docs: add infra relationship example for collector

kb-newrelic · kb-newrelic · commit 747bec0a38fd · 2025-07-29T14:40:55.000-07:00
diff --git a/other-examples/collector/internal-telemetry-infra-relationships/README.md b/other-examples/collector/internal-telemetry-infra-relationships/README.md
@@ -0,0 +1,144 @@
+# Monitoring Hosts with OpenTelemetry Collector
+
+This example demonstrates configuring the [internal telemetry](https://opentelemetry.io/docs/collector/internal-telemetry/) of an OTel Collector in way that also provides infrastructure relationships between the collector and its host and container.
+
+## Architecture
+```mermaid
+flowchart LR
+  subgraph Collector
+    direction LR
+    internaltelemetry["Internal Telemetry"]
+    subgraph Pipeline
+      direction TB
+      otlpreceiver["otlpreceiver"]
+      resourcedetectionprocessor["resourcedetectionprocessor <br> (adds host.id)"]
+      otlphttpexporter["otlphttpexporter"]
+    end
+  end
+
+  internaltelemetry -- "OTLP/HTTP" --> otlpreceiver
+  otlpreceiver --> resourcedetectionprocessor
+  resourcedetectionprocessor --> otlphttpexporter
+  otlphttpexporter --> newrelic["New Relic OTLP Endpoint"]
+
+  k8sdownwardapi["k8s Downward API"]
+  k8sdownwardapi -- "namespace, pod" --> collectorconfig
+
+  collectorconfig["Collector Config <br> (adds <br> k8s.cluster.name, <br> k8s.namespace.name, <br> k8s.pod.name, <br> k8s.container.name)"]
+  collectorconfig --> internaltelemetry
+```
+
+## Requirements
+
+- Your infrastructure must be instrumented which means container and/or host entities show up in NR. We recommend using the [nr-k8s-otel-collector](https://github.com/newrelic/helm-charts/tree/master/charts/nr-k8s-otel-collector) helm chart.
+- You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. This example was tested on [AWS EKS](https://aws.amazon.com/eks/) with Amazon Linux nodes. The steps for achieving a container relationship should be universal for all k8s clusters - they also work on local clusters like `kind` or `minikube`.
+- The host relationship is synthesized based on the `host.id` attribute matching up on the host and collector telemetry. The determination of this attribute heavily depends on your environment and is driven by the `resourcedetectionprocessor` which does not support local clusters out-of-the-box. You might be able to make it work by tweaking the processor configuration, but we won't cover this here as there are too many variables involved.
+- [A New Relic account](https://one.newrelic.com/)
+- [A New Relic license key](https://docs.newrelic.com/docs/apis/intro-apis/new-relic-api-keys/#license-key)
+
+### Collector
+We'll use [otelcol-contrib](https://github.com/open-telemetry/opentelemetry-collector-releases/tree/main/distributions/otelcol-contrib) for the example but if you are using your own collector, here is the what and why regarding components:
+- [otlpreceiver](https://github.com/open-telemetry/opentelemetry-collector/blob/main/receiver/otlpreceiver/README.md) to provide a hook for the internal telemetry to get funnelled into a pipeline defined in the collector itself.
+- [resourcedetectionprocessor](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/processor/resourcedetectionprocessor) to add `host.id` to internal telemetry.
+- [otlphttpexporter](https://github.com/open-telemetry/opentelemetry-collector/tree/main/exporter/otlphttpexporter) to send telemetry to New Relic.
+- (optional) [memorylimiterprocessor](https://github.com/open-telemetry/opentelemetry-collector/tree/main/processor/memorylimiterprocessor) and [batchprocessor](https://github.com/open-telemetry/opentelemetry-collector/tree/v0.102.0/processor/batchprocessor) for best practices.
+
+### Appendix
+- Collector entity definition: [EXT-SERVICE](https://github.com/newrelic/entity-definitions/blob/main/entity-types/ext-service/definition.yml#L72-L94)
+  - requires `service.name` on internal telemetry
+- Collector to container relationship: [INFRA_KUBERNETES_CONTAINER-to-EXT_SERVICE](https://github.com/newrelic/entity-definitions/blob/main/relationships/synthesis/INFRA_KUBERNETES_CONTAINER-to-EXT_SERVICE.yml#L40)
+  - requires `k8s.cluster.name`, `k8s.namespace.name`, `k8s.pod.name`, `k8s.container.name` on internal telemetry that matches
+  equivalent attributes on the container telemetry.
+- Collector to host relationship: [INFRA-HOST-to-EXT-SERVICE](https://github.com/newrelic/entity-definitions/blob/main/relationships/synthesis/INFRA-HOST-to-EXT-SERVICE.yml)
+  - requires `host.id` on internal telemetry that matches the host telemetry.
+
+
+## Running the example
+
+1. Instrument your infrastructure, e.g. install [nr-k8s-otel-collector](https://github.com/newrelic/helm-charts/tree/master/charts/nr-k8s-otel-collector)
+    ```shell
+      # Cluster name is hard coded as the downward API does not expose it
+      license_key='INSERT_API_KEY'
+      cluster_name='INSERT_CLUSTER_NAME'
+      helm repo add newrelic https://helm-charts.newrelic.com
+      helm upgrade 'nr-k8s-otel-collector-release' newrelic/nr-k8s-otel-collector \
+      --install \
+      --create-namespace --namespace 'nr-k8s-otel-collector' \
+      --dependency-update \
+      --set "cluster=${cluster_name}" \
+      --set "licenseKey=${license_key}"
+    ```
+1. Update the values in [secrets.yaml](./k8s/secrets.yaml) based on the comments and your setup.
+    * Note, be careful to avoid inadvertent secret sharing when modifying `secrets.yaml`. To ignore changes to this file from git, run `git update-index --skip-worktree k8s/secrets.yaml`.
+
+1. Run the application with the following command.
+
+    ```shell
+    kubectl apply -f k8s/
+    ```
+   
+   * When finished, cleanup resources with the following command. This is also useful to reset if modifying configuration.
+
+   ```shell
+   kubectl delete -f k8s/
+   helm uninstall 'nr-k8s-otel-collector-release' --namespace 'nr-k8s-otel-collector'
+   ```
+
+## Viewing your data
+
+### In the UI
+The infrastructure relationships are used to light up our APM UI. Navigate to "New Relic -> All Entities -> Services - OpenTelemetry" and click on the service with name corresponding to value provided in `secrets.yaml` for `COLLECTOR_SERVICE_NAME`. The 'Summary' page shows metrics related to the infrastructure entities related to your collector at the bottom of the page.
+
+
+### From the CLI
+You can also query the relationships through NerdGraph using the [newrelic CLI](https://github.com/newrelic/newrelic-cli/blob/main/docs/GETTING_STARTED.md#environment-setup). Note that the api key in this case is NOT an ingest key (as used above), but instead a user key.
+
+The following script should work if your service name is sufficiently unique as the first part determines the entity guid based on the service name.
+If you have the correct entity guid, you can skip the first part and just query the relationships directly.
+
+```bash
+#!/bin/bash
+export NEW_RELIC_REGION='US'
+export NEW_RELIC_API_KEY='INSERT_USER_KEY'
+SERVICE_NAME='INSERT_SERVICE_NAME'
+
+ENTITY=$(newrelic nerdgraph query "{
+  actor {
+    entitySearch(queryBuilder: {name: \"${SERVICE_NAME}\"}) {
+      results {
+        entities {
+          guid
+          name
+        }
+      }
+    }
+  }
+}")
+SERVICE_ENTITY_GUID=$(jq -r '.actor.entitySearch.results.entities[0].guid' <<< "$ENTITY")
+
+newrelic nerdgraph query "{
+  actor {
+    entity(guid: \"${SERVICE_ENTITY_GUID}\") {
+      relatedEntities(filter: {relationshipTypes: {include: HOSTS}}) {
+        results {
+          source {
+            entity {
+              name
+              guid
+              domain
+              type
+            }
+          }
+          type
+          target {
+            entity {
+              guid
+              name
+            }
+          }
+        }
+      }
+    }
+  }
+}" 
+```
diff --git a/other-examples/collector/internal-telemetry-infra-relationships/k8s/_namespace.yaml b/other-examples/collector/internal-telemetry-infra-relationships/k8s/_namespace.yaml
@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: internal-telemetry-infra-relationship
diff --git a/other-examples/collector/internal-telemetry-infra-relationships/k8s/collector.yaml b/other-examples/collector/internal-telemetry-infra-relationships/k8s/collector.yaml
@@ -0,0 +1,69 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: collector
+  namespace: internal-telemetry-infra-relationship
+  labels:
+    app.kubernetes.io/name: collector
+spec:
+  selector:
+    matchLabels:
+      name: collector
+  template:
+    metadata:
+      labels:
+        name: collector
+    spec:
+      containers:
+        - name: collector-infra-relationships
+          image: otel/opentelemetry-collector-contrib:0.130.1
+          args:
+            - --config=/config/config.yaml
+            # add k8s metadata as resource attributes
+            - '--config=yaml:service::telemetry::resource::k8s.cluster.name: ${env:CLUSTER_NAME}'
+            - '--config=yaml:service::telemetry::resource::k8s.namespace.name: "${env:NAMESPACE}"'
+            - '--config=yaml:service::telemetry::resource::k8s.pod.name: "${env:POD_NAME}"'
+            # Hardcoded container name - needs to match the container's name above
+            - '--config=yaml:service::telemetry::resource::k8s.container.name: collector-infra-relationships'
+          env:
+            # New Relic OTLP endpoint
+            - name: NEW_RELIC_OTLP_ENDPOINT
+              valueFrom:
+                secretKeyRef:
+                  name: collector-internal-telemetry-secret
+                  key: NEW_RELIC_OTLP_ENDPOINT
+            # The New Relic API key used to authenticate export requests.
+            # Defined in secrets.yaml
+            - name: NEW_RELIC_LICENSE_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: collector-internal-telemetry-secret
+                  key: NEW_RELIC_API_KEY
+            # defines the collector's entity name in New Relic
+            - name: SERVICE_NAME
+              valueFrom:
+                secretKeyRef:
+                  name: collector-internal-telemetry-secret
+                  key: COLLECTOR_SERVICE_NAME
+            - name: CLUSTER_NAME
+              valueFrom:
+                secretKeyRef:
+                  name: collector-internal-telemetry-secret
+                  key: CLUSTER_NAME
+            # k8s.namespace.name from Downward API
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            # k8s.pod.name from Downward API
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          volumeMounts:
+            - name: config
+              mountPath: /config
+      volumes:
+        - name: config
+          configMap:
+            name: collector-config
diff --git a/other-examples/collector/internal-telemetry-infra-relationships/k8s/configmap.yaml b/other-examples/collector/internal-telemetry-infra-relationships/k8s/configmap.yaml
@@ -0,0 +1,95 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: collector-config
+  namespace: internal-telemetry-infra-relationship
+data:
+  config.yaml: |
+    receivers:
+      otlp/internal:
+        protocols:
+          # listens on localhost:4318 by default, so the collector's internal telemetry otlpexporters can write to this without further configuration
+          http:
+
+    processors:
+      batch:
+      memory_limiter:
+        check_interval: 1s
+        limit_percentage: 75
+        spike_limit_percentage: 15
+        
+      # adds host.id as resource attribute
+      # Note: if host entities are monitored (and thus their entity synthesis driven) by a collector C, this processor should mirror C's configuration
+      resourcedetection/internal:
+        # only one detector should technically be necessary, but this list covers the big three cloud providers and their managed Kubernetes services
+        # env detector allows providing the host.id via env var, i.e. OTEL_RESOURCE_ATTRIBUTES=host.id=<host_id> for more static setups and manual testing/debugging
+        detectors: [env, eks, ec2, aks, azure, gcp]
+        timeout: 2s
+
+    exporters:
+      otlphttp/internal:
+        endpoint: "${env:NEW_RELIC_OTLP_ENDPOINT}"
+        headers:
+          api-key: "${env:NEW_RELIC_LICENSE_KEY}"
+
+    service:
+      pipelines:
+        ####
+        #  insert your normal pipelines
+        ####
+        logs/internal:
+          receivers:
+            - otlp/internal
+          processors:
+            - memory_limiter
+            - resourcedetection/internal
+            - batch
+          exporters:
+            - otlphttp/internal
+        metrics/internal:
+          receivers:
+            - otlp/internal
+          processors:
+            - memory_limiter
+            - resourcedetection/internal
+            - batch
+          exporters:
+            - otlphttp/internal
+        traces/internal:
+          receivers:
+            - otlp/internal
+          processors:
+            - memory_limiter
+            - resourcedetection/internal
+            - batch
+          exporters:
+            - otlphttp/internal
+      
+      telemetry:
+        resource:
+          service.name: "${env:SERVICE_NAME}"
+        metrics:
+          level: detailed
+          readers:
+            - periodic:
+                exporter:
+                  otlp:
+                    protocol: http/protobuf
+                    endpoint: http://localhost:4318
+        logs:
+          level: INFO
+          disable_stacktrace: true
+          disable_caller: true
+          processors:
+            - batch:
+                exporter:
+                  otlp:
+                    protocol: http/protobuf
+                    endpoint: http://localhost:4318
+        traces:
+          processors:
+            - batch:
+                exporter:
+                  otlp:
+                    protocol: http/protobuf
+                    endpoint: http://localhost:4318
diff --git a/other-examples/collector/internal-telemetry-infra-relationships/k8s/secrets.yaml b/other-examples/collector/internal-telemetry-infra-relationships/k8s/secrets.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: collector-internal-telemetry-secret
+  namespace: internal-telemetry-infra-relationship
+stringData:
+  # New Relic API key to authenticate the export requests.
+  # docs: https://docs.newrelic.com/docs/apis/intro-apis/new-relic-api-keys/#license-key
+  NEW_RELIC_API_KEY: INSERT_API_KEY
+  # The default US endpoint is set here. If your account is based in the EU, use `https://otlp.eu01.nr-data.net` instead.
+  # docs: https://docs.newrelic.com/docs/more-integrations/open-source-telemetry-integrations/opentelemetry/best-practices/opentelemetry-otlp/#configure-endpoint-port-protocol
+  NEW_RELIC_OTLP_ENDPOINT: https://otlp.nr-data.net/
+  # The cluster name; will be added as attribute `k8s.cluster.name` to the internal telemetry.
+  CLUSTER_NAME: INSERT_CLUSTER_NAME
+  # Determines the entity name in New Relic; will be added as `service.name` to internal telemetry.
+  COLLECTOR_SERVICE_NAME: infra-relationships-service
+
