Skip to content

Ingest non-cluster flows through fluentd #3954

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Ingest non-cluster flows through fluentd #3954

wants to merge 3 commits into from
+583 −21

Conversation

pasanw
Copy link
Contributor

@pasanw pasanw commented May 27, 2025
edited
Loading

Description

This changeset facilitates voltron sending non-cluster flows to fluentd, rather than Linseed. This change is being made to enable support for forwarding of non-cluster flows to additional log stores like Splunk, since fluentd already supports such forwarding. When non-cluster hosts are enabled, the operator will now create a Service that exposes the HTTP ingestion point of fluentd, and creates the network policy and certificate updates required to allow this network flow. The operator also supports a new API option to forward only non-cluster flow logs to additional log stores.

For PR author

  • Tests for change.
  • If changing pkg/apis/, run make gen-files
  • If changing versions, run make gen-versions

For PR reviewers

A note for code reviewers - all pull requests must have the following:

  • Milestone set according to targeted release.
  • Appropriate labels:
    • kind/bug if this is a bugfix.
    • kind/enhancement if this is a a new feature.
    • enterprise if this PR applies to Calico Enterprise only.

@marvin-tigera marvin-tigera added this to the v1.39.0 milestone May 27, 2025
@pasanw
Ingest non-cluster flows through fluentd
8801f70 
This changeset facilitates voltron sending non-cluster flows to fluentd, rather than Linseed. This change is being made to enable support for forwarding of non-cluster flows to additional log stores like Splunk, since fluentd already supports such forwarding. When non-cluster hosts are enabled, the operator will now create a Service that exposes the HTTP ingestion point of fluentd, and creates the network policy and certificate updates required to allow this network flow. The operator also supports a new API option to forward only non-cluster flow logs to additional log stores.
@pasanw pasanw changed the title ev-5808 Ingest non-cluster flows through fluentd May 27, 2025
@pasanw pasanw requested review from rene-dekker and hjiawei May 27, 2025 23:37
rene-dekker
rene-dekker reviewed May 28, 2025
View reviewed changes
pkg/controller/logcollector/logcollector_controller.go
}
if nonclusterhost != nil {
if _, _, _, err := url.ParseEndpoint(nonclusterhost.Spec.Endpoint); err != nil {
r.status.SetDegraded(operatorv1.ResourceReadError, "Failed to read parse endpoint from NonClusterHost resource", err, reqLogger)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Might be helpful to add nonclusterhost.Spec.Endpoint to the message for the user's convenience.

rene-dekker
rene-dekker reviewed Jun 3, 2025
View reviewed changes
api/v1/logcollector_types.go Outdated
@@ -77,6 +77,9 @@ type AdditionalLogStoreSpec struct {
// If specified, enables exporting of flow, audit, and DNS logs to splunk.
// +optional
Splunk *SplunkStoreSpec `json:"splunk,omitempty"`
// If true, only logs from NonClusterHost instances will be forwarded to additional log stores defined in this spec.
// +optional
NonClusterLogsOnly bool `json:"nonClusterLogsOnly,omitempty"`
Copy link
Member

@rene-dekker rene-dekker Jun 3, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Think twice about bool fields. Many ideas start as boolean but eventually trend towards a small set of mutually exclusive options. Plan for future expansions by describing the policy options explicitly as a string type alias (e.g. TerminationMessagePolicy). source: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md

Today, the only situation where we want to omit part of the data is nch vs standard, but in the future we may have other such scenarios. For this reason it may be better to think of a different field name with string type enum values that describe the modes that we want to support.

@pasanw pasanw marked this pull request as ready for review June 11, 2025 01:09
@pasanw pasanw requested a review from a team as a code owner June 11, 2025 01:09
rene-dekker
rene-dekker reviewed Jun 11, 2025
View reviewed changes
pkg/render/fluentd_test.go
. "github.com/onsi/ginkgo"
. "github.com/onsi/ginkgo/extensions/table"
. "github.com/onsi/gomega"
"github.com/tigera/operator/pkg/render/common/networkpolicy"
Copy link
Member

@rene-dekker rene-dekker Jun 11, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: reformat imports

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rene-dekker rene-dekker rene-dekker approved these changes

@hjiawei hjiawei Awaiting requested review from hjiawei

Assignees
No one assigned
Labels
docs-pr-required release-note-required
Projects
None yet
Milestone
v1.39.0
Development

Successfully merging this pull request may close these issues.
3 participants
@pasanw @rene-dekker @marvin-tigera