Skip to content

Commit

Permalink
Merge pull request #1078 from L1ghtman2k/master
Browse files Browse the repository at this point in the history 
feat(tls): allow overwriting tls for s3
  • Loading branch information
@benjaminhuo
benjaminhuo authored Mar 4, 2024
2 parents 6de723c + 5c35e26 commit ab1fad4
Show file tree
Hide file tree
Showing 9 changed files with 551 additions and 1 deletion.
10 changes: 9 additions & 1 deletion apis/fluentbit/v1alpha2/plugins/output/s3_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,8 @@ type S3 struct {
// Integer value to set the maximum number of retries allowed.
RetryLimit *int32 `json:"RetryLimit,omitempty"`
// Specify an external ID for the STS API, can be used with the role_arn parameter if your role requires an external ID.
ExternalId string `json:"ExternalId,omitempty"`
ExternalId string `json:"ExternalId,omitempty"`
*plugins.TLS `json:"tls,omitempty"`
}

// Name implement Section() method
Expand Down Expand Up @@ -153,5 +154,12 @@ func (o *S3) Params(sl plugins.SecretLoader) (*params.KVs, error) {
if o.ExternalId != "" {
kvs.Insert("external_id", o.ExternalId)
}
if o.TLS != nil {
tls, err := o.TLS.Params(sl)
if err != nil {
return nil, err
}
kvs.Merge(tls)
}
return kvs, nil
}
5 changes: 5 additions & 0 deletions apis/fluentbit/v1alpha2/plugins/output/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

67 changes: 67 additions & 0 deletions charts/fluent-operator/charts/fluent-bit-crds/crds/fluentbit.fluent.io_clusteroutputs.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2542,6 +2542,73 @@ spec:
description: Use the S3 PutObject API, instead of the multipart
upload API.
type: boolean
tls:
description: Fluent Bit provides integrated support for Transport
Layer Security (TLS) and it predecessor Secure Sockets Layer
(SSL) respectively.
properties:
caFile:
description: Absolute path to CA certificate file
type: string
caPath:
description: Absolute path to scan for certificate files
type: string
crtFile:
description: Absolute path to Certificate file
type: string
debug:
description: 'Set TLS debug verbosity level. It accept the
following values: 0 (No debug), 1 (Error), 2 (State change),
3 (Informational) and 4 Verbose'
enum:
- 0
- 1
- 2
- 3
- 4
format: int32
type: integer
keyFile:
description: Absolute path to private Key file
type: string
keyPassword:
description: Optional password for tls.key_file file
properties:
valueFrom:
description: ValueSource defines how to find a value's
key.
properties:
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its
key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
type: object
verify:
description: Force certificate validation
type: boolean
vhost:
description: Hostname to be used for TLS SNI extension
type: string
type: object
required:
- Bucket
- Region
Expand Down
67 changes: 67 additions & 0 deletions charts/fluent-operator/charts/fluent-bit-crds/crds/fluentbit.fluent.io_outputs.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2542,6 +2542,73 @@ spec:
description: Use the S3 PutObject API, instead of the multipart
upload API.
type: boolean
tls:
description: Fluent Bit provides integrated support for Transport
Layer Security (TLS) and it predecessor Secure Sockets Layer
(SSL) respectively.
properties:
caFile:
description: Absolute path to CA certificate file
type: string
caPath:
description: Absolute path to scan for certificate files
type: string
crtFile:
description: Absolute path to Certificate file
type: string
debug:
description: 'Set TLS debug verbosity level. It accept the
following values: 0 (No debug), 1 (Error), 2 (State change),
3 (Informational) and 4 Verbose'
enum:
- 0
- 1
- 2
- 3
- 4
format: int32
type: integer
keyFile:
description: Absolute path to private Key file
type: string
keyPassword:
description: Optional password for tls.key_file file
properties:
valueFrom:
description: ValueSource defines how to find a value's
key.
properties:
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its
key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
type: object
verify:
description: Force certificate validation
type: boolean
vhost:
description: Hostname to be used for TLS SNI extension
type: string
type: object
required:
- Bucket
- Region
Expand Down
67 changes: 67 additions & 0 deletions config/crd/bases/fluentbit.fluent.io_clusteroutputs.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2542,6 +2542,73 @@ spec:
description: Use the S3 PutObject API, instead of the multipart
upload API.
type: boolean
tls:
description: Fluent Bit provides integrated support for Transport
Layer Security (TLS) and it predecessor Secure Sockets Layer
(SSL) respectively.
properties:
caFile:
description: Absolute path to CA certificate file
type: string
caPath:
description: Absolute path to scan for certificate files
type: string
crtFile:
description: Absolute path to Certificate file
type: string
debug:
description: 'Set TLS debug verbosity level. It accept the
following values: 0 (No debug), 1 (Error), 2 (State change),
3 (Informational) and 4 Verbose'
enum:
- 0
- 1
- 2
- 3
- 4
format: int32
type: integer
keyFile:
description: Absolute path to private Key file
type: string
keyPassword:
description: Optional password for tls.key_file file
properties:
valueFrom:
description: ValueSource defines how to find a value's
key.
properties:
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its
key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
type: object
verify:
description: Force certificate validation
type: boolean
vhost:
description: Hostname to be used for TLS SNI extension
type: string
type: object
required:
- Bucket
- Region
Expand Down
67 changes: 67 additions & 0 deletions config/crd/bases/fluentbit.fluent.io_outputs.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2542,6 +2542,73 @@ spec:
description: Use the S3 PutObject API, instead of the multipart
upload API.
type: boolean
tls:
description: Fluent Bit provides integrated support for Transport
Layer Security (TLS) and it predecessor Secure Sockets Layer
(SSL) respectively.
properties:
caFile:
description: Absolute path to CA certificate file
type: string
caPath:
description: Absolute path to scan for certificate files
type: string
crtFile:
description: Absolute path to Certificate file
type: string
debug:
description: 'Set TLS debug verbosity level. It accept the
following values: 0 (No debug), 1 (Error), 2 (State change),
3 (Informational) and 4 Verbose'
enum:
- 0
- 1
- 2
- 3
- 4
format: int32
type: integer
keyFile:
description: Absolute path to private Key file
type: string
keyPassword:
description: Optional password for tls.key_file file
properties:
valueFrom:
description: ValueSource defines how to find a value's
key.
properties:
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its
key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
type: object
verify:
description: Force certificate validation
type: boolean
vhost:
description: Hostname to be used for TLS SNI extension
type: string
type: object
required:
- Bucket
- Region
Expand Down
1 change: 1 addition & 0 deletions docs/plugins/fluentbit/output/s3.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,3 +31,4 @@ The S3 output plugin, allows to flush your records into a S3 time series databas
| StorageClass | Specify the storage class for S3 objects. If this option is not specified, objects will be stored with the default 'STANDARD' storage class. | string |
| RetryLimit | Integer value to set the maximum number of retries allowed. | *int32 |
| ExternalId | Specify an external ID for the STS API, can be used with the role_arn parameter if your role requires an external ID. | string |
| tls | | *[plugins.TLS](../tls.md) |
Loading

0 comments on commit ab1fad4

Please sign in to comment.