From e7c326902d0b228c3421c511533c7367870e0f3b Mon Sep 17 00:00:00 2001 From: Nicolas Date: Tue, 2 Sep 2025 17:36:19 +0800 Subject: [PATCH] remove cert in freeleaps and add logs in magicleaps --- .../templates/freeleaps/freeleaps-config.yaml | 3 +- .../helm-pkg/freeleaps/values.alpha.yaml | 3 +- freeleaps/helm-pkg/freeleaps/values.prod.yaml | 68 +++++----- freeleaps/helm-pkg/freeleaps/values.yaml | 6 +- .../templates/backend/deployment.yaml | 57 +++++++- .../templates/backend/opentelemetry-rbac.yaml | 53 ++++++++ .../templates/backend/opentelemetry.yaml | 123 ++++++++++++++++++ .../templates/backend/otelcol-config.yaml | 87 +++++++++++++ .../templates/frontend/deployment.yaml | 57 +++++++- .../frontend/opentelemetry-rbac.yaml | 53 ++++++++ .../templates/frontend/opentelemetry.yaml | 123 ++++++++++++++++++ .../templates/frontend/otelcol-config.yaml | 87 +++++++++++++ .../helm-pkg/magicleaps/values.alpha.yaml | 9 +- .../helm-pkg/magicleaps/values.prod.yaml | 9 +- magicleaps/helm-pkg/magicleaps/values.yaml | 9 +- 15 files changed, 700 insertions(+), 47 deletions(-) create mode 100644 magicleaps/helm-pkg/magicleaps/templates/backend/opentelemetry-rbac.yaml create mode 100644 magicleaps/helm-pkg/magicleaps/templates/backend/opentelemetry.yaml create mode 100644 magicleaps/helm-pkg/magicleaps/templates/backend/otelcol-config.yaml create mode 100644 magicleaps/helm-pkg/magicleaps/templates/frontend/opentelemetry-rbac.yaml create mode 100644 magicleaps/helm-pkg/magicleaps/templates/frontend/opentelemetry.yaml create mode 100644 magicleaps/helm-pkg/magicleaps/templates/frontend/otelcol-config.yaml diff --git a/freeleaps/helm-pkg/freeleaps/templates/freeleaps/freeleaps-config.yaml b/freeleaps/helm-pkg/freeleaps/templates/freeleaps/freeleaps-config.yaml index 0c710e3b..9a362216 100644 --- a/freeleaps/helm-pkg/freeleaps/templates/freeleaps/freeleaps-config.yaml +++ b/freeleaps/helm-pkg/freeleaps/templates/freeleaps/freeleaps-config.yaml @@ -25,8 +25,7 @@ data: FREELEAPS_AUTHENTICATION_ENDPOINT: {{ .Values.freeleaps.configs.freeleapsAuthenticationEndpoint | b64enc | quote }} FREELEAPS_AILAB_ENDPOINT: {{ .Values.freeleaps.configs.freeleapsAilabEndpoint | b64enc | quote }} FREELEAPS_NOTIFICATION_ENDPOINT: {{ .Values.freeleaps.configs.freeleapsNotificationEndpoint | b64enc | quote }} - FREELEAPS_ENV: {{ .Values.freeleaps.configs.freeleapsEnv | b64enc | quote }} - CERT_PATH: {{ .Values.freeleaps.configs.certPath | b64enc | quote }} + APP_ENV: {{ .Values.freeleaps.configs.appEnv | b64enc | quote }} REDIS_IS_CLUSTER: {{ .Values.freeleaps.configs.redisIsCluster | b64enc | quote }} METRICS_ENABLED: {{ .Values.freeleaps.configs.metricsEnabled | default false | toString | b64enc }} PROBES_ENABLED: {{ .Values.freeleaps.configs.probesEnabled | default false | toString | b64enc }} diff --git a/freeleaps/helm-pkg/freeleaps/values.alpha.yaml b/freeleaps/helm-pkg/freeleaps/values.alpha.yaml index 2c5a6a22..172c12c8 100644 --- a/freeleaps/helm-pkg/freeleaps/values.alpha.yaml +++ b/freeleaps/helm-pkg/freeleaps/values.alpha.yaml @@ -76,8 +76,7 @@ freeleaps: freeleapsAuthenticationEndpoint: http://authentication-service.freeleaps-alpha.svc.freeleaps.cluster:8004/api/auth/ freeleapsNotificationEndpoint: http://notification-service.freeleaps-alpha.svc.freeleaps.cluster:8003/api/notification/ freeleapsAilabEndpoint: '' - freeleapsEnv: alpha - certPath: '' + appEnv: 'alpha' redisIsCluster: 'false' metricsEnabled: 'false' probesEnabled: 'true' diff --git a/freeleaps/helm-pkg/freeleaps/values.prod.yaml b/freeleaps/helm-pkg/freeleaps/values.prod.yaml index 31a31699..c35c4426 100644 --- a/freeleaps/helm-pkg/freeleaps/values.prod.yaml +++ b/freeleaps/helm-pkg/freeleaps/values.prod.yaml @@ -67,8 +67,8 @@ freeleaps: freeleapsAuthenticationEndpoint: http://authentication-service.freeleaps-prod.svc.freeleaps.cluster:8004/api/auth/ freeleapsNotificationEndpoint: http://notification-service.freeleaps-prod.svc.freeleaps.cluster:8003/api/notification/ freeleapsAilabEndpoint: '' - freeleapsEnv: alpha - certPath: '' + appEnv: prod + redisIsCluster: 'true' metricsEnabled: 'true' probesEnabled: 'true' @@ -82,38 +82,38 @@ freeleaps: creationPolicy: Owner refreshInterval: 30s data: - - key: mongodbUri - remoteRef: - key: freeleaps-prod-mongodb-uri - type: Secret - - key: jwtSecretKey - remoteRef: - key: freeleaps-prod-jwt-secret-key - type: Secret - - key: stripeApiKey - remoteRef: - key: freeleaps-prod-stripe-api-key - type: Secret - - key: stripeWebhookSecret - remoteRef: - key: freeleaps-prod-stripe-webhook-secret - type: Secret - - key: stripeAccountWebhookSecret - remoteRef: - key: freeleaps-prod-stripe-account-webhook-secret - type: Secret - - key: rabbitmqPassword - remoteRef: - key: freeleaps-prod-rabbitmq-password - type: Secret - - key: redisUrl - remoteRef: - key: freeleaps-prod-redis-url - type: Secret - - key: giteaApiKey - remoteRef: - key: freeleaps-prod-gitea-api-key - type: Secret + - key: mongodbUri + remoteRef: + key: freeleaps-prod-mongodb-uri + type: Secret + - key: jwtSecretKey + remoteRef: + key: freeleaps-prod-jwt-secret-key + type: Secret + - key: stripeApiKey + remoteRef: + key: freeleaps-prod-stripe-api-key + type: Secret + - key: stripeWebhookSecret + remoteRef: + key: freeleaps-prod-stripe-webhook-secret + type: Secret + - key: stripeAccountWebhookSecret + remoteRef: + key: freeleaps-prod-stripe-account-webhook-secret + type: Secret + - key: rabbitmqPassword + remoteRef: + key: freeleaps-prod-rabbitmq-password + type: Secret + - key: redisUrl + remoteRef: + key: freeleaps-prod-redis-url + type: Secret + - key: giteaApiKey + remoteRef: + key: freeleaps-prod-gitea-api-key + type: Secret vpa: minAllowed: enabled: true diff --git a/freeleaps/helm-pkg/freeleaps/values.yaml b/freeleaps/helm-pkg/freeleaps/values.yaml index a5ac4af8..44ccf965 100644 --- a/freeleaps/helm-pkg/freeleaps/values.yaml +++ b/freeleaps/helm-pkg/freeleaps/values.yaml @@ -89,10 +89,8 @@ freeleaps: freeleapsNotificationEndpoint: "" # FREELEAPS_AILAB_ENDPOINT freeleapsAilabEndpoint: "" - # FREELEAPS_ENV - freeleapsEnv: "" - # CERT_PATH - certPath: "" + # APP_ENV + appEnv: "" # REDIS_IS_CLUSTER redisIsCluster: "false" # METRICS_ENABLED diff --git a/magicleaps/helm-pkg/magicleaps/templates/backend/deployment.yaml b/magicleaps/helm-pkg/magicleaps/templates/backend/deployment.yaml index 2294ace8..b9da6082 100644 --- a/magicleaps/helm-pkg/magicleaps/templates/backend/deployment.yaml +++ b/magicleaps/helm-pkg/magicleaps/templates/backend/deployment.yaml @@ -95,4 +95,59 @@ spec: secretKeyRef: name: magicleaps-backend-config key: {{ $key | snakecase | upper }} - {{- end }} \ No newline at end of file + {{- end }} + {{- if .Values.logIngest.enabled }} + volumeMounts: + - name: app-logs + mountPath: {{ .Values.logIngest.backendLogPath }} + {{- end }} + {{- if .Values.logIngest.enabled }} + - name: opentelemetry-collector + image: ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-contrib:latest + command: + - /otelcol-contrib + - --config=/etc/otelcol-contrib/otelcol-contrib.yaml + volumeMounts: + - name: app-logs + mountPath: {{ .Values.logIngest.backendLogPath }} + - name: otelcol-config + mountPath: /etc/otelcol-contrib + securityContext: + allowPrivilegeEscalation: true + privileged: true + runAsUser: 0 + runAsGroup: 0 + env: + - name: KUBE_META_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: KUBE_META_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: KUBE_META_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: KUBE_META_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: KUBE_META_POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + - name: KUBE_META_OBJECT_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['app.kubernetes.io/instance'] + {{- end }} + volumes: + {{- if .Values.logIngest.enabled }} + - name: app-logs + emptyDir: {} + - name: otelcol-config + configMap: + name: {{ .Release.Name }}-backend-otelcol-config + {{- end }} \ No newline at end of file diff --git a/magicleaps/helm-pkg/magicleaps/templates/backend/opentelemetry-rbac.yaml b/magicleaps/helm-pkg/magicleaps/templates/backend/opentelemetry-rbac.yaml new file mode 100644 index 00000000..579763cc --- /dev/null +++ b/magicleaps/helm-pkg/magicleaps/templates/backend/opentelemetry-rbac.yaml @@ -0,0 +1,53 @@ +{{- if .Values.logIngest.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Release.Name }}-backend-otel-collector + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Release.Name }}-backend-otel-collector +rules: +- apiGroups: [""] + resources: ["nodes", "nodes/proxy", "services", "endpoints", "pods", "events"] + verbs: ["get", "list", "watch"] +- apiGroups: ["apps"] + resources: ["replicasets", "deployments"] + verbs: ["get", "list", "watch"] +- apiGroups: ["extensions"] + resources: ["replicasets"] + verbs: ["get", "list", "watch"] +- apiGroups: ["apps"] + resources: ["statefulsets"] + verbs: ["get", "list", "watch"] +- apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["get", "list", "watch"] +- apiGroups: ["autoscaling"] + resources: ["horizontalpodautoscalers"] + verbs: ["get", "list", "watch"] +- apiGroups: ["networking.k8s.io"] + resources: ["ingresses"] + verbs: ["get", "list", "watch"] +- apiGroups: ["authentication.k8s.io"] + resources: ["tokenreviews"] + verbs: ["create"] +- apiGroups: ["authorization.k8s.io"] + resources: ["subjectaccessreviews"] + verbs: ["create"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Release.Name }}-backend-otel-collector +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Release.Name }}-backend-otel-collector +subjects: +- kind: ServiceAccount + name: {{ .Release.Name }}-backend-otel-collector + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/magicleaps/helm-pkg/magicleaps/templates/backend/opentelemetry.yaml b/magicleaps/helm-pkg/magicleaps/templates/backend/opentelemetry.yaml new file mode 100644 index 00000000..4f1ed1ec --- /dev/null +++ b/magicleaps/helm-pkg/magicleaps/templates/backend/opentelemetry.yaml @@ -0,0 +1,123 @@ +{{- if .Values.logIngest.enabled }} +apiVersion: opentelemetry.io/v1beta1 +kind: OpenTelemetryCollector +metadata: + name: {{ .Release.Name }}-backend-opentelemetry-collector + namespace: {{ .Release.Namespace }} +spec: + mode: sidecar + image: ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-contrib:latest + serviceAccount: "{{ .Release.Name }}-backend-otel-collector" + volumeMounts: + - name: app-logs + mountPath: {{ .Values.logIngest.backendLogPath }} + securityContext: + allowPrivilegeEscalation: true + privileged: true + runAsUser: 0 + runAsGroup: 0 + env: + - name: KUBE_META_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: KUBE_META_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: KUBE_META_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: KUBE_META_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: KUBE_META_POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + - name: KUBE_META_OBJECT_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['app.kubernetes.io/instance'] + config: + receivers: + filelog: + include: + - {{ .Values.logIngest.backendLogPathPattern }} + start_at: end + include_file_path: false + include_file_name: false + operators: + - type: json_parser + parse_from: body + parse_to: attributes + processors: + resource: + attributes: + - action: insert + key: k8s.node.name + value: ${KUBE_META_NODE_NAME} + - action: insert + key: k8s.pod.name + value: ${KUBE_META_POD_NAME} + - action: insert + key: k8s.pod.ip + value: ${KUBE_META_POD_IP} + - action: insert + key: k8s.pod.uid + value: ${KUBE_META_POD_UID} + - action: insert + key: k8s.namespace.name + value: ${KUBE_META_NAMESPACE} + - action: insert + key: k8s.deployment.name + value: ${KUBE_META_OBJECT_NAME} + - action: insert + key: service.name + value: magicleaps-backend + - action: insert + key: service.component + value: backend + transform: + log_statements: + - context: log + statements: + - set(resource.attributes["application"], log.attributes["context"]["app"]) + - set(resource.attributes["environment"], log.attributes["context"]["env"]) + - set(resource.attributes["kubernetes_node_name"], resource.attributes["k8s.node.name"]) + - set(resource.attributes["kubernetes_pod_name"], resource.attributes["k8s.pod.name"]) + - set(resource.attributes["kubernetes_pod_ip"], resource.attributes["k8s.pod.ip"]) + - set(resource.attributes["kubernetes_deployment_name"], resource.attributes["k8s.deployment.name"]) + - set(resource.attributes["kubernetes_namespace"], resource.attributes["k8s.namespace.name"]) + - set(resource.attributes["body_json"], ParseJSON(log.body)) + - set(resource.attributes["body_json"]["kubernetes"]["pod"], resource.attributes["k8s.pod.name"]) + - set(resource.attributes["body_json"]["kubernetes"]["namespace"], resource.attributes["k8s.namespace.name"]) + - set(resource.attributes["body_json"]["kubernetes"]["pod_ip"], resource.attributes["k8s.pod.ip"]) + - set(resource.attributes["body_json"]["kubernetes"]["pod_uid"], resource.attributes["k8s.pod.uid"]) + - set(resource.attributes["body_json"]["kubernetes"]["deployment"], resource.attributes["k8s.pod.name"]) + - set(resource.attributes["body_json"]["kubernetes"]["node"], resource.attributes["k8s.node.name"]) + - set(resource.attributes["body_json"]["kubernetes"]["namespace"], resource.attributes["k8s.namespace.name"]) + - set(resource.attributes["body_json"]["service"]["name"], "magicleaps-backend") + - set(resource.attributes["body_json"]["service"]["component"], "backend") + - set(log.body, resource.attributes["body_json"]) + - delete_key(resource.attributes, "body_json") + batch: + send_batch_size: 5 + timeout: 10s + exporters: + otlphttp/logs: + endpoint: {{ .Values.logIngest.lokiEndpoint }}/otlp + tls: + insecure: true + service: + telemetry: + logs: + level: info + pipelines: + logs: + receivers: [filelog] + processors: [resource, transform, batch] + exporters: [otlphttp/logs] +{{- end }} diff --git a/magicleaps/helm-pkg/magicleaps/templates/backend/otelcol-config.yaml b/magicleaps/helm-pkg/magicleaps/templates/backend/otelcol-config.yaml new file mode 100644 index 00000000..f187096b --- /dev/null +++ b/magicleaps/helm-pkg/magicleaps/templates/backend/otelcol-config.yaml @@ -0,0 +1,87 @@ +{{- if .Values.logIngest.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-backend-otelcol-config + namespace: {{ .Release.Namespace }} +data: + otelcol-contrib.yaml: | + receivers: + filelog: + include: + - {{ .Values.logIngest.backendLogPathPattern }} + start_at: end + include_file_path: false + include_file_name: false + operators: + - type: json_parser + parse_from: body + parse_to: attributes + processors: + resource: + attributes: + - action: insert + key: k8s.node.name + value: ${KUBE_META_NODE_NAME} + - action: insert + key: k8s.pod.name + value: ${KUBE_META_POD_NAME} + - action: insert + key: k8s.pod.ip + value: ${KUBE_META_POD_IP} + - action: insert + key: k8s.pod.uid + value: ${KUBE_META_POD_UID} + - action: insert + key: k8s.namespace.name + value: ${KUBE_META_NAMESPACE} + - action: insert + key: k8s.deployment.name + value: ${KUBE_META_OBJECT_NAME} + - action: insert + key: service.name + value: magicleaps-backend + - action: insert + key: service.component + value: backend + transform: + log_statements: + - context: log + statements: + - set(resource.attributes["application"], log.attributes["context"]["app"]) + - set(resource.attributes["environment"], log.attributes["context"]["env"]) + - set(resource.attributes["kubernetes_node_name"], resource.attributes["k8s.node.name"]) + - set(resource.attributes["kubernetes_pod_name"], resource.attributes["k8s.pod.name"]) + - set(resource.attributes["kubernetes_pod_ip"], resource.attributes["k8s.pod.ip"]) + - set(resource.attributes["kubernetes_deployment_name"], resource.attributes["k8s.deployment.name"]) + - set(resource.attributes["kubernetes_namespace"], resource.attributes["k8s.namespace.name"]) + - set(resource.attributes["body_json"], ParseJSON(log.body)) + - set(resource.attributes["body_json"]["kubernetes"]["pod"], resource.attributes["k8s.pod.name"]) + - set(resource.attributes["body_json"]["kubernetes"]["namespace"], resource.attributes["k8s.namespace.name"]) + - set(resource.attributes["body_json"]["kubernetes"]["pod_ip"], resource.attributes["k8s.pod.ip"]) + - set(resource.attributes["body_json"]["kubernetes"]["pod_uid"], resource.attributes["k8s.pod.uid"]) + - set(resource.attributes["body_json"]["kubernetes"]["deployment"], resource.attributes["k8s.pod.name"]) + - set(resource.attributes["body_json"]["kubernetes"]["node"], resource.attributes["k8s.node.name"]) + - set(resource.attributes["body_json"]["kubernetes"]["namespace"], resource.attributes["k8s.namespace.name"]) + - set(resource.attributes["body_json"]["service"]["name"], "magicleaps-backend") + - set(resource.attributes["body_json"]["service"]["component"], "backend") + - set(log.body, resource.attributes["body_json"]) + - delete_key(resource.attributes, "body_json") + batch: + send_batch_size: 5 + timeout: 10s + exporters: + otlphttp/logs: + endpoint: {{ .Values.logIngest.lokiEndpoint }}/otlp + tls: + insecure: true + service: + telemetry: + logs: + level: info + pipelines: + logs: + receivers: [filelog] + processors: [resource, transform, batch] + exporters: [otlphttp/logs] +{{- end }} diff --git a/magicleaps/helm-pkg/magicleaps/templates/frontend/deployment.yaml b/magicleaps/helm-pkg/magicleaps/templates/frontend/deployment.yaml index bf09ec19..378335de 100644 --- a/magicleaps/helm-pkg/magicleaps/templates/frontend/deployment.yaml +++ b/magicleaps/helm-pkg/magicleaps/templates/frontend/deployment.yaml @@ -95,4 +95,59 @@ spec: secretKeyRef: name: magicleaps-frontend-config key: {{ $key | snakecase | upper }} - {{- end }} \ No newline at end of file + {{- end }} + {{- if .Values.logIngest.enabled }} + volumeMounts: + - name: app-logs + mountPath: {{ .Values.logIngest.frontendLogPath }} + {{- end }} + {{- if .Values.logIngest.enabled }} + - name: opentelemetry-collector + image: ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-contrib:latest + command: + - /otelcol-contrib + - --config=/etc/otelcol-contrib/otelcol-contrib.yaml + volumeMounts: + - name: app-logs + mountPath: {{ .Values.logIngest.frontendLogPath }} + - name: otelcol-config + mountPath: /etc/otelcol-contrib + securityContext: + allowPrivilegeEscalation: true + privileged: true + runAsUser: 0 + runAsGroup: 0 + env: + - name: KUBE_META_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: KUBE_META_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: KUBE_META_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: KUBE_META_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: KUBE_META_POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + - name: KUBE_META_OBJECT_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['app.kubernetes.io/instance'] + {{- end }} + volumes: + {{- if .Values.logIngest.enabled }} + - name: app-logs + emptyDir: {} + - name: otelcol-config + configMap: + name: {{ .Release.Name }}-frontend-otelcol-config + {{- end }} \ No newline at end of file diff --git a/magicleaps/helm-pkg/magicleaps/templates/frontend/opentelemetry-rbac.yaml b/magicleaps/helm-pkg/magicleaps/templates/frontend/opentelemetry-rbac.yaml new file mode 100644 index 00000000..41b3876e --- /dev/null +++ b/magicleaps/helm-pkg/magicleaps/templates/frontend/opentelemetry-rbac.yaml @@ -0,0 +1,53 @@ +{{- if .Values.logIngest.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Release.Name }}-frontend-otel-collector + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Release.Name }}-frontend-otel-collector +rules: +- apiGroups: [""] + resources: ["nodes", "nodes/proxy", "services", "endpoints", "pods", "events"] + verbs: ["get", "list", "watch"] +- apiGroups: ["apps"] + resources: ["replicasets", "deployments"] + verbs: ["get", "list", "watch"] +- apiGroups: ["extensions"] + resources: ["replicasets"] + verbs: ["get", "list", "watch"] +- apiGroups: ["apps"] + resources: ["statefulsets"] + verbs: ["get", "list", "watch"] +- apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["get", "list", "watch"] +- apiGroups: ["autoscaling"] + resources: ["horizontalpodautoscalers"] + verbs: ["get", "list", "watch"] +- apiGroups: ["networking.k8s.io"] + resources: ["ingresses"] + verbs: ["get", "list", "watch"] +- apiGroups: ["authentication.k8s.io"] + resources: ["tokenreviews"] + verbs: ["create"] +- apiGroups: ["authorization.k8s.io"] + resources: ["subjectaccessreviews"] + verbs: ["create"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Release.Name }}-frontend-otel-collector +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Release.Name }}-frontend-otel-collector +subjects: +- kind: ServiceAccount + name: {{ .Release.Name }}-frontend-otel-collector + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/magicleaps/helm-pkg/magicleaps/templates/frontend/opentelemetry.yaml b/magicleaps/helm-pkg/magicleaps/templates/frontend/opentelemetry.yaml new file mode 100644 index 00000000..96c1e16f --- /dev/null +++ b/magicleaps/helm-pkg/magicleaps/templates/frontend/opentelemetry.yaml @@ -0,0 +1,123 @@ +{{- if .Values.logIngest.enabled }} +apiVersion: opentelemetry.io/v1beta1 +kind: OpenTelemetryCollector +metadata: + name: {{ .Release.Name }}-frontend-opentelemetry-collector + namespace: {{ .Release.Namespace }} +spec: + mode: sidecar + image: ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-contrib:latest + serviceAccount: "{{ .Release.Name }}-frontend-otel-collector" + volumeMounts: + - name: app-logs + mountPath: {{ .Values.logIngest.frontendLogPath }} + securityContext: + allowPrivilegeEscalation: true + privileged: true + runAsUser: 0 + runAsGroup: 0 + env: + - name: KUBE_META_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: KUBE_META_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: KUBE_META_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: KUBE_META_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: KUBE_META_POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + - name: KUBE_META_OBJECT_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['app.kubernetes.io/instance'] + config: + receivers: + filelog: + include: + - {{ .Values.logIngest.frontendLogPathPattern }} + start_at: end + include_file_path: false + include_file_name: false + operators: + - type: json_parser + parse_from: body + parse_to: attributes + processors: + resource: + attributes: + - action: insert + key: k8s.node.name + value: ${KUBE_META_NODE_NAME} + - action: insert + key: k8s.pod.name + value: ${KUBE_META_POD_NAME} + - action: insert + key: k8s.pod.ip + value: ${KUBE_META_POD_IP} + - action: insert + key: k8s.pod.uid + value: ${KUBE_META_POD_UID} + - action: insert + key: k8s.namespace.name + value: ${KUBE_META_NAMESPACE} + - action: insert + key: k8s.deployment.name + value: ${KUBE_META_OBJECT_NAME} + - action: insert + key: service.name + value: magicleaps-frontend + - action: insert + key: service.component + value: frontend + transform: + log_statements: + - context: log + statements: + - set(resource.attributes["application"], log.attributes["context"]["app"]) + - set(resource.attributes["environment"], log.attributes["context"]["env"]) + - set(resource.attributes["kubernetes_node_name"], resource.attributes["k8s.node.name"]) + - set(resource.attributes["kubernetes_pod_name"], resource.attributes["k8s.pod.name"]) + - set(resource.attributes["kubernetes_pod_ip"], resource.attributes["k8s.pod.ip"]) + - set(resource.attributes["kubernetes_deployment_name"], resource.attributes["k8s.deployment.name"]) + - set(resource.attributes["kubernetes_namespace"], resource.attributes["k8s.namespace.name"]) + - set(resource.attributes["body_json"], ParseJSON(log.body)) + - set(resource.attributes["body_json"]["kubernetes"]["pod"], resource.attributes["k8s.pod.name"]) + - set(resource.attributes["body_json"]["kubernetes"]["namespace"], resource.attributes["k8s.namespace.name"]) + - set(resource.attributes["body_json"]["kubernetes"]["pod_ip"], resource.attributes["k8s.pod.ip"]) + - set(resource.attributes["body_json"]["kubernetes"]["pod_uid"], resource.attributes["k8s.pod.uid"]) + - set(resource.attributes["body_json"]["kubernetes"]["deployment"], resource.attributes["k8s.pod.name"]) + - set(resource.attributes["body_json"]["kubernetes"]["node"], resource.attributes["k8s.node.name"]) + - set(resource.attributes["body_json"]["kubernetes"]["namespace"], resource.attributes["k8s.namespace.name"]) + - set(resource.attributes["body_json"]["service"]["name"], "magicleaps-frontend") + - set(resource.attributes["body_json"]["service"]["component"], "frontend") + - set(log.body, resource.attributes["body_json"]) + - delete_key(resource.attributes, "body_json") + batch: + send_batch_size: 5 + timeout: 10s + exporters: + otlphttp/logs: + endpoint: {{ .Values.logIngest.lokiEndpoint }}/otlp + tls: + insecure: true + service: + telemetry: + logs: + level: info + pipelines: + logs: + receivers: [filelog] + processors: [resource, transform, batch] + exporters: [otlphttp/logs] +{{- end }} diff --git a/magicleaps/helm-pkg/magicleaps/templates/frontend/otelcol-config.yaml b/magicleaps/helm-pkg/magicleaps/templates/frontend/otelcol-config.yaml new file mode 100644 index 00000000..5659ea48 --- /dev/null +++ b/magicleaps/helm-pkg/magicleaps/templates/frontend/otelcol-config.yaml @@ -0,0 +1,87 @@ +{{- if .Values.logIngest.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-frontend-otelcol-config + namespace: {{ .Release.Namespace }} +data: + otelcol-contrib.yaml: | + receivers: + filelog: + include: + - {{ .Values.logIngest.frontendLogPathPattern }} + start_at: end + include_file_path: false + include_file_name: false + operators: + - type: json_parser + parse_from: body + parse_to: attributes + processors: + resource: + attributes: + - action: insert + key: k8s.node.name + value: ${KUBE_META_NODE_NAME} + - action: insert + key: k8s.pod.name + value: ${KUBE_META_POD_NAME} + - action: insert + key: k8s.pod.ip + value: ${KUBE_META_POD_IP} + - action: insert + key: k8s.pod.uid + value: ${KUBE_META_POD_UID} + - action: insert + key: k8s.namespace.name + value: ${KUBE_META_NAMESPACE} + - action: insert + key: k8s.deployment.name + value: ${KUBE_META_OBJECT_NAME} + - action: insert + key: service.name + value: magicleaps-frontend + - action: insert + key: service.component + value: frontend + transform: + log_statements: + - context: log + statements: + - set(resource.attributes["application"], log.attributes["context"]["app"]) + - set(resource.attributes["environment"], log.attributes["context"]["env"]) + - set(resource.attributes["kubernetes_node_name"], resource.attributes["k8s.node.name"]) + - set(resource.attributes["kubernetes_pod_name"], resource.attributes["k8s.pod.name"]) + - set(resource.attributes["kubernetes_pod_ip"], resource.attributes["k8s.pod.ip"]) + - set(resource.attributes["kubernetes_deployment_name"], resource.attributes["k8s.deployment.name"]) + - set(resource.attributes["kubernetes_namespace"], resource.attributes["k8s.namespace.name"]) + - set(resource.attributes["body_json"], ParseJSON(log.body)) + - set(resource.attributes["body_json"]["kubernetes"]["pod"], resource.attributes["k8s.pod.name"]) + - set(resource.attributes["body_json"]["kubernetes"]["namespace"], resource.attributes["k8s.namespace.name"]) + - set(resource.attributes["body_json"]["kubernetes"]["pod_ip"], resource.attributes["k8s.pod.ip"]) + - set(resource.attributes["body_json"]["kubernetes"]["pod_uid"], resource.attributes["k8s.pod.uid"]) + - set(resource.attributes["body_json"]["kubernetes"]["deployment"], resource.attributes["k8s.pod.name"]) + - set(resource.attributes["body_json"]["kubernetes"]["node"], resource.attributes["k8s.node.name"]) + - set(resource.attributes["body_json"]["kubernetes"]["namespace"], resource.attributes["k8s.namespace.name"]) + - set(resource.attributes["body_json"]["service"]["name"], "magicleaps-frontend") + - set(resource.attributes["body_json"]["service"]["component"], "frontend") + - set(log.body, resource.attributes["body_json"]) + - delete_key(resource.attributes, "body_json") + batch: + send_batch_size: 5 + timeout: 10s + exporters: + otlphttp/logs: + endpoint: {{ .Values.logIngest.lokiEndpoint }}/otlp + tls: + insecure: true + service: + telemetry: + logs: + level: info + pipelines: + logs: + receivers: [filelog] + processors: [resource, transform, batch] + exporters: [otlphttp/logs] +{{- end }} diff --git a/magicleaps/helm-pkg/magicleaps/values.alpha.yaml b/magicleaps/helm-pkg/magicleaps/values.alpha.yaml index ddeb9798..56521d05 100644 --- a/magicleaps/helm-pkg/magicleaps/values.alpha.yaml +++ b/magicleaps/helm-pkg/magicleaps/values.alpha.yaml @@ -2,6 +2,13 @@ global: registry: docker.io repository: sunzhenyucn nodeSelector: {} +logIngest: + enabled: true + lokiEndpoint: http://loki-gateway.magicleaps-logging-system + backendLogPathPattern: /app/log/*.log + backendLogPath: /app/log + frontendLogPathPattern: /app/logs/*.log + frontendLogPath: /app/logs frontend: replicas: 1 image: @@ -104,6 +111,6 @@ backend: twilioAccountSid: '' twilioAuthToken: '' eveluationTaskFolderBase: temp/interview/eveluation_task/ - logDir: logs + logDir: /app/log appLogFile: app.log appLogLevel: INFO diff --git a/magicleaps/helm-pkg/magicleaps/values.prod.yaml b/magicleaps/helm-pkg/magicleaps/values.prod.yaml index cf95853c..d34b16a9 100644 --- a/magicleaps/helm-pkg/magicleaps/values.prod.yaml +++ b/magicleaps/helm-pkg/magicleaps/values.prod.yaml @@ -2,6 +2,13 @@ global: registry: docker.io repository: sunzhenyucn nodeSelector: {} +logIngest: + enabled: true + lokiEndpoint: http://loki-gateway.magicleaps-logging-system + backendLogPathPattern: /app/log/*.log + backendLogPath: /app/log + frontendLogPathPattern: /app/logs/*.log + frontendLogPath: /app/logs frontend: replicas: 1 image: @@ -104,6 +111,6 @@ backend: twilioAccountSid: '' twilioAuthToken: '' eveluationTaskFolderBase: temp/interview/eveluation_task/ - logDir: logs + logDir: /app/log appLogFile: app.log appLogLevel: INFO diff --git a/magicleaps/helm-pkg/magicleaps/values.yaml b/magicleaps/helm-pkg/magicleaps/values.yaml index 10040819..8c3a8f1d 100644 --- a/magicleaps/helm-pkg/magicleaps/values.yaml +++ b/magicleaps/helm-pkg/magicleaps/values.yaml @@ -3,6 +3,13 @@ global: registry: docker.io repository: sunzhenyucn nodeSelector: {} +logIngest: + enabled: true + lokiEndpoint: http://loki-gateway.magicleaps-logging-system + backendLogPathPattern: /app/log/*.log + backendLogPath: /app/log + frontendLogPathPattern: /app/logs/*.log + frontendLogPath: /app/logs frontend: replicas: 1 image: @@ -105,6 +112,6 @@ backend: twilioAccountSid: "" twilioAuthToken: "" eveluationTaskFolderBase: "temp/interview/eveluation_task/" - logDir: "logs" + logDir: "/app/log" appLogFile: "app.log" appLogLevel: "INFO" \ No newline at end of file