Skip to content

Extend Observability instrumentation by supporting E2E tracking #4101

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
4 tasks
miyunari opened this issue Mar 9, 2025 · 0 comments
Open
4 tasks

Extend Observability instrumentation by supporting E2E tracking #4101

miyunari opened this issue Mar 9, 2025 · 0 comments
Labels
enhancement New feature or request

Comments

@miyunari
Copy link
Member

miyunari commented Mar 9, 2025

Description

Goal is to better understand user interactions with important and critical components.

This topic was discussed at the Community Meeting 10. Dez 2024 as part of the 2025 Sigstore Community/Clients Roadmap Planning.

Proposal

Through instrumentation with the opentelemetry-sdk, especially using tracing, we gain the basic functionality for the traceability of transactions across different components, even across different programming languages if required.

If the trace exporter is activated, tools such as Jaeger or 3rd party observability vendors facilitate the analysis of certain transactions. Using the help of the opentelemetry collector, valuable metrics can be extracted without further instrumentation, e.g. with the spanmetrics and servicegraph connectors.

But even without an observability backend, with the instrumentation described above, the transactions can be output as logs and contribute to the E2E Tracking.

{"Name":"HTTP GET Request OIDC Token","SpanContext":{"TraceID":"bacdfe5f74ee2360575648818575566b","SpanID":"9b96920bd702bd38","TraceFlags":"01","TraceState":"","Remote":false},"Parent":{"TraceID":"00000000000000000000000000000000","SpanID":"0000000000000000","TraceFlags":"00","TraceState":"","Remote":false},"SpanKind":1,"StartTime":"2025-01-14T19:32:31.659402917+01:00","EndTime":"2025-01-14T19:32:33.966066381+01:00","Attributes": "..."}
{"Name":"HTTP GET Code Singing Certificate","SpanContext":{"TraceID":"bacdfe5f74ee2360575648818575566b","SpanID":"de0098a1153fe5c5","TraceFlags":"01","TraceState":"","Remote":false},"Parent":{"TraceID":"bacdfe5f74ee2360575648818575566b","SpanID":"9b96920bd702bd38","TraceFlags":"01","TraceState":"","Remote":false},"SpanKind":3,"StartTime":"2025-01-14T19:32:31.659422787+01:00","EndTime":"2025-01-14T19:32:33.966030653+01:00","Attributes": "..."}

By using the traceID e.g. bacdfe5f74ee2360575648818575566b, logs of different components can be manually associated.

How does it work?

In short, the OpenTelemetry SDK will hook into client and server implementations and transmit the trace information as HTTP Header.

Host: localhost:8080
User-Agent: Go-http-client/1.1
Traceparent: 00-bacdfe5f74ee2360575648818575566b-de0098a1153fe5c5-01
Accept-Encoding: gzip

This issue is intended to serve as a tracking issue. We may want to start with a common otel initialization package and then instrument the following components:

  • Cosign
  • Sigstore-go
  • Rekor
  • Fulcio
  • TBD
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@miyunari