Add integrated log forwarding system

Author: Anadris

charts/bunkerweb/Chart.yaml

@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.0.10
+version: 1.0.11
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

charts/bunkerweb/templates/_helpers.tpl

@@ -814,4 +814,16 @@ Generate BunkerWeb feature environment variables
   value: {{ .backup.backupDirectory | quote }}
 {{- end }}
 {{- end }}
-{{- end }}
+{{- end }}
+
+{{/*
+Syslog address for UI logs
+Returns the configured syslog address if set, otherwise the UI sidecar service address
+*/}}
+{{- define "bunkerweb.syslogAddress" -}}
+{{- if and .Values.ui.logs.syslogAddress (ne .Values.ui.logs.syslogAddress "") -}}
+  {{- .Values.ui.logs.syslogAddress -}}
+{{- else -}}
+  {{- printf "ui-%s.%s.svc.%s:514" (include "bunkerweb.fullname" .) (include "bunkerweb.namespace" .) .Values.settings.kubernetes.domainName -}}
+{{- end -}}
+{{- end -}}

charts/bunkerweb/templates/bunkerweb-daemonset.yaml

@@ -67,6 +67,12 @@ spec:
             # Internal subnet(s) + localhost
             - name: API_WHITELIST_IP
               value: "{{ .Values.settings.misc.apiWhitelistIp }}"
+            {{- if .Values.ui.logs.enabled }}
+            - name: ACCESS_LOG_1
+              value: "syslog:server={{ include "bunkerweb.syslogAddress" . }},tag=bunkerweb_access"
+            - name: ERROR_LOG_1
+              value: "syslog:server={{ include "bunkerweb.syslogAddress" . }},tag=bunkerweb"
+            {{- end }}
           {{- if .Values.bunkerweb.extraEnvs }}
             {{- toYaml .Values.bunkerweb.extraEnvs | nindent 12 }}
           {{- end }}

charts/bunkerweb/templates/bunkerweb-deployment.yaml

@@ -85,6 +85,12 @@ spec:
             # Internal subnet(s) + localhost
             - name: API_WHITELIST_IP
               value: "{{ .Values.settings.misc.apiWhitelistIp }}"
+            {{- if .Values.ui.logs.enabled }}
+            - name: ACCESS_LOG_1
+              value: "syslog:server={{ include "bunkerweb.syslogAddress" . }},tag=bunkerweb_access"
+            - name: ERROR_LOG_1
+              value: "syslog:server={{ include "bunkerweb.syslogAddress" . }},tag=bunkerweb"
+            {{- end }}
           {{- if .Values.bunkerweb.extraEnvs }}
             {{- toYaml .Values.bunkerweb.extraEnvs | nindent 12 }}
           {{- end }}

charts/bunkerweb/templates/bunkerweb-statefulset.yaml

@@ -55,6 +55,12 @@ spec:
               value: "{{ .Values.settings.misc.dnsResolvers }}"
             - name: API_WHITELIST_IP
               value: "{{ .Values.settings.misc.apiWhitelistIp }}"
+            {{- if .Values.ui.logs.enabled }}
+            - name: ACCESS_LOG_1
+              value: "syslog:server={{ include "bunkerweb.syslogAddress" . }},tag=bunkerweb_access"
+            - name: ERROR_LOG_1
+              value: "syslog:server={{ include "bunkerweb.syslogAddress" . }},tag=bunkerweb"
+            {{- end }}
           {{- if .Values.bunkerweb.extraEnvs }}
             {{- toYaml .Values.bunkerweb.extraEnvs | nindent 12 }}
           {{- end }}

charts/bunkerweb/templates/controller-deployment.yaml

@@ -63,6 +63,12 @@ spec:
              {{- if .Values.controller.extraEnvs }}
               {{- toYaml .Values.controller.extraEnvs | nindent 12 }}
             {{- end }}
+            {{- if .Values.ui.logs.enabled }}
+            - name: LOG_TYPES
+              value: "stderr syslog"
+            - name: LOG_SYSLOG_ADDRESS
+              value: "{{ include "bunkerweb.syslogAddress" . }}"
+            {{- end }}
     {{- if .Values.controller.nodeSelector }}
       {{- with .Values.controller.nodeSelector }}
       nodeSelector:

charts/bunkerweb/templates/scheduler-deployment.yaml

@@ -90,6 +90,12 @@ spec:
             {{- if .Values.scheduler.extraEnvs }}
               {{- toYaml .Values.scheduler.extraEnvs | nindent 12 }}
             {{- end }}
+            {{- if .Values.ui.logs.enabled }}
+            - name: LOG_TYPES
+              value: "stderr syslog"
+            - name: LOG_SYSLOG_ADDRESS
+              value: "{{ include "bunkerweb.syslogAddress" . }}"
+            {{- end }}
     {{- if .Values.scheduler.nodeSelector }}
       {{- with .Values.scheduler.nodeSelector }}
       nodeSelector:

charts/bunkerweb/templates/ui-deployment.yaml

@@ -88,6 +88,12 @@ spec:
               {{- else }}
               value: "{{ .Values.settings.ui.flaskSecret }}"
               {{- end }}
+            {{- if .Values.ui.logs.enabled }}
+            - name: LOG_TYPES
+              value: "stderr syslog"
+            - name: LOG_SYSLOG_ADDRESS
+              value: "{{ include "bunkerweb.syslogAddress" . }}"
+            {{- end }}
             - name: OVERRIDE_ADMIN_CREDS
               value: "{{ .Values.settings.ui.overrideAdminCreds }}"
             {{- if .Values.ui.extraEnvs }}

charts/bunkerweb/values.yaml

@@ -986,6 +986,11 @@ ui:
     # Enable log collection sidecar
     enabled: false
 
+    # Syslog address for log forwarding
+    # Automatically set to Sidecar service if empty
+    # Format: HOST:PORT "syslog-server:514" do not append Protocol, it's set to UDP by default and port 514.
+    syslogAddress: ""
+
     # Syslog-ng container for log collection
     repository: balabit/syslog-ng
     pullPolicy: Always

docs/values.md

@@ -66,7 +66,7 @@ Main reverse proxy and WAF component
 | `bunkerweb.repository` | Container image configuration | `string` | `"bunkerity/bunkerweb"` |
 | `bunkerweb.securityContext` | Security context for BunkerWeb container | `object` | See nested values |
 | `bunkerweb.service` | Internal service configuration (for inter-pod communication) | `object` | See nested values |
-| `bunkerweb.tag` | Configuration for tag | `string` | `"1.6.5"` |
+| `bunkerweb.tag` | Configuration for tag | `string` | `"1.6.6"` |
 | `bunkerweb.tolerations` | Tolerations (overrides global setting) | `list` | `[]` |
 | `bunkerweb.volumeMounts` | volumes: - name: shared-data persistentVolumeClaim: claimName: shared-pvc Custom volume mounts confi... | `list` | `[]` |
 | `bunkerweb.volumes` | Custom volumes configuration Allows mounting additional volumes to the BunkerWeb container | `list` | `[]` |
@@ -127,7 +127,7 @@ Web interface for BunkerWeb management and monitoring
 | `ui.readinessProbe` | Readiness probe configuration | `object` | See nested values |
 | `ui.repository` | Container image configuration | `string` | `"bunkerity/bunkerweb-ui"` |
 | `ui.securityContext` | Security context for BunkerWeb container | `object` | See nested values |
-| `ui.tag` | Configuration for tag | `string` | `"1.6.5"` |
+| `ui.tag` | Configuration for tag | `string` | `"1.6.6"` |
 | `ui.tolerations` | Tolerations (overrides global setting) | `list` | `[]` |
 | `ui.livenessProbe.exec` | Configuration for exec | `object` | See nested values |
 | `ui.livenessProbe.failureThreshold` | Configuration for failureThreshold | `int` | `3` |
@@ -138,6 +138,7 @@ Web interface for BunkerWeb management and monitoring
 | `ui.logs.persistence` | Persistent storage for logs | `object` | See nested values |
 | `ui.logs.pullPolicy` | Configuration for pullPolicy | `string` | `"Always"` |
 | `ui.logs.repository` | Syslog-ng container for log collection | `string` | `"balabit/syslog-ng"` |
+| `ui.logs.syslogAddress` | Syslog address for log forwarding Automatically set to Sidecar service if empty Format: HOST:PORT "s... | `string` | `""` |
 | `ui.logs.tag` | Configuration for tag | `string` | `"4.8.0"` |
 | `ui.readinessProbe.exec` | Configuration for exec | `object` | See nested values |
 | `ui.readinessProbe.failureThreshold` | Configuration for failureThreshold | `int` | `3` |
@@ -174,7 +175,7 @@ Manages BunkerWeb configuration and coordination
 | `scheduler.pullPolicy` | Configuration for pullPolicy | `string` | `"Always"` |
 | `scheduler.repository` | Container image configuration | `string` | `"bunkerity/bunkerweb-scheduler"` |
 | `scheduler.securityContext` | Security context for BunkerWeb container | `object` | See nested values |
-| `scheduler.tag` | Configuration for tag | `string` | `"1.6.5"` |
+| `scheduler.tag` | Configuration for tag | `string` | `"1.6.6"` |
 | `scheduler.tolerations` | Tolerations (overrides global setting) | `list` | `[]` |
 | `scheduler.usePrometheusExporter` | Enable Prometheus metrics exporter and creates a service for it Requires BunkerWeb PRO license | `bool` | `false` |
 | `scheduler.features.antibot` | Configuration for antibot | `object` | See nested values |
@@ -380,7 +381,7 @@ Kubernetes controller for automatic Ingress management
 | `controller.readinessProbe` | Readiness probe configuration | `object` | See nested values |
 | `controller.repository` | Container image configuration | `string` | `"bunkerity/bunkerweb-autoconf"` |
 | `controller.securityContext` | Security context for BunkerWeb container | `object` | See nested values |
-| `controller.tag` | Configuration for tag | `string` | `"1.6.5"` |
+| `controller.tag` | Configuration for tag | `string` | `"1.6.6"` |
 | `controller.tolerations` | Tolerations (overrides global setting) | `list` | `[]` |
 | `controller.livenessProbe.exec` | Configuration for exec | `object` | See nested values |
 | `controller.livenessProbe.failureThreshold` | Configuration for failureThreshold | `int` | `3` |