-
Notifications
You must be signed in to change notification settings - Fork 231
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixes #522 CRD and operator conform to fluentd-loki-output-plugin documentation #523
Conversation
Signed-off-by: Anthony TREUILLIER <anthony.treuillier@gmail.com>
Signed-off-by: Anthony TREUILLIER <anthony.treuillier@gmail.com>
Signed-off-by: Anthony TREUILLIER <anthony.treuillier@gmail.com>
// Set TLS debug verbosity level. | ||
// It accept the following values: 0 (No debug), 1 (Error), 2 (State change), 3 (Informational) and 4 Verbose | ||
// +kubebuilder:validation:Enum:=0;1;2;3;4 | ||
Debug *int32 `json:"debug,omitempty"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a public document, is it necessary to remove these sections?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is not necessary, but it is not interpreted in the controller
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The data structures defined here are intended to be used for future extensions and it is recommended that the corresponding sections are not deleted.
https://github.com/fluent/fluent-operator/blob/master/docs/plugins/fluentd/tls.md
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, I understand your point of view, but if I undelete them, they will be automatically added to the CRD, you don't think it can be confusing ? what do you think about unlinking the loki struct from the *plugins.TLS struct ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The tls docs for fluentd https://github.com/fluent/fluent-operator/blob/master/docs/plugins/fluentd/tls.md is copied from fluentbit tls setting which is incorrect.
As @wenchajun mentioned fluentd has its own tls setting which is different with fluentbit's and should be optional to the fluentd input and output plugins: The transport section must be under <match>, <source>, and <filter> sections. It specifies the transport protocol, version, and certificates.
So fluentd's tls setting should conformed to fluentd's doc, not fluentbit's: https://docs.fluentd.org/configuration/transport-section
Fluentd's tls setting should include params from 5 sections:
- https://docs.fluentd.org/configuration/transport-section#tls-setting
- https://docs.fluentd.org/configuration/transport-section#signed-public-ca-parameters
- https://docs.fluentd.org/configuration/transport-section#generated-and-signed-by-private-ca-parameters
- https://docs.fluentd.org/configuration/transport-section#generated-and-signed-by-private-ca-certs-or-self-signed-parameters
- https://docs.fluentd.org/configuration/transport-section#cert-digest-algorithm-parameter
Fluentd tls samples:
https://stackoverflow.com/questions/50190993/how-to-get-fluentd-td-agent-tls-ssl-encryption-for-in-forward-to-work
fluent/fluentd#3802
@@ -6,24 +6,14 @@ import ( | |||
|
|||
// Fluentd provides integrated support for Transport Layer Security (TLS) and it predecessor Secure Sockets Layer (SSL) respectively. | |||
type TLS struct { | |||
// Force certificate validation | |||
Verify *bool `json:"verify,omitempty"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why removing fields in TLS?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
there are not used in controller
It's true that the Fluentd Loki plugin is copy from fluentbit Loki plugin which is incorrect. @wenchajun @wanjunlei Please double check if the |
The fluentd plugin And the fluentd plugins do not have a common tls setting, so I agree to delete the |
// Set TLS debug verbosity level. | ||
// It accept the following values: 0 (No debug), 1 (Error), 2 (State change), 3 (Informational) and 4 Verbose | ||
// +kubebuilder:validation:Enum:=0;1;2;3;4 | ||
Debug *int32 `json:"debug,omitempty"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The tls docs for fluentd https://github.com/fluent/fluent-operator/blob/master/docs/plugins/fluentd/tls.md is copied from fluentbit tls setting which is incorrect.
As @wenchajun mentioned fluentd has its own tls setting which is different with fluentbit's and should be optional to the fluentd input and output plugins: The transport section must be under <match>, <source>, and <filter> sections. It specifies the transport protocol, version, and certificates.
So fluentd's tls setting should conformed to fluentd's doc, not fluentbit's: https://docs.fluentd.org/configuration/transport-section
Fluentd's tls setting should include params from 5 sections:
- https://docs.fluentd.org/configuration/transport-section#tls-setting
- https://docs.fluentd.org/configuration/transport-section#signed-public-ca-parameters
- https://docs.fluentd.org/configuration/transport-section#generated-and-signed-by-private-ca-parameters
- https://docs.fluentd.org/configuration/transport-section#generated-and-signed-by-private-ca-certs-or-self-signed-parameters
- https://docs.fluentd.org/configuration/transport-section#cert-digest-algorithm-parameter
Fluentd tls samples:
https://stackoverflow.com/questions/50190993/how-to-get-fluentd-td-agent-tls-ssl-encryption-for-in-forward-to-work
fluent/fluentd#3802
See my comments in #523 (comment) |
There has been a Transport struct. |
You completely lost me
To make me clear, i will rework my PR to match my explanations |
Signed-off-by: Anthony TREUILLIER <anthony.treuillier@gmail.com>
@antrema You're right. It should be consistent with the plugin def. Thanks for finding and fixing this bug! |
What this PR does / why we need it:
Which issue(s) this PR fixes:
Fixes #522 Made CRD and operator conform to fluentd-loki-output-plugin documentation
Does this PR introduced a user-facing change?
Additional documentation, usage docs, etc.: