Skip to content

GitLab Next

Closed
Created by Dov Hershkovitch@dhershkovitchDeveloper

Implementation issue for exposing GitLab managed apps logs

#208066 (closed)

Problem

In the log explorer today a user can filter by 2 parameters, an environment (which is actually a namespace) and by a pod name, while this provides an insight to the app that is deployed in a cluster this view lacking the information of the actual cluster and the gitlab mng apps (e.g. K8s logs and other managed apps such as NGINX, Prometheus, WAF etc...). We should leverage the facts that Elastic collects all of the logs from all namespaces from our clusters in a structured way, and expose additional fields so the user can see all available logs. We'll need to investigate and design the way to expose logs from K8s cluster, and gitlab managed apps (e.g. NGINX ingress, HAproxy), this should also answer the need to expose WAF logs. In this issue we should come up with the right proposal on where and how we should expose those logs

Why cant we simply expose all logs from all namespace to every user?

Since Elastic is installed on a cluster which can have multiple projects, a single developer should not be exposed to the shared resources across the cluster and should see only the logs which are relevant to its project. This is why the environment (which is a namespace) is the first selector in the log explorer, so when filtering by an environment the user is seen only the logs which are relevant to the project

Proposal

Use a single log explorer, however, when a maintainer is accessing it the log explorer will be in an advance mode exposing additional filters exclusively for managed apps logs

drop-down

Permissions

Its important we put more emphasis on this, today only maintainers can see logs (something we should fix in a separate issue) The following should be applied:

  • Developer should see pod logs from the deployed app,
  • Maintainer should have the ability to view logs on deployed apps and managed apps
  • Project maintainers can see project clusters.
  • Group maintainer to see a group-level cluster,
  • Instance administrator to see an instance-level cluster

Testing

Scenario part of E2E test case for Logs.

Edited by Matt Nohr