From dcaf5951fac438f16a176e4bc5bd783ece2bea78 Mon Sep 17 00:00:00 2001 From: tarokkk Date: Thu, 23 Aug 2018 13:33:41 +0200 Subject: [PATCH] fix RBAC --- cmd/logging-operator/fluentbit/fluentbit.go | 7 ++++--- cmd/logging-operator/fluentd/config.go | 8 ++++---- cmd/logging-operator/fluentd/fluentd.go | 17 ++++------------- 3 files changed, 12 insertions(+), 20 deletions(-) diff --git a/cmd/logging-operator/fluentbit/fluentbit.go b/cmd/logging-operator/fluentbit/fluentbit.go index aacbe10af..1bb55d998 100644 --- a/cmd/logging-operator/fluentbit/fluentbit.go +++ b/cmd/logging-operator/fluentbit/fluentbit.go @@ -103,7 +103,7 @@ func newClusterRole(cr *fluentBitDeploymentConfig) *rbacv1.ClusterRole { return &rbacv1.ClusterRole{ TypeMeta: metav1.TypeMeta{ Kind: "ClusterRole", - APIVersion: "v1", + APIVersion: "rbac.authorization.k8s.io/v1beta1", }, ObjectMeta: metav1.ObjectMeta{ Name: "LoggingRole", @@ -129,7 +129,7 @@ func newClusterRoleBinding(cr *fluentBitDeploymentConfig) *rbacv1.ClusterRoleBin return &rbacv1.ClusterRoleBinding{ TypeMeta: metav1.TypeMeta{ Kind: "ClusterRoleBinding", - APIVersion: "v1", + APIVersion: "rbac.authorization.k8s.io/v1beta1", }, ObjectMeta: metav1.ObjectMeta{ Name: "logging", @@ -338,7 +338,8 @@ func newFluentBitDaemonSet(cr *fluentBitDeploymentConfig) *extensionv1.DaemonSet }, }, Spec: corev1.PodSpec{ - Volumes: generateVolume(), + ServiceAccountName: "logging", + Volumes: generateVolume(), Containers: []corev1.Container{ { // TODO move to configuration diff --git a/cmd/logging-operator/fluentd/config.go b/cmd/logging-operator/fluentd/config.go index 4eded4019..048a92e23 100644 --- a/cmd/logging-operator/fluentd/config.go +++ b/cmd/logging-operator/fluentd/config.go @@ -3,7 +3,7 @@ package fluentd var fluentdDefaultTemplate = ` # include other config files @include /fluentd/etc/input.conf -@include /fluentd/etc/app_config/* +@include /fluentd/app-config/* @include /fluentd/etc/devnull.conf ` var fluentdInputTemplate = ` @@ -34,9 +34,9 @@ var fluentdInputTemplate = ` version TLSv1_2 - ca_path /fluentd/etc/tls/caCert - cert_path /fluentd/etc/tls/serverCert - private_key_path /fluentd/etc/tls/serverKey + ca_path /fluentd/tls/caCert + cert_path /fluentd/tls/serverCert + private_key_path /fluentd/tls/serverKey client_cert_auth true {{- end }} diff --git a/cmd/logging-operator/fluentd/fluentd.go b/cmd/logging-operator/fluentd/fluentd.go index e936123a6..1753b5531 100644 --- a/cmd/logging-operator/fluentd/fluentd.go +++ b/cmd/logging-operator/fluentd/fluentd.go @@ -2,6 +2,7 @@ package fluentd import ( "bytes" + "fmt" "github.com/banzaicloud/logging-operator/cmd/logging-operator/sdkdecorator" "github.com/operator-framework/operator-sdk/pkg/sdk" "github.com/sirupsen/logrus" @@ -55,16 +56,6 @@ func InitFluentd() { sdkdecorator.CallSdkFunctionWithLogging(sdk.Create)(newFluentdService(fdc)) logrus.Info("Fluentd Deployment initialized!") } - // Create fluentd services - // Possible options - // replica: x - // tag_rewrite config: ? it should be possible to give Labels - // input port - // TLS? - // monitoring - // enabled: - // port: - // path: } // DeleteFluentd deletes fluentd if exists @@ -147,7 +138,7 @@ func generateConfig(input fluentdConfig) (*string, error) { if err != nil { return nil, err } - outputString := output.String() + outputString := fmt.Sprint(output.String()) return &outputString, nil } @@ -192,7 +183,7 @@ func newFluentdConfigmap(fdc *fluentdDeploymentConfig) *corev1.ConfigMap { }, Data: map[string]string{ - "fluentd.conf": fluentdDefaultTemplate, + "fluent.conf": fluentdDefaultTemplate, "input.conf": *inputConfig, "devnull.conf": fluentdOutputTemplate, }, @@ -265,7 +256,7 @@ func generateVolumeMounts() (v []corev1.VolumeMount) { tlsRelatedVolume := []corev1.VolumeMount{ { Name: "fluentd-tls", - MountPath: "/fluentd/etc/tls/", + MountPath: "/fluentd/tls/", }, } v = append(v, tlsRelatedVolume...)