Merge pull request #265 from kube-logging/4.11-preparations

4.11 docs

.github/workflows/publish-version-4.10.yaml

@@ -0,0 +1,86 @@
+name: Publish version 4.10
+
+env:
+  doc_versionnumber: "4.10"
+
+on:
+  push:
+    branches:
+      - release-4.10
+  workflow_dispatch:
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: write
+      pages: write
+      id-token: write
+
+    concurrency:
+      group: "pages"
+      cancel-in-progress: false
+
+    environment:
+      name: github-pages-test
+      url: ${{ steps.deployment.outputs.page_url }}
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          ref: release-4.10
+          submodules: 'recursive'
+
+      - name: Set up Pages
+        id: pages
+        uses: actions/configure-pages@1f0c5cde4bc74cd7e1254d0cb4de8d49e9068c7d # v4.0.0
+
+      - name: Set up Hugo
+        uses: peaceiris/actions-hugo@16361eb4acea8698b220b76c0d4e84e1fd22c61d # v2.6.0
+        with:
+          hugo-version: '0.110.0'
+          extended: true
+
+      - name: Set up Node
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
+        with:
+          node-version: 18
+
+      - name: Install dependencies
+        run: |
+          cd themes/docsy
+          npm install
+
+      - name: Set up PostCSS
+        run: npm install --save-dev autoprefixer postcss-cli postcss
+
+      - name: Build
+        run: hugo --environment production --baseURL ${{ steps.pages.outputs.base_url }}/${{ env.doc_versionnumber }}/
+
+      # - name: Upload artifact
+      #   uses: actions/upload-pages-artifact@64bcae551a7b18bcb9a09042ddf1960979799187 # v1.0.8
+      #   with:
+      #     path: ./public/
+
+      - name: Checkout code to update
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          ref: 'gh-pages-test'
+          path: 'tmp/gh-pages'
+      # - name: Display file structure
+      #   run: ls -R
+      - name: Copy built site to GH pages
+        run: |
+          rm -rf tmp/gh-pages/${{ env.doc_versionnumber }}
+          mkdir -p tmp/gh-pages/${{ env.doc_versionnumber }}
+          mv public/* tmp/gh-pages/${{ env.doc_versionnumber }}
+      - name: Commit & Push changes
+        uses: actions-js/push@master
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          message: 'Publish updated docs for ${{ env.doc_versionnumber }}, ${{ github.event.repository.pushed_at}}'
+          branch: 'gh-pages-test'
+          directory: 'tmp/gh-pages'

config/_default/config.toml

@@ -65,7 +65,7 @@ weight = 1
   # Used in the "version-banner" partial to display a version number for the 
   # current doc set.
 
-  version = "4.10.0"
+  version = "4.11.0"
   version_menu = "Releases"
   version_menu_canonicallinks = true
   version_menu_pagelinks = true
@@ -169,9 +169,13 @@ twitter = "AxoflowIO"
 #######################
 # Add your release versions here
 [[params.versions]]
-  version = "latest (4.10.0)"
+  version = "latest (4.11.0)"
   githubbranch = "master"
   url = ""
+[[params.versions]]
+  version = "4.10"
+  githubbranch = "release-4.10"
+  url = "/4.10/"
 [[params.versions]]
   version = "4.9"
   githubbranch = "release-4.9"
@@ -212,7 +216,7 @@ twitter = "AxoflowIO"
 # Cascade version number to every doc page (needed to create sections for pagefind search)
 # Update this parameter when creating a new version
 [[cascade]]
-body_attribute = 'data-pagefind-filter="section:4.10"'
+body_attribute = 'data-pagefind-filter="section:4.11"'
 [cascade._target]
   path = '/docs/**'
 

content/docs/configuration/crds/v1beta1/_index.md

@@ -16,14 +16,16 @@ For more information please click on the name
 | **[FlowSpec](flow_types/)** | FlowSpec is the Kubernetes spec for Flows | v1beta1 |
 | **[FluentbitSpec](fluentbit_types/)** | FluentbitSpec defines the desired state of FluentbitAgent | v1beta1 |
 | **[Fluent](fluentd_types/)** | FluentdConfig is a reference to the desired Fluentd state | v1beta1 |
+| **[FluentdSpec](fluentd_types/)** | FluentdSpec defines the desired state of Fluentd | v1beta1 |
 | **[Logging](logging_types/)** | Logging system configuration | v1beta1 |
 | **[LoggingRouteSpec](loggingroute_types/)** | LoggingRouteSpec defines the desired state of LoggingRoute | v1beta1 |
 | **[NodeAgent](node_agent_types/)** |  | v1beta1 |
 | **[OutputSpec](output_types/)** | OutputSpec defines the desired state of Output | v1beta1 |
 | **[SyslogNGClusterFlow](syslogng_clusterflow_types/)** | SyslogNGClusterFlow is the Schema for the syslog-ng clusterflows API | v1beta1 |
 | **[SyslogNGClusterOutput](syslogng_clusteroutput_types/)** | SyslogNGClusterOutput is the Schema for the syslog-ng clusteroutputs API | v1beta1 |
+| **[SyslogNG](syslogng_types/)** | SyslogNG is a reference to the desired SyslogNG state | v1beta1 |
 | **[SyslogNGFlowSpec](syslogng_flow_types/)** | SyslogNGFlowSpec is the Kubernetes spec for SyslogNGFlows | v1beta1 |
 | **[SyslogNGOutputSpec](syslogng_output_types/)** | SyslogNGOutputSpec defines the desired state of SyslogNGOutput | v1beta1 |
-| **[SyslogNG](syslogng_types/)** | SyslogNG is a reference to the desired SyslogNG state | v1beta1 |
+| **[SyslogNGSpec](syslogng_types/)** | SyslogNGSpec defines the desired state of SyslogNG | v1beta1 |
 </center>
 

content/docs/configuration/crds/v1beta1/fluentbit_types.md

@@ -59,6 +59,9 @@ FluentbitSpec defines the desired state of FluentbitAgent
 ### bufferVolumeImage (ImageSpec, optional) {#fluentbitspec-buffervolumeimage}
 
 
+### bufferVolumeLivenessProbe (*corev1.Probe, optional) {#fluentbitspec-buffervolumelivenessprobe}
+
+
 ### bufferVolumeMetrics (*Metrics, optional) {#fluentbitspec-buffervolumemetrics}
 
 

content/docs/configuration/crds/v1beta1/output_types.md

@@ -32,7 +32,7 @@ OutputSpec defines the desired state of Output
 ### gcs (*output.GCSOutput, optional) {#outputspec-gcs}
 
 
-### gelf (*output.GELFOutputConfig, optional) {#outputspec-gelf}
+### gelf (*output.GelfOutputConfig, optional) {#outputspec-gelf}
 
 
 ### http (*output.HTTPOutputConfig, optional) {#outputspec-http}

content/docs/configuration/crds/v1beta1/syslogng_clusteroutput_types.md

@@ -31,6 +31,9 @@ SyslogNGClusterOutputSpec contains Kubernetes spec for SyslogNGClusterOutput
 ### enabledNamespaces ([]string, optional) {#syslogngclusteroutputspec-enablednamespaces}
 
 
+### protected (bool, optional) {#syslogngclusteroutputspec-protected}
+
+
 
 ## SyslogNGClusterOutputList
 

content/docs/configuration/crds/v1beta1/syslogng_types.md

@@ -14,6 +14,12 @@ SyslogNGSpec defines the desired state of SyslogNG
 ### bufferVolumeMetricsImage (*BasicImageSpec, optional) {#syslogngspec-buffervolumemetricsimage}
 
 
+### bufferVolumeMetricsLivenessProbe (*corev1.Probe, optional) {#syslogngspec-buffervolumemetricslivenessprobe}
+
+
+### bufferVolumeMetricsResources (corev1.ResourceRequirements, optional) {#syslogngspec-buffervolumemetricsresources}
+
+
 ### bufferVolumeMetricsService (*typeoverride.Service, optional) {#syslogngspec-buffervolumemetricsservice}
 
 

content/docs/configuration/plugins/outputs/opensearch.md

@@ -302,6 +302,11 @@ Indicates that the OpenSearch-transport will try to reload the nodes addresses i
 
 Default: false
 
+### remove_keys (string, optional) {#opensearch-remove_keys}
+
+https://github.com/fluent/fluent-plugin-opensearch#remove_keys 
+
+
 ### remove_keys_on_update (string, optional) {#opensearch-remove_keys_on_update}
 
 Remove keys on update will not update the configured keys in OpenSearch when a record is being updated. This setting only has any effect if the write operation is update or upsert. 

content/docs/configuration/plugins/syslog-ng-outputs/opentelemetry.md

@@ -21,8 +21,7 @@ metadata:
   name: otlp
 spec:
   opentelemetry:
-    url: otel-server
-    port: 4379
+    url: otel-server:4379
 {{</ highlight >}}
 
 

content/docs/configuration/plugins/syslog-ng-outputs/s3.md

@@ -102,7 +102,7 @@ Default: 32
 The object_key for the S3 server. 
 
 
-### object_key_timestamp (RawString, optional) {#s3output-object_key_timestamp}
+### object_key_timestamp (string, optional) {#s3output-object_key_timestamp}
 
 Set object_key_timestamp 
 
@@ -132,7 +132,7 @@ The secret_key for the S3 server.
 Set the storage_class option. 
 
 
-### template (RawString, optional) {#s3output-template}
+### template (string, optional) {#s3output-template}
 
 Template 
 

content/docs/image-versions.md

@@ -5,6 +5,23 @@ weight: 750
 
 Logging operator uses the following image versions.
 
+## Logging operator version 4.11
+
+| Image repository | GitHub repository | Version |
+| -------- | --- | -- |
+| ghcr.io/kube-logging/node-exporter | https://github.com/kube-logging/node-exporter-image | v0.7.1 |
+| ghcr.io/kube-logging/config-reloader | https://github.com/kube-logging/config-reloader | v0.0.6 |
+| ghcr.io/kube-logging/fluentd-drain-watch | https://github.com/kube-logging/fluentd-drain-watch | v0.2.3 |
+| k8s.gcr.io/pause |  | 3.2 |
+| docker.io/busybox | https://github.com/docker-library/busybox | latest |
+| ghcr.io/axoflow/axosyslog | https://github.com/axoflow/axosyslog/ | 4.9.0 |
+| docker.io/fluent/fluent-bit | https://github.com/fluent/fluent-bit | 3.1.8 |
+| ghcr.io/kube-logging/fluentd | https://github.com/kube-logging/fluentd-images | v1.16-4.11-full |
+| ghcr.io/axoflow/axosyslog-metrics-exporter | https://github.com/axoflow/axosyslog-metrics-exporter | 0.0.7 |
+| ghcr.io/kube-logging/syslogng-reload | https://github.com/kube-logging/syslogng-reload-image | v1.5.0 |
+| ghcr.io/kube-logging/eventrouter | https://github.com/kube-logging/eventrouter | 0.4.0 |
+| ghcr.io/kube-logging/node-exporter | | v0.8.0 |
+
 ## Logging operator version 4.10
 
 | Image repository | GitHub repository | Version |

content/docs/install/_index.md

@@ -69,3 +69,51 @@ To verify that the installation was successful, complete the following steps.
     syslogngflows.logging.banzaicloud.io             2023-08-10T12:05:05Z
     syslogngoutputs.logging.banzaicloud.io           2023-08-10T12:05:06Z
     ```
+
+## Image and chart verification {#verify}
+
+Images and charts are signed with GitHub Actions OIDC token. We sign the digests of the images and the charts to ensure the integrity and authenticity of the artifacts.
+
+To verify signatures, you must have [cosign](https://docs.sigstore.dev/cosign/system_config/installation/) installed.
+
+### Image verification
+
+You can verify our images by running the following command.
+
+```shell
+cosign verify "ghcr.io/kube-logging/logging-operator@{sha256-IMAGE-DIGEST}" \ 
+--certificate-identity "https://github.com/ghcr.io/kube-logging/logging-operator/.github/workflows/artifacts.yaml@{refs/heads/main || refs/tags/<tag_name>}" \ 
+--certificate-oidc-issuer "https://token.actions.githubusercontent.com"
+```
+
+- Replace `{sha256-IMAGE-DIGEST}` with the digest of the image you want to verify. You can find the digests at [ghcr.io/kube-logging/logging-operator](https://ghcr.io/kube-logging/logging-operator). For example, for the 4.11.0 release it's `sha256:50550883905ffe484f210ae65a8e0dbcbc0836c240b1fec454945d8b97830ede`.
+- Replace `{refs/heads/main || refs/tags/<tag_name>}` with the reference to the image you want to verify. For example, for the 4.11.0 release, use `refs/tags/4.11.0`.
+
+For example:
+
+```shell
+cosign verify "ghcr.io/kube-logging/logging-operator@sha256:50550883905ffe484f210ae65a8e0dbcbc0836c240b1fec454945d8b97830ede" \
+    --certificate-identity "https://github.com/kube-logging/logging-operator/.github/workflows/artifacts.yaml@refs/tags/4.11.0" \
+    --certificate-oidc-issuer "https://token.actions.githubusercontent.com"
+```
+
+### Chart verification
+
+You can verify our charts by running the following command.
+
+```shell
+cosign verify "ghcr.io/kube-logging/logging-operator@{sha256-CHART-DIGEST}" \ 
+--certificate-identity "https://github.com/ghcr.io/kube-logging/logging-operator/.github/workflows/artifacts.yaml@{refs/heads/main || refs/tags/<tag_name>}" \ 
+--certificate-oidc-issuer "https://token.actions.githubusercontent.com"
+```
+
+- Replace `{sha256-CHART-DIGEST}` with the digest of the image you want to verify. You can find the digests at [ghcr.io/kube-logging/helm-charts/logging-operator](https://ghcr.io/kube-logging/helm-charts/logging-operator). For example, for the 4.11.0 release it's `sha256:233407195e1c97382e7fc0dfb00f9c6cadbba2928a64bfce6be072fc37df20eb`.
+- Replace `{refs/heads/main || refs/tags/<tag_name>}` with the reference to the image you want to verify. For example, for the 4.11.0 release, use `refs/tags/4.11.0`.
+
+For example:
+
+```shell
+cosign verify "ghcr.io/kube-logging/helm-charts/logging-operator@sha256:233407195e1c97382e7fc0dfb00f9c6cadbba2928a64bfce6be072fc37df20eb" \
+    --certificate-identity "https://github.com/kube-logging/logging-operator/.github/workflows/artifacts.yaml@refs/tags/4.11.0" \
+    --certificate-oidc-issuer "https://token.actions.githubusercontent.com"
+```

content/docs/whats-new/_index.md

@@ -3,6 +3,42 @@ title: What's new
 weight: 50
 ---
 
+## Version 4.11
+
+The following are the highlights and main changes of Logging operator 4.11. For a complete list of changes and bugfixes, see the [Logging operator 4.11 releases page](https://github.com/kube-logging/logging-operator/releases/tag/4.11.0).
+
+- You can now set the `protected` flag for SyslogNGClusterOutput kinds.
+- Charts and images are now signed. To verify the signature, see {{% xref "/docs/install/_index.md#verify" %}}.
+- You can now add annotations and labels to Persistent Volume Claims of the Fluentd StatefulSet. For example:
+
+    ```yaml
+    apiVersion: logging.banzaicloud.io/v1beta1
+    kind: Logging
+    metadata:
+      name: all-to-file
+    spec:
+      controlNamespace: default
+      fluentd:
+        bufferStorageVolume:
+          pvc:
+            labels:
+              app: logging
+            annotations:
+              app: logging
+            source:
+              claimName: manual
+              readOnly: false
+    ```
+
+- You can now set liveness probes to the buffer-metrics sidecar container using the `bufferVolumeLivenessProbe` option.
+- IPv6 improvements:
+
+    - You can now scrape the metrics of Fluentd on clusters that only have IPv6 addresses.
+    - Fluent Bit can now listen on IPv6 addresses.
+
+- The [OpenSearch Fluentd output]({{< relref "/docs/configuration/plugins/outputs/opensearch.md" >}}) now supports the `remove_keys` option.
+- You can now set the `strategy` and `topologySpreadConstraints` in the Logging operator chart.
+
 ## Version 4.10
 
 The following are the highlights and main changes of Logging operator 4.10. For a complete list of changes and bugfixes, see the [Logging operator 4.10 releases page](https://github.com/kube-logging/logging-operator/releases/tag/4.10.0)<!-- and the [Logging operator 4.9 release blog post](https://axoflow.com/logging-operator-4.9-release)-->.