chore(opentelemetry-audit): changes hard otel plugin copy with audit …

…specifics - Defines a name opentelemetry-audit for the plugin - Adds the substring 'audit' to various resource to not conflict with other resources. - Adds architecture diagram --------- Signed off by: Simon Olander ([email protected])
cloudoperators · Dec 19, 2024 · 58a1375 · 58a1375
1 parent 97213c7
commit 58a1375
Show file tree

Hide file tree

Showing 18 changed files with 2,473 additions and 229 deletions.
diff --git a/audit-opentelemetry/README.md b/audit-opentelemetry/README.md
@@ -1,8 +1,8 @@
 ---
-title: OpenTelemetry
+title: OpenTelemetry for Audit Logs
 ---
 
-Learn more about the **OpenTelemetry** Plugin. Use it to enable the ingestion, collection and export of telemetry signals (logs and metrics) for your Greenhouse cluster.
+Learn more about the **OpenTelemetry** Plugin. Use it to enable the ingestion, collection and export of audit relevant telemetry signals (logs and metrics) for your Greenhouse cluster.
 
 The main terminologies used in this document can be found in [core-concepts](https://cloudoperators.github.io/greenhouse/docs/getting-started/core-concepts).
 
@@ -25,7 +25,7 @@ Components included in this Plugin:
 
 ## Architecture
 
-![OpenTelemetry Architecture](img/otel-arch.png)
+![OpenTelemetry for Audit Logs Architecture](img/otel-audit-arch.png)
 
 ## Note
 

diff --git a/audit-opentelemetry/chart/Chart.yaml b/audit-opentelemetry/chart/Chart.yaml
@@ -3,15 +3,16 @@
 
 apiVersion: v2
 appVersion: v0.114.0
-name: opentelemetry-operator
+name: opentelemetry-audit-operator
 version: 0.6.1
-description: OpenTelemetry Operator Helm chart for Kubernetes
+description: OpenTelemetry Operator Helm chart for Kubernetes for Audit Logs
 icon: https://raw.githubusercontent.com/cncf/artwork/a718fa97fffec1b9fd14147682e9e3ac0c8817cb/projects/opentelemetry/icon/color/opentelemetry-icon-color.png
 type: application
 maintainers:
 - name: timojohlo
 - name: kuckkuck
 - name: viennaa
+- name: olandr
 sources:
 - https://github.com/cloudoperators/greenhouse-extensions
 dependencies:

diff --git a/audit-opentelemetry/chart/crds/crd-opentelemetry.io_opampbridges.yaml b/audit-opentelemetry/chart/crds/crd-opentelemetry.io_opampbridges.yaml
@@ -7,7 +7,7 @@ metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.14.0
     meta.helm.sh/release-name: opentelemetry
-    meta.helm.sh/release-namespace: otel
+    meta.helm.sh/release-namespace: otel-audit
   labels:
     app.kubernetes.io/managed-by: Helm
   name: opampbridges.opentelemetry.io

diff --git a/audit-opentelemetry/chart/crds/crd-opentelemetrycollector.yaml b/audit-opentelemetry/chart/crds/crd-opentelemetrycollector.yaml
@@ -7,7 +7,7 @@ metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.14.0
     meta.helm.sh/release-name: opentelemetry
-    meta.helm.sh/release-namespace: otel
+    meta.helm.sh/release-namespace: otel-audit
   labels:
     app.kubernetes.io/managed-by: Helm
   name: opentelemetrycollectors.opentelemetry.io

diff --git a/audit-opentelemetry/chart/crds/crd-opentelemetryinstrumentation.yaml b/audit-opentelemetry/chart/crds/crd-opentelemetryinstrumentation.yaml
@@ -7,7 +7,7 @@ metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.14.0
     meta.helm.sh/release-name: opentelemetry
-    meta.helm.sh/release-namespace: otel
+    meta.helm.sh/release-namespace: otel-audit
   labels:
     app.kubernetes.io/managed-by: Helm
   name: instrumentations.opentelemetry.io

diff --git a/audit-opentelemetry/chart/dashboards/otel-logs.json b/audit-opentelemetry/chart/dashboards/otel-logs.json
@@ -95,7 +95,7 @@
       "targets": [
         {
           "exemplar": true,
-          "expr": "sum(kube_pod_status_phase{phase=\"Running\", namespace=\"otel\"})\n",
+          "expr": "sum(kube_pod_status_phase{phase=\"Running\", namespace=\"otel-audit\"})\n",
           "interval": "",
           "legendFormat": "Running",
           "queryType": "randomWalk",
@@ -167,7 +167,7 @@
       "targets": [
         {
           "exemplar": true,
-          "expr": " sum(kube_pod_status_phase{pod=~\"logs.*\", phase=\"Running\", namespace=\"otel\"})-count(rate(otelcol_exporter_sent_log_records_total[15m]) > 0)",
+          "expr": " sum(kube_pod_status_phase{pod=~\"logs.*\", phase=\"Running\", namespace=\"otel-audit\"})-count(rate(otelcol_exporter_sent_log_records_total[15m]) > 0)",
           "interval": "",
           "legendFormat": "Running",
           "queryType": "randomWalk",
@@ -235,7 +235,7 @@
       "targets": [
         {
           "exemplar": true,
-          "expr": "sum(kube_pod_status_phase{phase=\"Failed\", namespace=\"otel\"})\n",
+          "expr": "sum(kube_pod_status_phase{phase=\"Failed\", namespace=\"otel-audit\"})\n",
           "hide": false,
           "interval": "",
           "legendFormat": "Failed",
@@ -303,7 +303,7 @@
       "targets": [
         {
           "exemplar": true,
-          "expr": "sum(kube_pod_status_phase{phase=\"Pending\", namespace=\"otel\"})\n",
+          "expr": "sum(kube_pod_status_phase{phase=\"Pending\", namespace=\"otel-audit\"})\n",
           "hide": false,
           "interval": "",
           "legendFormat": "Pending",
@@ -343,7 +343,7 @@
           {
             "matcher": {
               "id": "byName",
-              "options": "kube_pod_info{app=\"kube-state-metrics\", app_kubernetes_io_component=\"metrics\", app_kubernetes_io_instance=\"kube-monitoring-scaleout\", app_kubernetes_io_managed_by=\"Helm\", app_kubernetes_io_name=\"kube-state-metrics\", app_kubernetes_io_part_of=\"kube-state-metrics\", app_kubernetes_io_version=\"2.13.0\", ccloud_support_group=\"containers\", cluster=\"s-qa-de-1\", cluster_type=\"scaleout\", container=\"kube-state-metrics\", created_by_kind=\"DaemonSet\", created_by_name=\"logs-collector\", endpoint=\"http\", helm_sh_chart=\"kube-state-metrics-5.25.1\", host_ip=\"10.180.0.148\", host_network=\"false\", instance=\"10.100.0.17:8080\", job=\"kube-monitoring-scaleout-kube-state-metrics\", kubernetes_name=\"kube-monitoring-scaleout-kube-state-metrics\", kubernetes_namespace=\"kube-monitoring\", namespace=\"otel\", node=\"kks-s-qa-de-1-cronus-small-mmrcp\", pod=\"logs-collector-sw99h\", pod_ip=\"10.100.8.34\", priority_class=\"common-payload\", prometheus=\"kube-monitoring/kubernetes\", region=\"qa-de-1\", service=\"kube-monitoring-scaleout-kube-state-metrics\", uid=\"a7de7932-bfd1-4e2e-956c-42844ecb8053\"}"
+              "options": "kube_pod_info{app=\"kube-state-metrics\", app_kubernetes_io_component=\"metrics\", app_kubernetes_io_instance=\"kube-monitoring-scaleout\", app_kubernetes_io_managed_by=\"Helm\", app_kubernetes_io_name=\"kube-state-metrics\", app_kubernetes_io_part_of=\"kube-state-metrics\", app_kubernetes_io_version=\"2.13.0\", ccloud_support_group=\"containers\", cluster=\"s-qa-de-1\", cluster_type=\"scaleout\", container=\"kube-state-metrics\", created_by_kind=\"DaemonSet\", created_by_name=\"audit-logs-collector\", endpoint=\"http\", helm_sh_chart=\"kube-state-metrics-5.25.1\", host_ip=\"10.180.0.148\", host_network=\"false\", instance=\"10.100.0.17:8080\", job=\"kube-monitoring-scaleout-kube-state-metrics\", kubernetes_name=\"kube-monitoring-scaleout-kube-state-metrics\", kubernetes_namespace=\"kube-monitoring\", namespace=\"otel-audit\", node=\"kks-s-qa-de-1-cronus-small-mmrcp\", pod=\"audit-logs-collector-sw99h\", pod_ip=\"10.100.8.34\", priority_class=\"common-payload\", prometheus=\"kube-monitoring/kubernetes\", region=\"qa-de-1\", service=\"kube-monitoring-scaleout-kube-state-metrics\", uid=\"a7de7932-bfd1-4e2e-956c-42844ecb8053\"}"
             },
             "properties": [
               {
@@ -418,7 +418,7 @@
       "targets": [
         {
           "exemplar": true,
-          "expr": "kube_pod_status_phase{pod=~\"logs.*\", phase=\"Running\", namespace=\"otel\"}",
+          "expr": "kube_pod_status_phase{pod=~\"logs.*\", phase=\"Running\", namespace=\"otel-audit\"}",
           "format": "table",
           "instant": true,
           "interval": "",
@@ -504,7 +504,7 @@
           {
             "matcher": {
               "id": "byName",
-              "options": "kube_pod_info{app=\"kube-state-metrics\", app_kubernetes_io_component=\"metrics\", app_kubernetes_io_instance=\"kube-monitoring-scaleout\", app_kubernetes_io_managed_by=\"Helm\", app_kubernetes_io_name=\"kube-state-metrics\", app_kubernetes_io_part_of=\"kube-state-metrics\", app_kubernetes_io_version=\"2.13.0\", ccloud_support_group=\"containers\", cluster=\"s-qa-de-1\", cluster_type=\"scaleout\", container=\"kube-state-metrics\", created_by_kind=\"DaemonSet\", created_by_name=\"logs-collector\", endpoint=\"http\", helm_sh_chart=\"kube-state-metrics-5.25.1\", host_ip=\"10.180.0.148\", host_network=\"false\", instance=\"10.100.0.17:8080\", job=\"kube-monitoring-scaleout-kube-state-metrics\", kubernetes_name=\"kube-monitoring-scaleout-kube-state-metrics\", kubernetes_namespace=\"kube-monitoring\", namespace=\"otel\", node=\"kks-s-qa-de-1-cronus-small-mmrcp\", pod=\"logs-collector-sw99h\", pod_ip=\"10.100.8.34\", priority_class=\"common-payload\", prometheus=\"kube-monitoring/kubernetes\", region=\"qa-de-1\", service=\"kube-monitoring-scaleout-kube-state-metrics\", uid=\"a7de7932-bfd1-4e2e-956c-42844ecb8053\"}"
+              "options": "kube_pod_info{app=\"kube-state-metrics\", app_kubernetes_io_component=\"metrics\", app_kubernetes_io_instance=\"kube-monitoring-scaleout\", app_kubernetes_io_managed_by=\"Helm\", app_kubernetes_io_name=\"kube-state-metrics\", app_kubernetes_io_part_of=\"kube-state-metrics\", app_kubernetes_io_version=\"2.13.0\", ccloud_support_group=\"containers\", cluster=\"s-qa-de-1\", cluster_type=\"scaleout\", container=\"kube-state-metrics\", created_by_kind=\"DaemonSet\", created_by_name=\"audit-logs-collector\", endpoint=\"http\", helm_sh_chart=\"kube-state-metrics-5.25.1\", host_ip=\"10.180.0.148\", host_network=\"false\", instance=\"10.100.0.17:8080\", job=\"kube-monitoring-scaleout-kube-state-metrics\", kubernetes_name=\"kube-monitoring-scaleout-kube-state-metrics\", kubernetes_namespace=\"kube-monitoring\", namespace=\"otel-audit\", node=\"kks-s-qa-de-1-cronus-small-mmrcp\", pod=\"audit-logs-collector-sw99h\", pod_ip=\"10.100.8.34\", priority_class=\"common-payload\", prometheus=\"kube-monitoring/kubernetes\", region=\"qa-de-1\", service=\"kube-monitoring-scaleout-kube-state-metrics\", uid=\"a7de7932-bfd1-4e2e-956c-42844ecb8053\"}"
             },
             "properties": [
               {
@@ -579,7 +579,7 @@
       "targets": [
         {
           "exemplar": true,
-          "expr": "kube_pod_status_phase{pod=~\".*operator.*\", phase=\"Running\", namespace=\"otel\"}",
+          "expr": "kube_pod_status_phase{pod=~\".*operator.*\", phase=\"Running\", namespace=\"otel-audit\"}",
           "format": "table",
           "instant": true,
           "interval": "",
@@ -2618,7 +2618,7 @@
         "hide": 2,
         "label": null,
         "name": "job",
-        "query": "otel/opentelemetry-collector-logs",
+        "query": "otel-audit/opentelemetry-collector-logs",
         "skipUrlSync": false,
         "type": "constant"
       },

diff --git a/audit-opentelemetry/chart/templates/clusterrole.yaml b/audit-opentelemetry/chart/templates/clusterrole.yaml
@@ -4,9 +4,10 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: logs-collector
+  name: audit-logs-collector
+  namespace: {{ .Release.Namespace }}
   labels:
-    app: logs-collector
+    app: audit-logs-collector
     {{- include "plugin.labels" . | nindent 4 }} 
 rules:
 - apiGroups: [""]

diff --git a/audit-opentelemetry/chart/templates/clusterrolebindings.yaml b/audit-opentelemetry/chart/templates/clusterrolebindings.yaml
@@ -4,15 +4,16 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: logs-collector
+  name: audit-logs-collector
+  namespace: {{ .Release.Namespace }}
   labels:
-    app: logs-collector
+    app: audit-logs-collector
     {{- include "plugin.labels" . | nindent 4 }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: logs-collector
+  name: audit-logs-collector
 subjects:
   - kind: ServiceAccount
-    name: logs-collector
+    name: audit-logs-collector
     namespace: {{ .Release.Namespace }}
diff --git a/audit-opentelemetry/chart/templates/logs-collector.yaml b/audit-opentelemetry/chart/templates/logs-collector.yaml
@@ -7,7 +7,7 @@ SPDX-License-Identifier: Apache-2.0
 apiVersion: opentelemetry.io/v1beta1
 kind: OpenTelemetryCollector
 metadata:
-  name: logs
+  name: audit-logs
   labels:
   {{- include "plugin.labels" . | nindent 4 }} 
   {{- if .Values.openTelemetry.customLabels }}
@@ -37,7 +37,7 @@ spec:
       value: "{{ .Values.openTelemetry.region }}"
   envFrom:
     - secretRef:
-         name: otel-basic-auth
+         name: otel-audit-basic-auth
 {{- if .Values.openTelemetry.prometheus.podMonitor.enabled }}
   ports:
     - name: prometheus
@@ -68,7 +68,7 @@ spec:
       filelog/containerd:
         include_file_path: true
         include: [ /var/log/pods/*/*/*.log ]
-        exclude: [ /var/log/pods/otel_logs-*, /var/log/pods/logs_* ]
+        exclude: [ /var/log/pods/otel-audit_logs-*, /var/log/pods/logs_* ]
         operators:
           - id: container-parser
             type: container

diff --git a/audit-opentelemetry/chart/templates/secret.yaml b/audit-opentelemetry/chart/templates/secret.yaml
@@ -6,7 +6,7 @@ SPDX-License-Identifier: Apache-2.0
 apiVersion: v1
 kind: Secret
 metadata:
-  name: otel-basic-auth
+  name: otel-audit-basic-auth
   labels:
   {{- include "plugin.labels" . | nindent 4 }}
   {{- if .Values.openTelemetry.customLabels }}

diff --git a/audit-opentelemetry/chart/templates/serviceaccount.yaml b/audit-opentelemetry/chart/templates/serviceaccount.yaml
@@ -4,8 +4,8 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
+  name: audit-logs-collector
   labels:
-    app: logs-collector
+    app: audit-logs-collector
     {{- include "plugin.labels" . | nindent 4 }}
-  name: logs-collector
   namespace: {{ .Release.Namespace }}
diff --git a/audit-opentelemetry/chart/templates/smon.yaml b/audit-opentelemetry/chart/templates/smon.yaml
@@ -7,7 +7,7 @@ apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
   annotations:
-  name: opentelemetry-collector-metrics
+  name: opentelemetry-audit-collector-metrics
   labels:
     {{- include "plugin.labels" . | nindent 4 }}
     {{- if .Values.openTelemetry.customLabels }}
@@ -26,7 +26,7 @@ spec:
         action: labeldrop
   selector:
     matchLabels:
-      app.kubernetes.io/component: opentelemetry-collector
+      app.kubernetes.io/component: opentelemetry-audit-collector
       app.kubernetes.io/instance: {{ .Release.Namespace }}.openTelemetry.metrics
       app.kubernetes.io/managed-by: opentelemetry-operator
       app.kubernetes.io/part-of: opentelemetry

diff --git a/audit-opentelemetry/chart/templates/tests/test-opentelemetry-config.yaml b/audit-opentelemetry/chart/templates/tests/test-opentelemetry-config.yaml
@@ -33,8 +33,8 @@ data:
     }
 
     {{- if .Values.openTelemetry.logsCollector.enabled }}
-    @test "Verify successful deployment and running status of the logs-collector" {
-        try "at most 5 times every 10s to get pods named 'logs-collector' and verify that '.status.phase' is 'running'"
+    @test "Verify successful deployment and running status of the audit-logs-collector" {
+        try "at most 5 times every 10s to get pods named 'audit-logs-collector' and verify that '.status.phase' is 'running'"
     }
     {{- end -}}
 

diff --git a/audit-opentelemetry/img/otel-arch.drawio b/audit-opentelemetry/img/otel-arch.drawio
diff --git a/audit-opentelemetry/img/otel-arch.png b/audit-opentelemetry/img/otel-arch.png