wrenix/flux-charts
1
0
Fork 0
Code Issues 14 Pull requests 1 Projects Releases Packages Wiki Activity Actions

fix(infra-ingress): analyse logs for metrics

Browse source
This commit is contained in:
WrenIX 2025-03-21 08:46:28 +01:00
parent a1e9d9c920
commit f7b24a09b1
Signed by: wrenix
GPG key ID: 7AFDB012974B1BB5
5 changed files with 217 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
infra-ingress/templates/configmap_init_crd.yaml
View file

@ -7,6 +7,7 @@ metadata:
data: data:
{{- $isMonitoring := and {{- $isMonitoring := and
(.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor")
(.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PodMonitor")
}} }}
monitoring: {{ $isMonitoring | quote }} monitoring: {{ $isMonitoring | quote }}
{{- $isTraefik := and {{- $isTraefik := and

76
infra-ingress/templates/traefik/release.yaml
View file

@ -30,6 +30,60 @@ spec:
{{- if .Values.hostNetwork }} {{- if .Values.hostNetwork }}
dnsPolicy: ClusterFirstWithHostNet dnsPolicy: ClusterFirstWithHostNet
{{- end }} {{- end }}
podAnnotations:
{{- if .Values.traefik.logs.metrics }}
checksum/vector-config: {{ include (print $.Template.BasePath "/traefik/vector/configmap.yaml") $ | sha256sum }}
{{- if .Values.traefik.logs.geoip.enabled }}
initContainers:
- name: "download-geoip"
image: "alpine"
command:
- sh
- -c
- |
cd /usr/share/GeoIP
wget -O geoip-db.mmdb {{ .Values.traefik.logs.geoip.url | quote}}
# gunzip geoip-db.mmdb.gz
volumeMounts:
- mountPath: "/usr/share/GeoIP"
name: geoip
{{- end }}
additionalContainers:
- name: "vector"
image: docker.io/timberio/vector:0.45.0-debian
args:
- --watch-config
- --watch-config-method
- poll
livenessProbe:
httpGet:
path: /health
port: vector-api
volumeMounts:
- mountPath: "/etc/vector/vector.yaml"
subPath: "vector.yaml"
name: vector-config
readOnly: true
{{- if .Values.traefik.logs.geoip.enabled }}
- mountPath: "/usr/share/GeoIP"
name: geoip
{{- end }}
ports:
- name: vector-api
containerPort: 8686
protocol: TCP
- name: vector-metrics
containerPort: 9116
protocol: TCP
additionalVolumes:
- name: vector-config
configMap:
name: traefik-vector
{{- if .Values.traefik.logs.geoip.enabled }}
- name: geoip
empty: {}
{{- end }}
{{- end }}
hostNetwork: {{ .Values.hostNetwork }} hostNetwork: {{ .Values.hostNetwork }}
updateStrategy: updateStrategy:
rollingUpdate: rollingUpdate:
@ -43,10 +97,18 @@ spec:
- IPv6 - IPv6
- IPv4 - IPv4
{{- with .Values.traefik.additionalArguments }}
additionalArguments: additionalArguments:
{{- with .Values.traefik.additionalArguments }}
{{- toYaml . | nindent 6 }} {{- toYaml . | nindent 6 }}
{{- end }} {{- end }}
{{- if .Values.traefik.logs.metrics }}
- --experimental.otlpLogs=true
- --accesslog=true
- --accesslog.otlp=true
- --accesslog.otlp.grpc=true
- --accesslog.otlp.grpc.endpoint=localhost:4317
- --accesslog.otlp.grpc.insecure=true
{{- end }}
tolerations: tolerations:
- key: "CriticalAddonsOnly" - key: "CriticalAddonsOnly"
@ -60,6 +122,7 @@ spec:
priorityClassName: "system-cluster-critical" priorityClassName: "system-cluster-critical"
ports: ports:
metrics: metrics:
port: 9111 port: 9111
@ -80,6 +143,10 @@ spec:
{{- with .Values.traefik.ports }} {{- with .Values.traefik.ports }}
{{- toYaml . | nindent 6 }} {{- toYaml . | nindent 6 }}
{{- end }} {{- end }}
gateway:
listeners:
web:
port: 80
{{- if .Values.hostNetwork }} {{- if .Values.hostNetwork }}
podSecurityContext: null podSecurityContext: null
securityContext: securityContext:
@ -92,6 +159,8 @@ spec:
kubernetesIngress: kubernetesIngress:
publishedService: publishedService:
enabled: true enabled: true
kubernetesGateway:
enabled: true
ingressRoute: ingressRoute:
dashboard: dashboard:
@ -115,7 +184,7 @@ spec:
format: "json" format: "json"
level: WARN level: WARN
access: access:
enabled: {{ toYaml .Values.logs.access }} enabled: {{ toYaml (and .Values.logs.access (not .Values.traefik.logs.metrics)) }}
format: "json" format: "json"
{{- end }} {{- end }}
@ -125,6 +194,7 @@ spec:
service: service:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
enabled: true
additionalLabels: additionalLabels:
{{- toYaml $.Values.commons.prometheus.monitor.labels | nindent 12 }} {{- toYaml $.Values.commons.prometheus.monitor.labels | nindent 12 }}
{{- end }} {{- end }}

117
infra-ingress/templates/traefik/vector/configmap.yaml Normal file
View file

@ -0,0 +1,117 @@
{{- if and (eq .Values.controller "traefik") .Values.traefik.logs.metrics }}
apiVersion: v1
kind: ConfigMap
metadata:
name: traefik-vector
data:
vector.yaml: |
api:
enabled: true
address: "0.0.0.0:8686"
{{- if .Values.traefik.logs.geoip.enabled }}
enrichment_tables:
geoip:
type: "geoip"
path: "/usr/share/GeoIP/geoip-db.mmdb"
locale: "en"
{{- end }}
sources:
otlp:
type: opentelemetry
grpc:
address: 127.0.0.1:4317
http:
address: 127.0.0.1:4318
transforms:
{{- with .Values.traefik.logs.additionalTransforms }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{ $input := "otlp.logs" }}
{{- if .Values.traefik.logs.geoip.enabled }}
geolookup:
inputs:
- "otlp.logs"
type: "remap"
source: |
if ip_cidr_contains!([
"10.0.0.0/8",
"100.64.0.0/10",
"172.16.0.0/12",
"192.168.0.0/16",
"fc00::/7",
], .attributes.ClientHost) {
.geoip = {
"latitude": 0.0,
"longitude": 0.0,
"continent_code": "internal",
"country_code": "internal",
"country_name": "internal"
}
} else {
.geoip, .err = get_enrichment_table_record("geoip", {"ip": .attributes.ClientHost}, [
"latitude",
"longitude",
"continent_code",
"country_code",
"country_name"
])
if .err != null {
log(.err, level: "error")
}
if !exists(.geoip.continent_code) {
.geoip = {
"latitude": 0.0,
"longitude": 0.0,
"continent_code": "unknown",
"country_code": "unknown",
"country_name": "unknown"
}
}
}
del(.err)
{{ $input = "geolookup"}}
{{- end }}
metrics:
inputs:
- {{ $input }}
type: log_to_metric
metrics:
- namespace: "traefik_logs"
name: "access"
field: "attributes.RequestHost"
type: counter
tags:
{{`
host: "{{ attributes.RequestHost }}"
entryPoint: "{{ attributes.entryPointName }}"
`}}
{{- if .Values.traefik.logs.geoip.enabled }}
{{`
latitude: "{{ geoip.latitude }}"
longitude: "{{ geoip.longitude }}"
continent_code: "{{ geoip.continent_code }}"
country_code: "{{ geoip.country_code }}"
country_name: "{{ geoip.country_name }}"
`}}
{{- end }}
{{- with .Values.traefik.logs.additionalMetrics }}
{{- toYaml . | nindent 10 }}
{{- end }}
sinks:
{{- if .Values.logs.access }}
console:
inputs:
- {{ $input }}
type: console
encoding:
codec: logfmt
{{- end }}
{{- with .Values.traefik.logs.additionalSinks }}
{{- toYaml . | nindent 6 }}
{{- end }}
prometheus:
inputs:
- metrics
type: prometheus_exporter
address: "[::]:9116"
{{- end }}

16
infra-ingress/templates/traefik/vector/podmonitor.yaml Normal file
View file

@ -0,0 +1,16 @@
{{- if and (eq .Values.controller "traefik") .Values.traefik.logs.metrics (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PodMonitor") }}
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: traefik-vector
labels:
{{- toYaml .Values.commons.prometheus.monitor.labels | nindent 4 }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: traefik
app.kubernetes.io/instance: traefik-ingress
podMetricsEndpoints:
- port: vector-metrics
path: /metrics
{{- end }}

10
infra-ingress/values.yaml
View file

@ -57,4 +57,14 @@ logs:
traefik: traefik:
ports: {} ports: {}
hostPath: /srv/k8s/pv/pvc-traefik-certs hostPath: /srv/k8s/pv/pvc-traefik-certs
logs:
# -- analyse logs to metrics
metrics: false
geoip:
enabled: false
url: "https://raw.githubusercontent.com/P3TERX/GeoLite.mmdb/download/GeoLite2-City.mmdb"
# -- you could use the source `otlp.logs` to recieve access-logs and work with them
additionalTransforms: {}
additionalMetrics: []
additionalSinks: {}
additionalArguments: [] additionalArguments: []