-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add monitoring to GCP cloud Logging #569
Conversation
@heejin-github |
monitoring/gcp/cloud_logging.go
Outdated
|
||
var periodicCloudLog *gcpCloudLoggingEntry | ||
|
||
type gcpCloudLoggingEntry struct { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What do you think adding additional field to distinguish "VATZ" agent?
If so, we can set log router to gather only VATZ logs in one place.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, I think that's easier to deal with, I will proceed to create a new fields and put current gcpCloudLoggingEntry into it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@rootwarp
Added vatz
as module in labels
with APIKey type credential, I got this error from vatz.
It seems that API key support for gRPC API from google api client library v0.155.0 If I updated google api client library from current v0.114.0 to the latest(v0.187.0) this issue was fixed. |
There's another issue on IP address restriction for api key.
I think below fix would be one of idea for this issue, we explicitly uses "tcp4", which forces IPv4 in grpc dialer. diff --git a/monitoring/gcp/gcp.go b/monitoring/gcp/gcp.go
index 8df32b9..ad0e1a9 100644
--- a/monitoring/gcp/gcp.go
+++ b/monitoring/gcp/gcp.go
@@ -12,6 +12,8 @@ import (
"google.golang.org/api/option"
"sync"
"time"
+ "net"
+ "google.golang.org/grpc"
)
type GCP interface {
@@ -53,19 +55,25 @@ func getClient(ctx context.Context, projectID string, credType tp.CredentialOpti
var client *logging.Client
var err error
+ customDialer := func(ctx context.Context, addr string) (net.Conn, error) {
+ return (&net.Dialer{}).DialContext(ctx, "tcp4", addr)
+ }
+
+ dialOption := grpc.WithContextDialer(customDialer)
+
switch credType {
case tp.ApplicationDefaultCredentials:
- client, err = logging.NewClient(ctx, projectID)
+ client, err = logging.NewClient(ctx, projectID, option.WithGRPCDialOption(dialOption))
case tp.ServiceAccountCredentials:
- client, err = logging.NewClient(ctx, projectID, option.WithCredentialsFile(credentials))
+ client, err = logging.NewClient(ctx, projectID, option.WithCredentialsFile(credentials), option.WithGRPCDialOption(dialOption))
case tp.APIKey:
- client, err = logging.NewClient(ctx, projectID, option.WithAPIKey(credentials))
+ client, err = logging.NewClient(ctx, projectID, option.WithAPIKey(credentials), option.WithGRPCDialOption(dialOption))
case tp.OAuth2:
tokenSource, err := google.DefaultTokenSource(ctx, logging.WriteScope)
if err != nil {
return nil, err
}
- client, err = logging.NewClient(ctx, projectID, option.WithTokenSource(tokenSource))
+ client, err = logging.NewClient(ctx, projectID, option.WithTokenSource(tokenSource), option.WithGRPCDialOption(dialOption))
if err != nil {
return nil, err
} |
Finally, I got IAM permission denied error. 😱
|
Thanks for the all comments, let me figure this our with our credentials. |
You don't have to even if you upgrade it, it would create another error something like below
@heejin-github |
|
from @rootwarp
Research on latest version of google-api-key by this week. |
@heejin-github @rootwarp @meetrick
|
@xellos00
Can I ask any wrong in my config?
|
I will get back to you shortly after I confirm its solution, I think your config is all good. |
Test with Local (Macboook air)
Try-2
|
@rootwarp @heejin-github @meetrick I apologize for the delay. I've updated the code to download Service Account (SA) credentials from S3, which is now secured by a bucket policy restricted to specific IP addresses. Additionally, the GCP client now utilizes SA credentials stored in memory on VATZ. Please update your configuration file as per the guide available at: If you have any questions or need further assistance, please let me know. Thank you! |
2024-07-23 Vatz test in Macbook Pro
Log
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
@xellos00 and I have some questions.
|
@heejin-github |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
1. Type of change
Please delete options that are not relevant.
2. Summary
close #556
Summary
Add feature that register every minute that VAtz status into Google Cloud logging
3. Comments