Implementation issue for exposing GitLab managed apps logs
Problem
In the log explorer today a user can filter by 2 parameters, an environment (which is actually a namespace) and by a pod name, while this provides an insight to the app that is deployed in a cluster this view lacking the information of the actual cluster and the gitlab mng apps (e.g. K8s logs and other managed apps such as NGINX, Prometheus, WAF etc...). We should leverage the facts that Elastic collects all of the logs from all namespaces from our clusters in a structured way, and expose additional fields so the user can see all available logs. We'll need to investigate and design the way to expose logs from K8s cluster, and gitlab managed apps (e.g. NGINX ingress, HAproxy), this should also answer the need to expose WAF logs. In this issue we should come up with the right proposal on where and how we should expose those logs
Why cant we simply expose all logs from all namespace to every user?
Since Elastic is installed on a cluster which can have multiple projects, a single developer should not be exposed to the shared resources across the cluster and should see only the logs which are relevant to its project. This is why the environment (which is a namespace) is the first selector in the log explorer, so when filtering by an environment the user is seen only the logs which are relevant to the project
Proposal
Use a single log explorer, however, when a maintainer is accessing it the log explorer will be in an advance mode exposing additional filters exclusively for managed apps logs
Permissions
Its important we put more emphasis on this, today only maintainers can see logs (something we should fix in a separate issue) The following should be applied:
- Developer should see pod logs from the deployed app,
- Maintainer should have the ability to view logs on deployed apps and managed apps
- Project maintainers can see project clusters.
- Group maintainer to see a group-level cluster,
- Instance administrator to see an instance-level cluster
Testing
Scenario part of E2E test case for Logs.