Install Fluent Operator (gardener#7568)

* Move the existing fluent-operator under the logging component * Install fluentd CRDs Currently, fluent operator requires all the CRDs, otherwise it will crash. Ref fluent/fluent-operator#612 * Add aliases for the operator's packages * Add the fluent-operator component * Adapt seed reconciler to deploy the fluent-operator * Delete old fluent-bit resources * Drop the old fluent-bit chart * Add healthcheck for the fluent-operator managed resources * No longer use logging fields from the Gardenlet component config Now custom resources can be directly deployed to achieve such effect * Add fluent-operator custom resources for the components of the extensions * Add fluent-operator custom resources for the cluster-autoscaler component * Add fluent-operator custom resources for the coredns component * Add fluent-operator custom resources for the dependency-watchdog component * Add fluent-operator custom resources for the etcd component * Add fluent-operator custom resources for the hvpa component * Add fluent-operator custom resources for the kube-apiserver component * Add fluent-operator custom resources for the kube-controller-manager component * Add fluent-operator custom resources for the kube-proxy component * Add fluent-operator custom resources for the kubernetes-dashboard component * Add fluent-operator custom resources for the kube-scheduler component * Add fluent-operator custom resources for the kube-state-metrics component * Add fluent-operator custom resources for the logging components * Add fluent-operator custom resources for the monitoring components * Add fluent-operator custom resources for the metrics-server component * Add fluent-operator custom resources for the nginx-ingress-shoot component * Add fluent-operator custom resources for the node-problem-detector component * Add fluent-operator custom resources for the resource-manager component * Add fluent-operator custom resources for the vpa component * Add fluent-operator custom resources for the vpn-seed-server component * Add fluent-operator custom resources for the vpn-shoot component * Adapt docs to the fluent-operator contract * Add fluent-operator custom resources for the machine-controller-manager component * Add needed network policies * Adapt components after rebase * Address Ismail's comments * Wait for fluent-bit service to be created before pathing it * Run make generate * Fix unit tests after the rebase * Replace the the images with the copied ones * Address Ismail's new comments * Address Rafael's comments * Upgrade Fluent Operator to version v.2.2.0 * Address the rest of Rafael's comments * Run make generate * Run make-revendor * Address Rafael's new comments * Address Ismail's comments * Add fluent-operator-custom-resources as depencendy of the fluent-operator in the reconcile flow * Move the import restrictions to more appropriate places * Restrict operator's roles --------- Co-authored-by: Kristian-ZH <k.zhelyazkov@sap.com>
jfortin-sap · May 9, 2023 · 7ee780e · 7ee780e
1 parent 42ccdb2
commit 7ee780e
Show file tree

Hide file tree

Showing 365 changed files with 26,672 additions and 3,110 deletions.
diff --git a/.golangci.yaml b/.golangci.yaml
@@ -12,7 +12,6 @@ run:
   - ".*\\.pb\\.go$"
   - "zz_generated\\..*\\.go$"
   - "openapi_generated\\.go$"
-  - pkg/operation/botanist/component/fluentoperator/doc.go # This file blank import, which should be only in a main or test package
 
 linters:
   disable:
@@ -97,6 +96,14 @@ linters-settings:
         alias: logf
       - pkg: github.com/golang/mock/gomock
         alias: gmock
+      - pkg: github.com/fluent/fluent-operator/v2/apis/fluentbit/v1alpha2
+        alias: fluentbitv1alpha2
+      - pkg: github.com/fluent/fluent-operator/v2/apis/fluentbit/v1alpha2/plugins/filter
+        alias: fluentbitv1alpha2filter
+      - pkg: github.com/fluent/fluent-operator/v2/apis/fluentbit/v1alpha2/plugins/parser
+        alias: fluentbitv1alpha2parser
+      - pkg: github.com/fluent/fluent-operator/v2/apis/fluentbit/v1alpha2/plugins/input
+        alias: fluentbitv1alpha2input
       # Gradener external imported packages
       - pkg: github.com/gardener/hvpa-controller/api/v1alpha1
         alias: hvpav1alpha1

diff --git a/charts/gardener/gardenlet/templates/clusterrole-gardenlet.yaml b/charts/gardener/gardenlet/templates/clusterrole-gardenlet.yaml
@@ -156,12 +156,19 @@ rules:
   - clusteroutputs.fluentbit.fluent.io
   - clusterparsers.fluentbit.fluent.io
   - fluentbits.fluentbit.fluent.io
+  - collectors.fluentbit.fluent.io
+  - fluentbitconfigs.fluentbit.fluent.io
+  - filters.fluentbit.fluent.io
+  - outputs.fluentbit.fluent.io
+  - parsers.fluentbit.fluent.io
   verbs:
   - delete
 - apiGroups:
   - apps
   resources:
   - deployments
+  # TODO(Kristian-ZH): remove this when the old fluent-bit deletion logic is removed
+  - daemonsets
   - statefulsets
   - replicasets
   verbs:

diff --git a/charts/gardener/gardenlet/templates/role-garden-gardenlet.yaml b/charts/gardener/gardenlet/templates/role-garden-gardenlet.yaml
@@ -21,17 +21,6 @@ rules:
   - create
   - patch
   - update
-- apiGroups:
-  - apps
-  resources:
-  - daemonsets
-  resourceNames:
-  - fluent-bit
-  verbs:
-  - delete
-  - get
-  - patch
-  - update
 - apiGroups:
   - apps
   resources:

diff --git a/charts/gardener/gardenlet/values.yaml b/charts/gardener/gardenlet/values.yaml
@@ -184,10 +184,6 @@ config:
 #     etcdConnectionTimeout: 5s
 # logging:
 #   enabled: false
-#   fluentBit:
-#     output: |-
-#       [Output]
-#           ...
 # monitoring:
 #   shoot:
 #     remoteWrite:

diff --git a/charts/images.yaml b/charts/images.yaml
@@ -363,10 +363,23 @@ images:
   tag: "3.15.8"
 
 # Logging
+- name: fluent-operator
+  sourceRepository: github.com/fluent/fluent-operator
+  repository: eu.gcr.io/gardener-project/3rd/kubesphere/fluent-operator
+  tag: "v2.2.0"
+  labels:
+  - name: 'gardener.cloud/cve-categorisation'
+    value:
+      network_exposure: 'private'
+      authentication_enforced: false
+      user_interaction: 'gardener-operator'
+      confidentiality_requirement: 'low'
+      integrity_requirement: 'low'
+      availability_requirement: 'low'
 - name: fluent-bit
-  sourceRepository: github.com/fluent/fluent-bit
-  repository: eu.gcr.io/gardener-project/3rd/fluent/fluent-bit
-  tag: "1.9.7"
+  sourceRepository: github.com/fluent/fluent-operator
+  repository: eu.gcr.io/gardener-project/3rd/kubesphere/fluent-bit
+  tag: "v2.0.9"
   labels:
   - name: 'gardener.cloud/cve-categorisation'
     value:

diff --git a/charts/seed-bootstrap/charts/fluent-bit/Chart.yaml b/charts/seed-bootstrap/charts/fluent-bit/Chart.yaml
diff --git a/charts/seed-bootstrap/charts/fluent-bit/templates/_fluent-bit-config.tpl b/charts/seed-bootstrap/charts/fluent-bit/templates/_fluent-bit-config.tpl