From 8f249d61a62d413cf60056ec9b8381b41a1ba3e2 Mon Sep 17 00:00:00 2001
From: Aram Karapetyan <aram@dasmeta.com>
Date: Fri, 15 Dec 2023 17:53:06 +0400
Subject: [PATCH 1/2] fix(DMVP-3125): ADOT logging

---
 README.md                                     |  2 +-
 modules/adot/README.md                        |  2 +-
 modules/adot/main.tf                          | 18 ++--
 modules/adot/templates/adot-values.yaml.tpl   | 18 ++--
 modules/adot/tests/enable_logging/0-setup.tf  | 85 +++++++++++++++++++
 .../adot/tests/enable_logging/1-example.tf    | 12 +++
 modules/adot/tests/enable_logging/README.md   | 41 +++++++++
 modules/adot/variables.tf                     |  2 +
 variables.tf                                  |  5 +-
 9 files changed, 165 insertions(+), 20 deletions(-)
 create mode 100644 modules/adot/tests/enable_logging/0-setup.tf
 create mode 100644 modules/adot/tests/enable_logging/1-example.tf
 create mode 100644 modules/adot/tests/enable_logging/README.md

diff --git a/README.md b/README.md
index d35dd0f..d6a937b 100644
--- a/README.md
+++ b/README.md
@@ -235,7 +235,7 @@ worker_groups = {
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_account_id"></a> [account\_id](#input\_account\_id) | AWS Account Id to apply changes into | `string` | `null` | no |
-| <a name="input_adot_config"></a> [adot\_config](#input\_adot\_config) | Adot configs | <pre>object({<br>    accept_namespace_regex = optional(string, "(default|kube-system)")<br>    additional_metrics     = optional(list(string), [])<br>    log_group_name         = optional(string, "adot")<br>    log_retention          = optional(number, 14)<br>    helm_values            = optional(any, null)<br>  })</pre> | <pre>{<br>  "accept_namespace_regex": "(default|kube-system)",<br>  "additional_metrics": [],<br>  "log_group_name": "adot",<br>  "log_retention": 14<br>}</pre> | no |
+| <a name="input_adot_config"></a> [adot\_config](#input\_adot\_config) | accept\_namespace\_regex defines the list of namespaces from which metrics will be exported, and additional\_metrics defines additional metrics to export. | <pre>object({<br>    accept_namespace_regex = optional(string, "(default|kube-system)")<br>    additional_metrics     = optional(list(string), [])<br>    log_group_name         = optional(string, "adot")<br>    log_retention          = optional(number, 14)<br>    helm_values            = optional(any, null)<br>    logging_enable         = optional(bool, false)<br>  })</pre> | <pre>{<br>  "accept_namespace_regex": "(default|kube-system)",<br>  "additional_metrics": [],<br>  "helm_values": null,<br>  "log_group_name": "adot",<br>  "log_retention": 14,<br>  "logging_enable": false<br>}</pre> | no |
 | <a name="input_adot_version"></a> [adot\_version](#input\_adot\_version) | The version of the AWS Distro for OpenTelemetry addon to use. | `string` | `"v0.78.0-eksbuild.1"` | no |
 | <a name="input_alarms"></a> [alarms](#input\_alarms) | Alarms enabled by default you need set sns topic name for send alarms for customize alarms threshold use custom\_values | <pre>object({<br>    enabled       = optional(bool, true)<br>    sns_topic     = string<br>    custom_values = optional(any, {})<br>  })</pre> | n/a | yes |
 | <a name="input_alb_log_bucket_name"></a> [alb\_log\_bucket\_name](#input\_alb\_log\_bucket\_name) | n/a | `string` | `""` | no |
diff --git a/modules/adot/README.md b/modules/adot/README.md
index cfe5ea4..331f748 100644
--- a/modules/adot/README.md
+++ b/modules/adot/README.md
@@ -75,7 +75,7 @@ No modules.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_adot_collector_policy_arns"></a> [adot\_collector\_policy\_arns](#input\_adot\_collector\_policy\_arns) | List of IAM policy ARNs to attach to the ADOT collector service account. | `list(string)` | `[]` | no |
-| <a name="input_adot_config"></a> [adot\_config](#input\_adot\_config) | accept\_namespace\_regex defines the list of namespaces from which metrics will be exported, and additional\_metrics defines additional metrics to export. | <pre>object({<br>    accept_namespace_regex = optional(string, "(default|kube-system)")<br>    additional_metrics     = optional(list(string), [])<br>    log_group_name         = optional(string, "adot")<br>    log_retention          = optional(number, 14)<br>    helm_values            = optional(any, null)<br>  })</pre> | <pre>{<br>  "accept_namespace_regex": "(default|kube-system)",<br>  "additional_metrics": [],<br>  "helm_values": null,<br>  "log_group_name": "adot",<br>  "log_retention": 14<br>}</pre> | no |
+| <a name="input_adot_config"></a> [adot\_config](#input\_adot\_config) | accept\_namespace\_regex defines the list of namespaces from which metrics will be exported, and additional\_metrics defines additional metrics to export. | <pre>object({<br>    accept_namespace_regex = optional(string, "(default|kube-system)")<br>    additional_metrics     = optional(list(string), [])<br>    log_group_name         = optional(string, "adot")<br>    log_retention          = optional(number, 14)<br>    helm_values            = optional(any, null)<br>    logging_enable         = optional(bool, false)<br>  })</pre> | <pre>{<br>  "accept_namespace_regex": "(default|kube-system)",<br>  "additional_metrics": [],<br>  "helm_values": null,<br>  "log_group_name": "adot",<br>  "log_retention": 14,<br>  "logging_enable": false<br>}</pre> | no |
 | <a name="input_adot_log_group_name"></a> [adot\_log\_group\_name](#input\_adot\_log\_group\_name) | ADOT log group name | `string` | `"adot_log_group_name"` | no |
 | <a name="input_adot_version"></a> [adot\_version](#input\_adot\_version) | The version of the AWS Distro for OpenTelemetry addon to use. | `string` | `"v0.78.0-eksbuild.1"` | no |
 | <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | K8s cluster name. | `string` | n/a | yes |
diff --git a/modules/adot/main.tf b/modules/adot/main.tf
index a1a23f3..fdf87e7 100644
--- a/modules/adot/main.tf
+++ b/modules/adot/main.tf
@@ -2,6 +2,13 @@ locals {
   service_account_name = "adot-collector"
   oidc_provider        = regex("^arn:aws:iam::[0-9]+:oidc-provider/(.*)$", var.oidc_provider_arn)[0]
   region               = coalesce(var.region, try(data.aws_region.current[0].name, null))
+
+
+  logging = var.adot_config.logging_enable ? {
+    "log_group_name"  = "${var.adot_config.log_group_name}"
+    "log_stream_name" = "adot-metrics"
+    "log_retention"   = "${var.adot_config.log_retention}"
+  } : {}
 }
 
 data "aws_region" "current" {
@@ -23,11 +30,12 @@ resource "helm_release" "adot-collector" {
     && try(var.adot_config.helm_values, "") != null ?
     var.adot_config.helm_values :
     templatefile("${path.module}/templates/adot-values.yaml.tpl", {
-      region                     = local.region
-      cluster_name               = var.cluster_name
-      accept_namespace_regex     = var.adot_config.accept_namespace_regex
-      log_group_name             = var.adot_config.log_group_name
-      log_retention              = var.adot_config.log_retention
+      region                 = local.region
+      cluster_name           = var.cluster_name
+      accept_namespace_regex = var.adot_config.accept_namespace_regex
+      # log_group_name             = var.adot_config.log_group_name
+      # log_retention              = var.adot_config.log_retention
+      loging                     = local.logging
       metrics                    = local.merged_metrics
       metrics_namespace_specific = local.merged_namespace_specific
       prometheus_metrics         = var.prometheus_metrics
diff --git a/modules/adot/templates/adot-values.yaml.tpl b/modules/adot/templates/adot-values.yaml.tpl
index cf35bb0..9113bf6 100644
--- a/modules/adot/templates/adot-values.yaml.tpl
+++ b/modules/adot/templates/adot-values.yaml.tpl
@@ -126,9 +126,9 @@ adotCollector:
       exporters:
         awsemf/prometheus:
           dimension_rollup_option: NoDimensionRollup
-          log_group_name: "${log_group_name}"
-          log_stream_name: "adot-metrics-prometheus"
-          log_retention: "${log_retention}"
+%{ for key,value in loging }
+          ${key}: ${value}
+%{ endfor ~}
           metric_declarations:
           - dimensions:
             - - Namespace
@@ -149,9 +149,9 @@ adotCollector:
             enabled: true
         awsemf:
           namespace: "ContainerInsights"
-          log_group_name: "${log_group_name}"
-          log_stream_name: "adot-metrics"
-          log_retention: "${log_retention}"
+%{ for key, value in loging }
+          ${key}: ${value}
+%{ endfor ~}
           region: "${region}"
           dimension_rollup_option: "NoDimensionRollup"
           resource_to_telemetry_conversion:
@@ -214,8 +214,6 @@ adotCollector:
 
           # - dimensions: [[ClusterName, Namespace, Volume]]
           #  metric_name_selectors:
-        logging:
-          loglevel: error
         awsxray:
           region: "${region}"
       service:
@@ -232,10 +230,6 @@ adotCollector:
             receivers: ["awscontainerinsightreceiver"]
             processors: ["filter/metrics_include", "resource/set_attributes", "batch/metrics"]
             exporters: ["awsemf"]
-          traces/logging:
-            receivers: ["otlp"]
-            processors: ["memory_limiter"]
-            exporters: ["logging"]
           traces/to-aws-xray:
             receivers: [otlp]
             processors: ["memory_limiter", "batch/tracing", "resource/tracing_attributes"]
diff --git a/modules/adot/tests/enable_logging/0-setup.tf b/modules/adot/tests/enable_logging/0-setup.tf
new file mode 100644
index 0000000..e55d6f8
--- /dev/null
+++ b/modules/adot/tests/enable_logging/0-setup.tf
@@ -0,0 +1,85 @@
+terraform {
+  required_version = ">= 1.3.0"
+
+  required_providers {
+    test = {
+      source = "terraform.io/builtin/test"
+    }
+
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 3.41"
+    }
+
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "~> 2.23"
+    }
+
+    kubectl = {
+      source                = "gavinbunney/kubectl"
+      version               = "~> 1.14"
+      configuration_aliases = []
+    }
+
+    helm = ">= 2.0"
+  }
+}
+
+provider "aws" {
+  region = "eu-central-1"
+}
+
+locals {
+  cluster_name = "stage-6"
+}
+
+data "aws_eks_cluster" "test-cluster" {
+  name = local.cluster_name
+}
+
+data "aws_eks_cluster_auth" "test-cluster" {
+  name = local.cluster_name
+}
+
+data "aws_iam_openid_connect_provider" "test-cluster-oidc-provider" {
+  url = data.aws_eks_cluster.test-cluster.identity[0].oidc[0].issuer
+}
+
+provider "kubernetes" {
+  host                   = data.aws_eks_cluster.test-cluster.endpoint
+  cluster_ca_certificate = base64decode(data.aws_eks_cluster.test-cluster.certificate_authority.0.data)
+  token                  = data.aws_eks_cluster_auth.test-cluster.token
+
+  exec {
+    api_version = "client.authentication.k8s.io/v1beta1"
+    args        = ["eks", "--region", "eu-central-1", "get-token", "--cluster-name", local.cluster_name]
+    command     = "aws"
+  }
+}
+
+provider "kubectl" {
+  host                   = data.aws_eks_cluster.test-cluster.endpoint
+  cluster_ca_certificate = base64decode(data.aws_eks_cluster.test-cluster.certificate_authority.0.data)
+  token                  = data.aws_eks_cluster_auth.test-cluster.token
+
+  exec {
+    api_version = "client.authentication.k8s.io/v1beta1"
+    args        = ["eks", "--region", "eu-central-1", "get-token", "--cluster-name", local.cluster_name]
+    command     = "aws"
+  }
+}
+
+provider "helm" {
+  kubernetes {
+    host                   = data.aws_eks_cluster.test-cluster.endpoint
+    cluster_ca_certificate = base64decode(data.aws_eks_cluster.test-cluster.certificate_authority.0.data)
+    token                  = data.aws_eks_cluster_auth.test-cluster.token
+
+    exec {
+      api_version = "client.authentication.k8s.io/v1beta1"
+      args        = ["eks", "--region", "eu-central-1", "get-token", "--cluster-name", local.cluster_name]
+      command     = "aws"
+    }
+  }
+}
diff --git a/modules/adot/tests/enable_logging/1-example.tf b/modules/adot/tests/enable_logging/1-example.tf
new file mode 100644
index 0000000..0dfc331
--- /dev/null
+++ b/modules/adot/tests/enable_logging/1-example.tf
@@ -0,0 +1,12 @@
+module "adot" {
+  source = "../.."
+
+  cluster_name                = local.cluster_name
+  eks_oidc_root_ca_thumbprint = replace(try(data.aws_iam_openid_connect_provider.test-cluster-oidc-provider.arn, ""), "/.*id//", "")
+  oidc_provider_arn           = data.aws_iam_openid_connect_provider.test-cluster-oidc-provider.arn
+  region                      = "eu-central-1"
+
+  adot_config = {
+    logging_enable = true
+  }
+}
diff --git a/modules/adot/tests/enable_logging/README.md b/modules/adot/tests/enable_logging/README.md
new file mode 100644
index 0000000..97a80ae
--- /dev/null
+++ b/modules/adot/tests/enable_logging/README.md
@@ -0,0 +1,41 @@
+# basic
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.41 |
+| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.0 |
+| <a name="requirement_kubectl"></a> [kubectl](#requirement\_kubectl) | ~> 1.14 |
+| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | ~> 2.23 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.41 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_adot"></a> [adot](#module\_adot) | ../.. | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_eks_cluster.test-cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
+| [aws_eks_cluster_auth.test-cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source |
+| [aws_iam_openid_connect_provider.test-cluster-oidc-provider](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_openid_connect_provider) | data source |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+No outputs.
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/adot/variables.tf b/modules/adot/variables.tf
index 5093dec..454b0a8 100644
--- a/modules/adot/variables.tf
+++ b/modules/adot/variables.tf
@@ -45,12 +45,14 @@ variable "adot_config" {
     log_group_name         = optional(string, "adot")
     log_retention          = optional(number, 14)
     helm_values            = optional(any, null)
+    logging_enable         = optional(bool, false)
   })
   default = {
     accept_namespace_regex = "(default|kube-system)"
     additional_metrics     = []
     log_group_name         = "adot"
     log_retention          = 14
+    logging_enable         = false
     # ADOT helm chart values.yaml, if you don't use variable adot will be deployed with module default values file
     helm_values = null
   }
diff --git a/variables.tf b/variables.tf
index f67ea9b..dfec0f9 100644
--- a/variables.tf
+++ b/variables.tf
@@ -311,19 +311,22 @@ variable "metrics_exporter" {
 }
 
 variable "adot_config" {
+  description = "accept_namespace_regex defines the list of namespaces from which metrics will be exported, and additional_metrics defines additional metrics to export."
   type = object({
     accept_namespace_regex = optional(string, "(default|kube-system)")
     additional_metrics     = optional(list(string), [])
     log_group_name         = optional(string, "adot")
     log_retention          = optional(number, 14)
     helm_values            = optional(any, null)
+    logging_enable         = optional(bool, false)
   })
-  description = "Adot configs"
   default = {
     accept_namespace_regex = "(default|kube-system)"
     additional_metrics     = []
     log_group_name         = "adot"
     log_retention          = 14
+    logging_enable         = false
+    helm_values            = null
   }
 }
 

From d06f11c04cec7a913b2125577c31e116c00fc7db Mon Sep 17 00:00:00 2001
From: Aram Karapetyan <aram@dasmeta.com>
Date: Fri, 15 Dec 2023 17:55:39 +0400
Subject: [PATCH 2/2] fix(DMVP-3125): ADOT logging

---
 modules/adot/main.tf | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/modules/adot/main.tf b/modules/adot/main.tf
index fdf87e7..9ea040a 100644
--- a/modules/adot/main.tf
+++ b/modules/adot/main.tf
@@ -30,11 +30,9 @@ resource "helm_release" "adot-collector" {
     && try(var.adot_config.helm_values, "") != null ?
     var.adot_config.helm_values :
     templatefile("${path.module}/templates/adot-values.yaml.tpl", {
-      region                 = local.region
-      cluster_name           = var.cluster_name
-      accept_namespace_regex = var.adot_config.accept_namespace_regex
-      # log_group_name             = var.adot_config.log_group_name
-      # log_retention              = var.adot_config.log_retention
+      region                     = local.region
+      cluster_name               = var.cluster_name
+      accept_namespace_regex     = var.adot_config.accept_namespace_regex
       loging                     = local.logging
       metrics                    = local.merged_metrics
       metrics_namespace_specific = local.merged_namespace_specific