Skip to content

Privacy And Telemetry

productive-k3s-infra produces anonymous test artifacts for CI and local regression work, and it can also emit best-effort usage telemetry for interactive or explicitly enabled scenario runs.

Goals

  • keep CI and local regression evidence structured and shareable
  • make future telemetry behavior auditable in a public repository
  • avoid embedding environment-specific identifiers into telemetry-facing artifacts

Anonymous test artifacts

Matrix executions and direct scenario test targets write JSON artifacts under test-artifacts/.

The shared scenario manifests live under test-artifacts/infra-runs/, and matrix layers also emit root *-summary.json files under test-artifacts/.

They are meant to capture:

  • scenario name
  • test level
  • result
  • skip reason when a live path is intentionally not executed
  • duration
  • environment kind
  • expected topology
  • bootstrap modes exercised

They are not meant to capture:

  • IP addresses
  • hostnames
  • usernames
  • local filesystem paths
  • cloud account identifiers
  • SSH targets

Delivery and resolution rules

  • if TELEMETRY_ENABLED is explicitly set to true or false, that value is used as-is
  • if productive-k3s-cli delegates into Infra with --telemetry enable|disable, the CLI decision wins for that command chain
  • if TELEMETRY_ENABLED is unset and the run is interactive, the repository prompts once and defaults to Yes
  • if TELEMETRY_ENABLED is unset and the run is non-interactive, it resolves to false
  • root matrix values are propagated into each scenario
  • each scenario propagates the same telemetry values into nested productive-k3s-core bootstrap commands

When telemetry is enabled, Infra emits its own correlated command events such as:

  • infra.command.started
  • infra.command.completed

Supported propagated variables

  • TELEMETRY_ENABLED
  • TELEMETRY_ENDPOINT
  • TELEMETRY_MARKER
  • TELEMETRY_BEARER_TOKEN
  • TELEMETRY_MAX_RETRIES
  • TELEMETRY_CONNECT_TIMEOUT_SECONDS
  • TELEMETRY_REQUEST_TIMEOUT_SECONDS
  • TELEMETRY_OUTBOX_DIR
  • TELEMETRY_USER_AGENT
  • TELEMETRY_SESSION_ID
  • TELEMETRY_RUN_ID
  • TELEMETRY_PARENT_RUN_ID
  • TELEMETRY_COMPONENT

Correlation model

Infra is autonomous when invoked directly, but it also participates in a larger command chain when the CLI is the entrypoint.

  • session_id: shared across the whole logical operation
  • run_id: generated by Infra for its own execution
  • parent_run_id: set to the parent component run when Infra is invoked by the CLI

Infra then propagates the shared session_id plus its own run_id as the parent context for nested Core bootstraps.

Default endpoint: https://telemetry.productive-k3s.io/telemetry Default marker header: X-Productive-K3S-Telemetry: pk3s-public-v1 Optional private header: Authorization: Bearer <telemetry-token>

Notes

Note

Infrastructure artifacts remain anonymous by default. A shareable run manifest may record that telemetry was enabled, but it should not expose endpoint values.

Note

TELEMETRY_BEARER_TOKEN is meant to be propagated as an environment variable only. It should not be persisted into generated cluster metadata such as cluster.json.

Note

In this repository telemetry is part of an explicit operator contract, not a hidden side effect.