Skip to content

Commit

Permalink
Removing all references of the PodSecurityPolicy for fluentd (#2605)
Browse files Browse the repository at this point in the history
  • Loading branch information
rnishtala-sumo committed Nov 14, 2022
1 parent 9037d37 commit 5353114
Show file tree
Hide file tree
Showing 9 changed files with 2 additions and 68 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- fix(logs): prevent Fluent Bit from doing metadata enrichment [#2512]
- chore(kube-prometheus-stack): update kube-prometheus-stack chart to 39.11.0 [#2446]
- feat(metrics)!: disable Thanos by default [#2514]
- fix(fluentd): Removing PodSecurityPolicy for fluentd [#2605]

### Changed

Expand Down Expand Up @@ -61,6 +62,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
[#2597]: https://github.com/SumoLogic/sumologic-kubernetes-collection/pull/2597
[#2599]: https://github.com/SumoLogic/sumologic-kubernetes-collection/pull/2599
[#2600]: https://github.com/SumoLogic/sumologic-kubernetes-collection/pull/2600
[#2605]: https://github.com/SumoLogic/sumologic-kubernetes-collection/pull/2605
[Unreleased]: https://github.com/SumoLogic/sumologic-kubernetes-collection/compare/v2.17.0...main
[telegraf_operator_comapare_1.3.5_and_1.3.10]: https://github.com/influxdata/helm-charts/compare/telegraf-operator-1.3.5...telegraf-operator-1.3.10
[cert-manager-1.4]: https://github.com/cert-manager/cert-manager/releases/tag/v1.4.0
Expand Down
2 changes: 0 additions & 2 deletions deploy/docs/fluentd_otc_comparison.md
Original file line number Diff line number Diff line change
Expand Up @@ -249,7 +249,6 @@ Events are not supported by `Opentelemetry Collector`
| [fluentd.image.repository][readme] | [metadata.image.repository][readme] |
| [fluentd.image.tag][readme] | [metadata.image.tag][readme] |
| [fluentd.image.pullPolicy][readme] | [metadata.image.pullPolicy][readme] |
| [fluentd.podSecurityPolicy.create][readme] | Not supported |
| [fluentd.logLevel][readme] | [metadata.metrics.logLevel][readme] |
| [fluentd.logLevelFilter][readme] | Not supported. Own logs are being ingested |
| [fluentd.verifySsl][readme] | [metadata.metrics.config.exporters.sumologic.tls.insecure_skip_verify](#sumologic-output-plugin) |
Expand Down Expand Up @@ -289,7 +288,6 @@ Events are not supported by `Opentelemetry Collector`
| [fluentd.image.repository][readme] | [metadata.image.repository][readme] |
| [fluentd.image.tag][readme] | [metadata.image.tag][readme] |
| [fluentd.image.pullPolicy][readme] | [metadata.image.pullPolicy][readme] |
| [fluentd.podSecurityPolicy.create][readme] | Not supported |
| [fluentd.logLevel][readme] | [metadata.logs.logLevel][readme] |
| [fluentd.logLevelFilter][readme] | Not supported. Own logs are being ingested |
| [fluentd.verifySsl][readme] | [metadata.logs.config.exporters.sumologic/containers.tls.insecure_skip_verify](#sumologic-output-plugin), [metadata.logs.config.exporters.sumologic/systemd.tls.insecure_skip_verify](#sumologic-output-plugin) |
Expand Down
1 change: 0 additions & 1 deletion deploy/helm/sumologic/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,6 @@ The following table lists the configurable parameters of the Sumo Logic chart an
| `fluentd.podLabels` | Additional labels for all fluentd pods | `{}` |
| `fluentd.pvcLabels` | Additional labels for all fluentd PVCs | `{}` |
| `fluentd.podAnnotations` | Additional annotations for all fluentd pods | `{}` |
| `fluentd.podSecurityPolicy.create` | If true, create & use `podSecurityPolicy` for fluentd resources | `false` |
| `fluentd.persistence.enabled` | Persist data to a persistent volume; When enabled, fluentd uses the file buffer instead of memory buffer. After changing this value follow steps described in [Fluentd Persistence](../../docs/FluentdPersistence.md). | `true` |
| `fluentd.persistence.storageClass` | If defined, storageClassName: <storageClass>. If set to "-", storageClassName: "", which disables dynamic provisioning. If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, Azure & OpenStack) | `Nil` |
| `fluentd.persistence.accessMode` | The accessMode for persistence. | `ReadWriteOnce` |
Expand Down
8 changes: 0 additions & 8 deletions deploy/helm/sumologic/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -323,10 +323,6 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
{{- template "sumologic.labels.app.setup" . }}
{{- end -}}

{{- define "sumologic.labels.app.podsecuritypolicy" -}}
{{- template "sumologic.fullname" . }}-psp
{{- end -}}

{{- define "sumologic.labels.app.securitycontextconstraints" -}}
{{- template "sumologic.fullname" . }}-scc
{{- end -}}
Expand Down Expand Up @@ -407,10 +403,6 @@ helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
{{- template "sumologic.fullname" . }}
{{- end -}}

{{- define "sumologic.metadata.name.podsecuritypolicy" -}}
{{ template "sumologic.fullname" . }}-psp
{{- end -}}

{{- define "sumologic.metadata.name.securitycontextconstraints" -}}
{{- template "sumologic.fullname" . }}-scc
{{- end -}}
Expand Down
10 changes: 0 additions & 10 deletions deploy/helm/sumologic/templates/clusterrole.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -29,16 +29,6 @@ rules:
resources:
- configmaps
verbs: ["create", "patch"]
{{- if .Values.fluentd.podSecurityPolicy.create }}
- apiGroups: ["policy"]
resources:
- podsecuritypolicies
resourceNames:
- {{ template "sumologic.metadata.name.events.statefulset" . }}
- {{ template "sumologic.metadata.name.metrics.statefulset" . }}
- {{ template "sumologic.metadata.name.logs.statefulset" . }}
verbs: ["use"]
{{- end }}
{{- if index .Values "opentelemetry-operator" "enabled" }}
- apiGroups: ["opentelemetry.io"]
resources:
Expand Down
39 changes: 0 additions & 39 deletions deploy/helm/sumologic/templates/psp.yaml

This file was deleted.

3 changes: 0 additions & 3 deletions deploy/helm/sumologic/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -327,9 +327,6 @@ fluentd:
tag: 1.14.6-sumo-5
pullPolicy: IfNotPresent

## Specifies whether a PodSecurityPolicy should be created
podSecurityPolicy:
create: false
additionalPlugins: []

## Sets the fluentd log level. The default log level, if not specified, is info.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,6 @@ fluentd:
tag: 1.11.5-sumo-0
pullPolicy: IfNotPresent

## Specifies whether a PodSecurityPolicy should be created
podSecurityPolicy:
create: false
additionalPlugins: []

## Sets the fluentd log level. The default log level, if not specified, is info.
Expand Down
Original file line number Diff line number Diff line change
@@ -1,6 +1,4 @@
fluentd:
podSecurityPolicy:
create: false
additionalPlugins: []
logLevel: info
logLevelFilter: true
Expand Down

0 comments on commit 5353114

Please sign in to comment.