Observability
Tazuna has built-in support for OpenTelemetry-based tracing. Every CLI command can export traces via OTLP/gRPC, which you can use for timing measurements and error tracking in CI and cluster operations.
Tracing is opt-in. If you pass no flags, a no-op tracer is used and there are zero external dependencies.
Enabling
The following global flags have been added to the root command.
| Flag | Type | Default | Description |
|---|---|---|---|
--otlp-endpoint | string | "" | The endpoint of the OTLP/gRPC collector (e.g. localhost:4317). No-op when empty. |
--otlp-insecure | bool | true | Use plaintext gRPC for the OTLP exporter (no TLS). |
Only commands passed --otlp-endpoint fire traces. To keep a short-lived CLI from hanging on the collector, shutdown has a 5-second timeout.
# Point it at something that can receive OTLP/gRPC, such as Jaeger / Tempo / OTel Collector
tazuna apply -f tazuna.yaml --otlp-endpoint=localhost:4317
tazuna plan -f tazuna.yaml --otlp-endpoint=localhost:4317
Trace structure
Tazuna emits a 3-layer trace tree.
tazuna.Apply / tazuna.Plan / tazuna.Status / tazuna.StateDrift ← Runner top-level span
└── tazuna.ApplyToCluster ← Runner internal span
└── Kustomize.Apply / Helmfile.Apply / GenesisSecret.Apply / ORAS.Apply
← Manager span
- Runner span (tracer name
tazuna/runner) - measures the overall execution time of a top-level command. It is the first span opened from the CLI. - Manager span (tracer name
tazuna/manager) - measures each Manifest-type-specific operation (equivalent tokubectl apply/helmfile sync/ oras pull / etc.) as one span apiece.
Because the Runner span and Manager span names are kept separate, it is easy to analyze by service / operation in Datadog / Jaeger and the like.
Main span attributes
| Attribute | When it is attached | Example value |
|---|---|---|
tazuna.yaml.path | Runner span | ./tazuna.yaml |
manifests.count | Runner span | 12 |
apply.sync | tazuna.Apply span | true / false |
apply.prune | tazuna.Apply span | true / false |
apply.atomic | tazuna.Apply span | true / false |
manifest.name | Manager span | ingress-nginx |
manifest.type | Manager span | kustomize / helmfile / oras / genesissecret |
manifest.path | Manager span | ./kustomize/ingress |
genesissecret.provider | GenesisSecret.Apply span | primary-op / default-op |
On error, the span is marked with an error status and the message is attached via span.RecordError.
Using it in CI
Using a SaaS collector such as Datadog / Honeycomb / Grafana Cloud lets you track apply duration and failure rate over time. An example of passing it from CI:
# GitHub Actions
- name: tazuna apply (with tracing)
env:
OTEL_EXPORTER_OTLP_HEADERS: api-key=${{ secrets.OTEL_API_KEY }}
run: tazuna apply -f tazuna.yaml --otlp-endpoint=otel.example.com:4317
Since it is a short-lived CLI, filtering by service.name=tazuna on the collector side should let you see the span tree for each CI run directly.
Related
- Flag spec: CLI - Global flags
- Drift monitoring: Drift Monitoring
- CI integration: CI Pipeline