Skip to content

Commit

Permalink
allow overwriting tls for s3 (usecase: minio cluster access in airgap…
Browse files Browse the repository at this point in the history 
…ped system)

Signed-off-by: l1ghtman2k <[email protected]>
  • Loading branch information
@L1ghtman2k
L1ghtman2k committed Mar 1, 2024
1 parent 6de723c commit 4351571
Show file tree
Hide file tree
Showing 8 changed files with 550 additions and 1 deletion.
10 changes: 9 additions & 1 deletion apis/fluentbit/v1alpha2/plugins/output/s3_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,8 @@ type S3 struct {
// Integer value to set the maximum number of retries allowed.
RetryLimit *int32 `json:"RetryLimit,omitempty"`
// Specify an external ID for the STS API, can be used with the role_arn parameter if your role requires an external ID.
ExternalId string `json:"ExternalId,omitempty"`
ExternalId string `json:"ExternalId,omitempty"`
*plugins.TLS `json:"tls,omitempty"`
}

// Name implement Section() method
Expand Down Expand Up @@ -153,5 +154,12 @@ func (o *S3) Params(sl plugins.SecretLoader) (*params.KVs, error) {
if o.ExternalId != "" {
kvs.Insert("external_id", o.ExternalId)
}
if o.TLS != nil {
tls, err := o.TLS.Params(sl)
if err != nil {
return nil, err
}
kvs.Merge(tls)
}
return kvs, nil
}
5 changes: 5 additions & 0 deletions apis/fluentbit/v1alpha2/plugins/output/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

67 changes: 67 additions & 0 deletions charts/fluent-operator/charts/fluent-bit-crds/crds/fluentbit.fluent.io_clusteroutputs.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2542,6 +2542,73 @@ spec:
description: Use the S3 PutObject API, instead of the multipart
upload API.
type: boolean
tls:
description: Fluent Bit provides integrated support for Transport
Layer Security (TLS) and it predecessor Secure Sockets Layer
(SSL) respectively.
properties:
caFile:
description: Absolute path to CA certificate file
type: string
caPath:
description: Absolute path to scan for certificate files
type: string
crtFile:
description: Absolute path to Certificate file
type: string
debug:
description: 'Set TLS debug verbosity level. It accept the
following values: 0 (No debug), 1 (Error), 2 (State change),
3 (Informational) and 4 Verbose'
enum:
- 0
- 1
- 2
- 3
- 4
format: int32
type: integer
keyFile:
description: Absolute path to private Key file
type: string
keyPassword:
description: Optional password for tls.key_file file
properties:
valueFrom:
description: ValueSource defines how to find a value's
key.
properties:
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its
key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
type: object
verify:
description: Force certificate validation
type: boolean
vhost:
description: Hostname to be used for TLS SNI extension
type: string
type: object
required:
- Bucket
- Region
Expand Down
67 changes: 67 additions & 0 deletions charts/fluent-operator/charts/fluent-bit-crds/crds/fluentbit.fluent.io_outputs.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2542,6 +2542,73 @@ spec:
description: Use the S3 PutObject API, instead of the multipart
upload API.
type: boolean
tls:
description: Fluent Bit provides integrated support for Transport
Layer Security (TLS) and it predecessor Secure Sockets Layer
(SSL) respectively.
properties:
caFile:
description: Absolute path to CA certificate file
type: string
caPath:
description: Absolute path to scan for certificate files
type: string
crtFile:
description: Absolute path to Certificate file
type: string
debug:
description: 'Set TLS debug verbosity level. It accept the
following values: 0 (No debug), 1 (Error), 2 (State change),
3 (Informational) and 4 Verbose'
enum:
- 0
- 1
- 2
- 3
- 4
format: int32
type: integer
keyFile:
description: Absolute path to private Key file
type: string
keyPassword:
description: Optional password for tls.key_file file
properties:
valueFrom:
description: ValueSource defines how to find a value's
key.
properties:
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its
key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
type: object
verify:
description: Force certificate validation
type: boolean
vhost:
description: Hostname to be used for TLS SNI extension
type: string
type: object
required:
- Bucket
- Region
Expand Down
67 changes: 67 additions & 0 deletions config/crd/bases/fluentbit.fluent.io_clusteroutputs.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2542,6 +2542,73 @@ spec:
description: Use the S3 PutObject API, instead of the multipart
upload API.
type: boolean
tls:
description: Fluent Bit provides integrated support for Transport
Layer Security (TLS) and it predecessor Secure Sockets Layer
(SSL) respectively.
properties:
caFile:
description: Absolute path to CA certificate file
type: string
caPath:
description: Absolute path to scan for certificate files
type: string
crtFile:
description: Absolute path to Certificate file
type: string
debug:
description: 'Set TLS debug verbosity level. It accept the
following values: 0 (No debug), 1 (Error), 2 (State change),
3 (Informational) and 4 Verbose'
enum:
- 0
- 1
- 2
- 3
- 4
format: int32
type: integer
keyFile:
description: Absolute path to private Key file
type: string
keyPassword:
description: Optional password for tls.key_file file
properties:
valueFrom:
description: ValueSource defines how to find a value's
key.
properties:
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its
key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
type: object
verify:
description: Force certificate validation
type: boolean
vhost:
description: Hostname to be used for TLS SNI extension
type: string
type: object
required:
- Bucket
- Region
Expand Down
67 changes: 67 additions & 0 deletions config/crd/bases/fluentbit.fluent.io_outputs.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2542,6 +2542,73 @@ spec:
description: Use the S3 PutObject API, instead of the multipart
upload API.
type: boolean
tls:
description: Fluent Bit provides integrated support for Transport
Layer Security (TLS) and it predecessor Secure Sockets Layer
(SSL) respectively.
properties:
caFile:
description: Absolute path to CA certificate file
type: string
caPath:
description: Absolute path to scan for certificate files
type: string
crtFile:
description: Absolute path to Certificate file
type: string
debug:
description: 'Set TLS debug verbosity level. It accept the
following values: 0 (No debug), 1 (Error), 2 (State change),
3 (Informational) and 4 Verbose'
enum:
- 0
- 1
- 2
- 3
- 4
format: int32
type: integer
keyFile:
description: Absolute path to private Key file
type: string
keyPassword:
description: Optional password for tls.key_file file
properties:
valueFrom:
description: ValueSource defines how to find a value's
key.
properties:
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its
key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
type: object
verify:
description: Force certificate validation
type: boolean
vhost:
description: Hostname to be used for TLS SNI extension
type: string
type: object
required:
- Bucket
- Region
Expand Down
Loading

0 comments on commit 4351571

Please sign in to comment.