Monitoring & Observability
Citadel services are instrumented with OpenTelemetry and expose standard Prometheus metrics to ensure high observability in production environments.
Health Checks
Every service exposes a standard health check endpoint that should be used by Kubernetes Liveness and Readiness probes.
- Endpoint:
/health - Method:
GET - Response:
200 OK(JSON body details may vary)
Service Port Reference
| Service | Port | Health URL |
|---|---|---|
| IAM | 1111 | http://iam:1111/health |
| User Directory | 2222 | http://user-directory-service:2222/health |
| Permissions | 3333 | http://permissions-service:3333/health |
| Policy | 3334 | http://policy-service:3334/health |
| Admin BFF | 3001 | http://admin-bff:3001/health |
| Notification | 8888 | http://notification-service:8888/health |
Metrics
Services expose Prometheus-compatible metrics. In standard configuration:
- Endpoint:
/metrics - Port:
8080(Standardized across Go services viago-commons)
Scraping Configuration
Configure your Prometheus scraper to target port 8080 on the service pods.
Distributed Tracing
Citadel uses OpenTelemetry (OTEL) for distributed tracing.
Configuration
Set the following environment variables on all services to enable tracing:
OTEL_EXPORTER_OTLP_ENDPOINT=http://otel-collector:4317
OTEL_SERVICE_NAME=iam-service # Unique per service
Most services invoke tracing.InitTracer() from go-commons at startup, which automatically configures the exporter based on these variables.
Logging
Structured JSON logging is used by default in production (LOG_FORMAT=json). Logs are written to stdout and should be collected by a log aggregator (Fluentd, Promtail, etc.).