fix RBAC

kube-logging · Aug 27, 2018 · dcaf595 · dcaf595
1 parent 34c331e
commit dcaf595
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 20 deletions.
diff --git a/cmd/logging-operator/fluentbit/fluentbit.go b/cmd/logging-operator/fluentbit/fluentbit.go
@@ -103,7 +103,7 @@ func newClusterRole(cr *fluentBitDeploymentConfig) *rbacv1.ClusterRole {
 	return &rbacv1.ClusterRole{
 		TypeMeta: metav1.TypeMeta{
 			Kind:       "ClusterRole",
-			APIVersion: "v1",
+			APIVersion: "rbac.authorization.k8s.io/v1beta1",
 		},
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      "LoggingRole",
@@ -129,7 +129,7 @@ func newClusterRoleBinding(cr *fluentBitDeploymentConfig) *rbacv1.ClusterRoleBin
 	return &rbacv1.ClusterRoleBinding{
 		TypeMeta: metav1.TypeMeta{
 			Kind:       "ClusterRoleBinding",
-			APIVersion: "v1",
+			APIVersion: "rbac.authorization.k8s.io/v1beta1",
 		},
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      "logging",
@@ -338,7 +338,8 @@ func newFluentBitDaemonSet(cr *fluentBitDeploymentConfig) *extensionv1.DaemonSet
 					},
 				},
 				Spec: corev1.PodSpec{
-					Volumes: generateVolume(),
+					ServiceAccountName: "logging",
+					Volumes:            generateVolume(),
 					Containers: []corev1.Container{
 						{
 							// TODO move to configuration

diff --git a/cmd/logging-operator/fluentd/config.go b/cmd/logging-operator/fluentd/config.go
@@ -3,7 +3,7 @@ package fluentd
 var fluentdDefaultTemplate = `
 # include other config files
 @include /fluentd/etc/input.conf
-@include /fluentd/etc/app_config/*
+@include /fluentd/app-config/*
 @include /fluentd/etc/devnull.conf
 `
 var fluentdInputTemplate = `
@@ -34,9 +34,9 @@ var fluentdInputTemplate = `
     </security>
     <transport tls>
       version                TLSv1_2
-      ca_path                /fluentd/etc/tls/caCert
-      cert_path              /fluentd/etc/tls/serverCert
-      private_key_path       /fluentd/etc/tls/serverKey
+      ca_path                /fluentd/tls/caCert
+      cert_path              /fluentd/tls/serverCert
+      private_key_path       /fluentd/tls/serverKey
       client_cert_auth       true
     </transport>
     {{- end }}

diff --git a/cmd/logging-operator/fluentd/fluentd.go b/cmd/logging-operator/fluentd/fluentd.go
@@ -2,6 +2,7 @@ package fluentd
 
 import (
 	"bytes"
+	"fmt"
 	"github.com/banzaicloud/logging-operator/cmd/logging-operator/sdkdecorator"
 	"github.com/operator-framework/operator-sdk/pkg/sdk"
 	"github.com/sirupsen/logrus"
@@ -55,16 +56,6 @@ func InitFluentd() {
 		sdkdecorator.CallSdkFunctionWithLogging(sdk.Create)(newFluentdService(fdc))
 		logrus.Info("Fluentd Deployment initialized!")
 	}
-	// Create fluentd services
-	// Possible options
-	//  replica: x
-	//  tag_rewrite config: ? it should be possible to give Labels
-	//  input port
-	//  TLS?
-	//  monitoring
-	//    enabled:
-	//    port:
-	//    path:
 }
 
 // DeleteFluentd deletes fluentd if exists
@@ -147,7 +138,7 @@ func generateConfig(input fluentdConfig) (*string, error) {
 	if err != nil {
 		return nil, err
 	}
-	outputString := output.String()
+	outputString := fmt.Sprint(output.String())
 	return &outputString, nil
 }
 
@@ -192,7 +183,7 @@ func newFluentdConfigmap(fdc *fluentdDeploymentConfig) *corev1.ConfigMap {
 		},
 
 		Data: map[string]string{
-			"fluentd.conf": fluentdDefaultTemplate,
+			"fluent.conf":  fluentdDefaultTemplate,
 			"input.conf":   *inputConfig,
 			"devnull.conf": fluentdOutputTemplate,
 		},
@@ -265,7 +256,7 @@ func generateVolumeMounts() (v []corev1.VolumeMount) {
 		tlsRelatedVolume := []corev1.VolumeMount{
 			{
 				Name:      "fluentd-tls",
-				MountPath: "/fluentd/etc/tls/",
+				MountPath: "/fluentd/tls/",
 			},
 		}
 		v = append(v, tlsRelatedVolume...)