apiVersion: fluentbit.fluent.io/v1alpha2
kind: FluentBit
metadata:
  name: fluent-bit
  labels:
    app.kubernetes.io/name: fluent-bit
spec:
  labels:
    app.kubernetes.io/component: logs
  dnsPolicy: ClusterFirstWithHostNet
  hostNetwork: true
  priorityClassName: edge-p4-operability-services
  volumes:
  - name: edge-info
    configMap:
      name: edge-info
      optional: true
  - name: edge-siem
    configMap:
      name: edge-siem
      optional: true
  - name: log-levels
    configMap:
      name: log-levels
      optional: true
  - name: mnt
    hostPath:
      path: /mnt
  - name: varlog
    hostPath:
      path: /var/log
  - name: workload-siem
    configMap:
      name: workload-siem
      optional: true
  tolerations:
  - effect: NoSchedule
    key: node-role.kubernetes.io/master
    operator: Exists
  image: bzl://third_party/o11y:fluent_bit_container_push
  resources:
    limits:
      cpu: "750m"
      memory: 200Mi
    requests:
      cpu: 50m
      memory: 100Mi
  livenessProbe:
    httpGet:
      port: 32020
      path: /
  readinessProbe:
    httpGet:
      port: 32020
      path: /api/v1/health
  fluentBitConfigName: fluent-bit-config
  metricsPort: 32020
  positionDB:
    hostPath:
      path: /var/log/
  # RBAC Rules that are needed to allow fluent bit to use Kubelet
  rbacRules:
  - resources:
    - namespaces
    - pods
    - pods/log
    - services
    - nodes
    - nodes/proxy
    apiGroups:
    - ''
    verbs:
    - get
    - list
    - watch
  volumesMounts:
  - name: edge-info
    readOnly: true
    mountPath: /var/configs/edge-info
  - name: edge-siem
    readOnly: true
    mountPath: /var/configs/edge-siem
  - name: log-levels
    readOnly: true
    mountPath: /var/configs/log-levels
  - name: mnt
    readOnly: true
    mountPath: /mnt
  - name: varlog
    mountPath: /var/log
  - name: workload-siem
    readOnly: true
    mountPath: /var/configs/workload-siem