fix(infra-ingress): analyse logs for metrics

2025-03-21 08:46:28 +01:00 · 2025-03-21 08:46:28 +01:00 · f7b24a09b1
commit f7b24a09b1
parent a1e9d9c920
5 changed files with 217 additions and 3 deletions
--- a/infra-ingress/templates/configmap_init_crd.yaml
+++ b/infra-ingress/templates/configmap_init_crd.yaml
@ -7,6 +7,7 @@ metadata:
 data:
  {{- $isMonitoring := and
    (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor")
+    (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PodMonitor")
  }}
  monitoring: {{ $isMonitoring | quote }}
  {{- $isTraefik := and
--- a/infra-ingress/templates/traefik/release.yaml
+++ b/infra-ingress/templates/traefik/release.yaml
@ -30,6 +30,60 @@ spec:
      {{- if .Values.hostNetwork }}
      dnsPolicy: ClusterFirstWithHostNet
      {{- end }}
+      podAnnotations:
+      {{- if .Values.traefik.logs.metrics }}
+        checksum/vector-config: {{ include (print $.Template.BasePath "/traefik/vector/configmap.yaml") $ | sha256sum }}
+      {{- if .Values.traefik.logs.geoip.enabled }}
+      initContainers:
+        - name: "download-geoip"
+          image: "alpine"
+          command:
+            - sh
+            - -c
+            - |
+              cd /usr/share/GeoIP
+              wget -O geoip-db.mmdb {{ .Values.traefik.logs.geoip.url | quote}}
+              # gunzip geoip-db.mmdb.gz
+          volumeMounts:
+            - mountPath: "/usr/share/GeoIP"
+              name: geoip
+      {{- end }}
+      additionalContainers:
+        - name: "vector"
+          image: docker.io/timberio/vector:0.45.0-debian
+          args:
+            - --watch-config
+            - --watch-config-method
+            - poll
+          livenessProbe:
+            httpGet:
+              path: /health
+              port: vector-api
+          volumeMounts:
+            - mountPath: "/etc/vector/vector.yaml"
+              subPath: "vector.yaml"
+              name: vector-config
+              readOnly: true
+          {{- if .Values.traefik.logs.geoip.enabled }}
+            - mountPath: "/usr/share/GeoIP"
+              name: geoip
+          {{- end }}
+          ports:
+            - name: vector-api
+              containerPort: 8686
+              protocol: TCP
+            - name: vector-metrics
+              containerPort: 9116
+              protocol: TCP
+      additionalVolumes:
+        - name: vector-config
+          configMap:
+            name: traefik-vector
+        {{- if .Values.traefik.logs.geoip.enabled }}
+        - name: geoip
+          empty: {}
+        {{- end }}
+      {{- end }}
    hostNetwork: {{ .Values.hostNetwork }}
    updateStrategy:
      rollingUpdate:
@ -43,10 +97,18 @@ spec:
        - IPv6
        - IPv4

-    {{- with .Values.traefik.additionalArguments }}
    additionalArguments:
+      {{- with .Values.traefik.additionalArguments }}
      {{- toYaml . | nindent 6 }}
-    {{- end }}
+      {{- end }}
+      {{- if .Values.traefik.logs.metrics }}
+      - --experimental.otlpLogs=true
+      - --accesslog=true
+      - --accesslog.otlp=true
+      - --accesslog.otlp.grpc=true
+      - --accesslog.otlp.grpc.endpoint=localhost:4317
+      - --accesslog.otlp.grpc.insecure=true
+      {{- end }}

    tolerations:
      - key: "CriticalAddonsOnly"
@ -60,6 +122,7 @@ spec:

    priorityClassName: "system-cluster-critical"

+
    ports:
      metrics:
        port: 9111
@ -80,6 +143,10 @@ spec:
      {{- with .Values.traefik.ports }}
      {{- toYaml . | nindent 6 }}
      {{- end }}
+    gateway:
+      listeners:
+        web:
+          port: 80
    {{- if .Values.hostNetwork }}
    podSecurityContext: null
    securityContext:
@ -92,6 +159,8 @@ spec:
      kubernetesIngress:
        publishedService:
          enabled: true
+      kubernetesGateway:
+        enabled: true

    ingressRoute:
      dashboard:
@ -115,7 +184,7 @@ spec:
        format: "json"
        level: WARN
      access:
-        enabled: {{ toYaml .Values.logs.access }}
+        enabled: {{ toYaml (and .Values.logs.access (not .Values.traefik.logs.metrics)) }}
        format: "json"
    {{- end }}

@ -125,6 +194,7 @@ spec:
        service:
          enabled: true
        serviceMonitor:
+          enabled: true
          additionalLabels:
            {{- toYaml $.Values.commons.prometheus.monitor.labels | nindent 12 }}
        {{- end }}
--- a/infra-ingress/templates/traefik/vector/configmap.yaml
+++ b/infra-ingress/templates/traefik/vector/configmap.yaml
@ -0,0 +1,117 @@
+{{- if and (eq .Values.controller "traefik") .Values.traefik.logs.metrics }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: traefik-vector
+data:
+  vector.yaml: |
+    api:
+      enabled: true
+      address: "0.0.0.0:8686"
+    {{- if .Values.traefik.logs.geoip.enabled }}
+    enrichment_tables:
+      geoip:
+        type: "geoip"
+        path: "/usr/share/GeoIP/geoip-db.mmdb"
+        locale: "en"
+    {{- end }}
+    sources:
+      otlp:
+        type: opentelemetry
+        grpc:
+          address: 127.0.0.1:4317
+        http:
+          address: 127.0.0.1:4318
+    transforms:
+      {{- with .Values.traefik.logs.additionalTransforms }}
+      {{- toYaml . | nindent 6 }}
+      {{- end }}
+      {{ $input := "otlp.logs" }}
+      {{- if .Values.traefik.logs.geoip.enabled }}
+      geolookup:
+        inputs:
+          - "otlp.logs"
+        type: "remap"
+        source: |
+          if ip_cidr_contains!([
+            "10.0.0.0/8",
+            "100.64.0.0/10",
+            "172.16.0.0/12",
+            "192.168.0.0/16",
+            "fc00::/7",
+            ], .attributes.ClientHost) {
+              .geoip = {
+                "latitude": 0.0,
+                "longitude": 0.0,
+                "continent_code": "internal",
+                "country_code": "internal",
+                "country_name": "internal"
+              }
+          } else {
+            .geoip, .err = get_enrichment_table_record("geoip", {"ip": .attributes.ClientHost}, [
+              "latitude",
+              "longitude",
+              "continent_code",
+              "country_code",
+              "country_name"
+            ])
+            if .err != null {
+              log(.err, level: "error")
+            }
+            if !exists(.geoip.continent_code) {
+              .geoip = {
+                "latitude": 0.0,
+                "longitude": 0.0,
+                "continent_code": "unknown",
+                "country_code": "unknown",
+                "country_name": "unknown"
+              }
+            }
+          }
+          del(.err)
+        {{ $input = "geolookup"}}
+      {{- end }}
+      metrics:
+        inputs:
+          - {{ $input }}
+        type: log_to_metric
+        metrics:
+          - namespace: "traefik_logs"
+            name: "access"
+            field: "attributes.RequestHost"
+            type: counter
+            tags:
+              {{`
+              host: "{{ attributes.RequestHost }}"
+              entryPoint: "{{ attributes.entryPointName }}"
+              `}}
+              {{- if .Values.traefik.logs.geoip.enabled }}
+              {{`
+              latitude: "{{ geoip.latitude }}"
+              longitude: "{{ geoip.longitude }}"
+              continent_code: "{{ geoip.continent_code }}"
+              country_code: "{{ geoip.country_code }}"
+              country_name: "{{ geoip.country_name }}"
+              `}}
+              {{- end }}
+          {{- with .Values.traefik.logs.additionalMetrics }}
+          {{- toYaml . | nindent 10 }}
+          {{- end }}
+    sinks:
+      {{- if .Values.logs.access }}
+      console:
+        inputs:
+          - {{ $input }}
+        type: console
+        encoding:
+          codec: logfmt
+      {{- end }}
+      {{- with .Values.traefik.logs.additionalSinks }}
+      {{- toYaml . | nindent 6 }}
+      {{- end }}
+      prometheus:
+        inputs:
+          - metrics
+        type: prometheus_exporter
+        address: "[::]:9116"
+{{- end }}
--- a/infra-ingress/templates/traefik/vector/podmonitor.yaml
+++ b/infra-ingress/templates/traefik/vector/podmonitor.yaml
@ -0,0 +1,16 @@
+{{- if and (eq .Values.controller "traefik") .Values.traefik.logs.metrics (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PodMonitor") }}
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  name: traefik-vector
+  labels:
+    {{- toYaml .Values.commons.prometheus.monitor.labels | nindent 4 }}
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: traefik
+      app.kubernetes.io/instance: traefik-ingress
+  podMetricsEndpoints:
+    - port: vector-metrics
+      path: /metrics
+{{- end }}
--- a/infra-ingress/values.yaml
+++ b/infra-ingress/values.yaml
@ -57,4 +57,14 @@ logs:
 traefik:
  ports: {}
  hostPath: /srv/k8s/pv/pvc-traefik-certs
+  logs:
+    # -- analyse logs to metrics
+    metrics: false
+    geoip:
+      enabled: false
+      url: "https://raw.githubusercontent.com/P3TERX/GeoLite.mmdb/download/GeoLite2-City.mmdb"
+    # -- you could use the source `otlp.logs` to recieve access-logs and work with them
+    additionalTransforms: {}
+    additionalMetrics: []
+    additionalSinks: {}
  additionalArguments: []