giantswarm · QuantumEnigmaa · Nov 12, 2024 · Nov 12, 2024 · Nov 14, 2024 · Nov 14, 2024
@@ -9,6 +9,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Added
 
+- Add kubernetes events logging in Alloy.
 - Add support for Private CAs in alloy logs.
 
 ### Changed

diff --git a/helm/logging-operator/templates/deployment.yaml b/helm/logging-operator/templates/deployment.yaml
@@ -39,6 +39,7 @@ spec:
           - -insecure-ca={{ .Values.managementCluster.insecureCA }}
           - -installation-name={{ .Values.managementCluster.name }}
           - -logging-agent={{ .Values.loggingOperator.loggingAgent }}
+          - -events-logger={{ .Values.loggingOperator.eventsLogger }}
           - -default-namespaces={{ .Values.loggingOperator.defaultNamespaces }}
         livenessProbe:
           httpGet:

diff --git a/helm/logging-operator/values.yaml b/helm/logging-operator/values.yaml
@@ -42,6 +42,7 @@ loggingOperator:
   vintageMode: true
   loggingEnabled: true
   loggingAgent: alloy
+  eventsLogger: alloy
 
 managementCluster:
   name: unknown

@@ -41,9 +41,9 @@ import (
 	loggedcluster "github.com/giantswarm/logging-operator/pkg/logged-cluster"
 	loggingreconciler "github.com/giantswarm/logging-operator/pkg/logging-reconciler"
 	"github.com/giantswarm/logging-operator/pkg/reconciler"
-	grafanaagentconfig "github.com/giantswarm/logging-operator/pkg/resource/grafana-agent-config"
-	grafanaagentsecret "github.com/giantswarm/logging-operator/pkg/resource/grafana-agent-secret"
+	eventsloggersecret "github.com/giantswarm/logging-operator/pkg/resource/events-logger-secret"
 	grafanadatasource "github.com/giantswarm/logging-operator/pkg/resource/grafana-datasource"
+	k8seventsconfig "github.com/giantswarm/logging-operator/pkg/resource/k8s-events-config"
 	loggingagentstoggle "github.com/giantswarm/logging-operator/pkg/resource/logging-agents-toggle"
 	loggingconfig "github.com/giantswarm/logging-operator/pkg/resource/logging-config"
 	loggingcredentials "github.com/giantswarm/logging-operator/pkg/resource/logging-credentials"
@@ -82,6 +82,7 @@ func main() {
 	var enableLeaderElection bool
 	var enableLogging bool
 	var loggingAgent string
+	var eventsLogger string
 	var installationName string
 	var insecureCA bool
 	var metricsAddr string
@@ -94,6 +95,7 @@ func main() {
 			"Enabling this will ensure there is only one active controller manager.")
 	flag.BoolVar(&enableLogging, "enable-logging", true, "enable/disable logging for the whole installation")
 	flag.StringVar(&loggingAgent, "logging-agent", common.LoggingAgentAlloy, fmt.Sprintf("select logging agent to use (%s or %s)", common.LoggingAgentPromtail, common.LoggingAgentAlloy))
+	flag.StringVar(&eventsLogger, "events-logger", common.EventsLoggerAlloy, fmt.Sprintf("select events logger to use (%s or %s)", common.EventsLoggerAlloy, common.EventsLoggerGrafanaAgent))
 	flag.StringVar(&installationName, "installation-name", "unknown", "Name of the installation")
 	flag.BoolVar(&insecureCA, "insecure-ca", false, "Is the management cluter CA insecure?")
 	flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.")
@@ -165,11 +167,12 @@ func main() {
 		DefaultWorkloadClusterNamespaces: defaultNamespaces,
 	}
 
-	grafanaAgentSecret := grafanaagentsecret.Reconciler{
-		Client: mgr.GetClient(),
+	eventsLoggerConfig := k8seventsconfig.Reconciler{
+		Client:                           mgr.GetClient(),
+		DefaultWorkloadClusterNamespaces: defaultNamespaces,
 	}
 
-	grafanaAgentConfig := grafanaagentconfig.Reconciler{
+	eventsLoggerSecret := eventsloggersecret.Reconciler{
 		Client: mgr.GetClient(),
 	}
 
@@ -190,8 +193,8 @@ func main() {
 			&proxyAuth,
 			&loggingSecret,
 			&loggingConfig,
-			&grafanaAgentSecret,
-			&grafanaAgentConfig,
+			&eventsLoggerConfig,
+			&eventsLoggerSecret,
 		},
 	}
 

@@ -25,6 +25,10 @@ const (
 	LoggingAgentPromtail = "promtail"
 	LoggingAgentAlloy    = "alloy"
 
+	// Possible values for --events-logger flag.
+	EventsLoggerAlloy        = "alloy"
+	EventsLoggerGrafanaAgent = "grafana-agent"
+
 	// App name keys in the observability bundle
 	AlloyObservabilityBundleAppName          = "alloyLogs"
 	PromtailObservabilityBundleAppName       = "promtail"

diff --git a/pkg/logged-cluster/capicluster/cluster.go b/pkg/logged-cluster/capicluster/cluster.go
@@ -46,6 +46,14 @@ func (o *Object) SetLoggingAgent(loggingAgent string) {
 	o.Options.LoggingAgent = loggingAgent
 }
 
+func (o *Object) GetEventsLogger() string {
+	return o.Options.EventsLogger
+}
+
+func (o *Object) SetEventsLogger(eventsLogger string) {
+	o.Options.EventsLogger = eventsLogger
+}
+
 func (o Object) IsInsecureCA() bool {
 	return o.Options.InsecureCA
 }

diff --git a/pkg/logged-cluster/interface.go b/pkg/logged-cluster/interface.go
@@ -14,6 +14,8 @@ type Interface interface {
 	HasLoggingEnabled() bool
 	GetLoggingAgent() string
 	SetLoggingAgent(string)
+	GetEventsLogger() string
+	SetEventsLogger(string)
 	IsInsecureCA() bool
 	GetAppsNamespace() string
 	GetEnableLoggingFlag() bool

diff --git a/pkg/logged-cluster/options.go b/pkg/logged-cluster/options.go
@@ -4,6 +4,7 @@ package loggedcluster
 type Options struct {
 	EnableLoggingFlag bool
 	LoggingAgent      string
+	EventsLogger      string
 	InstallationName  string
 	InsecureCA        bool
 }

diff --git a/pkg/logged-cluster/vintagemc/cluster.go b/pkg/logged-cluster/vintagemc/cluster.go
@@ -25,6 +25,14 @@ func (o *Object) SetLoggingAgent(loggingAgent string) {
 	o.Options.LoggingAgent = loggingAgent
 }
 
+func (o *Object) GetEventsLogger() string {
+	return o.Options.EventsLogger
+}
+
+func (o *Object) SetEventsLogger(eventsLogger string) {
+	o.Options.EventsLogger = eventsLogger
+}
+
 func (o Object) IsInsecureCA() bool {
 	return o.Options.InsecureCA
 }

@@ -0,0 +1,60 @@
+package eventsloggersecret
+
+import (
+	"fmt"
+
+	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	"github.com/pkg/errors"
+
+	"github.com/giantswarm/logging-operator/pkg/common"
+	loggedcluster "github.com/giantswarm/logging-operator/pkg/logged-cluster"
+	loggingsecret "github.com/giantswarm/logging-operator/pkg/resource/logging-secret"
+)
+
+const eventsLoggerSecretName = "events-logger-secret"
+
+func GenerateEventsLoggerSecret(lc loggedcluster.Interface, loggingCredentialsSecret *v1.Secret, lokiURL string) (v1.Secret, error) {
+	var data map[string][]byte
+	var err error
+
+	switch lc.GetEventsLogger() {
+	case common.EventsLoggerGrafanaAgent:
+		data, err = GenerateGrafanaAgentSecret(lc, loggingCredentialsSecret, lokiURL)
+		if err != nil {
+			return v1.Secret{}, err
+		}
+	case common.EventsLoggerAlloy:
+		// In the case of Alloy being the events logger, we reuse the secret generation from the logging-secret package
+		data, err = loggingsecret.GenerateAlloyLoggingSecret(lc, loggingCredentialsSecret, lokiURL)
+		if err != nil {
+			return v1.Secret{}, err
+		}
+	default:
+		return v1.Secret{}, errors.Errorf("unsupported logging agent %q", lc.GetLoggingAgent())
+	}
+
+	secret := v1.Secret{
+		ObjectMeta: SecretMeta(lc),
+		Data:       data,
+	}
+
+	return secret, nil
+}
+
+// SecretMeta returns metadata for the events-logger-secret
+func SecretMeta(lc loggedcluster.Interface) metav1.ObjectMeta {
+	metadata := metav1.ObjectMeta{
+		Name:      GetEventsLoggerSecretName(lc),
+		Namespace: lc.GetAppsNamespace(),
+		Labels:    map[string]string{},
+	}
+
+	common.AddCommonLabels(metadata.Labels)
+	return metadata
+}
+
+func GetEventsLoggerSecretName(lc loggedcluster.Interface) string {
+	return fmt.Sprintf("%s-%s", lc.GetClusterName(), eventsLoggerSecretName)
+}
@@ -1,11 +1,10 @@
-package grafanaagentsecret
+package eventsloggersecret
 
 import (
 	"fmt"
 
 	"github.com/pkg/errors"
 	v1 "k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"sigs.k8s.io/yaml"
 
 	"github.com/giantswarm/logging-operator/pkg/common"
@@ -22,26 +21,14 @@ type extraSecret struct {
 	Data map[string]string `yaml:"data" json:"data"`
 }
 
-// SecretMeta returns metadata for the grafana-agent-secret
-func SecretMeta(lc loggedcluster.Interface) metav1.ObjectMeta {
-	metadata := metav1.ObjectMeta{
-		Name:      getGrafanaAgentSecretName(lc),
-		Namespace: lc.GetAppsNamespace(),
-		Labels:    map[string]string{},
-	}
-
-	common.AddCommonLabels(metadata.Labels)
-	return metadata
-}
-
 // GenerateGrafanaAgentSecret returns a secret for
 // the Loki-multi-tenant-proxy config
-func GenerateGrafanaAgentSecret(lc loggedcluster.Interface, credentialsSecret *v1.Secret, lokiURL string) (v1.Secret, error) {
+func GenerateGrafanaAgentSecret(lc loggedcluster.Interface, credentialsSecret *v1.Secret, lokiURL string) (map[string][]byte, error) {
 	clusterName := lc.GetClusterName()
 	writeUser := clusterName
 	writePassword, err := loggingcredentials.GetPassword(lc, credentialsSecret, clusterName)
 	if err != nil {
-		return v1.Secret{}, errors.WithStack(err)
+		return nil, errors.WithStack(err)
 	}
 
 	values := values{
@@ -58,19 +45,11 @@ func GenerateGrafanaAgentSecret(lc loggedcluster.Interface, credentialsSecret *v
 
 	v, err := yaml.Marshal(values)
 	if err != nil {
-		return v1.Secret{}, errors.WithStack(err)
+		return nil, errors.WithStack(err)
 	}
 
-	secret := v1.Secret{
-		ObjectMeta: SecretMeta(lc),
-		Data: map[string][]byte{
-			"values": []byte(v),
-		},
-	}
-
-	return secret, nil
-}
+	data := make(map[string][]byte)
+	data["values"] = []byte(v)
 
-func getGrafanaAgentSecretName(lc loggedcluster.Interface) string {
-	return fmt.Sprintf("%s-%s", lc.GetClusterName(), common.GrafanaAgentExtraSecretName())
+	return data, nil
 }
@@ -0,0 +1,120 @@
+package eventsloggersecret
+
+import (
+	"context"
+	"reflect"
+
+	"github.com/pkg/errors"
+	v1 "k8s.io/api/core/v1"
+	apimachineryerrors "k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/types"
+
+	"github.com/giantswarm/logging-operator/pkg/common"
+	loggedcluster "github.com/giantswarm/logging-operator/pkg/logged-cluster"
+	loggingcredentials "github.com/giantswarm/logging-operator/pkg/resource/logging-credentials"
+
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/log"
+)
+
+// Reconciler implements a reconciler.Interface to handle
+// Events-logger secret: extra events-logger secret about where and how to send logs (in this case : k8S events)
+type Reconciler struct {
+	client.Client
+}
+
+// ReconcileCreate ensures events-logger-secret is created with the right credentials
+func (r *Reconciler) ReconcileCreate(ctx context.Context, lc loggedcluster.Interface) (ctrl.Result, error) {
+	logger := log.FromContext(ctx)
+	logger.Info("events-logger-secret create")
+
+	// Retrieve secret containing credentials
+	var eventsLoggerCredentialsSecret v1.Secret
+	err := r.Client.Get(ctx, types.NamespacedName{Name: loggingcredentials.LoggingCredentialsSecretMeta(lc).Name, Namespace: loggingcredentials.LoggingCredentialsSecretMeta(lc).Namespace},
+		&eventsLoggerCredentialsSecret)
+	if err != nil {
+		return ctrl.Result{}, errors.WithStack(err)
+	}
+
+	// Retrieve Loki ingress name
+	lokiURL, err := common.ReadProxyIngressURL(ctx, lc, r.Client)
+	if err != nil {
+		return ctrl.Result{}, errors.WithStack(err)
+	}
+
+	// Get desired secret
+	desiredEventsLoggerSecret, err := GenerateEventsLoggerSecret(lc, &eventsLoggerCredentialsSecret, lokiURL)
+	if err != nil {
+		logger.Info("logging-secret - failed generating auth config!", "error", err)
+		return ctrl.Result{}, errors.WithStack(err)
+	}
+
+	// Check if secret already exists.
+	logger.Info("events-logger-secret - getting", "namespace", desiredEventsLoggerSecret.GetNamespace(), "name", desiredEventsLoggerSecret.GetName())
+	var currentEventsLoggerSecret v1.Secret
+	err = r.Client.Get(ctx, types.NamespacedName{Name: desiredEventsLoggerSecret.GetName(), Namespace: desiredEventsLoggerSecret.GetNamespace()}, &currentEventsLoggerSecret)
+	if err != nil {
+		if apimachineryerrors.IsNotFound(err) {
+			logger.Info("events-logger-secret not found, creating")
+			err = r.Client.Create(ctx, &desiredEventsLoggerSecret)
+			if err != nil {
+				return ctrl.Result{}, errors.WithStack(err)
+			}
+		} else {
+			return ctrl.Result{}, errors.WithStack(err)
+		}
+	}
+
+	if !needUpdate(currentEventsLoggerSecret, desiredEventsLoggerSecret) {
+		logger.Info("events-logger-secret up to date")
+		return ctrl.Result{}, nil
+	}
+
+	logger.Info("events-logger-secret - updating")
+	err = r.Client.Update(ctx, &desiredEventsLoggerSecret)
+	if err != nil {
+		return ctrl.Result{}, errors.WithStack(err)
+	}
+
+	logger.Info("events-logger-secret - done")
+	return ctrl.Result{}, nil
+}
+
+// ReconcileDelete - Not much to do here when a cluster is deleted
+func (r *Reconciler) ReconcileDelete(ctx context.Context, lc loggedcluster.Interface) (ctrl.Result, error) {
+	logger := log.FromContext(ctx)
+	logger.Info("events-logger-secret delete")
+
+	// Get expected secret.
+	var currentEventsLoggerSecret v1.Secret
+	err := r.Client.Get(ctx, types.NamespacedName{Name: GetEventsLoggerSecretName(lc), Namespace: lc.GetAppsNamespace()}, &currentEventsLoggerSecret)
+	if err != nil {
+		if apimachineryerrors.IsNotFound(err) {
+			logger.Info("events-logger-secret not found, stop here")
+			return ctrl.Result{}, nil
+		}
+		return ctrl.Result{}, errors.WithStack(err)
+	}
+
+	// Delete secret.
+	logger.Info("events-logger-secret deleting", "namespace", currentEventsLoggerSecret.GetNamespace(), "name", currentEventsLoggerSecret.GetName())
+	err = r.Client.Delete(ctx, &currentEventsLoggerSecret)
+	if err != nil {
+		if apimachineryerrors.IsNotFound(err) {
+			// Do no throw error in case it was not found, as this means
+			// it was already deleted.
+			logger.Info("events-logger-secret already deleted")
+			return ctrl.Result{}, nil
+		}
+		return ctrl.Result{}, errors.WithStack(err)
+	}
+	logger.Info("events-logger-secret deleted")
+
+	return ctrl.Result{}, nil
+}
+
+// needUpdate return true if current.Data and desired.Data do not match.
+func needUpdate(current, desired v1.Secret) bool {
+	return !reflect.DeepEqual(current.Data, desired.Data)
+}