Merge pull request #463 from wenchajun/release-1.7.0

release 1.7.0

Author: benjaminhuo

CHANGELOG.md

@@ -4,6 +4,7 @@
 - Add environment variable support to the FluentBit CRD (#449)
 - Make more fluent-bit configurations configurable via the FluentBit resource (#452)
 - Feat: control/configure default ClusterFilters (helm chart) (#453)
+- Add fluent-bit service and option to extend the RBAC configurations (#462)
 
 ### ENHANCEMENT
 - Splunk make eventfield plural (#447)

VERSION

@@ -1 +1 @@
-latest
+v1.7.0

apis/fluentbit/v1alpha2/fluentbit_types.go

@@ -18,6 +18,7 @@ package v1alpha2
 
 import (
 	corev1 "k8s.io/api/core/v1"
+	rbacv1 "k8s.io/api/rbac/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	"github.com/fluent/fluent-operator/pkg/utils"
@@ -28,6 +29,8 @@ import (
 
 // FluentBitSpec defines the desired state of FluentBit
 type FluentBitSpec struct {
+	// DisableService tells if the fluentbit service should be deployed.
+	DisableService bool `json:"disableService,omitempty"`
 	// Fluent Bit image.
 	Image string `json:"image,omitempty"`
 	// Fluent Bit Watcher command line arguments.
@@ -78,6 +81,8 @@ type FluentBitSpec struct {
 	InitContainers []corev1.Container `json:"initContainers,omitempty"`
 	// Ports represents the pod's ports.
 	Ports []corev1.ContainerPort `json:"ports,omitempty"`
+	// RBACRules represents additional rbac rules which will be applied to the fluent-bit clusterrole.
+	RBACRules []rbacv1.PolicyRule `json:"rbacRules,omitempty"`
 }
 
 // FluentBitStatus defines the observed state of FluentBit

apis/fluentbit/v1alpha2/zz_generated.deepcopy.go

@@ -20,6 +20,7 @@ import (
 	"github.com/fluent/fluent-operator/apis/fluentd/v1alpha1/plugins/input"
 	"github.com/fluent/fluent-operator/pkg/utils"
 	corev1 "k8s.io/api/core/v1"
+	rbacv1 "k8s.io/api/rbac/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -65,6 +66,8 @@ type FluentdSpec struct {
 	RuntimeClassName string `json:"runtimeClassName,omitempty"`
 	// PriorityClassName represents the pod's priority class.
 	PriorityClassName string `json:"priorityClassName,omitempty"`
+	// RBACRules represents additional rbac rules which will be applied to the fluentd clusterrole.
+	RBACRules []rbacv1.PolicyRule `json:"rbacRules,omitempty"`
 }
 
 type BufferVolume struct {

apis/fluentd/v1alpha1/fluentd_types.go

@@ -873,6 +873,10 @@ spec:
               containerLogRealPath:
                 description: Container log path
                 type: string
+              disableService:
+                description: DisableService tells if the fluentbit service should
+                  be deployed.
+                type: boolean
               envVars:
                 description: EnvVars represent environment variables that can be passed
                   to fluentbit pods.
@@ -3872,6 +3876,57 @@ spec:
               priorityClassName:
                 description: PriorityClassName represents the pod's priority class.
                 type: string
+              rbacRules:
+                description: RBACRules represents additional rbac rules which will
+                  be applied to the fluent-bit clusterrole.
+                items:
+                  description: PolicyRule holds information that describes a policy
+                    rule, but does not contain information about who the rule applies
+                    to or which namespace the rule applies to.
+                  properties:
+                    apiGroups:
+                      description: APIGroups is the name of the APIGroup that contains
+                        the resources.  If multiple API groups are specified, any
+                        action requested against one of the enumerated resources in
+                        any API group will be allowed. "" represents the core API
+                        group and "*" represents all API groups.
+                      items:
+                        type: string
+                      type: array
+                    nonResourceURLs:
+                      description: NonResourceURLs is a set of partial urls that a
+                        user should have access to.  *s are allowed, but only as the
+                        full, final step in the path Since non-resource URLs are not
+                        namespaced, this field is only applicable for ClusterRoles
+                        referenced from a ClusterRoleBinding. Rules can either apply
+                        to API resources (such as "pods" or "secrets") or non-resource
+                        URL paths (such as "/api"),  but not both.
+                      items:
+                        type: string
+                      type: array
+                    resourceNames:
+                      description: ResourceNames is an optional white list of names
+                        that the rule applies to.  An empty set means that everything
+                        is allowed.
+                      items:
+                        type: string
+                      type: array
+                    resources:
+                      description: Resources is a list of resources this rule applies
+                        to. '*' represents all resources.
+                      items:
+                        type: string
+                      type: array
+                    verbs:
+                      description: Verbs is a list of Verbs that apply to ALL the
+                        ResourceKinds contained in this rule. '*' represents all verbs.
+                      items:
+                        type: string
+                      type: array
+                  required:
+                  - verbs
+                  type: object
+                type: array
               readinessProbe:
                 description: ReadinessProbe represents the pod's readiness probe.
                 properties:

apis/fluentd/v1alpha1/zz_generated.deepcopy.go

@@ -1694,6 +1694,57 @@ spec:
               priorityClassName:
                 description: PriorityClassName represents the pod's priority class.
                 type: string
+              rbacRules:
+                description: RBACRules represents additional rbac rules which will
+                  be applied to the fluentd clusterrole.
+                items:
+                  description: PolicyRule holds information that describes a policy
+                    rule, but does not contain information about who the rule applies
+                    to or which namespace the rule applies to.
+                  properties:
+                    apiGroups:
+                      description: APIGroups is the name of the APIGroup that contains
+                        the resources.  If multiple API groups are specified, any
+                        action requested against one of the enumerated resources in
+                        any API group will be allowed. "" represents the core API
+                        group and "*" represents all API groups.
+                      items:
+                        type: string
+                      type: array
+                    nonResourceURLs:
+                      description: NonResourceURLs is a set of partial urls that a
+                        user should have access to.  *s are allowed, but only as the
+                        full, final step in the path Since non-resource URLs are not
+                        namespaced, this field is only applicable for ClusterRoles
+                        referenced from a ClusterRoleBinding. Rules can either apply
+                        to API resources (such as "pods" or "secrets") or non-resource
+                        URL paths (such as "/api"),  but not both.
+                      items:
+                        type: string
+                      type: array
+                    resourceNames:
+                      description: ResourceNames is an optional white list of names
+                        that the rule applies to.  An empty set means that everything
+                        is allowed.
+                      items:
+                        type: string
+                      type: array
+                    resources:
+                      description: Resources is a list of resources this rule applies
+                        to. '*' represents all resources.
+                      items:
+                        type: string
+                      type: array
+                    verbs:
+                      description: Verbs is a list of Verbs that apply to ALL the
+                        ResourceKinds contained in this rule. '*' represents all verbs.
+                      items:
+                        type: string
+                      type: array
+                  required:
+                  - verbs
+                  type: object
+                type: array
               replicas:
                 description: Numbers of the Fluentd instance
                 format: int32

charts/fluent-operator/crds/fluentbit.fluent.io_fluentbits.yaml

@@ -12,7 +12,7 @@ operator:
     tag: "20.10"
   container:
     repository: "kubesphere/fluent-operator"
-    tag: "latest"
+    tag: "v1.7.0"
     # FluentBit operator resources. Usually user needn't to adjust these.
   resources:
     limits:

charts/fluent-operator/crds/fluentd.fluent.io_fluentds.yaml

@@ -873,6 +873,10 @@ spec:
               containerLogRealPath:
                 description: Container log path
                 type: string
+              disableService:
+                description: DisableService tells if the fluentbit service should
+                  be deployed.
+                type: boolean
               envVars:
                 description: EnvVars represent environment variables that can be passed
                   to fluentbit pods.
@@ -3872,6 +3876,57 @@ spec:
               priorityClassName:
                 description: PriorityClassName represents the pod's priority class.
                 type: string
+              rbacRules:
+                description: RBACRules represents additional rbac rules which will
+                  be applied to the fluent-bit clusterrole.
+                items:
+                  description: PolicyRule holds information that describes a policy
+                    rule, but does not contain information about who the rule applies
+                    to or which namespace the rule applies to.
+                  properties:
+                    apiGroups:
+                      description: APIGroups is the name of the APIGroup that contains
+                        the resources.  If multiple API groups are specified, any
+                        action requested against one of the enumerated resources in
+                        any API group will be allowed. "" represents the core API
+                        group and "*" represents all API groups.
+                      items:
+                        type: string
+                      type: array
+                    nonResourceURLs:
+                      description: NonResourceURLs is a set of partial urls that a
+                        user should have access to.  *s are allowed, but only as the
+                        full, final step in the path Since non-resource URLs are not
+                        namespaced, this field is only applicable for ClusterRoles
+                        referenced from a ClusterRoleBinding. Rules can either apply
+                        to API resources (such as "pods" or "secrets") or non-resource
+                        URL paths (such as "/api"),  but not both.
+                      items:
+                        type: string
+                      type: array
+                    resourceNames:
+                      description: ResourceNames is an optional white list of names
+                        that the rule applies to.  An empty set means that everything
+                        is allowed.
+                      items:
+                        type: string
+                      type: array
+                    resources:
+                      description: Resources is a list of resources this rule applies
+                        to. '*' represents all resources.
+                      items:
+                        type: string
+                      type: array
+                    verbs:
+                      description: Verbs is a list of Verbs that apply to ALL the
+                        ResourceKinds contained in this rule. '*' represents all verbs.
+                      items:
+                        type: string
+                      type: array
+                  required:
+                  - verbs
+                  type: object
+                type: array
               readinessProbe:
                 description: ReadinessProbe represents the pod's readiness probe.
                 properties: