From 37a91acb8cd819f58bcf8f55ecba67ee2e8e931d Mon Sep 17 00:00:00 2001 From: Niklas Treml Date: Wed, 28 Feb 2024 13:36:50 +0100 Subject: [PATCH 1/2] fix: pass complete security context to pods Signed-off-by: Niklas Treml --- pkg/resources/fluentd/appconfigmap.go | 16 +++++----------- pkg/resources/fluentd/drainjob.go | 10 ++-------- pkg/resources/fluentd/statefulset.go | 8 +------- 3 files changed, 8 insertions(+), 26 deletions(-) diff --git a/pkg/resources/fluentd/appconfigmap.go b/pkg/resources/fluentd/appconfigmap.go index 1dac41421..c6189939f 100644 --- a/pkg/resources/fluentd/appconfigmap.go +++ b/pkg/resources/fluentd/appconfigmap.go @@ -262,17 +262,11 @@ func (r *Reconciler) newCheckPod(hashKey string, fluentdSpec v1beta1.FluentdSpec Tolerations: fluentdSpec.Tolerations, Affinity: fluentdSpec.Affinity, PriorityClassName: fluentdSpec.PodPriorityClassName, - SecurityContext: &corev1.PodSecurityContext{ - RunAsNonRoot: fluentdSpec.Security.PodSecurityContext.RunAsNonRoot, - FSGroup: fluentdSpec.Security.PodSecurityContext.FSGroup, - RunAsUser: fluentdSpec.Security.PodSecurityContext.RunAsUser, - RunAsGroup: fluentdSpec.Security.PodSecurityContext.RunAsGroup, - SeccompProfile: fluentdSpec.Security.PodSecurityContext.SeccompProfile, - }, - Volumes: volumes, - ImagePullSecrets: fluentdSpec.Image.ImagePullSecrets, - InitContainers: initContainer, - Containers: container, + SecurityContext: fluentdSpec.Security.PodSecurityContext, + Volumes: volumes, + ImagePullSecrets: fluentdSpec.Image.ImagePullSecrets, + InitContainers: initContainer, + Containers: container, }, } if fluentdSpec.ConfigCheckAnnotations != nil { diff --git a/pkg/resources/fluentd/drainjob.go b/pkg/resources/fluentd/drainjob.go index 7d7a29c7b..3b056f7e5 100644 --- a/pkg/resources/fluentd/drainjob.go +++ b/pkg/resources/fluentd/drainjob.go @@ -65,14 +65,8 @@ func (r *Reconciler) drainerJobFor(pvc corev1.PersistentVolumeClaim, fluentdSpec Affinity: fluentdSpec.Affinity, TopologySpreadConstraints: fluentdSpec.TopologySpreadConstraints, PriorityClassName: fluentdSpec.PodPriorityClassName, - SecurityContext: &corev1.PodSecurityContext{ - RunAsNonRoot: fluentdSpec.Security.PodSecurityContext.RunAsNonRoot, - FSGroup: fluentdSpec.Security.PodSecurityContext.FSGroup, - RunAsUser: fluentdSpec.Security.PodSecurityContext.RunAsUser, - RunAsGroup: fluentdSpec.Security.PodSecurityContext.RunAsGroup, - SeccompProfile: fluentdSpec.Security.PodSecurityContext.SeccompProfile, - }, - RestartPolicy: corev1.RestartPolicyNever, + SecurityContext: fluentdSpec.Security.PodSecurityContext, + RestartPolicy: corev1.RestartPolicyNever, }, }, } diff --git a/pkg/resources/fluentd/statefulset.go b/pkg/resources/fluentd/statefulset.go index 85d842d50..2fc0d16f4 100644 --- a/pkg/resources/fluentd/statefulset.go +++ b/pkg/resources/fluentd/statefulset.go @@ -125,13 +125,7 @@ func (r *Reconciler) statefulsetSpec() *appsv1.StatefulSetSpec { PriorityClassName: r.fluentdSpec.PodPriorityClassName, DNSPolicy: r.fluentdSpec.DNSPolicy, DNSConfig: r.fluentdSpec.DNSConfig, - SecurityContext: &corev1.PodSecurityContext{ - RunAsNonRoot: r.fluentdSpec.Security.PodSecurityContext.RunAsNonRoot, - FSGroup: r.fluentdSpec.Security.PodSecurityContext.FSGroup, - RunAsUser: r.fluentdSpec.Security.PodSecurityContext.RunAsUser, - RunAsGroup: r.fluentdSpec.Security.PodSecurityContext.RunAsGroup, - SeccompProfile: r.fluentdSpec.Security.PodSecurityContext.SeccompProfile, - }, + SecurityContext: r.fluentdSpec.Security.PodSecurityContext, }, }, ServiceName: r.Logging.QualifiedName(ServiceName + "-headless"), From 7c2e729bba2b73b588088948b4b119abd44252cc Mon Sep 17 00:00:00 2001 From: Szilard Parrag Date: Wed, 28 Feb 2024 21:59:05 +0100 Subject: [PATCH 2/2] Fix fluentdconfig and syslogngconfig deletion (#1672) Signed-off-by: Szilard Parrag Signed-off-by: Peter Wilcsinszky Co-authored-by: Peter Wilcsinszky --- .../templates/clusterrole.yaml | 6 ++ config/rbac/role.yaml | 6 ++ config/samples/fluentdconfig.yaml | 18 ++++ controllers/logging/logging_controller.go | 97 ++++++++++++++++--- .../logging/logging_controller_test.go | 5 +- main.go | 7 +- pkg/resources/fluentbit/configsecret.go | 5 +- pkg/resources/fluentbit/tenants.go | 5 +- pkg/resources/fluentd/dataprovider.go | 18 ++-- pkg/resources/fluentd/fluentd.go | 10 +- pkg/resources/fluentd/meta.go | 34 ++++--- pkg/resources/model/reconciler.go | 4 + pkg/resources/model/resources.go | 23 ++--- pkg/resources/model/system.go | 2 +- pkg/resources/syslogng/dataprovider.go | 14 +-- pkg/resources/syslogng/meta.go | 32 +++--- pkg/resources/syslogng/statefulset.go | 2 +- pkg/resources/syslogng/syslogng.go | 7 +- pkg/sdk/logging/api/v1beta1/logging_types.go | 69 ++++++++----- 19 files changed, 253 insertions(+), 111 deletions(-) create mode 100644 config/samples/fluentdconfig.yaml diff --git a/charts/logging-operator/templates/clusterrole.yaml b/charts/logging-operator/templates/clusterrole.yaml index 04ceec285..5bbc75aef 100644 --- a/charts/logging-operator/templates/clusterrole.yaml +++ b/charts/logging-operator/templates/clusterrole.yaml @@ -290,6 +290,12 @@ rules: - get - patch - update +- apiGroups: + - logging.banzaicloud.io + resources: + - loggings/finalizers + verbs: + - update - apiGroups: - logging.banzaicloud.io resources: diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 4e3f9c1b9..53cbbd77b 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -290,6 +290,12 @@ rules: - get - patch - update +- apiGroups: + - logging.banzaicloud.io + resources: + - loggings/finalizers + verbs: + - update - apiGroups: - logging.banzaicloud.io resources: diff --git a/config/samples/fluentdconfig.yaml b/config/samples/fluentdconfig.yaml new file mode 100644 index 000000000..34a2bb50f --- /dev/null +++ b/config/samples/fluentdconfig.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: logging +--- +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: fluentd-config +spec: + controlNamespace: logging +--- +apiVersion: logging.banzaicloud.io/v1beta1 +kind: FluentdConfig +metadata: + name: fluentd-config + namespace: logging +spec: {} diff --git a/controllers/logging/logging_controller.go b/controllers/logging/logging_controller.go index 773b37593..d0f76f1a7 100644 --- a/controllers/logging/logging_controller.go +++ b/controllers/logging/logging_controller.go @@ -31,8 +31,10 @@ import ( "github.com/prometheus/client_golang/prometheus" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/types" + "k8s.io/client-go/tools/record" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" "sigs.k8s.io/controller-runtime/pkg/handler" "sigs.k8s.io/controller-runtime/pkg/metrics" "sigs.k8s.io/controller-runtime/pkg/reconcile" @@ -52,23 +54,26 @@ import ( ) // NewLoggingReconciler returns a new LoggingReconciler instance -func NewLoggingReconciler(client client.Client, log logr.Logger) *LoggingReconciler { +func NewLoggingReconciler(client client.Client, eventRecorder record.EventRecorder, log logr.Logger) *LoggingReconciler { return &LoggingReconciler{ - Client: client, - Log: log, + Client: client, + EventRecorder: eventRecorder, + Log: log, } } // LoggingReconciler reconciles a Logging object type LoggingReconciler struct { client.Client - Log logr.Logger + EventRecorder record.EventRecorder + Log logr.Logger } // +kubebuilder:rbac:groups=logging.banzaicloud.io,resources=loggings;fluentbitagents;flows;clusterflows;outputs;clusteroutputs;nodeagents;fluentdconfigs;syslogngconfigs,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=logging.banzaicloud.io,resources=loggings/status;fluentbitagents/status;flows/status;clusterflows/status;outputs/status;clusteroutputs/status;nodeagents/status;fluentdconfigs/status;syslogngconfigs/status,verbs=get;update;patch // +kubebuilder:rbac:groups=logging.banzaicloud.io,resources=syslogngflows;syslogngclusterflows;syslogngoutputs;syslogngclusteroutputs,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=logging.banzaicloud.io,resources=syslogngflows/status;syslogngclusterflows/status;syslogngoutputs/status;syslogngclusteroutputs/status,verbs=get;update;patch +// +kubebuilder:rbac:groups=logging.banzaicloud.io,resources=loggings/finalizers,verbs=update // +kubebuilder:rbac:groups="",resources=configmaps;secrets,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=extensions;apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=extensions;networking.k8s.io,resources=ingresses,verbs=get;list;watch;create;update;patch;delete @@ -127,7 +132,8 @@ func (r *LoggingReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct return reconcile.Result{}, errors.WrapIfWithDetails(err, "failed to get logging resources", "logging", logging) } - r.dynamicDefaults(ctx, log, loggingResources.GetSyslogNGSpec()) + _, syslogNGSPec := loggingResources.GetSyslogNGSpec() + r.dynamicDefaults(ctx, log, syslogNGSPec) // metrics defer func() { @@ -176,7 +182,7 @@ func (r *LoggingReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct var loggingDataProvider loggingdataprovider.LoggingDataProvider - fluentdSpec := loggingResources.GetFluentdSpec() + fluentdExternal, fluentdSpec := loggingResources.GetFluentd() if fluentdSpec != nil { fluentdConfig, secretList, err := r.clusterConfigurationFluentd(loggingResources) if err != nil { @@ -187,12 +193,12 @@ func (r *LoggingReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct } else { log.V(1).Info("flow configuration", "config", fluentdConfig) - reconcilers = append(reconcilers, fluentd.New(r.Client, r.Log, &logging, fluentdSpec, &fluentdConfig, secretList, reconcilerOpts).Reconcile) + reconcilers = append(reconcilers, fluentd.New(r.Client, r.Log, &logging, fluentdSpec, fluentdExternal, &fluentdConfig, secretList, reconcilerOpts).Reconcile) } - loggingDataProvider = fluentd.NewDataProvider(r.Client, &logging, fluentdSpec) + loggingDataProvider = fluentd.NewDataProvider(r.Client, &logging, fluentdSpec, fluentdExternal) } - syslogNGSpec := loggingResources.GetSyslogNGSpec() + syslogNGExternal, syslogNGSpec := loggingResources.GetSyslogNGSpec() if syslogNGSpec != nil { syslogNGConfig, secretList, err := r.clusterConfigurationSyslogNG(loggingResources) if err != nil { @@ -203,9 +209,9 @@ func (r *LoggingReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct } else { log.V(1).Info("flow configuration", "config", syslogNGConfig) - reconcilers = append(reconcilers, syslogng.New(r.Client, r.Log, &logging, syslogNGSpec, syslogNGConfig, secretList, reconcilerOpts).Reconcile) + reconcilers = append(reconcilers, syslogng.New(r.Client, r.Log, &logging, syslogNGSpec, syslogNGExternal, syslogNGConfig, secretList, reconcilerOpts).Reconcile) } - loggingDataProvider = syslogng.NewDataProvider(r.Client, &logging) + loggingDataProvider = syslogng.NewDataProvider(r.Client, &logging, syslogNGExternal) } switch len(loggingResources.Fluentbits) { @@ -260,7 +266,7 @@ func (r *LoggingReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct log.Error(errors.New("nodeagent definition conflict"), problem) } } - reconcilers = append(reconcilers, nodeagent.New(r.Client, r.Log, &logging, fluentdSpec, agents, reconcilerOpts, fluentd.NewDataProvider(r.Client, &logging, fluentdSpec)).Reconcile) + reconcilers = append(reconcilers, nodeagent.New(r.Client, r.Log, &logging, fluentdSpec, agents, reconcilerOpts, fluentd.NewDataProvider(r.Client, &logging, fluentdSpec, fluentdExternal)).Reconcile) } for _, rec := range reconcilers { @@ -274,9 +280,73 @@ func (r *LoggingReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct } } + if shouldReturn, err := r.fluentdConfigFinalizer(ctx, &logging, fluentdExternal); shouldReturn || err != nil { + return ctrl.Result{}, err + } + + if shouldReturn, err := r.syslogNGConfigFinalizer(ctx, &logging, syslogNGExternal); shouldReturn || err != nil { + return ctrl.Result{}, err + } + return ctrl.Result{}, nil } +func (r *LoggingReconciler) fluentdConfigFinalizer(ctx context.Context, logging *loggingv1beta1.Logging, externalFluentd *loggingv1beta1.FluentdConfig) (bool, error) { + fluentdConfigFinalizer := "fluentdconfig.logging.banzaicloud.io/finalizer" + + if logging.DeletionTimestamp.IsZero() { + if externalFluentd != nil && !controllerutil.ContainsFinalizer(logging, fluentdConfigFinalizer) { + r.Log.Info("adding fluentdconfig finalizer") + controllerutil.AddFinalizer(logging, fluentdConfigFinalizer) + if err := r.Update(ctx, logging); err != nil { + return true, err + } + } + } else if externalFluentd != nil { + msg := fmt.Sprintf("refused to delete logging resource while fluentdConfig %s exists", client.ObjectKeyFromObject(externalFluentd)) + r.EventRecorder.Event(logging, corev1.EventTypeWarning, "DeletionRefused", msg) + return false, errors.New(msg) + } + + if controllerutil.ContainsFinalizer(logging, fluentdConfigFinalizer) && externalFluentd == nil { + r.Log.Info("removing fluentdconfig finalizer") + controllerutil.RemoveFinalizer(logging, fluentdConfigFinalizer) + if err := r.Update(ctx, logging); err != nil { + return true, err + } + } + + return false, nil +} + +func (r *LoggingReconciler) syslogNGConfigFinalizer(ctx context.Context, logging *loggingv1beta1.Logging, externalSyslogNG *loggingv1beta1.SyslogNGConfig) (bool, error) { + syslogNGConfigFinalizer := "syslogngconfig.logging.banzaicloud.io/finalizer" + + if logging.DeletionTimestamp.IsZero() { + if externalSyslogNG != nil && !controllerutil.ContainsFinalizer(logging, syslogNGConfigFinalizer) { + r.Log.Info("adding syslogngconfig finalizer") + controllerutil.AddFinalizer(logging, syslogNGConfigFinalizer) + if err := r.Update(ctx, logging); err != nil { + return true, err + } + } + } else if externalSyslogNG != nil { + msg := fmt.Sprintf("refused to delete logging resource while syslogNGConfig %s exists", client.ObjectKeyFromObject(externalSyslogNG)) + r.EventRecorder.Event(logging, corev1.EventTypeWarning, "DeletionRefused", msg) + return false, errors.New(msg) + } + + if controllerutil.ContainsFinalizer(logging, syslogNGConfigFinalizer) && externalSyslogNG == nil { + r.Log.Info("removing syslogngconfig finalizer") + controllerutil.RemoveFinalizer(logging, syslogNGConfigFinalizer) + if err := r.Update(ctx, logging); err != nil { + return true, err + } + } + + return false, nil +} + func (r *LoggingReconciler) dynamicDefaults(ctx context.Context, log logr.Logger, syslogNGSpec *v1beta1.SyslogNGSpec) { nodes := corev1.NodeList{} if err := r.Client.List(ctx, &nodes); err != nil { @@ -371,6 +441,7 @@ func (r *LoggingReconciler) clusterConfigurationSyslogNG(resources model.Logging Path: syslogng.OutputSecretPath, } + _, syslogngSpec := resources.GetSyslogNGSpec() in := syslogngconfig.Input{ Name: resources.Logging.Name, Namespace: resources.Logging.Namespace, @@ -380,7 +451,7 @@ func (r *LoggingReconciler) clusterConfigurationSyslogNG(resources model.Logging Flows: resources.SyslogNG.Flows, SecretLoaderFactory: &slf, SourcePort: syslogng.ServicePort, - SyslogNGSpec: resources.GetSyslogNGSpec(), + SyslogNGSpec: syslogngSpec, } var b strings.Builder if err := syslogngconfig.RenderConfigInto(in, &b); err != nil { diff --git a/controllers/logging/logging_controller_test.go b/controllers/logging/logging_controller_test.go index 6ae2daa28..2601bb524 100644 --- a/controllers/logging/logging_controller_test.go +++ b/controllers/logging/logging_controller_test.go @@ -41,12 +41,13 @@ import ( ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" + metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server" + controllers "github.com/kube-logging/logging-operator/controllers/logging" "github.com/kube-logging/logging-operator/pkg/resources/fluentd" "github.com/kube-logging/logging-operator/pkg/resources/model" "github.com/kube-logging/logging-operator/pkg/sdk/logging/api/v1beta1" "github.com/kube-logging/logging-operator/pkg/sdk/logging/model/output" - metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server" ) var ( @@ -1410,7 +1411,7 @@ func beforeEachWithError(t *testing.T, errors chan<- error) func() { }) g.Expect(err).NotTo(gomega.HaveOccurred()) - flowReconciler := controllers.NewLoggingReconciler(mgr.GetClient(), ctrl.Log.WithName("controllers").WithName("Flow")) + flowReconciler := controllers.NewLoggingReconciler(mgr.GetClient(), mgr.GetEventRecorderFor("logging-operator"), ctrl.Log.WithName("controllers").WithName("Flow")) var stopped bool wrappedReconciler := duplicateRequest(t, flowReconciler, &stopped, errors) diff --git a/main.go b/main.go index f5b9f272a..983f0fa9a 100644 --- a/main.go +++ b/main.go @@ -169,11 +169,7 @@ func main() { os.Exit(1) } - if !PSPEnabled(mgr.GetConfig()) { - setupLog.Info("WARNING PodSecurityPolicies are disabled. Can be enabled manually with PSP_ENABLED=1") - } - - loggingReconciler := loggingControllers.NewLoggingReconciler(mgr.GetClient(), ctrl.Log.WithName("logging")) + loggingReconciler := loggingControllers.NewLoggingReconciler(mgr.GetClient(), mgr.GetEventRecorderFor("logging-operator"), ctrl.Log.WithName("logging")) if err := (&extensionsControllers.EventTailerReconciler{ Client: mgr.GetClient(), @@ -224,6 +220,7 @@ func main() { // +kubebuilder:scaffold:builder setupLog.Info("starting manager") + if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil { setupLog.Error(err, "problem running manager") os.Exit(1) diff --git a/pkg/resources/fluentbit/configsecret.go b/pkg/resources/fluentbit/configsecret.go index b2cb23c4b..7a3862ab1 100644 --- a/pkg/resources/fluentbit/configsecret.go +++ b/pkg/resources/fluentbit/configsecret.go @@ -243,7 +243,7 @@ func (r *Reconciler) configSecret() (runtime.Object, reconciler.DesiredState, er return nil, nil, errs } - fluentdSpec := loggingResources.GetFluentdSpec() + _, fluentdSpec := loggingResources.GetFluentd() if fluentdSpec != nil { fluentbitTargetHost := r.fluentbitSpec.TargetHost @@ -361,7 +361,8 @@ func (r *Reconciler) configSecret() (runtime.Object, reconciler.DesiredState, er } } - if loggingResources.GetSyslogNGSpec() != nil { + _, syslogNGSPec := loggingResources.GetSyslogNGSpec() + if syslogNGSPec != nil { input.SyslogNGOutput = newSyslogNGOutputConfig() input.SyslogNGOutput.Host = aggregatorEndpoint(r.Logging, syslogng.ServiceName) input.SyslogNGOutput.Port = syslogng.ServicePort diff --git a/pkg/resources/fluentbit/tenants.go b/pkg/resources/fluentbit/tenants.go index db20f63f2..11c2d322a 100644 --- a/pkg/resources/fluentbit/tenants.go +++ b/pkg/resources/fluentbit/tenants.go @@ -107,7 +107,8 @@ func (r *Reconciler) configureOutputsForTenants(ctx context.Context, tenants []v continue } - if loggingResources.GetFluentdSpec() != nil { + _, fluentdSpec := loggingResources.GetFluentd() + if fluentdSpec != nil { if input.FluentForwardOutput == nil { input.FluentForwardOutput = &fluentForwardOutputConfig{} } @@ -117,7 +118,7 @@ func (r *Reconciler) configureOutputsForTenants(ctx context.Context, tenants []v Host: aggregatorEndpoint(logging, fluentd.ServiceName), Port: fluentd.ServicePort, }) - } else if loggingResources.GetSyslogNGSpec() != nil { + } else if _, syslogNGSPec := loggingResources.GetSyslogNGSpec(); syslogNGSPec != nil { if input.SyslogNGOutput == nil { input.SyslogNGOutput = newSyslogNGOutputConfig() } diff --git a/pkg/resources/fluentd/dataprovider.go b/pkg/resources/fluentd/dataprovider.go index ccba81e86..d816178df 100644 --- a/pkg/resources/fluentd/dataprovider.go +++ b/pkg/resources/fluentd/dataprovider.go @@ -25,23 +25,25 @@ import ( ) type DataProvider struct { - client client.Client - logging *v1beta1.Logging - fluentdSpec *v1beta1.FluentdSpec + client client.Client + logging *v1beta1.Logging + fluentdSpec *v1beta1.FluentdSpec + fluentdConfig *v1beta1.FluentdConfig } -func NewDataProvider(client client.Client, logging *v1beta1.Logging, fluentdSpec *v1beta1.FluentdSpec) *DataProvider { +func NewDataProvider(client client.Client, logging *v1beta1.Logging, fluentdSpec *v1beta1.FluentdSpec, fluentdConfig *v1beta1.FluentdConfig) *DataProvider { return &DataProvider{ - client: client, - logging: logging, - fluentdSpec: fluentdSpec, + client: client, + logging: logging, + fluentdSpec: fluentdSpec, + fluentdConfig: fluentdConfig, } } func (p *DataProvider) GetReplicaCount(ctx context.Context) (*int32, error) { if p.fluentdSpec != nil { sts := &v1.StatefulSet{} - om := p.logging.FluentdObjectMeta(StatefulSetName, ComponentFluentd, *p.fluentdSpec) + om := p.logging.FluentdObjectMeta(StatefulSetName, ComponentFluentd, *p.fluentdSpec, p.fluentdConfig) err := p.client.Get(ctx, types.NamespacedName{Namespace: om.Namespace, Name: om.Name}, sts) if err != nil { return nil, errors.WrapIf(client.IgnoreNotFound(err), "getting fluentd statefulset") diff --git a/pkg/resources/fluentd/fluentd.go b/pkg/resources/fluentd/fluentd.go index 3ca335536..1e213a1f4 100644 --- a/pkg/resources/fluentd/fluentd.go +++ b/pkg/resources/fluentd/fluentd.go @@ -68,8 +68,9 @@ const ( // Reconciler holds info what resource to reconcile type Reconciler struct { - Logging *v1beta1.Logging - fluentdSpec *v1beta1.FluentdSpec + Logging *v1beta1.Logging + fluentdSpec *v1beta1.FluentdSpec + fluentdConfig *v1beta1.FluentdConfig *reconciler.GenericResourceReconciler config *string secrets *secret.MountSecrets @@ -112,10 +113,11 @@ func (r *Reconciler) getServiceAccount() string { } func New(client client.Client, log logr.Logger, - logging *v1beta1.Logging, fluentdSpec *v1beta1.FluentdSpec, config *string, secrets *secret.MountSecrets, opts reconciler.ReconcilerOpts) *Reconciler { + logging *v1beta1.Logging, fluentdSpec *v1beta1.FluentdSpec, fluentdConfig *v1beta1.FluentdConfig, config *string, secrets *secret.MountSecrets, opts reconciler.ReconcilerOpts) *Reconciler { return &Reconciler{ Logging: logging, fluentdSpec: fluentdSpec, + fluentdConfig: fluentdConfig, GenericResourceReconciler: reconciler.NewGenericReconciler(client, log, opts), config: config, secrets: secrets, @@ -318,7 +320,7 @@ func (r *Reconciler) reconcileDrain(ctx context.Context) (*reconcile.Result, err } } - replicaCount, err := NewDataProvider(r.Client, r.Logging, r.fluentdSpec).GetReplicaCount(ctx) + replicaCount, err := NewDataProvider(r.Client, r.Logging, r.fluentdSpec, r.fluentdConfig).GetReplicaCount(ctx) if err != nil { return nil, errors.WrapIf(err, "get replica count for fluentd") } diff --git a/pkg/resources/fluentd/meta.go b/pkg/resources/fluentd/meta.go index 9833736ce..b722b4288 100644 --- a/pkg/resources/fluentd/meta.go +++ b/pkg/resources/fluentd/meta.go @@ -21,19 +21,29 @@ import ( // FluentdObjectMeta creates an objectMeta for resource fluentd func (r *Reconciler) FluentdObjectMeta(name, component string) metav1.ObjectMeta { + ownerReference := metav1.OwnerReference{ + APIVersion: r.Logging.APIVersion, + Kind: r.Logging.Kind, + Name: r.Logging.Name, + UID: r.Logging.UID, + Controller: util.BoolPointer(true), + } + + if r.fluentdConfig != nil { + ownerReference = metav1.OwnerReference{ + APIVersion: r.fluentdConfig.APIVersion, + Kind: r.fluentdConfig.Kind, + Name: r.fluentdConfig.Name, + UID: r.fluentdConfig.UID, + Controller: util.BoolPointer(true), + } + } + o := metav1.ObjectMeta{ - Name: r.Logging.QualifiedName(name), - Namespace: r.Logging.Spec.ControlNamespace, - Labels: r.Logging.GetFluentdLabels(component, *r.fluentdSpec), - OwnerReferences: []metav1.OwnerReference{ - { - APIVersion: r.Logging.APIVersion, - Kind: r.Logging.Kind, - Name: r.Logging.Name, - UID: r.Logging.UID, - Controller: util.BoolPointer(true), - }, - }, + Name: r.Logging.QualifiedName(name), + Namespace: r.Logging.Spec.ControlNamespace, + Labels: r.Logging.GetFluentdLabels(component, *r.fluentdSpec), + OwnerReferences: []metav1.OwnerReference{ownerReference}, } return *o.DeepCopy() } diff --git a/pkg/resources/model/reconciler.go b/pkg/resources/model/reconciler.go index 4e37d9b74..d4a81c849 100644 --- a/pkg/resources/model/reconciler.go +++ b/pkg/resources/model/reconciler.go @@ -238,6 +238,8 @@ func NewValidationReconciler( resources.Fluentd.Configuration.Status.Active = utils.BoolPointer(true) resources.Fluentd.Configuration.Status.Logging = resources.Logging.Name + } else { + resources.Logging.Status.FluentdConfigName = "" } if len(resources.SyslogNG.ExcessSyslogNGs) != 0 { @@ -271,6 +273,8 @@ func NewValidationReconciler( logger.Info("found detached syslog-ng aggregator, making association, done: ", "name=", resources.Logging.Status.SyslogNGConfigName) resources.SyslogNG.Configuration.Status.Active = utils.BoolPointer(true) resources.SyslogNG.Configuration.Status.Logging = resources.Logging.Name + } else { + resources.Logging.Status.SyslogNGConfigName = "" } if !resources.Logging.WatchAllNamespaces() { diff --git a/pkg/resources/model/resources.go b/pkg/resources/model/resources.go index afea2a582..6b6898d3b 100644 --- a/pkg/resources/model/resources.go +++ b/pkg/resources/model/resources.go @@ -29,23 +29,19 @@ type LoggingResources struct { WatchNamespaces []string } -func (l LoggingResources) getFluentd() *v1beta1.FluentdConfig { +func (l LoggingResources) getFluentdConfig() *v1beta1.FluentdConfig { if l.Fluentd.Configuration != nil { return l.Fluentd.Configuration } return nil } -func (l LoggingResources) GetFluentdSpec() *v1beta1.FluentdSpec { - - if detachedFluentd := l.getFluentd(); detachedFluentd != nil { - return &detachedFluentd.Spec - } - if l.Logging.Spec.FluentdSpec != nil { - return l.Logging.Spec.FluentdSpec +func (l LoggingResources) GetFluentd() (*v1beta1.FluentdConfig, *v1beta1.FluentdSpec) { + if detachedFluentd := l.getFluentdConfig(); detachedFluentd != nil { + return detachedFluentd, &detachedFluentd.Spec } - return nil + return nil, l.Logging.Spec.FluentdSpec } type FluentdLoggingResources struct { @@ -64,16 +60,13 @@ func (l LoggingResources) getSyslogNG() *v1beta1.SyslogNGConfig { return nil } -func (l LoggingResources) GetSyslogNGSpec() *v1beta1.SyslogNGSpec { +func (l LoggingResources) GetSyslogNGSpec() (*v1beta1.SyslogNGConfig, *v1beta1.SyslogNGSpec) { if detachedSyslogNG := l.getSyslogNG(); detachedSyslogNG != nil { - return &detachedSyslogNG.Spec - } - if l.Logging.Spec.SyslogNGSpec != nil { - return l.Logging.Spec.SyslogNGSpec + return detachedSyslogNG, &detachedSyslogNG.Spec } + return nil, l.Logging.Spec.SyslogNGSpec - return nil } type SyslogNGLoggingResources struct { diff --git a/pkg/resources/model/system.go b/pkg/resources/model/system.go index 5ac622879..761dd1a7c 100644 --- a/pkg/resources/model/system.go +++ b/pkg/resources/model/system.go @@ -32,7 +32,7 @@ import ( func CreateSystem(resources LoggingResources, secrets SecretLoaderFactory, logger logr.Logger) (*types.System, error) { logging := resources.Logging - fluentdSpec := resources.GetFluentdSpec() + _, fluentdSpec := resources.GetFluentd() var forwardInput *input.ForwardInputConfig if fluentdSpec != nil && fluentdSpec.ForwardInputConfig != nil { diff --git a/pkg/resources/syslogng/dataprovider.go b/pkg/resources/syslogng/dataprovider.go index 859b13aa9..d5b2ec713 100644 --- a/pkg/resources/syslogng/dataprovider.go +++ b/pkg/resources/syslogng/dataprovider.go @@ -26,20 +26,22 @@ import ( ) type DataProvider struct { - client client.Client - logging *v1beta1.Logging + client client.Client + logging *v1beta1.Logging + syslogNGSConfig *v1beta1.SyslogNGConfig } -func NewDataProvider(client client.Client, logging *v1beta1.Logging) *DataProvider { +func NewDataProvider(client client.Client, logging *v1beta1.Logging, syslogNGSConfig *v1beta1.SyslogNGConfig) *DataProvider { return &DataProvider{ - client: client, - logging: logging, + client: client, + logging: logging, + syslogNGSConfig: syslogNGSConfig, } } func (p *DataProvider) GetReplicaCount(ctx context.Context) (*int32, error) { sts := &v1.StatefulSet{} - om := p.logging.SyslogNGObjectMeta(StatefulSetName, ComponentSyslogNG) + om := p.logging.SyslogNGObjectMeta(StatefulSetName, ComponentSyslogNG, p.syslogNGSConfig) err := p.client.Get(ctx, types.NamespacedName{Namespace: om.Namespace, Name: om.Name}, sts) if err != nil { return nil, errors.WrapIf(client.IgnoreNotFound(err), "getting syslog-ng statefulset") diff --git a/pkg/resources/syslogng/meta.go b/pkg/resources/syslogng/meta.go index fbca79330..a4db1e97a 100644 --- a/pkg/resources/syslogng/meta.go +++ b/pkg/resources/syslogng/meta.go @@ -21,19 +21,27 @@ import ( // SyslogNGObjectMeta creates an objectMeta for resource syslog-ng func (r *Reconciler) SyslogNGObjectMeta(name, component string) metav1.ObjectMeta { + ownerReference := metav1.OwnerReference{ + APIVersion: r.Logging.APIVersion, + Kind: r.Logging.Kind, + Name: r.Logging.Name, + UID: r.Logging.UID, + Controller: util.BoolPointer(true), + } + if r.syslogNGConfig != nil { + ownerReference = metav1.OwnerReference{ + APIVersion: r.syslogNGConfig.APIVersion, + Kind: r.syslogNGConfig.Kind, + Name: r.syslogNGConfig.Name, + UID: r.syslogNGConfig.UID, + Controller: util.BoolPointer(true), + } + } o := metav1.ObjectMeta{ - Name: r.Logging.QualifiedName(name), - Namespace: r.Logging.Spec.ControlNamespace, - Labels: r.Logging.GetSyslogNGLabels(component), - OwnerReferences: []metav1.OwnerReference{ - { - APIVersion: r.Logging.APIVersion, - Kind: r.Logging.Kind, - Name: r.Logging.Name, - UID: r.Logging.UID, - Controller: util.BoolPointer(true), - }, - }, + Name: r.Logging.QualifiedName(name), + Namespace: r.Logging.Spec.ControlNamespace, + Labels: r.Logging.GetSyslogNGLabels(component), + OwnerReferences: []metav1.OwnerReference{ownerReference}, } return *o.DeepCopy() } diff --git a/pkg/resources/syslogng/statefulset.go b/pkg/resources/syslogng/statefulset.go index a6b4b96bb..c4b44c481 100644 --- a/pkg/resources/syslogng/statefulset.go +++ b/pkg/resources/syslogng/statefulset.go @@ -43,7 +43,7 @@ func (r *Reconciler) statefulset() (runtime.Object, reconciler.DesiredState, err } desired := &appsv1.StatefulSet{ - ObjectMeta: r.Logging.SyslogNGObjectMeta(StatefulSetName, ComponentSyslogNG), + ObjectMeta: r.Logging.SyslogNGObjectMeta(StatefulSetName, ComponentSyslogNG, r.syslogNGConfig), Spec: appsv1.StatefulSetSpec{ PodManagementPolicy: appsv1.OrderedReadyPodManagement, Selector: &metav1.LabelSelector{ diff --git a/pkg/resources/syslogng/syslogng.go b/pkg/resources/syslogng/syslogng.go index c01d5d035..db423da75 100644 --- a/pkg/resources/syslogng/syslogng.go +++ b/pkg/resources/syslogng/syslogng.go @@ -71,8 +71,9 @@ const ( // Reconciler holds info what resource to reconcile type Reconciler struct { - Logging *v1beta1.Logging - syslogNGSpec *v1beta1.SyslogNGSpec + Logging *v1beta1.Logging + syslogNGSpec *v1beta1.SyslogNGSpec + syslogNGConfig *v1beta1.SyslogNGConfig *reconciler.GenericResourceReconciler config string secrets *secret.MountSecrets @@ -91,6 +92,7 @@ func New( log logr.Logger, logging *v1beta1.Logging, syslogNGSPec *v1beta1.SyslogNGSpec, + syslogNGCOnfig *v1beta1.SyslogNGConfig, config string, secrets *secret.MountSecrets, opts reconciler.ReconcilerOpts, @@ -98,6 +100,7 @@ func New( return &Reconciler{ Logging: logging, syslogNGSpec: syslogNGSPec, + syslogNGConfig: syslogNGCOnfig, GenericResourceReconciler: reconciler.NewGenericReconciler(client, log, opts), config: config, secrets: secrets, diff --git a/pkg/sdk/logging/api/v1beta1/logging_types.go b/pkg/sdk/logging/api/v1beta1/logging_types.go index 0f0d5826b..26db78722 100644 --- a/pkg/sdk/logging/api/v1beta1/logging_types.go +++ b/pkg/sdk/logging/api/v1beta1/logging_types.go @@ -448,20 +448,29 @@ func persistentVolumeModePointer(mode v1.PersistentVolumeMode) *v1.PersistentVol } // FluentdObjectMeta creates an objectMeta for resource fluentd -func (l *Logging) FluentdObjectMeta(name, component string, f FluentdSpec) metav1.ObjectMeta { +func (l *Logging) FluentdObjectMeta(name, component string, f FluentdSpec, fc *FluentdConfig) metav1.ObjectMeta { + ownerReference := metav1.OwnerReference{ + APIVersion: l.APIVersion, + Kind: l.Kind, + Name: l.Name, + UID: l.UID, + Controller: util.BoolPointer(true), + } + + if fc != nil { + ownerReference = metav1.OwnerReference{ + APIVersion: fc.APIVersion, + Kind: fc.Kind, + Name: fc.Name, + UID: fc.UID, + Controller: util.BoolPointer(true), + } + } o := metav1.ObjectMeta{ - Name: l.QualifiedName(name), - Namespace: l.Spec.ControlNamespace, - Labels: l.GetFluentdLabels(component, f), - OwnerReferences: []metav1.OwnerReference{ - { - APIVersion: l.APIVersion, - Kind: l.Kind, - Name: l.Name, - UID: l.UID, - Controller: util.BoolPointer(true), - }, - }, + Name: l.QualifiedName(name), + Namespace: l.Spec.ControlNamespace, + Labels: l.GetFluentdLabels(component, f), + OwnerReferences: []metav1.OwnerReference{ownerReference}, } return o } @@ -478,20 +487,28 @@ func (l *Logging) GetFluentdLabels(component string, f FluentdSpec) map[string]s } // SyslogNGObjectMeta creates an objectMeta for resource syslog-ng -func (l *Logging) SyslogNGObjectMeta(name, component string) metav1.ObjectMeta { +func (l *Logging) SyslogNGObjectMeta(name, component string, sc *SyslogNGConfig) metav1.ObjectMeta { + ownerReference := metav1.OwnerReference{ + APIVersion: l.APIVersion, + Kind: l.Kind, + Name: l.Name, + UID: l.UID, + Controller: util.BoolPointer(true), + } + if sc != nil { + ownerReference = metav1.OwnerReference{ + APIVersion: sc.APIVersion, + Kind: sc.Kind, + Name: sc.Name, + UID: sc.UID, + Controller: util.BoolPointer(true), + } + } o := metav1.ObjectMeta{ - Name: l.QualifiedName(name), - Namespace: l.Spec.ControlNamespace, - Labels: l.GetSyslogNGLabels(component), - OwnerReferences: []metav1.OwnerReference{ - { - APIVersion: l.APIVersion, - Kind: l.Kind, - Name: l.Name, - UID: l.UID, - Controller: util.BoolPointer(true), - }, - }, + Name: l.QualifiedName(name), + Namespace: l.Spec.ControlNamespace, + Labels: l.GetSyslogNGLabels(component), + OwnerReferences: []metav1.OwnerReference{ownerReference}, } return o }