1apiVersion: v1
2kind: ConfigMap
3metadata:
4 name: lua-severity
5 labels:
6 app.kubernetes.io/component: operator
7 app.kubernetes.io/name: fluent-bit-lua-severity
8 namespace: fluent-operator
9 annotations:
10 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
11 pallet.edge.ncr.com/name: fluentbit-restrictions
12 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
13 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
14 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-logging'
15 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
16data:
17 severity.lua: |-
18 local severity_hierarchy = {
19 ["debug"] = 1,
20 ["info"] = 2,
21 ["notice"] = 3,
22 ["warn"] = 4,
23 ["warning"] = 4,
24 ["error"] = 5,
25 ["critical"] = 6,
26 ["alert"] = 7,
27 ["emergency"] = 8,
28 }
29 -- containers that should allow all log levels to be processed
30 local critical_containers = {
31 -- example:
32 -- ["kube-apiserver"] = true,
33 -- ["another-container"] = true,
34 }
35 -- namespaces that should allow all log levels to be processed
36 local critical_namespaces = {
37 -- example:
38 -- ["kube-system"] = true,
39 -- ["another-namespace"] = true,
40 }
41 local function get_allowed_severity(record)
42 local k8s_data = record["kubernetes"]
43 local severity_allowed = {}
44 local min_level = 5 -- allow "error" and above by default
45 if k8s_data then
46 if (k8s_data["container_name"] and critical_containers[k8s_data["container_name"]]) or
47 (k8s_data["namespace_name"] and critical_namespaces[k8s_data["namespace_name"]]) then
48 -- always allow logs from critical containers or anything from critical namepaces
49 return nil
50 end
51 if k8s_data["annotations"] then
52 -- allow logs that contain the value of the "logging.edge.ncr.com/auditkey" annotation as part of their log message
53 -- typically this would be used for containers that need to send INFO level audit logs up to the cloud
54 local audit_key = k8s_data["annotations"]["logging.edge.ncr.com/auditkey"]
55 if audit_key and record[audit_key] then
56 return nil
57 end
58 local log_level = k8s_data["annotations"]["logging.edge.ncr.com/level"]
59 if log_level and severity_hierarchy[log_level] then
60 min_level = severity_hierarchy[log_level]
61 end
62 end
63 end
64 for severity, level in pairs(severity_hierarchy) do
65 if level >= min_level then
66 severity_allowed[severity] = true
67 end
68 end
69 return severity_allowed
70 end
71 --[[
72 - return codes : -1 record must be deleted
73 0 record not modified, keep the original
74 1 record was modified, replace timestamp and record
75 2 record was modified, replace record and keep timestamp
76 ]]
77 function process_logs(tag, timestamp, record)
78 local level = record["severity"]
79 if level == nil or level == '' then
80 level = "info"
81 else
82 level = string.lower(level)
83 end
84 local severity_allowed = get_allowed_severity(record)
85 if severity_allowed == nil or severity_allowed[level] then
86 return 0, timestamp, record
87 else
88 return -1, timestamp, record
89 end
90 end
91---
92apiVersion: fluentbit.fluent.io/v1alpha2
93kind: ClusterFilter
94metadata:
95 name: zzz-k8s-container-restrict
96 labels:
97 fluentbit.fluent.io/enabled: "true"
98 namespace: fluent-operator
99 annotations:
100 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
101 pallet.edge.ncr.com/name: fluentbit-restrictions
102 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
103 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
104 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-logging'
105 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
106spec:
107 filters:
108 - lua:
109 alias: lua-severity
110 call: process_logs
111 script:
112 name: lua-severity
113 key: severity.lua
114 match: "k8s_container.*"
View as plain text