T-8810: container metadata for logs/metrics/spans (#12)

Author: paweljw

.github/workflows/docker-build.yml

@@ -11,7 +11,7 @@ on:
       - main
 
 jobs:
-  build:
+  build-collector:
     runs-on: ubuntu-latest
     permissions:
       contents: read
@@ -80,4 +80,63 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
           build-args: |
             COLLECTOR_VERSION=${{ github.ref_name }}
+  
+  build-beyla:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          submodules: true
 
+      - name: Determine repository and tags
+        id: repo
+        run: |
+          if [[ "${GITHUB_REF}" == refs/tags/v* ]]; then
+            # Tagged versions go to public repo
+            echo "repository=betterstack/collector-beyla" >> $GITHUB_OUTPUT
+            echo "push=true" >> $GITHUB_OUTPUT
+          else
+            # Everything else goes to private repo
+            echo "repository=betterstack/collector-beyla-private" >> $GITHUB_OUTPUT
+            echo "push=true" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Set up Docker metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ steps.repo.outputs.repository }}
+          tags: |
+            # For version tags, tag as version and latest (public repo)
+            type=raw,value=latest,enable=${{ startsWith(github.ref, 'refs/tags/v') }}
+            type=semver,pattern={{version}},enable=${{ startsWith(github.ref, 'refs/tags/v') }}
+            # For main branch, tag as main-sha (private repo)
+            type=raw,value=main-sha-{{sha}},enable=${{ github.ref == 'refs/heads/main' }}
+            # For pull requests, tag as pr-number-sha (private repo)
+            type=raw,value=pr-${{ github.event.pull_request.number }}-sha-{{sha}},enable=${{ github.event_name == 'pull_request' }}
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Set up Depot
+        uses: depot/setup-action@v1
+
+      - name: Build and push Docker image
+        uses: depot/build-push-action@v1
+        with:
+          project: ${{ secrets.DEPOT_PROJECT_ID }}
+          token: ${{ secrets.DEPOT_API_TOKEN }}
+          context: .
+          file: Dockerfile.beyla
+          platforms: linux/amd64,linux/arm64
+          push: ${{ steps.repo.outputs.push }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

Dockerfile

@@ -46,7 +46,7 @@ RUN mkdir -p /versions/0-default \
 # Set environment variables
 ENV BASE_URL=https://telemetry.betterstack.com
 ENV CLUSTER_COLLECTOR=false
-ENV COLLECTOR_VERSION=1.0.3
+ENV COLLECTOR_VERSION=1.0.4
 ENV VECTOR_VERSION=0.47.0
 ENV BEYLA_VERSION=2.2.4
 ENV CLUSTER_AGENT_VERSION=1.2.4

Dockerfile.beyla

@@ -0,0 +1,38 @@
+# Build dockerprobe
+FROM golang:1.24.4-alpine3.22 AS dockerprobe-builder
+WORKDIR /src
+COPY dockerprobe/go.mod dockerprobe/go.sum ./
+RUN go mod download
+COPY dockerprobe/main.go ./
+RUN CGO_ENABLED=0 GOOS=linux go build -ldflags='-s -w' -o /bin/dockerprobe .
+
+# Get Beyla files from official image
+FROM grafana/beyla:2.2.4 AS beyla-source
+
+# Final stage - Alpine based
+FROM alpine:3.22
+
+# Install supervisor and ca-certificates
+RUN apk add --no-cache supervisor ca-certificates
+
+# Create necessary directories
+RUN mkdir -p /etc/supervisor/conf.d /var/log/supervisor /enrichment
+
+# Copy Beyla files from official image and set permissions
+COPY --from=beyla-source --chmod=755 /beyla /usr/local/bin/beyla
+COPY --from=beyla-source /LICENSE /LICENSE
+COPY --from=beyla-source /NOTICE /NOTICE
+COPY --from=beyla-source /third_party_licenses.csv /third_party_licenses.csv
+
+# Copy dockerprobe binary with permissions
+COPY --from=dockerprobe-builder --chmod=755 /bin/dockerprobe /usr/local/bin/dockerprobe
+
+# Copy configuration files
+COPY beyla/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
+COPY --chmod=755 beyla/entrypoint.sh /entrypoint.sh
+
+# Copy Beyla configuration
+COPY beyla.yaml /etc/beyla/beyla.yaml
+
+# Default command
+CMD ["/entrypoint.sh"]

beyla/entrypoint.sh

@@ -0,0 +1,13 @@
+#!/bin/sh
+
+# Enable dockerprobe if ENABLE_DOCKERPROBE is set to true or 1
+if [ "${ENABLE_DOCKERPROBE}" = "true" ] || [ "${ENABLE_DOCKERPROBE}" = "1" ]; then
+    echo "Enabling dockerprobe (ENABLE_DOCKERPROBE=${ENABLE_DOCKERPROBE})"
+    # Replace autostart=false with autostart=true for dockerprobe
+    sed -i '/\[program:dockerprobe\]/,/^\[/ s/autostart=false/autostart=true/' /etc/supervisor/supervisord.conf
+else
+    echo "Dockerprobe disabled (ENABLE_DOCKERPROBE=${ENABLE_DOCKERPROBE})"
+fi
+
+# Start supervisord
+exec /usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.conf

beyla/supervisord.conf

@@ -0,0 +1,26 @@
+[supervisord]
+nodaemon=true
+logfile=/var/log/supervisor/supervisord.log
+loglevel=info
+
+[program:beyla]
+command=/usr/local/bin/beyla
+autostart=true
+autorestart=true
+stdout_logfile=/var/log/supervisor/beyla.out.log
+stderr_logfile=/var/log/supervisor/beyla.err.log
+environment=PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+
+# Runs the `dockerprobe` binary to produce a CSV file associating process IDs to container IDs and names.
+# This CSV file is shared from the Beyla container to the Collector container via the docker-metadata volume mounted at /enrichment.
+# Sources for the `dockerprobe` binary are located in the `dockerprobe` directory.
+# 
+# autostart disabled by default here; enabled in entrypoint.sh if ENABLE_DOCKERPROBE is set to true or 1 
+# (for disabling in e.g. Kubernetes, or when not desired). ENABLE_DOCKERPROBE is set to true by default in docker-compose.yml.
+[program:dockerprobe]
+autostart=false
+command=/usr/local/bin/dockerprobe
+autorestart=true
+stdout_logfile=/var/log/supervisor/dockerprobe.out.log
+stderr_logfile=/var/log/supervisor/dockerprobe.err.log
+environment=DOCKER_HOST="unix:///var/run/docker.sock",DOCKERPROBE_OUTPUT_PATH="/enrichment/docker-mappings.csv",DOCKERPROBE_INTERVAL="15"

docker-compose.seccomp.yml

@@ -23,12 +23,18 @@ services:
       - /var/log:/host/var/log:ro
       # Collect Docker container logs
       - /var/lib/docker/containers:/host/var/lib/docker/containers:ro
+      # dockerprobe running in the beyla container writes a map of PIDs->container IDs and names to this volume
+      # Vector uses this file as an enrichment table to tag logs, metrics, and traces with container metadata.
+      - docker-metadata:/enrichment:ro
     ports:
       # Bind to localhost only for security - Beyla will connect via host network
       - "127.0.0.1:34320:34320"
 
   beyla:
-    image: grafana/beyla:2.2.4
+    build:
+      context: .
+      dockerfile: Dockerfile.beyla
+    image: betterstack/collector-beyla:latest
     container_name: better-stack-beyla
     restart: always
     privileged: true
@@ -44,10 +50,22 @@ services:
       - BEYLA_BPF_TRACK_REQUEST_HEADERS=true
       - BEYLA_METRICS_INTERVAL=15s
       - BEYLA_CONFIG_PATH=/etc/beyla/beyla.yaml
+      # Enable dockerprobe by default (set to false to disable)
+      - ENABLE_DOCKERPROBE=${ENABLE_DOCKERPROBE:-true}
     volumes:
-      - ./beyla.yaml:/etc/beyla/beyla.yaml:ro
       - /sys/kernel/tracing:/sys/kernel/tracing:rw
       - /sys/kernel/debug:/sys/kernel/debug:rw
       - /sys/kernel/security:/sys/kernel/security:ro
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+      # Docker socket for dockerprobe
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      # dockerprobe running in the beyla container writes a map of PIDs->container IDs and names to this volume
+      # Vector uses this file as an enrichment table to tag logs, metrics, and traces with container metadata.
+      - docker-metadata:/enrichment:rw
     depends_on:
       - collector
+
+volumes:
+  docker-metadata:
+
+

docker-compose.yml

@@ -21,12 +21,18 @@ services:
       - /var/log:/host/var/log:ro
       # Collect Docker container logs
       - /var/lib/docker/containers:/host/var/lib/docker/containers:ro
+      # dockerprobe running in the beyla container writes a map of PIDs->container IDs and names to this volume
+      # Vector uses this file as an enrichment table to tag logs, metrics, and traces with container metadata.
+      - docker-metadata:/enrichment:ro
     ports:
       # Bind to localhost only for security - Beyla will connect via host network
       - "127.0.0.1:34320:34320"
 
   beyla:
-    image: grafana/beyla:2.2.4
+    build:
+      context: .
+      dockerfile: Dockerfile.beyla
+    image: betterstack/collector-beyla:latest
     container_name: better-stack-beyla
     restart: always
     privileged: true
@@ -42,10 +48,20 @@ services:
       - BEYLA_BPF_TRACK_REQUEST_HEADERS=true
       - BEYLA_METRICS_INTERVAL=15s
       - BEYLA_CONFIG_PATH=/etc/beyla/beyla.yaml
+      # Enable dockerprobe by default (set to false to disable)
+      - ENABLE_DOCKERPROBE=${ENABLE_DOCKERPROBE:-true}
     volumes:
-      - ./beyla.yaml:/etc/beyla/beyla.yaml:ro
       - /sys/kernel/tracing:/sys/kernel/tracing:rw
       - /sys/kernel/debug:/sys/kernel/debug:rw
       - /sys/kernel/security:/sys/kernel/security:ro
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+      # Docker socket for dockerprobe
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      # dockerprobe running in the beyla container writes a map of PIDs->container IDs and names to this volume
+      # Vector uses this file as an enrichment table to tag logs, metrics, and traces with container metadata.
+      - docker-metadata:/enrichment:rw
     depends_on:
       - collector
+
+volumes:
+  docker-metadata:

dockerprobe/go.mod

@@ -0,0 +1,33 @@
+module dockerprobe
+
+go 1.24.4
+
+require github.com/docker/docker v27.5.0+incompatible
+
+require (
+	github.com/Microsoft/go-winio v0.6.2 // indirect
+	github.com/containerd/log v0.1.0 // indirect
+	github.com/distribution/reference v0.6.0 // indirect
+	github.com/docker/go-connections v0.5.0 // indirect
+	github.com/docker/go-units v0.5.0 // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/moby/docker-image-spec v1.3.1 // indirect
+	github.com/moby/term v0.5.0 // indirect
+	github.com/morikuni/aec v1.0.0 // indirect
+	github.com/opencontainers/go-digest v1.0.0 // indirect
+	github.com/opencontainers/image-spec v1.1.0 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.57.0 // indirect
+	go.opentelemetry.io/otel v1.33.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.33.0 // indirect
+	go.opentelemetry.io/otel/metric v1.33.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.33.0 // indirect
+	go.opentelemetry.io/otel/trace v1.33.0 // indirect
+	golang.org/x/sys v0.29.0 // indirect
+	golang.org/x/time v0.12.0 // indirect
+	gotest.tools/v3 v3.5.2 // indirect
+)