Telemetry

microgateway.airlock.com/v1alpha1


Telemetry contains the configuration for telemetry (logging, metrics & tracing).

apiVersion: microgateway.airlock.com/v1alpha1
kind: Telemetry
metadata:
  name: telemetry-example
spec:
  logging:
    accessLog:
      format:
        json:
          "@timestamp": "%START_TIME(%Y-%m-%dT%T.%3f%z)%"
          ecs:
            version: "8.5"
          log:
            logger: "access"
            level: "info"
          event:
            kind: "event"
            category: ["web"]
            type: "%EVENT_TYPE%"
            module: "envoy"
            dataset: "envoy.access"
            outcome: "success"
            start: "%START_TIME(%Y-%m-%dT%T.%3f%z)%"
            end: "%END_TIME(%Y-%m-%dT%T.%3f%z)%"
            duration: "%DURATION_IN_NANOSECONDS%"
          airlock:
            authentication: "%AUTHENTICATION%"
            deny_rules: "%DENY_RULES%"
            encoding: "%ENCODING%"
            header_rewrites: "%HEADER_REWRITES%"
            http:
              request:
                accept_language: "%REQ(ACCEPT-LANGUAGE):100%"
              response:
                redirect_url: "%RESP(LOCATION):1000%"
            log_correlation: "%LOG_CORRELATION%"
            parser: "%PARSER%"
            response:
              details: "%RESPONSE_CODE_DETAILS%"
              flags: "%RESPONSE_FLAGS%"
            upstream:
              destination:
                ip: "%UPSTREAM_REMOTE_ADDRESS_WITHOUT_PORT%"
                port: "%UPSTREAM_REMOTE_PORT%"
              http:
                version: "%UPSTREAM_HTTP_VERSION%"
            limits: "%LIMITS%"
          destination:
            ip: "%DOWNSTREAM_LOCAL_ADDRESS_WITHOUT_PORT%"
            port: "%DOWNSTREAM_LOCAL_PORT%"
          http:
            request:
              body:
                bytes: "%BYTES_RECEIVED%"
              bytes: "%REQUEST_HEADERS_AND_BODY_BYTES%"
              id: "%STREAM_ID%"
              method: "%REQ(:METHOD):100%"
              mime_type: "%REQ_MIME_TYPE:500%"
              referrer: "%REQ(REFERER):1000%"
            response:
              body:
                bytes: "%BYTES_SENT%"
              bytes: "%RESPONSE_HEADERS_AND_BODY_BYTES%"
              mime_type: "%RESP_MIME_TYPE:500%"
              status_code: "%RESPONSE_CODE%"
            version: "%HTTP_VERSION%"
          network:
            forwarded_ip: "%DOWNSTREAM_REMOTE_ADDRESS_WITHOUT_PORT%"
          observer:
            product: "Airlock Microgateway"
            type: "waap"
            vendor: "Ergon Informatik AG"
            version: "%ENVIRONMENT(ENGINE_VERSION)%"
          source:
            ip: "%DOWNSTREAM_DIRECT_REMOTE_ADDRESS_WITHOUT_PORT%"
            port: "%DOWNSTREAM_DIRECT_REMOTE_PORT%"
          url:
            domain: "%HTTP_HOST:500%"
            path: "%REQ_WITHOUT_QUERY(:PATH):1000%"
            query: "%REQ_QUERY(:PATH):1000%"
          user_agent:
            original: "%REQ(USER-AGENT):500%"
          # Additional log keys under 'custom'.
          custom:
            downstream:
              # Log TLS attributes of the downstream connection.
              tls:
                protocol: "%DOWNSTREAM_TLS_VERSION%"
                cipher: "%DOWNSTREAM_TLS_CIPHER%"
                session_id: "%DOWNSTREAM_TLS_SESSION_ID%"
              # Log the direct remote ip address and port.
              direct_remote_address:
                ip: "%DOWNSTREAM_DIRECT_REMOTE_ADDRESS_WITHOUT_PORT%"
                port: "%DOWNSTREAM_DIRECT_REMOTE_PORT%"
            http:
              request:
                # Log the request header 'Cookie'.
                cookie: "%REQ(cookie):500%"
                # Log the request header 'X-Request-ID'.
                x_request_id: "%REQ(X-Request-ID):500%"
apiVersion: microgateway.airlock.com/v1alpha1
kind: Telemetry
metadata:
  name: default
spec: 
  logging: 
    accessLog: 
      format: 
        json: 
          "@timestamp": "%START_TIME(%Y-%m-%dT%T.%3f%z)%"
          ecs:
            version: "8.5"
          log:
            logger: "access"
            level: "info"
          event:
            kind: "event"
            category: [ "web" ]
            type: "%EVENT_TYPE%"
            module: "envoy"
            dataset: "envoy.access"
            outcome: "success"
            start: "%START_TIME(%Y-%m-%dT%T.%3f%z)%"
            end: "%END_TIME(%Y-%m-%dT%T.%3f%z)%"
            duration: "%DURATION_IN_NANOSECONDS%"
          airlock:
            authentication: "%AUTHENTICATION%"
            deny_rules: "%DENY_RULES%"
            encoding: "%ENCODING%"
            header_rewrites: "%HEADER_REWRITES%"
            http:
              request:
                accept_language: "%REQ(ACCEPT-LANGUAGE):100%"
              response:
                redirect_url: "%RESP(LOCATION):1000%"
            log_correlation: "%LOG_CORRELATION%"
            openapi: "%OPENAPI%"
            parser: "%PARSER%"
            response:
              details: "%RESPONSE_CODE_DETAILS%"
              flags: "%RESPONSE_FLAGS%"
            upstream:
              destination:
                ip: "%UPSTREAM_REMOTE_ADDRESS_WITHOUT_PORT%"
                port: "%UPSTREAM_REMOTE_PORT%"
              http:
                version: "%UPSTREAM_HTTP_VERSION%"
            limits: "%LIMITS%"
          destination:
            ip: "%DOWNSTREAM_LOCAL_ADDRESS_WITHOUT_PORT%"
            port: "%DOWNSTREAM_LOCAL_PORT%"
          http:
            request:
              body:
                bytes: "%BYTES_RECEIVED%"
              bytes: "%REQUEST_HEADERS_AND_BODY_BYTES%"
              id: "%STREAM_ID%"
              method: "%REQ(:METHOD):100%"
              mime_type: "%REQ_MIME_TYPE:500%"
              referrer: "%REQ(REFERER):1000%"
            response:
              body:
                bytes: "%BYTES_SENT%"
              bytes: "%RESPONSE_HEADERS_AND_BODY_BYTES%"
              mime_type: "%RESP_MIME_TYPE:500%"
              status_code: "%RESPONSE_CODE%"
            version: "%HTTP_VERSION%"
          network:
            forwarded_ip: "%DOWNSTREAM_REMOTE_ADDRESS_WITHOUT_PORT%"
          observer:
            product: "Airlock Microgateway"
            type: "waap"
            vendor: "Ergon Informatik AG"
            version: "%ENVIRONMENT(ENGINE_VERSION)%"
          source:
            ip: "%DOWNSTREAM_DIRECT_REMOTE_ADDRESS_WITHOUT_PORT%"
            port: "%DOWNSTREAM_DIRECT_REMOTE_PORT%"
          url:
            domain: "%HTTP_HOST:500%"
            path: "%REQ_WITHOUT_QUERY(:PATH):1000%"
            query: "%REQ_QUERY(:PATH):1000%"
          user_agent:
            original: "%REQ(USER-AGENT):500%"
  correlation: 
    request: 
      alterRequestID: true
      allowDownstreamRequestID: true

Telemetry

Field Type Description Required Default Allowed Values
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata yes
spec object Specification of the desired telemetry behavior. no

Telemetry.spec

Field Type Description Required Default Allowed Values
correlation object Correlation defines the correlation aspects of Telemetry. no
logging object Logging defines the logging aspects of Telemetry. no

Telemetry.spec.correlation

Field Type Description Required Default Allowed Values
request object Request defines the request related correlation settings of Telemetry. no

Telemetry.spec.correlation.request

Field Type Description Required Default Allowed Values
allowDownstreamRequestID bool AllowDownstreamRequestID defines whether trace sampling will consider a provided x-request-id. no true true, false
alterRequestID bool AlterRequestID defines whether to alter the UUID to reflect the trace sampling decision. If disabled no modification to the UUID will be performed, this may break tracing in the upstream. no true true, false

Telemetry.spec.logging

Field Type Description Required Default Allowed Values
accessLog object AccessLog defines the access log settings of Telemetry. no

Telemetry.spec.logging.accessLog

Field Type Description Required Default Allowed Values
format object Format defines the Access Log format of the sidecar. no

Telemetry.spec.logging.accessLog.format

Field Type Description Required Default Allowed Values
json unstructured JSON defines the Access Log format as JSON. no