apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: fluentd
  namespace: monitoring
  labels:
    k8s-app: fluentd-logzio
    version: v1
spec:
  selector:
    matchLabels:
      k8s-app: fluentd-logzio
  template:
    metadata:
      labels:
        k8s-app: fluentd-logzio
        version: v1
    spec:
      serviceAccount: fluentd
      serviceAccountName: fluentd
      tolerations:
      - key: node-role.kubernetes.io/master
        effect: NoSchedule
      # Because the image's entrypoint requires to write on /fluentd/etc but we mount configmap there which is read-only,
      # this initContainers workaround or other is needed.
      # See https://github.com/fluent/fluentd-kubernetes-daemonset/issues/90
      initContainers:
        - name: copy-fluentd-config
          image: busybox
          command: ['sh', '-c', 'cp /config-volume/..data/* /fluentd/etc']
          volumeMounts:
            - name: config-volume
              mountPath: /config-volume
            - name: fluentdconf
              mountPath: /fluentd/etc
      containers:
      - name: fluentd
        image: logzio/logzio-openshift:0.0.1
        securityContext:
          privileged: true
        env:
        - name: LOGZIO_LOG_SHIPPING_TOKEN
          valueFrom:
            secretKeyRef:
              name: logzio-logs-secret
              key: logzio-log-shipping-token
        - name: LOGZIO_LOG_LISTENER
          valueFrom:
            secretKeyRef:
              name: logzio-logs-secret
              key: logzio-log-listener
        - name: FLUENTD_SYSTEMD_CONF
          value: "disable"
        - name: FLUENTD_PROMETHEUS_CONF
          value: "disable"
        resources:
          limits:
            memory: 200Mi
          requests:
            cpu: 100m
            memory: 200Mi
        volumeMounts:
        - name: varlog
          mountPath: /var/log
        - name: varlibdockercontainers
          mountPath: /var/lib/docker/containers
          readOnly: true
        - name: config-volume
          mountPath: /config-volume
        - name: fluentdconf
          mountPath: /fluentd/etc
      terminationGracePeriodSeconds: 30
      volumes:
      - name: varlog
        hostPath:
          path: /var/log
      - name: varlibdockercontainers
        hostPath:
          path: /var/lib/docker/containers
      - name: config-volume
        configMap:
          name: fluentd-config
      - name: fluentdconf
        emptyDir: {}
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: fluentd
  namespace: monitoring
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: fluentd
rules:
  - verbs:
      - get
      - list
      - watch
    apiGroups:
      - ''
    resources:
      - pods
      - namespaces
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: fluentd
subjects:
  - kind: ServiceAccount
    name: fluentd
    namespace: monitoring
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: fluentd
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: fluentd-config
  namespace: monitoring
  labels:
    k8s-app: fluentd-logzio
data:
  fluent.conf: |
    @include "#{ENV['FLUENTD_SYSTEMD_CONF'] || 'systemd'}.conf"
    @include "#{ENV['FLUENTD_PROMETHEUS_CONF'] || 'prometheus'}.conf"
    @include kubernetes.conf
    @include system.conf
    @include conf.d/*.conf

    <match "#{ENV['INCLUDE_NAMESPACE'] || '**'}">
      @type logzio_buffered
      @id out_logzio
      endpoint_url "#{ENV['LOGZIO_LOG_LISTENER']}?token=#{ENV['LOGZIO_LOG_SHIPPING_TOKEN']}"
      output_include_time true
      output_include_tags true
      <buffer>
        # Set the buffer type to file to improve the reliability and reduce the memory consumption
        @type "#{ENV['LOGZIO_BUFFER_TYPE']}"
        path "#{ENV['LOGZIO_BUFFER_PATH']}"
        # Set queue_full action to block because we want to pause gracefully
        # in case of the off-the-limits load instead of throwing an exception
        overflow_action "#{ENV['LOGZIO_OVERFLOW_ACTION']}"
        # Set the chunk limit conservatively to avoid exceeding the GCL limit
        # of 10MiB per write request.
        chunk_limit_size "#{ENV['LOGZIO_CHUNK_LIMIT_SIZE']}"
        # Cap the combined memory usage of this buffer and the one below to
        # 2MiB/chunk * (6 + 2) chunks = 16 MiB
        queue_limit_length "#{ENV['LOGZIO_QUEUE_LIMIT_LENGTH']}"
        # Never wait more than 5 seconds before flushing logs in the non-error case.
        flush_interval "#{ENV['LOGZIO_FLUSH_INTERVAL']}"
        # Never wait longer than 30 seconds between retries.
        retry_max_interval "#{ENV['LOGZIO_RETRY_MAX_INTERVAL']}"
        # Disable the limit on the number of retries (retry forever).
        retry_forever "#{ENV['LOGZIO_RETRY_FOREVER']}"
        # Use multiple threads for processing.
        flush_thread_count "#{ENV['LOGZIO_FLUSH_THREAD_COUNT']}"
      </buffer>
    </match>
  kubernetes.conf: |
    <label @FLUENT_LOG>
      <match fluent.*>
        @type null
      </match>
    </label>

    # container logs

    <source>
      @type tail
      @id in_tail_container_logs
      path "/var/log/containers/*.log"
      pos_file "/var/lib/fluentd/pos/containers.log.pos"
      exclude_path ["/var/log/containers/fluentd*.log", "/var/log/containers/*openshift*.log"]
      refresh_interval 5
      rotate_wait 5
      tag logzio.kubernetes.*
      read_from_head "true"
      <parse>
        @type multi_format
        <pattern>
          format json
          time_format '%Y-%m-%dT%H:%M:%S.%N%Z'
          keep_time_key true
        </pattern>
        <pattern>
          format regexp
          expression /^(?<time>[^\s]+) (?<stream>stdout|stderr)( (?<logtag>.))? (?<log>.*)$/
          time_format '%Y-%m-%dT%H:%M:%S.%N%:z'
          keep_time_key true
        </pattern>
      </parse>
    </source>

    # The following section is for audit logs. You can uncomment it if you wish to send audit logs.
    # Please note that the cluster produces a massive amount of audit logs, which can increase dramatically your log volume.
    # # k8s audit logs

    # <source>
    #   @type tail
    #   @id in_tail_k8s_audit
    #   path "/var/log/kube-apiserver/audit.log"
    #   pos_file "/var/lib/fluentd/pos/kube-apiserver.audit.log.pos"
    #   tag logzio.k8s-audit
    #   <parse>
    #     @type json
    #   </parse>
    # </source>

    # # Openshift audit logs

    # <source>
    #   @type tail
    #   @id in_tail_openshift_audit
    #   path /var/log/oauth-apiserver/audit.log,/var/log/openshift-apiserver/audit.log
    #   pos_file /var/lib/fluentd/pos/oauth-apiserver.audit.log
    #   tag logzio.openshift-audit
    #   <parse>
    #     @type json
    #   </parse>
    # </source>

    # # Openshift Virtual Network (OVN) audit logs

    # <source>
    #   @type tail
    #   @id in_tail_ovn_audit
    #   path "/var/log/ovn/acl-audit-log.log"
    #   pos_file "/var/lib/fluentd/pos/acl-audit-log.pos"
    #   tag logzio.ovn-audit
    #   refresh_interval 5
    #   rotate_wait 5
    #   read_from_head true
    #   <parse>
    #     @type none
    #   </parse>
    # </source>

    # # linux audit logs

    # <source>
    #   @type tail
    #   @id in_linux_audit
    #   path "/var/log/audit/audit.log"
    #   pos_file "/var/lib/fluentd/pos/audit.log.pos"
    #   tag logzio.linux-audit
    #   <parse>
    #     @type none
    #   </parse>
    # </source>

    # # This handles linux audit logs
    # <filter logzio.linux-audit>
    #   @type parse_audit_log
    #   key message
    #   flatten false
    # </filter>


    # This handles multiline exceptions automatically: https://github.com/GoogleCloudPlatform/fluent-plugin-detect-exceptions
    <match logzio.**>
      @type detect_exceptions
      remove_tag_prefix logzio
      message log
      languages all
      multiline_flush_interval 0.1
    </match>

    # This adds type to the log && change key log to message
    <filter **>
      @type record_modifier
      <record>
        type openshift
        message ${record["log"]}
      </record>
      remove_keys log
    </filter>

    <filter kubernetes.**>
      @type kubernetes_metadata
      @id filter_kube_metadata
      kubernetes_url "#{ENV['FLUENT_FILTER_KUBERNETES_URL'] || 'https://' + ENV.fetch('KUBERNETES_SERVICE_HOST') + ':' + ENV.fetch('KUBERNETES_SERVICE_PORT') + '/api'}"
      verify_ssl "#{ENV['KUBERNETES_VERIFY_SSL'] || true}"
    </filter>

  system.conf: |
    <system>
      log_level "#{ENV['LOGZIO_LOG_LEVEL']}"
    </system>

  systemd.conf: |
    # Logs from systemd-journal for interesting services.
    <source>
      @type systemd
      @id in_systemd_kubelet
      filters [{ "_SYSTEMD_UNIT": "kubelet.service" }]
      <storage>
        @type local
        persistent true
        path /var/log/fluentd-journald-kubelet-cursor.json
      </storage>
      read_from_head true
      tag kubelet
    </source>

    # Logs from docker-systemd
    <source>
      @type systemd
      @id in_systemd_docker
      filters [{ "_SYSTEMD_UNIT": "docker.service" }]
      <storage>
        @type local
        persistent true
        path /var/log/fluentd-journald-docker-cursor.json
      </storage>
      read_from_head true
      tag docker.systemd
    </source>

    # Logs from systemd-journal for interesting services.
    <source>
      @type systemd
      @id in_systemd_bootkube
      filters [{ "_SYSTEMD_UNIT": "bootkube.service" }]
      <storage>
        @type local
        persistent true
        path /var/log/fluentd-journald-bootkube-cursor.json
      </storage>
      read_from_head true
      tag bootkube
    </source>