Deploy OTEL collector using cloud-init script

terraform/modules/google-cloud-sql/main.tf

@@ -81,10 +81,6 @@ resource "google_sql_database_instance" "master" {
     ip_configuration {
       ipv4_enabled    = length(var.database_read_replica_locations) > 0 ? false : true
       private_network = var.network
-
-      authorized_networks {
-        value = "189.174.12.18/32"
-      }
     }
 
     maintenance_window {

terraform/modules/relay-app/main.tf

@@ -145,6 +145,10 @@ resource "google_compute_subnetwork" "subnetwork" {
 }
 
 # Deploy app
+data "template_file" "clout-init" {
+  template = file("${path.module}/templates/cloud-init.yaml")
+}
+
 resource "google_compute_instance_template" "application" {
   for_each = var.instances
 
@@ -212,7 +216,7 @@ resource "google_compute_instance_template" "application" {
     enable_vtpm                 = true
   }
 
-  metadata = merge({
+  metadata = {
     gce-container-declaration = yamlencode({
       spec = {
         containers = [{
@@ -227,6 +231,8 @@ resource "google_compute_instance_template" "application" {
       }
     })
 
+    user-data = data.template_file.clout-init.rendered
+
     google-logging-enabled = "true"
     # Enable FluentBit agent for logging, which will be default one from COS 109
     # Re-enable once https://issuetracker.google.com/issues/285950891 is closed
@@ -234,7 +240,7 @@ resource "google_compute_instance_template" "application" {
 
     # Report health-related metrics to Cloud Monitoring
     google-monitoring-enabled = "true"
-  })
+  }
 
   depends_on = [
     google_project_service.compute,

terraform/modules/relay-app/templates/cloud-init.yaml

@@ -0,0 +1,62 @@
+#cloud-config
+
+users:
+  - name: cloudservice
+    uid: 2000
+
+write_files:
+  - path: /etc/otel/config.yaml
+    permissions: 0644
+    owner: root
+    content: |
+      receivers:
+        otlp:
+          protocols:
+            grpc:
+            http:
+      exporters:
+        googlecloud:
+          log:
+            default_log_name: opentelemetry.io/collector-exported-log
+      processors:
+        memory_limiter:
+          check_interval: 1s
+          limit_percentage: 65
+          spike_limit_percentage: 20
+        batch:
+        resourcedetection:
+          detectors: [gcp]
+          timeout: 10s
+      service:
+        pipelines:
+          traces:
+            receivers: [otlp]
+            processors: [memory_limiter, batch]
+            exporters: [googlecloud]
+          metrics:
+            receivers: [otlp]
+            processors: [memory_limiter, batch]
+            exporters: [googlecloud]
+          logs:
+            receivers: [otlp]
+            processors: [memory_limiter, batch]
+            exporters: []
+
+  - path: /etc/systemd/system/otel-collector.service
+    permissions: 0644
+    owner: root
+    content: |
+      [Unit]
+      Description=Start an OpenTelemetry collector docker container
+
+      [Service]
+      TimeoutStartSec=0
+      Restart=always
+      ExecStartPre=/usr/bin/docker pull otel/opentelemetry-collector-contrib:0.84.0
+      ExecStart=/usr/bin/docker run --rm -u 2000 --name=otel-collector --expose 4317 --expose 55681 otel/opentelemetry-collector-contrib:0.84.0
+      ExecStop=/usr/bin/docker stop otel-collector
+      ExecStopPost=/usr/bin/docker rm otel-collector
+
+runcmd:
+  - systemctl daemon-reload
+  - systemctl start otel-collector.service