[openTelemetry-audit] Adds plugin of OpenTelemetry Audit Logs #556
Conversation
olandr
changed the title
olandr
changed the title
This is an initial commit which just copies over the already existing otel plugin. Simply because the foundation for this otel-audit plugin will be based on the otel plugin. --------- Signed off by: Simon Olander ([email protected])
olandr
force-pushed
the
feature/audit-otel
branch
from
941e4ee to
97213c7
Compare
olandr
changed the title
olandr
force-pushed
the
feature/audit-otel
branch
2 times, most recently
from
8bd7f02 to
58a1375
Compare
…specifics - Defines a name opentelemetry-audit for the plugin - Adds the substring 'audit' to various resource to not conflict with other resources. - Adds architecture diagram --------- Signed off by: Simon Olander ([email protected])
olandr
force-pushed
the
feature/audit-otel
branch
from
58a1375 to
87f627e
Compare
| metadata: | ||
| name: opentelemetry-audit | ||
| spec: | ||
| version: 0.6.1 |
There was a problem hiding this comment.
Start with a new versioning, instead of following the original OTel plugin versioning, the same is true for the helmChart.version
| version: 0.6.1 | ||
| displayName: OpenTelemetry for Audit Logs | ||
| description: Audit Logs relevant Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, and logs. | ||
| icon: https://raw.githubusercontent.com/cloudoperators/greenhouse-extensions/main/opentelemetry/logo.png |
There was a problem hiding this comment.
Maybe we can change the icon so the difference between the two plugins becomes recognizable? Could be just include a simple writing "audit"
| apiVersion: v2 | ||
| appVersion: v0.114.0 | ||
| name: opentelemetry-audit-operator | ||
| version: 0.6.1 |
There was a problem hiding this comment.
same as in the PluginDefinition: Start with a new versioning, instead of following the original OTel plugin versioning
| apiVersion: opentelemetry.io/v1beta1 | ||
| kind: OpenTelemetryCollector | ||
| metadata: | ||
| name: metrics |
There was a problem hiding this comment.
Rename this to audit-logs-metrics or something unique
|
|
||
| {{/* Generate plugin specific labels */}} | ||
| {{- define "plugin.labels" -}} | ||
| plugindefinition: opentelemetry |
There was a problem hiding this comment.
the value should be referring to the audit plugin
|
|
||
| {{- if .Values.openTelemetry.metricsCollector.enabled }} | ||
| @test "Verify successful deployment and running status of the metrics-collector" { | ||
| try "at most 5 times every 10s to get pods named 'metrics-collector' and verify that '.status.phase' is 'running'" |
There was a problem hiding this comment.
See other comment in metrics-collector.yaml: Rename this to audit-logs-metrics or something unique
| for: 5m | ||
| labels: | ||
| severity: warning | ||
| runbook_url: https://github.com/cloudoperators/greenhouse-extensions/tree/main/opentelemetry/playbooks/FilelogRefusedLogs.md |
There was a problem hiding this comment.
even if its just a boilerplate for now, you can change it to referring to audit-opentelemetry, same for the other alerts here and in operator-alerts.yaml
| @@ -0,0 +1,41 @@ | |||
| groups: | |||
| - name: collector-alerts | |||
There was a problem hiding this comment.
Rename it to audit-collector-alerts
| @@ -0,0 +1,28 @@ | |||
| groups: | |||
| - name: operator-alerts | |||
There was a problem hiding this comment.
Rename it to audit-operator-alerts
| enabled: false | ||
|
|
||
| # Empty variables will fail during rollout | ||
| openTelemetry: |
There was a problem hiding this comment.
I would suggest to change the name to audit-openTelemetry (or similar) so we can dinstinguish it a bit better. This should then be done for all entries, including the PluginDefinition
| apiVersion: greenhouse.sap/v1alpha1 | ||
| kind: PluginDefinition | ||
| metadata: | ||
| name: opentelemetry-audit |
There was a problem hiding this comment.
The directory for this Plugin is called audit-opentelemetry while the Plugin is called opentelemetry-audit. I would suggest to make it consistent and name the directory opentelemetry-audit.
| helmChart: | ||
| name: opentelemetry-operator | ||
| repository: oci://ghcr.io/cloudoperators/greenhouse-extensions/charts | ||
| version: 0.6.1 |
| port: prometheus | ||
| selector: | ||
| matchLabels: | ||
| app.kubernetes.io/component: opentelemetry-collector |
There was a problem hiding this comment.
Rename it to opentelemetry-audit-collector or similar
There was a problem hiding this comment.
Hi,
Overall it looks good. Most of the comments are about naming.
I still would prefer to add each component successively when needed but I am fine with this approach as well.
I like the architecture image!
Small addition: You can also include the directory-path here: https://github.com/cloudoperators/greenhouse-extensions/blob/main/.github/licenserc.yaml (as done with opentelemetry). This will then ignore automatically adding license headers and fix the failing check (see below).
This adds a plugin for OpenTelemetry ingestion of audit relevant signals. This will be a separate plugin from the 'OpenTelemetry' plugin, because it will most likely have different requirements.
This is an initial pull to create the foundation of the plugin.