align gw telemetry in k8s with unified chart

[kgal-akl]

Summary

• Align Gateway on Kubernetes telemetry configuration with akeyless-gateway chart.

Validation

• markdownlint run for edited Markdown files
• cspell run for edited Markdown files
• link check run for edited Markdown files

Safety Checklist

• No real credentials, tokens, account identifiers, tenant IDs, project numbers, or email addresses were added.
• All cloud identities in examples use placeholders (for example, <service-account-name>@<project-id>.iam.gserviceaccount.com, arn:aws:iam::<aws-account-id>:root, <azure-tenant-id>, and <resource-ocid>).
• Added examples were reviewed for sanitized values and non-production identifiers.

Jira

• DOCS-817

Summary by CodeRabbit

• Documentation
  • Updated Kubernetes Gateway telemetry and metrics configuration guidance with clearer setup instructions for monitoring platforms
  • Improved log-forwarding configuration and consolidation of related instructions
  • Added clarification on supported configuration patterns for metrics deployment

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR updates the Gateway telemetry documentation to replace older Kubernetes setup instructions with a consolidated, Secret-based approach. It introduces a new section explaining OpenTelemetry config mounting via Secrets, provides per-backend example configurations for Datadog and Prometheus, and integrates log-forwarding guidance into the same Secret-bound configuration workflow.

Changes

Kubernetes Telemetry and Logging Configuration

Layer / File(s)	Summary
Telemetry Config mounting framework and validation docs/Akeyless Gateway/operate-gateway/gateway-telemetry-and-metrics.md	New "Telemetry Config on Kubernetes" section explains Secret-based mounting of otel-config.yaml when globalConfig.metrics.enabled and globalConfig.metrics.metricsExistingSecret are set; includes warning that enabling metrics without the Secret reference is unsupported.
Backend-specific OpenTelemetry examples and log-forwarding setup docs/Akeyless Gateway/operate-gateway/gateway-telemetry-and-metrics.md	Updated Kubernetes instructions replace older snippets with steps to create a Base64-encoded gw-metrics-secret Secret, reference it via globalConfig.metrics.metricsExistingSecret in Helm values, and include per-backend otel-config.yaml examples for Datadog and Prometheus; log-forwarding consolidated to extend the same otel-config.yaml with a logs pipeline and set FORWARD_GW_APP_LOG=true via globalConfig.metrics.env.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 A telemetry tale, now clear and bright,
Secrets mount configs in Kubernetes light,
Datadog and Prometheus, logs now aligned,
One otel-config.yaml, beautifully designed,
The gateway's metrics now perfectly signed! 📊✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: updating Gateway telemetry documentation on Kubernetes to align with the unified chart, which is directly reflected in the raw summary's focus on reshaping Kubernetes Datadog/Prometheus instructions and consolidating log-forwarding guidance.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch ASM-18285-update-gw-metrics-conf

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

docs/Akeyless Gateway/operate-gateway/gateway-telemetry-and-metrics.md (1)

208-219: ⚡ Quick win

Prefer stringData to avoid manual Base64 encoding errors.

The current flow works, but asking users to pre-encode content is error-prone. Using stringData keeps the example simpler and safer for docs readers.

Suggested doc refactor

 apiVersion: v1
 kind: Secret
 metadata:
   name: gw-metrics-secret
   namespace: <your-namespace>
 type: Opaque
-data:
-  otel-config.yaml: <base64-encoded-otel-config>
+stringData:
+  otel-config.yaml: |
+    <paste-otel-config-yaml-content-here>

As per coding guidelines, "Examples and commands in documentation must be realistic and internally consistent".

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/Akeyless` Gateway/operate-gateway/gateway-telemetry-and-metrics.md
around lines 208 - 219, The Secret example requires manual Base64 encoding which
is error-prone; update the Kubernetes Secret for gw-metrics-secret to use
stringData instead of data so authors can paste plain YAML for otel-config.yaml
directly (refer to the Secret kind and the key otel-config.yaml in the example)
— replace the data: block with stringData: and put the unencoded otel-config
content as the value for otel-config.yaml to make the docs realistic and easier
to follow.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/Akeyless` Gateway/operate-gateway/gateway-telemetry-and-metrics.md:
- Around line 287-295: The Prometheus scrape example uses localhost:8889 which
is wrong in Kubernetes; update the scrape_configs example (job_name: 'akeyless',
scrape_interval, static_configs -> targets) to use the Gateway Service DNS
instead of localhost (e.g., a Kubernetes service FQDN or service name with
namespace placeholder like <gateway-service>.<namespace>.svc.cluster.local:8889
or <gateway-service>:8889) so Prometheus scrapes the Gateway pod via the cluster
service; keep job_name 'akeyless' and port 8889 but replace 'localhost' with the
service DNS and add a short note about replacing <namespace> with the actual
namespace.

---

Nitpick comments:
In `@docs/Akeyless` Gateway/operate-gateway/gateway-telemetry-and-metrics.md:
- Around line 208-219: The Secret example requires manual Base64 encoding which
is error-prone; update the Kubernetes Secret for gw-metrics-secret to use
stringData instead of data so authors can paste plain YAML for otel-config.yaml
directly (refer to the Secret kind and the key otel-config.yaml in the example)
— replace the data: block with stringData: and put the unencoded otel-config
content as the value for otel-config.yaml to make the docs realistic and easier
to follow.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: e594d5ab-4a95-4628-ae4d-49e7d4e2ec3a

📥 Commits

Reviewing files that changed from the base of the PR and between 7853ab0 and a7d165e.

📒 Files selected for processing (1)

• docs/Akeyless Gateway/operate-gateway/gateway-telemetry-and-metrics.md

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Use a Kubernetes-reachable target instead of localhost in Prometheus scrape config.

In Kubernetes, localhost:8889 points to the Prometheus pod itself, not the Gateway Service. This example can cause scrape failures.

Suggested doc fix

 scrape_configs:
   - job_name: 'akeyless'
     scrape_interval: 10s
     static_configs:
-      - targets: ['localhost:8889']
+      - targets: ['<gateway-service-name>.<namespace>.svc.cluster.local:8889']

As per coding guidelines, "Examples and commands in documentation must be realistic and internally consistent".

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/Akeyless` Gateway/operate-gateway/gateway-telemetry-and-metrics.md
around lines 287 - 295, The Prometheus scrape example uses localhost:8889 which
is wrong in Kubernetes; update the scrape_configs example (job_name: 'akeyless',
scrape_interval, static_configs -> targets) to use the Gateway Service DNS
instead of localhost (e.g., a Kubernetes service FQDN or service name with
namespace placeholder like <gateway-service>.<namespace>.svc.cluster.local:8889
or <gateway-service>:8889) so Prometheus scrapes the Gateway pod via the cluster
service; keep job_name 'akeyless' and port 8889 but replace 'localhost' with the
service DNS and add a short note about replacing <namespace> with the actual
namespace.