Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes #522 CRD and operator conform to fluentd-loki-output-plugin documentation #523

Merged
merged 7 commits into from
Jan 31, 2023
Merged

Fixes #522 CRD and operator conform to fluentd-loki-output-plugin documentation #523

merged 7 commits into from
Jan 31, 2023

Conversation

antrema
Copy link
Collaborator

@antrema antrema commented Jan 26, 2023

What this PR does / why we need it:

Which issue(s) this PR fixes:

Fixes #522 Made CRD and operator conform to fluentd-loki-output-plugin documentation

Does this PR introduced a user-facing change?

None

Additional documentation, usage docs, etc.:

antrema and others added 6 commits January 25, 2023 09:26
@antrema
CRD and operator conform to plugin documentation
cd40e75 
Signed-off-by: Anthony TREUILLIER <anthony.treuillier@gmail.com>
@antrema
Merge branch 'fluentd-loki-plugin'
ae64622
@antrema
CRD and operator conform to plugin documentation
90220cf 
Signed-off-by: Anthony TREUILLIER <anthony.treuillier@gmail.com>
@antrema
Merge branch 'fluentd-loki-plugin'
84dd925
@antrema
CRD and operator conform to plugin documentation
c1cfa5e 
Signed-off-by: Anthony TREUILLIER <anthony.treuillier@gmail.com>
@antrema
Merge branch 'fluentd-loki-plugin'
0143a7b
wenchajun
wenchajun reviewed Jan 26, 2023
View reviewed changes
apis/fluentd/v1alpha1/plugins/tls_types.go Outdated
// Set TLS debug verbosity level.
// It accept the following values: 0 (No debug), 1 (Error), 2 (State change), 3 (Informational) and 4 Verbose
// +kubebuilder:validation:Enum:=0;1;2;3;4
Debug *int32 `json:"debug,omitempty"`
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a public document, is it necessary to remove these sections?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is not necessary, but it is not interpreted in the controller

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The data structures defined here are intended to be used for future extensions and it is recommended that the corresponding sections are not deleted.
https://github.com/fluent/fluent-operator/blob/master/docs/plugins/fluentd/tls.md

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, I understand your point of view, but if I undelete them, they will be automatically added to the CRD, you don't think it can be confusing ? what do you think about unlinking the loki struct from the *plugins.TLS struct ?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The tls docs for fluentd https://github.com/fluent/fluent-operator/blob/master/docs/plugins/fluentd/tls.md is copied from fluentbit tls setting which is incorrect.

As @wenchajun mentioned fluentd has its own tls setting which is different with fluentbit's and should be optional to the fluentd input and output plugins: The transport section must be under <match>, <source>, and <filter> sections. It specifies the transport protocol, version, and certificates.

So fluentd's tls setting should conformed to fluentd's doc, not fluentbit's: https://docs.fluentd.org/configuration/transport-section

Fluentd's tls setting should include params from 5 sections:

Fluentd tls samples:
https://stackoverflow.com/questions/50190993/how-to-get-fluentd-td-agent-tls-ssl-encryption-for-in-forward-to-work
fluent/fluentd#3802

benjaminhuo
benjaminhuo reviewed Jan 26, 2023
View reviewed changes
apis/fluentd/v1alpha1/plugins/tls_types.go Outdated
@@ -6,24 +6,14 @@ import (

// Fluentd provides integrated support for Transport Layer Security (TLS) and it predecessor Secure Sockets Layer (SSL) respectively.
type TLS struct {
// Force certificate validation
Verify *bool `json:"verify,omitempty"`
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why removing fields in TLS?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

there are not used in controller

@benjaminhuo
Copy link
Member

It's true that the Fluentd Loki plugin is copy from fluentbit Loki plugin which is incorrect.
The TLS is from fluentbit https://docs.fluentbit.io/manual/pipeline/outputs/tcp-and-tls https://docs.fluentbit.io/manual/pipeline/outputs/opensearch

@wenchajun @wanjunlei Please double check if the TLS should be removed from the fluentd code

@wanjunlei
Copy link
Collaborator

It's true that the Fluentd Loki plugin is copy from fluentbit Loki plugin which is incorrect. The TLS is from fluentbit https://docs.fluentbit.io/manual/pipeline/outputs/tcp-and-tls https://docs.fluentbit.io/manual/pipeline/outputs/opensearch

@wenchajun @wanjunlei Please double check if the TLS should be removed from the fluentd code

The fluentd plugin http, forward have their own tls settings and does not use the TLS, so I think loki can set its own tls
settings like them.

And the fluentd plugins do not have a common tls setting, so I agree to delete the TLS, and the plugins should define the tls setting themselves

benjaminhuo
benjaminhuo requested changes Jan 28, 2023
View reviewed changes
apis/fluentd/v1alpha1/plugins/tls_types.go Outdated
// Set TLS debug verbosity level.
// It accept the following values: 0 (No debug), 1 (Error), 2 (State change), 3 (Informational) and 4 Verbose
// +kubebuilder:validation:Enum:=0;1;2;3;4
Debug *int32 `json:"debug,omitempty"`
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The tls docs for fluentd https://github.com/fluent/fluent-operator/blob/master/docs/plugins/fluentd/tls.md is copied from fluentbit tls setting which is incorrect.

As @wenchajun mentioned fluentd has its own tls setting which is different with fluentbit's and should be optional to the fluentd input and output plugins: The transport section must be under <match>, <source>, and <filter> sections. It specifies the transport protocol, version, and certificates.

So fluentd's tls setting should conformed to fluentd's doc, not fluentbit's: https://docs.fluentd.org/configuration/transport-section

Fluentd's tls setting should include params from 5 sections:

Fluentd tls samples:
https://stackoverflow.com/questions/50190993/how-to-get-fluentd-td-agent-tls-ssl-encryption-for-in-forward-to-work
fluent/fluentd#3802

@benjaminhuo
Copy link
Member

It's true that the Fluentd Loki plugin is copy from fluentbit Loki plugin which is incorrect. The TLS is from fluentbit https://docs.fluentbit.io/manual/pipeline/outputs/tcp-and-tls https://docs.fluentbit.io/manual/pipeline/outputs/opensearch
@wenchajun @wanjunlei Please double check if the TLS should be removed from the fluentd code

The fluentd plugin http, forward have their own tls settings and does not use the TLS, so I think loki can set its own tls settings like them.

And the fluentd plugins do not have a common tls setting, so I agree to delete the TLS, and the plugins should define the tls setting themselves

See my comments in #523 (comment)

@wanjunlei
Copy link
Collaborator

There has been a Transport struct.

@benjaminhuo
Copy link
Member

There has been a Transport struct.

Nice, then we should use Transport instead of the TLS in Loki @antrema

@antrema
Copy link
Collaborator Author

antrema commented Jan 30, 2023
edited
Loading

There has been a Transport struct.

Nice, then we should use Transport instead of the TLS in Loki @antrema

You completely lost me
The plugin fluentd-loki-output-plugin is maintained by Grafana and its definition is fully documented here
Why do you want to absolutely match an existing struct (Transport or TLS), the resulting CRDs will completely differ from the plugin fluentd-loki-output-plugin documentation and users will be confused
I think we just have to match the Loki struct to the plugin structure
As it is done on the other output plugins:

To make me clear, i will rework my PR to match my explanations

@antrema
CRD and operator conform to plugin documentation
253df23 
Signed-off-by: Anthony TREUILLIER <anthony.treuillier@gmail.com>
@benjaminhuo
Copy link
Member

The plugin fluentd-loki-output-plugin is maintained by Grafana and its definition is fully documented here
Why do you want to absolutely match an existing struct (Transport or TLS), the resulting CRDs will completely differ from the plugin fluentd-loki-output-plugin documentation and users will be confused
I think we just have to match the Loki struct to the plugin structure

@antrema You're right. It should be consistent with the plugin def.
The HTTP input plugin has the transport section in which the tls config should be put.
But the HTTP output plugin simply put tls settings as plain fields.

Thanks for finding and fixing this bug!

@benjaminhuo benjaminhuo merged commit 9b9c853 into fluent:master Jan 31, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wenchajun wenchajun wenchajun left review comments

@benjaminhuo benjaminhuo benjaminhuo approved these changes

@wanjunlei wanjunlei Awaiting requested review from wanjunlei

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

bug: fluentd loki output plugin integration not conform to the plugin configuration
4 participants
@antrema @benjaminhuo @wanjunlei @wenchajun