feat: added support for LogDNA metadata filtering (#226)

vbontempi · web-flow · commit 51e1325a3d91 · 2023-11-23T17:10:31.000Z
diff --git a/README.md b/README.md
@@ -8,10 +8,11 @@
 [![Renovate enabled](https://img.shields.io/badge/renovate-enabled-brightgreen.svg)](https://renovatebot.com/)
 [![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg)](https://github.com/semantic-release/semantic-release)
 
-This module supports deploying the following observability agents to the provided OCP cluster:
+This module deploys the following observability agents to a Red Hat OpenShift Container Platform cluster:
+
+- Logging agent
+- Monitoring agent
 
-* Logging (LogDNA) agent
-* Monitoring (SysDig) agent
 
 ## Usage
 
@@ -70,6 +71,28 @@ module "observability_agents" {
 }
 ```
 
+## Configuration for Kubernetes metadata filtering in the logging agent
+
+You can configure the logging agent to filter log lines according to the Kubernetes resources metadata by setting the exclusion and inclusion parameters.
+
+For example, to set the agent to return all log lines coming from the `default` Kubernetes namespace and exclude anything with a label `app.kubernetes.io/name` with value `sample-app` or an annotation `annotation.user` with value `sample-user`, include these parameters:
+
+```text
+custom_logdna_at_agent_line_exclusion = "label.app.kubernetes.io/name:sample-app\\, annotation.user:sample-user"
+custom_logdna_at_agent_line_inclusion = "namespace:default"
+```
+
+The following is the corresponding DaemonSet configuration:
+
+```text
+- name: LOGDNA_K8S_METADATA_LINE_INCLUSION
+  value: "label.app.kubernetes.io/name:sample-app, annotation.user:sample-user"
+- name: LOGDNA_K8S_METADATA_LINE_EXCLUSION
+  value: "namespace:default"
+```
+
+For more information, see [Configuration for Kubernetes Metadata Filtering](https://github.com/logdna/logdna-agent-v2/blob/3.8/docs/KUBERNETES.md#configuration-for-kubernetes-metadata-filtering).
+
 ## Required IAM access policies
 You need the following permissions to run this module.
 
@@ -125,6 +148,8 @@ No modules.
 | <a name="input_cluster_id"></a> [cluster\_id](#input\_cluster\_id) | Cluster id to add to agents to | `string` | n/a | yes |
 | <a name="input_cluster_resource_group_id"></a> [cluster\_resource\_group\_id](#input\_cluster\_resource\_group\_id) | Resource group of the cluster | `string` | n/a | yes |
 | <a name="input_logdna_add_cluster_name"></a> [logdna\_add\_cluster\_name](#input\_logdna\_add\_cluster\_name) | If true, configure the logdna agent to attach a tag containing the cluster name to all log messages. | `bool` | `true` | no |
+| <a name="input_logdna_agent_custom_line_exclusion"></a> [logdna\_agent\_custom\_line\_exclusion](#input\_logdna\_agent\_custom\_line\_exclusion) | LogDNA agent custom configuration for line exclusion setting LOGDNA\_K8S\_METADATA\_LINE\_EXCLUSION. | `string` | `null` | no |
+| <a name="input_logdna_agent_custom_line_inclusion"></a> [logdna\_agent\_custom\_line\_inclusion](#input\_logdna\_agent\_custom\_line\_inclusion) | LogDNA agent custom configuration for line inclusion setting LOGDNA\_K8S\_METADATA\_LINE\_INCLUSION. | `string` | `null` | no |
 | <a name="input_logdna_agent_tags"></a> [logdna\_agent\_tags](#input\_logdna\_agent\_tags) | array of tags to group the host logs pushed by the logdna agent | `list(string)` | `[]` | no |
 | <a name="input_logdna_agent_version"></a> [logdna\_agent\_version](#input\_logdna\_agent\_version) | Version of the agent to deploy. To lookup version run: `ibmcloud cr images --restrict ext/logdna-agent`. If null, the default value is used. | `string` | `"3.8.9-20231113.3d09f4dc47c1f590"` | no |
 | <a name="input_logdna_enabled"></a> [logdna\_enabled](#input\_logdna\_enabled) | Deploy IBM Cloud Logging agent | `bool` | `true` | no |
diff --git a/chart/logdna-agent/templates/daemonset.yaml b/chart/logdna-agent/templates/daemonset.yaml
@@ -77,6 +77,14 @@ spec:
                   fieldPath: spec.nodeName
             - name: NAMESPACE
               value: {{ .Release.Namespace }}
+            {{- if .Values.agentMetadataLineInclusion }}
+            - name: LOGDNA_K8S_METADATA_LINE_INCLUSION
+              value: {{ .Values.agentMetadataLineInclusion | quote }}
+            {{- end }}
+            {{- if .Values.agentMetadataLineExclusion }}
+            - name: LOGDNA_K8S_METADATA_LINE_EXCLUSION
+              value: {{ .Values.agentMetadataLineExclusion | quote }}
+            {{- end }}
           resources:
             requests:
               cpu: 20m
diff --git a/examples/basic/README.md b/examples/basic/README.md
@@ -1,3 +1,7 @@
 # Deploy basic observability agents
 
-An end to end example using the module's default variable values.
+An end-to-end example that uses the module's default variable values.
+
+The example sets up the logging agent for [Kubernetes metadata filtering](https://github.com/logdna/logdna-agent-v2/blob/3.8/docs/KUBERNETES.md#configuration-for-kubernetes-metadata-filtering).
+
+The example configures the agent to include all log lines coming from the `default` Kubernetes namespace and excludes anything with a label `app.kubernetes.io/name` and value `sample-app` or an annotation `annotation.user` with the value `sample-user`.
diff --git a/examples/basic/main.tf b/examples/basic/main.tf
@@ -115,4 +115,9 @@ module "observability_agents" {
   # example of how to include / exclude metrics - more info https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_log_metrics
   sysdig_metrics_filter = [{ type = "exclude", name = "metricA.*" }, { type = "include", name = "metricB.*" }]
   sysdig_agent_tags     = var.resource_tags
+  # LogDNA agent custom settings to setup Kubernetes metadata logs filtering by setting
+  # LOGDNA_K8S_METADATA_LINE_INCLUSION and LOGDNA_K8S_METADATA_LINE_EXCLUSION in the agent daemonset definition
+  # Ref https://github.com/logdna/logdna-agent-v2/blob/3.8/docs/KUBERNETES.md#configuration-for-kubernetes-metadata-filtering
+  logdna_agent_custom_line_exclusion = "label.app.kubernetes.io/name:sample-app\\, annotation.user:sample-user"
+  logdna_agent_custom_line_inclusion = "namespace:default"
 }
diff --git a/main.tf b/main.tf
@@ -109,6 +109,24 @@ resource "helm_release" "logdna_agent" {
     value = join("\\,", local.logdna_agent_tags)
   }
 
+  dynamic "set" {
+    for_each = var.logdna_agent_custom_line_inclusion != null ? [var.logdna_agent_custom_line_inclusion] : []
+    content {
+      name  = "agentMetadataLineInclusion"
+      type  = "string"
+      value = set.value
+    }
+  }
+
+  dynamic "set" {
+    for_each = var.logdna_agent_custom_line_exclusion != null ? [var.logdna_agent_custom_line_exclusion] : []
+    content {
+      name  = "agentMetadataLineExclusion"
+      type  = "string"
+      value = set.value
+    }
+  }
+
   provisioner "local-exec" {
     command     = "${path.module}/scripts/confirm-rollout-status.sh logdna-agent ${local.logdna_agent_namespace}"
     interpreter = ["/bin/bash", "-c"]
diff --git a/tests/pr_test.go b/tests/pr_test.go
@@ -19,6 +19,8 @@ var ignoreUpdates = []string{
 	"module.observability_agents.helm_release.logdna_agent_activity_tracker[0]",
 }
 
+var extTerraformVars = map[string]interface{}{}
+
 var sharedInfoSvc *cloudinfo.CloudInfoService
 
 // TestMain will be run before any parallel tests, used to set up a shared InfoService object to track region usage
@@ -29,7 +31,7 @@ func TestMain(m *testing.M) {
 	os.Exit(m.Run())
 }
 
-func setupOptions(t *testing.T, prefix string, terraformDir string) *testhelper.TestOptions {
+func setupOptions(t *testing.T, prefix string, terraformDir string, terraformVars map[string]interface{}) *testhelper.TestOptions {
 	options := testhelper.TestOptionsDefaultWithVars(&testhelper.TestOptions{
 		Testing:       t,
 		TerraformDir:  terraformDir,
@@ -40,6 +42,7 @@ func setupOptions(t *testing.T, prefix string, terraformDir string) *testhelper.
 		},
 		CloudInfoService:              sharedInfoSvc,
 		ExcludeActivityTrackerRegions: true,
+		TerraformVars:                 terraformVars,
 	})
 
 	return options
@@ -48,7 +51,7 @@ func setupOptions(t *testing.T, prefix string, terraformDir string) *testhelper.
 func TestRunBasicAgents(t *testing.T) {
 	t.Parallel()
 
-	options := setupOptions(t, "basic-obs-agents", terraformDirOther)
+	options := setupOptions(t, "basic-obs-agents", terraformDirOther, extTerraformVars)
 
 	output, err := options.RunTestConsistency()
 	assert.Nil(t, err, "This should not have errored")
@@ -58,7 +61,7 @@ func TestRunBasicAgents(t *testing.T) {
 func TestRunUpgrade(t *testing.T) {
 	t.Parallel()
 
-	options := setupOptions(t, "observ-agents-upg", terraformDirOther)
+	options := setupOptions(t, "observ-agents-upg", terraformDirOther, extTerraformVars)
 
 	output, err := options.RunTestUpgrade()
 	if !options.UpgradeTestSkipped {
diff --git a/variables.tf b/variables.tf
@@ -59,6 +59,21 @@ variable "logdna_add_cluster_name" {
   default     = true
 }
 
+# LogDNA agent custom settings to setup Kubernetes metadata logs filtering
+# Ref https://github.com/logdna/logdna-agent-v2/blob/3.8/docs/KUBERNETES.md#configuration-for-kubernetes-metadata-filtering
+
+variable "logdna_agent_custom_line_inclusion" {
+  description = "LogDNA agent custom configuration for line inclusion setting LOGDNA_K8S_METADATA_LINE_INCLUSION."
+  type        = string
+  default     = null
+}
+
+variable "logdna_agent_custom_line_exclusion" {
+  description = "LogDNA agent custom configuration for line exclusion setting LOGDNA_K8S_METADATA_LINE_EXCLUSION."
+  type        = string
+  default     = null
+}
+
 variable "sysdig_enabled" {
   type        = bool
   description = "Deploy IBM Cloud Monitoring agent"
