diff --git a/apis/fluentbit/v1alpha2/fluentbit_types.go b/apis/fluentbit/v1alpha2/fluentbit_types.go index ca41614e4..b00ea70fb 100644 --- a/apis/fluentbit/v1alpha2/fluentbit_types.go +++ b/apis/fluentbit/v1alpha2/fluentbit_types.go @@ -70,6 +70,8 @@ type FluentBitSpec struct { Volumes []corev1.Volume `json:"volumes,omitempty"` // Pod volumes to mount into the container's filesystem. VolumesMounts []corev1.VolumeMount `json:"volumesMounts,omitempty"` + // DisableLogVolumes removes the hostPath mounts for varlibcontainers, varlogs and systemd. + DisableLogVolumes bool `json:"disableLogVolumes,omitempty"` // Annotations to add to each Fluentbit pod. Annotations map[string]string `json:"annotations,omitempty"` // Annotations to add to the Fluentbit service account diff --git a/charts/fluent-operator/charts/fluent-bit-crds/crds/fluentbit.fluent.io_fluentbits.yaml b/charts/fluent-operator/charts/fluent-bit-crds/crds/fluentbit.fluent.io_fluentbits.yaml index 820dee8d2..c75136569 100644 --- a/charts/fluent-operator/charts/fluent-bit-crds/crds/fluentbit.fluent.io_fluentbits.yaml +++ b/charts/fluent-operator/charts/fluent-bit-crds/crds/fluentbit.fluent.io_fluentbits.yaml @@ -1043,6 +1043,10 @@ spec: type: string type: object type: object + disableLogVolumes: + description: DisableLogVolumes removes the hostPath mounts for varlibcontainers, + varlogs and systemd. + type: boolean disableService: description: DisableService tells if the fluentbit service should be deployed. diff --git a/config/crd/bases/fluentbit.fluent.io_fluentbits.yaml b/config/crd/bases/fluentbit.fluent.io_fluentbits.yaml index 820dee8d2..c75136569 100644 --- a/config/crd/bases/fluentbit.fluent.io_fluentbits.yaml +++ b/config/crd/bases/fluentbit.fluent.io_fluentbits.yaml @@ -1043,6 +1043,10 @@ spec: type: string type: object type: object + disableLogVolumes: + description: DisableLogVolumes removes the hostPath mounts for varlibcontainers, + varlogs and systemd. + type: boolean disableService: description: DisableService tells if the fluentbit service should be deployed. diff --git a/config/samples/fluentbit_v1alpha2_fluentbit.yaml b/config/samples/fluentbit_v1alpha2_fluentbit.yaml index 72fa033e8..49cf41746 100644 --- a/config/samples/fluentbit_v1alpha2_fluentbit.yaml +++ b/config/samples/fluentbit_v1alpha2_fluentbit.yaml @@ -11,3 +11,4 @@ spec: hostPath: path: /var/lib/fluent-bit/ fluentBitConfigName: fluentbitconfig-sample + disableLogVolumes: false diff --git a/docs/fluentbit.md b/docs/fluentbit.md index 4c6ace504..f4bbb077f 100644 --- a/docs/fluentbit.md +++ b/docs/fluentbit.md @@ -400,6 +400,7 @@ FluentBitSpec defines the desired state of FluentBit | metricsPort | MetricsPort is the port used by the metrics server. If this option is set, HttpPort from ClusterFluentBitConfig needs to match this value. Default is 2020. | int32 | | service | Service represents configurations on the fluent-bit service. | FluentBitService | | schedulerName | SchedulerName represents the desired scheduler for fluent-bit pods. | string | +| disableLogVolumes | DisableLogVolumes removes the hostPath mounts for varlibcontainers, varlogs and systemd. | bool | [Back to TOC](#table-of-contents) # InputSpec diff --git a/manifests/setup/fluent-operator-crd.yaml b/manifests/setup/fluent-operator-crd.yaml index bde8e6ab9..d0c963ca4 100644 --- a/manifests/setup/fluent-operator-crd.yaml +++ b/manifests/setup/fluent-operator-crd.yaml @@ -13109,6 +13109,10 @@ spec: type: string type: object type: object + disableLogVolumes: + description: DisableLogVolumes removes the hostPath mounts for varlibcontainers, + varlogs and systemd. + type: boolean disableService: description: DisableService tells if the fluentbit service should be deployed. diff --git a/manifests/setup/setup.yaml b/manifests/setup/setup.yaml index 849f9b498..b309ea08b 100644 --- a/manifests/setup/setup.yaml +++ b/manifests/setup/setup.yaml @@ -13109,6 +13109,10 @@ spec: type: string type: object type: object + disableLogVolumes: + description: DisableLogVolumes removes the hostPath mounts for varlibcontainers, + varlogs and systemd. + type: boolean disableService: description: DisableService tells if the fluentbit service should be deployed. diff --git a/pkg/operator/daemonset.go b/pkg/operator/daemonset.go index f19161655..71ad2df15 100644 --- a/pkg/operator/daemonset.go +++ b/pkg/operator/daemonset.go @@ -25,10 +25,8 @@ func MakeDaemonSet(fb fluentbitv1alpha2.FluentBit, logPath string) *appsv1.Daemo metricsPort = 2020 } - internalMountPropagation := corev1.MountPropagationNone - if fb.Spec.InternalMountPropagation != nil { - internalMountPropagation = *fb.Spec.InternalMountPropagation - } + fbVolumeMounts := makeVolumeMounts(fb, logPath) + fbVolumes := makeVolumes(fb, logPath) ds := appsv1.DaemonSet{ ObjectMeta: metav1.ObjectMeta{ @@ -51,41 +49,8 @@ func MakeDaemonSet(fb fluentbitv1alpha2.FluentBit, logPath string) *appsv1.Daemo Spec: corev1.PodSpec{ ServiceAccountName: fb.Name, ImagePullSecrets: fb.Spec.ImagePullSecrets, - Volumes: []corev1.Volume{ - { - Name: "varlibcontainers", - VolumeSource: corev1.VolumeSource{ - HostPath: &corev1.HostPathVolumeSource{ - Path: logPath, - }, - }, - }, - { - Name: "config", - VolumeSource: corev1.VolumeSource{ - Secret: &corev1.SecretVolumeSource{ - SecretName: fb.Spec.FluentBitConfigName, - }, - }, - }, - { - Name: "varlogs", - VolumeSource: corev1.VolumeSource{ - HostPath: &corev1.HostPathVolumeSource{ - Path: "/var/log", - }, - }, - }, - { - Name: "systemd", - VolumeSource: corev1.VolumeSource{ - HostPath: &corev1.HostPathVolumeSource{ - Path: "/var/log/journal", - }, - }, - }, - }, - InitContainers: fb.Spec.InitContainers, + InitContainers: fb.Spec.InitContainers, + Volumes: fbVolumes, Containers: []corev1.Container{ { Name: "fluent-bit", @@ -118,31 +83,7 @@ func MakeDaemonSet(fb fluentbitv1alpha2.FluentBit, logPath string) *appsv1.Daemo }, }, }, - VolumeMounts: []corev1.VolumeMount{ - { - Name: "varlibcontainers", - ReadOnly: true, - MountPath: logPath, - MountPropagation: &internalMountPropagation, - }, - { - Name: "config", - ReadOnly: true, - MountPath: "/fluent-bit/config", - }, - { - Name: "varlogs", - ReadOnly: true, - MountPath: "/var/log/", - MountPropagation: &internalMountPropagation, - }, - { - Name: "systemd", - ReadOnly: true, - MountPath: "/var/log/journal", - MountPropagation: &internalMountPropagation, - }, - }, + VolumeMounts: fbVolumeMounts, Resources: fb.Spec.Resources, SecurityContext: fb.Spec.ContainerSecurityContext, }, @@ -189,13 +130,6 @@ func MakeDaemonSet(fb fluentbitv1alpha2.FluentBit, logPath string) *appsv1.Daemo ds.Spec.Template.Spec.SchedulerName = fb.Spec.SchedulerName } - if fb.Spec.Volumes != nil { - ds.Spec.Template.Spec.Volumes = append(ds.Spec.Template.Spec.Volumes, fb.Spec.Volumes...) - } - if fb.Spec.VolumesMounts != nil { - ds.Spec.Template.Spec.Containers[0].VolumeMounts = append(ds.Spec.Template.Spec.Containers[0].VolumeMounts, fb.Spec.VolumesMounts...) - } - // Mount Position DB if fb.Spec.PositionDB != (corev1.VolumeSource{}) { ds.Spec.Template.Spec.Volumes = append(ds.Spec.Template.Spec.Volumes, corev1.Volume{ @@ -227,3 +161,98 @@ func MakeDaemonSet(fb fluentbitv1alpha2.FluentBit, logPath string) *appsv1.Daemo return &ds } + +func makeVolumeMounts(fb fluentbitv1alpha2.FluentBit, logPath string) []corev1.VolumeMount { + internalMountPropagation := corev1.MountPropagationNone + if fb.Spec.InternalMountPropagation != nil { + internalMountPropagation = *fb.Spec.InternalMountPropagation + } + + volumeMounts := []corev1.VolumeMount{ + { + Name: "config", + ReadOnly: true, + MountPath: "/fluent-bit/config", + }, + } + + if !fb.Spec.DisableLogVolumes { + logVolumes := []corev1.VolumeMount{ + { + Name: "varlibcontainers", + ReadOnly: true, + MountPath: logPath, + MountPropagation: &internalMountPropagation, + }, + + { + Name: "varlogs", + ReadOnly: true, + MountPath: "/var/log/", + MountPropagation: &internalMountPropagation, + }, + { + Name: "systemd", + ReadOnly: true, + MountPath: "/var/log/journal", + MountPropagation: &internalMountPropagation, + }, + } + volumeMounts = append(volumeMounts, logVolumes...) + } + + if fb.Spec.VolumesMounts != nil { + volumeMounts = append(volumeMounts, fb.Spec.VolumesMounts...) + } + + return volumeMounts +} + +func makeVolumes(fb fluentbitv1alpha2.FluentBit, logPath string) []corev1.Volume { + + volumes := []corev1.Volume{ + { + Name: "config", + VolumeSource: corev1.VolumeSource{ + Secret: &corev1.SecretVolumeSource{ + SecretName: fb.Spec.FluentBitConfigName, + }, + }, + }, + } + + if !fb.Spec.DisableLogVolumes { + logVolumes := []corev1.Volume{ + { + Name: "varlibcontainers", + VolumeSource: corev1.VolumeSource{ + HostPath: &corev1.HostPathVolumeSource{ + Path: logPath, + }, + }, + }, + { + Name: "varlogs", + VolumeSource: corev1.VolumeSource{ + HostPath: &corev1.HostPathVolumeSource{ + Path: "/var/log", + }, + }, + }, + { + Name: "systemd", + VolumeSource: corev1.VolumeSource{ + HostPath: &corev1.HostPathVolumeSource{ + Path: "/var/log/journal", + }, + }, + }, + } + volumes = append(volumes, logVolumes...) + } + + if fb.Spec.Volumes != nil { + volumes = append(volumes, fb.Spec.Volumes...) + } + return volumes +}