fluent · benjaminhuo · Sep 19, 2023 · Sep 11, 2023 · wenchajun · Sep 17, 2023
diff --git a/apis/fluentbit/v1alpha2/fluentbit_types.go b/apis/fluentbit/v1alpha2/fluentbit_types.go
@@ -70,6 +70,8 @@ type FluentBitSpec struct {
 	Volumes []corev1.Volume `json:"volumes,omitempty"`
 	// Pod volumes to mount into the container's filesystem.
 	VolumesMounts []corev1.VolumeMount `json:"volumesMounts,omitempty"`
+	// DisableLogVolumes removes the hostPath mounts for varlibcontainers, varlogs and systemd.
+	DisableLogVolumes bool `json:"disableLogVolumes,omitempty"`
 	// Annotations to add to each Fluentbit pod.
 	Annotations map[string]string `json:"annotations,omitempty"`
 	// Annotations to add to the Fluentbit service account

diff --git a/charts/fluent-operator/charts/fluent-bit-crds/crds/fluentbit.fluent.io_fluentbits.yaml b/charts/fluent-operator/charts/fluent-bit-crds/crds/fluentbit.fluent.io_fluentbits.yaml
@@ -1043,6 +1043,10 @@ spec:
                         type: string
                     type: object
                 type: object
+              disableLogVolumes:
+                description: DisableLogVolumes removes the hostPath mounts for varlibcontainers,
+                  varlogs and systemd.
+                type: boolean
               disableService:
                 description: DisableService tells if the fluentbit service should
                   be deployed.

diff --git a/config/crd/bases/fluentbit.fluent.io_fluentbits.yaml b/config/crd/bases/fluentbit.fluent.io_fluentbits.yaml
@@ -1043,6 +1043,10 @@ spec:
                         type: string
                     type: object
                 type: object
+              disableLogVolumes:
+                description: DisableLogVolumes removes the hostPath mounts for varlibcontainers,
+                  varlogs and systemd.
+                type: boolean
               disableService:
                 description: DisableService tells if the fluentbit service should
                   be deployed.

diff --git a/config/samples/fluentbit_v1alpha2_fluentbit.yaml b/config/samples/fluentbit_v1alpha2_fluentbit.yaml
@@ -11,3 +11,4 @@ spec:
     hostPath:
       path: /var/lib/fluent-bit/
   fluentBitConfigName: fluentbitconfig-sample
+  disableLogVolumes: false
diff --git a/docs/fluentbit.md b/docs/fluentbit.md
@@ -400,6 +400,7 @@ FluentBitSpec defines the desired state of FluentBit
 | metricsPort | MetricsPort is the port used by the metrics server. If this option is set, HttpPort from ClusterFluentBitConfig needs to match this value. Default is 2020. | int32 |
 | service | Service represents configurations on the fluent-bit service. | FluentBitService |
 | schedulerName | SchedulerName represents the desired scheduler for fluent-bit pods. | string |
+| disableLogVolumes | DisableLogVolumes removes the hostPath mounts for varlibcontainers, varlogs and systemd. | bool |
 
 [Back to TOC](#table-of-contents)
 # InputSpec

diff --git a/manifests/setup/fluent-operator-crd.yaml b/manifests/setup/fluent-operator-crd.yaml
@@ -13109,6 +13109,10 @@ spec:
                         type: string
                     type: object
                 type: object
+              disableLogVolumes:
+                description: DisableLogVolumes removes the hostPath mounts for varlibcontainers,
+                  varlogs and systemd.
+                type: boolean
               disableService:
                 description: DisableService tells if the fluentbit service should
                   be deployed.

diff --git a/manifests/setup/setup.yaml b/manifests/setup/setup.yaml
@@ -13109,6 +13109,10 @@ spec:
                         type: string
                     type: object
                 type: object
+              disableLogVolumes:
+                description: DisableLogVolumes removes the hostPath mounts for varlibcontainers,
+                  varlogs and systemd.
+                type: boolean
               disableService:
                 description: DisableService tells if the fluentbit service should
                   be deployed.

diff --git a/pkg/operator/daemonset.go b/pkg/operator/daemonset.go
@@ -25,10 +25,8 @@ func MakeDaemonSet(fb fluentbitv1alpha2.FluentBit, logPath string) *appsv1.Daemo
 		metricsPort = 2020
 	}
 
-	internalMountPropagation := corev1.MountPropagationNone
-	if fb.Spec.InternalMountPropagation != nil {
-		internalMountPropagation = *fb.Spec.InternalMountPropagation
-	}
+	fbVolumeMounts := makeVolumeMounts(fb, logPath)
+	fbVolumes := makeVolumes(fb, logPath)
 
 	ds := appsv1.DaemonSet{
 		ObjectMeta: metav1.ObjectMeta{
@@ -51,41 +49,8 @@ func MakeDaemonSet(fb fluentbitv1alpha2.FluentBit, logPath string) *appsv1.Daemo
 				Spec: corev1.PodSpec{
 					ServiceAccountName: fb.Name,
 					ImagePullSecrets:   fb.Spec.ImagePullSecrets,
-					Volumes: []corev1.Volume{
-						{
-							Name: "varlibcontainers",
-							VolumeSource: corev1.VolumeSource{
-								HostPath: &corev1.HostPathVolumeSource{
-									Path: logPath,
-								},
-							},
-						},
-						{
-							Name: "config",
-							VolumeSource: corev1.VolumeSource{
-								Secret: &corev1.SecretVolumeSource{
-									SecretName: fb.Spec.FluentBitConfigName,
-								},
-							},
-						},
-						{
-							Name: "varlogs",
-							VolumeSource: corev1.VolumeSource{
-								HostPath: &corev1.HostPathVolumeSource{
-									Path: "/var/log",
-								},
-							},
-						},
-						{
-							Name: "systemd",
-							VolumeSource: corev1.VolumeSource{
-								HostPath: &corev1.HostPathVolumeSource{
-									Path: "/var/log/journal",
-								},
-							},
-						},
-					},
-					InitContainers: fb.Spec.InitContainers,
+					InitContainers:     fb.Spec.InitContainers,
+					Volumes:            fbVolumes,
 					Containers: []corev1.Container{
 						{
 							Name:            "fluent-bit",
@@ -118,31 +83,7 @@ func MakeDaemonSet(fb fluentbitv1alpha2.FluentBit, logPath string) *appsv1.Daemo
 									},
 								},
 							},
-							VolumeMounts: []corev1.VolumeMount{
-								{
-									Name:             "varlibcontainers",
-									ReadOnly:         true,
-									MountPath:        logPath,
-									MountPropagation: &internalMountPropagation,
-								},
-								{
-									Name:      "config",
-									ReadOnly:  true,
-									MountPath: "/fluent-bit/config",
-								},
-								{
-									Name:             "varlogs",
-									ReadOnly:         true,
-									MountPath:        "/var/log/",
-									MountPropagation: &internalMountPropagation,
-								},
-								{
-									Name:             "systemd",
-									ReadOnly:         true,
-									MountPath:        "/var/log/journal",
-									MountPropagation: &internalMountPropagation,
-								},
-							},
+							VolumeMounts:    fbVolumeMounts,
 							Resources:       fb.Spec.Resources,
 							SecurityContext: fb.Spec.ContainerSecurityContext,
 						},
@@ -189,13 +130,6 @@ func MakeDaemonSet(fb fluentbitv1alpha2.FluentBit, logPath string) *appsv1.Daemo
 		ds.Spec.Template.Spec.SchedulerName = fb.Spec.SchedulerName
 	}
 
-	if fb.Spec.Volumes != nil {
-		ds.Spec.Template.Spec.Volumes = append(ds.Spec.Template.Spec.Volumes, fb.Spec.Volumes...)
-	}
-	if fb.Spec.VolumesMounts != nil {
-		ds.Spec.Template.Spec.Containers[0].VolumeMounts = append(ds.Spec.Template.Spec.Containers[0].VolumeMounts, fb.Spec.VolumesMounts...)
-	}
-
 	// Mount Position DB
 	if fb.Spec.PositionDB != (corev1.VolumeSource{}) {
 		ds.Spec.Template.Spec.Volumes = append(ds.Spec.Template.Spec.Volumes, corev1.Volume{
@@ -227,3 +161,98 @@ func MakeDaemonSet(fb fluentbitv1alpha2.FluentBit, logPath string) *appsv1.Daemo
 
 	return &ds
 }
+
+func makeVolumeMounts(fb fluentbitv1alpha2.FluentBit, logPath string) []corev1.VolumeMount {
+	internalMountPropagation := corev1.MountPropagationNone
+	if fb.Spec.InternalMountPropagation != nil {
+		internalMountPropagation = *fb.Spec.InternalMountPropagation
+	}
+
+	volumeMounts := []corev1.VolumeMount{
+		{
+			Name:      "config",
+			ReadOnly:  true,
+			MountPath: "/fluent-bit/config",
+		},
+	}
+
+	if !fb.Spec.DisableLogVolumes {
+		logVolumes := []corev1.VolumeMount{
+			{
+				Name:             "varlibcontainers",
+				ReadOnly:         true,
+				MountPath:        logPath,
+				MountPropagation: &internalMountPropagation,
+			},
+
+			{
+				Name:             "varlogs",
+				ReadOnly:         true,
+				MountPath:        "/var/log/",
+				MountPropagation: &internalMountPropagation,
+			},
+			{
+				Name:             "systemd",
+				ReadOnly:         true,
+				MountPath:        "/var/log/journal",
+				MountPropagation: &internalMountPropagation,
+			},
+		}
+		volumeMounts = append(volumeMounts, logVolumes...)
+	}
+
+	if fb.Spec.VolumesMounts != nil {
+		volumeMounts = append(volumeMounts, fb.Spec.VolumesMounts...)
+	}
+
+	return volumeMounts
+}
+
+func makeVolumes(fb fluentbitv1alpha2.FluentBit, logPath string) []corev1.Volume {
+
+	volumes := []corev1.Volume{
+		{
+			Name: "config",
+			VolumeSource: corev1.VolumeSource{
+				Secret: &corev1.SecretVolumeSource{
+					SecretName: fb.Spec.FluentBitConfigName,
+				},
+			},
+		},
+	}
+
+	if !fb.Spec.DisableLogVolumes {
+		logVolumes := []corev1.Volume{
+			{
+				Name: "varlibcontainers",
+				VolumeSource: corev1.VolumeSource{
+					HostPath: &corev1.HostPathVolumeSource{
+						Path: logPath,
+					},
+				},
+			},
+			{
+				Name: "varlogs",
+				VolumeSource: corev1.VolumeSource{
+					HostPath: &corev1.HostPathVolumeSource{
+						Path: "/var/log",
+					},
+				},
+			},
+			{
+				Name: "systemd",
+				VolumeSource: corev1.VolumeSource{
+					HostPath: &corev1.HostPathVolumeSource{
+						Path: "/var/log/journal",
+					},
+				},
+			},
+		}
+		volumes = append(volumes, logVolumes...)
+	}
+
+	if fb.Spec.Volumes != nil {
+		volumes = append(volumes, fb.Spec.Volumes...)
+	}
+	return volumes
+}