OpenTelemetry Operator
Kubernetes operator for managing OpenTelemetry Collectors and auto-instrumentation.
The OpenTelemetry Operator manages the lifecycle of OpenTelemetryCollector and Instrumentation custom resources. It deploys and configures OpenTelemetry Collector instances in various modes (DaemonSet, Deployment, Sidecar) and handles auto-instrumentation injection for supported languages. It is used in this cluster to centralize observability pipeline configuration, collecting traces, metrics, and logs from workloads and forwarding them to backends.
Alternatives considered
Self Hosted
| Tool | Open Source | Full Features | Notes |
|---|---|---|---|
| Grafana Alloy | Yes | Yes | OTel-compatible collector; Grafana-native |
| Vector | Yes | Yes | High-performance data pipeline; no k8s operator |
| Fluent Operator | Yes | Yes | Manages Fluentd/Fluent Bit via CRDs |
Installation
Architecture
HelmRelease otel-operator in namespace otel-operator, chart opentelemetry-operator version 0.109.0 from https://open-telemetry.github.io/opentelemetry-helm-charts. Admission webhooks enabled with cert-manager integration. Default collector image: otel/opentelemetry-collector-k8s. ClusterRole created for cluster-wide access. Installs OpenTelemetryCollector and Instrumentation CRDs.
Security
Manager securityContext: allowPrivilegeEscalation: false, capabilities: drop: ALL, readOnlyRootFilesystem: true, seccompProfile: RuntimeDefault. Pod securityContext: runAsNonRoot: true, runAsUser/Group/fsGroup: 65532. Admission webhooks use cert-manager for TLS. RBAC is cluster-wide (operator manages Collector pods in any namespace).
Updates
Managed by Renovate. Chart version is semver-pinned (0.109.0).
Administration
Usage
Operators deploy OpenTelemetryCollector resources to create collector instances in Deployment or DaemonSet mode. Collectors are configured with pipelines (receivers → processors → exporters) to route telemetry to Prometheus, Loki, Tempo, or other backends. Instrumentation resources enable automatic trace injection into pods via sidecar or init-container patterns without changing application code.
Cluster-specific deviations from the above live in the per-cluster README — see k8s/infrastructure/talos/controllers/otel-operator/README.md.
Cluster Deployment
OpenTelemetry Operator — Talos cluster
Cluster-specific notes only. General product info, "why we use it", and alternatives live in docusaurus/docs/platform/otel-operator.mdx.
Deviations from defaults
Defaults live in docusaurus/docs/platform/otel-operator.mdx — document anything this cluster does differently here, with a one-line reason.
- HelmRelease:
opentelemetry-operator@0.114.1 - HelmRepo:
otel-operator(https://open-telemetry.github.io/opentelemetry-helm-charts)
Rendered manifests (kustomize build)
apiVersion: v1
data:
values.yaml: |
manager:
collectorImage:
repository: otel/opentelemetry-collector-k8s
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
readOnlyRootFilesystem: true
seccompProfile:
type: RuntimeDefault
resources:
limits:
cpu: 200m
memory: 256Mi
requests:
cpu: 100m
memory: 128Mi
admissionWebhooks:
create: true
certManager:
enabled: true
clusterRole:
create: true
securityContext:
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
fsGroup: 65532
kind: ConfigMap
metadata:
name: otel-operator-values-d84g974t45
namespace: otel-operator