feat: add configurable telemetry to ModelAsService CRD

Author: ishitasequeira

api/components/v1alpha1/modelsasservice_types.go

@@ -61,6 +61,43 @@ type ModelsAsServiceSpec struct {
 	// APIKeys contains configuration for API key management.
 	// +kubebuilder:validation:Optional
 	APIKeys *APIKeysConfig `json:"apiKeys,omitempty"`
+
+	// Telemetry contains configuration for telemetry and metrics collection.
+	// +kubebuilder:validation:Optional
+	Telemetry *TelemetryConfig `json:"telemetry,omitempty"`
+}
+
+// TelemetryConfig defines configuration for telemetry collection.
+type TelemetryConfig struct {
+	// Metrics contains configuration for metric dimensions/labels.
+	// +kubebuilder:validation:Optional
+	Metrics *MetricsConfig `json:"metrics,omitempty"`
+}
+
+// MetricsConfig defines which dimensions (labels) are captured in telemetry metrics.
+// Each dimension can be enabled or disabled to control metric cardinality and storage costs.
+type MetricsConfig struct {
+	// CaptureOrganization enables the organization_id label on metrics.
+	// +kubebuilder:default=true
+	// +kubebuilder:validation:Optional
+	CaptureOrganization *bool `json:"captureOrganization,omitempty"`
+
+	// CaptureUser enables the user label on metrics.
+	// Note: This is a high-cardinality dimension and may be disabled for privacy (GDPR) compliance.
+	// +kubebuilder:default=true
+	// +kubebuilder:validation:Optional
+	CaptureUser *bool `json:"captureUser,omitempty"`
+
+	// CaptureGroup enables the group label on metrics for team-based chargeback.
+	// Note: This is a high-cardinality dimension and is disabled by default.
+	// +kubebuilder:default=false
+	// +kubebuilder:validation:Optional
+	CaptureGroup *bool `json:"captureGroup,omitempty"`
+
+	// CaptureModelUsage enables the model label on metrics.
+	// +kubebuilder:default=true
+	// +kubebuilder:validation:Optional
+	CaptureModelUsage *bool `json:"captureModelUsage,omitempty"`
 }
 
 // APIKeysConfig defines configuration options for API key management.

api/components/v1alpha1/zz_generated.deepcopy.go

@@ -60,6 +60,7 @@ func (s *componentHandler) NewComponentReconciler(ctx context.Context, mgr ctrl.
 		// Third-party CRDs that may not be available in all environments.
 		OwnsGVK(gvk.AuthPolicyv1, reconciler.Dynamic(reconciler.CrdExists(gvk.AuthPolicyv1))).
 		OwnsGVK(gvk.DestinationRule, reconciler.Dynamic(reconciler.CrdExists(gvk.DestinationRule))).
+		OwnsGVK(gvk.TelemetryPolicyv1alpha1, reconciler.Dynamic(reconciler.CrdExists(gvk.TelemetryPolicyv1alpha1))).
 		Watches(
 			&extv1.CustomResourceDefinition{},
 			reconciler.WithEventHandler(
@@ -85,6 +86,7 @@ func (s *componentHandler) NewComponentReconciler(ctx context.Context, mgr ctrl.
 		)).
 		// WithAction(releases.NewAction()). // TODO: Do we need this? How to fix annotation of "platform.opendatahub.io/version:0.0.0"
 		WithAction(configureGatewayNamespaceResources).
+		WithAction(configureTelemetryPolicy).
 		WithAction(configureConfigHashAnnotation).
 		WithAction(deploy.NewAction(
 			deploy.WithCache(),

internal/controller/components/modelsasservice/modelsasservice_controller.go

@@ -219,6 +219,123 @@ func configureDestinationRule(log logr.Logger, resource *unstructured.Unstructur
 	resource.SetNamespace(gatewayNamespace)
 }
 
+// configureTelemetryPolicy is a post-render action that creates a TelemetryPolicy
+// resource based on the ModelsAsService telemetry configuration.
+//
+// The TelemetryPolicy is generated programmatically (not from manifests) because
+// its content is entirely dynamic based on the spec.telemetry.metrics configuration.
+func configureTelemetryPolicy(ctx context.Context, rr *types.ReconciliationRequest) error {
+	log := logf.FromContext(ctx)
+
+	maas, ok := rr.Instance.(*componentApi.ModelsAsService)
+	if !ok {
+		return fmt.Errorf("resource instance %v is not a componentApi.ModelsAsService", rr.Instance)
+	}
+
+	gatewayNamespace := maas.Spec.GatewayRef.Namespace
+	gatewayName := maas.Spec.GatewayRef.Name
+
+	// Build the labels map based on telemetry configuration
+	metricLabels := buildTelemetryLabels(log, maas.Spec.Telemetry)
+
+	// Create the TelemetryPolicy resource
+	telemetryPolicy := &unstructured.Unstructured{
+		Object: map[string]interface{}{
+			"apiVersion": "extensions.kuadrant.io/v1alpha1",
+			"kind":       "TelemetryPolicy",
+			"metadata": map[string]interface{}{
+				"name":      TelemetryPolicyName,
+				"namespace": gatewayNamespace,
+				"labels": map[string]interface{}{
+					"app.kubernetes.io/part-of": "maas-observability",
+				},
+			},
+			"spec": map[string]interface{}{
+				"targetRef": map[string]interface{}{
+					"group": "gateway.networking.k8s.io",
+					"kind":  "Gateway",
+					"name":  gatewayName,
+				},
+				"metrics": map[string]interface{}{
+					"default": map[string]interface{}{
+						"labels": metricLabels,
+					},
+				},
+			},
+		},
+	}
+
+	log.V(2).Info("Creating TelemetryPolicy",
+		"name", TelemetryPolicyName,
+		"namespace", gatewayNamespace,
+		"targetGateway", gatewayName,
+		"labels", metricLabels)
+
+	// Add to resources for deployment
+	rr.Resources = append(rr.Resources, *telemetryPolicy)
+
+	return nil
+}
+
+// buildTelemetryLabels creates the metric labels map based on the telemetry configuration.
+// It includes always-on dimensions and configurable dimensions based on MetricsConfig settings.
+func buildTelemetryLabels(log logr.Logger, config *componentApi.TelemetryConfig) map[string]interface{} {
+	// Default values when config is nil or metrics is nil
+	captureOrganization := true
+	captureUser := true
+	captureGroup := false
+	captureModelUsage := true
+
+	if config != nil && config.Metrics != nil {
+		metrics := config.Metrics
+		if metrics.CaptureOrganization != nil {
+			captureOrganization = *metrics.CaptureOrganization
+		}
+		if metrics.CaptureUser != nil {
+			captureUser = *metrics.CaptureUser
+		}
+		if metrics.CaptureGroup != nil {
+			captureGroup = *metrics.CaptureGroup
+		}
+		if metrics.CaptureModelUsage != nil {
+			captureModelUsage = *metrics.CaptureModelUsage
+		}
+	}
+
+	// Always-on dimensions - essential for billing and access control
+	labels := map[string]interface{}{
+		"subscription": "auth.identity.selected_subscription",
+		"cost_center":  "auth.identity.costCenter",
+		"tier":         "auth.identity.tier",
+	}
+
+	// Configurable dimensions
+	if captureOrganization {
+		labels["organization_id"] = "auth.identity.organizationId"
+	}
+
+	if captureUser {
+		labels["user"] = "auth.identity.userid"
+	}
+
+	if captureGroup {
+		labels["group"] = "auth.identity.group"
+	}
+
+	if captureModelUsage {
+		labels["model"] = "responseBodyJSON(\"/model\")"
+	}
+
+	log.V(4).Info("Built telemetry labels",
+		"captureOrganization", captureOrganization,
+		"captureUser", captureUser,
+		"captureGroup", captureGroup,
+		"captureModelUsage", captureModelUsage,
+		"totalLabels", len(labels))
+
+	return labels
+}
+
 // configureConfigHashAnnotation adds a hash annotation to the maas-api Deployment
 // to trigger rolling restarts when the ConfigMap changes.
 // This is necessary because env vars sourced via valueFrom.configMapKeyRef

internal/controller/components/modelsasservice/modelsasservice_controller_actions.go

@@ -45,6 +45,11 @@ const (
 	// the same namespace as the gateway it targets.
 	GatewayDestinationRuleName = "maas-api-backend-tls"
 
+	// TelemetryPolicyName is the name of the TelemetryPolicy resource that
+	// configures metric labels for the MaaS gateway. This resource needs to be
+	// deployed to the same namespace as the gateway it targets.
+	TelemetryPolicyName = "maas-telemetry"
+
 	// MaaSParametersConfigMapName is the name of the ConfigMap that stores
 	// MaaS configuration parameters (generated by kustomize from params.env).
 	MaaSParametersConfigMapName = "maas-parameters"

internal/controller/components/modelsasservice/modelsasservice_support.go

@@ -675,6 +675,12 @@ var (
 		Kind:    "RateLimitPolicy",
 	}
 
+	TelemetryPolicyv1alpha1 = schema.GroupVersionKind{
+		Group:   "extensions.kuadrant.io",
+		Version: "v1alpha1",
+		Kind:    "TelemetryPolicy",
+	}
+
 	AuthConfigv1beta3 = schema.GroupVersionKind{
 		Group:   "authorino.kuadrant.io",
 		Version: "v1beta3",