Add kubernetes events input plugin (#1209)

* Add Kubernetes Events Input Plugin

Signed-off-by: Anson Liu <[email protected]>

* Update role permission and fix typo

Signed-off-by: Anson Liu <[email protected]>

* update docs/fluentbit.md

Signed-off-by: Anson Liu <[email protected]>

* Update manifests in setup folder

Signed-off-by: Anson Liu <[email protected]>

---------

Signed-off-by: Anson Liu <[email protected]>

apis/fluentbit/v1alpha2/clusterinput_types.go

@@ -71,6 +71,8 @@ type InputSpec struct {
 	Syslog *input.Syslog `json:"syslog,omitempty"`
 	// TCP defines the TCP input plugin configuration
 	TCP *input.TCP `json:"tcp,omitempty"`
+	// KubernetesEvents defines the KubernetesEvents input plugin configuration
+	KubernetesEvents *input.KubernetesEvents `json:"kubernetesEvents,omitempty"`
 }
 
 // +kubebuilder:object:root=true

apis/fluentbit/v1alpha2/plugins/input/kubernetes_events_types.go

@@ -0,0 +1,106 @@
+package input
+
+import (
+	"fmt"
+
+	"github.com/fluent/fluent-operator/v2/apis/fluentbit/v1alpha2/plugins"
+	"github.com/fluent/fluent-operator/v2/apis/fluentbit/v1alpha2/plugins/params"
+)
+
+// +kubebuilder:object:generate:=true
+
+// The KubernetesEvents input plugin allows you to collect kubernetes cluster events from kube-api server
+// **For full documentation, refer to https://docs.fluentbit.io/manual/pipeline/inputs/kubernetes-events*
+type KubernetesEvents struct {
+	// Tag name associated to all records comming from this plugin.
+	Tag string `json:"tag,omitempty"`
+	// Set a database file to keep track of recorded Kubernetes events
+	DB string `json:"db,omitempty"`
+	// Set a database sync method. values: extra, full, normal and off
+	DBSync string `json:"dbSync,omitempty"`
+	// Set the polling interval for each channel.
+	IntervalSec *int32 `json:"intervalSec,omitempty"`
+	// Set the polling interval for each channel (sub seconds: nanoseconds).
+	IntervalNsec *int64 `json:"intervalNsec,omitempty"`
+	// API Server end-point
+	KubeURL string `json:"kubeURL,omitempty"`
+	// CA certificate file
+	KubeCAFile string `json:"kubeCAFile,omitempty"`
+	// Absolute path to scan for certificate files
+	KubeCAPath string `json:"kubeCAPath,omitempty"`
+	// Token file
+	KubeTokenFile string `json:"kubeTokenFile,omitempty"`
+	// configurable 'time to live' for the K8s token. By default, it is set to 600 seconds.
+	// After this time, the token is reloaded from Kube_Token_File or the Kube_Token_Command.
+	KubeTokenTTL string `json:"kubeTokenTTL,omitempty"`
+	// kubernetes limit parameter for events query, no limit applied when set to 0.
+	KubeRequestLimit *int32 `json:"kubeRequestLimit,omitempty"`
+	// Kubernetes retention time for events.
+	KubeRetentionTime string `json:"kubeRetentionTime,omitempty"`
+	// Kubernetes namespace to query events from. Gets events from all namespaces by default
+	KubeNamespace string `json:"kubeNamespace,omitempty"`
+	// Debug level between 0 (nothing) and 4 (every detail).
+	TLSDebug *int32 `json:"tlsDebug,omitempty"`
+	// When enabled, turns on certificate validation when connecting to the Kubernetes API server.
+	TLSVerify *bool `json:"tlsVerify,omitempty"`
+	// Set optional TLS virtual host.
+	TLSVhost string `json:"tlsVhost,omitempty"`
+}
+
+func (_ *KubernetesEvents) Name() string {
+	return "kubernetes_events"
+}
+
+// implement Section() method
+func (k *KubernetesEvents) Params(_ plugins.SecretLoader) (*params.KVs, error) {
+	kvs := params.NewKVs()
+	if k.Tag != "" {
+		kvs.Insert("Tag", k.Tag)
+	}
+	if k.DB != "" {
+		kvs.Insert("DB", k.DB)
+	}
+	if k.DBSync != "" {
+		kvs.Insert("DB_Sync", k.DBSync)
+	}
+	if k.IntervalSec != nil {
+		kvs.Insert("Interval_Sec", fmt.Sprint(*k.IntervalSec))
+	}
+	if k.IntervalNsec != nil {
+		kvs.Insert("Interval_Nsec", fmt.Sprint(*k.IntervalNsec))
+	}
+	if k.KubeURL != "" {
+		kvs.Insert("Kube_URL", k.KubeURL)
+	}
+	if k.KubeCAFile != "" {
+		kvs.Insert("Kube_CA_File", k.KubeCAFile)
+	}
+	if k.KubeCAPath != "" {
+		kvs.Insert("Kube_CA_Path", k.KubeCAPath)
+	}
+	if k.KubeTokenFile != "" {
+		kvs.Insert("Kube_Token_File", k.KubeTokenFile)
+	}
+	if k.KubeTokenTTL != "" {
+		kvs.Insert("Kube_Token_TTL", k.KubeTokenTTL)
+	}
+	if k.KubeRequestLimit != nil {
+		kvs.Insert("Kube_Request_Limit", fmt.Sprint(*k.KubeRequestLimit))
+	}
+	if k.KubeRetentionTime != "" {
+		kvs.Insert("Kube_Retention_Time", k.KubeRetentionTime)
+	}
+	if k.KubeNamespace != "" {
+		kvs.Insert("Kube_Namespace", k.KubeNamespace)
+	}
+	if k.TLSDebug != nil {
+		kvs.Insert("tls.Debug", fmt.Sprint(*k.TLSDebug))
+	}
+	if k.TLSVerify != nil {
+		kvs.Insert("tls.Verify", fmt.Sprint(*k.TLSVerify))
+	}
+	if k.TLSVhost != "" {
+		kvs.Insert("tls.Vhost", k.TLSVhost)
+	}
+	return kvs, nil
+}

charts/fluent-operator/charts/fluent-bit-crds/crds/fluentbit.fluent.io_clusterinputs.yaml

@@ -243,6 +243,72 @@ spec:
                         type: string
                     type: object
                 type: object
+              kubernetesEvents:
+                description: KubernetesEvents defines the KubernetesEvents input plugin
+                  configuration
+                properties:
+                  db:
+                    description: Set a database file to keep track of recorded Kubernetes
+                      events
+                    type: string
+                  dbSync:
+                    description: 'Set a database sync method. values: extra, full,
+                      normal and off'
+                    type: string
+                  intervalNsec:
+                    description: 'Set the polling interval for each channel (sub seconds:
+                      nanoseconds).'
+                    format: int64
+                    type: integer
+                  intervalSec:
+                    description: Set the polling interval for each channel.
+                    format: int32
+                    type: integer
+                  kubeCAFile:
+                    description: CA certificate file
+                    type: string
+                  kubeCAPath:
+                    description: Absolute path to scan for certificate files
+                    type: string
+                  kubeNamespace:
+                    description: Kubernetes namespace to query events from. Gets events
+                      from all namespaces by default
+                    type: string
+                  kubeRequestLimit:
+                    description: kubernetes limit parameter for events query, no limit
+                      applied when set to 0.
+                    format: int32
+                    type: integer
+                  kubeRetentionTime:
+                    description: Kubernetes retention time for events.
+                    type: string
+                  kubeTokenFile:
+                    description: Token file
+                    type: string
+                  kubeTokenTTL:
+                    description: configurable 'time to live' for the K8s token. By
+                      default, it is set to 600 seconds. After this time, the token
+                      is reloaded from Kube_Token_File or the Kube_Token_Command.
+                    type: string
+                  kubeURL:
+                    description: API Server end-point
+                    type: string
+                  tag:
+                    description: Tag name associated to all records comming from this
+                      plugin.
+                    type: string
+                  tlsDebug:
+                    description: Debug level between 0 (nothing) and 4 (every detail).
+                    format: int32
+                    type: integer
+                  tlsVerify:
+                    description: When enabled, turns on certificate validation when
+                      connecting to the Kubernetes API server.
+                    type: boolean
+                  tlsVhost:
+                    description: Set optional TLS virtual host.
+                    type: string
+                type: object
               logLevel:
                 enum:
                 - "off"

charts/fluent-operator/templates/fluent-operator-clusterRole.yaml

@@ -25,6 +25,12 @@ rules:
       - pods
     verbs:
       - get
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - list
   - apiGroups:
       - ""
     resources:

config/crd/bases/fluentbit.fluent.io_clusterinputs.yaml

@@ -243,6 +243,72 @@ spec:
                         type: string
                     type: object
                 type: object
+              kubernetesEvents:
+                description: KubernetesEvents defines the KubernetesEvents input plugin
+                  configuration
+                properties:
+                  db:
+                    description: Set a database file to keep track of recorded Kubernetes
+                      events
+                    type: string
+                  dbSync:
+                    description: 'Set a database sync method. values: extra, full,
+                      normal and off'
+                    type: string
+                  intervalNsec:
+                    description: 'Set the polling interval for each channel (sub seconds:
+                      nanoseconds).'
+                    format: int64
+                    type: integer
+                  intervalSec:
+                    description: Set the polling interval for each channel.
+                    format: int32
+                    type: integer
+                  kubeCAFile:
+                    description: CA certificate file
+                    type: string
+                  kubeCAPath:
+                    description: Absolute path to scan for certificate files
+                    type: string
+                  kubeNamespace:
+                    description: Kubernetes namespace to query events from. Gets events
+                      from all namespaces by default
+                    type: string
+                  kubeRequestLimit:
+                    description: kubernetes limit parameter for events query, no limit
+                      applied when set to 0.
+                    format: int32
+                    type: integer
+                  kubeRetentionTime:
+                    description: Kubernetes retention time for events.
+                    type: string
+                  kubeTokenFile:
+                    description: Token file
+                    type: string
+                  kubeTokenTTL:
+                    description: configurable 'time to live' for the K8s token. By
+                      default, it is set to 600 seconds. After this time, the token
+                      is reloaded from Kube_Token_File or the Kube_Token_Command.
+                    type: string
+                  kubeURL:
+                    description: API Server end-point
+                    type: string
+                  tag:
+                    description: Tag name associated to all records comming from this
+                      plugin.
+                    type: string
+                  tlsDebug:
+                    description: Debug level between 0 (nothing) and 4 (every detail).
+                    format: int32
+                    type: integer
+                  tlsVerify:
+                    description: When enabled, turns on certificate validation when
+                      connecting to the Kubernetes API server.
+                    type: boolean
+                  tlsVhost:
+                    description: Set optional TLS virtual host.
+                    type: string
+                type: object
               logLevel:
                 enum:
                 - "off"

docs/fluentbit.md

@@ -456,6 +456,7 @@ InputSpec defines the desired state of ClusterInput
 | nginx | Nginx defines the Nginx input plugin configuration | *[input.Nginx](plugins/input/nginx.md) |
 | syslog | Syslog defines the Syslog input plugin configuration | *[input.Syslog](plugins/input/syslog.md) |
 | tcp | TCP defines the TCP input plugin configuration | *[input.TCP](plugins/input/tcp.md) |
+| kubernetesEvents | KubernetesEvents defines the KubernetesEvents input plugin configuration | *[input.KubernetesEvents](plugins/input/kubernetesevents.md) |
 
 [Back to TOC](#table-of-contents)
 # MultilineParser

docs/plugins/fluentbit/input/kubernetes_events.md

@@ -0,0 +1,23 @@
+# KubernetesEvents
+
+The KubernetesEvents input plugin allows you to collect kubernetes cluster events from kube-api server **For full documentation, refer to https://docs.fluentbit.io/manual/pipeline/inputs/kubernetes-events*
+
+
+| Field | Description | Scheme |
+| ----- | ----------- | ------ |
+| tag | Tag name associated to all records comming from this plugin. | string |
+| db | Set a database file to keep track of recorded Kubernetes events | string |
+| dbSync | Set a database sync method. values: extra, full, normal and off | string |
+| intervalSec | Set the polling interval for each channel. | *int32 |
+| intervalNsec | Set the polling interval for each channel (sub seconds: nanoseconds). | *int64 |
+| kubeURL | API Server end-point | string |
+| kubeCAFile | CA certificate file | string |
+| kubeCAPath | Absolute path to scan for certificate files | string |
+| kubeTokenFile | Token file | string |
+| kubeTokenTTL | configurable 'time to live' for the K8s token. By default, it is set to 600 seconds. After this time, the token is reloaded from Kube_Token_File or the Kube_Token_Command. | string |
+| kubeRequestLimit | kubernetes limit parameter for events query, no limit applied when set to 0. | *int32 |
+| kubeRetentionTime | Kubernetes retention time for events. | string |
+| kubeNamespace | Kubernetes namespace to query events from. Gets events from all namespaces by default | string |
+| tlsDebug | Debug level between 0 (nothing) and 4 (every detail). | *int32 |
+| tlsVerify | When enabled, turns on certificate validation when connecting to the Kubernetes API server. | *bool |
+| tlsVhost | Set optional TLS virtual host. | string |

manifests/setup/fluent-operator-clusterRole.yaml

@@ -25,6 +25,12 @@ rules:
       - pods
     verbs:
       - get
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - list      
   - apiGroups:
       - ""
     resources: