Feature: firehose plugin support (#178)

* chore: remove checked in controller-gen

Download dependencies and binary in Makefile target

Signed-off-by: Peter Svensson <peter@sparetimecoders.com>

* feat: add support for kinesis_firehose plugin

This plugin add support for the new kinesis_firehose plugin
https://docs.fluentbit.io/manual/pipeline/outputs/firehose
not the old firehose plugin.

Signed-off-by: Peter Svensson <peter@sparetimecoders.com>

.gitignore

@@ -17,5 +17,4 @@ vendor/
 # IDE
 .idea
 
-!/bin
-/bin/manager
+/bin

Makefile

@@ -117,11 +117,11 @@ undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/confi
 
 
 CONTROLLER_GEN = $(shell pwd)/bin/controller-gen
-controller-gen: ## Download controller-gen locally if necessary.
+controller-gen: go-deps ## Download controller-gen locally if necessary.
 	$(call go-get-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen@v0.4.1)
 
 KUSTOMIZE = $(shell pwd)/bin/kustomize
-kustomize: ## Download kustomize locally if necessary.
+kustomize: go-deps ## Download kustomize locally if necessary.
 	$(call go-get-tool,$(KUSTOMIZE),sigs.k8s.io/kustomize/kustomize/v3@v3.8.7)
 
 # go-get-tool will 'go get' any package $2 and install it to $1.
@@ -137,3 +137,6 @@ GOBIN=$(PROJECT_DIR)/bin go get $(2) ;\
 rm -rf $$TMP_DIR ;\
 }
 endef
+
+go-deps: # download go dependencies
+	go mod download

api/fluentbitoperator/v1alpha2/output_types.go

@@ -66,6 +66,8 @@ type OutputSpec struct {
 	Syslog *output.Syslog `json:"syslog,omitempty"`
 	// DataDog defines DataDog Output configuration.
 	DataDog *output.DataDog `json:"datadog,omitempty"`
+	// Firehose defines Firehose Output configuration.
+	Fireose *output.Firehose `json:"firehose,omitempty"`
 }
 
 // +kubebuilder:object:root=true

api/fluentbitoperator/v1alpha2/plugins/output/firehose_types.go

@@ -0,0 +1,79 @@
+package output
+
+import (
+	"strconv"
+
+	"kubesphere.io/fluentbit-operator/api/fluentbitoperator/v1alpha2/plugins"
+	"kubesphere.io/fluentbit-operator/api/fluentbitoperator/v1alpha2/plugins/params"
+)
+
+// +kubebuilder:object:generate:=true
+
+// The Firehose output plugin, allows to ingest your records into AWS Firehose.
+// It uses the new high performance kinesis_firehose plugin (written in C) instead
+// of the older firehose plugin (written in Go).
+// The fluent-bit container must have the plugin installed.
+//
+// https://docs.fluentbit.io/manual/pipeline/outputs/firehose
+// https://github.com/aws/amazon-kinesis-firehose-for-fluent-bit
+type Firehose struct {
+	// The AWS region.
+	Region string `json:"region"`
+	// The name of the Kinesis Firehose Delivery stream that you want log records sent to.
+	DeliveryStream string `json:"deliveryStream"`
+	// Add the timestamp to the record under this key. By default, the timestamp from Fluent Bit will not be added to records sent to Kinesis.
+	TimeKey *string `json:"timeKey,omitempty"`
+	// strftime compliant format string for the timestamp; for example, %Y-%m-%dT%H *string This option is used with time_key. You can also use %L for milliseconds and %f for microseconds. If you are using ECS FireLens, make sure you are running Amazon ECS Container Agent v1.42.0 or later, otherwise the timestamps associated with your container logs will only have second precision.
+	TimeKeyFormat *string `json:"timeKeyFormat,omitempty"`
+	// By default, the whole log record will be sent to Kinesis. If you specify a key name(s) with this option, then only those keys and values will be sent to Kinesis. For example, if you are using the Fluentd Docker log driver, you can specify data_keys log and only the log message will be sent to Kinesis. If you specify multiple keys, they should be comma delimited.
+	DataKeys *string `json:"dataKeys,omitempty"`
+	// By default, the whole log record will be sent to Firehose. If you specify a key name with this option, then only the value of that key will be sent to Firehose. For example, if you are using the Fluentd Docker log driver, you can specify log_key log and only the log message will be sent to Firehose.
+	LogKey *string `json:"logKey,omitempty"`
+	// ARN of an IAM role to assume (for cross account access).
+	RoleARN *string `json:"roleARN,omitempty"`
+	// Specify a custom endpoint for the Kinesis Firehose API.
+	Endpoint *string `json:"endpoint,omitempty"`
+	// Specify a custom endpoint for the STS API; used to assume your custom role provided with role_arn.
+	STSEndpoint *string `json:"stsEndpoint,omitempty"`
+	// Immediately retry failed requests to AWS services once. This option does not affect the normal Fluent Bit retry mechanism with backoff. Instead, it enables an immediate retry with no delay for networking errors, which may help improve throughput when there are transient/random networking issues.
+	AutoRetryRequests *bool `json:"autoRetryRequests,omitempty"`
+}
+
+// implement Section() method
+func (_ *Firehose) Name() string {
+	return "kinesis_firehose"
+}
+
+// implement Section() method
+func (l *Firehose) Params(sl plugins.SecretLoader) (*params.KVs, error) {
+	kvs := params.NewKVs()
+	kvs.Insert("region", l.Region)
+	kvs.Insert("delivery_stream", l.DeliveryStream)
+
+	if l.DataKeys != nil && *l.DataKeys != "" {
+		kvs.Insert("data_keys", *l.DataKeys)
+	}
+	if l.LogKey != nil && *l.LogKey != "" {
+		kvs.Insert("log_key", *l.LogKey)
+	}
+	if l.RoleARN != nil && *l.RoleARN != "" {
+		kvs.Insert("role_arn", *l.RoleARN)
+	}
+	if l.Endpoint != nil && *l.Endpoint != "" {
+		kvs.Insert("endpoint", *l.Endpoint)
+	}
+	if l.STSEndpoint != nil && *l.STSEndpoint != "" {
+		kvs.Insert("sts_endpoint", *l.STSEndpoint)
+	}
+	if l.TimeKey != nil && *l.TimeKey != "" {
+		kvs.Insert("time_key", *l.TimeKey)
+	}
+	if l.TimeKeyFormat != nil && *l.TimeKeyFormat != "" {
+		kvs.Insert("time_key_format", *l.TimeKeyFormat)
+	}
+	if l.AutoRetryRequests != nil {
+		kvs.Insert("auto_retry_requests", strconv.FormatBool(*l.AutoRetryRequests))
+	}
+
+	return kvs, nil
+}

config/crd/bases/logging.kubesphere.io_outputs.yaml

@@ -381,6 +381,66 @@ spec:
                     description: The format string. Applicable only if format is template.
                     type: string
                 type: object
+              firehose:
+                description: Firehose defines Firehose Output configuration.
+                properties:
+                  autoRetryRequests:
+                    description: Immediately retry failed requests to AWS services
+                      once. This option does not affect the normal Fluent Bit retry
+                      mechanism with backoff. Instead, it enables an immediate retry
+                      with no delay for networking errors, which may help improve
+                      throughput when there are transient/random networking issues.
+                    type: boolean
+                  dataKeys:
+                    description: By default, the whole log record will be sent to
+                      Kinesis. If you specify a key name(s) with this option, then
+                      only those keys and values will be sent to Kinesis. For example,
+                      if you are using the Fluentd Docker log driver, you can specify
+                      data_keys log and only the log message will be sent to Kinesis.
+                      If you specify multiple keys, they should be comma delimited.
+                    type: string
+                  deliveryStream:
+                    description: The name of the Kinesis Firehose Delivery stream
+                      that you want log records sent to.
+                    type: string
+                  endpoint:
+                    description: Specify a custom endpoint for the Kinesis Firehose
+                      API.
+                    type: string
+                  logKey:
+                    description: By default, the whole log record will be sent to
+                      Firehose. If you specify a key name with this option, then only
+                      the value of that key will be sent to Firehose. For example,
+                      if you are using the Fluentd Docker log driver, you can specify
+                      log_key log and only the log message will be sent to Firehose.
+                    type: string
+                  region:
+                    description: The AWS region.
+                    type: string
+                  roleARN:
+                    description: ARN of an IAM role to assume (for cross account access).
+                    type: string
+                  stsEndpoint:
+                    description: Specify a custom endpoint for the STS API; used to
+                      assume your custom role provided with role_arn.
+                    type: string
+                  timeKey:
+                    description: Add the timestamp to the record under this key. By
+                      default, the timestamp from Fluent Bit will not be added to
+                      records sent to Kinesis.
+                    type: string
+                  timeKeyFormat:
+                    description: strftime compliant format string for the timestamp;
+                      for example, %Y-%m-%dT%H *string This option is used with time_key.
+                      You can also use %L for milliseconds and %f for microseconds.
+                      If you are using ECS FireLens, make sure you are running Amazon
+                      ECS Container Agent v1.42.0 or later, otherwise the timestamps
+                      associated with your container logs will only have second precision.
+                    type: string
+                required:
+                - deliveryStream
+                - region
+                type: object
               forward:
                 description: Forward defines Forward Output configuration.
                 properties:

manifests/setup/fluentbit-operator-crd.yaml

@@ -3823,6 +3823,66 @@ spec:
                     description: The format string. Applicable only if format is template.
                     type: string
                 type: object
+              firehose:
+                description: Firehose defines Firehose Output configuration.
+                properties:
+                  autoRetryRequests:
+                    description: Immediately retry failed requests to AWS services
+                      once. This option does not affect the normal Fluent Bit retry
+                      mechanism with backoff. Instead, it enables an immediate retry
+                      with no delay for networking errors, which may help improve
+                      throughput when there are transient/random networking issues.
+                    type: boolean
+                  dataKeys:
+                    description: By default, the whole log record will be sent to
+                      Kinesis. If you specify a key name(s) with this option, then
+                      only those keys and values will be sent to Kinesis. For example,
+                      if you are using the Fluentd Docker log driver, you can specify
+                      data_keys log and only the log message will be sent to Kinesis.
+                      If you specify multiple keys, they should be comma delimited.
+                    type: string
+                  deliveryStream:
+                    description: The name of the Kinesis Firehose Delivery stream
+                      that you want log records sent to.
+                    type: string
+                  endpoint:
+                    description: Specify a custom endpoint for the Kinesis Firehose
+                      API.
+                    type: string
+                  logKey:
+                    description: By default, the whole log record will be sent to
+                      Firehose. If you specify a key name with this option, then only
+                      the value of that key will be sent to Firehose. For example,
+                      if you are using the Fluentd Docker log driver, you can specify
+                      log_key log and only the log message will be sent to Firehose.
+                    type: string
+                  region:
+                    description: The AWS region.
+                    type: string
+                  roleARN:
+                    description: ARN of an IAM role to assume (for cross account access).
+                    type: string
+                  stsEndpoint:
+                    description: Specify a custom endpoint for the STS API; used to
+                      assume your custom role provided with role_arn.
+                    type: string
+                  timeKey:
+                    description: Add the timestamp to the record under this key. By
+                      default, the timestamp from Fluent Bit will not be added to
+                      records sent to Kinesis.
+                    type: string
+                  timeKeyFormat:
+                    description: strftime compliant format string for the timestamp;
+                      for example, %Y-%m-%dT%H *string This option is used with time_key.
+                      You can also use %L for milliseconds and %f for microseconds.
+                      If you are using ECS FireLens, make sure you are running Amazon
+                      ECS Container Agent v1.42.0 or later, otherwise the timestamps
+                      associated with your container logs will only have second precision.
+                    type: string
+                required:
+                - deliveryStream
+                - region
+                type: object
               forward:
                 description: Forward defines Forward Output configuration.
                 properties: