Send agent telemetry

[nityanandagohain]

These are changes on top of #540

Main changes

• For deployemnt don't send logs as it will be already sent by the agent
• Send logs which has error in the body
• Set default value of endpoint and also added https

Also logs should be read from end right? so I changed beginning to end otherwise duplicate data will be inserted.

Summary by CodeRabbit

Release Notes

• New Features

  • Added self-telemetry configuration options for OpenTelemetry Collector.
  • Introduced new configuration parameters for tracing, metrics, and log collection.
  • Added a new Kubernetes Secret template for managing the self-telemetry API key.

• Configuration Changes

  • Updated log collection settings to start from the most recent logs.
  • Modified telemetry endpoint and security settings.
  • Enhanced management options for the self-telemetry API key.

• Testing

  • Added comprehensive test suites for OpenTelemetry agent and deployment configurations.

• Maintenance

  • Updated .gitignore to exclude rendered/ directory.
  • Updated Helm chart version from 0.12.0 to 0.12.1.

[coderabbitai]

Warning

Rate limit exceeded

@nityanandagohain has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 9 minutes and 24 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 49ec9d0 and 37e19fa.

📒 Files selected for processing (1)

• charts/k8s-infra/tests/otel-agent_self_telemetry_enable_otlp_test.yaml (1 hunks)

Walkthrough

This pull request introduces enhancements to the OpenTelemetry telemetry configuration in the Kubernetes infrastructure chart. The changes include adding a new .gitignore entry for the rendered/ directory, expanding the OpenTelemetry Collector configuration templates to support self-telemetry features, updating the values.yaml with new telemetry parameters, and introducing multiple new test suites to validate log collection and self-telemetry configurations for both agent and deployment components.

Changes

File	Change Summary
.gitignore	Added rendered/ directory to ignored entries
charts/k8s-infra/templates/_config.tpl	Added multiple new methods for configuring self-telemetry traces, metrics, logs, and OTLP exporter
charts/k8s-infra/values.yaml	Added selfTelemetry configuration section, updated log collection parameters
charts/k8s-infra/tests/otel-agent_log_collection_test.yaml	New test suite for validating log collection configuration
charts/k8s-infra/tests/otel-agent_self_telemetry_test.yaml	New test suite for agent self-telemetry configuration
charts/k8s-infra/tests/otel-deployment_self_telemetry_test.yaml	New test suite for deployment self-telemetry configuration
charts/k8s-infra/templates/apikey-self-telemetry-secret.yaml	New template for creating a Kubernetes Secret for self-telemetry API key
charts/k8s-infra/Chart.yaml	Updated Helm chart version from 0.12.0 to 0.12.1
charts/k8s-infra/templates/_helpers.tpl	Added methods for managing self-telemetry API key's secret name and key

Sequence Diagram

sequenceDiagram
    participant Values as values.yaml
    participant Config as _config.tpl
    participant Agent as OTel Agent
    participant Deployment as OTel Deployment

    Values->>Config: Configure self-telemetry settings
    Config->>Agent: Apply telemetry configuration
    Config->>Deployment: Apply telemetry configuration
    Agent-->>Values: Validate log collection
    Deployment-->>Values: Validate metrics and traces

Loading

Possibly related PRs

• feat(k8s-infra): introduce prometheus scraper using pod annotations #455: The changes in the main PR to the .gitignore file do not directly relate to the modifications made in the charts/k8s-infra/templates/_config.tpl file in PR feat(k8s-infra): introduce prometheus scraper using pod annotations #455, which focuses on adding Prometheus scraping functionality. However, both PRs involve configuration management within the same project, indicating a broader context of updates in the repository.

Suggested reviewers

• grandwizard28

Poem

🐰 Hop, hop, through config's maze,
Telemetry dancing in digital ways,
Traces and logs, a rabbit's delight,
Self-observing with all its might!
Configuration magic, clean and bright! 🔍

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f78bc6d and 7e1888e.

📒 Files selected for processing (3)

• .gitignore (1 hunks)
• charts/k8s-infra/templates/_config.tpl (7 hunks)
• charts/k8s-infra/values.yaml (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• .gitignore

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: test-chart

🔇 Additional comments (10)

charts/k8s-infra/templates/_config.tpl (8)

22-30: Appropriate inclusion of ownTelemetry configurations

The conditional blocks correctly check for .Values.presets.ownTelemetry settings and include the appropriate configurations for traces, metrics, and logs. This enhances the flexibility and customization of the telemetry setup.

---

52-54: Ensure correct integration of ownTelemetry logs exporter

Including the ownTelemetry OTLP exporter configuration for logs is essential. Verify that this exporter is properly configured and does not conflict with other exporters in the pipeline.

---

77-82: Consistent application of ownTelemetry configurations in OtelDeployment

The added conditional blocks ensure that ownTelemetry configurations for traces and metrics are applied to otelDeployment, maintaining consistency with otelAgent.

---

107-124: Well-structured helper functions for ownTelemetry configurations

The introduction of helper functions applyOwnTracesConfig, applyOwnMetricsConfig, and applyOwnLogsConfig enhances code modularity and reusability. This structure promotes maintainability and simplifies future updates.

---

170-174: Introduction of applyOtlpExporterOwnTelemetryConfig method

This method allows for custom exporter configurations for ownTelemetry, providing flexibility in specifying endpoints and TLS settings.

---

178-187: Proper configuration of otlphttp/own_telemetry exporter

The exporter is correctly configured to use the endpoint and TLS settings from ownTelemetry presets, ensuring secure and customizable data transmission.

---

495-498: Adding resourcedetection processor to logs/own_logs pipeline

Including the resourcedetection processor enhances the metadata attached to logs in the logs/own_logs pipeline, which can be beneficial for observability and analysis.

---

516-519: Ensuring resourcedetection processor is applied in OtelDeployment

Applying the resourcedetection processor to the logs/own_logs pipeline in otelDeployment maintains consistency with otelAgent configurations and ensures that resource attributes are properly detected.

charts/k8s-infra/values.yaml (2)

93-105: Addition of ownTelemetry configuration enhances flexibility

The introduction of the ownTelemetry section under presets allows for customizable telemetry configurations for traces, metrics, and logs, improving the observability capabilities of the system.

---

108-108: Verify the change of startAt parameter for logs collection

The startAt parameter has been changed from beginning to end. This means that log collection will start from new logs rather than existing logs in the files. Ensure that this change aligns with the intended behavior and does not result in missing important historical logs.

[nityanandagohain]

will do few more checks before opening for review

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (1)

charts/k8s-infra/values.yaml (1)

93-105: ⚠️ Potential issue

Security: Review default values for insecure settings

The default configuration has insecure: true and insecureSkipVerify: true which could expose the system to security risks. Consider:

1. Setting these to false by default to enforce secure communication
2. Adding validation for the endpoint format when specified
3. Adding documentation about security implications

Apply this diff to update the default values:

  ownTelemetry:
    # OTLP HTTP endpoint to send own telemetry data to.
    endpoint: ""
    # Whether to use insecure mode.
-   insecure: true
+   insecure: false
    # Whether to skip verifying the certificate.
-   insecureSkipVerify: true
+   insecureSkipVerify: false

🧹 Nitpick comments (1)

charts/k8s-infra/templates/_config.tpl (1)

289-292: Consider renaming the filter for clarity

While the filter logic is correct (dropping non-error logs), the name filter/non_error_logs could be clearer. Consider renaming to better reflect its purpose of keeping only error logs.

-  filter/non_error_logs:
+  filter/keep_error_logs:
     logs:
       log_record:
         - 'not IsMatch(body, ".*error.*")'

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7e1888e and 073cbc1.

📒 Files selected for processing (2)

• charts/k8s-infra/templates/_config.tpl (7 hunks)
• charts/k8s-infra/values.yaml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: test-chart

🔇 Additional comments (4)

charts/k8s-infra/values.yaml (1)

108-108: LGTM: Log collection configuration is correct

Setting startAt: end ensures that deployment logs are not collected, as these will already be sent by the agent. This aligns with the PR objectives.

charts/k8s-infra/templates/_config.tpl (3)

22-33: LGTM: Well-structured telemetry configuration

The implementation follows good practices:

• Clear separation of telemetry types
• Conditional application of configurations
• Proper feature toggling

---

204-222: LGTM: Robust telemetry endpoint configuration

The implementation properly handles:

• Custom endpoint configuration with HTTPS support
• Fallback to environment variables
• API key authentication

---

649-652: LGTM: Proper resource detection for own logs

The changes correctly add resource detection processor to the own logs pipeline, ensuring consistent resource attribution across all telemetry data.

Also applies to: 673-676

[prashant-shahi]

I don't think the usage of SIGNOZ_API_KEY is correct for the self-telemetry everywhere.

You should use the apiKey that is being passed. This is the API Key for the infra data.

Continuation of the above...

Ideally, you can set additional environment variables with OTEL endpoint and credentials when selfTelemetry.enabled is true. And use those environment variables.

Refer here: https://github.com/SigNoz/charts/blob/main/charts/k8s-infra/templates/_helpers.tpl#L404-L410

[srikanthccv]

OpenTelemetry uses "own" in a number of places to refer to the agent's own operational metrics; this is the reason I used "own" in the other PR, which Nitya continued. @nityanandagohain Please change back because we want to be consistent with upstream as much as possible.

"Collector instance by checking its own internal telemetry"
"By default, the Collector exposes its own telemetry in two ways:"

https://opentelemetry.io/docs/collector/internal-telemetry/

https://github.com/open-telemetry/opamp-spec/blob/ebdbc6d6e2735422cfb560fbb58216639009d29d/proto/opamp.proto#L454-L477

[grandwizard28]

I'm sorry, where are they using it apart from the opamp protocol spec?

[srikanthccv]

Two links I shared refer to internal telemetry as "own telemetry", and that's how it is commonly referred to in my collaboration experience with upstream. When there is a precedent set upstream, it's good to use the same independent of what we prefer individually.

[grandwizard28]

They're referring to collector's telemetry as internal telemetry. own is just a pronoun they're using in the document to refer to "internal" telemetry.

"self" being much more widely used in every programming language/construct. The upstream collector also has a milestone called "Self Telemetry". https://github.com/open-telemetry/opentelemetry-collector/milestone/82.

The choice can be between "internal" and "self".

[srikanthccv]

I will not drag this further because it is unproductive back and forth about the choice of name. My suggestion for using own_metrics/logs/traces stems from maintaining consistency with the existing agent management specification and implementation. Use whatever.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

charts/k8s-infra/tests/otel-deployment_self_telemetry_test.yaml (1)

75-75: ⚠️ Potential issue

Update endpoint to use HTTPS protocol.

The test configuration uses plain HTTP which doesn't align with the PR objectives for HTTPS endpoint configuration.

Apply this diff to update the endpoint configuration:

-          endpoint: http://${env:OTEL_EXPORTER_OTLP_ENDPOINT}
+          endpoint: http{{ if not .Values.otelInsecure }}s{{ end }}://${env:OTEL_EXPORTER_OTLP_ENDPOINT}

Also applies to: 92-92

🧹 Nitpick comments (1)

charts/k8s-infra/values.yaml (1)

94-95: Add HTTPS scheme to the endpoint comment.

The comment should specify that HTTPS is the default scheme for the endpoint.

Apply this diff to update the comment:

-   # OTLP HTTP endpoint to send own telemetry data to.
+   # OTLP HTTPS endpoint to send self telemetry data to (e.g., https://example.com:4318).

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3493107 and ba22df7.

📒 Files selected for processing (6)

• charts/k8s-infra/templates/_config.tpl (7 hunks)
• charts/k8s-infra/templates/_helpers.tpl (2 hunks)
• charts/k8s-infra/templates/apikey-self-telemetry-secret.yaml (1 hunks)
• charts/k8s-infra/tests/otel-agent_self_telemetry_test.yaml (1 hunks)
• charts/k8s-infra/tests/otel-deployment_self_telemetry_test.yaml (1 hunks)
• charts/k8s-infra/values.yaml (1 hunks)

🧰 Additional context used

🪛 yamllint (1.35.1)

charts/k8s-infra/templates/apikey-self-telemetry-secret.yaml

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

charts/k8s-infra/tests/otel-agent_self_telemetry_test.yaml

[error] 135-135: no new line character at the end of file

(new-line-at-end-of-file)

charts/k8s-infra/tests/otel-deployment_self_telemetry_test.yaml

[error] 99-99: no new line character at the end of file

(new-line-at-end-of-file)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: test-chart

🔇 Additional comments (12)

charts/k8s-infra/templates/_helpers.tpl (2)

411-417: LGTM! Environment variable configuration follows best practices.

The implementation correctly handles the self telemetry API key using Kubernetes secrets and follows the established pattern.

---

454-474: LGTM! Helper functions are well-implemented.

The helper functions for self telemetry API key secret management follow the established pattern and include proper validation.

charts/k8s-infra/templates/apikey-self-telemetry-secret.yaml (1)

1-14: LGTM! Secret template follows Kubernetes best practices.

The implementation correctly:

• Uses Helm hooks for proper lifecycle management
• Conditionally creates secret only when needed
• Properly encodes the API key

🧰 Tools

🪛 yamllint (1.35.1)

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

charts/k8s-infra/tests/otel-deployment_self_telemetry_test.yaml (1)

39-64: LGTM! Test correctly verifies no log pipeline for deployment.

The test configuration properly validates that deployment telemetry excludes log collection, aligning with the PR objectives.

charts/k8s-infra/tests/otel-agent_self_telemetry_test.yaml (1)

66-79: LGTM! Log configuration aligns with requirements.

The implementation correctly:

• Filters for error logs using the filter processor
• Sets log reading from the end with start_at: end

charts/k8s-infra/templates/_config.tpl (5)

22-33: LGTM: Well-structured conditional configuration application

The configuration application logic is well-organized, applying self telemetry configurations only when the respective features are enabled.

Also applies to: 80-88

---

649-651: LGTM: Resource detection properly applied to self logs pipeline

The resource detection processor is correctly applied to the self logs pipeline, ensuring proper resource attribution.

Also applies to: 672-674

---

122-144: 🛠️ Refactor suggestion

Maintain consistent terminology: Use "self" instead of "own"

Based on the discussion in the PR comments about terminology consistency, we should use "self" consistently throughout the codebase.

Apply this diff to update the function names:

-{{- define "opentelemetry-collector.applyOwnTracesConfig" -}}
+{{- define "opentelemetry-collector.applySelfTracesConfig" -}}

Likely invalid or redundant comment.

---

289-299: Verify the filter logic for error logs

The filter processor filter/non_error_logs with condition not IsMatch(body, ".*error.*") is correctly configured to drop non-error logs, keeping only the error logs as intended.

Run this script to verify the filter logic:

✅ Verification successful

Filter logic for error logs is correctly implemented ✅

The filter processor is properly configured to retain only error logs by dropping non-error logs, and this implementation is consistently validated in the test suite.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the filter logic for error logs
# Test: Search for similar filter patterns in the codebase
rg -A 2 'IsMatch\(body.*error'

Length of output: 501

---

197-222: ⚠️ Potential issue

Use the provided API key for infrastructure data

The self telemetry configuration is incorrectly using SIGNOZ_SELF_TELEMETRY_API_KEY. As per the PR comments, we should use the provided API key for infrastructure data.

Apply this diff to fix the API key usage:

    headers:
-     "signoz-access-token": "${env:SIGNOZ_SELF_TELEMETRY_API_KEY}"
+     "signoz-access-token": "${env:SIGNOZ_API_KEY}"

Likely invalid or redundant comment.

charts/k8s-infra/values.yaml (2)

114-114: LGTM! Setting logs collection from end prevents duplicate data.

The change to start collecting logs from the end aligns with the PR objectives and helps prevent duplicate data ingestion when the collector restarts.

---

93-111: ⚠️ Potential issue

Security: Update default values for secure communication.

The default values for insecure and insecureSkipVerify should be set to false to enforce secure communication by default.

Apply this diff to update the default values:

  selfTelemetry:
    # OTLP HTTP endpoint to send own telemetry data to.
    endpoint: ""
    # Whether to use insecure mode.
-   insecure: true
+   insecure: false
    # Whether to skip verifying the certificate.
-   insecureSkipVerify: true
+   insecureSkipVerify: false

Likely invalid or redundant comment.

[prashant-shahi]

LGTM

Remember to bump up chart version before merging this PR.

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (2)

charts/k8s-infra/tests/otel-agent_self_telemetry_test.yaml (1)

66-69: Enhance error log filtering pattern.

The current regex pattern might miss variations of "error". Consider using a case-insensitive pattern:

               logs:
                 log_record:
-                - not IsMatch(body, ".*error.*")
+                - not IsMatch(body, "(?i).*error.*")

charts/k8s-infra/templates/apikey-self-telemetry-secret.yaml (1)

1-14: Consider additional secrets for comprehensive telemetry configuration.

Based on the PR objectives, consider creating additional secrets or configmap entries for:

1. Log filtering rules to prevent deployment logs
2. Error log patterns for selective logging
3. HTTPS endpoint configuration

This would provide a more modular and maintainable configuration structure for the telemetry features.

🧰 Tools

🪛 yamllint (1.35.1)

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fc7bfbb and 49ec9d0.

📒 Files selected for processing (3)

• charts/k8s-infra/templates/apikey-self-telemetry-secret.yaml (1 hunks)
• charts/k8s-infra/tests/otel-agent_self_telemetry_enable_otlp_test.yaml (1 hunks)
• charts/k8s-infra/tests/otel-agent_self_telemetry_test.yaml (1 hunks)

🧰 Additional context used

📓 Learnings (1)

charts/k8s-infra/tests/otel-agent_self_telemetry_test.yaml (1)

Learnt from: nityanandagohain
PR: SigNoz/charts#595
File: charts/k8s-infra/tests/otel-agent_self_telemetry_test.yaml:11-11
Timestamp: 2025-01-15T12:31:10.850Z
Learning: Helm unit test files (.../tests/*.yaml) should use hardcoded values instead of environment variables to ensure deterministic test results and consistent template validation.

🪛 yamllint (1.35.1)

charts/k8s-infra/tests/otel-agent_self_telemetry_enable_otlp_test.yaml

[error] 165-165: no new line character at the end of file

(new-line-at-end-of-file)

charts/k8s-infra/templates/apikey-self-telemetry-secret.yaml

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

charts/k8s-infra/tests/otel-agent_self_telemetry_test.yaml

[error] 135-135: no new line character at the end of file

(new-line-at-end-of-file)

🔇 Additional comments (6)

charts/k8s-infra/tests/otel-agent_self_telemetry_test.yaml (2)

71-79: Well implemented log collection configuration!

The configuration correctly:

• Sets start_at: end to prevent duplicate data
• Includes container parsing
• Captures the full log path

---

11-11: ⚠️ Potential issue

Update endpoint format to use HTTPS protocol.

The endpoint format should include the HTTPS protocol since port 443 is being used:

-      endpoint: myhost:443
+      endpoint: https://myhost

Likely invalid or redundant comment.

charts/k8s-infra/tests/otel-agent_self_telemetry_enable_otlp_test.yaml (1)

50-56: Well-structured OTLP exporter configuration!

The configuration correctly:

• Uses environment variables for endpoint and security settings
• Includes proper TLS configuration
• Handles sensitive headers appropriately

charts/k8s-infra/templates/apikey-self-telemetry-secret.yaml (3)

1-1: LGTM! Well-structured conditional creation.

The condition correctly handles both scenarios: using an existing secret or creating a new one.

🧰 Tools

🪛 yamllint (1.35.1)

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

---

2-11: LGTM! Well-configured Secret metadata.

The configuration follows best practices:

• Proper Helm hooks ensure the secret exists before dependent resources
• Clear naming with the -self-telemetry-apikey-secret suffix
• Appropriate delete policy to handle upgrades

---

12-13: Verify API key validation in the parent chart.

The Secret data is correctly configured with proper encoding. However, since this is sensitive data:

Please ensure there's validation for the API key format in the parent chart's values schema. Run this script to check: