diff --git a/.gitignore b/.gitignore index a2408d20f..0e0ac60a7 100644 --- a/.gitignore +++ b/.gitignore @@ -26,3 +26,6 @@ testbin/ .DS_Store .envrc charts/fluent-operator.tgz + +.cache +.claude diff --git a/Makefile b/Makefile index 7c5e5d465..e9efc33ff 100644 --- a/Makefile +++ b/Makefile @@ -8,11 +8,12 @@ SHELL = /usr/bin/env bash -o pipefail VERSION ?= $(shell cat version.txt | tr -d " \t\n\r") FB_VERSION?=$(shell grep -v '^#' cmd/fluent-watcher/fluentbit/VERSION | tr -d " \t\n\r") +FD_VERSION?=$(shell grep -v '^#' cmd/fluent-watcher/fluentd/VERSION | tr -d " \t\n\r") # Image URL to use all building/pushing image targets FB_IMG ?= ghcr.io/fluent/fluent-operator/fluent-bit:v${FB_VERSION} FB_IMG_DEBUG ?= ghcr.io/fluent/fluent-operator/fluent-bit:v${FB_VERSION}-debug -FD_IMG ?= ghcr.io/fluent/fluent-operator/fluentd:v1.19.2 -FO_IMG ?= kubesphere/fluent-operator:$(VERSION) +FD_IMG ?= ghcr.io/fluent/fluent-operator/fluentd:v${FD_VERSION} +FO_IMG ?= ghcr.io/fluent/fluent-operator/fluent-operator:$(VERSION) ARCH ?= arm64 @@ -51,16 +52,20 @@ help: ## Display this help. shellcheck: @find . -type f -name *.sh -exec docker run --rm -v $(shell pwd):/mnt koalaman/shellcheck:stable {} + +MANIFEST_PATHS := ./apis/fluentbit/...;./apis/fluentd/...;./controllers/... + .PHONY: manifests manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects. - $(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./apis/fluentbit/..." output:crd:artifacts:config=config/crd/bases - $(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./apis/fluentd/..." output:crd:artifacts:config=config/crd/bases - $(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./apis/fluentbit/..." output:crd:artifacts:config=charts/fluent-operator/crds - $(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./apis/fluentd/..." output:crd:artifacts:config=charts/fluent-operator/crds - $(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./apis/fluentbit/..." output:crd:artifacts:config=charts/fluent-operator-fluent-bit-crds/templates - $(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./apis/fluentd/..." output:crd:artifacts:config=charts/fluent-operator-fluentd-crds/templates - kubectl kustomize config/crd/bases/ | sed -e '/creationTimestamp/d' > manifests/setup/fluent-operator-crd.yaml - kubectl kustomize manifests/setup/ | sed -e '/creationTimestamp/d' > manifests/setup/setup.yaml + $(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=fluent-operator webhook \ + paths="$(MANIFEST_PATHS)" \ + output:crd:artifacts:config=config/crd/bases + $(CONTROLLER_GEN) $(CRD_OPTIONS) paths="$(MANIFEST_PATHS)" \ + output:crd:artifacts:config=charts/fluent-operator/crds + $(CONTROLLER_GEN) $(CRD_OPTIONS) paths="./apis/fluentbit/...;./controllers/..." \ + output:crd:artifacts:config=charts/fluent-operator-fluent-bit-crds/templates + $(CONTROLLER_GEN) $(CRD_OPTIONS) paths="./apis/fluentd/...;./controllers/..." \ + output:crd:artifacts:config=charts/fluent-operator-fluentd-crds/templates + kubectl kustomize config/default/ | sed -e '/creationTimestamp/d' > manifests/setup/setup.yaml hack/mutate-crds.sh .PHONY: generate @@ -135,7 +140,7 @@ build: generate fmt vet ## Build manager binary. go build -o bin/fd-watcher ./cmd/fluent-watcher/fluentd run: manifests generate fmt vet ## Run a controller from your host. - go run cmd/fluent-manager/main.go + go run ./cmd/fluent-manager/ # Build amd64/arm64 Fluent Operator container image .PHONY: build-op @@ -200,10 +205,10 @@ push-amd64: ##@ Deployment install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config. - $(KUSTOMIZE) build config/crd/bases/ | kubectl create -f - + $(KUSTOMIZE) build config/crd/ | kubectl create -f - uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. - $(KUSTOMIZE) build config/crd/bases/ | kubectl delete -f - + $(KUSTOMIZE) build config/crd/ | kubectl delete -f - deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config. kubectl create -f manifests/setup/setup.yaml diff --git a/README.md b/README.md index 31efa036d..d885d5d0e 100644 --- a/README.md +++ b/README.md @@ -133,6 +133,7 @@ Kubernetes v1.16.13+ is necessary for running Fluent Operator. Install the latest stable version ```shell +kubectl create namespace fluent kubectl apply -f https://github.com/fluent/fluent-operator/releases/latest/download/setup.yaml # You can change the namespace in manifests/setup/kustomization.yaml @@ -143,6 +144,7 @@ kubectl apply -f https://github.com/fluent/fluent-operator/releases/latest/downl Install the development version ```shell +kubectl create namespace fluent kubectl apply -f https://raw.githubusercontent.com/fluent/fluent-operator/master/manifests/setup/setup.yaml # You can change the namespace in manifests/setup/kustomization.yaml diff --git a/cmd/fluent-manager/Dockerfile b/cmd/fluent-manager/Dockerfile index ec20ee0a5..7f4d61c36 100644 --- a/cmd/fluent-manager/Dockerfile +++ b/cmd/fluent-manager/Dockerfile @@ -26,6 +26,6 @@ RUN CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} GO111MODULE=on go build FROM gcr.io/distroless/static:nonroot WORKDIR / COPY --from=builder /workspace/manager . -USER nonroot:nonroot +USER 65532:65532 ENTRYPOINT ["/manager"] diff --git a/config/certmanager/certificate-metrics.yaml b/config/certmanager/certificate-metrics.yaml deleted file mode 100644 index 2337fabb1..000000000 --- a/config/certmanager/certificate-metrics.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# The following manifests contain a self-signed issuer CR and a metrics certificate CR. -# More document can be found at https://docs.cert-manager.io -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - labels: - app.kubernetes.io/name: memcached-operator - app.kubernetes.io/managed-by: kustomize - name: metrics-certs # this name should match the one appeared in kustomizeconfig.yaml - namespace: system -spec: - dnsNames: - # SERVICE_NAME and SERVICE_NAMESPACE will be substituted by kustomize - # replacements in the config/default/kustomization.yaml file. - - SERVICE_NAME.SERVICE_NAMESPACE.svc - - SERVICE_NAME.SERVICE_NAMESPACE.svc.cluster.local - issuerRef: - kind: Issuer - name: selfsigned-issuer - secretName: metrics-server-cert diff --git a/config/certmanager/certificate-webhook.yaml b/config/certmanager/certificate-webhook.yaml deleted file mode 100644 index 51de92df8..000000000 --- a/config/certmanager/certificate-webhook.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# The following manifests contain a self-signed issuer CR and a certificate CR. -# More document can be found at https://docs.cert-manager.io -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - labels: - app.kubernetes.io/name: memcached-operator - app.kubernetes.io/managed-by: kustomize - name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml - namespace: system -spec: - # SERVICE_NAME and SERVICE_NAMESPACE will be substituted by kustomize - # replacements in the config/default/kustomization.yaml file. - dnsNames: - - SERVICE_NAME.SERVICE_NAMESPACE.svc - - SERVICE_NAME.SERVICE_NAMESPACE.svc.cluster.local - issuerRef: - kind: Issuer - name: selfsigned-issuer - secretName: webhook-server-cert diff --git a/config/certmanager/issuer.yaml b/config/certmanager/issuer.yaml deleted file mode 100644 index 040dbd457..000000000 --- a/config/certmanager/issuer.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# The following manifest contains a self-signed issuer CR. -# More information can be found at https://docs.cert-manager.io -# WARNING: Targets CertManager v1.0. Check https://cert-manager.io/docs/installation/upgrading/ for breaking changes. -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - labels: - app.kubernetes.io/name: memcached-operator - app.kubernetes.io/managed-by: kustomize - name: selfsigned-issuer - namespace: system -spec: - selfSigned: {} diff --git a/config/certmanager/kustomization.yaml b/config/certmanager/kustomization.yaml deleted file mode 100644 index fcb7498e4..000000000 --- a/config/certmanager/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ -resources: -- issuer.yaml -- certificate-webhook.yaml -- certificate-metrics.yaml - -configurations: -- kustomizeconfig.yaml diff --git a/config/certmanager/kustomizeconfig.yaml b/config/certmanager/kustomizeconfig.yaml deleted file mode 100644 index cf6f89e88..000000000 --- a/config/certmanager/kustomizeconfig.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# This configuration is for teaching kustomize how to update name ref substitution -nameReference: -- kind: Issuer - group: cert-manager.io - fieldSpecs: - - kind: Certificate - group: cert-manager.io - path: spec/issuerRef/name diff --git a/config/crd/bases/kustomization.yaml b/config/crd/bases/kustomization.yaml deleted file mode 100644 index 8548451f2..000000000 --- a/config/crd/bases/kustomization.yaml +++ /dev/null @@ -1,66 +0,0 @@ -# This kustomization.yaml is not intended to be run by itself, -# since it depends on service name and namespace that are out of this kustomize package. -# It should be run by config/default -resources: -- fluentbit.fluent.io_clusterfluentbitconfigs.yaml -- fluentbit.fluent.io_fluentbits.yaml -- fluentbit.fluent.io_clusterinputs.yaml -- fluentbit.fluent.io_clusterfilters.yaml -- fluentbit.fluent.io_clustermultilineparsers.yaml -- fluentbit.fluent.io_clusteroutputs.yaml -- fluentbit.fluent.io_clusterparsers.yaml -- fluentbit.fluent.io_collectors.yaml -- fluentbit.fluent.io_fluentbitconfigs.yaml -- fluentbit.fluent.io_filters.yaml -- fluentbit.fluent.io_multilineparsers.yaml -- fluentbit.fluent.io_outputs.yaml -- fluentbit.fluent.io_parsers.yaml -- fluentd.fluent.io_fluentds.yaml -- fluentd.fluent.io_clusterfluentdconfigs.yaml -- fluentd.fluent.io_fluentdconfigs.yaml -- fluentd.fluent.io_filters.yaml -- fluentd.fluent.io_clusterinputs.yaml -- fluentd.fluent.io_inputs.yaml -- fluentd.fluent.io_clusterfilters.yaml -- fluentd.fluent.io_outputs.yaml -- fluentd.fluent.io_clusteroutputs.yaml -#+kubebuilder:scaffold:crdkustomizeresource - -# patchesStrategicMerge: -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. -# patches here are for enabling the conversion webhook for each CRD -# - patches/webhook_in_fluentbitconfigs.yaml -# - patches/webhook_in_fluentbits.yaml -# - patches/webhook_in_inputs.yaml -# - patches/webhook_in_filters_fluentbit.yaml -# - patches/webhook_in_outputs_fluentbit.yaml -# - patches/webhook_in_parsers.yaml -# - patches/webhook_in_fluentds.yaml -# - patches/webhook_in_clusterfluentdconfigs.yaml -# - patches/webhook_in_fluentdconfigs.yaml -# - patches/webhook_in_clusterfilters.yaml -# - patches/webhook_in_clusteroutputs.yaml -# - patches/webhook_in_filters_fluentd.yaml -# - patches/webhook_in_outputs_fluentd.yaml -#+kubebuilder:scaffold:crdkustomizewebhookpatch - -# [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix. -# patches here are for enabling the CA injection for each CRD -# - patches/cainjection_in_fluentbitconfigs.yaml -# - patches/cainjection_in_fluentbits.yaml -# - patches/cainjection_in_inputs.yaml -# - patches/cainjection_in_filters_fluentbit.yaml -# - patches/cainjection_in_outputs_fluentbit.yaml -# - patches/cainjection_in_parsers.yaml -# - patches/cainjection_in_fluentds.yaml -# - patches/cainjection_in_clusterfluentdconfigs.yaml -# - patches/cainjection_in_fluentdconfigs.yaml -# - patches/cainjection_in_clusterfilters.yaml -# - patches/cainjection_in_clusteroutputs.yaml -# - patches/cainjection_in_filters_fluentd.yaml -# - patches/cainjection_in_outputs_fluentd.yamlpatch -#+kubebuilder:scaffold:crdkustomizecainjectionpatch - -# the following config is for teaching kustomize how to do kustomization for CRDs. -configurations: -- kustomizeconfig.yaml diff --git a/config/crd/bases/kustomizeconfig.yaml b/config/crd/bases/kustomizeconfig.yaml deleted file mode 100644 index e7417c54d..000000000 --- a/config/crd/bases/kustomizeconfig.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# This file is for teaching kustomize how to substitute name and namespace reference in CRD -nameReference: -- kind: Service - version: v1 - fieldSpecs: - - kind: CustomResourceDefinition - version: v1 - group: apiextensions.k8s.io - path: spec/conversion/webhook/clientConfig/service/name - -namespace: -- kind: CustomResourceDefinition - version: v1 - group: apiextensions.k8s.io - path: spec/conversion/webhook/clientConfig/service/namespace - create: false - -varReference: -- path: metadata/annotations \ No newline at end of file diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml index 17888872e..927622fe8 100644 --- a/config/crd/kustomization.yaml +++ b/config/crd/kustomization.yaml @@ -1,56 +1,37 @@ # This kustomization.yaml is not intended to be run by itself, # since it depends on service name and namespace that are out of this kustomize package. # It should be run by config/default -# resources: -# - bases/fluentbit.fluent.io_fluentbitconfigs.yaml -# - bases/fluentbit.fluent.io_fluentbits.yaml -# - bases/fluentbit.fluent.io_inputs.yaml -# - bases/fluentbit.fluent.io_filters.yaml -# - bases/fluentbit.fluent.io_outputs.yaml -# - bases/fluentbit.fluent.io_parsers.yaml -# - bases/fluentd.fluent.io_fluentds.yaml -# - bases/fluentd.fluent.io_clusterfluentdconfigs.yaml -# - bases/fluentd.fluent.io_fluentdconfigs.yaml -# - bases/fluentd.fluent.io_clusterfilters.yaml -# - bases/fluentd.fluent.io_filters.yaml -# - bases/fluentd.fluent.io_outputs.yaml -# - bases/fluentd.fluent.io_clusteroutputs.yaml -#+kubebuilder:scaffold:crdkustomizeresource +resources: +- bases/fluentbit.fluent.io_clusterfluentbitconfigs.yaml +- bases/fluentbit.fluent.io_fluentbits.yaml +- bases/fluentbit.fluent.io_clusterinputs.yaml +- bases/fluentbit.fluent.io_clusterfilters.yaml +- bases/fluentbit.fluent.io_clustermultilineparsers.yaml +- bases/fluentbit.fluent.io_clusteroutputs.yaml +- bases/fluentbit.fluent.io_clusterparsers.yaml +- bases/fluentbit.fluent.io_collectors.yaml +- bases/fluentbit.fluent.io_fluentbitconfigs.yaml +- bases/fluentbit.fluent.io_filters.yaml +- bases/fluentbit.fluent.io_multilineparsers.yaml +- bases/fluentbit.fluent.io_outputs.yaml +- bases/fluentbit.fluent.io_parsers.yaml +- bases/fluentd.fluent.io_fluentds.yaml +- bases/fluentd.fluent.io_clusterfluentdconfigs.yaml +- bases/fluentd.fluent.io_fluentdconfigs.yaml +- bases/fluentd.fluent.io_filters.yaml +- bases/fluentd.fluent.io_clusterinputs.yaml +- bases/fluentd.fluent.io_inputs.yaml +- bases/fluentd.fluent.io_clusterfilters.yaml +- bases/fluentd.fluent.io_outputs.yaml +- bases/fluentd.fluent.io_clusteroutputs.yaml +# +kubebuilder:scaffold:crdkustomizeresource -# patchesStrategicMerge: +#patches: # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. # patches here are for enabling the conversion webhook for each CRD -# - patches/webhook_in_fluentbitconfigs.yaml -# - patches/webhook_in_fluentbits.yaml -# - patches/webhook_in_inputs.yaml -# - patches/webhook_in_filters_fluentbit.yaml -# - patches/webhook_in_outputs_fluentbit.yaml -# - patches/webhook_in_parsers.yaml -# - patches/webhook_in_fluentds.yaml -# - patches/webhook_in_clusterfluentdconfigs.yaml -# - patches/webhook_in_fluentdconfigs.yaml -# - patches/webhook_in_clusterfilters.yaml -# - patches/webhook_in_clusteroutputs.yaml -# - patches/webhook_in_filters_fluentd.yaml -# - patches/webhook_in_outputs_fluentd.yaml -#+kubebuilder:scaffold:crdkustomizewebhookpatch - -# [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix. -# patches here are for enabling the CA injection for each CRD -# - patches/cainjection_in_fluentbitconfigs.yaml -# - patches/cainjection_in_fluentbits.yaml -# - patches/cainjection_in_inputs.yaml -# - patches/cainjection_in_filters_fluentbit.yaml -# - patches/cainjection_in_outputs_fluentbit.yaml -# - patches/cainjection_in_parsers.yaml -# - patches/cainjection_in_fluentds.yaml -# - patches/cainjection_in_clusterfluentdconfigs.yaml -# - patches/cainjection_in_fluentdconfigs.yaml -# - patches/cainjection_in_clusterfilters.yaml -# - patches/cainjection_in_clusteroutputs.yaml -# - patches/cainjection_in_filters_fluentd.yaml -# - patches/cainjection_in_outputs_fluentd.yamlpatch +# +kubebuilder:scaffold:crdkustomizewebhookpatch +# [WEBHOOK] To enable webhook, uncomment the following section # the following config is for teaching kustomize how to do kustomization for CRDs. -configurations: -- kustomizeconfig.yaml +#configurations: +#- kustomizeconfig.yaml diff --git a/config/crd/patches/webhook_in_clusterfilters.yaml b/config/crd/patches/webhook_in_clusterfilters.yaml deleted file mode 100644 index 908c6e062..000000000 --- a/config/crd/patches/webhook_in_clusterfilters.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# The following patch enables a conversion webhook for the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterfilters.fluentd.fluent.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - namespace: system - name: webhook-service - path: /convert - conversionReviewVersions: - - v1 diff --git a/config/crd/patches/webhook_in_clusterfluentdconfigs.yaml b/config/crd/patches/webhook_in_clusterfluentdconfigs.yaml deleted file mode 100644 index a86975a11..000000000 --- a/config/crd/patches/webhook_in_clusterfluentdconfigs.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# The following patch enables a conversion webhook for the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterfluentdconfigs.fluentd.fluent.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - namespace: system - name: webhook-service - path: /convert - conversionReviewVersions: - - v1 diff --git a/config/crd/patches/webhook_in_clusteroutputs.yaml b/config/crd/patches/webhook_in_clusteroutputs.yaml deleted file mode 100644 index 8801d7e21..000000000 --- a/config/crd/patches/webhook_in_clusteroutputs.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# The following patch enables a conversion webhook for the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusteroutputs.fluentd.fluent.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - namespace: system - name: webhook-service - path: /convert - conversionReviewVersions: - - v1 diff --git a/config/crd/patches/webhook_in_filters_fluentbit.yaml b/config/crd/patches/webhook_in_filters_fluentbit.yaml deleted file mode 100644 index 3c46194c2..000000000 --- a/config/crd/patches/webhook_in_filters_fluentbit.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# The following patch enables a conversion webhook for the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: filters.fluentbit.fluent.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - namespace: system - name: webhook-service - path: /convert - conversionReviewVersions: - - v1 diff --git a/config/crd/patches/webhook_in_filters_fluentd.yaml b/config/crd/patches/webhook_in_filters_fluentd.yaml deleted file mode 100644 index 2d515a72d..000000000 --- a/config/crd/patches/webhook_in_filters_fluentd.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# The following patch enables a conversion webhook for the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: filters.fluentd.fluent.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - namespace: system - name: webhook-service - path: /convert - conversionReviewVersions: - - v1 diff --git a/config/crd/patches/webhook_in_fluentbitconfigs.yaml b/config/crd/patches/webhook_in_fluentbitconfigs.yaml deleted file mode 100644 index 47772b5d0..000000000 --- a/config/crd/patches/webhook_in_fluentbitconfigs.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# The following patch enables a conversion webhook for the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: fluentbitconfigs.fluentbit.fluent.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - namespace: system - name: webhook-service - path: /convert - conversionReviewVersions: - - v1 diff --git a/config/crd/patches/webhook_in_fluentbits.yaml b/config/crd/patches/webhook_in_fluentbits.yaml deleted file mode 100644 index df9fb76f3..000000000 --- a/config/crd/patches/webhook_in_fluentbits.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# The following patch enables a conversion webhook for the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: fluentbits.fluentbit.fluent.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - namespace: system - name: webhook-service - path: /convert - conversionReviewVersions: - - v1 diff --git a/config/crd/patches/webhook_in_fluentdconfigs.yaml b/config/crd/patches/webhook_in_fluentdconfigs.yaml deleted file mode 100644 index 93b630be8..000000000 --- a/config/crd/patches/webhook_in_fluentdconfigs.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# The following patch enables a conversion webhook for the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: fluentdconfigs.fluentd.fluent.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - namespace: system - name: webhook-service - path: /convert - conversionReviewVersions: - - v1 diff --git a/config/crd/patches/webhook_in_fluentds.yaml b/config/crd/patches/webhook_in_fluentds.yaml deleted file mode 100644 index 6b8eb2c45..000000000 --- a/config/crd/patches/webhook_in_fluentds.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# The following patch enables a conversion webhook for the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: fluentds.fluentd.fluent.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - namespace: system - name: webhook-service - path: /convert - conversionReviewVersions: - - v1 diff --git a/config/crd/patches/webhook_in_inputs.yaml b/config/crd/patches/webhook_in_inputs.yaml deleted file mode 100644 index 437734dc8..000000000 --- a/config/crd/patches/webhook_in_inputs.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# The following patch enables a conversion webhook for the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: inputs.fluentd.fluent.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - namespace: system - name: webhook-service - path: /convert - conversionReviewVersions: - - v1 diff --git a/config/crd/patches/webhook_in_outputs_fluentbit.yaml b/config/crd/patches/webhook_in_outputs_fluentbit.yaml deleted file mode 100644 index a3407e177..000000000 --- a/config/crd/patches/webhook_in_outputs_fluentbit.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# The following patch enables a conversion webhook for the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: outputs.fluentbit.fluent.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - namespace: system - name: webhook-service - path: /convert - conversionReviewVersions: - - v1 diff --git a/config/crd/patches/webhook_in_outputs_fluentd.yaml b/config/crd/patches/webhook_in_outputs_fluentd.yaml deleted file mode 100644 index cd29ef977..000000000 --- a/config/crd/patches/webhook_in_outputs_fluentd.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# The following patch enables a conversion webhook for the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: outputs.fluentd.fluent.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - namespace: system - name: webhook-service - path: /convert - conversionReviewVersions: - - v1 diff --git a/config/crd/patches/webhook_in_parsers.yaml b/config/crd/patches/webhook_in_parsers.yaml deleted file mode 100644 index d5717c6e0..000000000 --- a/config/crd/patches/webhook_in_parsers.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# The following patch enables a conversion webhook for the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: parsers.fluentd.fluent.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - namespace: system - name: webhook-service - path: /convert - conversionReviewVersions: - - v1 diff --git a/config/default/cert_metrics_manager_patch.yaml b/config/default/cert_metrics_manager_patch.yaml new file mode 100644 index 000000000..d97501553 --- /dev/null +++ b/config/default/cert_metrics_manager_patch.yaml @@ -0,0 +1,30 @@ +# This patch adds the args, volumes, and ports to allow the manager to use the metrics-server certs. + +# Add the volumeMount for the metrics-server certs +- op: add + path: /spec/template/spec/containers/0/volumeMounts/- + value: + mountPath: /tmp/k8s-metrics-server/metrics-certs + name: metrics-certs + readOnly: true + +# Add the --metrics-cert-path argument for the metrics server +- op: add + path: /spec/template/spec/containers/0/args/- + value: --metrics-cert-path=/tmp/k8s-metrics-server/metrics-certs + +# Add the metrics-server certs volume configuration +- op: add + path: /spec/template/spec/volumes/- + value: + name: metrics-certs + secret: + secretName: metrics-server-cert + optional: false + items: + - key: ca.crt + path: ca.crt + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index f7e6df242..999e1b3a6 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -1,28 +1,39 @@ -# Adds namespace to all resources. -namespace: fluentbit-operator-system +# This is the canonical kustomize entry point for the production install +# bundle. `kubectl kustomize config/default/` produces a complete install: +# CRDs, RBAC, ServiceAccount, env ConfigMap, and the operator Deployment. +# +# It is rendered to manifests/setup/setup.yaml by `make manifests`. + +# The default namespace for namespaced resources in the install bundle. +# This setting does not create a Namespace object by itself. If you need +# a different install namespace, update this field and ensure that +# namespace exists in the cluster before applying the rendered manifests. +namespace: fluent -# Value of this field is prepended to the -# names of all resources, e.g. a deployment named -# "wordpress" becomes "alices-wordpress". -# Note that it should also match with the prefix (text before '-') of the namespace -# field above. -namePrefix: fluentbit-operator- +# Map the placeholder image used in config/manager/manager.yaml to the +# real published operator image. Release tooling bumps `newTag` here. +images: + - name: controller + newName: ghcr.io/fluent/fluent-operator/fluent-operator + newTag: latest -# Labels to add to all resources and selectors. -#commonLabels: -# someName: someValue +#labels: +# - includeSelectors: false +# pairs: +# app.kubernetes.io/component: controller +# app.kubernetes.io/name: fluent-operator -bases: +resources: - ../crd - ../rbac - ../manager # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in # crd/kustomization.yaml -- ../webhook +#- ../webhook # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required. -- ../certmanager +#- ../certmanager # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. -- ../prometheus +#- ../prometheus # [METRICS] Expose the controller manager metrics service. - metrics_service.yaml # [NETWORK POLICY] Protect the /metrics endpoint and Webhook Server with NetworkPolicy. @@ -41,115 +52,115 @@ patches: # Uncomment the patches line if you enable Metrics and CertManager # [METRICS-WITH-CERTS] To enable metrics protected with certManager, uncomment the following line. # This patch will protect the metrics with certManager self-signed certs. -- path: cert_metrics_manager_patch.yaml - target: - kind: Deployment +#- path: cert_metrics_manager_patch.yaml +# target: +# kind: Deployment # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in # crd/kustomization.yaml -- path: manager_webhook_patch.yaml - target: - kind: Deployment +#- path: manager_webhook_patch.yaml +# target: +# kind: Deployment # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix. # Uncomment the following replacements to add the cert-manager CA injection annotations -replacements: - - source: # Uncomment the following block to enable certificates for metrics - kind: Service - version: v1 - name: controller-manager-metrics-service - fieldPath: metadata.name - targets: - - select: - kind: Certificate - group: cert-manager.io - version: v1 - name: metrics-certs - fieldPaths: - - spec.dnsNames.0 - - spec.dnsNames.1 - options: - delimiter: '.' - index: 0 - create: true - - select: # Uncomment the following to set the Service name for TLS config in Prometheus ServiceMonitor - kind: ServiceMonitor - group: monitoring.coreos.com - version: v1 - name: controller-manager-metrics-monitor - fieldPaths: - - spec.endpoints.0.tlsConfig.serverName - options: - delimiter: '.' - index: 0 - create: true +#replacements: +# - source: # Uncomment the following block to enable certificates for metrics +# kind: Service +# version: v1 +# name: controller-manager-metrics-service +# fieldPath: metadata.name +# targets: +# - select: +# kind: Certificate +# group: cert-manager.io +# version: v1 +# name: metrics-certs +# fieldPaths: +# - spec.dnsNames.0 +# - spec.dnsNames.1 +# options: +# delimiter: '.' +# index: 0 +# create: true +# - select: # Uncomment the following to set the Service name for TLS config in Prometheus ServiceMonitor +# kind: ServiceMonitor +# group: monitoring.coreos.com +# version: v1 +# name: controller-manager-metrics-monitor +# fieldPaths: +# - spec.endpoints.0.tlsConfig.serverName +# options: +# delimiter: '.' +# index: 0 +# create: true - - source: - kind: Service - version: v1 - name: controller-manager-metrics-service - fieldPath: metadata.namespace - targets: - - select: - kind: Certificate - group: cert-manager.io - version: v1 - name: metrics-certs - fieldPaths: - - spec.dnsNames.0 - - spec.dnsNames.1 - options: - delimiter: '.' - index: 1 - create: true - - select: # Uncomment the following to set the Service namespace for TLS in Prometheus ServiceMonitor - kind: ServiceMonitor - group: monitoring.coreos.com - version: v1 - name: controller-manager-metrics-monitor - fieldPaths: - - spec.endpoints.0.tlsConfig.serverName - options: - delimiter: '.' - index: 1 - create: true +# - source: +# kind: Service +# version: v1 +# name: controller-manager-metrics-service +# fieldPath: metadata.namespace +# targets: +# - select: +# kind: Certificate +# group: cert-manager.io +# version: v1 +# name: metrics-certs +# fieldPaths: +# - spec.dnsNames.0 +# - spec.dnsNames.1 +# options: +# delimiter: '.' +# index: 1 +# create: true +# - select: # Uncomment the following to set the Service namespace for TLS in Prometheus ServiceMonitor +# kind: ServiceMonitor +# group: monitoring.coreos.com +# version: v1 +# name: controller-manager-metrics-monitor +# fieldPaths: +# - spec.endpoints.0.tlsConfig.serverName +# options: +# delimiter: '.' +# index: 1 +# create: true - - source: # Uncomment the following block if you have any webhook - kind: Service - version: v1 - name: webhook-service - fieldPath: .metadata.name # Name of the service - targets: - - select: - kind: Certificate - group: cert-manager.io - version: v1 - name: serving-cert - fieldPaths: - - .spec.dnsNames.0 - - .spec.dnsNames.1 - options: - delimiter: '.' - index: 0 - create: true - - source: - kind: Service - version: v1 - name: webhook-service - fieldPath: .metadata.namespace # Namespace of the service - targets: - - select: - kind: Certificate - group: cert-manager.io - version: v1 - name: serving-cert - fieldPaths: - - .spec.dnsNames.0 - - .spec.dnsNames.1 - options: - delimiter: '.' - index: 1 - create: true +# - source: # Uncomment the following block if you have any webhook +# kind: Service +# version: v1 +# name: webhook-service +# fieldPath: .metadata.name # Name of the service +# targets: +# - select: +# kind: Certificate +# group: cert-manager.io +# version: v1 +# name: serving-cert +# fieldPaths: +# - .spec.dnsNames.0 +# - .spec.dnsNames.1 +# options: +# delimiter: '.' +# index: 0 +# create: true +# - source: +# kind: Service +# version: v1 +# name: webhook-service +# fieldPath: .metadata.namespace # Namespace of the service +# targets: +# - select: +# kind: Certificate +# group: cert-manager.io +# version: v1 +# name: serving-cert +# fieldPaths: +# - .spec.dnsNames.0 +# - .spec.dnsNames.1 +# options: +# delimiter: '.' +# index: 1 +# create: true # - source: # Uncomment the following block if you have a ValidatingWebhook (--programmatic-validation) # kind: Certificate @@ -181,37 +192,37 @@ replacements: # delimiter: '/' # index: 1 # create: true -# - - source: # Uncomment the following block if you have a DefaultingWebhook (--defaulting ) - kind: Certificate - group: cert-manager.io - version: v1 - name: serving-cert - fieldPath: .metadata.namespace # Namespace of the certificate CR - targets: - - select: - kind: MutatingWebhookConfiguration - fieldPaths: - - .metadata.annotations.[cert-manager.io/inject-ca-from] - options: - delimiter: '/' - index: 0 - create: true - - source: - kind: Certificate - group: cert-manager.io - version: v1 - name: serving-cert - fieldPath: .metadata.name - targets: - - select: - kind: MutatingWebhookConfiguration - fieldPaths: - - .metadata.annotations.[cert-manager.io/inject-ca-from] - options: - delimiter: '/' - index: 1 - create: true + +# - source: # Uncomment the following block if you have a DefaultingWebhook (--defaulting ) +# kind: Certificate +# group: cert-manager.io +# version: v1 +# name: serving-cert +# fieldPath: .metadata.namespace # Namespace of the certificate CR +# targets: +# - select: +# kind: MutatingWebhookConfiguration +# fieldPaths: +# - .metadata.annotations.[cert-manager.io/inject-ca-from] +# options: +# delimiter: '/' +# index: 0 +# create: true +# - source: +# kind: Certificate +# group: cert-manager.io +# version: v1 +# name: serving-cert +# fieldPath: .metadata.name +# targets: +# - select: +# kind: MutatingWebhookConfiguration +# fieldPaths: +# - .metadata.annotations.[cert-manager.io/inject-ca-from] +# options: +# delimiter: '/' +# index: 1 +# create: true # - source: # Uncomment the following block if you have a ConversionWebhook (--conversion) # kind: Certificate diff --git a/config/default/manager_config_patch.yaml b/config/default/manager_config_patch.yaml deleted file mode 100644 index 6c400155c..000000000 --- a/config/default/manager_config_patch.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - containers: - - name: manager - args: - - "--config=controller_manager_config.yaml" - volumeMounts: - - name: manager-config - mountPath: /controller_manager_config.yaml - subPath: controller_manager_config.yaml - volumes: - - name: manager-config - configMap: - name: manager-config diff --git a/config/default/manager_metrics_patch.yaml b/config/default/manager_metrics_patch.yaml index 2aaef6536..8e0cedb9e 100644 --- a/config/default/manager_metrics_patch.yaml +++ b/config/default/manager_metrics_patch.yaml @@ -1,4 +1,4 @@ # This patch adds the args to allow exposing the metrics endpoint using HTTPS - op: add - path: /spec/template/spec/containers/0/args/0 + path: /spec/template/spec/containers/0/args/- value: --metrics-bind-address=:8443 diff --git a/config/default/metrics_service.yaml b/config/default/metrics_service.yaml index 4d83717b6..12089cb6e 100644 --- a/config/default/metrics_service.yaml +++ b/config/default/metrics_service.yaml @@ -2,11 +2,9 @@ apiVersion: v1 kind: Service metadata: labels: - control-plane: controller-manager - app.kubernetes.io/name: test - app.kubernetes.io/managed-by: kustomize - name: controller-manager-metrics-service - namespace: system + app.kubernetes.io/component: operator + app.kubernetes.io/name: fluent-operator + name: fluent-operator-metrics spec: ports: - name: https @@ -14,4 +12,5 @@ spec: protocol: TCP targetPort: 8443 selector: - control-plane: controller-manager + app.kubernetes.io/component: operator + app.kubernetes.io/name: fluent-operator diff --git a/manifests/setup/fluent-operator-configMap-env.yaml b/config/manager/configmap-env.yaml similarity index 91% rename from manifests/setup/fluent-operator-configMap-env.yaml rename to config/manager/configmap-env.yaml index a0ffcfc1e..35b0ddf21 100644 --- a/manifests/setup/fluent-operator-configMap-env.yaml +++ b/config/manager/configmap-env.yaml @@ -2,7 +2,6 @@ apiVersion: v1 kind: ConfigMap metadata: name: fluent-operator-env - namespace: fluent labels: app.kubernetes.io/component: operator app.kubernetes.io/name: fluent-operator diff --git a/config/manager/controller_manager_config.yaml b/config/manager/controller_manager_config.yaml deleted file mode 100644 index 21dbc4b4d..000000000 --- a/config/manager/controller_manager_config.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 -kind: ControllerManagerConfig -health: - healthProbeBindAddress: :8081 -metrics: - bindAddress: 127.0.0.1:8080 -webhook: - port: 9443 -leaderElection: - leaderElect: true - resourceName: 45c4fdd2.fluent.io diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index aaa34a889..bd5ef6569 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -1,14 +1,3 @@ resources: - manager.yaml - -generatorOptions: - disableNameSuffixHash: true - -configMapGenerator: -- files: - - controller_manager_config.yaml - name: manager-config -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -images: -- name: controller +- configmap-env.yaml diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index eac18daf0..34d31f544 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -1,26 +1,20 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - control-plane: controller-manager - name: system ---- apiVersion: apps/v1 kind: Deployment metadata: - name: controller-manager - namespace: system + name: fluent-operator labels: - control-plane: controller-manager + app.kubernetes.io/component: operator + app.kubernetes.io/name: fluent-operator spec: selector: matchLabels: - control-plane: controller-manager - replicas: 1 + app.kubernetes.io/component: operator + app.kubernetes.io/name: fluent-operator template: metadata: labels: - control-plane: controller-manager + app.kubernetes.io/component: operator + app.kubernetes.io/name: fluent-operator spec: securityContext: runAsNonRoot: true @@ -32,12 +26,16 @@ spec: - --health-probe-bind-address=:8081 image: controller:latest name: manager - ports: [] + ports: + - containerPort: 8081 + name: health + protocol: TCP securityContext: + readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: drop: - - ALL + - "ALL" livenessProbe: httpGet: path: /healthz @@ -50,14 +48,25 @@ spec: port: 8081 initialDelaySeconds: 5 periodSeconds: 10 + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace resources: limits: - cpu: 100m - memory: 30Mi + cpu: 200m + memory: 128Mi requests: - cpu: 100m - memory: 20Mi - volumeMounts: [] - volumes: [] - serviceAccountName: controller-manager + cpu: 10m + memory: 64Mi + volumeMounts: + - name: env + mountPath: /fluent-operator + volumes: + - name: env + configMap: + name: fluent-operator-env + serviceAccountName: fluent-operator terminationGracePeriodSeconds: 10 diff --git a/config/network-policy/allow-metrics-traffic.yaml b/config/network-policy/allow-metrics-traffic.yaml index 93e87f31f..cddae6c07 100644 --- a/config/network-policy/allow-metrics-traffic.yaml +++ b/config/network-policy/allow-metrics-traffic.yaml @@ -5,14 +5,14 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: labels: - app.kubernetes.io/name: - app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/component: operator + app.kubernetes.io/name: fluent-operator name: allow-metrics-traffic - namespace: system spec: podSelector: matchLabels: - control-plane: controller-manager + app.kubernetes.io/component: operator + app.kubernetes.io/name: fluent-operator policyTypes: - Ingress ingress: diff --git a/config/network-policy/allow-webhook-traffic.yaml b/config/network-policy/allow-webhook-traffic.yaml deleted file mode 100644 index cf497a293..000000000 --- a/config/network-policy/allow-webhook-traffic.yaml +++ /dev/null @@ -1,26 +0,0 @@ -# This NetworkPolicy allows ingress traffic to your webhook server running -# as part of the controller-manager from specific namespaces and pods. CR(s) which uses webhooks -# will only work when applied in namespaces labeled with 'webhook: enabled' -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - labels: - app.kubernetes.io/name: - app.kubernetes.io/managed-by: kustomize - name: allow-webhook-traffic - namespace: system -spec: - podSelector: - matchLabels: - control-plane: controller-manager - policyTypes: - - Ingress - ingress: - # This allows ingress traffic from any namespace with the label webhook: enabled - - from: - - namespaceSelector: - matchLabels: - webhook: enabled # Only from namespaces with this label - ports: - - port: 443 - protocol: TCP diff --git a/config/network-policy/kustomization.yaml b/config/network-policy/kustomization.yaml index 206cd1e40..1be6f20a1 100644 --- a/config/network-policy/kustomization.yaml +++ b/config/network-policy/kustomization.yaml @@ -1,3 +1,2 @@ resources: - - allow-webhook-traffic.yaml - allow-metrics-traffic.yaml diff --git a/config/prometheus/monitor.yaml b/config/prometheus/monitor.yaml index 80a0dcb57..74207a2a4 100644 --- a/config/prometheus/monitor.yaml +++ b/config/prometheus/monitor.yaml @@ -1,12 +1,11 @@ - # Prometheus Monitor Service (Metrics) apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: labels: - control-plane: controller-manager - name: controller-manager-metrics-monitor - namespace: system + app.kubernetes.io/component: operator + app.kubernetes.io/name: fluent-operator + name: fluent-operator-metrics-monitor spec: endpoints: - path: /metrics @@ -26,4 +25,5 @@ spec: insecureSkipVerify: true selector: matchLabels: - control-plane: controller-manager + app.kubernetes.io/component: operator + app.kubernetes.io/name: fluent-operator diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index 5619aa009..567cb8064 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -1,20 +1,33 @@ resources: -# All RBAC will be applied under this service account in -# the deployment namespace. You may comment out this resource -# if your manager will use a service account that exists at -# runtime. Be sure to update RoleBinding and ClusterRoleBinding -# subjects if changing service account names. - service_account.yaml - role.yaml - role_binding.yaml - leader_election_role.yaml - leader_election_role_binding.yaml -# The following RBAC configurations are used to protect -# the metrics endpoint with authn/authz. These configurations -# ensure that only authorized users and service accounts -# can access the metrics endpoint. Comment the following -# permissions if you want to disable this protection. -# More info: https://book.kubebuilder.io/reference/metrics.html - metrics_auth_role.yaml - metrics_auth_role_binding.yaml - metrics_reader_role.yaml +# User-facing aggregation roles for editing/viewing CRs. Layer onto +# kubernetes admin/edit/view roles. Safe to enable per-deployment. +#- clusterfilter_editor_role.yaml +#- clusterfilter_viewer_role.yaml +#- clusterfluentdconfig_editor_role.yaml +#- clusterfluentdconfig_viewer_role.yaml +#- clusteroutput_editor_role.yaml +#- clusteroutput_viewer_role.yaml +#- filter_editor_role.yaml +#- filter_viewer_role.yaml +#- fluentbit_editor_role.yaml +#- fluentbit_viewer_role.yaml +#- fluentbitconfig_editor_role.yaml +#- fluentbitconfig_viewer_role.yaml +#- fluentd_editor_role.yaml +#- fluentd_viewer_role.yaml +#- fluentdconfig_editor_role.yaml +#- fluentdconfig_viewer_role.yaml +#- input_editor_role.yaml +#- input_viewer_role.yaml +#- output_editor_role.yaml +#- output_viewer_role.yaml +#- parser_editor_role.yaml +#- parser_viewer_role.yaml diff --git a/config/rbac/leader_election_role.yaml b/config/rbac/leader_election_role.yaml index 4190ec805..501dfcec0 100644 --- a/config/rbac/leader_election_role.yaml +++ b/config/rbac/leader_election_role.yaml @@ -3,19 +3,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: leader-election-role + labels: + app.kubernetes.io/component: operator + app.kubernetes.io/name: fluent-operator rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - apiGroups: - coordination.k8s.io resources: diff --git a/config/rbac/leader_election_role_binding.yaml b/config/rbac/leader_election_role_binding.yaml index 1d1321ed4..dae6f6eb3 100644 --- a/config/rbac/leader_election_role_binding.yaml +++ b/config/rbac/leader_election_role_binding.yaml @@ -2,11 +2,17 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: leader-election-rolebinding + labels: + app.kubernetes.io/component: operator + app.kubernetes.io/name: fluent-operator roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: leader-election-role subjects: - kind: ServiceAccount - name: controller-manager - namespace: system + name: fluent-operator + # Defaults to the install namespace. Kustomize overlays (e.g. config/default) + # rewrite this to match their `namespace:` setting, so changing the install + # namespace there is enough — no need to edit this file. + namespace: fluent diff --git a/config/rbac/metrics_auth_role.yaml b/config/rbac/metrics_auth_role.yaml index 32d2e4ec6..e1bcd82fd 100644 --- a/config/rbac/metrics_auth_role.yaml +++ b/config/rbac/metrics_auth_role.yaml @@ -2,6 +2,9 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: metrics-auth-role + labels: + app.kubernetes.io/component: operator + app.kubernetes.io/name: fluent-operator rules: - apiGroups: - authentication.k8s.io diff --git a/config/rbac/metrics_auth_role_binding.yaml b/config/rbac/metrics_auth_role_binding.yaml index e775d67ff..5011eb3f0 100644 --- a/config/rbac/metrics_auth_role_binding.yaml +++ b/config/rbac/metrics_auth_role_binding.yaml @@ -2,11 +2,17 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: metrics-auth-rolebinding + labels: + app.kubernetes.io/component: operator + app.kubernetes.io/name: fluent-operator roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: metrics-auth-role subjects: - kind: ServiceAccount - name: controller-manager - namespace: system + name: fluent-operator + # Defaults to the install namespace. Kustomize overlays (e.g. config/default) + # rewrite this to match their `namespace:` setting, so changing the install + # namespace there is enough — no need to edit this file. + namespace: fluent diff --git a/config/rbac/metrics_reader_role.yaml b/config/rbac/metrics_reader_role.yaml index 51a75db47..a0d4e4ef0 100644 --- a/config/rbac/metrics_reader_role.yaml +++ b/config/rbac/metrics_reader_role.yaml @@ -2,6 +2,9 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: metrics-reader + labels: + app.kubernetes.io/component: operator + app.kubernetes.io/name: fluent-operator rules: - nonResourceURLs: - "/metrics" diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 4fea77bab..abcbd7d48 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -1,26 +1,13 @@ - --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - creationTimestamp: null - name: manager-role + name: fluent-operator rules: -- apiGroups: - - apps - resources: - - daemonsets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - apiGroups: - "" resources: + - configmaps - pods verbs: - get @@ -30,178 +17,127 @@ rules: - secrets verbs: - create - - delete - get - list - patch - - update - watch - apiGroups: - "" resources: - serviceaccounts + - services verbs: - create - delete - get - list - patch - - update - watch - apiGroups: - - fluentd.fluent.io - resources: - - clusterfilters - - clusterinputs - - clusteroutputs - verbs: - - list -- apiGroups: - - fluentd.fluent.io + - apps resources: - - clusterfluentdconfigs + - daemonsets + - statefulsets verbs: - create - delete - get - list - patch - - update - watch - apiGroups: - - fluentd.fluent.io + - fluentbit.fluent.io resources: + - clusterfilters + - clusterfluentbitconfigs + - clusterinputs + - clustermultilineparsers + - clusteroutputs + - clusterparsers - filters - - inputs + - fluentbitconfigs + - multilineparsers - outputs + - parsers verbs: - list + - watch - apiGroups: - - fluentd.fluent.io + - fluentbit.fluent.io resources: - - fluentdconfigs + - collectors + - fluentbits verbs: - - create - - delete - get - list - - patch - update - watch - apiGroups: - - fluentd.fluent.io - resources: - - fluentdconfigs/finalizers - verbs: - - update -- apiGroups: - - fluentd.fluent.io + - fluentbit.fluent.io resources: - - fluentdconfigs/status + - collectors/finalizers + - fluentbits/finalizers verbs: - - get - - patch - update - apiGroups: - fluentd.fluent.io resources: - - fluentds + - clusterfilters + - clusterfluentdconfigs + - clusterinputs + - clusteroutputs + - filters + - fluentdconfigs + - inputs + - outputs verbs: - - create - - delete - - get - list - - patch - - update - watch - apiGroups: - fluentd.fluent.io resources: - - fluentds/finalizers - verbs: - - update -- apiGroups: - - fluentd.fluent.io - resources: + - clusterfluentdconfigs/status + - fluentdconfigs/status - fluentds/status verbs: - get - patch - update - apiGroups: - - fluentbit.fluent.io + - fluentd.fluent.io resources: - - filters - - fluentbitconfigs - - fluentbits - - inputs - - outputs + - fluentds verbs: - - create - - delete - get - list - - patch - update - watch - apiGroups: - - fluentbit.fluent.io - resources: - - filters - - inputs - - outputs - - parsers - verbs: - - list -- apiGroups: - - fluentbit.fluent.io + - fluentd.fluent.io resources: - - fluentbitconfigs + - fluentds/finalizers verbs: - - create - - delete - - get - - list - - patch - update - - watch - apiGroups: - rbac.authorization.k8s.io resources: - clusterrolebindings - verbs: - - create - - list - - get - - watch - - patch -- apiGroups: - - rbac.authorization.k8s.io - resources: - clusterroles verbs: - create - - list - get - - watch - - patch -- apiGroups: - - rbac.authorization.k8s.io - resources: - - rolebindings - verbs: - - create - list - - get - - watch - patch + - watch - apiGroups: - rbac.authorization.k8s.io resources: + - rolebindings - roles verbs: - create - - list + - delete - get - - watch + - list - patch + - watch diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml index 2070ede44..2b9196a2a 100644 --- a/config/rbac/role_binding.yaml +++ b/config/rbac/role_binding.yaml @@ -1,12 +1,18 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: manager-rolebinding + name: fluent-operator + labels: + app.kubernetes.io/component: operator + app.kubernetes.io/name: fluent-operator roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: manager-role + name: fluent-operator subjects: - kind: ServiceAccount - name: controller-manager - namespace: system + name: fluent-operator + # Defaults to the install namespace. Kustomize overlays (e.g. config/default) + # rewrite this to match their `namespace:` setting, so changing the install + # namespace there is enough — no need to edit this file. + namespace: fluent diff --git a/config/rbac/scoped/role.yaml b/config/rbac/scoped/role.yaml deleted file mode 100644 index 97530dc7b..000000000 --- a/config/rbac/scoped/role.yaml +++ /dev/null @@ -1,99 +0,0 @@ - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - name: manager-role -rules: -- apiGroups: - - apps - resources: - - daemonsets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - get -- apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - fluentbit.fluent.io - resources: - - filters - - fluentbitconfigs - - fluentbits - - inputs - - outputs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - fluentbit.fluent.io - resources: - - filters - - inputs - - outputs - - parsers - verbs: - - list -- apiGroups: - - fluentbit.fluent.io - resources: - - fluentbitconfigs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - rbac.authorization.k8s.io - resources: - - rolebindings - verbs: - - create -- apiGroups: - - rbac.authorization.k8s.io - resources: - - roles - verbs: - - create diff --git a/config/rbac/service_account.yaml b/config/rbac/service_account.yaml index 7cd6025bf..bb5d4378e 100644 --- a/config/rbac/service_account.yaml +++ b/config/rbac/service_account.yaml @@ -1,5 +1,7 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: controller-manager - namespace: system + name: fluent-operator + labels: + app.kubernetes.io/component: operator + app.kubernetes.io/name: fluent-operator diff --git a/controllers/collector_controller.go b/controllers/collector_controller.go index 86dc6986e..cdb5a0bcf 100644 --- a/controllers/collector_controller.go +++ b/controllers/collector_controller.go @@ -42,11 +42,13 @@ type CollectorReconciler struct { Scheme *runtime.Scheme } -// +kubebuilder:rbac:groups=fluentbit.fluent.io,resources=fluentbits;fluentbitconfigs;collectors;inputs;filters;outputs,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=apps,resources=statefulsets,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=core,resources=serviceaccounts,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterroles,verbs=create -// +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterrolebindings,verbs=create +// +kubebuilder:rbac:groups=fluentbit.fluent.io,resources=collectors,verbs=get;list;watch;update +// +kubebuilder:rbac:groups=fluentbit.fluent.io,resources=collectors/finalizers,verbs=update +// +kubebuilder:rbac:groups=apps,resources=statefulsets,verbs=get;list;watch;create;patch;delete +// +kubebuilder:rbac:groups=core,resources=serviceaccounts,verbs=get;list;watch;create;patch;delete +// +kubebuilder:rbac:groups=core,resources=services,verbs=get;list;watch;create;patch;delete +// +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterroles,verbs=create;get;list;watch;patch +// +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterrolebindings,verbs=create;get;list;watch;patch // +kubebuilder:rbac:groups=core,resources=pods,verbs=get // Reconcile is part of the main kubernetes reconciliation loop which aims to diff --git a/controllers/fluentbit_controller.go b/controllers/fluentbit_controller.go index e05d5e3ea..bf1d2788b 100644 --- a/controllers/fluentbit_controller.go +++ b/controllers/fluentbit_controller.go @@ -46,15 +46,16 @@ type FluentBitReconciler struct { Namespaced bool } -// +kubebuilder:rbac:groups=fluentbit.fluent.io,resources=fluentbits;fluentbitconfigs;inputs;filters;outputs,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=apps,resources=daemonsets,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=core,resources=serviceaccounts,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterroles,verbs=create;list;get;watch;patch -// +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterrolebindings,verbs=create;list;get;watch;patch -// +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=roles,verbs=create;list;get;watch;patch -// +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=rolebindings,verbs=create;list;get;watch;patch +// +kubebuilder:rbac:groups=fluentbit.fluent.io,resources=fluentbits,verbs=get;list;watch;update +// +kubebuilder:rbac:groups=fluentbit.fluent.io,resources=fluentbits/finalizers,verbs=update +// +kubebuilder:rbac:groups=apps,resources=daemonsets,verbs=get;list;watch;create;patch;delete +// +kubebuilder:rbac:groups=core,resources=serviceaccounts,verbs=get;list;watch;create;patch;delete +// +kubebuilder:rbac:groups=core,resources=services,verbs=get;list;watch;create;patch;delete +// +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterroles,verbs=create;get;list;watch;patch +// +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterrolebindings,verbs=create;get;list;watch;patch +// +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=roles,verbs=create;delete;get;list;watch;patch +// +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=rolebindings,verbs=create;delete;get;list;watch;patch // +kubebuilder:rbac:groups=core,resources=pods,verbs=get -// +kubebuilder:rbac:groups=core,resources=events,verbs=list;watch // Reconcile is part of the main kubernetes reconciliation loop which aims to // move the current state of the cluster closer to the desired state. diff --git a/controllers/fluentbitconfig_controller.go b/controllers/fluentbitconfig_controller.go index 15403ce22..2c23e3227 100644 --- a/controllers/fluentbitconfig_controller.go +++ b/controllers/fluentbitconfig_controller.go @@ -166,11 +166,12 @@ func (r *FluentBitConfigReconciler) updateSecretIfNeeded( return nil } -// +kubebuilder:rbac:groups=fluentbit.fluent.io,resources=clusterfluentbitconfigs,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=fluentbit.fluent.io,resources=fluentbitconfigs,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=fluentbit.fluent.io,resources=clusterinputs;clusterfilters;clusteroutputs;clusterparsers;clustermultilineparsers,verbs=list -// +kubebuilder:rbac:groups=fluentbit.fluent.io,resources=filters;outputs;parsers;multilineparsers,verbs=list -// +kubebuilder:rbac:groups=core,resources=secrets,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=fluentbit.fluent.io,resources=clusterfluentbitconfigs,verbs=list;watch +// +kubebuilder:rbac:groups=fluentbit.fluent.io,resources=fluentbitconfigs,verbs=list;watch +// +kubebuilder:rbac:groups=fluentbit.fluent.io,resources=clusterinputs;clusterfilters;clusteroutputs;clusterparsers;clustermultilineparsers,verbs=list;watch +// +kubebuilder:rbac:groups=fluentbit.fluent.io,resources=filters;outputs;parsers;multilineparsers,verbs=list;watch +// +kubebuilder:rbac:groups=core,resources=configmaps,verbs=get +// +kubebuilder:rbac:groups=core,resources=secrets,verbs=get;list;watch;create;patch // Reconcile is part of the main kubernetes reconciliation loop which aims to // move the current state of the cluster closer to the desired state. diff --git a/controllers/fluentd_controller.go b/controllers/fluentd_controller.go index 5b3e09400..6c99050b1 100644 --- a/controllers/fluentd_controller.go +++ b/controllers/fluentd_controller.go @@ -47,9 +47,13 @@ type FluentdReconciler struct { Scheme *runtime.Scheme } -// +kubebuilder:rbac:groups=fluentd.fluent.io,resources=fluentds,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=fluentd.fluent.io,resources=fluentds,verbs=get;list;watch;update // +kubebuilder:rbac:groups=fluentd.fluent.io,resources=fluentds/status,verbs=get;update;patch // +kubebuilder:rbac:groups=fluentd.fluent.io,resources=fluentds/finalizers,verbs=update +// +kubebuilder:rbac:groups=apps,resources=daemonsets;statefulsets,verbs=get;list;watch;create;patch;delete +// +kubebuilder:rbac:groups=core,resources=secrets,verbs=get +// +kubebuilder:rbac:groups=core,resources=serviceaccounts;services,verbs=get;list;watch;create;patch;delete +// +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterroles;clusterrolebindings,verbs=create;get;list;watch;patch // Reconcile is part of the main kubernetes reconciliation loop which aims to // move the current state of the cluster closer to the desired state. diff --git a/controllers/fluentdconfig_controller.go b/controllers/fluentdconfig_controller.go index 749229768..8619eb144 100644 --- a/controllers/fluentdconfig_controller.go +++ b/controllers/fluentdconfig_controller.go @@ -82,14 +82,12 @@ type FluentdConfigReconciler struct { Scheme *runtime.Scheme } -// +kubebuilder:rbac:groups=fluentd.fluent.io,resources=fluentdconfigs,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=fluentd.fluent.io,resources=clusterfluentdconfigs,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=fluentd.fluent.io,resources=inputs;filters;outputs,verbs=list -// +kubebuilder:rbac:groups=fluentd.fluent.io,resources=clusterinputs;clusterfilters;clusteroutputs,verbs=list; +// +kubebuilder:rbac:groups=fluentd.fluent.io,resources=fluentdconfigs,verbs=list;watch +// +kubebuilder:rbac:groups=fluentd.fluent.io,resources=clusterfluentdconfigs,verbs=list;watch +// +kubebuilder:rbac:groups=fluentd.fluent.io,resources=inputs;filters;outputs,verbs=list;watch +// +kubebuilder:rbac:groups=fluentd.fluent.io,resources=clusterinputs;clusterfilters;clusteroutputs,verbs=list;watch // +kubebuilder:rbac:groups=fluentd.fluent.io,resources=fluentds,verbs=list -// +kubebuilder:rbac:groups=fluentd.fluent.io,resources=fluentds/status,verbs=patch -// +kubebuilder:rbac:groups=fluentd.fluent.io,resources=fluentdconfigs/status,verbs=get;update;patch -// +kubebuilder:rbac:groups=fluentd.fluent.io,resources=fluentdconfigs/finalizers,verbs=update +// +kubebuilder:rbac:groups=fluentd.fluent.io,resources=clusterfluentdconfigs/status;fluentdconfigs/status;fluentds/status,verbs=get;update;patch // Reconcile is part of the main kubernetes reconciliation loop which aims to // move the current state of the cluster closer to the desired state. diff --git a/docs/best-practice/collect-systemd-logs.md b/docs/best-practice/collect-systemd-logs.md index 113dbf8ce..bfc29411a 100644 --- a/docs/best-practice/collect-systemd-logs.md +++ b/docs/best-practice/collect-systemd-logs.md @@ -12,7 +12,7 @@ kubectl apply -f manifests/logging-stack/fluentbit-fluentBit.yaml kubectl apply -f manifests/logging-stack/fluentbitconfig-fluentBitConfig.yaml ``` -Secondly, change the service logs directory. +Secondly, change the service logs directory. Please create directory `/var/log/journal` if it doesn't exist, and then restart the `systemd-journald` service. ```shell @@ -20,10 +20,10 @@ mkdir /var/log/journal/ systemctl restart systemd-journald ``` -Thirdly, set up the fluentbit pipeline. +Thirdly, set up the fluentbit pipeline. ```shell -kubectl create cm fluent-bit-lua -n kubesphere-logging-system --from-file=config/scripts/systemd.lua +kubectl create cm fluent-bit-lua -n kubesphere-logging-system --from-file=manifests/logging-stack/scripts/systemd.lua kubectl apply -f manifests/logging-stack/input-systemd.yaml kubectl apply -f manifests/logging-stack/filter-systemd.yaml kubectl apply -f manifests/logging-stack/output-elasticsearch.yaml @@ -32,7 +32,7 @@ kubectl apply -f manifests/logging-stack/output-elasticsearch.yaml > This pipeline will send the logs to elasticsearch, it needed a elasticsearch cluster. -> If you want to collect other service logs, such as containerd, you can add a input like the docker input, +> If you want to collect other service logs, such as containerd, you can add a input like the docker input, > and modify the systemdFilter. ```bash @@ -40,5 +40,5 @@ kubectl apply -f manifests/logging-stack/output-elasticsearch.yaml - _SYSTEMD_UNIT=containerd.service ``` -For these, the kubelet log will be collected to the elasticsearch. If the fluentbit operator is installed in the -kubesphere, you can search the log with [Log Search](https://v3-0.docs.fluent.io/docs/toolbox/log-query/). \ No newline at end of file +For these, the kubelet log will be collected to the elasticsearch. If the fluentbit operator is installed in the +kubesphere, you can search the log with [Log Search](https://v3-0.docs.fluent.io/docs/toolbox/log-query/). diff --git a/hack/verify-crds.sh b/hack/verify-crds.sh index 77adfbfab..ff0ca5069 100755 --- a/hack/verify-crds.sh +++ b/hack/verify-crds.sh @@ -1,38 +1,28 @@ -#!/bin/bash +#!/usr/bin/env bash set -o errexit set -o nounset set -o pipefail -SCRIPT_ROOT=$(dirname "${BASH_SOURCE[0]}")/.. -CRD_OPTIONS="crd:generateEmbeddedObjectMeta=true,allowDangerousTypes=true" +SCRIPT_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" -DIFFROOT="${SCRIPT_ROOT}/config/crd/bases/" -TMP_DIFFROOT="${SCRIPT_ROOT}/_tmp/config/crd/bases/" -_tmp="${SCRIPT_ROOT}/_tmp" +VERIFY_PATHS=( + "config/crd/bases" + "charts/fluent-operator/crds" + "charts/fluent-operator-fluent-bit-crds/templates" + "charts/fluent-operator-fluentd-crds/templates" + "manifests/setup/setup.yaml" +) -cleanup() { - rm -rf "${_tmp}" -} -trap "cleanup" EXIT SIGINT +cd "${SCRIPT_ROOT}" -cleanup +make manifests -mkdir -p "${TMP_DIFFROOT}" -cp -a "${DIFFROOT}"/* "${TMP_DIFFROOT}" - -./bin/controller-gen "$CRD_OPTIONS" rbac:roleName=manager-role webhook paths="./apis/fluentbit/..." output:crd:artifacts:config=config/crd/bases/ -./bin/controller-gen "$CRD_OPTIONS" rbac:roleName=manager-role webhook paths="./apis/fluentd/..." output:crd:artifacts:config=config/crd/bases/ -echo "diffing ${DIFFROOT} against freshly generated crds" -ret=0 -diff -Naupr "${DIFFROOT}" "${TMP_DIFFROOT}" || ret=$? -cp -a "${TMP_DIFFROOT}"/* "${DIFFROOT}" -if [[ $ret -eq 0 ]] +echo "diffing checked-in manifests against freshly generated manifests" +if git diff --exit-code -- "${VERIFY_PATHS[@]}" then - echo "${DIFFROOT} up to date." + echo "CRDs are up to date." else - echo "${DIFFROOT} is out of date. Please rerun make manifests" + echo "CRDs are out of date. Please rerun make manifests" exit 1 fi - - diff --git a/config/scripts/systemd.lua b/manifests/logging-stack/scripts/systemd.lua similarity index 100% rename from config/scripts/systemd.lua rename to manifests/logging-stack/scripts/systemd.lua diff --git a/manifests/setup/fluent-operator-clusterRole.yaml b/manifests/setup/fluent-operator-clusterRole.yaml deleted file mode 100644 index c3e2f0526..000000000 --- a/manifests/setup/fluent-operator-clusterRole.yaml +++ /dev/null @@ -1,147 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: fluent-operator - name: fluent-operator -rules: - - apiGroups: - - apps - resources: - - daemonsets - - statefulsets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - apiGroups: - - "" - resources: - - events - verbs: - - list - - watch - - apiGroups: - - "" - resources: - - secrets - - configmaps - - serviceaccounts - - configmaps - - services - - namespaces - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - fluentbit.fluent.io - resources: - - collectors - - fluentbits - - fluentbits/finalizers - - clusterfluentbitconfigs - - clusterfluentbitconfigs/finalizers - - clusterfilters - - clusterfilters/finalizers - - clusterinputs - - clusterinputs/finalizers - - clusteroutputs - - clusteroutputs/finalizers - - clusterparsers - - clusterparsers/finalizers - - fluentbitconfigs - - fluentbitconfigs/finalizers - - multilineparsers - - multilineparsers/finalizers - - clustermultilineparsers - - clustermultilineparsers/finalizers - - filters - - outputs - - parsers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - fluentd.fluent.io - resources: - - fluentds - - fluentds/status - - clusterfluentdconfigs - - clusterfluentdconfigs/status - - fluentdconfigs - - fluentdconfigs/status - - clusterfilters - - filters - - clusteroutputs - - outputs - - inputs - - clusterinputs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - verbs: - - create - - list - - get - - watch - - patch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterroles - verbs: - - create - - list - - get - - watch - - patch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - rolebindings - verbs: - - create - - list - - get - - watch - - patch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - roles - verbs: - - create - - list - - get - - watch - - patch \ No newline at end of file diff --git a/manifests/setup/fluent-operator-clusterRoleBinding.yaml b/manifests/setup/fluent-operator-clusterRoleBinding.yaml deleted file mode 100644 index fa01fc433..000000000 --- a/manifests/setup/fluent-operator-clusterRoleBinding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: fluent-operator - name: fluent-operator -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: fluent-operator -subjects: -- kind: ServiceAccount - name: fluent-operator - namespace: fluent diff --git a/manifests/setup/fluent-operator-crd.yaml b/manifests/setup/fluent-operator-crd.yaml deleted file mode 100644 index fbc15cc7c..000000000 --- a/manifests/setup/fluent-operator-crd.yaml +++ /dev/null @@ -1,41509 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: clusterfilters.fluentbit.fluent.io -spec: - group: fluentbit.fluent.io - names: - kind: ClusterFilter - listKind: ClusterFilterList - plural: clusterfilters - shortNames: - - cfbf - singular: clusterfilter - scope: Cluster - versions: - - name: v1alpha2 - schema: - openAPIV3Schema: - description: ClusterFilter defines a cluster-level Filter configuration. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: Specification of desired Filter configuration. - properties: - filters: - description: A set of filter plugins in order. - items: - properties: - aws: - description: Aws defines a Aws configuration. - properties: - accountID: - description: The account ID for current EC2 instance.Default - is false. - type: boolean - alias: - description: Alias for the plugin - type: string - amiID: - description: The EC2 instance image id.Default is false. - type: boolean - az: - description: The availability zone; for example, "us-east-1a". - Default is true. - type: boolean - ec2InstanceID: - description: The EC2 instance ID.Default is true. - type: boolean - ec2InstanceType: - description: The EC2 instance type.Default is false. - type: boolean - hostName: - description: The hostname for current EC2 instance.Default - is false. - type: boolean - imdsVersion: - description: Specify which version of the instance metadata - service to use. Valid values are 'v1' or 'v2'. - enum: - - v1 - - v2 - type: string - privateIP: - description: The EC2 instance private ip.Default is false. - type: boolean - retryLimit: - description: 'RetryLimit describes how many times fluent-bit - should retry to send data to a specific output. If set - to false fluent-bit will try indefinitely. If set to any - integer N>0 it will try at most N+1 times. Leading zeros - are not allowed (values such as 007, 0150, 01 do not work). - If this property is not defined fluent-bit will use the - default value: 1.' - pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ - type: string - vpcID: - description: The VPC ID for current EC2 instance.Default - is false. - type: boolean - type: object - customPlugin: - description: CustomPlugin defines a Custom plugin configuration. - properties: - config: - description: |- - Config holds any unsupported plugins classic configurations, - if ConfigFileFormat is set to yaml, this filed will be ignored - type: string - yamlConfig: - description: YamlConfig holds the unsupported plugins yaml - configurations, it only works when the ConfigFileFormat - is yaml - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - grep: - description: Grep defines Grep Filter configuration. - properties: - alias: - description: Alias for the plugin - type: string - exclude: - description: |- - Exclude records which field matches the regular expression. - Value Format: FIELD REGEX - type: string - logicalOp: - description: Specify the logical operator for multiple regex/exclude - rules. - enum: - - and - - or - type: string - regex: - description: |- - Keep records which field matches the regular expression. - Value Format: FIELD REGEX - type: string - retryLimit: - description: 'RetryLimit describes how many times fluent-bit - should retry to send data to a specific output. If set - to false fluent-bit will try indefinitely. If set to any - integer N>0 it will try at most N+1 times. Leading zeros - are not allowed (values such as 007, 0150, 01 do not work). - If this property is not defined fluent-bit will use the - default value: 1.' - pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ - type: string - type: object - kubernetes: - description: Kubernetes defines Kubernetes Filter configuration. - properties: - alias: - description: Alias for the plugin - type: string - annotations: - description: Include Kubernetes resource annotations in - the extra metadata. - type: boolean - bufferSize: - description: Set the buffer size for HTTP client when reading - responses from Kubernetes API server. - pattern: ^\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$ - type: string - cacheUseDockerId: - description: When enabled, metadata will be fetched from - K8s when docker_id is changed. - type: boolean - dnsRetries: - description: DNS lookup retries N times until the network - start working - format: int32 - type: integer - dnsWaitTime: - description: DNS lookup interval between network status - checks - format: int32 - type: integer - dummyMeta: - description: If set, use dummy-meta data (for test/dev purposes) - type: boolean - k8sLoggingExclude: - description: |- - Allow Kubernetes Pods to exclude their logs from the log processor - (read more about it in Kubernetes Annotations section). - type: boolean - k8sLoggingParser: - description: |- - Allow Kubernetes Pods to suggest a pre-defined Parser - (read more about it in Kubernetes Annotations section) - type: boolean - keepLog: - description: |- - When Keep_Log is disabled, the log field is removed - from the incoming message once it has been successfully merged - (Merge_Log must be enabled as well). - type: boolean - kubeCAFile: - description: CA certificate file - type: string - kubeCAPath: - description: Absolute path to scan for certificate files - type: string - kubeMetaCacheTTL: - description: |- - configurable TTL for K8s cached metadata. By default, it is set to 0 - which means TTL for cache entries is disabled and cache entries are evicted at random - when capacity is reached. In order to enable this option, you should set the number to a time interval. - For example, set this value to 60 or 60s and cache entries which have been created more than 60s will be evicted. - type: string - kubeMetaNamespaceCacheTTL: - description: |- - Configurable TTL for K8s cached namespace metadata. - By default, it is set to 900 which means a 15min TTL for namespace cache entries. - Setting this to 0 will mean entries are evicted at random once the cache is full. - format: int32 - type: integer - kubeMetaPreloadCacheDir: - description: |- - If set, Kubernetes meta-data can be cached/pre-loaded from files in JSON format in this directory, - named as namespace-pod.meta - type: string - kubeTagPrefix: - description: |- - When the source records comes from Tail input plugin, - this option allows to specify what's the prefix used in Tail configuration. - type: string - kubeTokenCommand: - description: |- - Command to get Kubernetes authorization token. - By default, it will be NULL and we will use token file to get token. - type: string - kubeTokenFile: - description: Token file - type: string - kubeTokenTTL: - description: |- - configurable 'time to live' for the K8s token. By default, it is set to 600 seconds. - After this time, the token is reloaded from Kube_Token_File or the Kube_Token_Command. - type: string - kubeURL: - description: API Server end-point - type: string - kubeletHost: - description: kubelet host using for HTTP request, this only - works when Use_Kubelet set to On. - type: string - kubeletPort: - description: kubelet port using for HTTP request, this only - works when useKubelet is set to On. - format: int32 - type: integer - labels: - description: Include Kubernetes resource labels in the extra - metadata. - type: boolean - mergeLog: - description: |- - When enabled, it checks if the log field content is a JSON string map, - if so, it append the map fields as part of the log structure. - type: boolean - mergeLogKey: - description: |- - When Merge_Log is enabled, the filter tries to assume the log field from the incoming message is a JSON string message - and make a structured representation of it at the same level of the log field in the map. - Now if Merge_Log_Key is set (a string name), all the new structured fields taken from the original log content are inserted under the new key. - type: string - mergeLogTrim: - description: When Merge_Log is enabled, trim (remove possible - \n or \r) field values. - type: boolean - mergeParser: - description: Optional parser name to specify how to parse - the data contained in the log key. Recommended use is - for developers or testing only. - type: string - namespaceAnnotations: - description: Include Kubernetes namespace resource annotations - in the extra metadata. - type: boolean - namespaceLabels: - description: Include Kubernetes namespace resource labels - in the extra metadata. - type: boolean - namespaceMetadataOnly: - description: |- - Include Kubernetes namespace metadata only and no pod metadata. - If this is set, the values of Labels and Annotations are ignored. - type: boolean - ownerReferences: - description: Include Kubernetes owner references in the - extra metadata. - type: boolean - regexParser: - description: |- - Set an alternative Parser to process record Tag and extract pod_name, namespace_name, container_name and docker_id. - The parser must be registered in a parsers file (refer to parser filter-kube-test as an example). - type: string - retryLimit: - description: 'RetryLimit describes how many times fluent-bit - should retry to send data to a specific output. If set - to false fluent-bit will try indefinitely. If set to any - integer N>0 it will try at most N+1 times. Leading zeros - are not allowed (values such as 007, 0150, 01 do not work). - If this property is not defined fluent-bit will use the - default value: 1.' - pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ - type: string - tlsDebug: - description: Debug level between 0 (nothing) and 4 (every - detail). - format: int32 - type: integer - tlsVerify: - description: When enabled, turns on certificate validation - when connecting to the Kubernetes API server. - type: boolean - useJournal: - description: When enabled, the filter reads logs coming - in Journald format. - type: boolean - useKubelet: - description: |- - This is an optional feature flag to get metadata information from kubelet - instead of calling Kube Server API to enhance the log. - This could mitigate the Kube API heavy traffic issue for large cluster. - type: boolean - useTagForMeta: - description: If true, Kubernetes metadata (e.g., pod_name, - container_name, namespace_name etc) will be extracted - from the tag itself. - type: boolean - type: object - logToMetrics: - description: LogToMetrics defines a Log to Metrics Filter configuration. - properties: - addLabel: - description: Add a custom label NAME and set the value to - the value of KEY - items: - type: string - type: array - alias: - description: Alias for the plugin - type: string - bucket: - description: Defines a bucket for histogram - items: - type: string - type: array - discardLogs: - description: |- - Flag that defines if logs should be discarded after processing. This applies - for all logs, no matter if they have emitted metrics or not. - type: boolean - emitterMemBufLimit: - description: set a buffer limit to restrict memory usage - of metrics emitter - type: string - emitterName: - description: Name of the emitter (advanced users) - type: string - exclude: - description: |- - Optional filter for records in which the content of KEY does not matches the regular expression. - Value Format: FIELD REGEX - items: - type: string - type: array - kubernetesMode: - description: |- - If enabled, it will automatically put pod_id, pod_name, namespace_name, docker_id and container_name - into the metric as labels. This option is intended to be used in combination with the kubernetes filter plugin. - type: boolean - labelField: - description: Includes a record field as label dimension - in the metric. - items: - type: string - type: array - metricDescription: - description: Sets a help text for the metric. - type: string - metricMode: - description: Defines the mode for the metric. Valid values - are [counter, gauge or histogram] - type: string - metricName: - description: Sets the name of the metric. - type: string - metricNamespace: - description: Namespace of the metric - type: string - metricSubsystem: - description: Sets a sub-system for the metric. - type: string - regex: - description: |- - Optional filter for records in which the content of KEY matches the regular expression. - Value Format: FIELD REGEX - items: - type: string - type: array - retryLimit: - description: 'RetryLimit describes how many times fluent-bit - should retry to send data to a specific output. If set - to false fluent-bit will try indefinitely. If set to any - integer N>0 it will try at most N+1 times. Leading zeros - are not allowed (values such as 007, 0150, 01 do not work). - If this property is not defined fluent-bit will use the - default value: 1.' - pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ - type: string - tag: - description: Defines the tag for the generated metrics record - type: string - valueField: - description: Specify the record field that holds a numerical - value - type: string - type: object - lua: - description: Lua defines Lua Filter configuration. - properties: - alias: - description: Alias for the plugin - type: string - call: - description: |- - Lua function name that will be triggered to do filtering. - It's assumed that the function is declared inside the Script defined above. - type: string - code: - description: Inline LUA code instead of loading from a path - via script. - type: string - enable_flb_null: - description: |- - If enabled, null will be converted to flb_null in Lua. - This helps prevent removing key/value since nil is a special value to remove key/value from map in Lua. Default value: false. - type: boolean - protectedMode: - description: |- - If enabled, Lua script will be executed in protected mode. - It prevents to crash when invalid Lua script is executed. Default is true. - type: boolean - retryLimit: - description: 'RetryLimit describes how many times fluent-bit - should retry to send data to a specific output. If set - to false fluent-bit will try indefinitely. If set to any - integer N>0 it will try at most N+1 times. Leading zeros - are not allowed (values such as 007, 0150, 01 do not work). - If this property is not defined fluent-bit will use the - default value: 1.' - pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ - type: string - script: - description: Path to the Lua script that will be used. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - timeAsTable: - description: |- - By default when the Lua script is invoked, the record timestamp is passed as a - Floating number which might lead to loss precision when the data is converted back. - If you desire timestamp precision enabling this option will pass the timestamp as - a Lua table with keys sec for seconds since epoch and nsec for nanoseconds. - type: boolean - typeArrayKey: - description: |- - If these keys are matched, the fields are handled as array. If more than - one key, delimit by space. It is useful the array can be empty. - items: - type: string - type: array - typeIntKey: - description: |- - If these keys are matched, the fields are converted to integer. - If more than one key, delimit by space. - Note that starting from Fluent Bit v1.6 integer data types are preserved - and not converted to double as in previous versions. - items: - type: string - type: array - required: - - call - type: object - modify: - description: Modify defines Modify Filter configuration. - properties: - alias: - description: Alias for the plugin - type: string - conditions: - description: All conditions have to be true for the rules - to be applied. - items: - description: The plugin supports the following conditions - properties: - aKeyMatches: - description: Is true if a key matches regex KEY - type: string - keyDoesNotExist: - additionalProperties: - type: string - description: Is true if KEY does not exist - type: object - keyExists: - description: Is true if KEY exists - type: string - keyValueDoesNotEqual: - additionalProperties: - type: string - description: Is true if KEY exists and its value is - not VALUE - type: object - keyValueDoesNotMatch: - additionalProperties: - type: string - description: Is true if key KEY exists and its value - does not match VALUE - type: object - keyValueEquals: - additionalProperties: - type: string - description: Is true if KEY exists and its value is - VALUE - type: object - keyValueMatches: - additionalProperties: - type: string - description: Is true if key KEY exists and its value - matches VALUE - type: object - matchingKeysDoNotHaveMatchingValues: - additionalProperties: - type: string - description: Is true if all keys matching KEY have - values that do not match VALUE - type: object - matchingKeysHaveMatchingValues: - additionalProperties: - type: string - description: Is true if all keys matching KEY have - values that match VALUE - type: object - noKeyMatches: - description: Is true if no key matches regex KEY - type: string - type: object - type: array - retryLimit: - description: 'RetryLimit describes how many times fluent-bit - should retry to send data to a specific output. If set - to false fluent-bit will try indefinitely. If set to any - integer N>0 it will try at most N+1 times. Leading zeros - are not allowed (values such as 007, 0150, 01 do not work). - If this property is not defined fluent-bit will use the - default value: 1.' - pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ - type: string - rules: - description: |- - Rules are applied in the order they appear, - with each rule operating on the result of the previous rule. - items: - description: The plugin supports the following rules - properties: - add: - additionalProperties: - type: string - description: Add a key/value pair with key KEY and - value VALUE if KEY does not exist - type: object - copy: - additionalProperties: - type: string - description: Copy a key/value pair with key KEY to - COPIED_KEY if KEY exists AND COPIED_KEY does not - exist - type: object - hardCopy: - additionalProperties: - type: string - description: |- - Copy a key/value pair with key KEY to COPIED_KEY if KEY exists. - If COPIED_KEY already exists, this field is overwritten - type: object - hardRename: - additionalProperties: - type: string - description: |- - Rename a key/value pair with key KEY to RENAMED_KEY if KEY exists. - If RENAMED_KEY already exists, this field is overwritten - type: object - remove: - description: Remove a key/value pair with key KEY - if it exists - type: string - removeRegex: - description: Remove all key/value pairs with key matching - regexp KEY - type: string - removeWildcard: - description: Remove all key/value pairs with key matching - wildcard KEY - type: string - rename: - additionalProperties: - type: string - description: Rename a key/value pair with key KEY - to RENAMED_KEY if KEY exists AND RENAMED_KEY does - not exist - type: object - set: - additionalProperties: - type: string - description: Add a key/value pair with key KEY and - value VALUE. If KEY already exists, this field is - overwritten - type: object - type: object - type: array - type: object - multiline: - description: Multiline defines a Multiline configuration. - properties: - alias: - description: Alias for the plugin - type: string - buffer: - default: false - type: boolean - emitterMemBufLimit: - default: 10 - description: Set a limit on the amount of memory in MB the - emitter can consume if the outputs provide backpressure. - The default for this limit is 10M. The pipeline will pause - once the buffer exceeds the value of this setting. For - example, if the value is set to 10MB then the pipeline - will pause if the buffer exceeds 10M. The pipeline will - remain paused until the output drains the buffer below - the 10M limit. - type: integer - emitterName: - description: Name for the emitter input instance which re-emits - the completed records at the beginning of the pipeline. - type: string - emitterType: - default: memory - description: The storage type for the emitter input instance. - This option supports the values memory (default) and filesystem. - enum: - - memory - - filesystem - type: string - flushMs: - default: 2000 - type: integer - keyContent: - description: |- - Key name that holds the content to process. - Note that a Multiline Parser definition can already specify the key_content to use, but this option allows to overwrite that value for the purpose of the filter. - type: string - mode: - enum: - - parser - - partial_message - type: string - parser: - description: |- - Specify one or multiple Multiline Parsing definitions to apply to the content. - You can specify multiple multiline parsers to detect different formats by separating them with a comma. - type: string - retryLimit: - description: 'RetryLimit describes how many times fluent-bit - should retry to send data to a specific output. If set - to false fluent-bit will try indefinitely. If set to any - integer N>0 it will try at most N+1 times. Leading zeros - are not allowed (values such as 007, 0150, 01 do not work). - If this property is not defined fluent-bit will use the - default value: 1.' - pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ - type: string - required: - - parser - type: object - nest: - description: Nest defines Nest Filter configuration. - properties: - addPrefix: - description: Prefix affected keys with this string - type: string - alias: - description: Alias for the plugin - type: string - nestUnder: - description: Nest records matching the Wildcard under this - key - type: string - nestedUnder: - description: Lift records nested under the Nested_under - key - type: string - operation: - description: Select the operation nest or lift - enum: - - nest - - lift - type: string - removePrefix: - description: Remove prefix from affected keys if it matches - this string - type: string - retryLimit: - description: 'RetryLimit describes how many times fluent-bit - should retry to send data to a specific output. If set - to false fluent-bit will try indefinitely. If set to any - integer N>0 it will try at most N+1 times. Leading zeros - are not allowed (values such as 007, 0150, 01 do not work). - If this property is not defined fluent-bit will use the - default value: 1.' - pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ - type: string - wildcard: - description: Nest records which field matches the wildcard - items: - type: string - type: array - type: object - parser: - description: Parser defines Parser Filter configuration. - properties: - alias: - description: Alias for the plugin - type: string - keyName: - description: Specify field name in record to parse. - type: string - parser: - description: |- - Specify the parser name to interpret the field. - Multiple Parser entries are allowed (split by comma). - type: string - preserveKey: - description: |- - Keep original Key_Name field in the parsed result. - If false, the field will be removed. - type: boolean - reserveData: - description: |- - Keep all other original fields in the parsed result. - If false, all other original fields will be removed. - type: boolean - retryLimit: - description: 'RetryLimit describes how many times fluent-bit - should retry to send data to a specific output. If set - to false fluent-bit will try indefinitely. If set to any - integer N>0 it will try at most N+1 times. Leading zeros - are not allowed (values such as 007, 0150, 01 do not work). - If this property is not defined fluent-bit will use the - default value: 1.' - pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ - type: string - unescapeKey: - description: 'If the key is a escaped string (e.g: stringify - JSON), unescape the string before to apply the parser.' - type: boolean - type: object - recordModifier: - description: RecordModifier defines Record Modifier Filter configuration. - properties: - alias: - description: Alias for the plugin - type: string - allowlistKeys: - description: If the key is not matched, that field is removed. - items: - type: string - type: array - records: - description: Append fields. This parameter needs key and - value pair. - items: - type: string - type: array - removeKeys: - description: If the key is matched, that field is removed. - items: - type: string - type: array - retryLimit: - description: 'RetryLimit describes how many times fluent-bit - should retry to send data to a specific output. If set - to false fluent-bit will try indefinitely. If set to any - integer N>0 it will try at most N+1 times. Leading zeros - are not allowed (values such as 007, 0150, 01 do not work). - If this property is not defined fluent-bit will use the - default value: 1.' - pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ - type: string - uuidKeys: - description: If set, the plugin appends uuid to each record. - The value assigned becomes the key in the map. - items: - type: string - type: array - whitelistKeys: - description: An alias of allowlistKeys for backwards compatibility. - items: - type: string - type: array - type: object - rewriteTag: - description: RewriteTag defines a RewriteTag configuration. - properties: - alias: - description: Alias for the plugin - type: string - emitterMemBufLimit: - type: string - emitterName: - description: |- - When the filter emits a record under the new Tag, there is an internal emitter - plugin that takes care of the job. Since this emitter expose metrics as any other - component of the pipeline, you can use this property to configure an optional name for it. - type: string - emitterStorageType: - type: string - retryLimit: - description: 'RetryLimit describes how many times fluent-bit - should retry to send data to a specific output. If set - to false fluent-bit will try indefinitely. If set to any - integer N>0 it will try at most N+1 times. Leading zeros - are not allowed (values such as 007, 0150, 01 do not work). - If this property is not defined fluent-bit will use the - default value: 1.' - pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ - type: string - rules: - description: |- - Defines the matching criteria and the format of the Tag for the matching record. - The Rule format have four components: KEY REGEX NEW_TAG KEEP. - items: - type: string - type: array - type: object - throttle: - description: Throttle defines a Throttle configuration. - properties: - alias: - description: Alias for the plugin - type: string - interval: - description: Interval is the time interval expressed in - "sleep" format. e.g. 3s, 1.5m, 0.5h, etc. - pattern: ^\d+(\.[0-9]{0,2})?(s|m|h|d)?$ - type: string - printStatus: - description: PrintStatus represents whether to print status - messages with current rate and the limits to information - logs. - type: boolean - rate: - description: Rate is the amount of messages for the time. - format: int64 - type: integer - retryLimit: - description: 'RetryLimit describes how many times fluent-bit - should retry to send data to a specific output. If set - to false fluent-bit will try indefinitely. If set to any - integer N>0 it will try at most N+1 times. Leading zeros - are not allowed (values such as 007, 0150, 01 do not work). - If this property is not defined fluent-bit will use the - default value: 1.' - pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ - type: string - window: - description: Window is the amount of intervals to calculate - average over. - format: int64 - type: integer - type: object - wasm: - description: Wasm defines a Wasm configuration. - properties: - accessiblePaths: - description: Specify the whitelist of paths to be able to - access paths from WASM programs. - items: - type: string - type: array - alias: - description: Alias for the plugin - type: string - eventFormat: - description: 'Define event format to interact with Wasm - programs: msgpack or json. Default: json' - type: string - functionName: - description: Wasm function name that will be triggered to - do filtering. It's assumed that the function is built - inside the Wasm program specified above. - type: string - retryLimit: - description: 'RetryLimit describes how many times fluent-bit - should retry to send data to a specific output. If set - to false fluent-bit will try indefinitely. If set to any - integer N>0 it will try at most N+1 times. Leading zeros - are not allowed (values such as 007, 0150, 01 do not work). - If this property is not defined fluent-bit will use the - default value: 1.' - pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ - type: string - wasmHeapSize: - description: Size of the heap size of Wasm execution. Review - unit sizes for allowed values. - pattern: ^\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$ - type: string - wasmPath: - description: Path to the built Wasm program that will be - used. This can be a relative path against the main configuration - file. - type: string - wasmStackSize: - description: Size of the stack size of Wasm execution. Review - unit sizes for allowed values. - pattern: ^\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$ - type: string - type: object - type: object - type: array - logLevel: - enum: - - "off" - - error - - warning - - info - - debug - - trace - type: string - match: - description: |- - A pattern to match against the tags of incoming records. - It's case-sensitive and support the star (*) character as a wildcard. - type: string - matchRegex: - description: |- - A regular expression to match against the tags of incoming records. - Use this option if you want to use the full regex syntax. - type: string - ordinal: - description: An ordinal to influence filter ordering - format: int32 - type: integer - type: object - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: clusterfilters.fluentd.fluent.io -spec: - group: fluentd.fluent.io - names: - kind: ClusterFilter - listKind: ClusterFilterList - plural: clusterfilters - shortNames: - - cfdf - singular: clusterfilter - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: ClusterFilter is the Schema for the clusterfilters API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ClusterFilterSpec defines the desired state of ClusterFilter - properties: - filters: - items: - description: Filter defines all available filter plugins and their - parameters. - properties: - customPlugin: - description: Custom plugin type - properties: - config: - type: string - required: - - config - type: object - grep: - description: The filter_grep filter plugin - properties: - and: - items: - description: And defines the parameters for the "and" - plugin - properties: - exclude: - description: Exclude defines the parameters for the - exclude plugin - properties: - key: - type: string - pattern: - type: string - type: object - regexp: - description: Regexp defines the parameters for the - regexp plugin - properties: - key: - type: string - pattern: - type: string - type: object - type: object - type: array - exclude: - items: - description: Exclude defines the parameters for the exclude - plugin - properties: - key: - type: string - pattern: - type: string - type: object - type: array - or: - items: - description: Or defines the parameters for the "or" plugin - properties: - exclude: - description: Exclude defines the parameters for the - exclude plugin - properties: - key: - type: string - pattern: - type: string - type: object - regexp: - description: Regexp defines the parameters for the - regexp plugin - properties: - key: - type: string - pattern: - type: string - type: object - type: object - type: array - regexp: - items: - description: Regexp defines the parameters for the regexp - plugin - properties: - key: - type: string - pattern: - type: string - type: object - type: array - type: object - logLevel: - description: The @log_level parameter specifies the plugin-specific - logging level - type: string - parser: - description: The filter_parser filter plugin - properties: - emitInvalidRecordToError: - description: |- - Emits invalid record to @ERROR label. Invalid cases are: key does not exist;the format is not matched;an unexpected error. - If you want to ignore these errors, set false. - type: boolean - hashValueField: - description: Stores the parsed values as a hash value in - a field. - type: string - injectKeyPrefix: - description: Stores the parsed values with the specified - key name prefix. - type: string - keyName: - description: |- - Specifies the field name in the record to parse. Required parameter. - i.e: If set keyName to log, {"key":"value","log":"{\"time\":1622473200,\"user\":1}"} => {"user":1} - type: string - parse: - description: Parse defines various parameters for the parse - plugin - properties: - customPatternPath: - description: Path to the file that includes custom grok - patterns. - type: string - estimateCurrentEvent: - description: If true, use Fluent::Eventnow(current time) - as a timestamp when time_key is specified. - type: boolean - expression: - description: Specifies the regular expression for matching - logs. Regular expression also supports i and m suffix. - type: string - grok: - description: Grok Sections - items: - properties: - keepTimeKey: - description: If true, keep time field in the record. - type: boolean - name: - description: The name of this grok section. - type: string - pattern: - description: The pattern of grok. Required parameter. - type: string - timeFormat: - description: Process value using specified format. - This is available only when time_type is string - type: string - timeKey: - description: Specify time field for event time. - If the event doesn't have this field, current - time is used. - type: string - timeZone: - description: Use specified timezone. one can parse/format - the time value in the specified timezone. - type: string - type: object - type: array - grokFailureKey: - description: The key has grok failure reason. - type: string - grokPattern: - description: The pattern of grok. - type: string - grokPatternSeries: - description: Specify grok pattern series set. - type: string - id: - description: The @id parameter specifies a unique name - for the configuration. - type: string - keepTimeKey: - description: If true, keep time field in th record. - type: boolean - localtime: - description: If true, uses local time. - type: boolean - logLevel: - description: The @log_level parameter specifies the - plugin-specific logging level - type: string - multiLineStartRegexp: - description: The regexp to match beginning of multiline. - This is only for "multiline_grok". - type: string - timeFormat: - description: Process value according to the specified - format. This is available only when time_type is string - type: string - timeFormatFallbacks: - description: Uses the specified time format as a fallback - in the specified order. You can parse undetermined - time format by using time_format_fallbacks. This options - is enabled when time_type is mixed. - type: string - timeKey: - description: Specify time field for event time. If the - event doesn't have this field, current time is used. - type: string - timeType: - description: parses/formats value according to this - type, default is string - enum: - - float - - unixtime - - string - - mixed - type: string - timeout: - description: Specify timeout for parse processing. - pattern: ^\d+(\.[0-9]{0,2})?(s|m|h|d)?$ - type: string - timezone: - description: Uses the specified timezone. - type: string - type: - description: The @type parameter specifies the type - of the plugin. - enum: - - regexp - - apache2 - - apache_error - - nginx - - syslog - - csv - - tsv - - ltsv - - json - - multiline - - none - - grok - - multiline_grok - type: string - types: - description: 'Specify types for converting field into - another, i.e: types user_id:integer,paid:bool,paid_usd_amount:float' - type: string - utc: - description: If true, uses UTC. - type: boolean - required: - - type - type: object - removeKeyNameField: - description: Removes key_name field when parsing is succeeded. - type: boolean - replaceInvalidSequence: - description: If true, invalid string is replaced with safe - characters and re-parse it. - type: boolean - reserveData: - description: |- - Keeps the original key-value pair in the parsed result. Default is false. - i.e: If set keyName to log, reverseData to true, - {"key":"value","log":"{\"user\":1,\"num\":2}"} => {"key":"value","log":"{\"user\":1,\"num\":2}","user":1,"num":2} - type: boolean - reserveTime: - description: Keeps the original event time in the parsed - result. Default is false. - type: boolean - required: - - keyName - - parse - type: object - recordTransformer: - description: The filter_record_transformer filter plugin - properties: - autoTypecast: - description: |- - Automatically casts the field types. Default is false. - This option is effective only for field values comprised of a single placeholder. - type: boolean - enableRuby: - description: |- - When set to true, the full Ruby syntax is enabled in the ${...} expression. The default value is false. - i.e: jsonized_record ${record.to_json} - type: boolean - keepKeys: - description: A list of keys to keep. Only relevant if renew_record - is set to true. - type: string - records: - items: - description: The parameters inside directives - are considered to be new key-value pairs - properties: - key: - description: New field can be defined as key - type: string - value: - description: |- - The value must from Record properties. - See https://docs.fluentd.org/filter/record_transformer#less-than-record-greater-than-directive - type: string - required: - - key - - value - type: object - type: array - removeKeys: - description: A list of keys to delete. Supports nested field - via record_accessor syntax since v1.1.0. - type: string - renewRecord: - description: By default, the record transformer filter mutates - the incoming data. However, if this parameter is set to - true, it modifies a new empty hash instead. - type: boolean - renewTimeKey: - description: renew_time_key foo overwrites the time of events - with a value of the record field foo if exists. The value - of foo must be a Unix timestamp. - type: string - type: object - stdout: - description: The filter_stdout filter plugin - properties: - format: - description: The format section - properties: - delimiter: - description: Delimiter for each field. - type: string - id: - description: The @id parameter specifies a unique name - for the configuration. - type: string - localtime: - description: If true, uses local time. - type: boolean - logLevel: - description: The @log_level parameter specifies the - plugin-specific logging level - type: string - newline: - description: Specify newline characters. - enum: - - lf - - crlf - type: string - outputTag: - description: Output tag field if true. - type: boolean - outputTime: - description: Output time field if true. - type: boolean - timeFormat: - description: Process value according to the specified - format. This is available only when time_type is string - type: string - timeFormatFallbacks: - description: Uses the specified time format as a fallback - in the specified order. You can parse undetermined - time format by using time_format_fallbacks. This options - is enabled when time_type is mixed. - type: string - timeType: - description: parses/formats value according to this - type, default is string - enum: - - float - - unixtime - - string - - mixed - type: string - timezone: - description: Uses the specified timezone. - type: string - type: - description: The @type parameter specifies the type - of the plugin. - enum: - - out_file - - json - - ltsv - - csv - - msgpack - - hash - - single_value - type: string - utc: - description: If true, uses UTC. - type: boolean - type: object - inject: - description: The inject section - properties: - hostname: - description: Hostname value - type: string - hostnameKey: - description: The field name to inject hostname - type: string - inline: - description: Time section - properties: - localtime: - description: If true, uses local time. - type: boolean - timeFormat: - description: Process value according to the specified - format. This is available only when time_type - is string - type: string - timeFormatFallbacks: - description: Uses the specified time format as a - fallback in the specified order. You can parse - undetermined time format by using time_format_fallbacks. - This options is enabled when time_type is mixed. - type: string - timeType: - description: parses/formats value according to this - type, default is string - enum: - - float - - unixtime - - string - - mixed - type: string - timezone: - description: Uses the specified timezone. - type: string - utc: - description: If true, uses UTC. - type: boolean - type: object - tagKey: - description: The field name to inject tag - type: string - timeKey: - description: The field name to inject time - type: string - workerIdKey: - description: The field name to inject worker_id - type: string - type: object - type: object - tag: - description: Which tag to be matched. - type: string - type: object - type: array - type: object - status: - description: ClusterFilterStatus defines the observed state of ClusterFilter - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: clusterfluentbitconfigs.fluentbit.fluent.io -spec: - group: fluentbit.fluent.io - names: - kind: ClusterFluentBitConfig - listKind: ClusterFluentBitConfigList - plural: clusterfluentbitconfigs - shortNames: - - cfbc - singular: clusterfluentbitconfig - scope: Cluster - versions: - - name: v1alpha2 - schema: - openAPIV3Schema: - description: ClusterFluentBitConfig is the Schema for the cluster-level fluentbitconfigs - API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: FluentBitConfigSpec defines the desired state of ClusterFluentBitConfig - properties: - configFileFormat: - description: |- - ConfigFileFormat defines the format of the config file, default is "classic", - available options are "classic" and "yaml" - enum: - - classic - - yaml - type: string - filterSelector: - description: Select filter plugins - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - inputSelector: - description: Select input plugins - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - multilineParserSelector: - description: Select multiline parser plugins - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespace: - description: |- - If namespace is defined, then the configmap and secret for fluent-bit is in this namespace. - If it is not defined, it is in the namespace of the fluentd-operator - type: string - outputSelector: - description: Select output plugins - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - parserSelector: - description: Select parser plugins - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - service: - description: Service defines the global behaviour of the Fluent Bit - engine. - properties: - daemon: - description: If true go to background on start - type: boolean - emitterMemBufLimit: - type: string - emitterName: - description: Per-namespace re-emitter configuration - type: string - emitterStorageType: - type: string - enableChunkTrace: - description: Enable input/output tracing on debug images, controlled - more granualry via the http API - type: boolean - flushSeconds: - description: Interval to flush output - type: number - graceSeconds: - description: Wait time on exit - format: int64 - type: integer - hcErrorsCount: - description: 'the error count to meet the unhealthy requirement, - this is a sum for all output plugins in a defined HC_Period, - example for output error: [2022/02/16 10:44:10] [ warn] [engine] - failed to flush chunk ''1-1645008245.491540684.flb'', retry - in 7 seconds: task_id=0, input=forward.1 > output=cloudwatch_logs.3 - (out_id=3)' - format: int64 - minimum: 1 - type: integer - hcPeriod: - description: The time period by second to count the error and - retry failure data point - format: int64 - minimum: 1 - type: integer - hcRetryFailureCount: - description: 'the retry failure count to meet the unhealthy requirement, - this is a sum for all output plugins in a defined HC_Period, - example for retry failure: [2022/02/16 20:11:36] [ warn] [engine] - chunk ''1-1645042288.260516436.flb'' cannot be retried: task_id=0, - input=tcp.3 > output=cloudwatch_logs.1' - format: int64 - minimum: 1 - type: integer - healthCheck: - description: 'enable Health check feature at http://127.0.0.1:2020/api/v1/health - Note: Enabling this will not automatically configure kubernetes - to use fluentbit''s healthcheck endpoint' - type: boolean - hotReload: - description: If true enable reloading via HTTP - type: boolean - hotReloadEnsureThreadSafety: - description: If true, preserve thread safety during hot reload - by waiting for in-flight work to drain before reloading; this - wait can be bounded by hotReloadTimeout. - type: boolean - hotReloadTimeout: - description: Maximum time in seconds to wait for a hot reload - to complete before aborting. - format: int32 - type: integer - httpListen: - description: Address to listen - pattern: ^(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})|(([A-Fa-f0-9:]+:+)+[A-Fa-f0-9]*)$ - type: string - httpPort: - description: Port to listen - format: int32 - maximum: 65535 - minimum: 1 - type: integer - httpServer: - description: If true enable statistics HTTP server - type: boolean - logFile: - description: File to log diagnostic output - type: string - logLevel: - description: Diagnostic level (error/warning/info/debug/trace) - enum: - - "off" - - error - - warning - - info - - debug - - trace - type: string - multilineBufferLimit: - description: Set a default buffer size limit for multiline parsers. - The value must be according to the Unit Size specification. - pattern: ^\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$ - type: string - parsersFile: - description: Optional 'parsers' config file (can be multiple) - type: string - parsersFiles: - description: backward compatible - items: - type: string - type: array - schedulerBase: - description: Set a base for exponential backoff in the scheduler. - Supported in Fluent Bit >= 1.8.7 - format: int32 - type: integer - schedulerCap: - description: Set a maximum retry time in seconds for the scheduler. - Supported in Fluent Bit >= 1.8.7 - format: int32 - type: integer - storage: - description: Configure a global environment for the storage layer - in Service. It is recommended to configure the volume and volumeMount - separately for this storage. The hostPath type should be used - for that Volume in Fluentbit daemon set. - properties: - backlogMemLimit: - description: This option configure a hint of maximum value - of memory to use when processing these records - type: string - checksum: - description: Enable the data integrity check when writing - and reading data from the filesystem - enum: - - "on" - - "off" - type: string - deleteIrrecoverableChunks: - description: When enabled, irrecoverable chunks will be deleted - during runtime, and any other irrecoverable chunk located - in the configured storage path directory will be deleted - when Fluent-Bit starts. - enum: - - "on" - - "off" - type: string - maxChunksUp: - description: If the input plugin has enabled filesystem storage - type, this property sets the maximum number of Chunks that - can be up in memory - format: int64 - type: integer - metrics: - description: If http_server option has been enabled in the - Service section, this option registers a new endpoint where - internal metrics of the storage layer can be consumed - enum: - - "on" - - "off" - type: string - path: - description: Select an optional location in the file system - to store streams and chunks of data/ - type: string - sync: - description: Configure the synchronization mode used to store - the data into the file system - enum: - - normal - - full - type: string - type: object - type: object - type: object - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: clusterfluentdconfigs.fluentd.fluent.io -spec: - group: fluentd.fluent.io - names: - kind: ClusterFluentdConfig - listKind: ClusterFluentdConfigList - plural: clusterfluentdconfigs - shortNames: - - cfdc - singular: clusterfluentdconfig - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: ClusterFluentdConfig is the Schema for the clusterfluentdconfigs - API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ClusterFluentdConfigSpec defines the desired state of ClusterFluentdConfig - properties: - clusterFilterSelector: - description: Select cluster filter plugins - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - clusterInputSelector: - description: Select cluster input plugins - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - clusterOutputSelector: - description: Select cluster output plugins - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - emit_mode: - description: |- - Emit mode. If batch, the plugin will emit events per labels matched. Enum: record, batch. - will make no effect if EnableFilterKubernetes is set false. - enum: - - record - - batch - type: string - pluginSortOrder: - default: lexicographic - description: |- - PluginSortOrder controls how child plugins within a label section are - ordered by their @id. "lexicographic" (default) preserves the original - string-comparison behaviour. "index" switches to numeric-aware ordering - so that a CR with more than nine plugins renders in definition order - (e.g. plugin-2 before plugin-10). - enum: - - lexicographic - - index - type: string - stickyTags: - description: |- - Sticky tags will match only one record from an event stream. The same tag will be treated the same way. - will make no effect if EnableFilterKubernetes is set false. - type: string - watchedConstainers: - description: A set of container names. Ignored if left empty. - items: - type: string - type: array - watchedHosts: - description: A set of hosts. Ignored if left empty. - items: - type: string - type: array - watchedLabels: - additionalProperties: - type: string - description: Use this field to filter the logs, will make no effect - if EnableFilterKubernetes is set false. - type: object - watchedNamespaces: - description: A set of namespaces. The whole namespaces would be watched - if left empty. - items: - type: string - type: array - type: object - status: - description: ClusterFluentdConfigStatus defines the observed state of - ClusterFluentdConfig - properties: - messages: - description: Messages defines the plugin errors which is selected - by this fluentdconfig - type: string - state: - description: The state of this fluentd config - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: clusterinputs.fluentbit.fluent.io -spec: - group: fluentbit.fluent.io - names: - kind: ClusterInput - listKind: ClusterInputList - plural: clusterinputs - shortNames: - - cfbi - singular: clusterinput - scope: Cluster - versions: - - name: v1alpha2 - schema: - openAPIV3Schema: - description: ClusterInput is the Schema for the inputs API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: InputSpec defines the desired state of ClusterInput - properties: - alias: - description: |- - A user friendly alias name for this input plugin. - Used in metrics for distinction of each configured input. - type: string - collectd: - description: Collectd defines the Collectd input plugin configuration - properties: - listen: - description: 'Set the address to listen to, default: 0.0.0.0' - type: string - port: - description: 'Set the port to listen to, default: 25826' - format: int32 - maximum: 65535 - minimum: 1 - type: integer - typesDB: - description: 'Set the data specification file,default: /usr/share/collectd/types.db' - type: string - type: object - customPlugin: - description: CustomPlugin defines Custom Input configuration. - properties: - config: - description: |- - Config holds any unsupported plugins classic configurations, - if ConfigFileFormat is set to yaml, this filed will be ignored - type: string - yamlConfig: - description: YamlConfig holds the unsupported plugins yaml configurations, - it only works when the ConfigFileFormat is yaml - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - dummy: - description: Dummy defines Dummy Input configuration. - properties: - dummy: - description: Dummy JSON record. - type: string - rate: - description: Events number generated per second. - format: int32 - type: integer - samples: - description: Sample events to generate. - format: int32 - type: integer - tag: - description: Tag name associated to all records coming from this - plugin. - type: string - type: object - execWasi: - description: ExecWasi defines the exec wasi input plugin configuration - properties: - accessiblePaths: - description: Specify the whitelist of paths to be able to access - paths from WASM programs. - items: - type: string - type: array - bufSize: - description: Size of the buffer (check unit sizes for allowed - values) - pattern: ^\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$ - type: string - intervalNSec: - description: Polling interval (nanoseconds). - format: int64 - type: integer - intervalSec: - description: Polling interval (seconds). - format: int32 - type: integer - parser: - description: Specify the name of a parser to interpret the entry - as a structured message. - type: string - threaded: - description: 'Indicates whether to run this input in its own thread. - Default: false.' - type: boolean - wasiPath: - description: The place of a WASM program file. - type: string - wasmHeapSize: - pattern: ^\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$ - type: string - wasmStackSize: - description: Size of the stack size of Wasm execution. Review - unit sizes for allowed values. - pattern: ^\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$ - type: string - type: object - fluentBitMetrics: - description: FluentBitMetrics defines Fluent Bit Metrics Input configuration. - properties: - scrapeInterval: - description: The rate at which metrics are collected from the - host operating system. default is 2 seconds. - type: string - scrapeOnStart: - description: Scrape metrics upon start, useful to avoid waiting - for 'scrape_interval' for the first round of metrics. - type: boolean - tag: - type: string - type: object - forward: - description: Forward defines forward input plugin configuration - properties: - bufferMaxSize: - description: |- - Specify maximum buffer memory size used to receive a forward message. - The value must be according to the Unit Size specification. - pattern: ^\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$ - type: string - bufferchunkSize: - description: |- - Set the initial buffer size to store incoming data. - This value is used too to increase buffer size as required. - The value must be according to the Unit Size specification. - pattern: ^\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$ - type: string - listen: - description: Listener network interface. - type: string - port: - description: Port for forward plugin instance. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - tag: - description: in_forward uses the tag value for incoming logs. - If not set it uses tag from incoming log. - type: string - tagPrefix: - description: Adds the prefix to incoming event's tag - type: string - threaded: - description: Threaded mechanism allows input plugin to run in - a separate thread which helps to desaturate the main pipeline. - type: string - unixPath: - description: Specify the path to unix socket to receive a forward - message. If set, Listen and port are ignnored. - type: string - unixPerm: - description: Set the permission of unix socket file. - type: string - type: object - http: - description: HTTP defines the HTTP input plugin configuration - properties: - bufferChunkSize: - description: |- - This sets the chunk size for incoming incoming JSON messages. - These chunks are then stored/managed in the space available by buffer_max_size,default 512K. - pattern: ^\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$ - type: string - bufferMaxSize: - description: Specify the maximum buffer size in KB to receive - a JSON message,default 4M. - pattern: ^\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$ - type: string - listen: - description: The address to listen on,default 0.0.0.0 - type: string - port: - description: The port for Fluent Bit to listen on,default 9880 - format: int32 - maximum: 65535 - minimum: 1 - type: integer - successfulHeader: - description: 'Add an HTTP header key/value pair on success. Multiple - headers can be set. Example: X-Custom custom-answer.' - type: string - successfulResponseCode: - description: It allows to set successful response code. 200, 201 - and 204 are supported,default 201. - format: int32 - type: integer - tagKey: - description: Specify the key name to overwrite a tag. If set, - the tag will be overwritten by a value of the key. - type: string - tls: - description: Fluent Bit provides integrated support for Transport - Layer Security (TLS) and it predecessor Secure Sockets Layer - (SSL) respectively. - properties: - caFile: - description: Absolute path to CA certificate file - type: string - caPath: - description: Absolute path to scan for certificate files - type: string - crtFile: - description: Absolute path to Certificate file - type: string - debug: - description: |- - Set TLS debug verbosity level. - It accept the following values: 0 (No debug), 1 (Error), 2 (State change), 3 (Informational) and 4 Verbose - enum: - - 0 - - 1 - - 2 - - 3 - - 4 - format: int32 - type: integer - keyFile: - description: Absolute path to private Key file - type: string - keyPassword: - description: Optional password for tls.key_file file - properties: - valueFrom: - description: ValueSource defines how to find a value's - key. - properties: - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - type: object - verify: - description: Force certificate validation - type: boolean - vhost: - description: Hostname to be used for TLS SNI extension - type: string - type: object - type: object - kubernetesEvents: - description: KubernetesEvents defines the KubernetesEvents input plugin - configuration - properties: - db: - description: Set a database file to keep track of recorded Kubernetes - events - type: string - dbSync: - description: 'Set a database sync method. values: extra, full, - normal and off' - type: string - intervalNsec: - description: 'Set the polling interval for each channel (sub seconds: - nanoseconds).' - format: int64 - type: integer - intervalSec: - description: Set the polling interval for each channel. - format: int32 - type: integer - kubeCAFile: - description: CA certificate file - type: string - kubeCAPath: - description: Absolute path to scan for certificate files - type: string - kubeNamespace: - description: Kubernetes namespace to query events from. Gets events - from all namespaces by default - type: string - kubeRequestLimit: - description: kubernetes limit parameter for events query, no limit - applied when set to 0. - format: int32 - type: integer - kubeRetentionTime: - description: Kubernetes retention time for events. - type: string - kubeTokenFile: - description: Token file - type: string - kubeTokenTTL: - description: |- - configurable 'time to live' for the K8s token. By default, it is set to 600 seconds. - After this time, the token is reloaded from Kube_Token_File or the Kube_Token_Command. - type: string - kubeURL: - description: API Server end-point - type: string - pauseOnChunksOverlimit: - description: Specifies if the input plugin should be paused (stop - ingesting new data) when the storage.max_chunks_up value is - reached. - enum: - - "on" - - "off" - type: string - storageType: - description: Specifies the buffering mechanism for use with the - input plugin, requires storage.path to be set in the service. - enum: - - filesystem - - memory - type: string - tag: - description: Tag name associated to all records coming from this - plugin. - type: string - tlsDebug: - description: Debug level between 0 (nothing) and 4 (every detail). - format: int32 - type: integer - tlsVerify: - description: When enabled, turns on certificate validation when - connecting to the Kubernetes API server. - type: boolean - tlsVhost: - description: Set optional TLS virtual host. - type: string - type: object - logLevel: - enum: - - "off" - - error - - warning - - info - - debug - - trace - type: string - mqtt: - description: MQTT defines the MQTT input plugin configuration - properties: - listen: - description: 'Listener network interface, default: 0.0.0.0' - type: string - port: - description: 'TCP port where listening for connections, default: - 1883' - format: int32 - maximum: 65535 - minimum: 1 - type: integer - type: object - nginx: - description: Nginx defines the Nginx input plugin configuration - properties: - host: - description: 'Name of the target host or IP address to check, - default: localhost' - type: string - nginxPlus: - description: 'Turn on NGINX plus mode,default: true' - type: boolean - port: - description: 'Port of the target nginx service to connect to, - default: 80' - format: int32 - maximum: 65535 - minimum: 1 - type: integer - statusURL: - description: 'The URL of the Stub Status Handler,default: /status' - type: string - type: object - nodeExporterMetrics: - description: NodeExporterMetrics defines Node Exporter Metrics Input - configuration. - properties: - path: - properties: - procfs: - description: The mount point used to collect process information - and metrics. - type: string - sysfs: - description: The path in the filesystem used to collect system - metrics. - type: string - type: object - scrapeInterval: - description: The rate at which metrics are collected from the - host operating system, default is 5 seconds. - type: string - tag: - description: Tag name associated to all records coming from this - plugin. - type: string - type: object - openTelemetry: - description: OpenTelemetry defines the OpenTelemetry input plugin - configuration - properties: - bufferChunkSize: - description: This sets the chunk size for incoming incoming JSON - messages. These chunks are then stored/managed in the space - available by buffer_max_size(default 512K). - pattern: ^\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$ - type: string - bufferMaxSize: - description: Specify the maximum buffer size in KB to receive - a JSON message(default 4M). - pattern: ^\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$ - type: string - listen: - description: The address to listen on,default 0.0.0.0 - type: string - port: - description: The port for Fluent Bit to listen on.default 4318. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - rawTraces: - description: Route trace data as a log message(default false). - type: boolean - successfulResponseCode: - description: It allows to set successful response code. 200, 201 - and 204 are supported(default 201). - format: int32 - type: integer - tag: - description: opentelemetry uses the tag value for incoming metrics. - type: string - tagFromURI: - description: If true, tag will be created from uri. e.g. v1_metrics - from /v1/metrics - type: boolean - tagKey: - description: Specify the key name to overwrite a tag. If set, - the tag will be overwritten by a value of the key. - type: string - type: object - processors: - description: Processors defines the processors configuration - type: object - x-kubernetes-preserve-unknown-fields: true - prometheusScrapeMetrics: - description: PrometheusScrapeMetrics defines Prometheus Scrape Metrics - Input configuration. - properties: - host: - description: The host of the prometheus metric endpoint that you - want to scrape - type: string - metricsPath: - description: 'The metrics URI endpoint, that must start with a - forward slash, deflaut: /metrics' - type: string - port: - description: The port of the promethes metric endpoint that you - want to scrape - format: int32 - maximum: 65535 - minimum: 1 - type: integer - scrapeInterval: - description: 'The interval to scrape metrics, default: 10s' - type: string - tag: - description: Tag name associated to all records coming from this - plugin - type: string - type: object - statsd: - description: StatsD defines the StatsD input plugin configuration - properties: - listen: - description: 'Listener network interface, default: 0.0.0.0' - type: string - port: - description: 'UDP port where listening for connections, default: - 8125' - format: int32 - maximum: 65535 - minimum: 1 - type: integer - type: object - syslog: - description: Syslog defines the Syslog input plugin configuration - properties: - bufferChunkSize: - description: |- - By default the buffer to store the incoming Syslog messages, do not allocate the maximum memory allowed, instead it allocate memory when is required. - The rounds of allocations are set by Buffer_Chunk_Size. If not set, Buffer_Chunk_Size is equal to 32000 bytes (32KB). - pattern: ^\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$ - type: string - bufferMaxSize: - description: Specify the maximum buffer size to receive a Syslog - message. If not set, the default size will be the value of Buffer_Chunk_Size. - pattern: ^\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$ - type: string - listen: - description: 'If Mode is set to tcp or udp, specify the network - interface to bind, default: 0.0.0.0' - type: string - mode: - description: 'Defines transport protocol mode: unix_udp (UDP over - Unix socket), unix_tcp (TCP over Unix socket), tcp or udp' - enum: - - unix_udp - - unix_tcp - - tcp - - udp - type: string - parser: - description: |- - Specify an alternative parser for the message. If Mode is set to tcp or udp then the default parser is syslog-rfc5424 otherwise syslog-rfc3164-local is used. - If your syslog messages have fractional seconds set this Parser value to syslog-rfc5424 instead. - type: string - path: - description: If Mode is set to unix_tcp or unix_udp, set the absolute - path to the Unix socket file. - type: string - port: - description: If Mode is set to tcp or udp, specify the TCP port - to listen for incoming connections. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - receiveBufferSize: - description: |- - Specify the maximum socket receive buffer size. If not set, the default value is OS-dependant, - but generally too low to accept thousands of syslog messages per second without loss on udp or unix_udp sockets. Note that on Linux the value is capped by sysctl net.core.rmem_max. - pattern: ^\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$ - type: string - sourceAddressKey: - description: Specify the key where the source address will be - injected. - type: string - tag: - description: Specify a tag to route incoming logs through different - parsers to different outputs. - type: string - tls: - description: Specify TLS connector options. - properties: - caFile: - description: Absolute path to CA certificate file - type: string - caPath: - description: Absolute path to scan for certificate files - type: string - crtFile: - description: Absolute path to Certificate file - type: string - debug: - description: |- - Set TLS debug verbosity level. - It accept the following values: 0 (No debug), 1 (Error), 2 (State change), 3 (Informational) and 4 Verbose - enum: - - 0 - - 1 - - 2 - - 3 - - 4 - format: int32 - type: integer - keyFile: - description: Absolute path to private Key file - type: string - keyPassword: - description: Optional password for tls.key_file file - properties: - valueFrom: - description: ValueSource defines how to find a value's - key. - properties: - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - type: object - verify: - description: Force certificate validation - type: boolean - vhost: - description: Hostname to be used for TLS SNI extension - type: string - type: object - unixPerm: - description: 'If Mode is set to unix_tcp or unix_udp, set the - permission of the Unix socket file, default: 0644' - format: int32 - type: integer - type: object - systemd: - description: Systemd defines Systemd Input configuration. - properties: - db: - description: Specify the database file to keep track of monitored - files and offsets. - type: string - dbSync: - description: |- - Set a default synchronization (I/O) method. values: Extra, Full, Normal, Off. - This flag affects how the internal SQLite engine do synchronization to disk, - for more details about each option please refer to this section. - note: this option was introduced on Fluent Bit v1.4.6. - enum: - - Extra - - Full - - Normal - - "Off" - type: string - maxEntries: - description: |- - When Fluent Bit starts, the Journal might have a high number of logs in the queue. - In order to avoid delays and reduce memory usage, this option allows to specify the maximum number of log entries that can be processed per round. - Once the limit is reached, Fluent Bit will continue processing the remaining log entries once Journald performs the notification. - type: integer - maxFields: - description: Set a maximum number of fields (keys) allowed per - record. - type: integer - path: - description: |- - Optional path to the Systemd journal directory, - if not set, the plugin will use default paths to read local-only logs. - type: string - pauseOnChunksOverlimit: - description: Specifies if the input plugin should be paused (stop - ingesting new data) when the storage.max_chunks_up value is - reached. - enum: - - "on" - - "off" - type: string - readFromTail: - description: Start reading new entries. Skip entries already stored - in Journald. - enum: - - "on" - - "off" - type: string - storagePath: - description: |- - Set an optional location in the file system to store streams and chunks of data. - If this parameter is not set, Input plugins can only use in-memory buffering. - type: string - storageType: - description: Specify the buffering mechanism to use. It can be - memory or filesystem - enum: - - filesystem - - memory - type: string - stripUnderscores: - description: Remove the leading underscore of the Journald field - (key). For example the Journald field _PID becomes the key PID. - enum: - - "on" - - "off" - type: string - systemdFilter: - description: |- - Allows to perform a query over logs that contains a specific Journald key/value pairs, e.g: _SYSTEMD_UNIT=UNIT. - The Systemd_Filter option can be specified multiple times in the input section to apply multiple filters as required. - items: - type: string - type: array - systemdFilterType: - description: |- - Define the filter type when Systemd_Filter is specified multiple times. Allowed values are And and Or. - With And a record is matched only when all of the Systemd_Filter have a match. - With Or a record is matched when any of the Systemd_Filter has a match. - enum: - - And - - Or - type: string - tag: - description: |- - The tag is used to route messages but on Systemd plugin there is an extra functionality: - if the tag includes a star/wildcard, it will be expanded with the Systemd Unit file (e.g: host.* => host.UNIT_NAME). - type: string - type: object - tail: - description: Tail defines Tail Input configuration. - properties: - bufferChunkSize: - description: |- - Set the initial buffer size to read files data. - This value is used too to increase buffer size. - The value must be according to the Unit Size specification. - pattern: ^\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$ - type: string - bufferMaxSize: - description: |- - Set the limit of the buffer size per monitored file. - When a buffer needs to be increased (e.g: very long lines), - this value is used to restrict how much the memory buffer can grow. - If reading a file exceed this limit, the file is removed from the monitored file list - The value must be according to the Unit Size specification. - pattern: ^\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$ - type: string - db: - description: Specify the database file to keep track of monitored - files and offsets. - type: string - dbLocking: - description: Specify that the database will be accessed only by - Fluent Bit. - type: boolean - dbSync: - description: 'Set a default synchronization (I/O) method. Values: - Extra, Full, Normal, Off.' - enum: - - Extra - - Full - - Normal - - "Off" - type: string - disableInotifyWatcher: - description: DisableInotifyWatcher will disable inotify and use - the file stat watcher instead. - type: boolean - dockerMode: - description: |- - If enabled, the plugin will recombine split Docker log lines before passing them to any parser as configured above. - This mode cannot be used at the same time as Multiline. - type: boolean - dockerModeFlushSeconds: - description: Wait period time in seconds to flush queued unfinished - split lines. - format: int64 - type: integer - dockerModeParser: - description: Specify an optional parser for the first line of - the docker multiline mode. The parser name to be specified must - be registered in the parsers.conf file. - type: string - excludePath: - description: |- - Set one or multiple shell patterns separated by commas to exclude files matching a certain criteria, - e.g: exclude_path=*.gz,*.zip - type: string - ignoredOlder: - description: |- - Ignores records which are older than this time in seconds. - Supports m,h,d (minutes, hours, days) syntax. - Default behavior is to read all records from specified files. - Only available when a Parser is specificied and it can parse the time of a record. - pattern: ^\d+(m|h|d)?$ - type: string - key: - description: |- - When a message is unstructured (no parser applied), it's appended as a string under the key name log. - This option allows to define an alternative name for that key. - type: string - memBufLimit: - description: |- - Set a limit of memory that Tail plugin can use when appending data to the Engine. - If the limit is reach, it will be paused; when the data is flushed it resumes. - type: string - multiline: - description: |- - If enabled, the plugin will try to discover multiline messages - and use the proper parsers to compose the outgoing messages. - Note that when this option is enabled the Parser option is not used. - type: boolean - multilineFlushSeconds: - description: Wait period time in seconds to process queued multiline - messages - format: int64 - type: integer - multilineParser: - description: |- - This will help to reassembly multiline messages originally split by Docker or CRI - Specify one or Multiline Parser definition to apply to the content. - type: string - offsetKey: - description: |- - If enabled, Fluent Bit appends the offset of the current monitored file as part of the record. - The value assigned becomes the key in the map - type: string - parser: - description: Specify the name of a parser to interpret the entry - as a structured message. - type: string - parserFirstline: - description: |- - Name of the parser that matchs the beginning of a multiline message. - Note that the regular expression defined in the parser must include a group name (named capture) - type: string - parserN: - description: |- - Optional-extra parser to interpret and structure multiline entries. - This option can be used to define multiple parsers. - items: - type: string - type: array - path: - description: Pattern specifying a specific log files or multiple - ones through the use of common wildcards. - type: string - pathKey: - description: |- - If enabled, it appends the name of the monitored file as part of the record. - The value assigned becomes the key in the map. - type: string - pauseOnChunksOverlimit: - description: Specifies if the input plugin should be paused (stop - ingesting new data) when the storage.max_chunks_up value is - reached. - enum: - - "on" - - "off" - type: string - readFromHead: - description: |- - For new discovered files on start (without a database offset/position), - read the content from the head of the file, not tail. - type: boolean - refreshIntervalSeconds: - description: The interval of refreshing the list of watched files - in seconds. - format: int64 - type: integer - rotateWaitSeconds: - description: Specify the number of extra time in seconds to monitor - a file once is rotated in case some pending data is flushed. - format: int64 - type: integer - skipEmptyLines: - description: Skips empty lines in the log file from any further - processing or output. - type: boolean - skipLongLines: - description: |- - When a monitored file reach it buffer capacity due to a very long line (Buffer_Max_Size), - the default behavior is to stop monitoring that file. - Skip_Long_Lines alter that behavior and instruct Fluent Bit to skip long lines - and continue processing other lines that fits into the buffer size. - type: boolean - storagePath: - description: |- - Set an optional location in the file system to store streams and chunks of data. - If this parameter is not set, Input plugins can only use in-memory buffering. - type: string - storageType: - description: Specify the buffering mechanism to use. It can be - memory or filesystem - enum: - - filesystem - - memory - type: string - tag: - description: |- - Set a tag (with regex-extract fields) that will be placed on lines read. - E.g. kube... - type: string - tagRegex: - description: Set a regex to exctract fields from the file - type: string - threaded: - description: Threaded mechanism allows input plugin to run in - a separate thread which helps to desaturate the main pipeline. - type: string - type: object - tcp: - description: TCP defines the TCP input plugin configuration - properties: - bufferSize: - description: Specify the maximum buffer size in KB to receive - a JSON message. If not set, the default size will be the value - of Chunk_Size. - pattern: ^\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$ - type: string - chunkSize: - description: |- - By default the buffer to store the incoming JSON messages, do not allocate the maximum memory allowed, instead it allocate memory when is required. - The rounds of allocations are set by Chunk_Size in KB. If not set, Chunk_Size is equal to 32 (32KB). - pattern: ^\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$ - type: string - format: - description: |- - Specify the expected payload format. It support the options json and none. - When using json, it expects JSON maps, when is set to none, it will split every record using the defined Separator (option below). - type: string - listen: - description: Listener network interface,default 0.0.0.0 - type: string - port: - description: TCP port where listening for connections,default - 5170 - format: int32 - maximum: 65535 - minimum: 1 - type: integer - separator: - description: When the expected Format is set to none, Fluent Bit - needs a separator string to split the records. By default it - uses the breakline character (LF or 0x10). - type: string - type: object - udp: - description: UDP defines the UDP input plugin configuration - properties: - bufferSize: - description: |- - BufferSize Specify the maximum buffer size in KB to receive a JSON message. - If not set, the default size will be the value of Chunk_Size. - pattern: ^\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$ - type: string - chunkSize: - description: |- - By default the buffer to store the incoming JSON messages, do not allocate the maximum memory allowed, - instead it allocate memory when is required. - The rounds of allocations are set by Chunk_Size in KB. If not set, Chunk_Size is equal to 32 (32KB). - pattern: ^\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$ - type: string - format: - description: |- - Format Specify the expected payload format. It support the options json and none. - When using json, it expects JSON maps, when is set to none, - it will split every record using the defined Separator (option below). - type: string - listen: - description: 'Listen Listener network interface, default: 0.0.0.0' - type: string - port: - description: 'Port Specify the UDP port where listening for connections, - default: 5170' - format: int32 - maximum: 65535 - minimum: 1 - type: integer - separator: - description: Separator When the expected Format is set to none, - Fluent Bit needs a separator string to split the records. By - default it uses the breakline character (LF or 0x10). - type: string - sourceAddressKey: - description: SourceAddressKey Specify the key where the source - address will be injected. - type: string - threaded: - description: Threaded mechanism allows input plugin to run in - a separate thread which helps to desaturate the main pipeline. - type: string - type: object - type: object - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - name: clusterinputs.fluentd.fluent.io -spec: - group: fluentd.fluent.io - names: - kind: ClusterInput - listKind: ClusterInputList - plural: clusterinputs - shortNames: - - cfdi - singular: clusterinput - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: ClusterInput is the Schema for the clusterinputs API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ClusterInputSpec defines the desired state of ClusterInput - properties: - inputs: - items: - description: Input defines all available input plugins and their - parameters - properties: - customPlugin: - description: Custom plugin type - properties: - config: - type: string - required: - - config - type: object - forward: - description: in_forward plugin - properties: - addTagPrefix: - description: Adds the prefix to the incoming event's tag. - type: string - bind: - description: The port to listen to, default is "0.0.0.0" - type: string - chunkSizeLimit: - description: The size limit of the received chunk. If the - chunk size is larger than this value, the received chunk - is dropped. - pattern: ^\d+(KB|MB|GB|TB)$ - type: string - chunkSizeWarnLimit: - description: The warning size limit of the received chunk. - If the chunk size is larger than this value, a warning - message will be sent. - pattern: ^\d+(KB|MB|GB|TB)$ - type: string - client: - description: The security section of client plugin - properties: - host: - description: The IP address or hostname of the client. - This is exclusive with Network. - type: string - network: - description: The network address specification. This - is exclusive with Host. - type: string - sharedKey: - description: The shared key per client. - type: string - users: - description: The array of usernames. - type: string - type: object - denyKeepalive: - description: The connections will be disconnected right - after receiving a message, if true. - type: boolean - lingerTimeout: - description: The timeout used to set the linger option. - type: integer - port: - description: The port to listen to, default is 24224. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - resolveHostname: - description: Tries to resolve hostname from IP addresses - or not. - type: boolean - security: - description: The security section of forward plugin - properties: - allowAnonymousSource: - description: Allows the anonymous source. sections - are required, if disabled. - type: string - selfHostname: - description: The hostname. - type: string - sharedKey: - description: The shared key for authentication. - type: string - user: - description: Defines user section directly. - properties: - password: - description: Secret defines the key of a value. - properties: - valueFrom: - description: ValueSource defines how to find - a value's key. - properties: - secretKeyRef: - description: Selects a key of a secret in - the pod's namespace - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - type: object - username: - description: Secret defines the key of a value. - properties: - valueFrom: - description: ValueSource defines how to find - a value's key. - properties: - secretKeyRef: - description: Selects a key of a secret in - the pod's namespace - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - type: object - type: object - userAuth: - description: If true, user-based authentication is used. - type: string - type: object - sendKeepalivePacket: - description: Enables the TCP keepalive for sockets. - type: boolean - skipInvalidEvent: - description: Skips the invalid incoming event. - type: boolean - sourceAddressKey: - description: The field name of the client's source address. - If set, the client's address will be set to its key. - type: string - sourceHostnameKey: - description: The field name of the client's hostname. If - set, the client's hostname will be set to its key. - type: string - tag: - description: |- - in_forward uses incoming event's tag by default (See Protocol Section). - If the tag parameter is set, its value is used instead. - type: string - transport: - description: The transport section of forward plugin - properties: - caCertPath: - description: for Cert generated - type: string - caPath: - description: for Cert signed by public CA - type: string - caPrivateKeyPassphrase: - type: string - caPrivateKeyPath: - type: string - certPath: - type: string - certVerifier: - description: other parameters - type: string - ciphers: - type: string - clientCertAuth: - type: boolean - insecure: - type: boolean - privateKeyPassphrase: - type: string - privateKeyPath: - type: string - protocol: - description: 'The protocol name of this plugin, i.e: - tls' - type: string - version: - type: string - type: object - user: - description: The security section of user plugin - properties: - password: - description: Secret defines the key of a value. - properties: - valueFrom: - description: ValueSource defines how to find a value's - key. - properties: - secretKeyRef: - description: Selects a key of a secret in the - pod's namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - type: object - username: - description: Secret defines the key of a value. - properties: - valueFrom: - description: ValueSource defines how to find a value's - key. - properties: - secretKeyRef: - description: Selects a key of a secret in the - pod's namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - type: object - type: object - type: object - http: - description: in_http plugin - properties: - addHttpHeaders: - description: Adds HTTP_ prefix headers to the record. - type: boolean - addRemoteAddr: - description: |- - Adds REMOTE_ADDR field to the record. The value of REMOTE_ADDR is the client's address. - i.e: X-Forwarded-For: host1, host2 - type: string - bind: - description: The port to listen to, default is "0.0.0.0" - type: string - bodySizeLimit: - description: The size limit of the POSTed element. - pattern: ^\d+(KB|MB|GB|TB)$ - type: string - corsAllOrigins: - description: Whitelist domains for CORS. - type: string - corsAllowCredentials: - description: Add Access-Control-Allow-Credentials header. - It's needed when a request's credentials mode is include - type: string - keepaliveTimeout: - description: The timeout limit for keeping the connection - alive. - pattern: ^\d+(\.[0-9]{0,2})?(s|m|h|d)?$ - type: string - parse: - description: The parse section of http plugin - properties: - customPatternPath: - description: Path to the file that includes custom grok - patterns. - type: string - estimateCurrentEvent: - description: If true, use Fluent::Eventnow(current time) - as a timestamp when time_key is specified. - type: boolean - expression: - description: Specifies the regular expression for matching - logs. Regular expression also supports i and m suffix. - type: string - grok: - description: Grok Sections - items: - properties: - keepTimeKey: - description: If true, keep time field in the record. - type: boolean - name: - description: The name of this grok section. - type: string - pattern: - description: The pattern of grok. Required parameter. - type: string - timeFormat: - description: Process value using specified format. - This is available only when time_type is string - type: string - timeKey: - description: Specify time field for event time. - If the event doesn't have this field, current - time is used. - type: string - timeZone: - description: Use specified timezone. one can parse/format - the time value in the specified timezone. - type: string - type: object - type: array - grokFailureKey: - description: The key has grok failure reason. - type: string - grokPattern: - description: The pattern of grok. - type: string - grokPatternSeries: - description: Specify grok pattern series set. - type: string - id: - description: The @id parameter specifies a unique name - for the configuration. - type: string - keepTimeKey: - description: If true, keep time field in th record. - type: boolean - localtime: - description: If true, uses local time. - type: boolean - logLevel: - description: The @log_level parameter specifies the - plugin-specific logging level - type: string - multiLineStartRegexp: - description: The regexp to match beginning of multiline. - This is only for "multiline_grok". - type: string - timeFormat: - description: Process value according to the specified - format. This is available only when time_type is string - type: string - timeFormatFallbacks: - description: Uses the specified time format as a fallback - in the specified order. You can parse undetermined - time format by using time_format_fallbacks. This options - is enabled when time_type is mixed. - type: string - timeKey: - description: Specify time field for event time. If the - event doesn't have this field, current time is used. - type: string - timeType: - description: parses/formats value according to this - type, default is string - enum: - - float - - unixtime - - string - - mixed - type: string - timeout: - description: Specify timeout for parse processing. - pattern: ^\d+(\.[0-9]{0,2})?(s|m|h|d)?$ - type: string - timezone: - description: Uses the specified timezone. - type: string - type: - description: The @type parameter specifies the type - of the plugin. - enum: - - regexp - - apache2 - - apache_error - - nginx - - syslog - - csv - - tsv - - ltsv - - json - - multiline - - none - - grok - - multiline_grok - type: string - types: - description: 'Specify types for converting field into - another, i.e: types user_id:integer,paid:bool,paid_usd_amount:float' - type: string - utc: - description: If true, uses UTC. - type: boolean - required: - - type - type: object - port: - description: The port to listen to, default is 9880. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - respondsWithEmptyImg: - description: Responds with an empty GIF image of 1x1 pixel - (rather than an empty string). - type: boolean - transport: - description: The transport section of http plugin - properties: - caCertPath: - description: for Cert generated - type: string - caPath: - description: for Cert signed by public CA - type: string - caPrivateKeyPassphrase: - type: string - caPrivateKeyPath: - type: string - certPath: - type: string - certVerifier: - description: other parameters - type: string - ciphers: - type: string - clientCertAuth: - type: boolean - insecure: - type: boolean - privateKeyPassphrase: - type: string - privateKeyPath: - type: string - protocol: - description: 'The protocol name of this plugin, i.e: - tls' - type: string - version: - type: string - type: object - type: object - id: - description: The @id parameter specifies a unique name for the - configuration. - type: string - label: - description: The @label parameter is to route the input events - to