feat: add redpanda buffering layer with split ingress/egress otel collectors

Author: adambenhassen

deployment/index.ts

@@ -20,6 +20,7 @@ import { deployPostgres } from './services/postgres';
 import { deployProxy } from './services/proxy';
 import { deployPublicGraphQLAPIGateway } from './services/public-graphql-api-gateway';
 import { deployRedis } from './services/redis';
+import { deployRedpanda } from './services/redpanda';
 import { deployS3, deployS3AuditLog, deployS3Mirror } from './services/s3';
 import { deploySchema } from './services/schema';
 import { configureSentry } from './services/sentry';
@@ -78,6 +79,7 @@ const clickhouse = deployClickhouse();
 const postgres = deployPostgres();
 const redis = deployRedis({ environment });
 const kafka = deployKafka();
+const redpanda = deployRedpanda();
 const s3 = deployS3();
 const s3Mirror = deployS3Mirror();
 const s3AuditLog = deployS3AuditLog();
@@ -284,6 +286,7 @@ const otelCollector = deployOTELCollector({
   graphql,
   dbMigrations,
   clickhouse,
+  redpanda,
   image: docker.factory.getImageId('otel-collector', imagesTag),
   docker,
 });
@@ -344,5 +347,7 @@ export const schemaApiServiceId = schema.service.id;
 export const webhooksApiServiceId = webhooks.service.id;
 
 export const appId = app.deployment.id;
-export const otelCollectorId = otelCollector.deployment.id;
+export const otelCollectorIngressId = otelCollector.ingress.deployment.id;
+export const otelCollectorEgressId = otelCollector.egress.deployment.id;
+export const redpandaStatefulSetId = redpanda.statefulSet.id;
 export const publicIp = proxy.get()!.status.loadBalancer.ingress[0].ip;

deployment/services/otel-collector.ts

@@ -5,6 +5,7 @@ import { DbMigrations } from './db-migrations';
 import { Docker } from './docker';
 import { Environment } from './environment';
 import { GraphQL } from './graphql';
+import { Redpanda } from './redpanda';
 
 export type OTELCollector = ReturnType<typeof deployOTELCollector>;
 
@@ -15,9 +16,13 @@ export function deployOTELCollector(args: {
   clickhouse: Clickhouse;
   dbMigrations: DbMigrations;
   graphql: GraphQL;
+  redpanda: Redpanda;
 }) {
-  return new ServiceDeployment(
-    'otel-collector',
+  const kafkaBroker = args.redpanda.brokerEndpoint;
+
+  // Ingress: OTLP -> Redpanda
+  const ingress = new ServiceDeployment(
+    'otel-collector-ingress',
     {
       image: args.image,
       imagePullSecret: args.docker.secret,
@@ -26,6 +31,7 @@ export function deployOTELCollector(args: {
         HIVE_OTEL_AUTH_ENDPOINT: serviceLocalEndpoint(args.graphql.service).apply(
           value => value + '/otel-auth',
         ),
+        KAFKA_BROKER: kafkaBroker,
       },
       /**
        * We are using the healthcheck extension.
@@ -40,11 +46,40 @@ export function deployOTELCollector(args: {
       pdb: true,
       availabilityOnEveryNode: true,
       port: 4318,
-      memoryLimit: args.environment.podsConfig.tracingCollector.memoryLimit,
+      memoryLimit: '512Mi',
       autoScaling: {
         maxReplicas: args.environment.podsConfig.tracingCollector.maxReplicas,
         cpu: {
-          limit: args.environment.podsConfig.tracingCollector.cpuLimit,
+          limit: '500m',
+          cpuAverageToScale: 80,
+        },
+      },
+    },
+    [args.dbMigrations],
+  ).deploy();
+
+  // Egress: Redpanda -> ClickHouse
+  const egress = new ServiceDeployment(
+    'otel-collector-egress',
+    {
+      image: args.image,
+      imagePullSecret: args.docker.secret,
+      env: {
+        ...args.environment.envVars,
+        KAFKA_BROKER: kafkaBroker,
+      },
+      probePort: 13133,
+      readinessProbe: '/',
+      livenessProbe: '/',
+      startupProbe: '/',
+      exposesMetrics: true,
+      replicas: args.environment.podsConfig.tracingCollector.maxReplicas,
+      pdb: true,
+      memoryLimit: '512Mi',
+      autoScaling: {
+        maxReplicas: args.environment.podsConfig.tracingCollector.maxReplicas,
+        cpu: {
+          limit: '500m',
           cpuAverageToScale: 80,
         },
       },
@@ -57,4 +92,12 @@ export function deployOTELCollector(args: {
     .withSecret('CLICKHOUSE_PASSWORD', args.clickhouse.secret, 'password')
     .withSecret('CLICKHOUSE_PROTOCOL', args.clickhouse.secret, 'protocol')
     .deploy();
+
+  return {
+    ingress,
+    egress,
+    // For backward compatibility, expose ingress as the main deployment
+    deployment: ingress.deployment,
+    service: ingress.service,
+  };
 }

deployment/services/redpanda.ts

@@ -0,0 +1,211 @@
+import * as k8s from '@pulumi/kubernetes';
+import * as pulumi from '@pulumi/pulumi';
+
+export type Redpanda = ReturnType<typeof deployRedpanda>;
+
+export function deployRedpanda() {
+  const redpandaConfig = new pulumi.Config('redpanda');
+  const replicas = redpandaConfig.getNumber('replicas') || 3;
+  const storageSize = redpandaConfig.get('storageSize') || '20Gi';
+  const memoryLimit = redpandaConfig.get('memoryLimit') || '2Gi';
+  const cpuLimit = redpandaConfig.get('cpuLimit') || '1000m';
+
+  const labels = { app: 'redpanda' };
+
+  // StatefulSet for Redpanda
+  const statefulSet = new k8s.apps.v1.StatefulSet('redpanda', {
+    metadata: {
+      name: 'redpanda',
+    },
+    spec: {
+      serviceName: 'redpanda',
+      replicas,
+      selector: {
+        matchLabels: labels,
+      },
+      template: {
+        metadata: {
+          labels,
+        },
+        spec: {
+          containers: [
+            {
+              name: 'redpanda',
+              image: 'redpandadata/redpanda:v25.2.11',
+              resources: {
+                limits: {
+                  cpu: cpuLimit,
+                  memory: memoryLimit,
+                },
+                requests: {
+                  cpu: '500m',
+                  memory: '1Gi',
+                },
+              },
+              command: [
+                '/bin/bash',
+                '-c',
+                `
+                set -e
+                POD_ORDINAL=\${HOSTNAME##*-}
+                INTERNAL_ADVERTISE="redpanda-\${POD_ORDINAL}.redpanda.default.svc.cluster.local"
+
+                # Build seeds list for cluster formation
+                SEEDS=""
+                for i in $(seq 0 $((${replicas} - 1))); do
+                  if [ $i -ne 0 ]; then
+                    SEEDS="$SEEDS,"
+                  fi
+                  SEEDS="$SEEDS{\\\"node_id\\\":$i,\\\"host\\\":\\\"redpanda-$i.redpanda.default.svc.cluster.local\\\",\\\"port\\\":33145}"
+                done
+
+                /usr/bin/redpanda start \\
+                  --node-id \${POD_ORDINAL} \\
+                  --smp 1 \\
+                  --memory 1G \\
+                  --reserve-memory 0M \\
+                  --overprovisioned \\
+                  --kafka-addr PLAINTEXT://0.0.0.0:29092 \\
+                  --advertise-kafka-addr PLAINTEXT://\${INTERNAL_ADVERTISE}:29092 \\
+                  --pandaproxy-addr 0.0.0.0:8082 \\
+                  --advertise-pandaproxy-addr \${INTERNAL_ADVERTISE}:8082 \\
+                  --rpc-addr 0.0.0.0:33145 \\
+                  --advertise-rpc-addr \${INTERNAL_ADVERTISE}:33145 \\
+                  --seeds "[$SEEDS]" \\
+                  --set redpanda.enable_idempotence=true \\
+                  --set redpanda.enable_transactions=true \\
+                  --set redpanda.default_topic_replications=1 \\
+                  --set redpanda.auto_create_topics_enabled=false
+                `,
+              ],
+              ports: [
+                { containerPort: 29092, name: 'kafka' },
+                { containerPort: 8082, name: 'http' },
+                { containerPort: 33145, name: 'rpc' },
+                { containerPort: 9644, name: 'admin' },
+              ],
+              volumeMounts: [
+                {
+                  name: 'datadir',
+                  mountPath: '/var/lib/redpanda/data',
+                },
+              ],
+              livenessProbe: {
+                httpGet: {
+                  path: '/v1/status/ready',
+                  port: 9644 as any,
+                },
+                initialDelaySeconds: 30,
+                periodSeconds: 10,
+              },
+              readinessProbe: {
+                httpGet: {
+                  path: '/v1/status/ready',
+                  port: 9644 as any,
+                },
+                initialDelaySeconds: 10,
+                periodSeconds: 5,
+              },
+            },
+          ],
+        },
+      },
+      volumeClaimTemplates: [
+        {
+          metadata: {
+            name: 'datadir',
+          },
+          spec: {
+            accessModes: ['ReadWriteOnce'],
+            resources: {
+              requests: {
+                storage: storageSize,
+              },
+            },
+          },
+        },
+      ],
+    },
+  });
+
+  // Headless Service for StatefulSet (used for internal cluster communication)
+  const headlessService = new k8s.core.v1.Service('redpanda-headless', {
+    metadata: {
+      name: 'redpanda',
+    },
+    spec: {
+      clusterIP: 'None',
+      selector: labels,
+      ports: [
+        { name: 'kafka', port: 29092, targetPort: 29092 as any },
+        { name: 'http', port: 8082, targetPort: 8082 as any },
+        { name: 'rpc', port: 33145, targetPort: 33145 as any },
+        { name: 'admin', port: 9644, targetPort: 9644 as any },
+      ],
+    },
+  });
+
+  // ClusterIP Service for clients (load balances across all pods)
+  const clientService = new k8s.core.v1.Service('redpanda-client-service', {
+    metadata: {
+      name: 'redpanda-client',
+    },
+    spec: {
+      type: 'ClusterIP',
+      selector: labels,
+      ports: [
+        { name: 'kafka', port: 29092, targetPort: 29092 as any },
+        { name: 'http', port: 8082, targetPort: 8082 as any },
+      ],
+    },
+  });
+
+  // Create otel-traces topic with proper replication
+  const topicCreationJob = new k8s.batch.v1.Job('redpanda-topic-creation', {
+    metadata: {
+      name: 'redpanda-topic-creation',
+    },
+    spec: {
+      template: {
+        spec: {
+          restartPolicy: 'OnFailure',
+          containers: [
+            {
+              name: 'rpk',
+              image: 'redpandadata/redpanda:v25.2.11',
+              command: [
+                '/bin/bash',
+                '-c',
+                `
+                # Wait for Redpanda to be ready
+                until rpk cluster health --brokers redpanda-0.redpanda:29092 2>/dev/null | grep -q 'Healthy'; do
+                  echo "Waiting for Redpanda cluster..."
+                  sleep 5
+                done
+
+                # Create topic with partitioning only (no replication)
+                rpk topic create otel-traces \\
+                  --brokers redpanda-0.redpanda:29092 \\
+                  --replicas 1 \\
+                  --partitions 6 \\
+                  --config retention.ms=86400000 \\
+                  --config compression.type=snappy \\
+                  || echo "Topic may already exist"
+                `,
+              ],
+            },
+          ],
+        },
+      },
+    },
+  }, { dependsOn: [statefulSet, headlessService] });
+
+  return {
+    statefulSet,
+    headlessService,
+    clientService,
+    topicCreationJob,
+    // Client service endpoint - auto-discovers all brokers
+    brokerEndpoint: 'redpanda-client:29092',
+  };
+}

docker/configs/otel-collector/builder-config.yaml

@@ -6,6 +6,8 @@ dist:
 
 receivers:
   - gomod: go.opentelemetry.io/collector/receiver/otlpreceiver v0.122.0
+  - gomod:
+      github.com/open-telemetry/opentelemetry-collector-contrib/receiver/kafkareceiver v0.122.0
 
 processors:
   - gomod: go.opentelemetry.io/collector/processor/batchprocessor v0.122.0
@@ -20,6 +22,8 @@ exporters:
   - gomod: go.opentelemetry.io/collector/exporter/debugexporter v0.122.0
   - gomod:
       github.com/open-telemetry/opentelemetry-collector-contrib/exporter/clickhouseexporter v0.122.0
+  - gomod:
+      github.com/open-telemetry/opentelemetry-collector-contrib/exporter/kafkaexporter v0.122.0
 
 extensions:
   - gomod:
@@ -29,9 +33,6 @@ extensions:
       github.com/open-telemetry/opentelemetry-collector-contrib/extension/pprofextension
       v0.122.0
   - gomod: go.opentelemetry.io/collector/extension/zpagesextension v0.122.0
-  - gomod:
-      github.com/open-telemetry/opentelemetry-collector-contrib/extension/storage/filestorage
-      v0.122.0
   - gomod: github.com/graphql-hive/console/docker/configs/otel-collector/extension-hiveauth v0.0.0
     path: ./extension-hiveauth
     name: hiveauthextension # when using local extensions, package name is required, otherwise you get "missing import path"