confgenerator: add support for RunMonitoring configs

This change does the following:
- Adds confgenerator for `RunMonitoring`
- Adds all structs required for the config
- Adds golden test files for unit tests
- Configures the entrypoint so it creates the config for the collector
  subprocess
- Use secret manager for storing the configs

Notes for reviewers:
- Sorry this PR is long again
- I wanted to add the skeleton for the config generation. The actual
  labels we will add by default and what should be used in the monitored
  resource are not yet solidified and will be done in a seperate PR
  based on discussion in go/run-gmp-config. In this PR, ignore what
  we're setting as labels.
- We discussed this offline, this change has some duplication with the
  Ops Agent's confgenerator and prometheus-engine's PodMonitoring
  structs. We accept this added tech debt because the Ops Agents
  packages aren't super well suited to use as libraries for this sidecar
  (yet, not much work is needed to make this possible but its not a
  blocker), and the prometheus libraries used by the prometheus-engine
  have different interfaces from the ones we forked. We will prioritize
  fixing this up and simplifying the confgenerator after the MVP

Change-Id: Ie57f82761544ebfd0612f8347ac5ab07a4a22edf

Dockerfile

@@ -13,6 +13,5 @@ FROM alpine:3
 RUN apk add --no-cache ca-certificates
 COPY --from=builder /sidecar/bin/rungmpcol /rungmpcol
 COPY --from=builder /sidecar/bin/run-gmp-entrypoint /run-gmp-entrypoint
-COPY collector-config.yaml /etc/rungmp/config.yml
 
 ENTRYPOINT ["/run-gmp-entrypoint"]

README.md

@@ -49,7 +49,7 @@ Because this sample requires `docker` or similar container build system for Linu
 gcloud services enable cloudbuild.googleapis.com --quiet
 ```
 
-The bundled configuration file for Cloud Build (`cloudbuild.yaml`) requires a new servcie account with the following roles or stronger:
+The bundled configuration file for Cloud Build (`cloudbuild.yaml`) requires a new service account with the following roles or stronger:
 
 * `roles/iam.serviceAccountUser`
 * `roles/storage.objectViewer`
@@ -82,6 +82,7 @@ commands:
 
 ```
 export GCP_PROJECT=<project-id>
+export RUN_GMP_CONFIG=run-gmp-config
 gcloud artifacts repositories create run-gmp \
     --repository-format=docker \
     --location=us-east1
@@ -116,6 +117,15 @@ docker build -t us-east1-docker.pkg.dev/$GCP_PROJECT/run-gmp/collector .
 docker push us-east1-docker.pkg.dev/$GCP_PROJECT/run-gmp/collector
 ```
 
+#### Create RunMonitoring config and store as a secret
+
+Create a `RunMonitoring` config and store it in secret manager. In this example, we use
+`run-gmp-config` as the secret name.
+
+```
+gcloud secrets create ${RUN_GMP_CONFIG}  --data-file=default-config.yaml
+```
+
 ##### Create the Cloud Run Service
 
 The `run-service.yaml` file defines a multicontainer Cloud Run Service with the
@@ -127,6 +137,8 @@ Replace the `%SAMPLE_APP_IMAGE%` and `%OTELCOL_IMAGE%` placeholders in
 ```
 sed -i s@%OTELCOL_IMAGE%@us-east1-docker.pkg.dev/${GCP_PROJECT}/run-gmp/collector@g run-service.yaml
 sed -i s@%SAMPLE_APP_IMAGE%@us-east1-docker.pkg.dev/${GCP_PROJECT}/run-gmp/sample-app@g run-service.yaml
+sed -i s@%PROJECT%@${GCP_PROJECT}@g run-service.yaml
+sed -i s@%SECRET%@${RUN_GMP_CONFIG}@g run-service.yaml
 ```
 
 Create the Service with the following command:
@@ -166,8 +178,5 @@ User request received!
 After running the demo, please make sure to clean up your project so that you don't consume unexpected resources and get charged.
 
 ```console
-gcloud run services delete run-gmp-sidecar-service --region us-east1 --quiet
-gcloud artifacts repositories delete run-gmp \
-  --location=us-east1 \
-  --quiet
+./clean-up-cloud-run.sh
 ```

clean-up-cloud-run.sh

@@ -0,0 +1,27 @@
+#!/bin/bash
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -ex
+
+PROJECT_ID=$(gcloud config get-value project)
+SA_NAME="run-gmp-sa"
+REGION="us-east1"
+
+gcloud run services delete run-gmp-sidecar-service --region ${REGION} --quiet
+gcloud secrets delete run-gmp-config
+gcloud artifacts repositories delete run-gmp \
+  --location=${REGION} \
+  --quiet
+gcloud iam service-accounts delete ${SA_NAME}@${PROJECT_ID}.iam.gserviceaccount.com

cloudbuild-single-req.yaml

@@ -35,15 +35,26 @@ steps:
     waitFor:
       - BUILD_COLLECTOR
 
+  - name: "gcr.io/cloud-builders/gcloud"
+    args: ["secrets", "create", "${_RUN_GMP_CONFIG}", "--data-file=default-config.yaml"]
+    id: CREATE_SECRET
+    waitFor:
+      - PUSH_COLLECTOR
+
   - name: "ubuntu"
     env:
       - "IMAGE_APP=${_IMAGE_APP}"
       - "IMAGE_COLLECTOR=${_IMAGE_COLLECTOR}"
+      - "SECRET=${_RUN_GMP_CONFIG}"
+      - "PROJECT=${_GCP_PROJECT}"
     script: |
       sed -i s@%OTELCOL_IMAGE%@${IMAGE_COLLECTOR}@g run-service.yaml
       sed -i s@%SAMPLE_APP_IMAGE%@${IMAGE_APP}@g run-service.yaml
+      sed -i s@%SECRET%@${SECRET}@g run-service.yaml
+      sed -i s@%PROJECT%@${PROJECT}@g run-service.yaml
     id: REPLACE_YAML_VALUE
-    waitFor: ["-"]
+    waitFor:
+      - CREATE_SECRET
 
   - name: "gcr.io/google.com/cloudsdktool/cloud-sdk:slim"
     entrypoint: gcloud
@@ -81,9 +92,11 @@ steps:
 
 substitutions:
   _REGION: us-east1
-  _REGISTRY: ${_REGION}-docker.pkg.dev/${PROJECT_ID}/run-gmp
+  _GCP_PROJECT: ${PROJECT_ID}
+  _REGISTRY: ${_REGION}-docker.pkg.dev/${_GCP_PROJECT}/run-gmp
   _IMAGE_APP: ${_REGISTRY}/sample-app
   _IMAGE_COLLECTOR: ${_REGISTRY}/collector
+  _RUN_GMP_CONFIG: run-gmp-config
   _SA_NAME: run-gmp-sa
 
 images:
@@ -97,7 +110,7 @@ images:
 # * roles/logging.logWriter
 # * roles/artifactregistry.createOnPushWriter
 # * roles/run.admin
-serviceAccount: "projects/${PROJECT_ID}/serviceAccounts/${_SA_NAME}@${PROJECT_ID}.iam.gserviceaccount.com"
+serviceAccount: "projects/${_GCP_PROJECT}/serviceAccounts/${_SA_NAME}@${_GCP_PROJECT}.iam.gserviceaccount.com"
 
 options:
   dynamic_substitutions: true

cloudbuild.yaml

@@ -35,15 +35,26 @@ steps:
     waitFor:
       - BUILD_COLLECTOR
 
+  - name: "gcr.io/cloud-builders/gcloud"
+    args: ["secrets", "create", "${_RUN_GMP_CONFIG}", "--data-file=default-config.yaml"]
+    id: CREATE_SECRET
+    waitFor:
+      - PUSH_COLLECTOR
+
   - name: "ubuntu"
     env:
       - "IMAGE_APP=${_IMAGE_APP}"
       - "IMAGE_COLLECTOR=${_IMAGE_COLLECTOR}"
+      - "SECRET=${_RUN_GMP_CONFIG}"
+      - "PROJECT=${_GCP_PROJECT}"
     script: |
       sed -i s@%OTELCOL_IMAGE%@${IMAGE_COLLECTOR}@g run-service.yaml
       sed -i s@%SAMPLE_APP_IMAGE%@${IMAGE_APP}@g run-service.yaml
+      sed -i s@%SECRET%@${SECRET}@g run-service.yaml
+      sed -i s@%PROJECT%@${PROJECT}@g run-service.yaml
     id: REPLACE_YAML_VALUE
-    waitFor: ["-"]
+    waitFor:
+      - CREATE_SECRET
 
   - name: "gcr.io/google.com/cloudsdktool/cloud-sdk:slim"
     entrypoint: gcloud
@@ -81,9 +92,11 @@ steps:
 
 substitutions:
   _REGION: us-east1
-  _REGISTRY: ${_REGION}-docker.pkg.dev/${PROJECT_ID}/run-gmp
+  _GCP_PROJECT: ${PROJECT_ID}
+  _REGISTRY: ${_REGION}-docker.pkg.dev/${_GCP_PROJECT}/run-gmp
   _IMAGE_APP: ${_REGISTRY}/sample-app
   _IMAGE_COLLECTOR: ${_REGISTRY}/collector
+  _RUN_GMP_CONFIG: run-gmp-config
   _SA_NAME: run-gmp-sa
 
 images:
@@ -97,8 +110,8 @@ images:
 # * roles/logging.logWriter
 # * roles/artifactregistry.createOnPushWriter
 # * roles/run.admin
-serviceAccount: "projects/${PROJECT_ID}/serviceAccounts/${_SA_NAME}@${PROJECT_ID}.iam.gserviceaccount.com"
+serviceAccount: "projects/${_GCP_PROJECT}/serviceAccounts/${_SA_NAME}@${_GCP_PROJECT}.iam.gserviceaccount.com"
 
 options:
   dynamic_substitutions: true
-  logging: CLOUD_LOGGING_ONLY
+  logging: CLOUD_LOGGING_ONLY

collector/service/components.go

@@ -19,6 +19,7 @@ import (
 	"github.com/open-telemetry/opentelemetry-collector-contrib/exporter/googlecloudexporter"
 	"github.com/open-telemetry/opentelemetry-collector-contrib/processor/filterprocessor"
 	"github.com/open-telemetry/opentelemetry-collector-contrib/processor/groupbyattrsprocessor"
+	"github.com/open-telemetry/opentelemetry-collector-contrib/processor/metricstransformprocessor"
 	"github.com/open-telemetry/opentelemetry-collector-contrib/processor/resourcedetectionprocessor"
 	"github.com/open-telemetry/opentelemetry-collector-contrib/processor/resourceprocessor"
 	"github.com/open-telemetry/opentelemetry-collector-contrib/processor/transformprocessor"
@@ -84,6 +85,7 @@ func components() (otelcol.Factories, error) {
 	processors := []processor.Factory{
 		filterprocessor.NewFactory(),
 		resourcedetectionprocessor.NewFactory(),
+		metricstransformprocessor.NewFactory(),
 		resourceprocessor.NewFactory(),
 		transformprocessor.NewFactory(),
 		groupbyattrsprocessor.NewFactory(),

confgenerator/agentmetrics.go

@@ -0,0 +1,89 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package confgenerator
+
+import (
+	"fmt"
+
+	"github.com/GoogleCloudPlatform/run-gmp-sidecar/confgenerator/otel"
+)
+
+type AgentSelfMetrics struct {
+	Version string
+	Port    int
+}
+
+func (r AgentSelfMetrics) OTelReceiverPipeline() otel.ReceiverPipeline {
+	return otel.ReceiverPipeline{
+		Receiver: otel.Component{
+			Type: "prometheus",
+			Config: map[string]interface{}{
+				"config": map[string]interface{}{
+					"scrape_configs": []map[string]interface{}{{
+						"job_name":        "run-gmp-sidecar",
+						"scrape_interval": "1m",
+						"static_configs": []map[string]interface{}{{
+							// TODO(b/196990135): Customization for the port number
+							"targets": []string{fmt.Sprintf("0.0.0.0:%d", r.Port)},
+						}},
+					}},
+				},
+			},
+		},
+		Processors: []otel.Component{
+			otel.MetricsFilter(
+				"include",
+				"strict",
+				"otelcol_process_uptime",
+				"otelcol_process_memory_rss",
+				"otelcol_grpc_io_client_completed_rpcs",
+				"otelcol_googlecloudmonitoring_point_count",
+			),
+			otel.MetricsTransform(
+				otel.RenameMetric("otelcol_process_uptime", "agent/uptime",
+					// change data type from double -> int64
+					otel.ToggleScalarDataType,
+					otel.AddLabel("version", r.Version),
+					// remove service.version label
+					otel.AggregateLabels("sum", "version"),
+				),
+				otel.RenameMetric("otelcol_process_memory_rss", "agent/memory_usage",
+					// remove service.version label
+					otel.AggregateLabels("sum"),
+				),
+				otel.RenameMetric("otelcol_grpc_io_client_completed_rpcs", "agent/api_request_count",
+					// change data type from double -> int64
+					otel.ToggleScalarDataType,
+					// TODO: below is proposed new configuration for the metrics transform processor
+					// ignore any non "google.monitoring" RPCs (note there won't be any other RPCs for now)
+					// - action: select_label_values
+					//   label: grpc_client_method
+					//   value_regexp: ^google\.monitoring
+					otel.RenameLabel("grpc_client_status", "state"),
+					// delete grpc_client_method dimension & service.version label, retaining only state
+					otel.AggregateLabels("sum", "state"),
+				),
+				otel.RenameMetric("otelcol_googlecloudmonitoring_point_count", "agent/monitoring/point_count",
+					// change data type from double -> int64
+					otel.ToggleScalarDataType,
+					// Remove service.version label
+					otel.AggregateLabels("sum", "status"),
+				),
+			),
+		},
+	}
+}
+
+// intentionally not registered as a component because this is not created by users