diff --git a/apis/fluentbit/v1alpha2/fluentbit_types.go b/apis/fluentbit/v1alpha2/fluentbit_types.go index 02f6cd473..ca41614e4 100644 --- a/apis/fluentbit/v1alpha2/fluentbit_types.go +++ b/apis/fluentbit/v1alpha2/fluentbit_types.go @@ -41,6 +41,9 @@ type FluentBitSpec struct { ImagePullPolicy corev1.PullPolicy `json:"imagePullPolicy,omitempty"` // Fluent Bit image pull secret ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty"` + // MountPropagation option for internal mounts + // +kubebuilder:validation:Enum:=None;HostToContainer;Bidirectional + InternalMountPropagation *corev1.MountPropagationMode `json:"internalMountPropagation,omitempty"` // Storage for position db. You will use it if tail input is enabled. PositionDB corev1.VolumeSource `json:"positionDB,omitempty"` // Container log path diff --git a/charts/fluent-operator/charts/fluent-bit-crds/crds/fluentbit.fluent.io_fluentbits.yaml b/charts/fluent-operator/charts/fluent-bit-crds/crds/fluentbit.fluent.io_fluentbits.yaml index f32e7f267..820dee8d2 100644 --- a/charts/fluent-operator/charts/fluent-bit-crds/crds/fluentbit.fluent.io_fluentbits.yaml +++ b/charts/fluent-operator/charts/fluent-bit-crds/crds/fluentbit.fluent.io_fluentbits.yaml @@ -2434,6 +2434,13 @@ spec: - name type: object type: array + internalMountPropagation: + description: MountPropagation option for internal mounts + enum: + - None + - HostToContainer + - Bidirectional + type: string labels: additionalProperties: type: string diff --git a/config/crd/bases/fluentbit.fluent.io_fluentbits.yaml b/config/crd/bases/fluentbit.fluent.io_fluentbits.yaml index f32e7f267..820dee8d2 100644 --- a/config/crd/bases/fluentbit.fluent.io_fluentbits.yaml +++ b/config/crd/bases/fluentbit.fluent.io_fluentbits.yaml @@ -2434,6 +2434,13 @@ spec: - name type: object type: array + internalMountPropagation: + description: MountPropagation option for internal mounts + enum: + - None + - HostToContainer + - Bidirectional + type: string labels: additionalProperties: type: string diff --git a/docs/fluentbit.md b/docs/fluentbit.md index 77addfd31..5b77cd5fa 100644 --- a/docs/fluentbit.md +++ b/docs/fluentbit.md @@ -369,6 +369,7 @@ FluentBitSpec defines the desired state of FluentBit | command | Fluent Bit Watcher command. | []string | | imagePullPolicy | Fluent Bit image pull policy. | corev1.PullPolicy | | imagePullSecrets | Fluent Bit image pull secret | []corev1.LocalObjectReference | +| internalMountPropagation | MountPropagation option for internal mounts | *corev1.MountPropagationMode | | positionDB | Storage for position db. You will use it if tail input is enabled. | [corev1.VolumeSource](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#volume-v1-core) | | containerLogRealPath | Container log path | string | | resources | Compute Resources required by container. | corev1.ResourceRequirements | diff --git a/manifests/setup/fluent-operator-crd.yaml b/manifests/setup/fluent-operator-crd.yaml index 552aae100..808ff8860 100644 --- a/manifests/setup/fluent-operator-crd.yaml +++ b/manifests/setup/fluent-operator-crd.yaml @@ -13996,6 +13996,13 @@ spec: - name type: object type: array + internalMountPropagation: + description: MountPropagation option for internal mounts + enum: + - None + - HostToContainer + - Bidirectional + type: string labels: additionalProperties: type: string diff --git a/manifests/setup/setup.yaml b/manifests/setup/setup.yaml index 4a2575e6a..25b110164 100644 --- a/manifests/setup/setup.yaml +++ b/manifests/setup/setup.yaml @@ -13996,6 +13996,13 @@ spec: - name type: object type: array + internalMountPropagation: + description: MountPropagation option for internal mounts + enum: + - None + - HostToContainer + - Bidirectional + type: string labels: additionalProperties: type: string diff --git a/pkg/operator/daemonset.go b/pkg/operator/daemonset.go index 4d9eb75e8..f19161655 100644 --- a/pkg/operator/daemonset.go +++ b/pkg/operator/daemonset.go @@ -25,6 +25,11 @@ func MakeDaemonSet(fb fluentbitv1alpha2.FluentBit, logPath string) *appsv1.Daemo metricsPort = 2020 } + internalMountPropagation := corev1.MountPropagationNone + if fb.Spec.InternalMountPropagation != nil { + internalMountPropagation = *fb.Spec.InternalMountPropagation + } + ds := appsv1.DaemonSet{ ObjectMeta: metav1.ObjectMeta{ Name: fb.Name, @@ -115,9 +120,10 @@ func MakeDaemonSet(fb fluentbitv1alpha2.FluentBit, logPath string) *appsv1.Daemo }, VolumeMounts: []corev1.VolumeMount{ { - Name: "varlibcontainers", - ReadOnly: true, - MountPath: logPath, + Name: "varlibcontainers", + ReadOnly: true, + MountPath: logPath, + MountPropagation: &internalMountPropagation, }, { Name: "config", @@ -125,14 +131,16 @@ func MakeDaemonSet(fb fluentbitv1alpha2.FluentBit, logPath string) *appsv1.Daemo MountPath: "/fluent-bit/config", }, { - Name: "varlogs", - ReadOnly: true, - MountPath: "/var/log/", + Name: "varlogs", + ReadOnly: true, + MountPath: "/var/log/", + MountPropagation: &internalMountPropagation, }, { - Name: "systemd", - ReadOnly: true, - MountPath: "/var/log/journal", + Name: "systemd", + ReadOnly: true, + MountPath: "/var/log/journal", + MountPropagation: &internalMountPropagation, }, }, Resources: fb.Spec.Resources,