feat: add openlit & openobserve & buildingai

apps/openobserve/.env.example

@@ -0,0 +1,43 @@
+# OpenObserve Configuration
+
+# Global registry prefix (optional)
+# Leave empty to use the default registry (public.ecr.aws/zinclabs/)
+GLOBAL_REGISTRY=
+
+# OpenObserve version
+# Latest stable version: v0.50.0
+OPENOBSERVE_VERSION=v0.50.0
+
+# Timezone configuration
+# Default: UTC
+TZ=UTC
+
+# OpenObserve web UI port override
+# Default: 5080
+OPENOBSERVE_PORT_OVERRIDE=5080
+
+# Data directory inside container
+# Default: /data
+ZO_DATA_DIR=/data
+
+# Root user credentials
+# IMPORTANT: Change these default credentials before deploying to production
+ZO_ROOT_USER_EMAIL=admin@example.com
+ZO_ROOT_USER_PASSWORD=Complexpass#123
+
+# Optional: S3 object storage configuration
+# Leave empty to use local disk storage
+# If configured, OpenObserve will use S3 for data storage
+ZO_S3_BUCKET_NAME=
+ZO_S3_REGION_NAME=
+ZO_S3_ACCESS_KEY=
+ZO_S3_SECRET_KEY=
+
+# Resource limits
+# CPU limits (in cores)
+OPENOBSERVE_CPU_LIMIT=2.0
+OPENOBSERVE_CPU_RESERVATION=0.5
+
+# Memory limits
+OPENOBSERVE_MEMORY_LIMIT=2G
+OPENOBSERVE_MEMORY_RESERVATION=512M

apps/openobserve/README.md

@@ -0,0 +1,165 @@
+# OpenObserve
+
+[OpenObserve](https://openobserve.ai/) is a cloud-native observability platform built specifically for logs, metrics, traces, analytics, and more. It provides 10x easier deployment, 140x lower storage costs, and high performance compared to traditional observability solutions like Elasticsearch, Splunk, and Datadog.
+
+## Features
+
+- **Unified Observability**: Logs, metrics, traces, and frontend monitoring (RUM) in a single platform
+- **Cost Efficiency**: 140x lower storage costs compared to Elasticsearch through Parquet columnar storage and S3-native architecture
+- **High Performance**: Better query performance than Elasticsearch while using 1/4th the hardware resources
+- **Single Binary**: Start with a single binary that scales to terabytes, or deploy in High Availability mode for petabyte-scale workloads
+- **Easy to Use**: No complex tuning required, intuitive UI, SQL and PromQL support
+- **OpenTelemetry Native**: Built-in OTLP ingestion for logs, metrics, and traces
+- **Flexible Storage**: Supports local disk, S3, MinIO, GCS, or Azure Blob Storage
+- **Production Ready**: Thousands of deployments worldwide, largest deployment processes 2 PB/day
+
+## Quick Start
+
+1. Copy the environment example file:
+
+   ```bash
+   cp .env.example .env
+   ```
+
+2. Edit `.env` and configure:
+   - `ZO_ROOT_USER_EMAIL`: Admin email (change default)
+   - `ZO_ROOT_USER_PASSWORD`: Admin password (change default, minimum 8 characters with special chars)
+   - `OPENOBSERVE_PORT_OVERRIDE`: Web UI port (default: 5080)
+
+3. Start OpenObserve:
+
+   ```bash
+   docker compose up -d
+   ```
+
+4. Access the web UI at `http://localhost:5080`
+
+5. Log in with your configured credentials
+
+## Configuration
+
+### Basic Configuration
+
+| Environment Variable        | Description                     | Default             |
+| --------------------------- | ------------------------------- | ------------------- |
+| `OPENOBSERVE_VERSION`       | OpenObserve image version       | `v0.50.0`           |
+| `OPENOBSERVE_PORT_OVERRIDE` | Web UI port                     | `5080`              |
+| `ZO_ROOT_USER_EMAIL`        | Root user email                 | `admin@example.com` |
+| `ZO_ROOT_USER_PASSWORD`     | Root user password              | `Complexpass#123`   |
+| `ZO_DATA_DIR`               | Data directory inside container | `/data`             |
+
+### S3 Object Storage (Optional)
+
+For production deployments, configure S3-compatible object storage:
+
+| Environment Variable | Description    |
+| -------------------- | -------------- |
+| `ZO_S3_BUCKET_NAME`  | S3 bucket name |
+| `ZO_S3_REGION_NAME`  | S3 region      |
+| `ZO_S3_ACCESS_KEY`   | S3 access key  |
+| `ZO_S3_SECRET_KEY`   | S3 secret key  |
+
+When S3 is configured, OpenObserve will use it for data storage instead of local volumes.
+
+### Resource Limits
+
+Adjust CPU and memory limits based on your workload:
+
+| Environment Variable             | Description        | Default |
+| -------------------------------- | ------------------ | ------- |
+| `OPENOBSERVE_CPU_LIMIT`          | Maximum CPU cores  | `2.0`   |
+| `OPENOBSERVE_CPU_RESERVATION`    | Reserved CPU cores | `0.5`   |
+| `OPENOBSERVE_MEMORY_LIMIT`       | Maximum memory     | `2G`    |
+| `OPENOBSERVE_MEMORY_RESERVATION` | Reserved memory    | `512M`  |
+
+## Data Ingestion
+
+OpenObserve supports multiple ingestion methods:
+
+### OpenTelemetry (OTLP)
+
+Send OTLP data to `http://localhost:5080/api/default/` with authentication.
+
+### Logs via HTTP
+
+```bash
+curl -u admin@example.com:Complexpass#123 \
+  -H "Content-Type: application/json" \
+  http://localhost:5080/api/default/logs/_json \
+  -d '[{"message": "Hello OpenObserve", "level": "info"}]'
+```
+
+### Prometheus Remote Write
+
+Configure Prometheus to use OpenObserve as a remote write target.
+
+See the [official documentation](https://openobserve.ai/docs/ingestion/) for more ingestion methods.
+
+## Architecture
+
+OpenObserve achieves its performance and cost efficiency through:
+
+- **Parquet columnar storage**: Efficient compression and query performance
+- **S3-native design**: Leverages inexpensive object storage with intelligent caching
+- **Built in Rust**: Memory-safe, high-performance implementation
+- **Intelligent partitioning and indexing**: Reduces search space by up to 99% for most queries
+- **Stateless architecture**: Enables rapid scaling and disaster recovery
+
+## Volumes
+
+- `openobserve_data`: Stores all data when using local disk storage (not used when S3 is configured)
+
+## Security Considerations
+
+1. **Change default credentials**: Always modify `ZO_ROOT_USER_EMAIL` and `ZO_ROOT_USER_PASSWORD` in production
+2. **Password requirements**: Use strong passwords with minimum 8 characters including special characters
+3. **Network security**: Consider using a reverse proxy with TLS for production deployments
+4. **S3 credentials**: Store S3 credentials securely, consider using IAM roles when possible
+5. **Data immutability**: All ingested data is immutable by design for audit compliance
+
+## Upgrading
+
+To upgrade to a new version:
+
+1. Update `OPENOBSERVE_VERSION` in `.env`
+2. Pull the new image and restart:
+
+   ```bash
+   docker compose pull
+   docker compose up -d
+   ```
+
+OpenObserve handles schema migrations automatically, no manual steps required.
+
+## Enterprise Features
+
+The Enterprise edition includes:
+
+- Single Sign-On (SSO): OIDC, OAuth, SAML, LDAP/AD
+- Advanced RBAC: Role-based access control with custom roles
+- Audit trails: Immutable audit logs
+- Federated search: Query across multiple clusters
+- Sensitive Data Redaction: Automatic PII redaction
+- Priority support with SLA guarantees
+
+See [pricing page](https://openobserve.ai/downloads/) for details.
+
+## License
+
+- Open Source Edition: AGPL-3.0
+- Enterprise Edition: Commercial license
+
+## Links
+
+- [Official Website](https://openobserve.ai/)
+- [Documentation](https://openobserve.ai/docs/)
+- [GitHub Repository](https://github.com/openobserve/openobserve)
+- [Slack Community](https://short.openobserve.ai/community)
+- [Customer Stories](https://openobserve.ai/customer-stories/)
+
+## Support
+
+- Community support via [Slack](https://short.openobserve.ai/community)
+- GitHub [Issues](https://github.com/openobserve/openobserve/issues)
+- GitHub [Discussions](https://github.com/openobserve/openobserve/discussions)
+- Enterprise support available with commercial license

apps/openobserve/README.zh.md

@@ -0,0 +1,165 @@
+# OpenObserve
+
+[OpenObserve](https://openobserve.ai/) 是一个专为日志、指标、追踪、分析等构建的云原生可观测平台。与 Elasticsearch、Splunk 和 Datadog 等传统可观测解决方案相比，它提供了 10 倍更简单的部署、140 倍更低的存储成本和高性能。
+
+## 功能特性
+
+- **统一可观测性**：日志、指标、追踪和前端监控（RUM）集成在单一平台
+- **成本效益**：通过 Parquet 列式存储和 S3 原生架构，存储成本比 Elasticsearch 低 140 倍
+- **高性能**：查询性能优于 Elasticsearch，同时仅使用 1/4 的硬件资源
+- **单一二进制**：从可扩展至 TB 级的单一二进制开始，或部署高可用模式以处理 PB 级工作负载
+- **易于使用**：无需复杂调优，直观的 UI，支持 SQL 和 PromQL
+- **OpenTelemetry 原生**：内置 OTLP 日志、指标和追踪采集
+- **灵活存储**：支持本地磁盘、S3、MinIO、GCS 或 Azure Blob 存储
+- **生产就绪**：全球数千个部署，最大部署每天处理 2 PB 数据
+
+## 快速开始
+
+1. 复制环境变量示例文件：
+
+   ```bash
+   cp .env.example .env
+   ```
+
+2. 编辑 `.env` 并配置：
+   - `ZO_ROOT_USER_EMAIL`：管理员邮箱（修改默认值）
+   - `ZO_ROOT_USER_PASSWORD`：管理员密码（修改默认值，最少 8 个字符且包含特殊字符）
+   - `OPENOBSERVE_PORT_OVERRIDE`：Web UI 端口（默认：5080）
+
+3. 启动 OpenObserve：
+
+   ```bash
+   docker compose up -d
+   ```
+
+4. 访问 Web UI：`http://localhost:5080`
+
+5. 使用配置的凭据登录
+
+## 配置说明
+
+### 基础配置
+
+| 环境变量                    | 说明                 | 默认值              |
+| --------------------------- | -------------------- | ------------------- |
+| `OPENOBSERVE_VERSION`       | OpenObserve 镜像版本 | `v0.50.0`           |
+| `OPENOBSERVE_PORT_OVERRIDE` | Web UI 端口          | `5080`              |
+| `ZO_ROOT_USER_EMAIL`        | 根用户邮箱           | `admin@example.com` |
+| `ZO_ROOT_USER_PASSWORD`     | 根用户密码           | `Complexpass#123`   |
+| `ZO_DATA_DIR`               | 容器内数据目录       | `/data`             |
+
+### S3 对象存储（可选）
+
+对于生产部署，配置兼容 S3 的对象存储：
+
+| 环境变量            | 说明          |
+| ------------------- | ------------- |
+| `ZO_S3_BUCKET_NAME` | S3 存储桶名称 |
+| `ZO_S3_REGION_NAME` | S3 区域       |
+| `ZO_S3_ACCESS_KEY`  | S3 访问密钥   |
+| `ZO_S3_SECRET_KEY`  | S3 密钥       |
+
+配置 S3 后，OpenObserve 将使用它进行数据存储，而不是本地卷。
+
+### 资源限制
+
+根据工作负载调整 CPU 和内存限制：
+
+| 环境变量                         | 说明            | 默认值 |
+| -------------------------------- | --------------- | ------ |
+| `OPENOBSERVE_CPU_LIMIT`          | 最大 CPU 核心数 | `2.0`  |
+| `OPENOBSERVE_CPU_RESERVATION`    | 预留 CPU 核心数 | `0.5`  |
+| `OPENOBSERVE_MEMORY_LIMIT`       | 最大内存        | `2G`   |
+| `OPENOBSERVE_MEMORY_RESERVATION` | 预留内存        | `512M` |
+
+## 数据采集
+
+OpenObserve 支持多种采集方式：
+
+### OpenTelemetry (OTLP)
+
+发送 OTLP 数据到 `http://localhost:5080/api/default/` 并进行身份验证。
+
+### 通过 HTTP 采集日志
+
+```bash
+curl -u admin@example.com:Complexpass#123 \
+  -H "Content-Type: application/json" \
+  http://localhost:5080/api/default/logs/_json \
+  -d '[{"message": "Hello OpenObserve", "level": "info"}]'
+```
+
+### Prometheus 远程写入
+
+配置 Prometheus 使用 OpenObserve 作为远程写入目标。
+
+更多采集方法请参见[官方文档](https://openobserve.ai/docs/ingestion/)。
+
+## 架构
+
+OpenObserve 通过以下方式实现其性能和成本效率：
+
+- **Parquet 列式存储**：高效压缩和查询性能
+- **S3 原生设计**：利用廉价对象存储与智能缓存
+- **Rust 构建**：内存安全、高性能实现
+- **智能分区和索引**：大多数查询可将搜索空间减少高达 99%
+- **无状态架构**：支持快速扩展和灾难恢复
+
+## 数据卷
+
+- `openobserve_data`：使用本地磁盘存储时存储所有数据（配置 S3 时不使用）
+
+## 安全注意事项
+
+1. **修改默认凭据**：在生产环境中务必修改 `ZO_ROOT_USER_EMAIL` 和 `ZO_ROOT_USER_PASSWORD`
+2. **密码要求**：使用强密码，至少 8 个字符且包含特殊字符
+3. **网络安全**：生产部署时考虑使用带 TLS 的反向代理
+4. **S3 凭据**：安全存储 S3 凭据，在可能的情况下考虑使用 IAM 角色
+5. **数据不可变性**：所有采集的数据在设计上都是不可变的，以满足审计合规要求
+
+## 升级
+
+升级到新版本：
+
+1. 在 `.env` 中更新 `OPENOBSERVE_VERSION`
+2. 拉取新镜像并重启：
+
+   ```bash
+   docker compose pull
+   docker compose up -d
+   ```
+
+OpenObserve 会自动处理模式迁移，无需手动步骤。
+
+## 企业版功能
+
+企业版包含：
+
+- 单点登录（SSO）：OIDC、OAuth、SAML、LDAP/AD
+- 高级 RBAC：基于角色的访问控制与自定义角色
+- 审计跟踪：不可变审计日志
+- 联合搜索：跨多个集群查询
+- 敏感数据脱敏：自动 PII 脱敏
+- 带 SLA 保证的优先支持
+
+详情请参见[价格页面](https://openobserve.ai/downloads/)。
+
+## 许可证
+
+- 开源版：AGPL-3.0
+- 企业版：商业许可证
+
+## 相关链接
+
+- [官方网站](https://openobserve.ai/)
+- [文档](https://openobserve.ai/docs/)
+- [GitHub 仓库](https://github.com/openobserve/openobserve)
+- [Slack 社区](https://short.openobserve.ai/community)
+- [客户案例](https://openobserve.ai/customer-stories/)
+
+## 支持
+
+- 通过 [Slack](https://short.openobserve.ai/community) 获得社区支持
+- GitHub [Issues](https://github.com/openobserve/openobserve/issues)
+- GitHub [Discussions](https://github.com/openobserve/openobserve/discussions)
+- 商业许可证提供企业支持

apps/openobserve/docker-compose.yaml

@@ -0,0 +1,47 @@
+# Docker Compose configuration for OpenObserve
+# OpenObserve is a cloud-native observability platform for logs, metrics, traces, and more
+# https://github.com/openobserve/openobserve
+
+x-defaults: &defaults
+  restart: unless-stopped
+  logging:
+    driver: json-file
+    options:
+      max-size: 100m
+      max-file: "3"
+
+services:
+  openobserve:
+    <<: *defaults
+    image: ${GLOBAL_REGISTRY:-public.ecr.aws/zinclabs/}openobserve:${OPENOBSERVE_VERSION:-v0.50.0}
+    ports:
+      - "${OPENOBSERVE_PORT_OVERRIDE:-5080}:5080"
+    volumes:
+      - openobserve_data:/data
+    environment:
+      - TZ=${TZ:-UTC}
+      - ZO_DATA_DIR=${ZO_DATA_DIR:-/data}
+      - ZO_ROOT_USER_EMAIL=${ZO_ROOT_USER_EMAIL:-admin@example.com}
+      - ZO_ROOT_USER_PASSWORD=${ZO_ROOT_USER_PASSWORD:-Complexpass#123}
+      # Optional: S3 configuration for object storage
+      - ZO_S3_BUCKET_NAME=${ZO_S3_BUCKET_NAME:-}
+      - ZO_S3_REGION_NAME=${ZO_S3_REGION_NAME:-}
+      - ZO_S3_ACCESS_KEY=${ZO_S3_ACCESS_KEY:-}
+      - ZO_S3_SECRET_KEY=${ZO_S3_SECRET_KEY:-}
+    healthcheck:
+      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:5080/healthz"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 30s
+    deploy:
+      resources:
+        limits:
+          cpus: ${OPENOBSERVE_CPU_LIMIT:-2.0}
+          memory: ${OPENOBSERVE_MEMORY_LIMIT:-2G}
+        reservations:
+          cpus: ${OPENOBSERVE_CPU_RESERVATION:-0.5}
+          memory: ${OPENOBSERVE_MEMORY_RESERVATION:-512M}
+
+volumes:
+  openobserve_data: