Merge pull request #1338 from cw-Guo/feat/es-secret

feat: add cloudAuthSecret & awsAuthSecret

Author: benjaminhuo

apis/fluentbit/v1alpha2/plugins/output/elasticsearch_types.go

@@ -40,6 +40,8 @@ type Elasticsearch struct {
 	Pipeline string `json:"pipeline,omitempty"`
 	// Enable AWS Sigv4 Authentication for Amazon ElasticSearch Service.
 	AWSAuth string `json:"awsAuth,omitempty"`
+	// AWSAuthSecret Enable AWS Sigv4 Authentication for Amazon ElasticSearch Service.
+	AWSAuthSecret *plugins.Secret `json:"awsAuthSecret,omitempty"`
 	// Specify the AWS region for Amazon ElasticSearch Service.
 	AWSRegion string `json:"awsRegion,omitempty"`
 	// Specify the custom sts endpoint to be used with STS API for Amazon ElasticSearch Service.
@@ -52,6 +54,8 @@ type Elasticsearch struct {
 	CloudID string `json:"cloudID,omitempty"`
 	// Specify the credentials to use to connect to Elastic's Elasticsearch Service running on Elastic Cloud.
 	CloudAuth string `json:"cloudAuth,omitempty"`
+	// CloudAuthSecret Specify the credentials to use to connect to Elastic's Elasticsearch Service running on Elastic Cloud.
+	CloudAuthSecret *plugins.Secret `json:"cloudAuthSecret,omitempty"`
 	// Optional username credential for Elastic X-Pack access
 	HTTPUser *plugins.Secret `json:"httpUser,omitempty"`
 	// Password for user defined in HTTP_User
@@ -135,6 +139,13 @@ func (es *Elasticsearch) Params(sl plugins.SecretLoader) (*params.KVs, error) {
 	if es.AWSAuth != "" {
 		kvs.Insert("AWS_Auth", es.AWSAuth)
 	}
+	if es.AWSAuthSecret != nil {
+		u, err := sl.LoadSecret(*es.AWSAuthSecret)
+		if err != nil {
+			return nil, err
+		}
+		kvs.Insert("AWS_Auth", u)
+	}
 	if es.AWSRegion != "" {
 		kvs.Insert("AWS_Region", es.AWSRegion)
 	}
@@ -150,6 +161,13 @@ func (es *Elasticsearch) Params(sl plugins.SecretLoader) (*params.KVs, error) {
 	if es.CloudAuth != "" {
 		kvs.Insert("Cloud_Auth", es.CloudAuth)
 	}
+	if es.CloudAuthSecret != nil {
+		u, err := sl.LoadSecret(*es.CloudAuthSecret)
+		if err != nil {
+			return nil, err
+		}
+		kvs.Insert("Cloud_Auth", u)
+	}
 	if es.AWSExternalID != "" {
 		kvs.Insert("AWS_External_ID", es.AWSExternalID)
 	}

apis/fluentbit/v1alpha2/plugins/output/zz_generated.deepcopy.go

@@ -529,6 +529,41 @@ spec:
                     description: Enable AWS Sigv4 Authentication for Amazon ElasticSearch
                       Service.
                     type: string
+                  awsAuthSecret:
+                    description: AWSAuthSecret Enable AWS Sigv4 Authentication for
+                      Amazon ElasticSearch Service.
+                    properties:
+                      valueFrom:
+                        description: ValueSource defines how to find a value's key.
+                        properties:
+                          secretKeyRef:
+                            description: Selects a key of a secret in the pod's namespace
+                            properties:
+                              key:
+                                description: The key of the secret to select from.  Must
+                                  be a valid secret key.
+                                type: string
+                              name:
+                                default: ""
+                                description: |-
+                                  Name of the referent.
+                                  This field is effectively required, but due to backwards compatibility is
+                                  allowed to be empty. Instances of this type with an empty value here are
+                                  almost certainly wrong.
+                                  TODO: Add other useful fields. apiVersion, kind, uid?
+                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                  TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                type: string
+                              optional:
+                                description: Specify whether the Secret or its key
+                                  must be defined
+                                type: boolean
+                            required:
+                            - key
+                            type: object
+                            x-kubernetes-map-type: atomic
+                        type: object
+                    type: object
                   awsExternalID:
                     description: External ID for the AWS IAM Role specified with aws_role_arn.
                     type: string
@@ -556,6 +591,42 @@ spec:
                     description: Specify the credentials to use to connect to Elastic's
                       Elasticsearch Service running on Elastic Cloud.
                     type: string
+                  cloudAuthSecret:
+                    description: CloudAuthSecret Specify the credentials to use to
+                      connect to Elastic's Elasticsearch Service running on Elastic
+                      Cloud.
+                    properties:
+                      valueFrom:
+                        description: ValueSource defines how to find a value's key.
+                        properties:
+                          secretKeyRef:
+                            description: Selects a key of a secret in the pod's namespace
+                            properties:
+                              key:
+                                description: The key of the secret to select from.  Must
+                                  be a valid secret key.
+                                type: string
+                              name:
+                                default: ""
+                                description: |-
+                                  Name of the referent.
+                                  This field is effectively required, but due to backwards compatibility is
+                                  allowed to be empty. Instances of this type with an empty value here are
+                                  almost certainly wrong.
+                                  TODO: Add other useful fields. apiVersion, kind, uid?
+                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                  TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                type: string
+                              optional:
+                                description: Specify whether the Secret or its key
+                                  must be defined
+                                type: boolean
+                            required:
+                            - key
+                            type: object
+                            x-kubernetes-map-type: atomic
+                        type: object
+                    type: object
                   cloudID:
                     description: If you are using Elastic's Elasticsearch Service
                       you can specify the cloud_id of the cluster running.

charts/fluent-operator/charts/fluent-bit-crds/crds/fluentbit.fluent.io_clusteroutputs.yaml

@@ -529,6 +529,41 @@ spec:
                     description: Enable AWS Sigv4 Authentication for Amazon ElasticSearch
                       Service.
                     type: string
+                  awsAuthSecret:
+                    description: AWSAuthSecret Enable AWS Sigv4 Authentication for
+                      Amazon ElasticSearch Service.
+                    properties:
+                      valueFrom:
+                        description: ValueSource defines how to find a value's key.
+                        properties:
+                          secretKeyRef:
+                            description: Selects a key of a secret in the pod's namespace
+                            properties:
+                              key:
+                                description: The key of the secret to select from.  Must
+                                  be a valid secret key.
+                                type: string
+                              name:
+                                default: ""
+                                description: |-
+                                  Name of the referent.
+                                  This field is effectively required, but due to backwards compatibility is
+                                  allowed to be empty. Instances of this type with an empty value here are
+                                  almost certainly wrong.
+                                  TODO: Add other useful fields. apiVersion, kind, uid?
+                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                  TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                type: string
+                              optional:
+                                description: Specify whether the Secret or its key
+                                  must be defined
+                                type: boolean
+                            required:
+                            - key
+                            type: object
+                            x-kubernetes-map-type: atomic
+                        type: object
+                    type: object
                   awsExternalID:
                     description: External ID for the AWS IAM Role specified with aws_role_arn.
                     type: string
@@ -556,6 +591,42 @@ spec:
                     description: Specify the credentials to use to connect to Elastic's
                       Elasticsearch Service running on Elastic Cloud.
                     type: string
+                  cloudAuthSecret:
+                    description: CloudAuthSecret Specify the credentials to use to
+                      connect to Elastic's Elasticsearch Service running on Elastic
+                      Cloud.
+                    properties:
+                      valueFrom:
+                        description: ValueSource defines how to find a value's key.
+                        properties:
+                          secretKeyRef:
+                            description: Selects a key of a secret in the pod's namespace
+                            properties:
+                              key:
+                                description: The key of the secret to select from.  Must
+                                  be a valid secret key.
+                                type: string
+                              name:
+                                default: ""
+                                description: |-
+                                  Name of the referent.
+                                  This field is effectively required, but due to backwards compatibility is
+                                  allowed to be empty. Instances of this type with an empty value here are
+                                  almost certainly wrong.
+                                  TODO: Add other useful fields. apiVersion, kind, uid?
+                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                  TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                type: string
+                              optional:
+                                description: Specify whether the Secret or its key
+                                  must be defined
+                                type: boolean
+                            required:
+                            - key
+                            type: object
+                            x-kubernetes-map-type: atomic
+                        type: object
+                    type: object
                   cloudID:
                     description: If you are using Elastic's Elasticsearch Service
                       you can specify the cloud_id of the cluster running.

charts/fluent-operator/charts/fluent-bit-crds/crds/fluentbit.fluent.io_outputs.yaml

@@ -529,6 +529,41 @@ spec:
                     description: Enable AWS Sigv4 Authentication for Amazon ElasticSearch
                       Service.
                     type: string
+                  awsAuthSecret:
+                    description: AWSAuthSecret Enable AWS Sigv4 Authentication for
+                      Amazon ElasticSearch Service.
+                    properties:
+                      valueFrom:
+                        description: ValueSource defines how to find a value's key.
+                        properties:
+                          secretKeyRef:
+                            description: Selects a key of a secret in the pod's namespace
+                            properties:
+                              key:
+                                description: The key of the secret to select from.  Must
+                                  be a valid secret key.
+                                type: string
+                              name:
+                                default: ""
+                                description: |-
+                                  Name of the referent.
+                                  This field is effectively required, but due to backwards compatibility is
+                                  allowed to be empty. Instances of this type with an empty value here are
+                                  almost certainly wrong.
+                                  TODO: Add other useful fields. apiVersion, kind, uid?
+                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                  TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                type: string
+                              optional:
+                                description: Specify whether the Secret or its key
+                                  must be defined
+                                type: boolean
+                            required:
+                            - key
+                            type: object
+                            x-kubernetes-map-type: atomic
+                        type: object
+                    type: object
                   awsExternalID:
                     description: External ID for the AWS IAM Role specified with aws_role_arn.
                     type: string
@@ -556,6 +591,42 @@ spec:
                     description: Specify the credentials to use to connect to Elastic's
                       Elasticsearch Service running on Elastic Cloud.
                     type: string
+                  cloudAuthSecret:
+                    description: CloudAuthSecret Specify the credentials to use to
+                      connect to Elastic's Elasticsearch Service running on Elastic
+                      Cloud.
+                    properties:
+                      valueFrom:
+                        description: ValueSource defines how to find a value's key.
+                        properties:
+                          secretKeyRef:
+                            description: Selects a key of a secret in the pod's namespace
+                            properties:
+                              key:
+                                description: The key of the secret to select from.  Must
+                                  be a valid secret key.
+                                type: string
+                              name:
+                                default: ""
+                                description: |-
+                                  Name of the referent.
+                                  This field is effectively required, but due to backwards compatibility is
+                                  allowed to be empty. Instances of this type with an empty value here are
+                                  almost certainly wrong.
+                                  TODO: Add other useful fields. apiVersion, kind, uid?
+                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                  TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                type: string
+                              optional:
+                                description: Specify whether the Secret or its key
+                                  must be defined
+                                type: boolean
+                            required:
+                            - key
+                            type: object
+                            x-kubernetes-map-type: atomic
+                        type: object
+                    type: object
                   cloudID:
                     description: If you are using Elastic's Elasticsearch Service
                       you can specify the cloud_id of the cluster running.