fix: add agent key auth for ingest endpoints

2026-02-06 19:13:30 -03:00
parent 615a8b5404
commit 6038e82b22
18 changed files with 1244 additions and 5 deletions
--- a/deploy/docker/docker-compose.yml
+++ b/deploy/docker/docker-compose.yml
@@ -11,6 +11,7 @@ services:
      - REDIS_URL=redis://redis:6379
      - JWT_SECRET=ophion-jwt-secret-change-in-production
      - ADMIN_PASSWORD=ophion123
+      - AGENT_KEY=ophion-agent-2024
    depends_on:
      - postgres
      - redis
--- a/deploy/docker/otel-collector-config.yaml
+++ b/deploy/docker/otel-collector-config.yaml
@@ -0,0 +1,123 @@
+# ═══════════════════════════════════════════════════════════
+# 🐍 OPHION - OpenTelemetry Collector Configuration
+# Receives traces/metrics/logs from instrumented applications
+# ═══════════════════════════════════════════════════════════
+
+receivers:
+  # OTLP receiver - accepts data from any OTLP-compatible SDK
+  otlp:
+    protocols:
+      grpc:
+        endpoint: 0.0.0.0:4317
+      http:
+        endpoint: 0.0.0.0:4318
+        cors:
+          allowed_origins:
+            - "*"
+
+  # Prometheus receiver for metrics scraping (optional)
+  prometheus:
+    config:
+      scrape_configs:
+        - job_name: 'otel-collector'
+          scrape_interval: 15s
+          static_configs:
+            - targets: ['localhost:8888']
+
+processors:
+  # Batch processor for better performance
+  batch:
+    timeout: 5s
+    send_batch_size: 512
+    send_batch_max_size: 1024
+
+  # Memory limiter to prevent OOM
+  memory_limiter:
+    check_interval: 1s
+    limit_percentage: 80
+    spike_limit_percentage: 25
+
+  # Resource processor to add common attributes
+  resource:
+    attributes:
+      - key: collector.name
+        value: ophion-collector
+        action: upsert
+      - key: deployment.environment
+        from_attribute: OTEL_RESOURCE_ATTRIBUTES
+        action: upsert
+
+  # Attributes processor for enrichment
+  attributes:
+    actions:
+      - key: ophion.collected
+        value: true
+        action: upsert
+
+exporters:
+  # Export to Ophion server via OTLP
+  otlphttp/ophion:
+    endpoint: http://server:8080
+    headers:
+      X-Ophion-Source: otel-collector
+    compression: gzip
+    retry_on_failure:
+      enabled: true
+      initial_interval: 5s
+      max_interval: 30s
+      max_elapsed_time: 300s
+
+  # Debug exporter for troubleshooting (disable in production)
+  debug:
+    verbosity: basic
+    sampling_initial: 5
+    sampling_thereafter: 200
+
+  # Prometheus exporter for collector metrics
+  prometheus:
+    endpoint: 0.0.0.0:8889
+    namespace: ophion_collector
+
+extensions:
+  # Health check extension
+  health_check:
+    endpoint: 0.0.0.0:13133
+    path: /health
+
+  # Performance profiler
+  pprof:
+    endpoint: 0.0.0.0:1777
+
+  # zPages for debugging
+  zpages:
+    endpoint: 0.0.0.0:55679
+
+service:
+  extensions: [health_check, pprof, zpages]
+  
+  pipelines:
+    # Traces pipeline
+    traces:
+      receivers: [otlp]
+      processors: [memory_limiter, batch, resource, attributes]
+      exporters: [otlphttp/ophion, debug]
+
+    # Metrics pipeline  
+    metrics:
+      receivers: [otlp, prometheus]
+      processors: [memory_limiter, batch, resource]
+      exporters: [otlphttp/ophion, debug]
+
+    # Logs pipeline
+    logs:
+      receivers: [otlp]
+      processors: [memory_limiter, batch, resource]
+      exporters: [otlphttp/ophion, debug]
+
+  telemetry:
+    logs:
+      level: info
+      encoding: json
+    metrics:
+      level: detailed
+      address: 0.0.0.0:8888
--- a/deploy/docker/otel-collector.yml
+++ b/deploy/docker/otel-collector.yml
@@ -0,0 +1,41 @@
+# ═══════════════════════════════════════════════════════════
+# 🐍 OPHION - OpenTelemetry Collector Service
+# Standalone compose file for the OTEL Collector
+# ═══════════════════════════════════════════════════════════
+
+version: '3.8'
+
+services:
+  otel-collector:
+    image: otel/opentelemetry-collector-contrib:0.96.0
+    container_name: ophion-otel-collector
+    command: ["--config=/etc/otel-collector-config.yaml"]
+    volumes:
+      - ./otel-collector-config.yaml:/etc/otel-collector-config.yaml:ro
+    ports:
+      - "4317:4317"   # OTLP gRPC receiver
+      - "4318:4318"   # OTLP HTTP receiver
+      - "8888:8888"   # Prometheus metrics exposed by the collector
+      - "8889:8889"   # Prometheus exporter metrics
+      - "13133:13133" # Health check extension
+      - "55679:55679" # zPages extension
+    environment:
+      - OTEL_RESOURCE_ATTRIBUTES=service.name=ophion-collector,service.version=1.0.0
+    restart: unless-stopped
+    networks:
+      - ophion
+    healthcheck:
+      test: ["CMD", "wget", "-q", "--spider", "http://localhost:13133/health"]
+      interval: 10s
+      timeout: 5s
+      retries: 3
+    deploy:
+      resources:
+        limits:
+          memory: 512M
+        reservations:
+          memory: 128M
+
+networks:
+  ophion:
+    external: true