[DOCS-13190] OP Cloudflare Logpush doc #34489
Conversation
Preview links (active after the
|
content/en/observability_pipelines/sources/cloudflare_logpush.md
Outdated
Show resolved
Hide resolved
content/en/observability_pipelines/sources/cloudflare_logpush.md
Outdated
Show resolved
Hide resolved
content/en/observability_pipelines/sources/cloudflare_logpush.md
Outdated
Show resolved
Hide resolved
ckelner
left a comment
ckelner
left a comment
There was a problem hiding this comment.
Some comments and Qs! Thanks May! 🙇
content/en/observability_pipelines/sources/cloudflare_logpush.md
Outdated
Show resolved
Hide resolved
content/en/observability_pipelines/sources/cloudflare_logpush.md
Outdated
Show resolved
Hide resolved
content/en/observability_pipelines/sources/cloudflare_logpush.md
Outdated
Show resolved
Hide resolved
| 1. In the **Decoding** dropdown menu, select **Bytes**. | ||
| 1. Enable TLS: | ||
| 1. If you are using Secrets Management, enter the identifier for the HTTP/S Server key pass. See [Set secrets][3] for the defaults used. | ||
| 1. Enter `/fullchain.pem` in the **Certificate path** field. |
There was a problem hiding this comment.
Ah, these were just the names of the certs I had, this will be specific to the customer, they could have them named anything.
There was a problem hiding this comment.
Ah yeah, I meant to ask about that. Will update!
| 1. Enable TLS: | ||
| 1. If you are using Secrets Management, enter the identifier for the HTTP/S Server key pass. See [Set secrets][3] for the defaults used. | ||
| 1. Enter `/fullchain.pem` in the **Certificate path** field. | ||
| 1. Enter `/privkey.pem` in the **Private key path** field. |
There was a problem hiding this comment.
Updated this to be what we usually have for TLS setup..I'm going to do a revamp of this section later to simplify it.
| sudo mkdir -p /var/lib/observability-pipelines-worker/config | ||
|
|
||
| # Copy your certificates | ||
| sudo cp /path/to/your/fullchain.pem /var/lib/observability-pipelines-worker/config/fullchain.pem |
There was a problem hiding this comment.
similar to above, the certs could be named anything, I don't know if we want to use something like <your-cert-file> or something. Also the extension can be a variety of things, .pem, .crt, .cer just to name a few.
There was a problem hiding this comment.
Thanks! I updated it to and removed the extension
|
|
||
| # Copy your certificates | ||
| sudo cp /path/to/your/fullchain.pem /var/lib/observability-pipelines-worker/config/fullchain.pem | ||
| sudo cp /path/to/your/privkey.pem /var/lib/observability-pipelines-worker/config/privkey.pem |
There was a problem hiding this comment.
Same as above, and same for extension, .pem, .der, .key, etc exist
content/en/observability_pipelines/sources/cloudflare_logpush.md
Outdated
Show resolved
Hide resolved
| ## Set up Cloudflare Logpush | ||
|
|
||
| Follow the [Cloudflare Logpush HTTP destination documentation][5] to set up Logpush to send logs to an HTTP endpoint. | ||
| - For the **HTTP endpoint**, the basic authorization headers need to be in the URL needs: `https://clodflare.your-domain.com?header_Authorization=Basic%20<base64-encoded-credentials>` |
There was a problem hiding this comment.
I think an extra word here? needs? should we spell out that it needs to be base64 encoded? I know you have it in the url itself, but just to be explicit about it?
Also let's maybe say https://subdomain.your-domain.com? cloudflare as a subdomain isn't a requirement. Or if you want opw.your-domain.com
There was a problem hiding this comment.
Removed the typo and added that headers need to be base64 encoded. Also updated the URL as suggested.
content/en/observability_pipelines/sources/cloudflare_logpush.md
Outdated
Show resolved
Hide resolved
|
|
||
| - A Cloudflare account with Logpush enabled. | ||
| - A server or a server pool, fronted by a load balancer, that runs the Observability Pipelines Worker and allows traffic from Cloudflare's CIDR or the public internet. | ||
| - A DNS entry that points to your Observability Pipelines Worker's load balancer. |
There was a problem hiding this comment.
| - A DNS entry that points to your Observability Pipelines Worker's load balancer. | |
| - A DNS entry that points to your Worker's load balancer. |
ckelner
left a comment
ckelner
left a comment
There was a problem hiding this comment.
A few more comments! Sorry!
content/en/observability_pipelines/sources/cloudflare_logpush.md
Outdated
Show resolved
Hide resolved
content/en/observability_pipelines/sources/cloudflare_logpush.md
Outdated
Show resolved
Hide resolved
content/en/observability_pipelines/sources/cloudflare_logpush.md
Outdated
Show resolved
Hide resolved
| 1. Select a log template to create a pipeline. | ||
| 1. Select the HTTP Server source: | ||
| 1. If you are using Secrets Management, enter the identifier for the HTTP/S Server address key. See [Set secrets][3] for the defaults used. | ||
| 1. Set the authorization strategy to **Basic**. If you are using Secrets Management, enter the identifiers for the HTTP/S Server username and password. See [Set secrets][3] for the defaults used. |
There was a problem hiding this comment.
Auth strategy is really a customer choice, not required. It becomes less concerning when a firewall is in play and locked down the Cloudflare's CIDRs
There was a problem hiding this comment.
Ah okay thanks. Updated.
content/en/observability_pipelines/sources/cloudflare_logpush.md
Outdated
Show resolved
Hide resolved
|
Created DOCS-13390 for documentation team review once open comments are addressed |
Co-authored-by: Chris Kelner <ckelner@users.noreply.github.com>
content/en/observability_pipelines/sources/cloudflare_logpush.md
Outdated
Show resolved
Hide resolved
ckelner
left a comment
ckelner
left a comment
There was a problem hiding this comment.
One final nit. Suggestion on .crt looks good, and agreed on headers, left a comment
content/en/observability_pipelines/sources/cloudflare_logpush.md
Outdated
Show resolved
Hide resolved
content/en/observability_pipelines/sources/cloudflare_logpush.md
Outdated
Show resolved
Hide resolved
Co-authored-by: Chris Kelner <ckelner@users.noreply.github.com>
4 participants
What does this PR do? What is the motivation?
Merge instructions
Merge readiness:
For Datadog employees:
Your branch name MUST follow the
<name>/<description>convention and include the forward slash (/). Without this format, your pull request will not pass CI, the GitLab pipeline will not run, and you won't get a branch preview. Getting a branch preview makes it easier for us to check any issues with your PR, such as broken links.If your branch doesn't follow this format, rename it or create a new branch and PR.
[6/5/2025] Merge queue has been disabled on the documentation repo. If you have write access to the repo, the PR has been reviewed by a Documentation team member, and all of the required checks have passed, you can use the Squash and Merge button to merge the PR. If you don't have write access, or you need help, reach out in the #documentation channel in Slack.
Additional notes