add bearer token support in the helm chart for fluentbit loki output

Signed-off-by: rene <[email protected]>
fluent · Jul 2, 2024 · f11d4c1 · f11d4c1
1 parent 5e84ba0
commit f11d4c1
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 3 deletions.
diff --git a/charts/fluent-operator/templates/fluentbit-output-loki.yaml b/charts/fluent-operator/templates/fluentbit-output-loki.yaml
@@ -5,14 +5,15 @@
 
 {{ with .Values.fluentbit.output.loki -}}
 {{/* 
-When http{User,Password} or tenantID is a string, make a secret for them
+When http{User,Password}, bearerToken, or tenantID is a string, make a secret for them
 When these keys are objects, they specify a secret to use generated elsewhere, assumed to exist in the k8s cluster 
 */}}
 {{ $userSecret := "loki-http-auth" -}}
 {{ $passSecret := "loki-http-pass" -}}
+{{ $bearerTokenSecret := "loki-bearer-token" -}}
 {{ $tenantIDSecret := "loki-tenant-id" -}}
 
-{{ range $k, $v := dict $userSecret .httpUser $passSecret .httpPassword $tenantIDSecret .tenantID -}}
+{{ range $k, $v := dict $userSecret .httpUser $passSecret .httpPassword $tenantIDSecret .tenantID $bearerTokenSecret .bearerToken -}}
 {{ if kindIs "string" $v -}}
 ---
 apiVersion: v1
@@ -81,6 +82,19 @@ spec:
       {{- end }}
     {{- end }}
 
+    {{- if .bearerToken }}
+    bearerToken: 
+      {{- if kindIs "string" .bearerToken }}
+      valueFrom:
+        secretKeyRef:
+          key: 'value'
+          name: {{ $bearerTokenSecret }}
+          optional: false
+      {{- else }}
+{{ .bearerToken | toYaml | indent 6 }}
+      {{- end }}
+    {{- end }}
+
     {{- if .tenantID }}
     tenantID: 
       {{- if kindIs "string" .tenantID }}

diff --git a/charts/fluent-operator/values.yaml b/charts/fluent-operator/values.yaml
@@ -278,7 +278,7 @@ fluentbit:
     # See https://docs.fluentbit.io/manual/pipeline/outputs/loki
     loki:
       # Switch for generation of fluentbit loki ClusterOutput (and loki basic auth http user and pass secrets if required)
-      enable: false   # Bool
+      enable: false # Bool
       host: 127.0.0.1 # String
       port: 3100      # Int
       # Either, give http{User,Password},tenantID string values specifying them directly
@@ -305,6 +305,15 @@ fluentbit:
       #      name: tenantsecret
       #      optional: true
       #
+      # To use bearer token auth instead of http basic auth
+      #bearerToken: ey....
+      # or with existing secret
+      #bearerToken:
+      #  valueFrom:
+      #    secretKeyRef:
+      #      key: value
+      #      name: bearerTokenSecret
+      #      optional: true
       #labels: []      # String list of <name>=<value>
       #labelKeys: []   # String list of <key>
       #removeKeys: []  # String list of <key>