feat: allow customizing cluster domain

Signed-off-by: GitHub <[email protected]>
kube-logging · Sep 7, 2022 · 549a1d9 · 549a1d9
1 parent bf44280
commit 549a1d9
Show file tree

Hide file tree

Showing 13 changed files with 43 additions and 11 deletions.
diff --git a/charts/logging-demo/templates/logging.yaml b/charts/logging-demo/templates/logging.yaml
@@ -25,4 +25,5 @@ spec:
 {{ toYaml .Values.loggingOperator.fluentbit | indent 4}}
     {{- end}}
 
+  clusterDomain: {{ .Values.loggingOperator.clusterDomain }}
   controlNamespace: {{ .Values.loggingOperator.controlNamespace | default .Release.Namespace }}
diff --git a/charts/logging-demo/templates/secret_tls.yaml b/charts/logging-demo/templates/secret_tls.yaml
@@ -1,6 +1,10 @@
 {{- if .Values.loggingOperator.tls.enabled }}
 {{ $ca := genCA "svc-cat-ca" 3650 }}
-{{ $cn := printf "%s-%s.%s.svc.cluster.local" (include "logging-demo.name" .) "fluentd" .Release.Namespace }}
+{{- if .Values.loggingOperator.clusterDomain }}
+{{ $cn := printf "%s-%s.%s.svc.%s" (include "logging-demo.name" .) "fluentd" .Release.Namespace .Values.loggingOperator.clusterDomain }}
+{{- else }}
+{{ $cn := printf "%s-%s.%s.svc" (include "logging-demo.name" .) "fluentd" .Release.Namespace }}
+{{- end }}
 {{ $server := genSignedCert $cn nil nil 365 $ca }}
 {{ $client := genSignedCert "" nil nil 365 $ca }}
 

diff --git a/charts/logging-demo/values.yaml b/charts/logging-demo/values.yaml
@@ -6,6 +6,7 @@ nameOverride: ""
 fullnameOverride: ""
 
 loggingOperator:
+  clusterDomain: cluster.local
   controlNamespace:
   fluentd: {}
 #    metrics:

diff --git a/charts/logging-operator-logging/templates/logging.yaml b/charts/logging-operator-logging/templates/logging.yaml
@@ -27,6 +27,7 @@ spec:
   watchNamespaces:
 {{ toYaml .Values.watchNamespaces | indent 4 }}
   {{- end }}
+  clusterDomain: {{ .Values.clusterDomain }}
   controlNamespace: {{ .Values.controlNamespace | default .Release.Namespace }}
   {{- if .Values.defaultFlow }}
   defaultFlow:

diff --git a/charts/logging-operator-logging/templates/secret.yaml b/charts/logging-operator-logging/templates/secret.yaml
@@ -1,6 +1,10 @@
 {{- if .Values.tls.enabled }}
 {{ $ca := genCA "svc-cat-ca" 3650 }}
-{{ $cn := printf "%s-%s.%s.svc.cluster.local" (include "logging-operator-logging.name" .) "fluentd" .Release.Namespace }}
+{{- if .Values.clusterDomain }}
+{{ $cn := printf "%s-%s.%s.svc.%s" (include "logging-operator-logging.name" .) "fluentd" .Release.Namespace .Values.clusterDomain }}
+{{- else }}
+{{ $cn := printf "%s-%s.%s.svc" (include "logging-operator-logging.name" .) "fluentd" .Release.Namespace }}
+{{- end }}
 {{ $server := genSignedCert $cn nil nil 365 $ca }}
 {{ $client := genSignedCert "" nil nil 365 $ca }}
 

diff --git a/charts/logging-operator-logging/values.yaml b/charts/logging-operator-logging/values.yaml
@@ -12,6 +12,7 @@ flowConfigOverride: ""
 nameOverride: ""
 fullnameOverride: ""
 
+
 # If an immutable field is changed, delete the existing resource
 # and recreate it with the new configuration.
 enableRecreateWorkloadOnImmutableFieldChange: false
@@ -68,6 +69,10 @@ skipInvalidResources: false
 
 # Limit namespaces from where to read Flow and Output specs
 watchNamespaces: []
+
+# Cluster domain name to be used when templating URLs to services
+clusterDomain: "cluster.local"
+
 # Control namespace that contains ClusterOutput and ClusterFlow resources
 controlNamespace: ""
 # Allow configuration of cluster resources from any namespace

diff --git a/charts/logging-operator/crds/logging.banzaicloud.io_loggings.yaml b/charts/logging-operator/crds/logging.banzaicloud.io_loggings.yaml
@@ -51,6 +51,8 @@ spec:
             properties:
               allowClusterResourcesFromAllNamespaces:
                 type: boolean
+              clusterDomain:
+                type: string
               controlNamespace:
                 type: string
               defaultFlow:

diff --git a/config/crd/bases/logging.banzaicloud.io_loggings.yaml b/config/crd/bases/logging.banzaicloud.io_loggings.yaml
@@ -51,6 +51,8 @@ spec:
             properties:
               allowClusterResourcesFromAllNamespaces:
                 type: boolean
+              clusterDomain:
+                type: string
               controlNamespace:
                 type: string
               defaultFlow:

diff --git a/pkg/resources/fluentbit/configsecret.go b/pkg/resources/fluentbit/configsecret.go
@@ -126,7 +126,7 @@ func (r *Reconciler) configSecret() (runtime.Object, reconciler.DesiredState, er
 
 	var fluentbitTargetHost string
 	if r.Logging.Spec.FluentdSpec != nil && r.Logging.Spec.FluentbitSpec.TargetHost == "" {
-		fluentbitTargetHost = fmt.Sprintf("%s.%s.svc.cluster.local", r.Logging.QualifiedName(fluentd.ServiceName), r.Logging.Spec.ControlNamespace)
+		fluentbitTargetHost = fmt.Sprintf("%s.%s.svc.%s", r.Logging.QualifiedName(fluentd.ServiceName), r.Logging.Spec.ControlNamespace, r.Logging.Spec.ClusterDomain)
 	} else {
 		fluentbitTargetHost = r.Logging.Spec.FluentbitSpec.TargetHost
 	}
@@ -360,10 +360,11 @@ func (r *Reconciler) generateUpstreamNode(index int32) upstreamNode {
 	podName := r.Logging.QualifiedName(fmt.Sprintf("%s-%d", fluentd.ComponentFluentd, index))
 	return upstreamNode{
 		Name: podName,
-		Host: fmt.Sprintf("%s.%s.%s.svc.cluster.local",
+		Host: fmt.Sprintf("%s.%s.%s.svc.%s",
 			podName,
 			r.Logging.QualifiedName(fluentd.ServiceName+"-headless"),
-			r.Logging.Spec.ControlNamespace),
+			r.Logging.Spec.ControlNamespace,
+			r.Logging.Spec.ClusterDomain),
 		Port: 24240,
 	}
 }
diff --git a/pkg/resources/nodeagent/configsecret.go b/pkg/resources/nodeagent/configsecret.go
@@ -184,7 +184,7 @@ func (n *nodeAgentInstance) configSecret() (runtime.Object, reconciler.DesiredSt
 			SharedKey: n.nodeAgent.FluentbitSpec.TLS.SharedKey,
 		},
 		Monitor:                 monitor,
-		TargetHost:              fmt.Sprintf("%s.%s.svc.cluster.local", n.FluentdQualifiedName(fluentd.ServiceName), n.logging.Spec.ControlNamespace),
+		TargetHost:              fmt.Sprintf("%s.%s.svc.%s", n.FluentdQualifiedName(fluentd.ServiceName), n.logging.Spec.ControlNamespace, n.logging.Spec.ClusterDomain),
 		TargetPort:              n.logging.Spec.FluentdSpec.Port,
 		Input:                   fluentbitInput,
 		DisableKubernetesFilter: disableKubernetesFilter,
@@ -317,10 +317,11 @@ func (n *nodeAgentInstance) generateUpstreamNode(index int32) upstreamNode {
 	podName := n.FluentdQualifiedName(fmt.Sprintf("%s-%d", fluentd.ComponentFluentd, index))
 	return upstreamNode{
 		Name: podName,
-		Host: fmt.Sprintf("%s.%s.%s.svc.cluster.local",
+		Host: fmt.Sprintf("%s.%s.%s.svc.%s",
 			podName,
 			n.FluentdQualifiedName(fluentd.ServiceName+"-headless"),
-			n.logging.Spec.ControlNamespace),
+			n.logging.Spec.ControlNamespace,
+			n.logging.Spec.ClusterDomain),
 		Port: 24240,
 	}
 }
diff --git a/pkg/resources/nodeagent/nodeagent.go b/pkg/resources/nodeagent/nodeagent.go
@@ -199,7 +199,7 @@ func NodeAgentFluentbitDefaults(userDefined **v1beta1.NodeAgent) (*v1beta1.NodeA
 var NodeAgentFluentbitWindowsDefaults = &v1beta1.NodeAgent{
 	FluentbitSpec: &v1beta1.NodeAgentFluentbit{
 		FilterKubernetes: v1beta1.FilterKubernetes{
-			KubeURL:       "https://kubernetes.default.svc.cluster.local:443",
+			KubeURL:       "https://kubernetes.default.svc:443",
 			KubeCAFile:    "c:\\var\\run\\secrets\\kubernetes.io\\serviceaccount\\ca.crt",
 			KubeTokenFile: "c:\\var\\run\\secrets\\kubernetes.io\\serviceaccount\\token",
 			KubeTagPrefix: "kubernetes.C.var.log.containers.",
@@ -304,6 +304,10 @@ func (r *Reconciler) Reconcile() (*reconcile.Result, error) {
 			if err != nil {
 				return nil, err
 			}
+
+			// Overwrite Kubernetes endpoint with a ClusterDomain templated value.
+			NodeAgentFluentbitDefaults.FluentbitSpec.FilterKubernetes.KubeURL = fmt.Sprintf("https://kubernetes.default.svc.%s:443", r.Logging.Spec.ClusterDomain)
+
 		default:
 			err := merge.Merge(NodeAgentFluentbitDefaults, NodeAgentFluentbitLinuxDefaults)
 			if err != nil {

diff --git a/pkg/sdk/logging/api/v1beta1/logging_types.go b/pkg/sdk/logging/api/v1beta1/logging_types.go
@@ -61,6 +61,9 @@ type LoggingSpec struct {
 	GlobalFilters []Filter `json:"globalFilters,omitempty"`
 	// Limit namespaces to watch Flow and Output custom resources.
 	WatchNamespaces []string `json:"watchNamespaces,omitempty"`
+	// Cluster domain name to be used when templating URLs to services (default: "cluster.local").
+	// +kubebuilder:validation:Optional
+	ClusterDomain string `json:"clusterDomain"`
 	// Namespace for cluster wide configuration resources like CLusterFlow and ClusterOutput.
 	// This should be a protected namespace from regular users.
 	// Resources like fluentbit and fluentd will run in this namespace as well.
@@ -137,6 +140,9 @@ const (
 
 // SetDefaults fills empty attributes
 func (l *Logging) SetDefaults() error {
+	if l.Spec.ClusterDomain == "" {
+		l.Spec.ClusterDomain = "cluster.local"
+	}
 	if !l.Spec.FlowConfigCheckDisabled && l.Status.ConfigCheckResults == nil {
 		l.Status.ConfigCheckResults = make(map[string]bool)
 	}

diff --git a/pkg/sdk/static/gen/crds/generated.go b/pkg/sdk/static/gen/crds/generated.go