Observability capstone: instrument a service and debug an incident

Build (or take) a small multi-service system — at least a frontend caller plus two backend services, one calling the other — instrument it end-to-end with OpenTelemetry so all four signals join by trace-id, define one SLO with a multi-window burn-rate alert, then inject a realistic fault and resolve it through the SLO → RED → trace → profile → git blame funnel, proving each step with captured evidence.

• Stand up 2–3 services (e.g. checkout → inventory → payment) over HTTP or gRPC. Each runs one OTel SDK emitting logs, metrics, and traces; add continuous profiling (Pyroscope/Parca or the OTel profiles signal) to at least the busiest service.
• Run a local OTel Collector (DaemonSet/sidecar style) that receives OTLP, applies tail sampling (100% errors + 100% slow over a threshold + ~5% baseline), and routes the four signals to backends (Tempo/Loki/Prometheus/Pyroscope or a managed vendor).
• Propagate the W3C traceparent across every hop so one trace-id spans all services; emit that trace_id into every structured log line and attach it to profile samples. Verify the join: pick one request and pull its logs, metric exemplar, full trace tree, and profile by the single trace-id.
• Define one SLO (e.g. 99.9% of checkout requests under 300 ms, 30-day window) with an SLI query, and wire a multi-window multi-burn-rate alert (fast 5m AND 1h at 14.4x; optionally a slow 6h/30m at lower burn) that pages with a payload containing service, SLO id, burn rate, window, and deeplinks to RED, trace, profile, and a runbook.
• Inject a realistic fault that burns the budget — e.g. a new code path doing heavy json.Marshal in inventory, an N+1 downstream call, or an unbounded result set. Drive load until the burn-rate alert fires; capture the alert payload as the incident T+0.
• Walk the funnel end to end and capture an artefact at each layer: the burn alert; the RED panel showing which of Rate/Errors/Duration moved; the trace filtered to the burn window showing the owning span; the profile filtered to that trace-id showing the widest leaf; and the git blame on that function.
• Resolve the incident (rollback or hotfix), watch the burn rate return to baseline, and confirm the alert clears. Write a short blameless postmortem: timeline, root cause, and 1–2 action items.

• A single trace-id demonstrably joins all four signals for one chosen request — show the log line, the metric exemplar, the trace tree, and the profile, each carrying the same trace-id.
• The multi-window burn-rate alert fires within minutes of the injected fault and clears after the fix; include the alert definition and screenshots/exports of fire and clear.
• An incident write-up that walks SLO → RED → trace → profile → git blame, with one captured artefact per funnel layer, ending at the specific commit/function that caused the burn.
• Trace propagation is verified across every hop (no orphaned spans, one connected trace tree), and tail sampling is shown to keep the failing/slow traces while dropping the baseline.
• A blameless postmortem of about one page: timeline from T+0 to resolution, root cause stated as a system failure, and tracked action items.