Skip to content

fix: Add SSL/TLS settings feature for fluentd output Elasticsearch #418 #1011

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Dec 11, 2023
Merged

fix: Add SSL/TLS settings feature for fluentd output Elasticsearch #418 #1011

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions apis/fluentd/v1alpha1/plugins/output/es.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,4 +26,14 @@ type Elasticsearch struct {
User *plugins.Secret `json:"user,omitempty"`
// Optional, The login credentials to connect to Elasticsearch
Password *plugins.Secret `json:"password,omitempty"`
// Optional, Force certificate validation
SslVerify *bool `json:"sslVerify,omitempty"`
// Optional, Absolute path to CA certificate file
CAFile *string `json:"caFile,omitempty"`
// Optional, Absolute path to client Certificate file
ClientCert *string `json:"clientCert,omitempty"`
// Optional, Absolute path to client private Key file
ClientKey *string `json:"clientKey,omitempty"`
// Optional, password for ClientKey file
ClientKeyPassword *plugins.Secret `json:"clientKeyPassword,omitempty"`
}
24 changes: 24 additions & 0 deletions apis/fluentd/v1alpha1/plugins/output/types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -405,6 +405,30 @@ func (o *Output) elasticsearchPlugin(parent *params.PluginStore, loader plugins.
parent.InsertPairs("password", pwd)
}

if o.Elasticsearch.SslVerify != nil {
parent.InsertPairs("ssl_verify", fmt.Sprint(*o.Elasticsearch.SslVerify))
}

if o.Elasticsearch.CAFile != nil {
parent.InsertPairs("ca_file", fmt.Sprint(*o.Elasticsearch.CAFile))
}

if o.Elasticsearch.ClientCert != nil {
parent.InsertPairs("client_cert", fmt.Sprint(*o.Elasticsearch.ClientCert))
}

if o.Elasticsearch.ClientKey != nil {
parent.InsertPairs("client_key", fmt.Sprint(*o.Elasticsearch.ClientKey))
}

if o.Elasticsearch.ClientKeyPassword != nil {
pwd, err := loader.LoadSecret(*o.Elasticsearch.ClientKeyPassword)
if err != nil {
return nil, err
}
parent.InsertPairs("client_key_pass", pwd)
}

if o.Elasticsearch.Scheme != nil {
parent.InsertPairs("scheme", fmt.Sprint(*o.Elasticsearch.Scheme))
}
Expand Down
45 changes: 45 additions & 0 deletions charts/fluent-operator/charts/fluentd-crds/crds/fluentd.fluent.io_clusteroutputs.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -539,6 +539,48 @@ spec:
elasticsearch:
description: out_es plugin
properties:
caFile:
description: Optional, Absolute path to CA certificate file
type: string
clientCert:
description: Optional, Absolute path to client Certificate
file
type: string
clientKey:
description: Optional, Absolute path to client private Key
file
type: string
clientKeyPassword:
description: Optional, password for ClientKey file
properties:
valueFrom:
description: ValueSource defines how to find a value's
key.
properties:
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select
from. Must be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret or its
key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
type: object
host:
description: 'The hostname of your Elasticsearch node (default:
localhost).'
Expand Down Expand Up @@ -608,6 +650,9 @@ spec:
description: 'Specify https if your Elasticsearch endpoint
supports SSL (default: http).'
type: string
sslVerify:
description: Optional, Force certificate validation
type: boolean
user:
description: Optional, The login credentials to connect
to Elasticsearch
Expand Down
45 changes: 45 additions & 0 deletions charts/fluent-operator/charts/fluentd-crds/crds/fluentd.fluent.io_outputs.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -539,6 +539,48 @@ spec:
elasticsearch:
description: out_es plugin
properties:
caFile:
description: Optional, Absolute path to CA certificate file
type: string
clientCert:
description: Optional, Absolute path to client Certificate
file
type: string
clientKey:
description: Optional, Absolute path to client private Key
file
type: string
clientKeyPassword:
description: Optional, password for ClientKey file
properties:
valueFrom:
description: ValueSource defines how to find a value's
key.
properties:
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select
from. Must be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret or its
key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
type: object
host:
description: 'The hostname of your Elasticsearch node (default:
localhost).'
Expand Down Expand Up @@ -608,6 +650,9 @@ spec:
description: 'Specify https if your Elasticsearch endpoint
supports SSL (default: http).'
type: string
sslVerify:
description: Optional, Force certificate validation
type: boolean
user:
description: Optional, The login credentials to connect
to Elasticsearch
Expand Down
45 changes: 45 additions & 0 deletions config/crd/bases/fluentd.fluent.io_clusteroutputs.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -539,6 +539,48 @@ spec:
elasticsearch:
description: out_es plugin
properties:
caFile:
description: Optional, Absolute path to CA certificate file
type: string
clientCert:
description: Optional, Absolute path to client Certificate
file
type: string
clientKey:
description: Optional, Absolute path to client private Key
file
type: string
clientKeyPassword:
description: Optional, password for ClientKey file
properties:
valueFrom:
description: ValueSource defines how to find a value's
key.
properties:
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select
from. Must be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret or its
key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
type: object
host:
description: 'The hostname of your Elasticsearch node (default:
localhost).'
Expand Down Expand Up @@ -608,6 +650,9 @@ spec:
description: 'Specify https if your Elasticsearch endpoint
supports SSL (default: http).'
type: string
sslVerify:
description: Optional, Force certificate validation
type: boolean
user:
description: Optional, The login credentials to connect
to Elasticsearch
Expand Down
45 changes: 45 additions & 0 deletions config/crd/bases/fluentd.fluent.io_outputs.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -539,6 +539,48 @@ spec:
elasticsearch:
description: out_es plugin
properties:
caFile:
description: Optional, Absolute path to CA certificate file
type: string
clientCert:
description: Optional, Absolute path to client Certificate
file
type: string
clientKey:
description: Optional, Absolute path to client private Key
file
type: string
clientKeyPassword:
description: Optional, password for ClientKey file
properties:
valueFrom:
description: ValueSource defines how to find a value's
key.
properties:
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select
from. Must be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret or its
key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
type: object
host:
description: 'The hostname of your Elasticsearch node (default:
localhost).'
Expand Down Expand Up @@ -608,6 +650,9 @@ spec:
description: 'Specify https if your Elasticsearch endpoint
supports SSL (default: http).'
type: string
sslVerify:
description: Optional, Force certificate validation
type: boolean
user:
description: Optional, The login credentials to connect
to Elasticsearch
Expand Down
5 changes: 5 additions & 0 deletions docs/plugins/fluentd/output/es.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,3 +15,8 @@ Elasticsearch defines the parameters for out_es output plugin
| logstashPrefix | LogstashPrefix defines the logstash prefix index name to write events when logstash_format is true (default: logstash). | *string |
| user | Optional, The login credentials to connect to Elasticsearch | *[plugins.Secret](../secret.md) |
| password | Optional, The login credentials to connect to Elasticsearch | *[plugins.Secret](../secret.md) |
| sslVerify | Optional, Force certificate validation | *bool |
| caFile | Optional, Absolute path to CA certificate file | *string |
| clientCert | Optional, Absolute path to client Certificate file | *string |
| clientKey | Optional, Absolute path to client private Key file | *string |
| clientKeyPassword | Optional, password for ClientKey file | *[plugins.Secret](../secret.md) |
Loading