adds one unconditionally — duplicate stats handlers cause double spans.
pkg/client/connection.go	Adds otelgrpc.NewClientHandler() as a base dial option; safe on its own but causes duplication when callers also pass their own WithStatsHandler.
internal/common/grpc/grpc.go	Adds otelgrpc server-side stats handler and fixes prometheus registerer usage — both correct.
internal/common/grpc/gateway.go	Wraps REST gateway with otelhttp; refactors stripPrefix branching. Correct.
internal/common/logging/logger.go	Adds WithContext injecting trace_id/span_id into log entries. Correct and guarded.
internal/testsuite/trace_evidence.go	New file: in-memory OTel trace collector for integration tests.
_local/compose/full.yaml	Adds Jaeger and otel-collector to local dev stack. Correct.

Sequence Diagram

%%{init: {'theme': 'neutral'}}%%
sequenceDiagram
    participant Svc as Armada Service
    participant OTel as InitOTel()
    participant TP as TracerProvider
    participant OTLP as OTLP Exporter
    participant Coll as OTel Collector
    participant Jaeger as Jaeger UI

    Svc->>OTel: InitOTel(cfg)
    OTel->>OTLP: newTraceExporter(ctx, cfg)
    OTLP-->>OTel: exporter (http or grpc)
    OTel->>TP: NewTracerProvider(AttributePolicyProcessor, BatchSpanProcessor, Sampler)
    OTel-->>Svc: otel.SetTracerProvider(tp)

    Svc->>TP: tracer.Start(ctx, operation)
    TP->>TP: SpanAttributePolicyProcessor.OnStart
    TP-->>Svc: span

    Svc->>TP: span.End()
    TP->>TP: SpanAttributePolicyProcessor.OnEnd
    TP->>OTLP: BatchSpanProcessor export
    OTLP->>Coll: OTLP HTTP/gRPC
    Coll->>Jaeger: OTLP gRPC

    Svc->>OTel: ShutdownOTel(ctx)
    OTel->>TP: tp.Shutdown(ctx)

%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
sequenceDiagram
    participant Svc as Armada Service
    participant OTel as InitOTel()
    participant TP as TracerProvider
    participant OTLP as OTLP Exporter
    participant Coll as OTel Collector
    participant Jaeger as Jaeger UI

    Svc->>OTel: InitOTel(cfg)
    OTel->>OTLP: newTraceExporter(ctx, cfg)
    OTLP-->>OTel: exporter (http or grpc)
    OTel->>TP: NewTracerProvider(AttributePolicyProcessor, BatchSpanProcessor, Sampler)
    OTel-->>Svc: otel.SetTracerProvider(tp)

    Svc->>TP: tracer.Start(ctx, operation)
    TP->>TP: SpanAttributePolicyProcessor.OnStart
    TP-->>Svc: span

    Svc->>TP: span.End()
    TP->>TP: SpanAttributePolicyProcessor.OnEnd
    TP->>OTLP: BatchSpanProcessor export
    OTLP->>Coll: OTLP HTTP/gRPC
    Coll->>Jaeger: OTLP gRPC

    Svc->>OTel: ShutdownOTel(ctx)
    OTel->>TP: tp.Shutdown(ctx)

_{Reviews (5): Last reviewed commit: "Implement otel and integrate with all se..." | Re-trigger Greptile}

datadog-armadaproject · 2026-06-19T13:36:42Z

⚠️ Warnings

🚦 2 Pipeline jobs failed

CI | All jobs succeeded

CI | test / Golang Integration Tests

_{This comment will be updated automatically if new data arrives.

🔗 Commit SHA: 53aefc4 | Docs | Give us feedback!}

Signed-off-by: Nikola Jokic <jokicnikola07@gmail.com>

greptile-apps · 2026-06-24T08:11:45Z

+		deniedContains:            []string{"password", "secret", "token", "api_key", "apikey", "key"},
+		cardinalityExemptPrefixes: []string{"rpc.", "http.", "net.", "server.", "service."},


armada.* attributes not cardinality-exempt — job IDs will be silently replaced in production

armada. is in allowedPrefixes but absent from cardinalityExemptPrefixes. Any high-cardinality armada.* attribute — e.g. armada.job_id or armada.run_id, which are unique per submitted job — will hit the 1000-value cap after the first thousand distinct jobs and be replaced with [HIGH_CARDINALITY] for every subsequent job. In a production Armada cluster that processes more than 1000 jobs between restarts, all job-level trace attributes would become unreadable, directly undermining the observability goal of this PR. armada. should be added to cardinalityExemptPrefixes (or the limit for that prefix set much higher), and truly high-cardinality keys like armada.job_id should be listed explicitly in cardinalityExemptExact.

nikola-jokic force-pushed the nikola-jokic/otel branch from f0f80ca to 39e0cbb Compare June 19, 2026 13:26

greptile-apps Bot reviewed Jun 19, 2026

View reviewed changes

Comment thread internal/common/observability/lifecycle.go Outdated

Comment thread internal/common/observability/attribute_policy.go

Comment thread internal/testsuite/trace_evidence.go

Comment thread internal/common/observability/lifecycle.go Outdated

Implement otel and integrate with all services

1e11e3d

Signed-off-by: Nikola Jokic <jokicnikola07@gmail.com>

nikola-jokic force-pushed the nikola-jokic/otel branch from cc59894 to 1e11e3d Compare June 24, 2026 08:06

greptile-apps Bot reviewed Jun 24, 2026

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Add opentelemetry to Armada#4973

Add opentelemetry to Armada#4973
nikola-jokic wants to merge 1 commit into
masterfrom
nikola-jokic/otel

nikola-jokic commented Jun 19, 2026

Uh oh!

greptile-apps Bot commented Jun 19, 2026 •

edited

Loading

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

datadog-armadaproject Bot commented Jun 19, 2026 •

edited

Loading

Uh oh!

greptile-apps Bot Jun 24, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

		deniedContains: []string{"password", "secret", "token", "api_key", "apikey", "key"},
		cardinalityExemptPrefixes: []string{"rpc.", "http.", "net.", "server.", "service."},

Uh oh!

Conversation

nikola-jokic commented Jun 19, 2026

What type of PR is this?

What this PR does / why we need it

Uh oh!

greptile-apps Bot commented Jun 19, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Greptile Summary

Confidence Score: 3/5

Important Files Changed

Sequence Diagram

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

datadog-armadaproject Bot commented Jun 19, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

⚠️ Warnings

Uh oh!

greptile-apps Bot Jun 24, 2026

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

greptile-apps Bot commented Jun 19, 2026 •

edited

Loading

datadog-armadaproject Bot commented Jun 19, 2026 •

edited

Loading