adds an opentelemetry tracing example

this setup makes it possible to visualize spicedb traces in grafana using OpenTelemetry
authzed · Sep 16, 2022 · fe979d7 · fe979d7
1 parent ca99b2c
commit fe979d7
Show file tree

Hide file tree

Showing 6 changed files with 171 additions and 0 deletions.
diff --git a/tracing/README.md b/tracing/README.md
@@ -0,0 +1,26 @@
+# Description
+
+This docker compose sets up SpiceDB with an open-telemetry based stack for tracing (OTEL Collector, Tempo and Grafana).
+This is for demonstration purposes and not meant to be used as a production observability setup.
+
+- SpiceDB is configured to send OTEL traces to an instance of the otel-collector
+- otel-collector exports traces to tempo, the latter acting as tracing backend
+- grafana is configured with tempo as datasource
+
+## Usage
+
+```shell
+docker compose up
+```
+
+Grafana will be available locally at http://localhost:3000 with Tempo set up as datasource for tracing.
+
+Issue some requests to spicedb so we can start collecting traces
+
+```bash
+zed context set example localhost:50051 foobar --insecure
+zed schema write schema.zed
+zed schema read
+zed relationship create document:1 writer user:1
+zed permission check document:1 view user:1
+```
diff --git a/tracing/docker-compose.yaml b/tracing/docker-compose.yaml
@@ -0,0 +1,54 @@
+version: "3"
+
+services:
+  spicedb:
+    image: "authzed/spicedb"
+    command: "serve"
+    restart: "always"
+    ports:
+      - "9090"         # prometheus metrics
+      - "50051:50051"  # grpc endpoint
+    environment:
+      - "SPICEDB_LOG_FORMAT=console"
+      - "SPICEDB_GRPC_PRESHARED_KEY=foobar"
+      - "SPICEDB_DATASTORE_ENGINE=memory"
+      - "SPICEDB_DISPATCH_CACHE_METRICS=true"
+      - "SPICEDB_DISPATCH_CLUSTER_METRICS=true"
+      - "SPICEDB_NS_CACHE_METRICS=true"
+      - "SPICEDB_METRICS_ENABLED=true"
+      - "SPICEDB_OTEL_PROVIDER=otlpgrpc"
+      - "OTEL_EXPORTER_OTLP_ENDPOINT=http://otel-collector:4317"
+
+    depends_on:
+      - otel-collector
+  otel-collector:
+    image: "otel/opentelemetry-collector:0.60.0"
+    command: "--config /etc/otel-config.yaml"
+    volumes:
+      - ./otel-config.yaml:/etc/otel-config.yaml
+    ports:
+      - "4317:4317" # OTLP gRPC
+      - "8888" # Prometheus metrics for collector
+    depends_on:
+      - tempo
+  tempo:
+    image: grafana/tempo:1.5.0
+    command: "-search.enabled=true -config.file=/etc/tempo.yaml"
+    volumes:
+      - ./tempo.yaml:/etc/tempo.yaml
+    restart: unless-stopped  
+    ports:
+      - "4317"        # OTLP gRPC
+      - "3100"        # tempo
+  grafana:
+    image: grafana/grafana:9.1.5-ubuntu
+    volumes:
+      - ./grafana-datasources.yaml:/etc/grafana/provisioning/datasources/datasources.yaml
+    environment:
+      - GF_AUTH_ANONYMOUS_ENABLED=true
+      - GF_AUTH_ANONYMOUS_ORG_ROLE=Admin
+      - GF_AUTH_DISABLE_LOGIN_FORM=true
+    ports:
+      - "3000:3000"
+    depends_on:
+      - tempo
diff --git a/tracing/grafana-datasources.yaml b/tracing/grafana-datasources.yaml
@@ -0,0 +1,14 @@
+apiVersion: 1
+
+datasources:
+- name: 'Tempo'
+  type: tempo
+  access: proxy
+  orgId: 1
+  url: http://tempo:3100
+  basicAuth: false
+  isDefault: true
+  version: 1
+  editable: true
+  apiVersion: 1
+  uid: tempo
diff --git a/tracing/otel-config.yaml b/tracing/otel-config.yaml
@@ -0,0 +1,29 @@
+receivers:
+  otlp:
+    protocols:
+      grpc:
+        endpoint: "0.0.0.0:4317"
+
+processors:
+ batch:
+
+exporters:
+  logging:
+    loglevel: debug
+  otlp:
+    endpoint: tempo:4317
+    compression: none
+    tls:
+      insecure: true
+
+service:
+  pipelines:
+    traces:
+      receivers: [otlp]
+      processors: [batch]
+      exporters: [otlp]
+  telemetry:
+    logs:
+      level: "info"
+    metrics:
+      address: ":8888"
diff --git a/tracing/schema.zed b/tracing/schema.zed
@@ -0,0 +1,9 @@
+  definition user {}
+
+  definition document {
+      relation writer: user
+      relation reader: user
+
+      permission edit = writer
+      permission view = reader + edit
+  }
diff --git a/tracing/tempo.yaml b/tracing/tempo.yaml
@@ -0,0 +1,39 @@
+auth_enabled: false
+
+server:
+  http_listen_port: 3100
+
+distributor:
+  receivers:
+    otlp:
+      protocols:
+        http:
+        grpc:
+
+ingester:
+  trace_idle_period: 10s
+  max_block_bytes: 100_000
+  max_block_duration: 1m 
+
+compactor:
+  compaction:
+    compaction_window: 1h 
+    max_block_bytes: 100_000_000 
+    block_retention: 1h
+    compacted_block_retention: 10m
+
+storage:
+  trace:
+    backend: local
+    block:
+      bloom_filter_false_positive: .05
+      index_downsample_bytes: 1000
+      encoding: zstd
+    wal:
+      path: /tmp/tempo/wal
+      encoding: snappy
+    local:
+      path: /tmp/tempo/blocks
+    pool:
+      max_workers: 100
+      queue_depth: 10000