From 08f67641d3b522ba74c402cf6da1ee44117626a9 Mon Sep 17 00:00:00 2001 From: Nicolas Date: Wed, 24 Sep 2025 11:08:49 +0800 Subject: [PATCH] enable devops log --- .../devops/templates/devops/deployment.yaml | 34 ++++---- .../templates/devops/devops-config.yaml | 1 + .../templates/devops/opentelemetry-rbac.yaml | 45 +++++++++++ .../templates/devops/opentelemetry.yaml | 80 +++++++++++++++++++ freeleaps/helm-pkg/devops/values.alpha.yaml | 6 +- freeleaps/helm-pkg/devops/values.prod.yaml | 6 +- 6 files changed, 153 insertions(+), 19 deletions(-) create mode 100644 freeleaps/helm-pkg/devops/templates/devops/opentelemetry-rbac.yaml create mode 100644 freeleaps/helm-pkg/devops/templates/devops/opentelemetry.yaml diff --git a/freeleaps/helm-pkg/devops/templates/devops/deployment.yaml b/freeleaps/helm-pkg/devops/templates/devops/deployment.yaml index d85f96ee..b9e93f64 100644 --- a/freeleaps/helm-pkg/devops/templates/devops/deployment.yaml +++ b/freeleaps/helm-pkg/devops/templates/devops/deployment.yaml @@ -6,10 +6,10 @@ metadata: app.kubernetes.io/name: "devops" app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/instance: {{ .Release.Name }} -# {{- if .Values.logIngest.enabled }} -# annotations: -# opentelemetry.io/config-checksum: {{ include (print $.Template.BasePath "/devops/opentelemetry.yaml") . | sha256sum }} -# {{- end }} +{{- if .Values.logIngest.enabled }} + annotations: + opentelemetry.io/config-checksum: {{ include (print $.Template.BasePath "/devops/opentelemetry.yaml") . | sha256sum }} +{{- end }} name: "devops" namespace: {{ .Release.Namespace | quote }} spec: @@ -34,9 +34,9 @@ spec: sidecar.opentelemetry.io/inject: "{{ .Release.Namespace}}/{{ .Release.Name }}-opentelemetry-collector" {{- end }} spec: -# {{- if .Values.logIngest.enabled }} -# serviceAccountName: "{{ .Release.Name }}-otel-collector" -# {{- end }} +{{- if .Values.logIngest.enabled }} + serviceAccountName: "{{ .Release.Name }}-otel-collector" +{{- end }} containers: - name: "devops" image: "{{ coalesce .Values.devops.image.registry .Values.global.registry "docker.io"}}/{{ coalesce .Values.devops.image.repository .Values.global.repository }}/{{ .Values.devops.image.name }}:{{ .Values.devops.image.tag | default "latest" }}" @@ -119,13 +119,13 @@ spec: key: {{ .key }} {{- end }} {{- end }} -# {{- if .Values.logIngest.enabled }} -# volumeMounts: -# - name: app-logs -# mountPath: {{ .Values.logIngest.logPath }} -# {{- end }} -# {{- if .Values.logIngest.enabled }} -# volumes: -# - name: app-logs -# emptyDir: {} -# {{- end }} \ No newline at end of file +{{- if .Values.logIngest.enabled }} + volumeMounts: + - name: app-logs + mountPath: {{ .Values.logIngest.logPath }} +{{- end }} +{{- if .Values.logIngest.enabled }} + volumes: + - name: app-logs + emptyDir: {} +{{- end }} \ No newline at end of file diff --git a/freeleaps/helm-pkg/devops/templates/devops/devops-config.yaml b/freeleaps/helm-pkg/devops/templates/devops/devops-config.yaml index f8bfeb39..aabb9056 100644 --- a/freeleaps/helm-pkg/devops/templates/devops/devops-config.yaml +++ b/freeleaps/helm-pkg/devops/templates/devops/devops-config.yaml @@ -7,6 +7,7 @@ type: Opaque data: TZ: {{ .Values.devops.configs.tz | b64enc | quote }} APP_NAME: {{ .Values.devops.configs.appName | b64enc | quote }} + APP_ENV: {{ .Values.devops.configs.appEnv | default "alpha" | b64enc | quote }} JWT_SECRET_KEY: {{ .Values.devops.configs.jwtSecretKey | b64enc | quote }} JWT_ALGORITHM: {{ .Values.devops.configs.jwtAlgorithm | b64enc | quote }} ACCESS_TOKEN_EXPIRE_MINUTES: {{ .Values.devops.configs.accessTokenExpireMinutes | toString | b64enc | quote }} diff --git a/freeleaps/helm-pkg/devops/templates/devops/opentelemetry-rbac.yaml b/freeleaps/helm-pkg/devops/templates/devops/opentelemetry-rbac.yaml new file mode 100644 index 00000000..2fe8e00e --- /dev/null +++ b/freeleaps/helm-pkg/devops/templates/devops/opentelemetry-rbac.yaml @@ -0,0 +1,45 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Release.Name }}-otel-collector + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + app.kubernetes.io/name: "{{ .Release.Name }}-otel-collector" + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Release.Name }}-otel-collector + labels: + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + app.kubernetes.io/name: "{{ .Release.Name }}-otel-collector" + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +rules: + - apiGroups: [""] + resources: ["pods", "nodes", "namespaces"] + verbs: ["get", "list", "watch"] + - apiGroups: ["apps"] + resources: ["deployments", "replicasets"] + verbs: ["get", "list", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Release.Name }}-otel-collector + labels: + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + app.kubernetes.io/name: "{{ .Release.Name }}-otel-collector" + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Release.Name }}-otel-collector +subjects: + - kind: ServiceAccount + name: {{ .Release.Name }}-otel-collector + namespace: {{ .Release.Namespace }} diff --git a/freeleaps/helm-pkg/devops/templates/devops/opentelemetry.yaml b/freeleaps/helm-pkg/devops/templates/devops/opentelemetry.yaml new file mode 100644 index 00000000..97bbe18f --- /dev/null +++ b/freeleaps/helm-pkg/devops/templates/devops/opentelemetry.yaml @@ -0,0 +1,80 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-opentelemetry-collector + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + app.kubernetes.io/name: "{{ .Release.Name }}-opentelemetry-collector" + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +data: + otel-collector-config.yaml: | + config: + receivers: + filelog: + include: + - {{ .Values.logIngest.logPathPattern }} + start_at: beginning + include_file_path: false + include_file_name: false + operators: [] + k8s_cluster: + auth_type: serviceAccount + namespaces: [{{ .Release.Namespace }}] + processors: + resource: + attributes: + - action: insert + key: k8s.node.name + value: ${KUBE_META_NODE_NAME} + - action: insert + key: k8s.pod.name + value: ${KUBE_META_POD_NAME} + - action: insert + key: k8s.pod.ip + value: ${KUBE_META_POD_IP} + - action: insert + key: k8s.pod.uid + value: ${KUBE_META_POD_UID} + - action: insert + key: k8s.namespace.name + value: ${KUBE_META_NAMESPACE} + - action: insert + key: k8s.deployment.name + value: ${KUBE_META_OBJECT_NAME} + transform: + log_statements: + - context: log + statements: + - set(resource.attributes["application"], "devops") + - set(resource.attributes["environment"], "{{ .Values.global.environment | default .Release.Namespace }}") + - set(resource.attributes["body_json"], ParseJSON(log.body)) + - set(resource.attributes["body_json"]["kubernetes"]["pod"], resource.attributes["k8s.pod.name"]) + - set(resource.attributes["body_json"]["kubernetes"]["namespace"], resource.attributes["k8s.namespace.name"]) + - set(resource.attributes["body_json"]["kubernetes"]["pod_ip"], resource.attributes["k8s.pod.ip"]) + - set(resource.attributes["body_json"]["kubernetes"]["pod_uid"], resource.attributes["k8s.pod.uid"]) + - set(resource.attributes["body_json"]["kubernetes"]["deployment"], resource.attributes["k8s.deployment.name"]) + - set(resource.attributes["body_json"]["kubernetes"]["node"], resource.attributes["k8s.node.name"]) + - set(resource.attributes["body_json"]["kubernetes"]["namespace"], resource.attributes["k8s.namespace.name"]) + - set(log.body, resource.attributes["body_json"]) + - delete_key(resource.attributes, "body_json") + batch: + send_batch_size: 1 + timeout: 1s + exporters: + otlphttp/logs: + endpoint: {{ .Values.logIngest.lokiEndpoint }}/otlp + tls: + insecure: true + headers: + X-Scope-OrgID: "devops" + service: + telemetry: + logs: + level: info + pipelines: + logs: + receivers: [filelog, k8s_cluster] + processors: [resource, transform, batch] + exporters: [otlphttp/logs] diff --git a/freeleaps/helm-pkg/devops/values.alpha.yaml b/freeleaps/helm-pkg/devops/values.alpha.yaml index 1a2d7cb8..20d9e814 100644 --- a/freeleaps/helm-pkg/devops/values.alpha.yaml +++ b/freeleaps/helm-pkg/devops/values.alpha.yaml @@ -3,7 +3,10 @@ global: repository: freeleaps nodeSelector: {} logIngest: - enabled: false + enabled: true + lokiEndpoint: http://loki-gateway.freeleaps-logging-system + logPathPattern: /app/log/devops/*.log + logPath: /app/log/devops devops: replicas: 1 image: @@ -57,6 +60,7 @@ devops: configs: tz: UTC appName: devops + appEnv: alpha jwtSecretKey: '' jwtAlgorithm: HS256 accessTokenExpireMinutes: '3600' diff --git a/freeleaps/helm-pkg/devops/values.prod.yaml b/freeleaps/helm-pkg/devops/values.prod.yaml index 26f097c3..ce30cbe9 100644 --- a/freeleaps/helm-pkg/devops/values.prod.yaml +++ b/freeleaps/helm-pkg/devops/values.prod.yaml @@ -3,7 +3,10 @@ global: repository: freeleaps nodeSelector: {} logIngest: - enabled: false + enabled: true + lokiEndpoint: http://loki-gateway.freeleaps-logging-system + logPathPattern: /app/log/devops/*.log + logPath: /app/log/devops devops: replicas: 1 image: @@ -40,6 +43,7 @@ devops: configs: tz: UTC appName: devops + appEnv: prod jwtSecretKey: '' jwtAlgorithm: HS256 accessTokenExpireMinutes: '3600'