support openshift

deploy/helm/fluent-bit-overrides.yaml

@@ -17,6 +17,9 @@ resources: {}
 podLabels: {}
 ## Add custom pod annotations to fluent-bit daemonset pods
 podAnnotations: {}
+## Set securityContext of fluent-bit daemonset pods as privileged for running in Openshift
+# securityContext:
+#   privileged: true
 service:
   flush: 5
 metrics:

deploy/helm/sumologic/conf/logs/logs.source.containers.conf

@@ -4,6 +4,7 @@
 {{- if .Values.fluentd.monitoring.input }}
 {{ include "fluentd.prometheus-metrics.input" (dict "Tag" "containers.**") | nindent 2}}
 {{- end }}
+{{ if .Values.fluentd.logs.containers.multiline.enabled }}
 <filter containers.**>
   @type record_transformer
   enable_ruby
@@ -14,6 +15,7 @@
     time   ${[record["log"].split(/[\n\t]+/)[0]].map! {|item| JSON.parse(item)["time"]}.any? ? [record["log"].split(/[\n\t]+/)[0]].map! {|item| JSON.parse(item)["time"]}.join("") : record["time"] rescue record["time"]}
   </record>
 </filter>
+{{- end }}
 # match all  container logs and label them @NORMAL
 <match containers.**>
   @type relabel

deploy/helm/sumologic/templates/scc.yaml

@@ -0,0 +1,46 @@
+{{- if and .Values.sumologic.scc.create (.Capabilities.APIVersions.Has "security.openshift.io/v1") }}
+apiVersion: security.openshift.io/v1
+kind: SecurityContextConstraints
+metadata:
+  annotations:
+    kubernetes.io/description: |
+      This provides the minimum requirements Sumo Logic Kubernetes Collection to run in Openshift.
+  name: {{ template "sumologic.fullname" . }}
+  labels:
+    app: {{ template "sumologic.fullname" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+allowHostDirVolumePlugin: true
+allowHostIPC: false
+allowHostNetwork: true
+allowHostPID: true
+allowHostPorts: false
+allowPrivilegeEscalation: true
+allowPrivilegedContainer: true
+allowedCapabilities: []
+allowedUnsafeSysctls: []
+defaultAddCapabilities: []
+fsGroup:
+  type: RunAsAny
+groups: 
+- system:serviceaccounts:{{ .Release.Namespace }}
+priority: 0
+readOnlyRootFilesystem: false
+requiredDropCapabilities: []
+runAsUser:
+  type: RunAsAny
+seLinuxContext:
+  type: RunAsAny
+seccompProfiles:
+- '*'
+supplementalGroups:
+  type: RunAsAny
+users:
+- system:serviceaccount:{{ .Release.Namespace }}:{{ template "sumologic.metadata.name.setup.job" . }}
+volumes:
+- hostPath
+- emptyDir
+- secret
+- configMap
+{{- end }}

deploy/helm/sumologic/values.yaml

@@ -73,6 +73,10 @@ sumologic:
   ## Add custom annotations to the following sumologic resources(fluentd sts, setup job, otelcol deployment)
   podAnnotations: {}
 
+  ## creation of Security Context Constraints in Openshift
+  scc:
+    create: false
+
   setup:
     job:
       nodeSelector: {}
@@ -388,6 +392,10 @@ fluentd:
       ## To use additional filter plugins
       extraFilterPluginConf: |-
 
+      ## To enable stiching multiline logs in fluentd when fluent-bit Multiline feature is On
+      multiline:
+        enabled: true
+
     ## Kubelet log configuration
     kubelet:
       enabled: true
@@ -696,6 +704,10 @@ fluent-bit:
   ## Add custom pod annotations to fluent-bit daemonset pods
   podAnnotations: {}
 
+  ## Set securityContext of fluent-bit daemonset pods as privileged for running in Openshift
+  # securityContext:
+  #   privileged: true
+
   service:
     flush: 5
   metrics:

deploy/kubernetes/fluentd-sumologic.yaml.tmpl

@@ -135,6 +135,7 @@ data:
 
   logs.source.containers.conf: |
 
+
     <filter containers.**>
       @type record_transformer
       enable_ruby
@@ -1083,3 +1084,6 @@ spec:
 # Source: sumologic/templates/otelcol-service.yaml
 
 
+---
+# Source: sumologic/templates/scc.yaml
+