Allow infrastructure and audit log cutomization. (#38)

appuio · Apr 19, 2022 · 1f643b0 · 1f643b0
1 parent d133ff7
commit 1f643b0
Show file tree

Hide file tree

Showing 3 changed files with 96 additions and 5 deletions.
diff --git a/class/defaults.yml b/class/defaults.yml
@@ -52,6 +52,10 @@ parameters:
       forwarders: {}
       namespace_groups: {}
       application_logs: {}
+      audit_logs:
+        enabled: false
+      infrastructure_logs:
+        enabled: true
       json:
         enabled: false
         typekey: 'kubernetes.labels.logFormat'

diff --git a/component/main.jsonnet b/component/main.jsonnet
@@ -105,11 +105,6 @@ local namespace_groups = (
       local enable_json = com.getValueOrDefault(params.clusterLogForwarding.application_logs, 'json', false);
       {
         pipelines: [
-          {
-            name: 'infrastructure-logs',
-            inputRefs: [ 'infrastructure' ],
-            outputRefs: [ 'default' ],
-          },
           {
             name: 'application-logs',
             inputRefs: [ 'application' ],
@@ -118,6 +113,29 @@ local namespace_groups = (
           },
         ],
       }
+    ) + com.makeMergeable(
+      local enable_json = com.getValueOrDefault(params.clusterLogForwarding.infrastructure_logs, 'json', false);
+      {
+        [if params.clusterLogForwarding.infrastructure_logs.enabled then 'pipelines']: [
+          {
+            name: 'infrastructure-logs',
+            inputRefs: [ 'infrastructure' ],
+            outputRefs: com.getValueOrDefault(params.clusterLogForwarding.infrastructure_logs, 'forwarders', []) + [ 'default' ],
+            [if enable_json then 'parse']: 'json',
+          },
+        ],
+      }
+    ) + com.makeMergeable(
+      local enable_json = com.getValueOrDefault(params.clusterLogForwarding.audit_logs, 'json', false);
+      {
+        [if params.clusterLogForwarding.audit_logs.enabled then 'pipelines']: [
+          {
+            name: 'audit-logs',
+            inputRefs: [ 'audit' ],
+            outputRefs: com.getValueOrDefault(params.clusterLogForwarding.audit_logs, 'forwarders', []) + [ 'default' ],
+          },
+        ],
+      }
     ),
   },
   '40_journald_configs': [ kube._Object('machineconfiguration.openshift.io/v1', 'MachineConfig', '40-' + role + '-journald') {

diff --git a/docs/modules/ROOT/pages/references/parameters.adoc b/docs/modules/ROOT/pages/references/parameters.adoc
@@ -173,6 +173,7 @@ For some log aggregation systems you may need to deploy a separate log forwarder
 Enable json parsing for a 'namespace_group' only makes sense if the logs are forwarded to the clusters default elasticsearch instance. Therefor 'default' will automatically be added to the forwarders.
 
 [source,yaml]
+----
 clusterLogForwarding:
   namespace_groups:
     my-group: <1>
@@ -201,6 +202,7 @@ Enabling forwarders will send the logs of all namespaces to a third-party log ag
 For some log aggregation systems you may need to deploy a separate log forwarder.
 
 [source,yaml]
+----
 clusterLogForwarding:
   application_logs:
     forwarders: <1>
@@ -211,6 +213,73 @@ clusterLogForwarding:
 <1> List of forwarders (defined in `clusterLogForwarding.forwarders`).
 <2> Enable json logging for all applications.
 
+
+=== `clusterLogForwarding.infrastructure_logs`
+
+[horizontal]
+type:: dictionary
+default::
++
+[source,yaml]
+----
+clusterLogForwarding:
+  infrastructure_logs:
+    enabled: true
+----
+
+Customization for the logging of `openshift*`, `kube*`, or `default` projects.
+
+Enabled by default.
+
+Enabling forwarders will send the logs of all namespaces to a third-party log aggregator.
+For some log aggregation systems you may need to deploy a separate log forwarder.
+
+[source,yaml]
+----
+clusterLogForwarding:
+  infrastructure_logs:
+    forwarders: <1>
+      - splunk-forwarder
+    json: true <2>
+----
+
+<1> List of forwarders (defined in `clusterLogForwarding.forwarders`).
+<2> Enable json logging for all applications.
+
+
+=== `clusterLogForwarding.audit_logs`
+
+[horizontal]
+type:: dictionary
+default::
++
+[source,yaml]
+----
+clusterLogForwarding:
+  audit_logs:
+    enabled: false
+----
+
+Customization for the logging of https://docs.openshift.com/container-platform/latest/security/audit-log-policy-config.html[audit logs].
+
+Disabled by default.
+
+Enabling forwarders will send the logs of all namespaces to a third-party log aggregator.
+For some log aggregation systems you may need to deploy a separate log forwarder.
+
+[source,yaml]
+----
+clusterLogForwarding:
+  audit_logs:
+    forwarders: <1>
+      - splunk-forwarder
+    json: true <2>
+----
+
+<1> List of forwarders (defined in `clusterLogForwarding.forwarders`).
+<2> Enable json logging for all applications.
+
+
 === `clusterLogForwarding.json`
 
 [horizontal]