comet-ml
[DND-131] optimize opik frontend dockerfile
Details
This PR refactors the Opik Frontend logging and tracing infrastructure to be more robust, configurable, and efficient. Key changes include:
- Nginx Logging Modernization: Transitioned Nginx access logging from file-based/shared-volume logging to syslog over UDP. This decouples the frontend from the log collector and eliminates file system I/O overhead for logging.
- Fluent Bit Removal: Removed the Fluent Bit sidecar container. Nginx now sends logs directly to the OpenTelemetry Collector's syslog receiver. This simplifies the architecture and reduces resource usage.
- Conditional OpenTelemetry Tracing: Introduced the OTEL_TRACE environment variable (default: off) to conditionally enable or disable the OpenTelemetry module in Nginx. When disabled, the module is not loaded, reducing overhead.
- Conditional Syslog: Nginx access logs are only sent to the syslog receiver when OTEL_TRACE=on. Error logs are always sent to stderr for container runtime visibility.
- Dynamic Configuration: Implemented envsubst template processing for nginx.conf in a custom entrypoint script. This allows for dynamic configuration of OTel endpoints, log destinations, and tracing status at container startup without needing sed hacks or complex build-time logic.
- Base Image Upgrade: Updated the frontend base image to nginx:1.29.3-alpine-otel and added apk upgrade to resolve high-severity vulnerabilities.
Change checklist
Issues
- Resolves #
- DND-131
Testing
- Default Behavior (Tracing Off): Verified that docker compose up starts the frontend successfully without waiting for the OTel collector. Nginx loads without the OTel module and logs to stdout/stderr.
- Tracing On: Verified that setting OTEL_TRACE=on enables the OTel module, configures the OTel exporter, and starts sending access logs to the OTel collector via UDP port 5140.
- Log Flow: Confirmed that Nginx access logs are correctly received by the OpenTelemetry Collector and processed.
- Service Name: Verified that traces from the frontend appear with the service name opik-frontend. Vulnerability Scan: Confirmed that apk upgrade reduces the reported vulnerability count in the Docker image.
Documentation
Self explained code with comments
π Test environment deployment started
Building images for PR #4240...
You can monitor the build progress here.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
π Test environment deployment started
Building images for PR #4240...
You can monitor the build progress here.
β Test environment is now available!
Access Information
- URL: https://pr-4240.dev.comet.com
- Cluster: comet-ml-development
- Namespace: pr-4240
- Version: 1.9.38-4240-merge-648
- Application logs: View in Grafana
The deployment has completed successfully and the version has been verified.
πΏ Preview your docs: https://opik-preview-aa473880-e5c3-4da7-96c5-e77aad369a38.docs.buildwithfern.com/docs/opik
No broken links found
π Results for commit b0bf8272f82c1c3a4c7274d732a57a1d77b45044
π Test environment deployment started
Building images for PR #4240...
You can monitor the build progress here.
β Test environment is now available!
Access Information
- URL: https://pr-4240.dev.comet.com
- Cluster: comet-ml-development
- Namespace: pr-4240
- Version: 1.9.47-4240-merge-690
- Application logs: View in Grafana
The deployment has completed successfully and the version has been verified.
SDK E2E Tests Results
0 testsβββ0 β ββ0s β±οΈ 0 suitesββ0 π€ 0 filesββββ0 β
Results for commit 7ae08a26.
:recycle: This comment has been updated with latest results.
Backend Tests Results
ββ369 filesββββ369 suitesβββ46m 12s β±οΈ 6β231 testsβ6β222 β β8 π€β0 ββ1 π₯ 5β039 runsββ5β031 β β8 π€β0 β
For more details on these errors, see this check.
Results for commit 7ae08a26.