add E2E test verifying OTEL tracing across Zenko services

delthas · delthas · commit c9ae52eeedd7 · 2026-05-29T16:38:34.000+02:00
- Deploy Jaeger all-in-one (memory-only, OTLP-enabled) in the kind CI cluster alongside existing dependencies - Patch the Zenko CR with `spec.otel` (enabled, sampling ratio 1.0) so every request is traced during CI — also acts as a smoke test that OTEL doesn't break existing @premerge tests - Add a new @premerge CTST scenario that puts an S3 object and then polls the Jaeger query API to assert a trace exists with spans from both cloudserver and vault Issue: ZENKO-5258
diff --git a/.github/scripts/end2end/configure-e2e-ctst.sh b/.github/scripts/end2end/configure-e2e-ctst.sh
@@ -111,3 +111,19 @@ kubectl run kafka-topics \
 # Deploy PyKMIP server (infra only, does NOT patch the CR).
 # The CR is patched later, after file-backend SSE tests have run.
 bash "$(dirname "$0")/../mocks/setup-kmip.sh"
+
+# Enable OTEL tracing on the Zenko CR (always-on in CI, acts as a smoke test)
+NAMESPACE="${NAMESPACE:-default}"
+kubectl patch zenko ${ZENKO_NAME} -n ${NAMESPACE} --type merge -p '{
+  "spec": {"otel": {
+    "enabled": true,
+    "samplingRatio": "1.0",
+    "tracesEndpoint": "http://jaeger.default.svc.cluster.local:4318/v1/traces"
+  }}
+}'
+# Wait for the operator to reconcile and roll pods with new OTEL env vars
+kubectl wait --for condition=DeploymentInProgress=true --timeout 10m zenko/${ZENKO_NAME} -n ${NAMESPACE}
+kubectl wait --for condition=DeploymentFailure=false --timeout 10m zenko/${ZENKO_NAME} -n ${NAMESPACE}
+kubectl wait --for condition=DeploymentInProgress=false --timeout 10m zenko/${ZENKO_NAME} -n ${NAMESPACE}
+kubectl rollout status deployment -l app.kubernetes.io/name=connector-cloudserver,app.kubernetes.io/instance=${ZENKO_NAME} -n ${NAMESPACE} --timeout=5m
+kubectl rollout status deployment -l app.kubernetes.io/name=connector-vault,app.kubernetes.io/instance=${ZENKO_NAME} -n ${NAMESPACE} --timeout=5m
diff --git a/.github/scripts/end2end/install-kind-dependencies.sh b/.github/scripts/end2end/install-kind-dependencies.sh
@@ -153,6 +153,67 @@ helm upgrade --install --version ${KEYCLOAK_VERSION} keycloak codecentric/keyclo
 
 kubectl rollout status sts/keycloak --timeout=10m
 
+# jaeger all-in-one (OTLP collector + query UI, memory-only)
+kubectl apply -f - <<'EOF'
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: jaeger
+  namespace: default
+  labels:
+    app: jaeger
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: jaeger
+  template:
+    metadata:
+      labels:
+        app: jaeger
+    spec:
+      containers:
+      - name: jaeger
+        image: jaegertracing/all-in-one:1.76.0
+        env:
+        - name: COLLECTOR_OTLP_ENABLED
+          value: "true"
+        - name: MEMORY_MAX_TRACES
+          value: "10000"
+        ports:
+        - containerPort: 16686
+          name: query
+        - containerPort: 4317
+          name: otlp-grpc
+        - containerPort: 4318
+          name: otlp-http
+        readinessProbe:
+          httpGet:
+            path: /
+            port: 16686
+          initialDelaySeconds: 5
+          periodSeconds: 5
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: jaeger
+  namespace: default
+spec:
+  selector:
+    app: jaeger
+  ports:
+  - name: query
+    port: 16686
+    targetPort: 16686
+  - name: otlp-grpc
+    port: 4317
+    targetPort: 4317
+  - name: otlp-http
+    port: 4318
+    targetPort: 4318
+EOF
+kubectl rollout status deployment/jaeger --timeout=5m
 
 # TODO: use zenko-operator install-deps
 kubectl apply -f - <<EOF
diff --git a/.github/scripts/end2end/setup-e2e-env.sh b/.github/scripts/end2end/setup-e2e-env.sh
@@ -235,6 +235,16 @@ else
     fi
     export PROMETHEUS_SERVICE="${PROMETHEUS_SVC}.${NAMESPACE}.svc.cluster.local"
 
+    # Jaeger query API — port-forward for OTEL tracing tests
+    JAEGER_QUERY_PORT=16686
+    if ! ss -tlnp 2>/dev/null | grep -q ":${JAEGER_QUERY_PORT}" && \
+       ! lsof -i ":${JAEGER_QUERY_PORT}" &>/dev/null; then
+        kubectl port-forward "svc/jaeger" "${JAEGER_QUERY_PORT}:${JAEGER_QUERY_PORT}" &>/dev/null &
+        _JAEGER_PF_PID=$!
+        timeout 10 bash -c "until ss -tlnp 2>/dev/null | grep -q ':${JAEGER_QUERY_PORT}'; do sleep 0.2; done"
+    fi
+    export JAEGER_QUERY_ENDPOINT="http://localhost:${JAEGER_QUERY_PORT}"
+
     # --- 14. Zenko CR metadata ---
     export TIME_PROGRESSION_FACTOR=$(kubectl get zenko ${ZENKO_NAME} -o jsonpath="{.metadata.annotations.zenko\.io/time-progression-factor}")
     export INSTANCE_ID=$(kubectl get zenko ${ZENKO_NAME} -o jsonpath='{.status.instanceID}')
@@ -338,7 +348,8 @@ else
       "DRAdminSecretKey":"${ADMIN_PRA_SECRET_ACCESS_KEY}",
       "UtilizationServiceHost":"${UTILIZATION_SERVICE_HOST}",
       "UtilizationServicePort":"${UTILIZATION_SERVICE_PORT}",
-      "KubeconfigPath":"${KUBECONFIG:-${HOME}/.kube/config}"
+      "KubeconfigPath":"${KUBECONFIG:-${HOME}/.kube/config}",
+      "JaegerQueryEndpoint":"${JAEGER_QUERY_ENDPOINT}"
     }
 EOF
     )"
diff --git a/tests/functional/ctst/features/otel-tracing.feature b/tests/functional/ctst/features/otel-tracing.feature
@@ -0,0 +1,10 @@
+@2.15.0
+@PreMerge
+Feature: OpenTelemetry Tracing
+  Traces should propagate across Zenko services
+
+  Scenario: S3 PutObject produces a trace spanning cloudserver and vault
+    Given a "Non versioned" bucket
+    And an object "otel-test-object" that "exists"
+    Then a trace should exist in Jaeger for service "cloudserver"
+    And the trace should contain spans from service "vault"
diff --git a/tests/functional/ctst/steps/otel-tracing.ts b/tests/functional/ctst/steps/otel-tracing.ts
@@ -0,0 +1,124 @@
+import { Then } from '@cucumber/cucumber';
+import { strict as assert } from 'assert';
+import { Utils } from 'cli-testing';
+import Zenko from 'world/Zenko';
+
+const JAEGER_POLL_TIMEOUT = 30000;
+const JAEGER_POLL_INTERVAL = 2000;
+
+interface JaegerProcess {
+    serviceName: string;
+    tags: { key: string; value: string }[];
+}
+
+interface JaegerSpan {
+    traceID: string;
+    spanID: string;
+    operationName: string;
+    processID: string;
+    tags: { key: string; type: string; value: unknown }[];
+}
+
+interface JaegerTrace {
+    traceID: string;
+    spans: JaegerSpan[];
+    processes: Record<string, JaegerProcess>;
+}
+
+interface JaegerSearchResponse {
+    data: JaegerTrace[];
+}
+
+async function pollJaegerForTraces(
+    endpoint: string,
+    service: string,
+    bucketName: string,
+    timeoutMs = JAEGER_POLL_TIMEOUT,
+    intervalMs = JAEGER_POLL_INTERVAL,
+): Promise<JaegerTrace[]> {
+    const deadline = Date.now() + timeoutMs;
+    let lastError: Error | null = null;
+
+    while (Date.now() < deadline) {
+        try {
+            const url = `${endpoint}/api/traces?service=${service}&lookback=1m&limit=100`;
+            const response = await fetch(url, {
+                signal: AbortSignal.timeout(5000),
+            });
+            if (!response.ok) {
+                throw new Error(`Jaeger query returned HTTP ${response.status}`);
+            }
+            const body = await response.json() as JaegerSearchResponse;
+            const matching = (body.data || []).filter(trace => traceMatchesBucket(trace, bucketName));
+            if (matching.length > 0) {
+                return matching;
+            }
+        } catch (err) {
+            lastError = err as Error;
+        }
+        await Utils.sleep(intervalMs);
+    }
+
+    throw new Error(
+        `pollJaegerForTraces timed out after ${timeoutMs}ms waiting for traces ` +
+        `from service "${service}" referencing bucket "${bucketName}"` +
+        `${lastError ? `: ${lastError.message}` : ''}`,
+    );
+}
+
+function traceMatchesBucket(trace: JaegerTrace, bucketName: string): boolean {
+    return trace.spans.some(span =>
+        span.tags.some(tag =>
+            typeof tag.value === 'string' && tag.value.includes(bucketName),
+        ),
+    );
+}
+
+function findPutObjectTrace(traces: JaegerTrace[]): JaegerTrace | undefined {
+    return traces.find(trace =>
+        trace.spans.some(span => span.operationName === 'api.object_put'),
+    );
+}
+
+function traceHasServiceSpans(trace: JaegerTrace, serviceName: string): boolean {
+    const processIds = Object.entries(trace.processes)
+        .filter(([, proc]) => proc.serviceName === serviceName)
+        .map(([id]) => id);
+
+    return trace.spans.some(span => processIds.includes(span.processID));
+}
+
+Then('a trace should exist in Jaeger for service {string}',
+    { timeout: JAEGER_POLL_TIMEOUT + 10000 },
+    async function (this: Zenko, service: string) {
+        const endpoint = this.parameters.JaegerQueryEndpoint;
+        assert.ok(endpoint, 'JaegerQueryEndpoint is not configured in world parameters');
+
+        const bucketName = this.getSaved<string>('bucketName');
+        assert.ok(bucketName, 'No bucketName saved from a previous step');
+
+        const traces = await pollJaegerForTraces(endpoint, service, bucketName);
+        const trace = findPutObjectTrace(traces);
+        assert.ok(trace,
+            `No trace with api.object_put operation found among ${traces.length} traces from ` +
+            `service "${service}" referencing bucket "${bucketName}"`,
+        );
+
+        this.addToSaved('jaegerTrace', trace);
+    },
+);
+
+Then('the trace should contain spans from service {string}',
+    async function (this: Zenko, service: string) {
+        const trace = this.getSaved<JaegerTrace>('jaegerTrace');
+        assert.ok(trace, 'No trace saved from the previous step');
+
+        assert.ok(
+            traceHasServiceSpans(trace, service),
+            `Trace ${trace.traceID} does not contain spans from service "${service}". ` +
+            `Services in trace: ${[...new Set(
+                Object.values(trace.processes).map(p => p.serviceName),
+            )].join(', ')}`,
+        );
+    },
+);
diff --git a/tests/functional/ctst/world/Zenko.ts b/tests/functional/ctst/world/Zenko.ts
@@ -103,6 +103,7 @@ export interface ZenkoWorldParameters extends ClientOptions {
     SorbetdRestoreTimeout: string;
     UtilizationServiceHost: string;
     UtilizationServicePort: string;
+    JaegerQueryEndpoint: string;
     [key: string]: unknown;
 }
 

Original file line number	Diff line number	Diff line change
`@@ -103,6 +103,7 @@ export interface ZenkoWorldParameters extends ClientOptions {`
`103`	`103`	`SorbetdRestoreTimeout: string;`
`104`	`104`	`UtilizationServiceHost: string;`
`105`	`105`	`UtilizationServicePort: string;`
	`106`	`+ JaegerQueryEndpoint: string;`
`106`	`107`	`[key: string]: unknown;`
`107`	`108`	`}`
`108`	`109`