Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
2d6ceb67
Commit
2d6ceb67
authored
Apr 22, 2020
by
Zamir Martins Filho
Committed by
Robert Speicher
Apr 22, 2020
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Update Fluentd model to support multiple logs
In addition to WAF, Cilium logs have been added name: varlog
parent
f0cfb07c
Changes
10
Hide whitespace changes
Inline
Side-by-side
Showing
10 changed files
with
89 additions
and
15 deletions
+89
-15
app/controllers/clusters/applications_controller.rb
app/controllers/clusters/applications_controller.rb
+1
-1
app/models/clusters/applications/fluentd.rb
app/models/clusters/applications/fluentd.rb
+18
-2
app/serializers/cluster_application_entity.rb
app/serializers/cluster_application_entity.rb
+2
-0
app/services/clusters/applications/base_service.rb
app/services/clusters/applications/base_service.rb
+9
-11
changelogs/unreleased/update_fluentd_model_to_include_log_flags.yml
.../unreleased/update_fluentd_model_to_include_log_flags.yml
+5
-0
locale/gitlab.pot
locale/gitlab.pot
+3
-0
spec/factories/clusters/applications/helm.rb
spec/factories/clusters/applications/helm.rb
+2
-0
spec/fixtures/api/schemas/cluster_status.json
spec/fixtures/api/schemas/cluster_status.json
+2
-0
spec/models/clusters/applications/fluentd_spec.rb
spec/models/clusters/applications/fluentd_spec.rb
+35
-1
spec/serializers/cluster_application_entity_spec.rb
spec/serializers/cluster_application_entity_spec.rb
+12
-0
No files found.
app/controllers/clusters/applications_controller.rb
View file @
2d6ceb67
...
@@ -47,7 +47,7 @@ class Clusters::ApplicationsController < Clusters::BaseController
...
@@ -47,7 +47,7 @@ class Clusters::ApplicationsController < Clusters::BaseController
end
end
def
cluster_application_params
def
cluster_application_params
params
.
permit
(
:application
,
:hostname
,
:pages_domain_id
,
:email
,
:stack
,
:modsecurity_enabled
,
:modsecurity_mode
,
:host
,
:port
,
:protocol
)
params
.
permit
(
:application
,
:hostname
,
:pages_domain_id
,
:email
,
:stack
,
:modsecurity_enabled
,
:modsecurity_mode
,
:host
,
:port
,
:protocol
,
:waf_log_enabled
,
:cilium_log_enabled
)
end
end
def
cluster_application_destroy_params
def
cluster_application_destroy_params
...
...
app/models/clusters/applications/fluentd.rb
View file @
2d6ceb67
...
@@ -4,6 +4,7 @@ module Clusters
...
@@ -4,6 +4,7 @@ module Clusters
module
Applications
module
Applications
class
Fluentd
<
ApplicationRecord
class
Fluentd
<
ApplicationRecord
VERSION
=
'2.4.0'
VERSION
=
'2.4.0'
CILIUM_CONTAINER_NAME
=
'cilium-monitor'
self
.
table_name
=
'clusters_applications_fluentd'
self
.
table_name
=
'clusters_applications_fluentd'
...
@@ -18,6 +19,8 @@ module Clusters
...
@@ -18,6 +19,8 @@ module Clusters
enum
protocol:
{
tcp:
0
,
udp:
1
}
enum
protocol:
{
tcp:
0
,
udp:
1
}
validate
:has_at_least_one_log_enabled?
def
chart
def
chart
'stable/fluentd'
'stable/fluentd'
end
end
...
@@ -39,6 +42,12 @@ module Clusters
...
@@ -39,6 +42,12 @@ module Clusters
private
private
def
has_at_least_one_log_enabled?
if
!
waf_log_enabled
&&
!
cilium_log_enabled
errors
.
add
(
:base
,
_
(
"At least one logging option is required to be enabled"
))
end
end
def
content_values
def
content_values
YAML
.
load_file
(
chart_values_file
).
deep_merge!
(
specification
)
YAML
.
load_file
(
chart_values_file
).
deep_merge!
(
specification
)
end
end
...
@@ -62,7 +71,7 @@ module Clusters
...
@@ -62,7 +71,7 @@ module Clusters
program fluentd
program fluentd
hostname ${kubernetes_host}
hostname ${kubernetes_host}
protocol
#{
protocol
}
protocol
#{
protocol
}
packet_size
65535
packet_size
131072
<buffer kubernetes_host>
<buffer kubernetes_host>
</buffer>
</buffer>
<format>
<format>
...
@@ -85,7 +94,7 @@ module Clusters
...
@@ -85,7 +94,7 @@ module Clusters
<source>
<source>
@type tail
@type tail
@id in_tail_container_logs
@id in_tail_container_logs
path
/var/log/containers/*
#{
Ingress
::
MODSECURITY_LOG_CONTAINER_NAME
}
*.log
path
#{
path_to_logs
}
pos_file /var/log/fluentd-containers.log.pos
pos_file /var/log/fluentd-containers.log.pos
tag kubernetes.*
tag kubernetes.*
read_from_head true
read_from_head true
...
@@ -96,6 +105,13 @@ module Clusters
...
@@ -96,6 +105,13 @@ module Clusters
</source>
</source>
EOF
EOF
end
end
def
path_to_logs
path
=
[]
path
<<
"/var/log/containers/*
#{
Ingress
::
MODSECURITY_LOG_CONTAINER_NAME
}
*.log"
if
waf_log_enabled
path
<<
"/var/log/containers/*
#{
CILIUM_CONTAINER_NAME
}
*.log"
if
cilium_log_enabled
path
.
join
(
','
)
end
end
end
end
end
end
end
app/serializers/cluster_application_entity.rb
View file @
2d6ceb67
...
@@ -19,4 +19,6 @@ class ClusterApplicationEntity < Grape::Entity
...
@@ -19,4 +19,6 @@ class ClusterApplicationEntity < Grape::Entity
expose
:host
,
if:
->
(
e
,
_
)
{
e
.
respond_to?
(
:host
)
}
expose
:host
,
if:
->
(
e
,
_
)
{
e
.
respond_to?
(
:host
)
}
expose
:port
,
if:
->
(
e
,
_
)
{
e
.
respond_to?
(
:port
)
}
expose
:port
,
if:
->
(
e
,
_
)
{
e
.
respond_to?
(
:port
)
}
expose
:protocol
,
if:
->
(
e
,
_
)
{
e
.
respond_to?
(
:protocol
)
}
expose
:protocol
,
if:
->
(
e
,
_
)
{
e
.
respond_to?
(
:protocol
)
}
expose
:waf_log_enabled
,
if:
->
(
e
,
_
)
{
e
.
respond_to?
(
:waf_log_enabled
)
}
expose
:cilium_log_enabled
,
if:
->
(
e
,
_
)
{
e
.
respond_to?
(
:cilium_log_enabled
)
}
end
end
app/services/clusters/applications/base_service.rb
View file @
2d6ceb67
...
@@ -5,6 +5,8 @@ module Clusters
...
@@ -5,6 +5,8 @@ module Clusters
class
BaseService
class
BaseService
InvalidApplicationError
=
Class
.
new
(
StandardError
)
InvalidApplicationError
=
Class
.
new
(
StandardError
)
FLUENTD_KNOWN_ATTRS
=
%i[host protocol port waf_log_enabled cilium_log_enabled]
.
freeze
attr_reader
:cluster
,
:current_user
,
:params
attr_reader
:cluster
,
:current_user
,
:params
def
initialize
(
cluster
,
user
,
params
=
{})
def
initialize
(
cluster
,
user
,
params
=
{})
...
@@ -35,17 +37,7 @@ module Clusters
...
@@ -35,17 +37,7 @@ module Clusters
application
.
modsecurity_mode
=
params
[
:modsecurity_mode
]
||
0
application
.
modsecurity_mode
=
params
[
:modsecurity_mode
]
||
0
end
end
if
application
.
has_attribute?
(
:host
)
apply_fluentd_related_attributes
(
application
)
application
.
host
=
params
[
:host
]
end
if
application
.
has_attribute?
(
:protocol
)
application
.
protocol
=
params
[
:protocol
]
end
if
application
.
has_attribute?
(
:port
)
application
.
port
=
params
[
:port
]
end
if
application
.
respond_to?
(
:oauth_application
)
if
application
.
respond_to?
(
:oauth_application
)
application
.
oauth_application
=
create_oauth_application
(
application
,
request
)
application
.
oauth_application
=
create_oauth_application
(
application
,
request
)
...
@@ -111,6 +103,12 @@ module Clusters
...
@@ -111,6 +103,12 @@ module Clusters
::
Applications
::
CreateService
.
new
(
current_user
,
oauth_application_params
).
execute
(
request
)
::
Applications
::
CreateService
.
new
(
current_user
,
oauth_application_params
).
execute
(
request
)
end
end
def
apply_fluentd_related_attributes
(
application
)
FLUENTD_KNOWN_ATTRS
.
each
do
|
attr
|
application
[
attr
]
=
params
[
attr
]
if
application
.
has_attribute?
(
attr
)
end
end
end
end
end
end
end
end
changelogs/unreleased/update_fluentd_model_to_include_log_flags.yml
0 → 100644
View file @
2d6ceb67
---
title
:
Update Fluentd model to support multiple logs
merge_request
:
29458
author
:
type
:
changed
locale/gitlab.pot
View file @
2d6ceb67
...
@@ -2632,6 +2632,9 @@ msgstr ""
...
@@ -2632,6 +2632,9 @@ msgstr ""
msgid "At least one approval from a code owner is required to change files matching the respective CODEOWNER rules."
msgid "At least one approval from a code owner is required to change files matching the respective CODEOWNER rules."
msgstr ""
msgstr ""
msgid "At least one logging option is required to be enabled"
msgstr ""
msgid "At least one of group_id or project_id must be specified"
msgid "At least one of group_id or project_id must be specified"
msgstr ""
msgstr ""
...
...
spec/factories/clusters/applications/helm.rb
View file @
2d6ceb67
...
@@ -142,6 +142,8 @@ FactoryBot.define do
...
@@ -142,6 +142,8 @@ FactoryBot.define do
factory
:clusters_applications_fluentd
,
class:
'Clusters::Applications::Fluentd'
do
factory
:clusters_applications_fluentd
,
class:
'Clusters::Applications::Fluentd'
do
host
{
'example.com'
}
host
{
'example.com'
}
waf_log_enabled
{
true
}
cilium_log_enabled
{
true
}
cluster
factory:
%i(cluster with_installed_helm provided_by_gcp)
cluster
factory:
%i(cluster with_installed_helm provided_by_gcp)
trait
:no_helm_installed
do
trait
:no_helm_installed
do
...
...
spec/fixtures/api/schemas/cluster_status.json
View file @
2d6ceb67
...
@@ -42,6 +42,8 @@
...
@@ -42,6 +42,8 @@
"host"
:
{
"type"
:
[
"string"
,
"null"
]},
"host"
:
{
"type"
:
[
"string"
,
"null"
]},
"port"
:
{
"type"
:
[
"integer"
,
"514"
]},
"port"
:
{
"type"
:
[
"integer"
,
"514"
]},
"protocol"
:
{
"type"
:
[
"integer"
,
"0"
]},
"protocol"
:
{
"type"
:
[
"integer"
,
"0"
]},
"waf_log_enabled"
:
{
"type"
:
[
"boolean"
,
"true"
]},
"cilium_log_enabled"
:
{
"type"
:
[
"boolean"
,
"true"
]},
"update_available"
:
{
"type"
:
[
"boolean"
,
"null"
]
},
"update_available"
:
{
"type"
:
[
"boolean"
,
"null"
]
},
"can_uninstall"
:
{
"type"
:
"boolean"
},
"can_uninstall"
:
{
"type"
:
"boolean"
},
"available_domains"
:
{
"available_domains"
:
{
...
...
spec/models/clusters/applications/fluentd_spec.rb
View file @
2d6ceb67
...
@@ -3,7 +3,9 @@
...
@@ -3,7 +3,9 @@
require
'spec_helper'
require
'spec_helper'
describe
Clusters
::
Applications
::
Fluentd
do
describe
Clusters
::
Applications
::
Fluentd
do
let
(
:fluentd
)
{
create
(
:clusters_applications_fluentd
)
}
let
(
:waf_log_enabled
)
{
true
}
let
(
:cilium_log_enabled
)
{
true
}
let
(
:fluentd
)
{
create
(
:clusters_applications_fluentd
,
waf_log_enabled:
waf_log_enabled
,
cilium_log_enabled:
cilium_log_enabled
)
}
include_examples
'cluster application core specs'
,
:clusters_applications_fluentd
include_examples
'cluster application core specs'
,
:clusters_applications_fluentd
include_examples
'cluster application status specs'
,
:clusters_applications_fluentd
include_examples
'cluster application status specs'
,
:clusters_applications_fluentd
...
@@ -47,4 +49,36 @@ describe Clusters::Applications::Fluentd do
...
@@ -47,4 +49,36 @@ describe Clusters::Applications::Fluentd do
expect
(
values
).
to
include
(
'output.conf'
,
'general.conf'
)
expect
(
values
).
to
include
(
'output.conf'
,
'general.conf'
)
end
end
end
end
describe
'#values'
do
let
(
:modsecurity_log_path
)
{
"/var/log/containers/*
#{
Clusters
::
Applications
::
Ingress
::
MODSECURITY_LOG_CONTAINER_NAME
}
*.log"
}
let
(
:cilium_log_path
)
{
"/var/log/containers/*
#{
described_class
::
CILIUM_CONTAINER_NAME
}
*.log"
}
subject
{
fluentd
.
values
}
context
'with both logs variables set to false'
do
let
(
:waf_log_enabled
)
{
false
}
let
(
:cilium_log_enabled
)
{
false
}
it
"raises ActiveRecord::RecordInvalid"
do
expect
{
subject
}.
to
raise_error
(
ActiveRecord
::
RecordInvalid
)
end
end
context
'with both logs variables set to true'
do
it
{
is_expected
.
to
include
(
"
#{
modsecurity_log_path
}
,
#{
cilium_log_path
}
"
)
}
end
context
'with waf_log_enabled set to true'
do
let
(
:cilium_log_enabled
)
{
false
}
it
{
is_expected
.
to
include
(
modsecurity_log_path
)
}
end
context
'with cilium_log_enabled set to true'
do
let
(
:waf_log_enabled
)
{
false
}
it
{
is_expected
.
to
include
(
cilium_log_path
)
}
end
end
end
end
spec/serializers/cluster_application_entity_spec.rb
View file @
2d6ceb67
...
@@ -77,5 +77,17 @@ describe ClusterApplicationEntity do
...
@@ -77,5 +77,17 @@ describe ClusterApplicationEntity do
expect
(
subject
[
:pages_domain
]).
to
eq
(
id:
pages_domain
.
id
,
domain:
pages_domain
.
domain
)
expect
(
subject
[
:pages_domain
]).
to
eq
(
id:
pages_domain
.
id
,
domain:
pages_domain
.
domain
)
end
end
end
end
context
'for fluentd application'
do
let
(
:application
)
{
build
(
:clusters_applications_fluentd
,
:installed
)
}
it
'includes host, port, protocol and log fields'
do
expect
(
subject
[
:port
]).
to
eq
(
514
)
expect
(
subject
[
:host
]).
to
eq
(
"example.com"
)
expect
(
subject
[
:protocol
]).
to
eq
(
"tcp"
)
expect
(
subject
[
:waf_log_enabled
]).
to
be
true
expect
(
subject
[
:cilium_log_enabled
]).
to
be
true
end
end
end
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment