feat: enable OTLP access log ingestion in Envoy Gateway and update Vector collector and e2e tests accordingly

Author: JoseSzycho

config/dev/downstream_resources/downstream-gateway.yaml

@@ -111,6 +111,21 @@ spec:
               duration: "%DURATION%"
               route_name: "%ROUTE_NAME%"
               project_name: "%REQ(X-DATUM-PROJECT-NAME)%"
+          # Push access logs straight to the node-local Vector agent over OTLP.
+          # The JSON fields above are delivered as OTLP log-record attributes,
+          # which Vector's `envoy_access_logs` opentelemetry source parses into
+          # billing CloudEvents. internalTrafficPolicy: Local on the Vector
+          # Service keeps this hop on-node.
+          sinks:
+            - type: OpenTelemetry
+              openTelemetry:
+                host: billing-usage-collector-vector.billing-system.svc.cluster.local
+                port: 4317
+                # OTLP has no custom URL path; identify this stream via an OTel
+                # resource attribute instead. Surfaces in Vector under
+                # `.resources` and can be used to route/filter signals.
+                resources:
+                  service.name: nso-httproute-signals
 ---
 apiVersion: gateway.networking.k8s.io/v1
 kind: GatewayClass

config/tools/billing-usage-collector/kustomization.yaml

@@ -38,12 +38,32 @@ helmCharts:
             path: "/logs"
             decoding:
               codec: json
+          # Envoy Gateway pushes access logs here via its OpenTelemetry access
+          # log sink (OTLP). The JSON access log fields arrive as OTLP log-record
+          # attributes (i.e. under `.attributes.*`). This is the real ingestion
+          # path for live traffic; the `nso_logs` http_server above is only used
+          # by the e2e test to inject hand-crafted log lines.
+          envoy_access_logs:
+            type: opentelemetry
+            grpc:
+              address: "0.0.0.0:4317"
+            http:
+              address: "0.0.0.0:4318"
         transforms:
           parse_nso_logs:
             type: remap
             inputs:
               - nso_logs
+              - envoy_access_logs.logs
             source: |
+              # The OpenTelemetry source (Envoy push) nests the access log fields
+              # under `.attributes`; the http_server source (e2e test injection)
+              # delivers them at the top level. Normalize both to top-level fields
+              # so the rest of this transform is source-agnostic.
+              if exists(.attributes) {
+                . = object(.attributes) ?? .
+              }
+
               parsed_route, err = parse_regex(.route_name, r'^httproute/(?P<namespace>[^/]+)/(?P<name>[^/]+)')
               if err != null || is_null(parsed_route) {
                 abort
@@ -223,5 +243,16 @@ helmCharts:
             port: 9881
             protocol: TCP
             targetPort: 9881
+          # OTLP endpoints for Envoy Gateway's OpenTelemetry access log sink.
+          # internalTrafficPolicy: Local keeps each Envoy pod talking to the
+          # Vector agent on its own node.
+          - name: otlp-grpc
+            port: 4317
+            protocol: TCP
+            targetPort: 4317
+          - name: otlp-http
+            port: 4318
+            protocol: TCP
+            targetPort: 4318
       podMonitor:
         enabled: true

test/e2e/billing/chainsaw-test.yaml

@@ -156,9 +156,20 @@ spec:
                   accessLog:
                     settings:
                       - sinks:
+                          # File sink: the test still scrapes stdout to derive the
+                          # expected metric values (bytes, duration, project_name).
                           - type: File
                             file:
                               path: /dev/stdout
+                          # OpenTelemetry sink: Envoy pushes the access log to the
+                          # node-local Vector agent automatically, exercising the
+                          # real production ingestion path (no manual forwarding).
+                          - type: OpenTelemetry
+                            openTelemetry:
+                              host: billing-usage-collector-vector.billing-system.svc.cluster.local
+                              port: 4317
+                              resources:
+                                service.name: nso-httproute-signals
                         format:
                           type: JSON
                           json:
@@ -534,26 +545,31 @@ spec:
                 curl -kvf -H \"Host: ${PRIMARY_HOSTNAME}\" -d 'hello world' http://\${GATEWAY_SERVICE_NAME}.\${GATEWAY_SERVICE_NAMESPACE}.svc.cluster.local/delay/2; \
               "
 
-        # Verify Vector processes it and check exact counts
+        # Verify Vector emitted the CloudEvents. Envoy pushed the access log to
+        # Vector automatically via its OpenTelemetry sink when the request above
+        # was served, so this step only derives the expected values and polls the
+        # mock billing gateway for the result.
         - script:
             timeout: 45s
             cluster: nso-infra
             env:
               - name: DOWNSTREAM_NAMESPACE
                 value: ($downstreamNamespaceName)
-              - name: STANDARD_NAMESPACE
-                value: ($namespace)
             content: |
               # =====================================================================
               # Validates the full HTTP metering pipeline, end to end:
               #
-              #   Envoy access log  --(raw POST)-->  Vector /logs source
+              #   Envoy access log  --(OTLP push)-->  Vector opentelemetry source
               #        |                                   |
-              #        | (one JSON line per request)       | (VRL transform fans the
-              #        |                                   |  single log line out into
+              #        | (also written to stdout for       | (VRL transform fans the
+              #        |  capturing expected values)       |  log record out into
               #        v                                   v  CloudEvents)
               #   captured here (STEP 1-2)          mock-billing-gateway (STEP 4)
               #
+              # Envoy pushes the access log to Vector automatically (OpenTelemetry
+              # sink on custom-proxy-config -> billing-usage-collector-vector:4317)
+              # when the request is served -- the test does NOT forward it manually.
+              #
               # A single access log line is expected to produce FOUR CloudEvents,
               # one per usage dimension, all sharing the same subject
               # ("projects/<project-control-plane-namespace-uid>"):
@@ -605,13 +621,12 @@ spec:
               echo "  - Duration ms (expected): $DURATION_MS ($EXPECTED_DURATION seconds)"
               echo "  - Project name (expected): $PROJECT_NAME"
 
-              # --- STEP 3: feed the raw access log into Vector --------------------
-              # POST the exact captured line to Vector's http_server /logs source.
-              # Vector's VRL transform parses it and emits the four CloudEvents to
-              # the mock-billing-gateway sink.
-              kubectl -n $STANDARD_NAMESPACE exec -i test-pod -- sh -c " \
-                curl -v -X POST -H 'Content-Type: application/json' -d '$ENVOY_LOG' http://billing-usage-collector-vector.billing-system.svc.cluster.local:9881/logs \
-              "
+              # --- STEP 3: (no manual forwarding) --------------------------------
+              # The request above already caused Envoy to push this access log to
+              # Vector automatically via its OpenTelemetry sink (custom-proxy-config
+              # -> billing-usage-collector-vector:4317). Vector's VRL transform
+              # parses it and emits the four CloudEvents to the mock-billing-gateway
+              # sink, so there is nothing to POST here -- we just poll for the result.
 
               # --- STEP 4: verify the CloudEvents the mock billing gateway received
               # Poll the mock gateway's request log (Vector may take a moment to