Parameters

The parent key for all of the following parameters is openshift4_s3_forwarder.

fluentd

type

dictionary
default 
fluentd:
    loglevel: info
    replicas: 2
    sharedkey: '?{vaultkv:${cluster:tenant}/${cluster:name}/openshift4-s3-forwarder/${_instance}/fluentd/sharedkey}'
    ssl:
      enabled: false
      cert: ""
      key: '?{vaultkv:${cluster:tenant}/${cluster:name}/openshift4-s3-forwarder/${_instance}/fluentd/privatekey}'
      passphrase: '?{vaultkv:${cluster:tenant}/${cluster:name}/openshift4-s3-forwarder/${_instance}/fluentd/privatekey-passphrase}'

Fluentd pod parameters.

loglevel

type

string
default

"info"

Log level of the s3-forwarder pod (docs.fluentd.org/deployment/logging).

replicas

type

integer
default

1

Number of replicas of the s3-forwarder pod.

sharedkey

type

string
default

Vault reference

A Vault reference pointing to the Vault secret containing the shared key for authentication (see docs.fluentd.org/input/forward).

# Adjust to your environment
instance=#INSTANCE_NAME
key="clusters/kv/${TENANT_ID}/${CLUSTER_ID}/openshift4-s3-forwarder/${instance}/fluentd"

# Query for existing secrets first
vault kv get "${key}"

# If there are existing secrets, add your instance secrets:
vault kv patch "${key}" sharedkey=$(pwgen -s 32 1)

# If there is no pre-existing secret, create new:
vault kv put "${key}" sharedkey=$(pwgen -s 32 1)

ssl.enabled

type

boolean
default

false

Enable fluentd SSL encryption.

ssl.cert

type

string
default

""

The SSL certificate as a string.

See Create Fluentd Cert to generate the Fluentd certificate.

ssl.key

type

string
default

Vault reference

A Vault reference to the SSL private key.

See Create Fluentd Certificate to generate the Fluentd certificate.

s3

type

dictionary
default 
s3:
  bucket: ""
  endpoint: ""
  interval: 5m
  access_key: #VAULT_SECRET
  secret_key: #VAULT_SECRET

Parameters for s3 integration.

endpoint

type

string
default

""

The endpoint of the S3 bucket.

bucket

type

string
default

Vault reference

The bucket name to flush logs to.

path

type

string
default

'%Y-%m-%d'

The path to save the logs within the bucket.

interval

type

integer
default

"5m"

By default the S3 forwarder flushes to S3 in 5m intervals.

access_key

type

boolean
default

Vault reference

A Vault reference pointing to the Vault secret containing the s3 access key.

See Upload S3 Secrets to upload the access key.

secret_key

type

string
default

Vault reference

A Vault reference pointing to the Vault secret containing the s3 secret key.

See Upload S3 Secrets to upload the secret key.

Example

applications:
  - openshift4-s3-forwarder as s3-forwarder-customer-a

parameters:
  s3_forwarder_customer_a:
    fluentd:
      ssl:
        enabled: true
        cert: |-
          -----BEGIN CERTIFICATE-----
          ...
          -----END CERTIFICATE-----

    s3:
      hostname: prd-3948237.s3.com
      port: 8088
      protocol: https