Add /loki-query slash command for VCell log access#1680
Open
Add /loki-query slash command for VCell log access#1680
Conversation
Wraps logcli with a kubectl port-forward to the in-cluster Loki instance so prod/stage/dev logs can be queried during incident investigation without leaving the dev machine. The slash command is namespace-aware and documents the VCell container layout per environment. tools/loki/setup.sh is idempotent: installs logcli on macOS via brew, starts a port-forward to svc/loki-read in the logging namespace, and verifies tenant access. Bypasses the loki-gateway whose ED25519 TLS cert LibreSSL/macOS curl can't handshake. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
/loki-queryslash command (.claude/commands/loki-query.md) for querying the in-cluster Loki instance covering all three VCell environments (prod,stage,dev)tools/loki/:setup.sh(idempotent install + port-forward),loki-query.sh(auto-setup + logcli passthrough wrapper),teardown.sh(stop port-forward)brew install logcli); kubeconfig path overridable viaLOKI_KUBECONFIGWhy
During an incident investigation we found the prod
datapod had been silently disconnected from ActiveMQ for ~18 hours, causing periodic Better Stack alerts. Surfacing that requiredkubectl exec-ing into the pod and reading logs by hand. This tooling lets a developer go from "Better Stack just paged me" to a focused LogQL query in one slash-command, with no per-incident setup.Implementation notes
setup.shbypasses theloki-gatewaywhose ED25519 TLS cert can't handshake against macOS LibreSSL curl, by port-forwardingsvc/loki-readdirectly on plain HTTP. Tenantuchcis set automatically viaX-Scope-OrgID.prod-onlyrest/mongodb,stage-onlysif-prepull).Test plan
bash tools/loki/setup.shsucceeds on a fresh macOS dev box (installs logcli on first run, no-op afterwards)bash tools/loki/loki-query.sh --since=5m '{namespace="prod", container="data"}' | headreturns log linesnamespace="stage"andnamespace="dev"— confirmed during development that all three respondbash tools/loki/teardown.shstops the port-forward and cleans up/tmp/vcell-loki-pf.pid/loki-query show errors in prod data container last 15minvokes the slash command and translates intent into a working LogQL query🤖 Generated with Claude Code