Menu
Open source

Pattern 6 - Multitenant

Companies with multiple SRE teams are starting to have a central platform engineering team providing the tooling for the individual product teams to manage part of their observability tools. In that scenario, it’s helpful to allow teams to use an OpenTelemetry Collector with their own configuration, using the receivers and processors they need, while still having a central layer of collectors, deciding where the telemetry data is sent. Different teams might have different accounts at a backend service, or use different data stores altogether. In that case, the centralized OpenTelemetry Collector needs to understand which tenant data goes to which backend. In addition, the platform engineering team might also want to collect usage metrics, so that product teams are charged back based on usage.

Example of a collector configuration for the tenant acme:

yaml
extensions:

receivers:
  otlp:
    protocols:
      grpc:

processors:

exporters:
  otlp:
    endpoint: my-otelcol.observability.svc.cluster.local:4317
    headers:
      tenant: acme

service:
  extensions: []
  pipelines:
    traces:
      receivers: [otlp]
      processors: []
      exporters: [otlp]

Example of a collector configuration for the tenant ecorp:

yaml
extensions:

receivers:
  otlp:
    protocols:
      grpc:

processors:

exporters:
  otlp:
    endpoint: my-otelcol.observability.svc.cluster.local:4317
    headers:
      tenant: ecorp

service:
  extensions: []
  pipelines:
    traces:
      receivers: [otlp]
      processors: []
      exporters: [otlp]

Example of a central collector configuration:

yaml
extensions:
  basicauth/fallback:
    client_auth:
      username: "${FALLBACK_USER_ID}"
      password: "${FALLBACK_TOKEN}"
  basicauth/acme:
    client_auth:
      username: "${ACME_USER_ID}"
      password: "${ACME_TOKEN}"
  basicauth/ecorp:
    client_auth:
      username: "${ECORP_USER_ID}"
      password: "${ECORP_TOKEN}"

receivers:
  otlp:
    protocols:
      grpc:

processors:
  routing:
    from_attribute: tenant
    default_exporters: otlphttp/fallback
    table:
      - value: acme
        exporters: [otlphttp/acme]
      - value: ecorp
        exporters: [otlphttp/ecorp]

exporters:
  otlphttp/fallback:
    endpoint: https://otlp-gateway-prod-us-central-0.grafana.net/otlp
    auth:
      authenticator: basicauth/fallback

  otlphttp/acme:
    endpoint: https://otlp-gateway-prod-us-central-0.grafana.net/otlp
    auth:
      authenticator: basicauth/acme

  otlphttp/ecorp:
    endpoint: https://otlp-gateway-prod-us-central-0.grafana.net/otlp
    auth:
      authenticator: basicauth/ecorp

service:
  extensions: [basicauth/fallback, basicauth/acme, basicauth/ecorp]
  pipelines:
    traces:
      receivers: [otlp]
      processors: [routing]
      exporters: [otlp/fallback, otlp/acme, otlp/ecorp]