[9.1] (backport #8785) add logs only edot kube-stack configuration (#9089)

* add logs only edot kube-stack configuration (#8785)

* add logs only edot kube-stack configuration

* rename logs values file

* disable default pipelines

* remove resource/k8s processor and use k8sattributes processor for service attributes

(cherry picked from commit 502cd5c)

* fix: downgrade elastic-agent tag to 9.1.0

---------

Co-authored-by: Roger Coll <[email protected]>

Author: mergify[bot]

changelog/fragments/1751444462-add_logs_only_motel_config.yaml

@@ -0,0 +1,32 @@
+# Kind can be one of:
+# - breaking-change: a change to previously-documented behavior
+# - deprecation: functionality that is being removed in a later release
+# - bug-fix: fixes a problem in a previous version
+# - enhancement: extends functionality but does not break or fix existing behavior
+# - feature: new functionality
+# - known-issue: problems that we are aware of in a given version
+# - security: impacts on the security of a product or a user’s deployment.
+# - upgrade: important information for someone upgrading from a prior version
+# - other: does not fit into any of the other categories
+kind: feature
+
+# Change summary; a 80ish characters long description of the change.
+summary: Add file logs only mOTEL kube-stack configuration
+
+# Long description; in case the summary is not enough to describe the change
+# this field accommodate a description without length limits.
+# NOTE: This field will be rendered only for breaking-change and known-issue kinds at the moment.
+#description:
+
+# Affected component; usually one of "elastic-agent", "fleet-server", "filebeat", "metricbeat", "auditbeat", "all", etc.
+component: elastic-agent
+
+# PR URL; optional; the PR number that added the changeset.
+# If not present is automatically filled by the tooling finding the PR where this changelog fragment has been added.
+# NOTE: the tooling supports backports, so it's able to fill the original PR number instead of the backport PR number.
+# Please provide it if you are adding a fragment for a different PR.
+#pr: https://github.com/owner/repo/1234
+
+# Issue URL; optional; the GitHub issue related to this changeset (either closes or is part of).
+# If not present is automatically filled by the tooling with the issue linked to the PR number.
+#issue: https://github.com/owner/repo/1234

deploy/helm/edot-collector/kube-stack/managed_otlp/logs-values.yaml

@@ -0,0 +1,254 @@
+# For installation and configuration options, refer to the [installation instructions](https://github.com/elastic/opentelemetry/blob/main/docs/kubernetes/operator/README.md)
+
+# For advanced configuration options, refer to the [official OpenTelemetry Helm chart](https://github.com/open-telemetry/opentelemetry-helm-charts/blob/main/charts/opentelemetry-kube-stack/values.yaml)
+# This file has been tested together with opentelemetry-kube-stack helm chart version: 0.3.9
+opentelemetry-operator:
+  manager:
+    extraArgs:
+      - --enable-go-instrumentation
+  admissionWebhooks:
+    certManager:
+      enabled: false # For production environments, it is [recommended to use cert-manager for better security and scalability](https://github.com/open-telemetry/opentelemetry-helm-charts/tree/main/charts/opentelemetry-operator#tls-certificate-requirement).
+    autoGenerateCert:
+      enabled: true # Enable/disable automatic certificate generation. Set to false if manually managing certificates.
+      recreate: true # Force certificate regeneration on updates. Only applicable if autoGenerateCert.enabled is true.
+crds:
+  create: true # Install the OpenTelemetry Operator CRDs.
+defaultCRConfig:
+  image:
+    repository: "docker.elastic.co/elastic-agent/elastic-agent"
+    tag: "9.1.0"
+  targetAllocator:
+    enabled: false # Enable/disable the Operator's Target allocator.
+    # Refer to: https://github.com/open-telemetry/opentelemetry-operator/tree/main/cmd/otel-allocator
+clusterRole:
+  rules:
+    - apiGroups: [""]
+      resources: ["configmaps"]
+      verbs: ["get"]
+# `clusterName` specifies the name of the Kubernetes cluster. It sets the 'k8s.cluster.name' field.
+# Cluster Name is automatically detected for EKS/GKE/AKS. Add the below value in environments where cluster name cannot be detected.
+# clusterName: myClusterName
+collectors:
+  cluster:
+    enabled: false
+  #  Daemon is a K8s daemonset EDOT collector focused on gathering telemetry at
+  #  node level and exposing an OTLP endpoint for data ingestion.
+  #  Auto-instrumentation SDKs will use this endpoint.
+  daemon:
+    fullnameOverride: "opentelemetry-kube-stack-daemon"
+    env:
+      - name: ELASTIC_AGENT_OTEL
+        value: '"true"'
+    presets:
+      kubeletMetrics:
+        enabled: false
+      hostMetrics:
+        enabled: false
+      logsCollection:
+        enabled: true # Enable/disable the collection of node's logs.
+        storeCheckpoints: true # Store checkpoints for log collection, allowing for resumption from the last processed log.
+    scrape_configs_file: "" # [Prometheus metrics](https://github.com/open-telemetry/opentelemetry-helm-charts/tree/main/charts/opentelemetry-kube-stack#scrape_configs_file-details)
+    config:
+      exporters:
+        # [Debug exporter](https://github.com/open-telemetry/opentelemetry-collector/blob/main/exporter/debugexporter/README.md)
+        debug:
+          verbosity: basic
+        otlp/gateway:
+          endpoint: "http://opentelemetry-kube-stack-gateway-collector-headless:4317"
+          tls:
+            insecure: true
+      processors:
+        # [Batch Processor](https://github.com/open-telemetry/opentelemetry-collector/tree/main/processor/batchprocessor)
+        batch: {}
+        # [Resource Detection Processor](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/processor/resourcedetectionprocessor)
+        resourcedetection/eks:
+          detectors: [env, eks] # Detects resources from environment variables and EKS (Elastic Kubernetes Service).
+          timeout: 15s
+          override: true
+          eks:
+            resource_attributes:
+              k8s.cluster.name:
+                enabled: true
+        resourcedetection/gcp:
+          detectors: [env, gcp] # Detects resources from environment variables and GCP (Google Cloud Platform).
+          timeout: 2s
+          override: true
+        resourcedetection/aks:
+          detectors: [env, aks] # Detects resources from environment variables and AKS (Azure Kubernetes Service).
+          timeout: 2s
+          override: true
+          aks:
+            resource_attributes:
+              k8s.cluster.name:
+                enabled: true
+        resource/hostname:
+          attributes:
+            - key: host.name
+              from_attribute: k8s.node.name
+              action: upsert
+        resourcedetection/system:
+          detectors: ["system", "ec2"] # Detects resources from the system and EC2 instances.
+          system:
+            hostname_sources: ["os"]
+            resource_attributes:
+              host.name:
+                enabled: true
+              host.id:
+                enabled: false
+              host.arch:
+                enabled: true
+              host.ip:
+                enabled: true
+              host.mac:
+                enabled: true
+              host.cpu.vendor.id:
+                enabled: true
+              host.cpu.family:
+                enabled: true
+              host.cpu.model.id:
+                enabled: true
+              host.cpu.model.name:
+                enabled: true
+              host.cpu.stepping:
+                enabled: true
+              host.cpu.cache.l2.size:
+                enabled: true
+              os.description:
+                enabled: true
+              os.type:
+                enabled: true
+          ec2:
+            resource_attributes:
+              host.name:
+                enabled: false
+              host.id:
+                enabled: true
+        resource/cloud:
+          attributes:
+            - key: cloud.instance.id
+              from_attribute: host.id
+              action: insert
+        # [K8s Attributes Processor](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/processor/k8sattributesprocessor)
+        k8sattributes:
+          filter:
+            # Only retrieve pods running on the same node as the collector
+            node_from_env_var: OTEL_K8S_NODE_NAME
+          passthrough: false
+          pod_association:
+            # Below association takes a look at the k8s.pod.ip and k8s.pod.uid resource attributes or connection's context, and tries to match it with the pod having the same attribute.
+            - sources:
+                - from: resource_attribute
+                  name: k8s.pod.ip
+            - sources:
+                - from: resource_attribute
+                  name: k8s.pod.uid
+            - sources:
+                - from: connection
+          extract:
+            metadata:
+              - "k8s.namespace.name"
+              - "k8s.deployment.name"
+              - "k8s.replicaset.name"
+              - "k8s.statefulset.name"
+              - "k8s.daemonset.name"
+              - "k8s.cronjob.name"
+              - "k8s.job.name"
+              - "k8s.node.name"
+              - "k8s.pod.name"
+              - "k8s.pod.ip"
+              - "k8s.pod.uid"
+              - "k8s.pod.start_time"
+              # Service attributes added based on https://opentelemetry.io/docs/specs/semconv/non-normative/k8s-attributes/#service-attributes
+              - "service.name"
+              - "service.version"
+      receivers:
+        otlp: null
+        # [File Log Receiver](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/filelogreceiver)
+        filelog:
+          exclude:
+            # exlude opentelemetry-kube-stack pod logs
+            - /var/log/pods/*opentelemetry-kube-stack*/*/*.log
+      # [Service Section](https://opentelemetry.io/docs/collector/configuration/#service)
+      service:
+        pipelines:
+          logs: null
+          metrics: null
+          traces: null
+          logs/node:
+            receivers:
+              - filelog
+            processors:
+              - batch
+              - k8sattributes
+              - resourcedetection/system
+              - resourcedetection/eks
+              - resourcedetection/gcp
+              - resourcedetection/aks
+              - resource/hostname
+              - resource/cloud
+            exporters:
+              - otlp/gateway
+  #  Gateway is a K8s deployment EDOT collector focused on processing and
+  #  forwarding telemetry to an Elasticsearch endpoint.
+  gateway:
+    fullnameOverride: "opentelemetry-kube-stack-gateway"
+    suffix: gateway
+    replicas: 1
+    autoscaler:
+      minReplicas: 1 # Start with at least 2 replicas for better availability.
+      maxReplicas: 5 # Allow more scale-out if needed.
+      targetCPUUtilization: 70 # Scale when CPU usage exceeds 70%.
+      targetMemoryUtilization: 75 # Scale when memory usage exceeds 75%.
+    resources:
+      limits:
+        cpu: 500m
+        memory: 500Mi
+      requests:
+        cpu: 100m
+        memory: 250Mi
+    enabled: true
+    env:
+      - name: ELASTIC_AGENT_OTEL
+        value: '"true"'
+      - name: ELASTIC_OTLP_ENDPOINT
+        valueFrom:
+          secretKeyRef:
+            name: elastic-secret-otel
+            key: elastic_otlp_endpoint
+      - name: ELASTIC_API_KEY
+        valueFrom:
+          secretKeyRef:
+            name: elastic-secret-otel
+            key: elastic_api_key
+    config:
+      receivers:
+        otlp:
+          protocols:
+            grpc:
+              endpoint: ${env:MY_POD_IP}:4317
+            http:
+              endpoint: ${env:MY_POD_IP}:4318
+      processors:
+        batch:
+          send_batch_size: 1000
+          timeout: 1s
+          send_batch_max_size: 1500
+      exporters:
+        debug:
+        otlp/ingest:
+          endpoint: ${env:ELASTIC_OTLP_ENDPOINT}
+          headers:
+            Authorization: ApiKey ${env:ELASTIC_API_KEY}
+          timeout: 15s
+      service:
+        pipelines:
+          logs:
+            receivers: [otlp]
+            processors: [batch]
+            exporters: [debug, otlp/ingest]
+# For more details on OpenTelemetry's zero-code instrumentation, see:
+# https://opentelemetry.io/docs/concepts/instrumentation/zero-code/
+instrumentation:
+  name: elastic-instrumentation
+  enabled: false # Enable/disable auto-instrumentation.

magefile.go

@@ -3807,6 +3807,9 @@ func (Helm) UpdateAgentVersion() error {
 		filepath.Join(helmMOtelChartPath, "values.yaml"): {
 			{"defaultCRConfig.image.tag", agentVersion},
 		},
+		filepath.Join(helmMOtelChartPath, "logs-values.yaml"): {
+			{"defaultCRConfig.image.tag", agentVersion},
+		},
 	} {
 		if err := updateYamlFile(yamlFile, keyVals...); err != nil {
 			return fmt.Errorf("failed to update agent version: %w", err)

testing/integration/k8s/otel_helm_test.go

@@ -122,6 +122,33 @@ func TestOtelKubeStackHelm(t *testing.T) {
 				k8sStepCheckRunningPods("app.kubernetes.io/managed-by=opentelemetry-operator", 4, "otc-container"),
 			},
 		},
+		{
+			name: "mOTel logs only helm kube-stack operator standalone agent kubernetes privileged",
+			steps: []k8sTestStep{
+				k8sStepCreateNamespace(),
+				k8sStepHelmDeployWithValueOptions(KubeStackChartPath, "kube-stack-otel",
+					values.Options{
+						ValueFiles: []string{"../../../deploy/helm/edot-collector/kube-stack/managed_otlp/logs-values.yaml"},
+						Values:     []string{fmt.Sprintf("defaultCRConfig.image.repository=%s", kCtx.agentImageRepo), fmt.Sprintf("defaultCRConfig.image.tag=%s", kCtx.agentImageTag)},
+
+						// override secrets reference with env variables
+						JSONValues: []string{
+							// TODO: replace with managed OTLP ingest endpoint/apiKey when available
+							fmt.Sprintf(`collectors.gateway.env[1]={"name":"ELASTIC_OTLP_ENDPOINT","value":"%s"}`, "https://otlp.ingest:433"),
+							fmt.Sprintf(`collectors.gateway.env[2]={"name":"ELASTIC_API_KEY","value":"%s"}`, "CHANGEME=="),
+						},
+					},
+				),
+				// - An OpenTelemetry Operator Deployment (1 pod per
+				// cluster)
+				k8sStepCheckRunningPods("app.kubernetes.io/name=opentelemetry-operator", 1, "manager"),
+				// - A Daemonset to collect K8s node's logs
+				// (1 EDOT collector pod per node)
+				// - One Gateway replicas to collect, aggregate and forward
+				// telemetry.
+				k8sStepCheckRunningPods("app.kubernetes.io/managed-by=opentelemetry-operator", 2, "otc-container"),
+			},
+		},
 	}
 
 	for _, tc := range testCases {