From f86bda6f033f73ca827a2e6e79a37d2384075663 Mon Sep 17 00:00:00 2001 From: Steve Gontzes Date: Fri, 13 Mar 2026 15:52:14 -0400 Subject: [PATCH 1/5] Embed OTel Collector Lambda extension in connector images Add the opentelemetry-lambda collector extension to Lambda connector images via a multi-stage Docker build. The extension runs as a sidecar process in the Lambda execution environment, receiving OTLP telemetry on localhost and forwarding it to the central collector. This ensures telemetry is flushed reliably during Lambda shutdown or crashes. Changes: - Dockerfile template: multi-stage build downloads otel-lambda collector extension v0.16.0 (arm64) and embeds it at /opt/extensions/collector - collector.yaml: OTLP receiver on localhost, exports to central collector - GoReleaser template: add collector.yaml as extra_files for Docker context - Release workflow: copy collector.yaml into caller build context --- .github/workflows/release.yaml | 2 ++ collector.yaml | 29 +++++++++++++++++++ templates/.Dockerfile-lambda-template.tmpl | 15 +++++++++- ...oreleaser-docker-lambda-template.yaml.tmpl | 2 ++ 4 files changed, 47 insertions(+), 1 deletion(-) create mode 100644 collector.yaml diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index f49ba62..9b59761 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -772,6 +772,8 @@ jobs: mkdir -p "${GENERATED_DIR}" envsubst '$REPO_NAME' < templates/.Dockerfile-lambda-template.tmpl | tee "${GENERATED_DIR}/Dockerfile.lambda" envsubst < templates/.goreleaser-docker-lambda-template.yaml.tmpl | tee "${GENERATED_DIR}/.goreleaser.lambda.yaml" + # Copy OTel collector config into caller build context for Docker COPY + cp collector.yaml ../_caller/collector.yaml - name: Docker Login if: inputs.docker == true diff --git a/collector.yaml b/collector.yaml new file mode 100644 index 0000000..a7c174d --- /dev/null +++ b/collector.yaml @@ -0,0 +1,29 @@ +# OpenTelemetry Collector configuration for Lambda connector extensions. +# The collector runs as a Lambda extension process, receiving telemetry from +# the connector via OTLP on localhost and forwarding it to the central +# collector before Lambda freezes or shuts down the execution environment. +receivers: + otlp: + protocols: + grpc: + endpoint: localhost:4317 + http: + endpoint: localhost:4318 + +exporters: + otlp: + endpoint: otel-collector.c1.internal:4317 + tls: + insecure_skip_verify: true + +service: + pipelines: + traces: + receivers: [otlp] + exporters: [otlp] + metrics: + receivers: [otlp] + exporters: [otlp] + logs: + receivers: [otlp] + exporters: [otlp] diff --git a/templates/.Dockerfile-lambda-template.tmpl b/templates/.Dockerfile-lambda-template.tmpl index 241fe5d..b70d91b 100644 --- a/templates/.Dockerfile-lambda-template.tmpl +++ b/templates/.Dockerfile-lambda-template.tmpl @@ -1,3 +1,16 @@ +# Stage 1: Download and unpack the OpenTelemetry Collector Lambda extension +# https://github.com/open-telemetry/opentelemetry-lambda/tree/main/collector +FROM amazonlinux:2023 AS otel-layer +RUN yum install -y unzip && yum clean all +ADD https://github.com/open-telemetry/opentelemetry-lambda/releases/download/layer-collector%2F0.16.0/opentelemetry-collector-layer-arm64.zip /tmp/otel-layer.zip +RUN unzip /tmp/otel-layer.zip -d /otel && \ + chmod +x /otel/extensions/collector && \ + rm -f /tmp/otel-layer.zip + +# Stage 2: Final Lambda image with connector binary + OTel collector extension FROM public.ecr.aws/lambda/provided:al2023 +COPY ${REPO_NAME} /${REPO_NAME} +COPY --from=otel-layer /otel/extensions/collector /opt/extensions/collector +COPY collector.yaml /var/task/collector.yaml +ENV OPENTELEMETRY_COLLECTOR_CONFIG_URI=/var/task/collector.yaml ENTRYPOINT ["/${REPO_NAME}", "lambda"] -COPY ${REPO_NAME} /${REPO_NAME} \ No newline at end of file diff --git a/templates/.goreleaser-docker-lambda-template.yaml.tmpl b/templates/.goreleaser-docker-lambda-template.yaml.tmpl index 9376a81..091d17c 100644 --- a/templates/.goreleaser-docker-lambda-template.yaml.tmpl +++ b/templates/.goreleaser-docker-lambda-template.yaml.tmpl @@ -25,6 +25,8 @@ dockers: dockerfile: ${DOCKERFILE_LAMBDA_PATH} image_templates: - "168442440833.dkr.ecr.us-west-2.amazonaws.com/${REPO_NAME}:{{ .Version }}-arm64" + extra_files: + - collector.yaml build_flag_templates: - "--platform=linux/arm64" - "--label=org.opencontainers.image.created={{.Date}}" From 700d43eabeea1ed42a93a6b514525fdcb6e5d226 Mon Sep 17 00:00:00 2001 From: Steve Gontzes Date: Fri, 13 Mar 2026 15:57:43 -0400 Subject: [PATCH 2/5] Update otel-lambda collector extension to v0.20.0 --- templates/.Dockerfile-lambda-template.tmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/.Dockerfile-lambda-template.tmpl b/templates/.Dockerfile-lambda-template.tmpl index b70d91b..1f5faa9 100644 --- a/templates/.Dockerfile-lambda-template.tmpl +++ b/templates/.Dockerfile-lambda-template.tmpl @@ -2,7 +2,7 @@ # https://github.com/open-telemetry/opentelemetry-lambda/tree/main/collector FROM amazonlinux:2023 AS otel-layer RUN yum install -y unzip && yum clean all -ADD https://github.com/open-telemetry/opentelemetry-lambda/releases/download/layer-collector%2F0.16.0/opentelemetry-collector-layer-arm64.zip /tmp/otel-layer.zip +ADD https://github.com/open-telemetry/opentelemetry-lambda/releases/download/layer-collector%2F0.20.0/opentelemetry-collector-layer-arm64.zip /tmp/otel-layer.zip RUN unzip /tmp/otel-layer.zip -d /otel && \ chmod +x /otel/extensions/collector && \ rm -f /tmp/otel-layer.zip From c8032148dac81b7ab83874dc1664b932ccd59261 Mon Sep 17 00:00:00 2001 From: Steve Gontzes Date: Fri, 13 Mar 2026 16:24:36 -0400 Subject: [PATCH 3/5] Fix dirty git state: put collector.yaml in _generated dir GoReleaser detected collector.yaml as an untracked file in the caller repo. Move it to the _generated dir alongside the Dockerfile and reference via extra_files path outside the caller repo. --- .github/workflows/release.yaml | 3 +-- templates/.goreleaser-docker-lambda-template.yaml.tmpl | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 9b59761..a9efa72 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -772,8 +772,7 @@ jobs: mkdir -p "${GENERATED_DIR}" envsubst '$REPO_NAME' < templates/.Dockerfile-lambda-template.tmpl | tee "${GENERATED_DIR}/Dockerfile.lambda" envsubst < templates/.goreleaser-docker-lambda-template.yaml.tmpl | tee "${GENERATED_DIR}/.goreleaser.lambda.yaml" - # Copy OTel collector config into caller build context for Docker COPY - cp collector.yaml ../_caller/collector.yaml + cp collector.yaml "${GENERATED_DIR}/collector.yaml" - name: Docker Login if: inputs.docker == true diff --git a/templates/.goreleaser-docker-lambda-template.yaml.tmpl b/templates/.goreleaser-docker-lambda-template.yaml.tmpl index 091d17c..e7450bd 100644 --- a/templates/.goreleaser-docker-lambda-template.yaml.tmpl +++ b/templates/.goreleaser-docker-lambda-template.yaml.tmpl @@ -26,7 +26,7 @@ dockers: image_templates: - "168442440833.dkr.ecr.us-west-2.amazonaws.com/${REPO_NAME}:{{ .Version }}-arm64" extra_files: - - collector.yaml + - ../_workflows/${GENERATED_DIR}/collector.yaml build_flag_templates: - "--platform=linux/arm64" - "--label=org.opencontainers.image.created={{.Date}}" From df27c2be66084d7aff3a4298fc00ea601416e9ca Mon Sep 17 00:00:00 2001 From: Steve Gontzes Date: Fri, 13 Mar 2026 16:34:47 -0400 Subject: [PATCH 4/5] Fix collector.yaml: copy to caller repo with git exclude GoReleaser extra_files must be relative to workdir (the caller repo). Copy collector.yaml into the caller repo and add it to .git/info/exclude so GoReleaser can find it without dirtying the git state. --- .github/workflows/release.yaml | 5 ++++- templates/.goreleaser-docker-lambda-template.yaml.tmpl | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index a9efa72..b544851 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -772,7 +772,10 @@ jobs: mkdir -p "${GENERATED_DIR}" envsubst '$REPO_NAME' < templates/.Dockerfile-lambda-template.tmpl | tee "${GENERATED_DIR}/Dockerfile.lambda" envsubst < templates/.goreleaser-docker-lambda-template.yaml.tmpl | tee "${GENERATED_DIR}/.goreleaser.lambda.yaml" - cp collector.yaml "${GENERATED_DIR}/collector.yaml" + # Copy collector config into caller repo for GoReleaser extra_files. + # Exclude from git to avoid dirty working tree detection. + cp collector.yaml ../_caller/collector.yaml + echo "collector.yaml" >> ../_caller/.git/info/exclude - name: Docker Login if: inputs.docker == true diff --git a/templates/.goreleaser-docker-lambda-template.yaml.tmpl b/templates/.goreleaser-docker-lambda-template.yaml.tmpl index e7450bd..091d17c 100644 --- a/templates/.goreleaser-docker-lambda-template.yaml.tmpl +++ b/templates/.goreleaser-docker-lambda-template.yaml.tmpl @@ -26,7 +26,7 @@ dockers: image_templates: - "168442440833.dkr.ecr.us-west-2.amazonaws.com/${REPO_NAME}:{{ .Version }}-arm64" extra_files: - - ../_workflows/${GENERATED_DIR}/collector.yaml + - collector.yaml build_flag_templates: - "--platform=linux/arm64" - "--label=org.opencontainers.image.created={{.Date}}" From 06ca2a4bec6ab402c7d1085445e1efa870ae1319 Mon Sep 17 00:00:00 2001 From: Steve Gontzes Date: Fri, 13 Mar 2026 17:03:16 -0400 Subject: [PATCH 5/5] Use otel-collector:4317 as export endpoint --- collector.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/collector.yaml b/collector.yaml index a7c174d..256b6e1 100644 --- a/collector.yaml +++ b/collector.yaml @@ -12,7 +12,7 @@ receivers: exporters: otlp: - endpoint: otel-collector.c1.internal:4317 + endpoint: otel-collector:4317 tls: insecure_skip_verify: true